crt
/
fusionpbx-ldap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Fork of FusionPBX but with LDAP kinda working
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
28 MiB
 
 
 
 
 
Tree: c59ed46e7b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c59ed46e7b'
${ noResults }
fusionpbx-ldap/core/authentication/resources/classes/plugins/ldap.php

158 lines
5.5 KiB
Raw Blame History

<?php
/**
* plugin_ldap
*
* @method ldap checks a local or remote ldap database to authenticate the user
*/
class plugin_ldap {
/**
* Define variables and their scope
*/
public $debug;
public $domain_name;
public $username;
public $password;
public $user_uuid;
public $contact_uuid;
/**
* ldap checks a local or remote ldap database to authenticate the user
* @return array [authorized] => true or false
*/
function ldap() {
//use ldap to validate the user credentials
if (isset($_SESSION["ldap"]["certpath"])) {
$s = "LDAPTLS_CERT=" . $_SESSION["ldap"]["certpath"]["text"];
putenv($s);
}
if (isset($_SESSION["ldap"]["certkey"])) {
$s = "LDAPTLS_KEY=" . $_SESSION["ldap"]["certkey"]["text"];
putenv($s);
}
$host = $_SESSION["ldap"]["server_host"]["text"];
$port = $_SESSION["ldap"]["server_port"]["numeric"];
$connect = ldap_connect($host, $port)
or die("Could not connect to the LDAP server.");
//ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, 10);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
//ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
//set the default status
$user_authorized = false;
//provide backwards compatability
if (strlen($_SESSION["ldap"]["user_dn"]["text"]) > 0) {
$_SESSION["ldap"]["user_dn"][] = $_SESSION["ldap"]["user_dn"]["text"];
}
//check all user_dn in the array
foreach ($_SESSION["ldap"]["user_dn"] as $user_dn) {
$bind_dn = $_SESSION["ldap"]["user_attribute"]["text"]."=".$this->username.",".$user_dn;
$bind_pw = $this->password;
//Note: As of 4/16, the call below will fail randomly. PHP debug reports ldap_bind
//called below with all arguments '*uninitialized*'. However, the debugger
//single-stepping just before the failing call correctly displays all the values.
if (strlen($bind_pw) > 0) {
$bind = ldap_bind($connect, $bind_dn, $bind_pw);
if ($bind) {
//connected and authorized
$user_authorized = true;
break;
}
}
}
//check to see if the user exists
if ($user_authorized) {
$sql = "select * from v_users ";
$sql .= "where username = :username ";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $this->domain_uuid;
}
$parameters['username'] = $this->username;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && @sizeof($row) != 0) {
if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
//get the domain uuid
$this->domain_uuid = $row["domain_uuid"];
$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
//set the domain session variables
$_SESSION["domain_uuid"] = $this->domain_uuid;
$_SESSION["domain_name"] = $this->domain_name;
//set the setting arrays
$domain = new domains();
$domain->set();
}
$this->user_uuid = $row["user_uuid"];
$this->contact_uuid = $row["contact_uuid"];
}
else {
//salt used with the password to create a one way hash
$salt = generate_password('32', '4');
$password = generate_password('32', '4');
//prepare the uuids
$this->user_uuid = uuid();
$this->contact_uuid = uuid();
//build user insert array
$array['users'][0]['user_uuid'] = $this->user_uuid;
$array['users'][0]['domain_uuid'] = $this->domain_uuid;
$array['users'][0]['contact_uuid'] = $this->contact_uuid;
$array['users'][0]['username'] = strtolower($this->username);
$array['users'][0]['password'] = md5($salt.$password);
$array['users'][0]['salt'] = $salt;
$array['users'][0]['add_date'] = now();
$array['users'][0]['add_user'] = strtolower($this->username);
$array['users'][0]['user_enabled'] = 'true';
//build user group insert array
$array['user_groups'][0]['user_group_uuid'] = uuid();
$array['user_groups'][0]['group_uuid'] = (!is_null($_SESSION["ldap"]["assign_group_uuid"]) && strlen($_SESSION["ldap"]["assign_group_uuid"]) > 0) ? $_SESSION["ldap"]["assign_group_uuid"] : uuid();
//To set default group add default setting : Categ ldap Subcateg: assign_group_uuid Type: uuid Value : group UUID
$array['user_groups'][0]['domain_uuid'] = $this->domain_uuid;
$array['user_groups'][0]['group_name'] = 'user';
$array['user_groups'][0]['user_uuid'] = $this->user_uuid;
//grant temporary permissions
$p = new permissions;
$p->add('user_add', 'temp');
$p->add('user_group_add', 'temp');
//execute insert
$database = new database;
$database->app_name = 'authentication';
$database->app_uuid = 'a8a12918-69a4-4ece-a1ae-3932be0e41f1';
$database->save($array);
unset($array);
//revoke temporary permissions
$p->delete('user_add', 'temp');
$p->delete('user_group_add', 'temp');
}
unset($sql, $parameters, $row);
}
//result array
$result["plugin"] = "ldap";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
if ($this->debug) {
$result["password"] = $this->password;
}
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $this->domain_uuid;
$result["authorized"] = $user_authorized ? 'true' : 'false';
return $result;
}
}
?>