1 | <?php |
||
2 | /** |
||
3 | * XOOPS Authentification base class |
||
4 | * |
||
5 | * You may not change or alter any portion of this comment or credits |
||
6 | * of supporting developers from this source code or any supporting source code |
||
7 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||
8 | * This program is distributed in the hope that it will be useful, |
||
9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
11 | * |
||
12 | * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org) |
||
13 | * @license GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html) |
||
14 | * @package kernel |
||
15 | * @subpackage auth |
||
16 | * @since 2.0 |
||
17 | * @author Pierre-Eric MENUET <[email protected]> |
||
18 | */ |
||
19 | |||
20 | defined('XOOPS_ROOT_PATH') || exit('Restricted access'); |
||
21 | |||
22 | /** |
||
23 | * |
||
24 | * @package kernel |
||
25 | * @subpackage auth |
||
26 | * @description Authentification class for Active Directory |
||
27 | * @author Pierre-Eric MENUET <[email protected]> |
||
28 | * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org) |
||
29 | */ |
||
30 | include_once $GLOBALS['xoops']->path('class/auth/auth_ldap.php'); |
||
31 | |||
32 | /** |
||
33 | * XoopsAuthAds |
||
34 | * |
||
35 | * @package |
||
36 | * @author John |
||
37 | * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org) |
||
38 | * @access public |
||
39 | */ |
||
40 | class XoopsAuthAds extends XoopsAuthLdap |
||
41 | { |
||
42 | /** |
||
43 | * Authentication Service constructor |
||
44 | * @param XoopsDatabase $dao |
||
45 | */ |
||
46 | public function __construct(?XoopsDatabase $dao = null) |
||
47 | { |
||
48 | parent::__construct($dao); |
||
49 | } |
||
50 | |||
51 | /** |
||
52 | * Authenticate user again LDAP directory (Bind) |
||
53 | * 2 options : |
||
54 | * Authenticate directly with uname in the DN |
||
55 | * Authenticate with manager, search the dn |
||
56 | * |
||
57 | * @param string $uname Username |
||
58 | * @param string $pwd Password |
||
59 | * @return bool |
||
60 | */ |
||
61 | public function authenticate($uname, $pwd = null) |
||
62 | { |
||
63 | $authenticated = false; |
||
64 | if (!extension_loaded('ldap')) { |
||
65 | $this->setErrors(0, _AUTH_LDAP_EXTENSION_NOT_LOAD); |
||
66 | |||
67 | return $authenticated; |
||
68 | } |
||
69 | $this->_ds = ldap_connect($this->ldap_server, $this->ldap_port); |
||
70 | if ($this->_ds) { |
||
71 | ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version); |
||
72 | ldap_set_option($this->_ds, LDAP_OPT_REFERRALS, 0); |
||
73 | if ($this->ldap_use_TLS) { // We use TLS secure connection |
||
74 | if (!ldap_start_tls($this->_ds)) { |
||
75 | $this->setErrors(0, _AUTH_LDAP_START_TLS_FAILED); |
||
76 | } |
||
77 | } |
||
78 | // If the uid is not in the DN we proceed to a search |
||
79 | // The uid is not always in the dn |
||
80 | $userUPN = $this->getUPN($uname); |
||
81 | if (!$userUPN) { |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
82 | return false; |
||
83 | } |
||
84 | // We bind as user to test the credentials |
||
85 | $authenticated = ldap_bind($this->_ds, $userUPN, $this->cp1252_to_utf8(stripslashes($pwd))); |
||
86 | if ($authenticated) { |
||
87 | // We load the Xoops User database |
||
88 | $dn = $this->getUserDN($uname); |
||
89 | if ($dn) { |
||
0 ignored issues
–
show
|
|||
90 | return $this->loadXoopsUser($dn, $uname, $pwd); |
||
91 | } else { |
||
92 | return false; |
||
93 | } |
||
94 | } else { |
||
95 | $this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $userUPN . ')'); |
||
96 | } |
||
97 | } else { |
||
98 | $this->setErrors(0, _AUTH_LDAP_SERVER_NOT_FOUND); |
||
99 | } |
||
100 | @ldap_close($this->_ds); |
||
101 | |||
102 | return $authenticated; |
||
103 | } |
||
104 | |||
105 | /** |
||
106 | * Return the UPN = userPrincipalName (Active Directory) |
||
107 | * userPrincipalName = [email protected] Often abbreviated to UPN, and |
||
108 | * looks like an email address. Very useful for logging on especially in |
||
109 | * a large Forest. Note UPN must be unique in the forest. |
||
110 | * |
||
111 | * @param $uname |
||
112 | * |
||
113 | * @return userDN or false |
||
114 | */ |
||
115 | public function getUPN($uname) |
||
116 | { |
||
117 | $userDN = $uname . '@' . $this->ldap_domain_name; |
||
118 | |||
119 | return $userDN; |
||
120 | } |
||
121 | } // end class |
||
122 | |||
123 |