read()){ $ext = substr($entry, strlen($entry)-5, 5); $name = substr($entry, 0, strlen($entry)-5); // check if extension is right, add to profile list if ($ext == ".conf") { $ret[$pos] = $name; $pos ++; } } sort($ret); return $ret; } /** * Returns the version number of this LAM installation. * Format: .. *
Major/minor version are always numbers, patch level may contain letters for inofficial releases only (e.g. 0.5.alpha1). * * @return string version number */ function LAMVersion() { $file = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/VERSION"; if (is_readable($file)) { $handle = fopen($file, "r"); if (!feof($handle)) { return trim(fgets($handle, 20)); } } // file was not readable return '0.0.unknown'; } /** * Prints a meta refresh page * * @param string $page the URL of the target page */ function metaRefresh($page) { if (isset($_SESSION['header'])) { echo $_SESSION['header']; } else { echo ''; echo "\n"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; // print link if refresh does not work echo "

\n"; echo "" . _("Click here if you are not directed to the next page.") . "\n"; echo "

\n"; echo "\n"; echo "\n"; } /** * This class manages .conf files. * * @package configuration */ class LAMConfig { /* access levels */ const ACCESS_ALL = 100; const ACCESS_PASSWORD_CHANGE = 20; const ACCESS_READ_ONLY = 0; /* return codes for saving configuration file */ const SAVE_OK = 0; const SAVE_FAIL = 1; /* login method: predefined list or LDAP search */ const LOGIN_LIST = 'list'; const LOGIN_SEARCH = 'search'; /** line separator */ const LINE_SEPARATOR = '+::+'; /** Server address (e.g. ldap://127.0.0.1:389) */ private $ServerURL; /** enables/disables TLS encryption */ private $useTLS; /** Array of string: users with admin rights */ private $Admins; /** Password to edit preferences */ private $Passwd; /** LDAP suffix for tree view */ private $treesuffix; /** Default language */ private $defaultLanguage; /** module settings */ private $moduleSettings = array(); /** type settings */ private $typeSettings = array(); /** tool settings */ private $toolSettings = array(); /** * Path to external lamdaemon script on server where it is executed * * This is used for managing quota and home directories. * optional setting, may not be defined */ private $scriptPath; /** * The rights for the home directory */ private $scriptRights = '750'; /** * Servers where lamdaemon script is executed * * This is used for managing quota and home directories. * optional setting, may not be defined */ private $scriptServer; /** LDAP cache timeout */ private $cachetimeout; /** LDAP search limit */ private $searchLimit = 0; /** Active account types */ private $activeTypes = "user,group,host,smbDomain"; /** Name of configuration file */ private $file; /** access level */ private $accessLevel = LAMconfig::ACCESS_ALL; /** login method */ private $loginMethod = LAMconfig::LOGIN_LIST; /** search suffix for login */ private $loginSearchSuffix = 'dc=yourdomain,dc=org'; /** search filter for login */ private $loginSearchFilter = 'uid=%USER%'; /** bind user for login search */ private $loginSearchDN = ''; /** bind password for login search */ private $loginSearchPassword = ''; /** specifies if HTTP authentication should be used */ private $httpAuthentication = 'false'; /** email address for sender of password reset mails */ private $lamProMailFrom = ''; /** reply-to email address for password reset mails */ private $lamProMailReplyTo = ''; /** subject for password reset mails */ private $lamProMailSubject = ''; /** treat password reset mail body as HTML */ private $lamProMailIsHTML = 'false'; /** mail body for password reset mails */ private $lamProMailText = ''; /** List of all settings in config file */ private $settings = array("ServerURL", "useTLS", "Passwd", "Admins", "treesuffix", "defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout", "modules", "activeTypes", "types", "tools", "accessLevel", 'loginMethod', 'loginSearchSuffix', 'loginSearchFilter', 'searchLimit', 'lamProMailFrom', 'lamProMailReplyTo', 'lamProMailSubject', 'lamProMailText', 'lamProMailIsHTML', 'httpAuthentication', 'loginSearchDN', 'loginSearchPassword'); /** * Loads preferences from config file * * @param String $file file name without ".conf" (e.g. lam) */ function __construct($file) { if (empty($file) || !preg_match("/^[a-z0-9_-]+$/i", $file)) { logNewMessage(LOG_ERR, 'Invalid config file name: ' . $file); die(); } // load first profile if none is given if (!is_string($file)) { $profiles = getConfigProfiles(); $file = $profiles[0]; } $this->file = $file; $this->reload(); } /** * Reloads preferences from config file * * @return boolean true if file was readable */ private function reload() { $conffile = $this->getPath(); if (is_file($conffile) == True) { $file = @fopen($conffile, "r"); if (!$file) return false; // abort if file is not readable while (!feof($file)) { $line = fgets($file, 1024); $line = trim($line); // remove spaces at the beginning and end if (($line == "")||($line[0] == "#")) continue; // ignore comments and empty lines // search keywords for ($i = 0; $i < sizeof($this->settings); $i++) { $keyword = $this->settings[$i]; $keylen = strlen($keyword); if (strtolower(substr($line, 0, $keylen + 2)) == strtolower($keyword . ": ")) { // module settings if (strtolower(substr($line, 0, $keylen + 2)) == "modules: ") { $option = substr($line, $keylen + 2, strlen($line) - $keylen - 2); $pos = strpos($option, ":"); $this->moduleSettings[substr($option, 0, $pos)] = explode(LAMConfig::LINE_SEPARATOR, substr($option, $pos + 2)); } // type settings elseif (strtolower(substr($line, 0, $keylen + 2)) == "types: ") { $option = substr($line, $keylen + 2, strlen($line) - $keylen - 2); $pos = strpos($option, ":"); $this->typeSettings[substr($option, 0, $pos)] = substr($option, $pos + 2); } // tool settings elseif (strtolower(substr($line, 0, $keylen + 2)) == "tools: ") { $option = substr($line, $keylen + 2, strlen($line) - $keylen - 2); $pos = strpos($option, ":"); $this->toolSettings[substr($option, 0, $pos)] = substr($option, $pos + 2); } // general settings else { $this->$keyword = substr($line, $keylen + 2, strlen($line) - $keylen - 2); } break; } elseif (strtolower($line) == strtolower($keyword . ":")) { // set empty options $this->$keyword = ''; } } } fclose($file); } // check types $allTypes = getTypes(); $activeTypes = $this->get_ActiveTypes(); for ($i = 0; $i < sizeof($activeTypes); $i++) { if (!in_array($activeTypes[$i], $allTypes)) { unset($activeTypes[$i]); } } $activeTypes = array_values($activeTypes); $this->set_ActiveTypes($activeTypes); // check modules $scopes = $this->get_ActiveTypes(); for ($s = 0; $s < sizeof($scopes); $s++) { $scope = $scopes[$s]; $moduleVar = "modules_" . $scope; if (isset($this->typeSettings[$moduleVar])){ $modules = explode(",", $this->typeSettings[$moduleVar]); $available = getAvailableModules($scope); // only return available modules $ret = array(); for ($i = 0; $i < sizeof($modules); $i++) { if (in_array($modules[$i], $available)) $ret[] = $modules[$i]; } $this->typeSettings[$moduleVar] = implode(",", $ret); } } return true; } /** Saves preferences to config file */ public function save() { $conffile = $this->getPath(); if (is_file($conffile) == True) { $file = fopen($conffile, "r"); $file_array = array(); // read config file while (!feof($file)) { array_push($file_array, fgets($file, 1024)); } fclose($file); // generate new configuration file $saved = array(); // includes all settings which have been saved $mod_saved = array(); // includes all module settings which have been saved for ($i = 0; $i < sizeof($file_array); $i++) { $line = trim($file_array[$i]); if (($line == "")||($line[0] == "#")) continue; // ignore comments and empty lines // search for keywords for ($k = 0; $k < sizeof($this->settings); $k++) { $keyword = $this->settings[$k]; $keylen = strlen($keyword); if (strtolower(substr($line, 0, $keylen + 1)) == strtolower($keyword . ":")) { // module settings if (strtolower(substr($line, 0, $keylen + 2)) == "modules: ") { $option = substr($line, $keylen + 2, strlen($line) - $keylen - 2); $pos = strpos($option, ":"); $name = substr($option, 0, $pos); if (!isset($this->moduleSettings[$name])) continue; $file_array[$i] = "modules: " . $name . ": " . implode(LAMConfig::LINE_SEPARATOR, $this->moduleSettings[$name]) . "\n"; $mod_saved[] = $name; // mark keyword as saved } // type settings elseif (strtolower(substr($line, 0, $keylen + 2)) == "types: ") { $option = substr($line, $keylen + 2, strlen($line) - $keylen - 2); $pos = strpos($option, ":"); $name = substr($option, 0, $pos); if (!isset($this->typeSettings[$name])) continue; $file_array[$i] = "types: " . $name . ": " . $this->typeSettings[$name] . "\n"; $mod_saved[] = $name; // mark keyword as saved } // tool settings elseif (strtolower(substr($line, 0, $keylen + 2)) == "tools: ") { $option = substr($line, $keylen + 2, strlen($line) - $keylen - 2); $pos = strpos($option, ":"); $name = substr($option, 0, $pos); if (!isset($this->toolSettings[$name])) continue; $file_array[$i] = "tools: " . $name . ": " . $this->toolSettings[$name] . "\n"; $mod_saved[] = $name; // mark keyword as saved } // general settings else { $file_array[$i] = $keyword . ": " . $this->$keyword . "\n"; $saved[] = $keyword; // mark keyword as saved } break; } } } // check if we have to add new entries (e.g. if user upgraded LAM and has an old config file) if (!in_array("ServerURL", $saved)) array_push($file_array, "\n\n# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)\n" . "serverURL: " . $this->ServerURL . "\n"); if (!in_array("useTLS", $saved)) array_push($file_array, "\n\n# enable TLS encryption\n" . "useTLS: " . $this->useTLS . "\n"); if (!in_array("Passwd", $saved)) array_push($file_array, "\n\n# password to change these preferences via webfrontend\n" . "passwd: " . $this->Passwd . "\n"); if (!in_array("Admins", $saved)) array_push($file_array, "\n\n# list of users who are allowed to use LDAP Account Manager\n" . "# names have to be seperated by semicolons\n" . "# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org\n" . "admins: " . $this->Admins . "\n"); if (!in_array("treesuffix", $saved)) array_push($file_array, "\n\n# suffix of tree view\n" . "# e.g. dc=yourdomain,dc=org\n" . "treesuffix: " . $this->treesuffix . "\n"); if (!in_array("defaultLanguage", $saved)) array_push($file_array, "\n\n# default language (a line from config/language)\n" . "defaultLanguage: " . $this->defaultLanguage . "\n"); if (!in_array("scriptPath", $saved)) array_push($file_array, "\n\n# Path to external Script\n" . "scriptPath: " . $this->scriptPath . "\n"); if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Servers of external script\n" . "scriptServer: " . $this->scriptServer . "\n"); if (!in_array("scriptRights", $saved)) array_push($file_array, "\n\n# Access rights for home directories\n" . "scriptRights: " . $this->scriptRights . "\n"); if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n"); if (!in_array("searchLimit", $saved)) array_push($file_array, "\n\n# LDAP search limit.\n" . "searchLimit: " . $this->searchLimit . "\n"); if (!in_array("activeTypes", $saved)) array_push($file_array, "\n\n# List of active account types.\n" . "activeTypes: " . $this->activeTypes . "\n"); if (!in_array("accessLevel", $saved)) array_push($file_array, "\n\n# Access level for this profile.\n" . "accessLevel: " . $this->accessLevel . "\n"); if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n"); if (!in_array("loginSearchSuffix", $saved)) array_push($file_array, "\n\n# Search suffix for LAM login.\n" . "loginSearchSuffix: " . $this->loginSearchSuffix . "\n"); if (!in_array("loginSearchFilter", $saved)) array_push($file_array, "\n\n# Search filter for LAM login.\n" . "loginSearchFilter: " . $this->loginSearchFilter . "\n"); if (!in_array("loginSearchDN", $saved)) array_push($file_array, "\n\n# Bind DN for login search.\n" . "loginSearchDN: " . $this->loginSearchDN . "\n"); if (!in_array("loginSearchPassword", $saved)) array_push($file_array, "\n\n# Bind password for login search.\n" . "loginSearchPassword: " . $this->loginSearchPassword . "\n"); if (!in_array("httpAuthentication", $saved)) array_push($file_array, "\n\n# HTTP authentication for LAM login.\n" . "httpAuthentication: " . $this->httpAuthentication . "\n"); if (!in_array("lamProMailFrom", $saved)) array_push($file_array, "\n\n# Password mail from\n" . "lamProMailFrom: " . $this->lamProMailFrom . "\n"); if (!in_array("lamProMailReplyTo", $saved)) array_push($file_array, "\n\n# Password mail reply-to\n" . "lamProMailReplyTo: " . $this->lamProMailReplyTo . "\n"); if (!in_array("lamProMailSubject", $saved)) array_push($file_array, "\n\n# Password mail subject\n" . "lamProMailSubject: " . $this->lamProMailSubject . "\n"); if (!in_array("lamProMailIsHTML", $saved)) array_push($file_array, "\n\n# Password mail is HTML\n" . "lamProMailIsHTML: " . $this->lamProMailIsHTML . "\n"); if (!in_array("lamProMailText", $saved)) array_push($file_array, "\n\n# Password mail text\n" . "lamProMailText: " . $this->lamProMailText . "\n"); // check if all module settings were added $m_settings = array_keys($this->moduleSettings); for ($i = 0; $i < sizeof($m_settings); $i++) { if (!in_array($m_settings[$i], $mod_saved)) { array_push($file_array, "modules: " . $m_settings[$i] . ": " . implode(LAMConfig::LINE_SEPARATOR, $this->moduleSettings[$m_settings[$i]]) . "\n"); } } // check if all type settings were added $t_settings = array_keys($this->typeSettings); for ($i = 0; $i < sizeof($t_settings); $i++) { if (!in_array($t_settings[$i], $mod_saved)) { array_push($file_array, "types: " . $t_settings[$i] . ": " . $this->typeSettings[$t_settings[$i]] . "\n"); } } // check if all tool settings were added $tool_settings = array_keys($this->toolSettings); for ($i = 0; $i < sizeof($tool_settings); $i++) { if (!in_array($tool_settings[$i], $mod_saved)) { array_push($file_array, "tools: " . $tool_settings[$i] . ": " . $this->toolSettings[$tool_settings[$i]] . "\n"); } } $file = @fopen($conffile, "w"); if ($file) { for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]); fclose($file); @chmod ($conffile, 0600); return LAMConfig::SAVE_OK; } else { return LAMConfig::SAVE_FAIL; } } } /** * Returns the name of the config file * * @return String name */ public function getName() { return $this->file; } /** * Returns if the file can be written on the filesystem. * * @return boolean true if file is writable */ public function isWritable() { return is_writeable($this->getPath()); } /** * Returns the path to the config file. * * @return string path on filesystem */ public function getPath() { return substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/" . $this->file . ".conf"; } // functions to read/write preferences /** * Returns the server address as string * * @return string server address */ public function get_ServerURL() { return $this->ServerURL; } /** * Sets the server address * * @param string $value new server address * @return boolean true if $value has correct format */ public function set_ServerURL($value) { if (is_string($value)) $this->ServerURL = $value; else return false; return true; } /** * Returns if TLS is activated. * * @return String yes or no */ public function getUseTLS() { return $this->useTLS; } /** * Sets if TLS is activated. * * @param String yes or no * @return boolean true if $useTLS has correct format */ public function setUseTLS($useTLS) { if (($useTLS == "yes") || ($useTLS == "no")) { $this->useTLS = $useTLS; return true; } return false; } /** * Returns an array of string with all admin names * * @return array the admin names */ public function get_Admins() { return explode(";", $this->Admins); } /** * Returns all admin users seperated by semicolons * * @return string the admin string */ public function get_Adminstring() { return $this->Admins; } /** * Sets the admin string * * @param string $value new admin string that contains all admin users seperated by semicolons * @return boolean true if $value has correct format */ public function set_Adminstring($value) { if (is_string($value) && preg_match("/^[^;]+(;[^;]+)*$/", $value)) { $this->Admins = $value; } else return false; return true; } /** * Checks if the given password matches. * * @param String $password * @return boolean true, if matches */ public function check_Passwd($password) { if (substr($this->Passwd, 0, 6) == "{SSHA}") { // check hashed password $value = substr($this->Passwd, 6); $parts = explode(" ", $value); $salt = base64_decode($parts[1]); return ($this->hashPassword($password, $salt) === $this->Passwd); } else { // old nonhashed password return ($password === $this->Passwd); } } /** * Sets the preferences wizard password * * @param string $value new password * @return boolean true if $value has correct format */ public function set_Passwd($value) { if (is_string($value)) { mt_srand((microtime() * 1000000)); $rand = mt_rand(); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $value)), 0, 4); $this->Passwd = $this->hashPassword($value, $salt); return true; } else { return false; } } /** * Returns the hashed password. * * @param String $password password * @param String $salt salt * @return String hash value */ private function hashPassword($password, $salt) { return "{SSHA}" . base64_encode(convertHex2bin(sha1($password . $salt))) . " " . base64_encode($salt); } /** * Returns the LDAP suffix for the given account type * * @param string $scope account type * @return string the LDAP suffix */ public function get_Suffix($scope) { if ($scope == "tree") { return $this->treesuffix; } else { return $this->typeSettings['suffix_' . $scope]; } } /** * Sets the LDAP suffix where accounts are saved * * @param string $scope account type * @param string $value new LDAP suffix * @return boolean true if $value has correct format */ public function set_Suffix($scope, $value) { if (!$value) $value = ""; elseif (!is_string($value)) { return false; } if ($scope == "tree") { $this->treesuffix = $value; } else { $this->typeSettings['suffix_' . $scope] = $value; } return true; } /** * Returns the list of attributes to show in user list * * @param string $scope account type * @return string the attribute list */ public function get_listAttributes($scope) { return $this->typeSettings['attr_' . $scope]; } /** * Sets the list of attributes to show in user list * * @param string $value new attribute string * @param string $scope account type * @return boolean true if $value has correct format */ public function set_listAttributes($value, $scope) { if (is_string($value) && preg_match("/^((#[^:;]+)|([^:;]*:[^:;]+))(;((#[^:;]+)|([^:;]*:[^:;]+)))*$/", $value)) { $this->typeSettings['attr_' . $scope] = $value; return true; } else { return false; } } /** * Returns the default language string * * @return string default language */ public function get_defaultLanguage() { return $this->defaultLanguage; } /** * Sets the default language string * * @param string $value new default language * @return boolean true if $value has correct format */ public function set_defaultLanguage($value) { if (is_string($value)) $this->defaultLanguage = $value; else return false; return true; } /** * Returns the path to the external script * * @return string script path */ public function get_scriptPath() { return $this->scriptPath; } /** * Sets the path to the external script * * @param string $value new script path * @return boolean true if $value has correct format */ public function set_scriptPath($value) { if (!$value) $this->scriptPath = ""; // optional parameter elseif (is_string($value) && preg_match("/^\\/([a-z0-9_-])+(\\/([a-z0-9_\\.-])+)+$/i", $value)) $this->scriptPath = $value; else return false; return true; } /** * Returns the servers of the external script as a Array * * @return string script servers */ public function get_scriptServers() { return $this->scriptServer; } /** * Sets the servers of the external script * * @param string $value new script servers * @return boolean true if $value has correct format */ public function set_scriptServers($value) { if (!$value) { $this->scriptServer = ""; // optional parameter return true; } // Explode the value to an array $array_string = explode(";", $value); if (count($array_string) > 0) { // Check all IPs in the exploded Array $valid_ips = array(); foreach($array_string as $arr_value) { // Explode name and IP, if a name exists if (preg_match("/:/", $arr_value)) { $arr_value_explode = explode(":", $arr_value); $ip = $arr_value_explode[1]; $servername = $arr_value_explode[0]; } else { $ip = $arr_value; $servername = ""; } if (isset($ip) && is_string($ip) && preg_match("/^[a-z0-9-]+(\\.[a-z0-9-]+)*(,[0-9]+)?$/i", $ip)) { // Check if the IP has a server name if (!empty($servername)) { $valid_ips[] = $servername.":".$ip; } else { $valid_ips[] = $ip; } } else { // wrong format return false; } } // Check that the array is not empty if ($array_string > 0) { $this->scriptServer = implode(";", $valid_ips); return true; } else { // The array is empty, there was no valid IP return false; } } else { return false; } } /** * Returns the chmod value for new home directories. * * @return string rights */ public function get_scriptRights() { if (!isset($this->scriptRights)) return '755'; return $this->scriptRights; } /** * Sets the rights for the home directory. * * @param string $chmod the rights * @return boolean true if values has correct format */ public function set_scriptRights($chmod) { // check if the chmod is correct: if ($chmod > 0 && $chmod <=777) { $this->scriptRights=$chmod; return true; } else { return false; } } /** * Returns the LDAP cache timeout in minutes * * @return integer cache time */ public function get_cacheTimeout() { if (isset($this->cachetimeout)) return $this->cachetimeout; else return 5; } /** * Returns the LDAP cache timeout in seconds * * @return integer cache time */ public function get_cacheTimeoutSec() { return $this->cachetimeout * 60; } /** * Sets the LDAP cache timeout in minutes (0,1,2,5,10,15) * * @param integer $value new cache timeout * @return boolean true if $value has correct format */ public function set_cacheTimeout($value) { if (is_numeric($value) && ($value > -1)) { $this->cachetimeout = $value; } else return false; return true; } /** * Returns the LDAP search limit. * * @return integer search limit */ public function get_searchLimit() { return $this->searchLimit; } /** * Sets the LDAP search limit. * * @param integer $value new search limit * @return boolean true if $value has correct format */ public function set_searchLimit($value) { if (is_numeric($value) && ($value > -1)) { $this->searchLimit = $value; } else return false; return true; } /** * Returns an array of all selected account modules * * @param string $scope account type * @return array user modules */ public function get_AccountModules($scope) { if (isset($this->typeSettings["modules_" . $scope])) { return explode(",", $this->typeSettings["modules_" . $scope]); } else { return array(); } } /** * Sets the selected account modules * * @param array $modules array with module names (not aliases!) * @param string $scope account type * @return boolean true if $modules has correct format */ public function set_AccountModules($modules, $scope) { if (! is_array($modules)) return false; // check module names $available = getAvailableModules($scope); for ($i = 0; $i < sizeof($modules); $i++) { if (! in_array($modules[$i], $available)) return false; } // check depends/conflicts if (check_module_conflicts($modules, getModulesDependencies($scope)) != false) return false; if (check_module_depends($modules, getModulesDependencies($scope)) != false) return false; $this->typeSettings["modules_" . $scope] = implode(",", $modules); return true; } /** * Sets the settings for the account modules. * * @param array $settings list of module setting array(name => value) * @return boolean true if $settings has correct format */ public function set_moduleSettings($settings) { if (!is_array($settings)) return false; $this->moduleSettings = $settings; return true; } /** * Returns a list of saved module settings * * @return array list of settings: array(name => value) */ public function get_moduleSettings() { return $this->moduleSettings; } /** * Returns a list of active account types. * * @return array list of types */ public function get_ActiveTypes() { if (($this->activeTypes == '') || !isset($this->activeTypes)) return array(); else return explode(",", $this->activeTypes); } /** * Sets the list of active types. * * @param array list of types */ public function set_ActiveTypes($types) { $this->activeTypes = implode(",", $types); } /** * Sets the settings for the account types. * * @param array $settings list of type setting array(name => value) * @return boolean true if $settings has correct format */ public function set_typeSettings($settings) { if (!is_array($settings)) return false; $this->typeSettings = $settings; return true; } /** * Returns a list of saved type settings * * @return array list of settings: array(name => value) */ public function get_typeSettings() { return $this->typeSettings; } /** * Returns the tool settings. * * @return array $toolSettings tool settings */ public function getToolSettings() { return $this->toolSettings; } /** * Sets the tool settings. * * @param array $toolSettings tool settings * @return boolean true if ok */ public function setToolSettings($toolSettings) { if (!is_array($toolSettings)) return false; $this->toolSettings = $toolSettings; return true; } /** * Returns the access level for this profile. * * @return int level */ public function getAccessLevel() { return $this->accessLevel; } /** * Sets the access level for this profile. * * @param int $level level */ public function setAccessLevel($level) { $this->accessLevel = $level; } /** * Returns the login method. * * @return String login method * @see LAMconfig::LOGIN_LIST * @see LAMconfig::LOGIN_SEARCH */ public function getLoginMethod() { return $this->loginMethod; } /** * Sets the login method. * * @param String $loginMethod */ public function setLoginMethod($loginMethod) { $this->loginMethod = $loginMethod; } /** * Returns the login search filter. * * @return String search filter */ public function getLoginSearchFilter() { return $this->loginSearchFilter; } /** * Sets the login search filter. * * @param String $loginSearchFilter search filter */ public function setLoginSearchFilter($loginSearchFilter) { $this->loginSearchFilter = $loginSearchFilter; } /** * Returns the login search suffix. * * @return String suffix */ public function getLoginSearchSuffix() { return $this->loginSearchSuffix; } /** * Sets the login search suffix. * * @param String $loginSearchSuffix suffix */ public function setLoginSearchSuffix($loginSearchSuffix) { $this->loginSearchSuffix = $loginSearchSuffix; } /** * Sets the DN for the login search bind user. * * @param String $loginSearchDN DN * @return boolean true if DN is valid */ public function setLoginSearchDN($loginSearchDN) { $this->loginSearchDN = $loginSearchDN; if (($loginSearchDN == '') || get_preg($loginSearchDN, 'dn')) { return true; } return false; } /** * Returns the DN for the login search bind user. * * @return String DN */ public function getLoginSearchDN() { return $this->loginSearchDN; } /** * Sets the password for the login search bind user. * * @param String $loginSearchPassword password */ public function setLoginSearchPassword($loginSearchPassword) { $this->loginSearchPassword = $loginSearchPassword; } /** * Returns the password for the login search bind user. * * @return String password */ public function getLoginSearchPassword() { return $this->loginSearchPassword; } /** * Returns if HTTP authentication should be used. * * @return String $httpAuthentication use HTTP authentication ('true' or 'false') */ public function getHttpAuthentication() { return $this->httpAuthentication; } /** * Specifies if HTTP authentication should be used. * * @param String $httpAuthentication use HTTP authentication ('true' or 'false') */ public function setHttpAuthentication($httpAuthentication) { $this->httpAuthentication = $httpAuthentication; } /** * Returns the sender address for password reset mails. * * @return String mail address */ public function getLamProMailFrom() { return $this->lamProMailFrom; } /** * Sets the sender address for password reset mails. * * @param String $lamProMailFrom mail address * @return boolean true if address is valid */ public function setLamProMailFrom($lamProMailFrom) { $this->lamProMailFrom = $lamProMailFrom; if (($lamProMailFrom != '') && !get_preg($lamProMailFrom, 'email') && !get_preg($lamProMailFrom, 'emailWithName')) { return false; } return true; } /** * Returns the reply-to address for password reset mails. * * @return String mail address */ public function getLamProMailReplyTo() { return $this->lamProMailReplyTo; } /** * Sets the reply-to address for password reset mails. * * @param String $lamProMailReplyTo mail address * @return boolean true if address is valid */ public function setLamProMailReplyTo($lamProMailReplyTo) { $this->lamProMailReplyTo = $lamProMailReplyTo; if (($lamProMailReplyTo != '') && !get_preg($lamProMailReplyTo, 'email') && !get_preg($lamProMailReplyTo, 'emailWithName')) { return false; } return true; } /** * Returns the subject for password reset mails. * * @return String subject */ public function getLamProMailSubject() { return $this->lamProMailSubject; } /** * Sets the subject for password reset mails. * * @param String $lamProMailSubject subject */ public function setLamProMailSubject($lamProMailSubject) { $this->lamProMailSubject = $lamProMailSubject; } /** * Returns if the password reset mail content should be treated as HTML. * * @return boolean HTML or text */ public function getLamProMailIsHTML() { return $this->lamProMailIsHTML; } /** * Sets if the password reset mail content should be treated as HTML. * * @param boolean $lamProMailIsHTML */ public function setLamProMailIsHTML($lamProMailIsHTML) { $this->lamProMailIsHTML = $lamProMailIsHTML; } /** * Returns the mail body for password reset mails. * * @return String body */ public function getLamProMailText() { return implode("\r\n", explode(LAMConfig::LINE_SEPARATOR, $this->lamProMailText)); } /** * Sets the mail body for password reset mails. * * @param String $lamProMailText body */ public function setLamProMailText($lamProMailText) { $this->lamProMailText = implode(LAMConfig::LINE_SEPARATOR, explode("\r\n", $lamProMailText)); } } /** * This class manages config.cfg. * * @package configuration */ class LAMCfgMain { /** Default profile */ public $default; /** Password to change config.cfg */ private $password; /** Time of inactivity before session times out (minutes) */ public $sessionTimeout; /** log level */ public $logLevel; /** log destination ("SYSLOG":syslog, "/...":file, "NONE":none) */ public $logDestination; /** list of hosts which may access LAM */ public $allowedHosts; /** minimum length for passwords */ public $passwordMinLength = 0; /** minimum uppercase characters */ public $passwordMinUpper = 0; /** minimum lowercase characters */ public $passwordMinLower = 0; /** minimum numeric characters */ public $passwordMinNumeric = 0; /** minimum symbol characters */ public $passwordMinSymbol = 0; /** minimum character classes (upper, lower, numeric, symbols) */ public $passwordMinClasses = 0; private $conffile; /** list of data fields to save in config file */ private $settings = array("password", "default", "sessionTimeout", "logLevel", "logDestination", "allowedHosts", "passwordMinLength", "passwordMinUpper", "passwordMinLower", "passwordMinNumeric", "passwordMinClasses", "passwordMinSymbol"); /** * Loads preferences from config file */ function __construct() { $this->conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg"; // set default values $this->sessionTimeout = 30; $this->logLevel = LOG_NOTICE; $this->logDestination = "SYSLOG"; $this->allowedHosts = ""; $this->reload(); } /** * Reloads preferences from config file config.cfg * * @return boolean true if file was readable */ private function reload() { if (is_file($this->conffile) == True) { $file = @fopen($this->conffile, "r"); if (!$file) return false; // abort if file is not readable while (!feof($file)) { $line = fgets($file, 1024); $line = trim($line); // remove spaces at the beginning and end if (($line == "")||($line[0] == "#")) continue; // ignore comments // search keywords for ($i = 0; $i < sizeof($this->settings); $i++) { $keyword = $this->settings[$i]; $keylen = strlen($keyword); if (strtolower(substr($line, 0, $keylen + 2)) == strtolower($keyword . ": ")) { $this->$keyword = substr($line, $keylen + 2, strlen($line) - $keylen - 2); break; } } } fclose($file); } return true; } /** * Saves preferences to config file config.cfg */ public function save() { if (is_file($this->conffile) == True) { $file = fopen($this->conffile, "r"); $file_array = array(); // read config file while (!feof($file)) { array_push($file_array, fgets($file, 1024)); } fclose($file); // generate new configuration file $saved = array(); for ($i = 0; $i < sizeof($file_array); $i++) { $line = trim($file_array[$i]); if (($line == "")||($line[0] == "#")) continue; // ignore comments and empty lines // search keywords for ($k = 0; $k < sizeof($this->settings); $k++) { $keyword = $this->settings[$k]; $keylen = strlen($keyword); if (strtolower(substr($line, 0, $keylen + 1)) == strtolower($keyword . ":")) { $file_array[$i] = $keyword . ": " . $this->$keyword . "\n"; $saved[] = $keyword; // mark keyword as saved break; } } } } // check if we have to add new entries (e.g. if user upgraded LAM and has an old config file) if (!in_array("password", $saved)) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password); if (!in_array("default", $saved)) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default); if (!in_array("sessionTimeout", $saved)) array_push($file_array, "\n\n# session timeout in minutes\n" . "sessionTimeout: " . $this->sessionTimeout); if (!in_array("logLevel", $saved)) array_push($file_array, "\n\n# log level\n" . "logLevel: " . $this->logLevel); if (!in_array("logDestination", $saved)) array_push($file_array, "\n\n# log destination\n" . "logDestination: " . $this->logDestination); if (!in_array("allowedHosts", $saved)) array_push($file_array, "\n\n# list of hosts which may access LAM\n" . "allowedHosts: " . $this->allowedHosts); if (!in_array("passwordMinLength", $saved)) array_push($file_array, "\n\n# Password: minimum password length\n" . "passwordMinLength: " . $this->passwordMinLength); if (!in_array("passwordMinUpper", $saved)) array_push($file_array, "\n\n# Password: minimum uppercase characters\n" . "passwordMinUpper: " . $this->passwordMinUpper); if (!in_array("passwordMinLower", $saved)) array_push($file_array, "\n\n# Password: minimum lowercase characters\n" . "passwordMinLower: " . $this->passwordMinLower); if (!in_array("passwordMinNumeric", $saved)) array_push($file_array, "\n\n# Password: minimum numeric characters\n" . "passwordMinNumeric: " . $this->passwordMinNumeric); if (!in_array("passwordMinSymbol", $saved)) array_push($file_array, "\n\n# Password: minimum symbolic characters\n" . "passwordMinSymbol: " . $this->passwordMinSymbol); if (!in_array("passwordMinClasses", $saved)) array_push($file_array, "\n\n# Password: minimum character classes (0-4)\n" . "passwordMinClasses: " . $this->passwordMinClasses); $file = @fopen($this->conffile, "w"); if ($file) { for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]); fclose($file); } else { StatusMessage("ERROR", "", _("Cannot open config file!") . " (" . $this->conffile . ")"); } } /** * Sets a new config password. * * @param String $password new password */ public function setPassword($password) { mt_srand((microtime() * 1000000)); $rand = mt_rand(); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); $this->password = $this->hashPassword($password, $salt); } /** * Checks if the given password matches. * * @param String $password password * @return boolean true, if password matches */ public function checkPassword($password) { if (substr($this->password, 0, 6) == "{SSHA}") { // check hashed password $value = substr($this->password, 6); $parts = explode(" ", $value); $salt = base64_decode($parts[1]); return ($this->hashPassword($password, $salt) === $this->password); } else { // old nonhashed password return ($password === $this->password); } } /** * Returns the hashed password. * * @param String $password password * @param String $salt salt * @return String hash value */ private function hashPassword($password, $salt) { return "{SSHA}" . base64_encode(convertHex2bin(sha1($password . $salt))) . " " . base64_encode($salt); } /** * Returns if the configuration file is writable. * * @return boolean writable */ public function isWritable() { return is_writeable($this->conffile); } } ?>