fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-4203

Browse Source 
Fix code style.
This commit is contained in:
davidcallizaya
2017-12-18 13:49:05 -04:00
parent 6996314560
commit f6d46c1c52
1 changed files with 184 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
rbac/engine/classes/plugins/class.ldap.php
View File

@@ -1,62 +1,31 @@
<?php <?php
/**
* class.ldap.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*
*/
/**
*
* LDAP plugin for RBAC class
*
* @author Fernando Ontiveros
* @package rbac-classes-model
* @access public
*/
class LDAP class LDAP
{ {
var $sAuthSource = ''; public $sAuthSource = '';
public $aUserInfo = array();
public $sSystem = '';
public $sLdapLog = '';
private static $instance = null;
var $aUserInfo = array(); public function __construct()
var $sSystem = ''; {
var $sLdapLog = '';
static private $instance = NULL;
function __construct() {
} }
function &getSingleton() { public function &getSingleton()
if (self::$instance == NULL) { {
if (self::$instance == null) {
self::$instance = new RBAC(); self::$instance = new RBAC();
} }
return self::$instance; return self::$instance;
} }
function log ( $_link , $text ) { public function log($_link, $text)
$this->sLdapLog .= $text . ": ". @ldap_errno($_link) . ','. @ldap_error($_link) . "\n"; {
$this->sLdapLog .= $text . ": " . @ldap_errno($_link) . ',' . @ldap_error($_link) . "\n";
} }
/** /**
* Autentificacion de un usuario a traves de la clase RBAC_user * Autentificacion de un usuario a traves de la clase RBAC_user
* *
@@ -74,11 +43,14 @@ class LDAP
* -4: usuario vencido * -4: usuario vencido
* n : uid de usuario * n : uid de usuario
*/ */
function VerifyLogin( $strUser, $strPass) { public function VerifyLogin($strUser, $strPass)
{
//get the AuthSource properties //get the AuthSource properties
if ( strlen($strPass) == 0) return -2; if (strlen($strPass) == 0) {
return -2;
}
$RBAC = RBAC::getSingleton(); $RBAC = RBAC::getSingleton();
$aAuthSource = $RBAC->authSourcesObj->load($this->sAuthSource ); $aAuthSource = $RBAC->authSourcesObj->load($this->sAuthSource);
$sAuthHost = $aAuthSource['AUTH_SOURCE_SERVER_NAME']; $sAuthHost = $aAuthSource['AUTH_SOURCE_SERVER_NAME'];
$sAuthPort = $aAuthSource['AUTH_SOURCE_PORT']; $sAuthPort = $aAuthSource['AUTH_SOURCE_PORT'];
@@ -87,102 +59,115 @@ class LDAP
$sAuthFilter = $aAuthSource['AUTH_SOURCE_OBJECT_CLASSES']; $sAuthFilter = $aAuthSource['AUTH_SOURCE_OBJECT_CLASSES'];
$sAuthType = 'AD'; $sAuthType = 'AD';
$sAuthVersion = $aAuthSource['AUTH_SOURCE_VERSION']; $sAuthVersion = $aAuthSource['AUTH_SOURCE_VERSION'];
$aAttributes = $aAuthSource['AUTH_SOURCE_ATTRIBUTES'];//array ('dn',"cn", "samaccountname", "givenname", "sn", "mail"); $aAttributes = $aAuthSource['AUTH_SOURCE_ATTRIBUTES']; //array ('dn',"cn", "samaccountname", "givenname", "sn", "mail");
$sAuthUser = $aAuthSource['AUTH_SOURCE_SEARCH_USER']; $sAuthUser = $aAuthSource['AUTH_SOURCE_SEARCH_USER'];
$sAuthPass = $aAuthSource['AUTH_SOURCE_PASSWORD']; $sAuthPass = $aAuthSource['AUTH_SOURCE_PASSWORD'];
$_link = @ldap_connect( $sAuthHost, $sAuthPort ); $_link = @ldap_connect($sAuthHost, $sAuthPort);
$this->log ( $_link, "ldap connect" ); $this->log($_link, "ldap connect");
ldap_set_option($_link, LDAP_OPT_PROTOCOL_VERSION, $sAuthVersion); ldap_set_option($_link, LDAP_OPT_PROTOCOL_VERSION, $sAuthVersion);
$this->log ( $_link, "ldap set Protocol Version $sAuthVersion" ); $this->log($_link, "ldap set Protocol Version $sAuthVersion");
ldap_set_option($_link, LDAP_OPT_REFERRALS, 0); ldap_set_option($_link, LDAP_OPT_REFERRALS, 0);
$this->log ( $_link, "ldap set option Referrals" ); $this->log($_link, "ldap set option Referrals");
if ( isset($sAuthTls) && $sAuthTls ) { if (isset($sAuthTls) && $sAuthTls) {
@ldap_start_tls($_link); @ldap_start_tls($_link);
$this->log ( $_link, "start tls" ); $this->log($_link, "start tls");
} }
$bind = @ldap_bind($_link); $bind = @ldap_bind($_link);
$this->log ( $_link, "ldap bind anonymous" ); $this->log($_link, "ldap bind anonymous");
$validUserPass = @ldap_bind($_link, $strUser,$strPass ); $validUserPass = @ldap_bind($_link, $strUser, $strPass);
$this->log ( $_link, "ldap binding with user $strUser" ); $this->log($_link, "ldap binding with user $strUser");
return $validUserPass ; return $validUserPass;
} }
function searchUsers($sKeyword) { public function searchUsers($sKeyword)
{
$sKeyword = trim($sKeyword); $sKeyword = trim($sKeyword);
$RBAC = RBAC::getSingleton(); $RBAC = RBAC::getSingleton();
$aAuthSource = $RBAC->authSourcesObj->load($this->sAuthSource); $aAuthSource = $RBAC->authSourcesObj->load($this->sAuthSource);
$pass =explode("_",$aAuthSource['AUTH_SOURCE_PASSWORD']); $pass = explode("_", $aAuthSource['AUTH_SOURCE_PASSWORD']);
foreach($pass as $index => $value) { foreach ($pass as $index => $value) {
if($value == '2NnV3ujj3w'){ if ($value == '2NnV3ujj3w') {
$aAuthSource['AUTH_SOURCE_PASSWORD'] = G::decrypt($pass[0],$aAuthSource['AUTH_SOURCE_SERVER_NAME']); $aAuthSource['AUTH_SOURCE_PASSWORD'] = G::decrypt($pass[0],
$aAuthSource['AUTH_SOURCE_SERVER_NAME']);
} }
} }
$oLink = @ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], $aAuthSource['AUTH_SOURCE_PORT']); $oLink = @ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'],
@ldap_set_option($oLink, LDAP_OPT_PROTOCOL_VERSION, $aAuthSource['AUTH_SOURCE_VERSION']); $aAuthSource['AUTH_SOURCE_PORT']);
@ldap_set_option($oLink, LDAP_OPT_PROTOCOL_VERSION,
$aAuthSource['AUTH_SOURCE_VERSION']);
@ldap_set_option($oLink, LDAP_OPT_REFERRALS, 0); @ldap_set_option($oLink, LDAP_OPT_REFERRALS, 0);
if (isset($aAuthSource['AUTH_SOURCE_ENABLED_TLS']) && $aAuthSource['AUTH_SOURCE_ENABLED_TLS']) { if (isset($aAuthSource['AUTH_SOURCE_ENABLED_TLS']) && $aAuthSource['AUTH_SOURCE_ENABLED_TLS']) {
@ldap_start_tls($oLink); @ldap_start_tls($oLink);
} }
if ($aAuthSource['AUTH_ANONYMOUS'] == '1') { if ($aAuthSource['AUTH_ANONYMOUS'] == '1') {
$bBind = @ldap_bind($oLink); $bBind = @ldap_bind($oLink);
} else {
$bBind = @ldap_bind($oLink, $aAuthSource['AUTH_SOURCE_SEARCH_USER'],
$aAuthSource['AUTH_SOURCE_PASSWORD']);
} }
else { if (!$bBind) {
$bBind = @ldap_bind($oLink, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']);
}
if ( !$bBind ) {
throw new Exception('Unable to bind to server : ' . $aAuthSource['AUTH_SOURCE_SERVER_NAME'] . ' in port ' . $aAuthSource['AUTH_SOURCE_PORT']); throw new Exception('Unable to bind to server : ' . $aAuthSource['AUTH_SOURCE_SERVER_NAME'] . ' in port ' . $aAuthSource['AUTH_SOURCE_PORT']);
} }
if (substr($sKeyword , -1) != '*') { if (substr($sKeyword, -1) != '*') {
if ($sKeyword != '') { if ($sKeyword != '') {
$sKeyword = '*' . $sKeyword . '*'; $sKeyword = '*' . $sKeyword . '*';
} } else {
else {
$sKeyword .= '*'; $sKeyword .= '*';
} }
} }
$additionalFilter = isset($aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER']) ? trim($aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER']) : ''; $additionalFilter = isset($aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER'])
? trim($aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER'])
: '';
$sFilter = '(&(|(objectClass=*))'; $sFilter = '(&(|(objectClass=*))';
if ( isset( $aAuthSource['AUTH_SOURCE_DATA']['LDAP_TYPE']) && $aAuthSource['AUTH_SOURCE_DATA']['LDAP_TYPE'] == 'ad' ) { if (isset($aAuthSource['AUTH_SOURCE_DATA']['LDAP_TYPE']) && $aAuthSource['AUTH_SOURCE_DATA']['LDAP_TYPE']
== 'ad') {
$sFilter = "(&(|(objectClass=*))(|(samaccountname=$sKeyword)(userprincipalname=$sKeyword))$additionalFilter)"; $sFilter = "(&(|(objectClass=*))(|(samaccountname=$sKeyword)(userprincipalname=$sKeyword))$additionalFilter)";
} } else {
else
$sFilter = "(&(|(objectClass=*))(|(uid=$sKeyword)(cn=$sKeyword))$additionalFilter)"; $sFilter = "(&(|(objectClass=*))(|(uid=$sKeyword)(cn=$sKeyword))$additionalFilter)";
}
//G::pr($sFilter);
$aUsers = array(); $aUsers = array();
$oSearch = @ldap_search($oLink, $aAuthSource['AUTH_SOURCE_BASE_DN'], $sFilter, array('dn','uid','samaccountname', 'cn','givenname','sn','mail','userprincipalname','objectcategory', 'manager')); $oSearch = @ldap_search($oLink, $aAuthSource['AUTH_SOURCE_BASE_DN'],
$sFilter,
array('dn', 'uid', 'samaccountname', 'cn', 'givenname',
'sn', 'mail', 'userprincipalname', 'objectcategory', 'manager'));
if ($oError = @ldap_errno($oLink)) { if ($oError = @ldap_errno($oLink)) {
return $aUsers; return $aUsers;
} } else {
else {
if ($oSearch) { if ($oSearch) {
if (@ldap_count_entries($oLink, $oSearch) > 0) { if (@ldap_count_entries($oLink, $oSearch) > 0) {
$sUsername = ''; $sUsername = '';
$oEntry = @ldap_first_entry($oLink, $oSearch); $oEntry = @ldap_first_entry($oLink, $oSearch);
$uidUser = isset ( $aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'] ) ? $aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'] : 'uid'; $uidUser = isset($aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'])
? $aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER']
: 'uid';
do { do {
$aAttr = $this->getLdapAttributes ( $oLink, $oEntry ); $aAttr = $this->getLdapAttributes($oLink, $oEntry);
$sUsername = isset($aAttr[ $uidUser ]) ? $aAttr[ $uidUser ] : ''; $sUsername = isset($aAttr[$uidUser]) ? $aAttr[$uidUser] : '';
if ($sUsername != '') { if ($sUsername != '') {
// note added by gustavo cruz gustavo-at-colosa.com // note added by gustavo cruz gustavo-at-colosa.com
// assign the givenname and sn fields if these are set // assign the givenname and sn fields if these are set
$aUsers[] = array('sUsername' => $sUsername, $aUsers[] = [
'sUsername' => $sUsername,
'sFullname' => $aAttr['cn'], 'sFullname' => $aAttr['cn'],
'sFirstname' => isset($aAttr['givenname']) ? $aAttr['givenname'] : '', 'sFirstname' => isset($aAttr['givenname']) ? $aAttr['givenname'] : '',
'sLastname' => isset($aAttr['sn']) ? $aAttr['sn'] : '', 'sLastname' => isset($aAttr['sn']) ? $aAttr['sn'] : '',
'sEmail' => isset($aAttr['mail']) ? $aAttr['mail'] : ( isset($aAttr['userprincipalname'])?$aAttr['userprincipalname'] : '') , 'sEmail' => isset($aAttr['mail'])
'sDN' => $aAttr['dn'] ); ? $aAttr['mail']
: (isset($aAttr['userprincipalname']) ? $aAttr['userprincipalname'] : ''),
'sDN' => $aAttr['dn']
];
} }
} while ($oEntry = @ldap_next_entry($oLink, $oEntry)); } while ($oEntry = @ldap_next_entry($oLink, $oEntry));
} }
@@ -191,18 +176,19 @@ class LDAP
} }
} }
function getLdapAttributes ( $oLink, $oEntry ) { public function getLdapAttributes($oLink, $oEntry)
{
$aAttrib['dn'] = @ldap_get_dn($oLink, $oEntry); $aAttrib['dn'] = @ldap_get_dn($oLink, $oEntry);
$aAttr = @ldap_get_attributes($oLink, $oEntry); $aAttr = @ldap_get_attributes($oLink, $oEntry);
for ( $iAtt = 0 ; $iAtt < $aAttr['count']; $iAtt++ ) { for ($iAtt = 0; $iAtt < $aAttr['count']; $iAtt++) {
switch ( $aAttr[ $aAttr[$iAtt] ]['count'] ) { switch ($aAttr[$aAttr[$iAtt]]['count']) {
case 0: $aAttrib[ strtolower($aAttr[$iAtt]) ]= ''; case 0: $aAttrib[strtolower($aAttr[$iAtt])] = '';
break; break;
case 1: $aAttrib[ strtolower($aAttr[$iAtt]) ]= $aAttr[ $aAttr[$iAtt] ][0]; case 1: $aAttrib[strtolower($aAttr[$iAtt])] = $aAttr[$aAttr[$iAtt]][0];
break; break;
default: default:
$aAttrib[ strtolower($aAttr[$iAtt]) ]= $aAttr[ $aAttr[$iAtt] ]; $aAttrib[strtolower($aAttr[$iAtt])] = $aAttr[$aAttr[$iAtt]];
unset( $aAttrib[ $aAttr[$iAtt] ]['count'] ); unset($aAttrib[$aAttr[$iAtt]]['count']);
break; break;
} }
} }