WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

documentation update

This commit is contained in:
Roland Gruber 2004-05-31 14:04:00 +00:00
parent 0589dc8842
commit dc7ffcc5a6
2 changed files with 342 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

285
lam/lib/config.inc
View File

@ -20,15 +20,22 @@ $Id$
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Config supplies access to the configuration data.
*/ */
/**
* This file includes functions to manage the configuration files.
*
* @package configuration
* @author Roland Gruber
*/
/** Used to print messages. */
include_once("status.inc"); include_once("status.inc");
/** Used to get module information. */
include_once("modules.inc"); include_once("modules.inc");
/** /**
* sets language settings for automatic translation * Sets language settings for automatic translation
*/ */
function setlanguage() { function setlanguage() {
if ($_SESSION['language']) { if ($_SESSION['language']) {
@ -43,7 +50,9 @@ function setlanguage() {
} }
/** /**
* returns an array of string with all available configuration profiles (without .conf) * Returns an array of string with all available configuration profiles (without .conf)
*
* @return array profile names
*/ */
function getConfigProfiles() { function getConfigProfiles() {
$dir = dir(substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config"); $dir = dir(substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config");
@ -63,9 +72,9 @@ function getConfigProfiles() {
} }
/** /**
* print meta refresh * Prints a meta refresh page
* *
* @param $page the URL of the target page * @param string $page the URL of the target page
*/ */
function metaRefresh($page) { function metaRefresh($page) {
echo $_SESSION['header']; echo $_SESSION['header'];
@ -84,66 +93,70 @@ function metaRefresh($page) {
/** /**
* This class manages .conf files. * This class manages .conf files.
*
* @package configuration
*/ */
class Config { class Config {
/** server address (e.g. ldap://127.0.0.1:389) */ /** Server address (e.g. ldap://127.0.0.1:389) */
var $ServerURL; var $ServerURL;
/** array of strings: users with admin rights */ /** Array of string: users with admin rights */
var $Admins; var $Admins;
/** string: password to edit preferences */ /** Password to edit preferences */
var $Passwd; var $Passwd;
/** suffix for users */ /** LDAP suffix for users */
var $usersuffix; var $usersuffix;
/** suffix for groups */ /** LDAP suffix for groups */
var $groupsuffix; var $groupsuffix;
/** suffix for Samba hosts */ /** LDAP suffix for Samba hosts */
var $hostsuffix; var $hostsuffix;
/** suffix for domains (Samba 3) */ /** LDAP suffix for Samba 3 domains */
var $domainsuffix; var $domainsuffix;
/** minimum UID number for users */ /** Minimum UID number for users */
var $MinUID; var $MinUID;
/** maximum UID number for users */ /** Maximum UID number for users */
var $MaxUID; var $MaxUID;
/** minimum GID number for groups */ /** Minimum GID number for groups */
var $MinGID; var $MinGID;
/** maximum GID number for groups */ /** Maximum GID number for groups */
var $MaxGID; var $MaxGID;
/** minimum UID number for Samba hosts */ /** Minimum UID number for Samba hosts */
var $MinMachine; var $MinMachine;
/** maximum UID number for Samba hosts */ /** Maximum UID number for Samba hosts */
var $MaxMachine; var $MaxMachine;
/** attributes that are shown in the user list */ /** Attributes that are shown in the user list */
var $userlistAttributes; var $userlistAttributes;
/** attributes that are shown in the group list */ /** Attributes that are shown in the group list */
var $grouplistAttributes; var $grouplistAttributes;
/** attributes that are shown in the host list */ /** Attributes that are shown in the host list */
var $hostlistAttributes; var $hostlistAttributes;
/** maximum number of rows shown in user/group/host lists */ /** Maximum number of rows shown in user/group/host lists */
var $maxlistentries; var $maxlistentries;
/** default language */ /** Default language */
var $defaultLanguage; var $defaultLanguage;
/** /**
* Path to external lamdaemon script on server where it is executed * Path to external lamdaemon script on server where it is executed
* used for managing quota and home directories *
* This is used for managing quota and home directories.
* optional setting, may not be defined * optional setting, may not be defined
*/ */
var $scriptPath; var $scriptPath;
/** /**
* server where lamdaemon script is executed * Server where lamdaemon script is executed
* used for managing quota and home directories *
* This is used for managing quota and home directories.
* optional setting, may not be defined * optional setting, may not be defined
*/ */
var $scriptServer; var $scriptServer;
@ -151,23 +164,24 @@ class Config {
/** LDAP cache timeout */ /** LDAP cache timeout */
var $cachetimeout; var $cachetimeout;
/** password hash algorithm */ /** Password hash algorithm */
var $pwdhash; var $pwdhash;
/** text to include in user PDF files */ /** Text to include in user PDF files */
var $pdftext = ""; var $pdftext = "";
/** account modules /**
** TODO add default modules for LAM <0.5 * Account modules
* TODO add default modules for LAM <0.5
*/ */
var $usermodules = "um1,um2,um3"; var $usermodules = "um1,um2,um3";
var $groupmodules = "gm1,gm2,gm3"; var $groupmodules = "gm1,gm2,gm3";
var $hostmodules = "hm1,hm2,hm3"; var $hostmodules = "hm1,hm2,hm3";
/** name of configuration file */ /** Name of configuration file */
var $file; var $file;
/** list of all settings in config file */ /** List of all settings in config file */
var $settings = array("ServerURL", "Passwd", "Admins", "usersuffix", "groupsuffix", "hostsuffix", var $settings = array("ServerURL", "Passwd", "Admins", "usersuffix", "groupsuffix", "hostsuffix",
"domainsuffix", "MinUID", "MaxUID", "MinGID", "MaxGID", "MinMachine", "MaxMachine", "domainsuffix", "MinUID", "MaxUID", "MinGID", "MaxGID", "MinMachine", "MaxMachine",
"userlistAttributes", "grouplistAttributes", "hostlistAttributes", "maxlistentries", "userlistAttributes", "grouplistAttributes", "hostlistAttributes", "maxlistentries",
@ -176,7 +190,7 @@ class Config {
/** /**
* constructor, loads preferences from config file * Loads preferences from config file
* *
* @param $file Index number in config file array * @param $file Index number in config file array
*/ */
@ -190,7 +204,7 @@ class Config {
$this->reload(); $this->reload();
} }
/** reloads preferences from config file */ /** Reloads preferences from config file */
function reload() { function reload() {
$conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/" . $this->file . ".conf"; $conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/" . $this->file . ".conf";
if (is_file($conffile) == True) { if (is_file($conffile) == True) {
@ -224,7 +238,7 @@ class Config {
} }
} }
/** saves preferences to config file */ /** Saves preferences to config file */
function save() { function save() {
$conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/" . $this->file . ".conf"; $conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/" . $this->file . ".conf";
if (is_file($conffile) == True) { if (is_file($conffile) == True) {
@ -299,7 +313,7 @@ class Config {
} }
} }
/** prints current preferences */ /** Prints current preferences */
function printconf() { function printconf() {
echo "<b>" . _("Server address") . ": </b>" . $this->ServerURL . "<br>"; echo "<b>" . _("Server address") . ": </b>" . $this->ServerURL . "<br>";
echo "<b>" . _("Password hash type") . ": </b>" . $this->pwdhash . "<br>"; echo "<b>" . _("Password hash type") . ": </b>" . $this->pwdhash . "<br>";
@ -331,7 +345,7 @@ class Config {
// functions to read/write preferences // functions to read/write preferences
/** /**
* returns the server address as string * Returns the server address as string
* *
* @return server address * @return server address
*/ */
@ -340,7 +354,7 @@ class Config {
} }
/** /**
* sets the server address * Sets the server address
* *
* @param $value new server address * @param $value new server address
* @return true if $value has correct format * @return true if $value has correct format
@ -352,7 +366,7 @@ class Config {
} }
/** /**
* returns an array of string with all admin names * Returns an array of string with all admin names
* *
* @return the admin names * @return the admin names
*/ */
@ -361,7 +375,7 @@ class Config {
} }
/** /**
* returns all admin users seperated by semicolons * Returns all admin users seperated by semicolons
* *
* @return the admin string * @return the admin string
*/ */
@ -370,7 +384,7 @@ class Config {
} }
/** /**
* sets the admin string * Sets the admin string
* *
* @param $value new admin string that contains all admin users seperated by semicolons * @param $value new admin string that contains all admin users seperated by semicolons
* @return true if $value has correct format * @return true if $value has correct format
@ -385,7 +399,7 @@ class Config {
} }
/** /**
* returns the password to access the preferences wizard * Returns the password to access the preferences wizard
* *
* @return the password * @return the password
*/ */
@ -394,7 +408,7 @@ class Config {
} }
/** /**
* sets the preferences wizard password * Sets the preferences wizard password
* *
* @param $value new password * @param $value new password
* @return true if $value has correct format * @return true if $value has correct format
@ -406,7 +420,7 @@ class Config {
} }
/** /**
* returns the LDAP suffix where users are saved * Returns the LDAP suffix where users are saved
* *
* @return the user suffix * @return the user suffix
*/ */
@ -415,7 +429,7 @@ class Config {
} }
/** /**
* sets the LDAP suffix where users are saved * Sets the LDAP suffix where users are saved
* *
* @param $value new user suffix * @param $value new user suffix
* @return true if $value has correct format * @return true if $value has correct format
@ -438,7 +452,7 @@ class Config {
} }
/** /**
* sets the LDAP suffix where groups are saved * Sets the LDAP suffix where groups are saved
* *
* @param $value new group suffix * @param $value new group suffix
* @return true if $value has correct format * @return true if $value has correct format
@ -461,7 +475,7 @@ class Config {
} }
/** /**
* sets the LDAP suffix where hosts are saved * Sets the LDAP suffix where hosts are saved
* *
* @param $value new host suffix * @param $value new host suffix
* @return true if $value has correct format * @return true if $value has correct format
@ -476,7 +490,7 @@ class Config {
} }
/** /**
* returns the LDAP suffix where domains are saved * Returns the LDAP suffix where domains are saved
* *
* @return the domain suffix * @return the domain suffix
*/ */
@ -485,7 +499,7 @@ class Config {
} }
/** /**
* sets the LDAP suffix where domains are saved * Sets the LDAP suffix where domains are saved
* *
* @param $value new domain suffix * @param $value new domain suffix
* @return true if $value has correct format * @return true if $value has correct format
@ -500,7 +514,7 @@ class Config {
} }
/** /**
* returns the minimum UID to use when creating new users * Returns the minimum UID to use when creating new users
* *
* @return the minimum UID number * @return the minimum UID number
*/ */
@ -509,7 +523,7 @@ class Config {
} }
/** /**
* sets the minimum UID to use when creating new users * Sets the minimum UID to use when creating new users
* *
* @param $value new minimum UID number * @param $value new minimum UID number
* @return true if $value has correct format * @return true if $value has correct format
@ -521,7 +535,7 @@ class Config {
} }
/** /**
* returns the maximum UID to use when creating new users * Returns the maximum UID to use when creating new users
* *
* @return the maximum UID number * @return the maximum UID number
*/ */
@ -530,7 +544,7 @@ class Config {
} }
/** /**
* sets the maximum UID to use when creating new users * Sets the maximum UID to use when creating new users
* *
* @param $value new maximum UID number * @param $value new maximum UID number
* @return true if $value has correct format * @return true if $value has correct format
@ -542,7 +556,7 @@ class Config {
} }
/** /**
* returns the minimum GID to use when creating new groups * Returns the minimum GID to use when creating new groups
* *
* @return the minimum GID number * @return the minimum GID number
*/ */
@ -551,7 +565,7 @@ class Config {
} }
/** /**
* sets the minimum GID to use when creating new groups * Sets the minimum GID to use when creating new groups
* *
* @param $value new minimum GID number * @param $value new minimum GID number
* @return true if $value has correct format * @return true if $value has correct format
@ -563,7 +577,7 @@ class Config {
} }
/** /**
* returns the maximum GID to use when creating new groups * Returns the maximum GID to use when creating new groups
* *
* @return the maximum GID number * @return the maximum GID number
*/ */
@ -572,7 +586,7 @@ class Config {
} }
/** /**
* sets the maximum GID to use when creating new groups * Sets the maximum GID to use when creating new groups
* *
* @param $value new maximum GID number * @param $value new maximum GID number
* @return true if $value has correct format * @return true if $value has correct format
@ -584,7 +598,7 @@ class Config {
} }
/** /**
* returns the minimum UID to use when creating new Samba hosts * Returns the minimum UID to use when creating new Samba hosts
* *
* @return the minimum UID number * @return the minimum UID number
*/ */
@ -593,7 +607,7 @@ class Config {
} }
/** /**
* sets the minimum UID to use when creating new Samba hosts * Sets the minimum UID to use when creating new Samba hosts
* *
* @param $value new minimum UID number * @param $value new minimum UID number
* @return true if $value has correct format * @return true if $value has correct format
@ -606,7 +620,7 @@ class Config {
} }
/** /**
* returns the maximum UID to use when creating new Samba hosts * Returns the maximum UID to use when creating new Samba hosts
* *
* @return the maximum UID number * @return the maximum UID number
*/ */
@ -615,7 +629,7 @@ class Config {
} }
/** /**
* sets the maximum UID to use when creating new Samba hosts * Sets the maximum UID to use when creating new Samba hosts
* *
* @param $value new maximum UID number * @param $value new maximum UID number
* @return true if $value has correct format * @return true if $value has correct format
@ -628,7 +642,7 @@ class Config {
} }
/** /**
* returns the list of attributes to show in user list * Returns the list of attributes to show in user list
* *
* @return the attribute list * @return the attribute list
*/ */
@ -637,7 +651,7 @@ class Config {
} }
/** /**
* sets the list of attributes to show in user list * Sets the list of attributes to show in user list
* *
* @param $value new attribute string * @param $value new attribute string
* @return true if $value has correct format * @return true if $value has correct format
@ -651,7 +665,7 @@ class Config {
} }
/** /**
* returns the list of attributes to show in group list * Returns the list of attributes to show in group list
* *
* @return the attribute list * @return the attribute list
*/ */
@ -660,7 +674,7 @@ class Config {
} }
/** /**
* sets the list of attributes to show in group list * Sets the list of attributes to show in group list
* *
* @param $value new attribute string * @param $value new attribute string
* @return true if $value has correct format * @return true if $value has correct format
@ -674,7 +688,7 @@ class Config {
} }
/** /**
* returns the list of attributes to show in host list * Returns the list of attributes to show in host list
* *
* @return the attribute list * @return the attribute list
*/ */
@ -683,7 +697,7 @@ class Config {
} }
/** /**
* sets the list of attributes to show in host list * Sets the list of attributes to show in host list
* *
* @param $value new attribute string * @param $value new attribute string
* @return true if $value has correct format * @return true if $value has correct format
@ -698,7 +712,7 @@ class Config {
} }
/** /**
* returns the maximum number of rows in user/group/host lists * Returns the maximum number of rows in user/group/host lists
* *
* @return maximum number * @return maximum number
*/ */
@ -707,7 +721,7 @@ class Config {
} }
/** /**
* sets the maximum number of rows in user/group/host lists * Sets the maximum number of rows in user/group/host lists
* *
* @param $value new attribute string * @param $value new attribute string
* @return true if $value has correct format * @return true if $value has correct format
@ -719,7 +733,7 @@ class Config {
} }
/** /**
* returns the default language string * Returns the default language string
* *
* @return default language * @return default language
*/ */
@ -728,7 +742,7 @@ class Config {
} }
/** /**
* sets the default language string * Sets the default language string
* *
* @param $value new default language * @param $value new default language
* @return true if $value has correct format * @return true if $value has correct format
@ -740,7 +754,7 @@ class Config {
} }
/** /**
* returns the path to the external script * Returns the path to the external script
* *
* @return script path * @return script path
*/ */
@ -749,7 +763,7 @@ class Config {
} }
/** /**
* sets the path to the external script * Sets the path to the external script
* *
* @param $value new script path * @param $value new script path
* @return true if $value has correct format * @return true if $value has correct format
@ -762,7 +776,7 @@ class Config {
} }
/** /**
* returns the server of the external script * Returns the server of the external script
* *
* @return script server * @return script server
*/ */
@ -771,7 +785,7 @@ class Config {
} }
/** /**
* sets the server of the external script * Sets the server of the external script
* *
* @param $value new script server * @param $value new script server
* @return true if $value has correct format * @return true if $value has correct format
@ -785,20 +799,31 @@ class Config {
return true; return true;
} }
// returns the LDAP cache timeout in minutes /**
* Returns the LDAP cache timeout in minutes
*
* @return cache time
*/
function get_cacheTimeout() { function get_cacheTimeout() {
if (isset($this->cachetimeout)) return $this->cachetimeout; if (isset($this->cachetimeout)) return $this->cachetimeout;
else return 5; else return 5;
} }
// returns the LDAP cache timeout in seconds /**
* Returns the LDAP cache timeout in seconds
*
* @return cache time
*/
function get_cacheTimeoutSec() { function get_cacheTimeoutSec() {
return $this->cachetimeout * 60; return $this->cachetimeout * 60;
} }
// sets the LDAP cache timeout in minutes (0,1,2,5,10,15) /**
// $value: new cache timeout * Sets the LDAP cache timeout in minutes (0,1,2,5,10,15)
// returns true if $value has correct format *
* @param $value new cache timeout
* @return true if $value has correct format
*/
function set_cacheTimeout($value) { function set_cacheTimeout($value) {
if (is_numeric($value) && ($value > -1)) { if (is_numeric($value) && ($value > -1)) {
$this->cachetimeout = $value; $this->cachetimeout = $value;
@ -807,15 +832,22 @@ class Config {
return true; return true;
} }
// returns the password hash type /**
* Returns the password hash type
*
* @return password hash
*/
function get_pwdhash() { function get_pwdhash() {
if ($this->pwdhash) return strtoupper($this->pwdhash); if ($this->pwdhash) return strtoupper($this->pwdhash);
else return "SSHA"; else return "SSHA";
} }
// set the password hash type (CRYPT/SHA/SSHA/MD5/SMD5) /**
// $value: new password hash algorithm * Sets the password hash type (CRYPT/SHA/SSHA/MD5/SMD5)
// returns true if $value has correct format *
* @param $value new password hash algorithm
* @return true if $value has correct format
*/
function set_pwdhash($value) { function set_pwdhash($value) {
if (is_string($value) && eregi("^(crypt|sha|ssha|md5|smd5|plain)$", $value)) { if (is_string($value) && eregi("^(crypt|sha|ssha|md5|smd5|plain)$", $value)) {
$this->pwdhash = $value; $this->pwdhash = $value;
@ -824,15 +856,22 @@ class Config {
return true; return true;
} }
// returns text for user PDF files /**
* Returns text for user PDF files
*
* @return text string
*/
function get_pdftext($name = "user") { function get_pdftext($name = "user") {
if ($this->pdftext) return $this->pdftext; if ($this->pdftext) return $this->pdftext;
else return ""; else return "";
} }
// set the text for user PDF files /**
// $value: string containing the text * Sets the text for user PDF files
// returns true if $value has correct format and could be saved *
* @param $value string containing the text
* @return true if $value has correct format and could be saved
*/
function set_pdftext($value) { function set_pdftext($value) {
// check if text changed // check if text changed
if ($value == $this->pdftext) return true; if ($value == $this->pdftext) return true;
@ -852,7 +891,11 @@ class Config {
return true; return true;
} }
// returns an array of all selected user modules /**
* Returns an array of all selected user modules
*
* @return user modules
*/
function get_UserModules() { function get_UserModules() {
$modules = explode(",", $this->usermodules); $modules = explode(",", $this->usermodules);
$available = getAvailableModules('user'); $available = getAvailableModules('user');
@ -864,9 +907,12 @@ class Config {
return $ret; return $ret;
} }
// sets the selected user modules /**
// $modules: array with module names (not aliases!) * Sets the selected user modules
// returns true if $modules has correct format *
* @param $modules array with module names (not aliases!)
* @return true if $modules has correct format
*/
function set_UserModules($modules) { function set_UserModules($modules) {
if (! is_array($modules)) return false; if (! is_array($modules)) return false;
// check module names // check module names
@ -879,7 +925,11 @@ class Config {
return true; return true;
} }
// returns an array of all selected group modules /**
* Returns an array of all selected group modules
*
* @return group modules
*/
function get_GroupModules() { function get_GroupModules() {
$modules = explode(",", $this->groupmodules); $modules = explode(",", $this->groupmodules);
$available = getAvailableModules('group'); $available = getAvailableModules('group');
@ -891,9 +941,12 @@ class Config {
return $ret; return $ret;
} }
// sets the selected group modules /**
// $modules: array with module names (not aliases!) * Sets the selected group modules
// returns true if $modules has correct format *
* @param $modules array with module names (not aliases!)
* @return true if $modules has correct format
*/
function set_GroupModules($modules) { function set_GroupModules($modules) {
if (! is_array($modules)) return false; if (! is_array($modules)) return false;
// check module names // check module names
@ -906,7 +959,11 @@ class Config {
return true; return true;
} }
// returns an array of all selected host modules /**
* Returns an array of all selected host modules
*
* @return host modules
*/
function get_HostModules() { function get_HostModules() {
$modules = explode(",", $this->hostmodules); $modules = explode(",", $this->hostmodules);
$available = getAvailableModules('host'); $available = getAvailableModules('host');
@ -918,9 +975,12 @@ class Config {
return $ret; return $ret;
} }
// sets the selected host modules /**
// $modules: array with module names (not aliases!) * Sets the selected host modules
// returns true if $modules has correct format *
* @param $modules array with module names (not aliases!)
* @return true if $modules has correct format
*/
function set_HostModules($modules) { function set_HostModules($modules) {
if (! is_array($modules)) return false; if (! is_array($modules)) return false;
// check module names // check module names
@ -936,24 +996,29 @@ class Config {
} }
/* /**
// class CfgMain * This class manages config.cfg.
*
* @package configuration
*/ */
// manages config.cfg
class CfgMain { class CfgMain {
// default profile /** Default profile */
var $default; var $default;
// password to change config.cfg /** Password to change config.cfg */
var $password; var $password;
// constructor, loads preferences from config file /**
* Loads preferences from config file
*/
function CfgMain() { function CfgMain() {
$this->reload(); $this->reload();
} }
// reloads preferences from config file config.cfg /**
* Reloads preferences from config file config.cfg
*/
function reload() { function reload() {
$conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg"; $conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg";
if (is_file($conffile) == True) { if (is_file($conffile) == True) {
@ -979,7 +1044,9 @@ class CfgMain {
} }
} }
// saves preferences to config file config.cfg /**
* Saves preferences to config file config.cfg
*/
function save() { function save() {
$conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg"; $conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg";
if (is_file($conffile) == True) { if (is_file($conffile) == True) {

239
lam/lib/ldap.inc
View File

@ -21,20 +21,36 @@ $Id$
*/ */
// ldap.inc provides basic functions to connect to the OpenLDAP server. /**
* ldap.inc provides basic functions to connect to the OpenLDAP server.
*
* @package LDAP
* @author Roland Gruber
*/
/** Access to configuration data */
include_once("config.inc"); include_once("config.inc");
/** Encryption functions */
include_once("blowfish.inc"); include_once("blowfish.inc");
// converts a HEX string to a binary value /**
* Converts a HEX string to a binary value
*
* @param string $value HEX string
* @return binary result binary
*/
function hex2bin($value) { function hex2bin($value) {
return pack("H*", $value); return pack("H*", $value);
} }
// returns the hash value of a plain text password /**
// the hash algorithm depends on the configuration file * Returns the hash value of a plain text password
// $password: the password string * the hash algorithm depends on the configuration file
// $enabled: marks the hash as enabled/disabled (e.g. by prefixing "!") *
* @param string $password the password string
* @param boolean $enabled marks the hash as enabled/disabled (e.g. by prefixing "!")
* @return string the password hash
*/
function pwd_hash($password, $enabled=true) { function pwd_hash($password, $enabled=true) {
// check for empty password // check for empty password
if (! $password || ($password == "")) { if (! $password || ($password == "")) {
@ -117,9 +133,12 @@ function pwd_hash($password, $enabled=true) {
} }
// marks an password hash as enabled /**
// and returns the new hash string * Marks an password hash as enabled and returns the new hash string
// hash: hash value to enable *
* @param string $hash hash value to enable
* @return string enabled password hash
*/
function pwd_enable($hash) { function pwd_enable($hash) {
// check if password is disabled (old wrong LAM method) // check if password is disabled (old wrong LAM method)
if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) { if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) {
@ -139,9 +158,12 @@ function pwd_enable($hash) {
} }
} }
// marks an password hash as disabled /**
// and returns the new hash string * Marks an password hash as disabled and returns the new hash string
// hash: hash value to disable *
* @param string $hash hash value to disable
* @return string disabled hash value
*/
function pwd_disable($hash) { function pwd_disable($hash) {
// check if password is disabled (old wrong LAM method) // check if password is disabled (old wrong LAM method)
if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) { if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) {
@ -161,8 +183,12 @@ function pwd_disable($hash) {
} }
} }
// checks if a password hash is enabled/disabled /**
// returns true if the password is marked as enabled * Checks if a password hash is enabled/disabled
*
* @param string $hash password hash to check
* @return boolean true if the password is marked as enabled
*/
function pwd_is_enabled($hash) { function pwd_is_enabled($hash) {
// disabled passwords have a "!" or "*" at the beginning (old wrong LAM method) // disabled passwords have a "!" or "*" at the beginning (old wrong LAM method)
if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) return false; if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) return false;
@ -176,37 +202,48 @@ function pwd_is_enabled($hash) {
} }
// manages connection to LDAP and several helper functions /**
* Ldap manages connection to LDAP and includes several helper functions.
*
* @package LDAP
*/
class Ldap{ class Ldap{
// object of Config to access preferences /** Object of Config to access preferences */
var $conf; var $conf;
// server handle /** Server handle */
var $server; var $server;
// LDAP username and password used for bind /** LDAP username used for bind */
var $username; var $username;
/** LDAP password used for bind */
var $password; var $password;
// Arrays that contain LDAP attributes and their descriptions which are translated /** Contains LDAP attributes for user list and their descriptions */
var $ldapUserAttributes; var $ldapUserAttributes;
/** Contains LDAP attributes for group list and their descriptions */
var $ldapGroupAttributes; var $ldapGroupAttributes;
/** Contains LDAP attributes for host list and their descriptions */
var $ldapHostAttributes; var $ldapHostAttributes;
// array with all objectClass strings from the LDAP server /** Array with all objectClass strings from the LDAP server */
var $objectClasses; var $objectClasses;
// capabilities of the LDAP server // Capabilities of the LDAP server
var $supports_unix_hosts=false; // host attribute in inetOrgPerson /** Host attribute in inetOrgPerson */
var $supports_samba2_schema=false; // objectClass sambaAccount var $supports_unix_hosts = false;
var $supports_samba3_schema=false; // objectClass sambaSamAccount /** ObjectClass sambaAccount */
var $supports_samba2_schema = false;
/** ObjectClass sambaSamAccount */
var $supports_samba3_schema = false;
// random number (changes on every page request) /** Random number (changes on every page request) */
var $rand; var $rand;
// constructor /**
// $config: an object of Config (../config/config.php) * @param object $config an object of class Config
*/
function Ldap($config) { function Ldap($config) {
setlanguage(); setlanguage();
if (is_object($config)) $this->conf = $config; if (is_object($config)) $this->conf = $config;
@ -245,10 +282,13 @@ class Ldap{
return true; return true;
} }
// connects to the server using the given username and password /**
// if connect succeeds the server handle is returned * Connects to the server using the given username and password
// $user: user name *
// $passwd: password * @param string $user user name
* @param string $passwd password
* @return mixed if connect succeeds the server handle is returned, else false
*/
function connect($user, $passwd) { function connect($user, $passwd) {
// close any prior connection // close any prior connection
@$this->close(); @$this->close();
@ -288,14 +328,17 @@ class Ldap{
else return false; else return false;
} }
// closes connection to server /** Closes connection to server */
function close() { function close() {
@ldap_close($this->server); @ldap_close($this->server);
} }
// searches LDAP for a specific user name /**
// and returns its DN entry * Searches LDAP for a specific user name and returns its DN entry
// $name: user name *
* @param string $name user name
* @return string DN
*/
function search_username($name) { function search_username($name) {
$filter = "(uid=$name)"; $filter = "(uid=$name)";
$attrs = array(); $attrs = array();
@ -309,8 +352,12 @@ class Ldap{
} }
} }
// returns an array with all organizational units under the given suffix /**
// $suffix: search suffix * Returns an array with all organizational units under the given suffix
*
* @param string $suffix search suffix
* @return array DNs of organizational units
*/
function search_units($suffix) { function search_units($suffix) {
$ret = array(); $ret = array();
$sr = @ldap_search($this->server(), $suffix, "objectClass=organizationalunit", array("DN")); $sr = @ldap_search($this->server(), $suffix, "objectClass=organizationalunit", array("DN"));
@ -336,8 +383,12 @@ class Ldap{
return $ret; return $ret;
} }
// returns an array with all Samba 3 domain entries under the given suffix /**
// $suffix: search suffix * Returns an array with all Samba 3 domain entries under the given suffix
*
* @param string $suffix search suffix
* @return array list of samba3domain objects
*/
function search_domains($suffix) { function search_domains($suffix) {
$ret = array(); $ret = array();
$attr = array("DN", "sambaDomainName", "sambaSID", "sambaNextRid", "sambaNextGroupRid", $attr = array("DN", "sambaDomainName", "sambaSID", "sambaNextRid", "sambaNextGroupRid",
@ -364,7 +415,7 @@ class Ldap{
return $ret; return $ret;
} }
// reads the array of objectClasses from the LDAP server /** Reads the array of objectClasses from the LDAP server */
function updateClasses() { function updateClasses() {
// read from default cn // read from default cn
$sr = @ldap_read($this->server, 'cn=subschema', '(objectClass=*)', array('objectclasses')); $sr = @ldap_read($this->server, 'cn=subschema', '(objectClass=*)', array('objectclasses'));
@ -383,7 +434,7 @@ class Ldap{
$this->objectClasses = array(); $this->objectClasses = array();
} }
// updates the capabilities values (var $supports_*) /** Updates the capabilities values (var $supports_*) */
function updateCapabilities() { function updateCapabilities() {
for ($i = 0; $i < sizeof($this->objectClasses); $i++) { for ($i = 0; $i < sizeof($this->objectClasses); $i++) {
$line = $this->objectClasses[$i]; $line = $this->objectClasses[$i];
@ -394,12 +445,16 @@ class Ldap{
} }
} }
// returns the LDAP connection handle /**
* Returns the LDAP connection handle
*
* @return object connection handle
*/
function server() { function server() {
return $this->server; return $this->server;
} }
// closes connection to LDAP server before serialization /** Closes connection to LDAP server before serialization */
function __sleep() { function __sleep() {
$this->close(); $this->close();
// define which attributes to save // define which attributes to save
@ -408,7 +463,7 @@ class Ldap{
"supports_samba3_schema", "rand"); "supports_samba3_schema", "rand");
} }
// reconnects to LDAP server when deserialized /** Reconnects to LDAP server when deserialized */
function __wakeup() { function __wakeup() {
$data = $this->decrypt_login(); $data = $this->decrypt_login();
$this->connect($data[0], $data[1]); $this->connect($data[0], $data[1]);
@ -432,16 +487,19 @@ class Ldap{
} }
} }
// calculates a new value for rand /** Calculates a new value for rand */
function new_rand() { function new_rand() {
// change random number // change random number
mt_srand($this->rand + (microtime() * 1000000)); mt_srand($this->rand + (microtime() * 1000000));
$this->rand = mt_rand(); $this->rand = mt_rand();
} }
// encrypts a string /**
// $data: string to encrypt * Encrypts a string
// return: encrypted string *
* @param string $data string to encrypt
* @return object encrypted string
*/
function encrypt($data) { function encrypt($data) {
// use MCrypt if available // use MCrypt if available
if (function_exists(mcrypt_create_iv)) { if (function_exists(mcrypt_create_iv)) {
@ -463,9 +521,12 @@ class Ldap{
} }
} }
// decrypts a string /**
// $data: string to decrypt * Decrypts a string
// return: decrypted string *
* @param object $data string to decrypt
* @return string decrypted string
*/
function decrypt($data) { function decrypt($data) {
// use MCrypt if available // use MCrypt if available
if (function_exists(mcrypt_create_iv)) { if (function_exists(mcrypt_create_iv)) {
@ -489,19 +550,23 @@ class Ldap{
} }
} }
// encrypts username and password /**
// $username: LDAP user name * Encrypts username and password
// $password: LDAP password *
* @param string $username LDAP user name
* @param string $password LDAP password
*/
function encrypt_login($username, $password) { function encrypt_login($username, $password) {
// encrypt username and password // encrypt username and password
$this->username = base64_encode($this->encrypt($username)); $this->username = base64_encode($this->encrypt($username));
$this->password = base64_encode($this->encrypt($password)); $this->password = base64_encode($this->encrypt($password));
} }
// decrypts username and password /**
// returns an array * Decrypts username and password
// return[0]: user name *
// return[1]: password * @return array array(user name, password)
*/
function decrypt_login() { function decrypt_login() {
// decrypt username and password // decrypt username and password
$username = $this->decrypt(base64_decode($this->username)); $username = $this->decrypt(base64_decode($this->username));
@ -510,30 +575,48 @@ class Ldap{
return $ret; return $ret;
} }
// closes connection to LDAP server and deletes encrypted username/password /** Closes connection to LDAP server and deletes encrypted username/password */
function destroy() { function destroy() {
$this->close(); $this->close();
$this->username="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; $this->username="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$this->password="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; $this->password="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
} }
// returns an array that contains LDAP attribute names and their description /**
* Returns the LDAP attribute names and their description for the user list
*
* @return array list of LDAP attributes and descriptions
*/
function attributeUserArray() { function attributeUserArray() {
return $this->ldapUserAttributes; return $this->ldapUserAttributes;
} }
// returns an array that contains LDAP attribute names and their description /**
* Returns the LDAP attribute names and their description for the group list
*
* @return array list of LDAP attributes and descriptions
*/
function attributeGroupArray() { function attributeGroupArray() {
return $this->ldapGroupAttributes; return $this->ldapGroupAttributes;
} }
// returns an array that contains LDAP attribute names and their description /**
* Returns the LDAP attribute names and their description for the host list
*
* @return array list of LDAP attributes and descriptions
*/
function attributeHostArray() { function attributeHostArray() {
return $this->ldapHostAttributes; return $this->ldapHostAttributes;
} }
// helper function to sort the unit DNs /**
* Helper function to sort the unit DNs
*
* @param string $a first argument to compare
* @param string $b second argument to compare
* @return integer 0 if equal, 1 if $a is greater, -1 if $b is greater
*/
function cmp_array($a, $b) { function cmp_array($a, $b) {
// split DNs // split DNs
$array_a = explode(",", $a); $array_a = explode(",", $a);
@ -560,7 +643,13 @@ class Ldap{
} }
} }
// helper function to sort the domains /**
* Helper function to sort the domains
*
* @param string $a first argument to compare
* @param string $b second argument to compare
* @return integer 0 if equal, 1 if $a is greater, -1 if $b is greater
*/
function cmp_domain($a, $b) { function cmp_domain($a, $b) {
if ($a->name == $b->name) return 0; if ($a->name == $b->name) return 0;
elseif ($a->name == max($a->name, $b->name)) return 1; elseif ($a->name == max($a->name, $b->name)) return 1;
@ -570,29 +659,33 @@ class Ldap{
} }
// represents a Samba 3 domain entry /**
* Represents a Samba 3 domain entry
*
* @package LDAP
*/
class samba3domain { class samba3domain {
// DN /** DN */
var $dn; var $dn;
// domain name /** Domain name */
var $name; var $name;
// domain SID /** Domain SID */
var $SID; var $SID;
// next RID /** Next RID */
var $nextRID; var $nextRID;
// next user RID /** Next user RID */
var $nextUserRID; var $nextUserRID;
// next group RID /** Next group RID */
var $nextGroupRID; var $nextGroupRID;
// RID base to calculate RIDs, default 1000 /** RID base to calculate RIDs, default 1000 */
var $RIDbase=1000; var $RIDbase = 1000;
} }
?> ?>