X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=plugins%2FLdapAuthorization%2FLdapAuthorizationPlugin.php;h=eca8e037a03d066598d0033d6880cf93f970c342;hb=3a910d8c8c6cd9c5170f59aa184ee5f614803fe9;hp=e6a68cbaedf249745b7df7b464b5575b41151099;hpb=5cd8679961b4ea25424bcde4f183fa853b38dad2;p=quix0rs-gnu-social.git diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index e6a68cbaed..eca8e037a0 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -31,42 +31,33 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once 'Net/LDAP2.php'; - class LdapAuthorizationPlugin extends AuthorizationPlugin { - public $host=null; - public $port=null; - public $version=null; - public $starttls=null; - public $binddn=null; - public $bindpw=null; - public $basedn=null; - public $options=null; - public $filter=null; - public $scope=null; - public $provider_name = null; - public $uniqueMember_attribute = null; public $roles_to_groups = array(); public $login_group = null; - public $attributes = array(); function onInitializePlugin(){ - if(!isset($this->host)){ - throw new Exception("must specify a host"); - } - if(!isset($this->basedn)){ - throw new Exception("must specify a basedn"); - } if(!isset($this->provider_name)){ - throw new Exception("provider_name must be set. Use the provider_name from the LDAP Authentication plugin."); + // TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration. + throw new Exception(_m('provider_name must be set. Use the provider_name from the LDAP Authentication plugin.')); } if(!isset($this->uniqueMember_attribute)){ - throw new Exception("uniqueMember_attribute must be set."); + // TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration. + throw new Exception(_m('uniqueMember_attribute must be set.')); } - if(!isset($this->attributes['username'])){ - throw new Exception("username attribute must be set."); + $this->ldapCommon = new LdapCommon(get_object_vars($this)); + } + + function onAutoload($cls) + { + switch ($cls) + { + case 'LdapCommon': + require_once(INSTALLDIR.'/plugins/LdapCommon/LdapCommon.php'); + return false; } + + return parent::onAutoload($cls); } //---interface implementation---// @@ -75,17 +66,17 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin $user_username->user_id=$user->id; $user_username->provider_name=$this->provider_name; if($user_username->find() && $user_username->fetch()){ - $entry = $this->ldap_get_user($user_username->username); + $entry = $this->ldapCommon->get_user($user_username->username); if($entry){ if(isset($this->login_group)){ if(is_array($this->login_group)){ foreach($this->login_group as $group){ - if($this->ldap_is_dn_member_of_group($entry->dn(),$group)){ + if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$group)){ return true; } } }else{ - if($this->ldap_is_dn_member_of_group($entry->dn(),$this->login_group)){ + if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$this->login_group)){ return true; } } @@ -107,17 +98,17 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin $user_username->user_id=$profile->id; $user_username->provider_name=$this->provider_name; if($user_username->find() && $user_username->fetch()){ - $entry = $this->ldap_get_user($user_username->username); + $entry = $this->ldapCommon->get_user($user_username->username); if($entry){ if(isset($this->roles_to_groups[$name])){ if(is_array($this->roles_to_groups[$name])){ foreach($this->roles_to_groups[$name] as $group){ - if($this->ldap_is_dn_member_of_group($entry->dn(),$group)){ + if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$group)){ return true; } } }else{ - if($this->ldap_is_dn_member_of_group($entry->dn(),$this->roles_to_groups[$name])){ + if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$this->roles_to_groups[$name])){ return true; } } @@ -127,101 +118,14 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } - function ldap_is_dn_member_of_group($userDn, $groupDn) - { - $ldap = $this->ldap_get_connection(); - $link = $ldap->getLink(); - $r = @ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn); - if ($r === true){ - return true; - }else if($r === false){ - return false; - }else{ - common_log(LOG_ERR, "LDAP error determining if userDn=$userDn is a member of groupDn=$groupDn using uniqueMember_attribute=$this->uniqueMember_attribute error: ".ldap_error($link)); - return false; - } - } - - function ldap_get_config(){ - $config = array(); - $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); - foreach($keys as $key){ - $value = $this->$key; - if($value!==null){ - $config[$key]=$value; - } - } - return $config; - } - - //-----the below function were copied from LDAPAuthenticationPlugin. They will be moved to a utility class soon.----\\ - function ldap_get_connection($config = null){ - if($config == null && isset($this->default_ldap)){ - return $this->default_ldap; - } - - //cannot use Net_LDAP2::connect() as StatusNet uses - //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); - //PEAR handling can be overridden on instance objects, so we do that. - $ldap = new Net_LDAP2(isset($config)?$config:$this->ldap_get_config()); - $ldap->setErrorHandling(PEAR_ERROR_RETURN); - $err=$ldap->bind(); - if (Net_LDAP2::isError($err)) { - // if we were called with a config, assume caller will handle - // incorrect username/password (LDAP_INVALID_CREDENTIALS) - if (isset($config) && $err->getCode() == 0x31) { - return null; - } - throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); - return false; - } - if($config == null) $this->default_ldap=$ldap; - return $ldap; - } - - /** - * get an LDAP entry for a user with a given username - * - * @param string $username - * $param array $attributes LDAP attributes to retrieve - * @return string DN - */ - function ldap_get_user($username,$attributes=array(),$ldap=null){ - if($ldap==null) { - $ldap = $this->ldap_get_connection(); - } - if(! $ldap) { - throw new Exception("Could not connect to LDAP"); - } - $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); - $options = array( - 'attributes' => $attributes - ); - $search = $ldap->search(null,$filter,$options); - - if (PEAR::isError($search)) { - common_log(LOG_WARNING, 'Error while getting DN for user: '.$search->getMessage()); - return false; - } - - if($search->count()==0){ - return false; - }else if($search->count()==1){ - $entry = $search->shiftEntry(); - return $entry; - }else{ - common_log(LOG_WARNING, 'Found ' . $search->count() . ' ldap user with the username: ' . $username); - return false; - } - } - - function onPluginVersion(&$versions) + function onPluginVersion(array &$versions) { $versions[] = array('name' => 'LDAP Authorization', - 'version' => STATUSNET_VERSION, + 'version' => GNUSOCIAL_VERSION, 'author' => 'Craig Andrews', 'homepage' => 'http://status.net/wiki/Plugin:LdapAuthorization', 'rawdescription' => + // TRANS: Plugin description. _m('The LDAP Authorization plugin allows for StatusNet to handle authorization through LDAP.')); return true; }