X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=plugins%2FLdapCommon%2FLdapCommon.php;h=ef0343be435a356f5e700d8dbfd76c0147f4ca39;hb=5db1479a9526fbb264d1d51647e925355ed6f062;hp=39d872df53f9503bb837beee219f352293bbeafe;hpb=295e05ea39982ff2b41cec21d5622375005682c2;p=quix0rs-gnu-social.git diff --git a/plugins/LdapCommon/LdapCommon.php b/plugins/LdapCommon/LdapCommon.php index 39d872df53..ef0343be43 100644 --- a/plugins/LdapCommon/LdapCommon.php +++ b/plugins/LdapCommon/LdapCommon.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -31,6 +31,9 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } +// We bundle the Net/LDAP2 library... +set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/extlib'); + class LdapCommon { protected static $ldap_connections = array(); @@ -47,7 +50,7 @@ class LdapCommon public $uniqueMember_attribute = null; public $attributes=array(); public $password_encoding=null; - + public function __construct($config) { Event::addHandler('Autoload',array($this,'onAutoload')); @@ -57,18 +60,18 @@ class LdapCommon $this->ldap_config = $this->get_ldap_config(); if(!isset($this->host)){ - throw new Exception("must specify a host"); + throw new Exception(_m("A host must be specified.")); } if(!isset($this->basedn)){ - throw new Exception("must specify a basedn"); + throw new Exception(_m('"basedn" must be specified.')); } if(!isset($this->attributes['username'])){ - throw new Exception("username attribute must be set."); + throw new Exception(_m('The username attribute must be set.')); } } function onAutoload($cls) - { + { switch ($cls) { case 'MemcacheSchemaCache': @@ -77,6 +80,15 @@ class LdapCommon case 'Net_LDAP2': require_once 'Net/LDAP2.php'; return false; + case 'Net_LDAP2_Filter': + require_once 'Net/LDAP2/Filter.php'; + return false; + case 'Net_LDAP2_Filter': + require_once 'Net/LDAP2/Filter.php'; + return false; + case 'Net_LDAP2_Entry': + require_once 'Net/LDAP2/Entry.php'; + return false; } } @@ -97,8 +109,9 @@ class LdapCommon $config = $this->ldap_config; } $config_id = crc32(serialize($config)); - $ldap = self::$ldap_connections[$config_id]; - if(! isset($ldap)) { + if(array_key_exists($config_id,self::$ldap_connections)) { + $ldap = self::$ldap_connections[$config_id]; + } else { //cannot use Net_LDAP2::connect() as StatusNet uses //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); //PEAR handling can be overridden on instance objects, so we do that. @@ -127,10 +140,16 @@ class LdapCommon function checkPassword($username, $password) { - $entry = $this->get_user($username); + $entry = $this->get_user($username,array('dn' => 'dn')); if(!$entry){ return false; }else{ + if(empty($password)) { + //NET_LDAP2 will do an anonymous bind if bindpw is not set / empty string + //which causes all login attempts that involve a blank password to appear + //to succeed. Which is obviously not good. + return false; + } $config = $this->get_ldap_config(); $config['binddn']=$entry->dn(); $config['bindpw']=$password; @@ -149,7 +168,7 @@ class LdapCommon //throw new Exception(_('Sorry, changing LDAP passwords is not supported at this time')); return false; } - $entry = $this->get_user($username); + $entry = $this->get_user($username,array('dn' => 'dn')); if(!$entry){ return false; }else{ @@ -160,7 +179,7 @@ class LdapCommon $ldap = $this->get_ldap_connection($config); $entry = $this->get_user($username,array(),$ldap); - + $newCryptedPassword = $this->hashPassword($newpassword, $this->password_encoding); if ($newCryptedPassword===false) { return false; @@ -197,10 +216,10 @@ class LdapCommon return false; } } - + /** * get an LDAP entry for a user with a given username - * + * * @param string $username * $param array $attributes LDAP attributes to retrieve * @return string DN @@ -212,7 +231,7 @@ class LdapCommon 'attributes' => $attributes ); $search = $ldap->search(null,$filter,$options); - + if (PEAR::isError($search)) { common_log(LOG_WARNING, 'Error while getting DN for user: '.$search->getMessage()); return false; @@ -241,15 +260,14 @@ class LdapCommon * @return string The hashed password. * */ - - function hashPassword( $passwordClear, $encodageType ) + function hashPassword( $passwordClear, $encodageType ) { $encodageType = strtolower( $encodageType ); switch( $encodageType ) { - case 'crypt': - $cryptedPassword = '{CRYPT}' . crypt($passwordClear,$this->randomSalt(2)); + case 'crypt': + $cryptedPassword = '{CRYPT}' . crypt($passwordClear,$this->randomSalt(2)); break; - + case 'ext_des': // extended des crypt. see OpenBSD crypt man page. if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) {return FALSE;} //Your system crypt library does not support extended DES encryption. @@ -332,8 +350,7 @@ class LdapCommon * @param int $length The length of the salt string to generate. * @return string The generated salt string. */ - - function randomSalt( $length ) + function randomSalt( $length ) { $possible = '0123456789'. 'abcdefghijklmnopqrstuvwxyz'. @@ -347,10 +364,8 @@ class LdapCommon return $str; } - } class LdapInvalidCredentialsException extends Exception { - }