Fork of FusionPBX but with LDAP kinda working
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
<?php
/** * plugin_ldap * * @method ldap checks a local or remote ldap database to authenticate the user */ class plugin_ldap {
/** * Define variables and their scope */ public $debug; public $domain_name; public $username; public $password; public $user_uuid; public $contact_uuid;
/** * ldap checks a local or remote ldap database to authenticate the user * @return array [authorized] => true or false */ function ldap() {
//use ldap to validate the user credentials
if (isset($_SESSION["ldap"]["certpath"])) { $s = "LDAPTLS_CERT=" . $_SESSION["ldap"]["certpath"]["text"]; putenv($s); } if (isset($_SESSION["ldap"]["certkey"])) { $s = "LDAPTLS_KEY=" . $_SESSION["ldap"]["certkey"]["text"]; putenv($s); } $host = $_SESSION["ldap"]["server_host"]["text"]; $port = $_SESSION["ldap"]["server_port"]["numeric"]; $connect = ldap_connect($host, $port) or die("Could not connect to the LDAP server."); //ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, 10);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
//set the default status
$user_authorized = false;
//provide backwards compatability
if (strlen($_SESSION["ldap"]["user_dn"]["text"]) > 0) { $_SESSION["ldap"]["user_dn"][] = $_SESSION["ldap"]["user_dn"]["text"]; }
//check all user_dn in the array
foreach ($_SESSION["ldap"]["user_dn"] as $user_dn) { $bind_dn = $_SESSION["ldap"]["user_attribute"]["text"]."=".$this->username.",".$user_dn; $bind_pw = $this->password; //Note: As of 4/16, the call below will fail randomly. PHP debug reports ldap_bind
//called below with all arguments '*uninitialized*'. However, the debugger
//single-stepping just before the failing call correctly displays all the values.
if (strlen($bind_pw) > 0) { $bind = ldap_bind($connect, $bind_dn, $bind_pw); if ($bind) { //connected and authorized
$user_authorized = true; break; } } }
//check to see if the user exists
if ($user_authorized) { $sql = "select * from v_users "; $sql .= "where username = :username "; if ($_SESSION["users"]["unique"]["text"] != "global") { //unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid "; $parameters['domain_uuid'] = $this->domain_uuid; } $parameters['username'] = $this->username; $database = new database; $row = $database->select($sql, $parameters, 'row'); if (is_array($row) && @sizeof($row) != 0) { if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) { //get the domain uuid
$this->domain_uuid = $row["domain_uuid"]; $this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
//set the domain session variables
$_SESSION["domain_uuid"] = $this->domain_uuid; $_SESSION["domain_name"] = $this->domain_name;
//set the setting arrays
$domain = new domains(); $domain->set(); } $this->user_uuid = $row["user_uuid"]; $this->contact_uuid = $row["contact_uuid"]; } else { //salt used with the password to create a one way hash
$salt = generate_password('32', '4'); $password = generate_password('32', '4');
//prepare the uuids
$this->user_uuid = uuid(); $this->contact_uuid = uuid();
//build user insert array
$array['users'][0]['user_uuid'] = $this->user_uuid; $array['users'][0]['domain_uuid'] = $this->domain_uuid; $array['users'][0]['contact_uuid'] = $this->contact_uuid; $array['users'][0]['username'] = strtolower($this->username); $array['users'][0]['password'] = md5($salt.$password); $array['users'][0]['salt'] = $salt; $array['users'][0]['add_date'] = now(); $array['users'][0]['add_user'] = strtolower($this->username); $array['users'][0]['user_enabled'] = 'true';
//build user group insert array
$array['user_groups'][0]['user_group_uuid'] = uuid(); $array['user_groups'][0]['group_uuid'] = (!is_null($_SESSION["ldap"]["assign_group_uuid"]) && strlen($_SESSION["ldap"]["assign_group_uuid"]) > 0) ? $_SESSION["ldap"]["assign_group_uuid"] : uuid(); //To set default group add default setting : Categ ldap Subcateg: assign_group_uuid Type: uuid Value : group UUID
$array['user_groups'][0]['domain_uuid'] = $this->domain_uuid; $array['user_groups'][0]['group_name'] = 'user'; $array['user_groups'][0]['user_uuid'] = $this->user_uuid;
//grant temporary permissions
$p = new permissions; $p->add('user_add', 'temp'); $p->add('user_group_add', 'temp');
//execute insert
$database = new database; $database->app_name = 'authentication'; $database->app_uuid = 'a8a12918-69a4-4ece-a1ae-3932be0e41f1'; $database->save($array); unset($array);
//revoke temporary permissions
$p->delete('user_add', 'temp'); $p->delete('user_group_add', 'temp'); } unset($sql, $parameters, $row); }
//result array
$result["plugin"] = "ldap"; $result["domain_name"] = $this->domain_name; $result["username"] = $this->username; if ($this->debug) { $result["password"] = $this->password; } $result["user_uuid"] = $this->user_uuid; $result["domain_uuid"] = $this->domain_uuid; $result["authorized"] = $user_authorized ? 'true' : 'false'; return $result; } }
?>
|