diff --git a/rbac/engine/classes/plugins/class.ldap.php b/rbac/engine/classes/plugins/class.ldap.php deleted file mode 100644 index 64270e353..000000000 --- a/rbac/engine/classes/plugins/class.ldap.php +++ /dev/null @@ -1,197 +0,0 @@ -sLdapLog .= $text . ": " . @ldap_errno($_link) . ',' . @ldap_error($_link) . "\n"; - } - - /** - * Autentificacion de un usuario a traves de la clase RBAC_user - * - * verifica que un usuario tiene derechos de iniciar una aplicacion - * - * @author Fernando Ontiveros Lira - * @access public - - * @param string $strUser UserId (login) de usuario - * @param string $strPass Password - * @return - * -1: no existe usuario - * -2: password errado - * -3: usuario inactivo - * -4: usuario vencido - * n : uid de usuario - */ - public function VerifyLogin($strUser, $strPass) - { - //get the AuthSource properties - if (strlen($strPass) == 0) { - return -2; - } - $RBAC = RBAC::getSingleton(); - $aAuthSource = $RBAC->authSourcesObj->load($this->sAuthSource); - - $sAuthHost = $aAuthSource['AUTH_SOURCE_SERVER_NAME']; - $sAuthPort = $aAuthSource['AUTH_SOURCE_PORT']; - $sAuthTls = $aAuthSource['AUTH_SOURCE_ENABLED_TLS']; - $sAuthBaseDn = $aAuthSource['AUTH_SOURCE_BASE_DN']; - $sAuthFilter = $aAuthSource['AUTH_SOURCE_OBJECT_CLASSES']; - $sAuthType = 'AD'; - $sAuthVersion = $aAuthSource['AUTH_SOURCE_VERSION']; - $aAttributes = $aAuthSource['AUTH_SOURCE_ATTRIBUTES']; //array ('dn',"cn", "samaccountname", "givenname", "sn", "mail"); - $sAuthUser = $aAuthSource['AUTH_SOURCE_SEARCH_USER']; - $sAuthPass = $aAuthSource['AUTH_SOURCE_PASSWORD']; - - $_link = @ldap_connect($sAuthHost, $sAuthPort); - $this->log($_link, "ldap connect"); - - ldap_set_option($_link, LDAP_OPT_PROTOCOL_VERSION, $sAuthVersion); - $this->log($_link, "ldap set Protocol Version $sAuthVersion"); - - ldap_set_option($_link, LDAP_OPT_REFERRALS, 0); - $this->log($_link, "ldap set option Referrals"); - - if (isset($sAuthTls) && $sAuthTls) { - @ldap_start_tls($_link); - $this->log($_link, "start tls"); - } - - $bind = @ldap_bind($_link); - $this->log($_link, "ldap bind anonymous"); - - $validUserPass = @ldap_bind($_link, $strUser, $strPass); - $this->log($_link, "ldap binding with user $strUser"); - - return $validUserPass; - } - - public function searchUsers($sKeyword) - { - $sKeyword = trim($sKeyword); - $RBAC = RBAC::getSingleton(); - $aAuthSource = $RBAC->authSourcesObj->load($this->sAuthSource); - $pass = explode("_", $aAuthSource['AUTH_SOURCE_PASSWORD']); - foreach ($pass as $index => $value) { - if ($value == '2NnV3ujj3w') { - $aAuthSource['AUTH_SOURCE_PASSWORD'] = G::decrypt($pass[0], - $aAuthSource['AUTH_SOURCE_SERVER_NAME']); - } - } - $oLink = @ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], - $aAuthSource['AUTH_SOURCE_PORT']); - @ldap_set_option($oLink, LDAP_OPT_PROTOCOL_VERSION, - $aAuthSource['AUTH_SOURCE_VERSION']); - @ldap_set_option($oLink, LDAP_OPT_REFERRALS, 0); - if (isset($aAuthSource['AUTH_SOURCE_ENABLED_TLS']) && $aAuthSource['AUTH_SOURCE_ENABLED_TLS']) { - @ldap_start_tls($oLink); - } - if ($aAuthSource['AUTH_ANONYMOUS'] == '1') { - $bBind = @ldap_bind($oLink); - } else { - $bBind = @ldap_bind($oLink, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], - $aAuthSource['AUTH_SOURCE_PASSWORD']); - } - if (!$bBind) { - throw new Exception('Unable to bind to server : ' . $aAuthSource['AUTH_SOURCE_SERVER_NAME'] . ' in port ' . $aAuthSource['AUTH_SOURCE_PORT']); - } - if (substr($sKeyword, -1) != '*') { - if ($sKeyword != '') { - $sKeyword = '*' . $sKeyword . '*'; - } else { - $sKeyword .= '*'; - } - } - - $additionalFilter = isset($aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER']) - ? trim($aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER']) - : ''; - - $sFilter = '(&(|(objectClass=*))'; - - if (isset($aAuthSource['AUTH_SOURCE_DATA']['LDAP_TYPE']) && $aAuthSource['AUTH_SOURCE_DATA']['LDAP_TYPE'] - == 'ad') { - $sFilter = "(&(|(objectClass=*))(|(samaccountname=$sKeyword)(userprincipalname=$sKeyword))$additionalFilter)"; - } else { - $sFilter = "(&(|(objectClass=*))(|(uid=$sKeyword)(cn=$sKeyword))$additionalFilter)"; - } - - $aUsers = array(); - $oSearch = @ldap_search($oLink, $aAuthSource['AUTH_SOURCE_BASE_DN'], - $sFilter, - array('dn', 'uid', 'samaccountname', 'cn', 'givenname', - 'sn', 'mail', 'userprincipalname', 'objectcategory', 'manager')); - - if ($oError = @ldap_errno($oLink)) { - return $aUsers; - } else { - if ($oSearch) { - if (@ldap_count_entries($oLink, $oSearch) > 0) { - $sUsername = ''; - $oEntry = @ldap_first_entry($oLink, $oSearch); - $uidUser = isset($aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER']) - ? $aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'] - : 'uid'; - do { - $aAttr = $this->getLdapAttributes($oLink, $oEntry); - $sUsername = isset($aAttr[$uidUser]) ? $aAttr[$uidUser] : ''; - if ($sUsername != '') { - // note added by gustavo cruz gustavo-at-colosa.com - // assign the givenname and sn fields if these are set - $aUsers[] = [ - 'sUsername' => $sUsername, - 'sFullname' => isset($aAttr['cn']) ? $aAttr['cn'] : '', - 'sFirstname' => isset($aAttr['givenname']) ? $aAttr['givenname'] : '', - 'sLastname' => isset($aAttr['sn']) ? $aAttr['sn'] : '', - 'sEmail' => isset($aAttr['mail']) - ? $aAttr['mail'] - : (isset($aAttr['userprincipalname']) ? $aAttr['userprincipalname'] : ''), - 'sDN' => $aAttr['dn'] - ]; - } - } while ($oEntry = @ldap_next_entry($oLink, $oEntry)); - } - } - return $aUsers; - } - } - - public function getLdapAttributes($oLink, $oEntry) - { - $aAttrib['dn'] = @ldap_get_dn($oLink, $oEntry); - $aAttr = @ldap_get_attributes($oLink, $oEntry); - for ($iAtt = 0; $iAtt < $aAttr['count']; $iAtt++) { - switch ($aAttr[$aAttr[$iAtt]]['count']) { - case 0: $aAttrib[strtolower($aAttr[$iAtt])] = ''; - break; - case 1: $aAttrib[strtolower($aAttr[$iAtt])] = $aAttr[$aAttr[$iAtt]][0]; - break; - default: - $aAttrib[strtolower($aAttr[$iAtt])] = $aAttr[$aAttr[$iAtt]]; - unset($aAttrib[$aAttr[$iAtt]]['count']); - break; - } - } - return $aAttrib; - } -}