2009-07-01 16:09:17 +10:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Classes and functions for communication of Data Stores
|
|
|
|
*
|
|
|
|
* @author The phpLDAPadmin development team
|
|
|
|
* @package phpLDAPadmin
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This abstract class provides the basic variables and methods.
|
|
|
|
*
|
|
|
|
* @package phpLDAPadmin
|
|
|
|
* @subpackage DataStore
|
|
|
|
*/
|
|
|
|
abstract class DS {
|
|
|
|
# ID of this db.
|
|
|
|
protected $index;
|
|
|
|
|
|
|
|
# Configuration paramters.
|
|
|
|
protected $default;
|
|
|
|
protected $custom;
|
|
|
|
protected $type;
|
|
|
|
|
|
|
|
abstract function __construct($index);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This will make the connection to the datasource
|
|
|
|
*/
|
|
|
|
abstract protected function connect($method,$debug=false);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Login to the datastore
|
|
|
|
* method: default = anon, connect to ds using bind_id not auth_id.
|
|
|
|
* method: 'user', connect with auth_id
|
|
|
|
* method: '<freetext>', any custom extra connection to ds.
|
|
|
|
*/
|
|
|
|
abstract public function login($user=null,$pass=null,$method=null);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Query the datasource
|
|
|
|
*/
|
|
|
|
abstract public function query($query,$method,$index=null,$debug=false);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return error details from previous operation
|
|
|
|
*/
|
|
|
|
abstract protected function getErrorMessage();
|
|
|
|
abstract protected function getErrorNum();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Functions that set and verify object configuration details
|
|
|
|
*/
|
|
|
|
public function setDefaults($defaults) {
|
|
|
|
foreach ($defaults as $key => $details)
|
|
|
|
foreach ($details as $setting => $value)
|
|
|
|
$this->default->{$key}[$setting] = $value;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function isDefaultKey($key) {
|
|
|
|
return isset($this->default->$key);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function isDefaultSetting($key,$setting) {
|
|
|
|
return array_key_exists($setting,$this->default->{$key});
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a configuration value
|
|
|
|
*/
|
2009-07-05 13:55:27 +10:00
|
|
|
public function getValue($key,$setting,$fatal=true) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,1,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
if (isset($this->custom->{$key}[$setting]))
|
|
|
|
return $this->custom->{$key}[$setting];
|
|
|
|
|
|
|
|
elseif (isset($this->default->{$key}[$setting]) && array_key_exists('default',$this->default->{$key}[$setting]))
|
|
|
|
return $this->default->{$key}[$setting]['default'];
|
|
|
|
|
2009-07-05 13:55:27 +10:00
|
|
|
elseif ($fatal)
|
2009-07-01 16:09:17 +10:00
|
|
|
debug_dump_backtrace("Error trying to get a non-existant value ($key,$setting)",1);
|
2009-07-05 13:55:27 +10:00
|
|
|
|
|
|
|
else
|
|
|
|
return null;
|
2009-07-01 16:09:17 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set a configuration value
|
|
|
|
*/
|
|
|
|
public function setValue($key,$setting,$value) {
|
|
|
|
if (isset($this->custom->{$key}[$setting]))
|
|
|
|
system_message(array(
|
|
|
|
'title'=>_('Configuration setting already defined.'),
|
|
|
|
'body'=>sprintf('A call has been made to reset a configuration value (%s,%s,%s)',
|
|
|
|
$key,$setting,$value),
|
|
|
|
'type'=>'info'));
|
|
|
|
|
|
|
|
$this->custom->{$key}[$setting] = $value;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the untested config items
|
|
|
|
*/
|
|
|
|
public function untested() {
|
|
|
|
$result = array();
|
|
|
|
|
|
|
|
foreach ($this->default as $option => $details)
|
|
|
|
foreach ($details as $param => $values)
|
|
|
|
if (isset($values['untested']) && $values['untested'])
|
|
|
|
array_push($result,sprintf('%s.%s',$option,$param));
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the name of this datastore
|
|
|
|
*/
|
|
|
|
public function getName() {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
return $this->getValue('server','name');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Functions that enable login and logout of the application
|
|
|
|
*/
|
|
|
|
/**
|
|
|
|
* Return the authentication type for this object
|
|
|
|
*/
|
|
|
|
public function getAuthType() {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
switch ($this->getValue('login','auth_type')) {
|
2011-04-26 00:08:59 +10:00
|
|
|
case 'cookie':
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'config':
|
2009-07-11 10:18:48 +10:00
|
|
|
case 'http':
|
2009-07-12 12:01:59 +10:00
|
|
|
case 'proxy':
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'session':
|
2010-07-09 18:01:47 -07:00
|
|
|
case 'sasl':
|
2019-11-03 20:14:12 +00:00
|
|
|
case 'sasl_external':
|
2009-07-01 16:09:17 +10:00
|
|
|
return $this->getValue('login','auth_type');
|
|
|
|
|
|
|
|
default:
|
|
|
|
die(sprintf('Error: <b>%s</b> hasnt been configured for auth_type <b>%s</b>',__METHOD__,
|
|
|
|
$this->getValue('login','auth_type')));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the login name of the user logged into this datastore's connection method
|
|
|
|
* If this returns null, we are not logged in.
|
|
|
|
* If this returns '', we are logged in with anonymous
|
|
|
|
*/
|
|
|
|
public function getLogin($method=null) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-12 22:03:05 +10:00
|
|
|
$method = $this->getMethod($method);
|
|
|
|
|
2009-08-12 23:54:01 +10:00
|
|
|
# For anonymous binds
|
|
|
|
if ($method == 'anon')
|
|
|
|
if (isset($_SESSION['USER'][$this->index][$method]['name']))
|
|
|
|
return '';
|
|
|
|
else
|
|
|
|
return null;
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
switch ($this->getAuthType()) {
|
2011-04-26 00:08:59 +10:00
|
|
|
case 'cookie':
|
|
|
|
if (! isset($_COOKIE[$method.'-USER']))
|
|
|
|
# If our bind_id is set, we'll pass that back for logins.
|
|
|
|
return (! is_null($this->getValue('login','bind_id')) && $method == 'login') ? $this->getValue('login','bind_id') : null;
|
|
|
|
else
|
|
|
|
return blowfish_decrypt($_COOKIE[$method.'-USER']);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'config':
|
|
|
|
if (! isset($_SESSION['USER'][$this->index][$method]['name']))
|
|
|
|
return $this->getValue('login','bind_id');
|
|
|
|
else
|
|
|
|
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['name']);
|
|
|
|
|
2009-07-12 12:01:59 +10:00
|
|
|
case 'proxy':
|
|
|
|
if (! isset($_SESSION['USER'][$this->index][$method]['proxy']))
|
|
|
|
return $this->getValue('login','bind_id');
|
|
|
|
else
|
|
|
|
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['proxy']);
|
|
|
|
|
2009-07-11 10:18:48 +10:00
|
|
|
case 'http':
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'session':
|
2010-07-09 18:01:47 -07:00
|
|
|
case 'sasl':
|
2009-07-01 16:09:17 +10:00
|
|
|
if (! isset($_SESSION['USER'][$this->index][$method]['name']))
|
2009-08-21 15:02:12 +10:00
|
|
|
# If our bind_id is set, we'll pass that back for logins.
|
|
|
|
return (! is_null($this->getValue('login','bind_id')) && $method == 'login') ? $this->getValue('login','bind_id') : null;
|
2009-07-01 16:09:17 +10:00
|
|
|
else
|
|
|
|
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['name']);
|
|
|
|
|
2019-11-03 20:14:12 +00:00
|
|
|
case 'sasl_external':
|
|
|
|
return 'external';
|
2009-07-01 16:09:17 +10:00
|
|
|
default:
|
|
|
|
die(sprintf('Error: %s hasnt been configured for auth_type %s',__METHOD__,$this->getAuthType()));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set the login details of the user logged into this datastore's connection method
|
|
|
|
*/
|
|
|
|
protected function setLogin($user,$pass,$method=null) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
$method = $this->getMethod($method);
|
|
|
|
|
|
|
|
switch ($this->getAuthType()) {
|
2011-04-26 00:08:59 +10:00
|
|
|
case 'cookie':
|
|
|
|
set_cookie($method.'-USER',blowfish_encrypt($user),NULL,'/');
|
|
|
|
set_cookie($method.'-PASS',blowfish_encrypt($pass),NULL,'/');
|
2011-05-03 23:14:16 +10:00
|
|
|
return true;
|
2011-04-26 00:08:59 +10:00
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'config':
|
2019-11-03 20:14:12 +00:00
|
|
|
case 'sasl_external':
|
2009-07-12 12:01:59 +10:00
|
|
|
return true;
|
|
|
|
|
|
|
|
case 'proxy':
|
|
|
|
if (isset($_SESSION['USER'][$this->index][$method]['proxy']))
|
|
|
|
unset($_SESSION['USER'][$this->index][$method]['proxy']);
|
|
|
|
|
2009-07-11 10:18:48 +10:00
|
|
|
case 'http':
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'session':
|
2010-07-09 18:01:47 -07:00
|
|
|
case 'sasl':
|
2009-07-01 16:09:17 +10:00
|
|
|
$_SESSION['USER'][$this->index][$method]['name'] = blowfish_encrypt($user);
|
|
|
|
$_SESSION['USER'][$this->index][$method]['pass'] = blowfish_encrypt($pass);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
default:
|
|
|
|
die(sprintf('Error: %s hasnt been configured for auth_type %s',__METHOD__,$this->getAuthType()));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the login password of the user logged into this datastore's connection method
|
|
|
|
*/
|
|
|
|
protected function getPassword($method=null) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
$method = $this->getMethod($method);
|
|
|
|
|
2009-08-12 23:54:01 +10:00
|
|
|
# For anonymous binds
|
2009-07-12 12:01:59 +10:00
|
|
|
if ($method == 'anon')
|
2009-08-12 23:54:01 +10:00
|
|
|
if (isset($_SESSION['USER'][$this->index][$method]['name']))
|
|
|
|
return '';
|
|
|
|
else
|
|
|
|
return null;
|
2009-07-01 16:09:17 +10:00
|
|
|
|
|
|
|
switch ($this->getAuthType()) {
|
2011-04-26 00:08:59 +10:00
|
|
|
case 'cookie':
|
|
|
|
if (! isset($_COOKIE[$method.'-PASS']))
|
|
|
|
# If our bind_id is set, we'll pass that back for logins.
|
|
|
|
return (! is_null($this->getValue('login','bind_pass')) && $method == 'login') ? $this->getValue('login','bind_pass') : null;
|
|
|
|
else
|
|
|
|
return blowfish_decrypt($_COOKIE[$method.'-PASS']);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'config':
|
2009-07-12 12:01:59 +10:00
|
|
|
case 'proxy':
|
2009-07-01 16:09:17 +10:00
|
|
|
if (! isset($_SESSION['USER'][$this->index][$method]['pass']))
|
|
|
|
return $this->getValue('login','bind_pass');
|
|
|
|
else
|
|
|
|
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['pass']);
|
|
|
|
|
2009-07-11 10:18:48 +10:00
|
|
|
case 'http':
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'session':
|
2010-07-09 18:01:47 -07:00
|
|
|
case 'sasl':
|
2009-07-01 16:09:17 +10:00
|
|
|
if (! isset($_SESSION['USER'][$this->index][$method]['pass']))
|
2009-08-21 15:02:12 +10:00
|
|
|
# If our bind_pass is set, we'll pass that back for logins.
|
|
|
|
return (! is_null($this->getValue('login','bind_pass')) && $method == 'login') ? $this->getValue('login','bind_pass') : null;
|
2009-07-01 16:09:17 +10:00
|
|
|
else
|
|
|
|
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['pass']);
|
|
|
|
|
2019-11-03 20:14:12 +00:00
|
|
|
case 'sasl_external':
|
|
|
|
return '';
|
2009-07-01 16:09:17 +10:00
|
|
|
default:
|
|
|
|
die(sprintf('Error: %s hasnt been configured for auth_type %s',__METHOD__,$this->getAuthType()));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return if this datastore's connection method has been logged into
|
|
|
|
*/
|
|
|
|
public function isLoggedIn($method=null) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-11 17:20:21 +10:00
|
|
|
static $CACHE = array();
|
2009-07-11 10:18:48 +10:00
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
$method = $this->getMethod($method);
|
|
|
|
|
2009-07-25 20:14:36 +10:00
|
|
|
if (isset($CACHE[$this->index][$method]) && ! is_null($CACHE[$this->index][$method]))
|
|
|
|
return $CACHE[$this->index][$method];
|
2009-07-11 17:20:21 +10:00
|
|
|
|
2009-07-25 20:14:36 +10:00
|
|
|
$CACHE[$this->index][$method] = null;
|
2009-07-11 10:18:48 +10:00
|
|
|
|
|
|
|
# For some authentication types, we need to do the login here
|
|
|
|
switch ($this->getAuthType()) {
|
2009-07-12 12:01:59 +10:00
|
|
|
case 'config':
|
2009-07-25 20:14:36 +10:00
|
|
|
if (! $CACHE[$this->index][$method] = $this->login($this->getLogin($method),$this->getPassword($method),$method))
|
2009-07-12 12:01:59 +10:00
|
|
|
system_message(array(
|
|
|
|
'title'=>_('Unable to login.'),
|
|
|
|
'body'=>_('Your configuration file has authentication set to CONFIG based authentication, however, the userid/password failed to login'),
|
|
|
|
'type'=>'error'));
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
2009-07-11 10:18:48 +10:00
|
|
|
case 'http':
|
|
|
|
# If our auth vars are not set, throw up a login box.
|
|
|
|
if (! isset($_SERVER['PHP_AUTH_USER'])) {
|
2009-07-11 17:20:21 +10:00
|
|
|
# If this server is not in focus, skip the basic auth prompt.
|
|
|
|
if (get_request('server_id','REQUEST') != $this->getIndex()) {
|
2009-07-25 20:14:36 +10:00
|
|
|
$CACHE[$this->index][$method] = false;
|
2009-07-11 17:20:21 +10:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2009-07-11 10:18:48 +10:00
|
|
|
header(sprintf('WWW-Authenticate: Basic realm="%s %s"',app_name(),_('login')));
|
|
|
|
|
|
|
|
if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')
|
|
|
|
header('HTTP/1.0 401 Unauthorized'); // http 1.0 method
|
|
|
|
else
|
|
|
|
header('Status: 401 Unauthorized'); // http 1.1 method
|
|
|
|
|
|
|
|
# If we still dont have login details...
|
|
|
|
if (! isset($_SERVER['PHP_AUTH_USER'])) {
|
|
|
|
system_message(array(
|
|
|
|
'title'=>_('Unable to login.'),
|
|
|
|
'body'=>_('Your configuration file has authentication set to HTTP based authentication, however, there was none presented'),
|
|
|
|
'type'=>'error'));
|
|
|
|
|
2009-07-25 20:14:36 +10:00
|
|
|
$CACHE[$this->index][$method] = false;
|
2009-07-11 10:18:48 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
# Check our auth vars are valid.
|
|
|
|
} else {
|
|
|
|
if (! $this->login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'],$method)) {
|
|
|
|
system_message(array(
|
|
|
|
'title'=>_('Unable to login.'),
|
|
|
|
'body'=>_('Your HTTP based authentication is not accepted by the LDAP server'),
|
|
|
|
'type'=>'error'));
|
|
|
|
|
2009-07-25 20:14:36 +10:00
|
|
|
$CACHE[$this->index][$method] = false;
|
2009-07-11 10:18:48 +10:00
|
|
|
|
|
|
|
} else
|
2009-07-25 20:14:36 +10:00
|
|
|
$CACHE[$this->index][$method] = true;
|
2009-07-11 10:18:48 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
2009-07-12 12:01:59 +10:00
|
|
|
case 'proxy':
|
2009-07-25 20:14:36 +10:00
|
|
|
$CACHE[$this->index][$method] = $this->login($this->getValue('login','bind_id'),$this->getValue('login','bind_pass'),$method);
|
2009-07-12 12:01:59 +10:00
|
|
|
|
|
|
|
break;
|
|
|
|
|
2010-07-09 18:01:47 -07:00
|
|
|
case 'sasl':
|
|
|
|
# Propogate any given Kerberos credential cache location
|
|
|
|
if (isset($_ENV['REDIRECT_KRB5CCNAME']))
|
|
|
|
putenv(sprintf('KRB5CCNAME=%s',$_ENV['REDIRECT_KRB5CCNAME']));
|
|
|
|
elseif (isset($_SERVER['KRB5CCNAME']))
|
|
|
|
putenv(sprintf('KRB5CCNAME=%s',$_SERVER['KRB5CCNAME']));
|
|
|
|
|
|
|
|
# Map the SASL auth ID to a DN
|
|
|
|
$regex = $this->getValue('login', 'sasl_dn_regex');
|
|
|
|
$replacement = $this->getValue('login', 'sasl_dn_replacement');
|
|
|
|
|
|
|
|
if ($regex && $replacement) {
|
|
|
|
$userDN = preg_replace($regex, $replacement, $_SERVER['REMOTE_USER']);
|
|
|
|
|
|
|
|
$CACHE[$this->index][$method] = $this->login($userDN, '', $method);
|
2011-06-20 20:30:54 +10:00
|
|
|
|
2010-07-09 18:01:47 -07:00
|
|
|
# Otherwise, use the user name as is
|
2011-06-20 20:30:54 +10:00
|
|
|
# For GSSAPI Authentication + mod_auth_kerb and Basic Authentication
|
|
|
|
} else
|
|
|
|
$CACHE[$this->index][$method] = $this->login(isset($_SERVER['REMOTE_USER']) ? $_SERVER['REMOTE_USER'] : '', '', $method);
|
2010-07-09 18:01:47 -07:00
|
|
|
|
|
|
|
break;
|
|
|
|
|
2009-07-11 10:18:48 +10:00
|
|
|
default:
|
2009-07-25 20:14:36 +10:00
|
|
|
$CACHE[$this->index][$method] = is_null($this->getLogin($method)) ? false : true;
|
2009-07-11 10:18:48 +10:00
|
|
|
}
|
|
|
|
|
2009-07-25 20:14:36 +10:00
|
|
|
return $CACHE[$this->index][$method];
|
2009-07-01 16:09:17 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Logout of this datastore's connection method
|
|
|
|
*/
|
|
|
|
public function logout($method=null) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
$method = $this->getMethod($method);
|
|
|
|
|
2009-07-12 22:03:05 +10:00
|
|
|
unset ($_SESSION['cache'][$this->index]);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
switch ($this->getAuthType()) {
|
2011-04-26 00:08:59 +10:00
|
|
|
case 'cookie':
|
|
|
|
set_cookie($method.'-USER','',time()-3600,'/');
|
|
|
|
set_cookie($method.'-PASS','',time()-3600,'/');
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'config':
|
2019-11-03 20:14:12 +00:00
|
|
|
case 'sasl_external':
|
2009-07-01 16:09:17 +10:00
|
|
|
return true;
|
|
|
|
|
2009-07-11 10:18:48 +10:00
|
|
|
case 'http':
|
2009-07-12 12:01:59 +10:00
|
|
|
case 'proxy':
|
2009-07-01 16:09:17 +10:00
|
|
|
case 'session':
|
2010-07-09 18:01:47 -07:00
|
|
|
case 'sasl':
|
2009-07-01 16:09:17 +10:00
|
|
|
if (isset($_SESSION['USER'][$this->index][$method]))
|
|
|
|
unset($_SESSION['USER'][$this->index][$method]);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
default:
|
|
|
|
die(sprintf('Error: %s hasnt been configured for auth_type %s',__METHOD__,$this->getAuthType()));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Functions that return the condition of the datasource
|
|
|
|
*/
|
|
|
|
public function isVisible() {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
return $this->getValue('server','visible');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function isReadOnly() {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
if (! trim($this->getLogin(null)) && $_SESSION[APPCONFIG]->getValue('appearance','anonymous_bind_implies_read_only'))
|
|
|
|
return true;
|
|
|
|
else
|
|
|
|
return $this->getValue('server','read_only');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getIndex() {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,1,__FILE__,__LINE__,__METHOD__,$fargs,$this->index);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
return $this->index;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Work out which connection method to use.
|
|
|
|
* If a method is passed, then it will be passed back. If no method is passed, then we'll
|
|
|
|
* check to see if the user is logged in. If they are, then 'user' is used, otherwise
|
|
|
|
* 'anon' is used.
|
|
|
|
*
|
|
|
|
* @param int Server ID
|
|
|
|
* @return string Connection Method
|
|
|
|
*/
|
|
|
|
protected function getMethod($method=null) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-08-12 23:54:01 +10:00
|
|
|
static $CACHE = array();
|
2009-07-11 10:18:48 +10:00
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
# Immediately return if method is set.
|
|
|
|
if (! is_null($method))
|
|
|
|
return $method;
|
|
|
|
|
2009-07-11 10:18:48 +10:00
|
|
|
# If we have been here already, then return our result
|
2009-08-12 23:54:01 +10:00
|
|
|
if (isset($CACHE[$this->index]) && ! is_null($CACHE))
|
|
|
|
return $CACHE[$this->index];
|
2009-07-11 10:18:48 +10:00
|
|
|
|
2009-08-12 23:54:01 +10:00
|
|
|
$CACHE[$this->index] = 'anon';
|
2009-07-11 10:18:48 +10:00
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
if ($this->isLoggedIn('user'))
|
2009-08-12 23:54:01 +10:00
|
|
|
$CACHE[$this->index] = 'user';
|
2009-07-11 10:18:48 +10:00
|
|
|
|
2009-08-12 23:54:01 +10:00
|
|
|
return $CACHE[$this->index];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This method should be overridden in application specific ds files
|
|
|
|
*/
|
|
|
|
public function isSessionValid() {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
2009-08-28 20:07:56 +10:00
|
|
|
debug_log('Entered (%%)',17,1,__FILE__,__LINE__,__METHOD__,$fargs,true);
|
2009-08-19 13:39:37 +10:00
|
|
|
|
2009-08-12 23:54:01 +10:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the time left in seconds until this connection times out. If there is not timeout,
|
|
|
|
* this function will return null.
|
|
|
|
*/
|
|
|
|
public function inactivityTime() {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-08-12 23:54:01 +10:00
|
|
|
if ($this->isLoggedIn() && ! in_array($this->getAuthType(),array('config','http')))
|
|
|
|
return time()+($this->getValue('login','timeout')*60);
|
|
|
|
else
|
|
|
|
return null;
|
2009-07-01 16:09:17 +10:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The list of database sources
|
|
|
|
*
|
|
|
|
* @package phpLDAPadmin
|
|
|
|
* @subpackage DataStore
|
|
|
|
*/
|
|
|
|
class Datastore {
|
|
|
|
# Out DS index id
|
|
|
|
private $index;
|
|
|
|
# List of all the objects
|
|
|
|
private $objects = array();
|
|
|
|
# Default settings
|
|
|
|
private $default;
|
|
|
|
|
|
|
|
public function __construct() {
|
|
|
|
$this->default = new StdClass;
|
|
|
|
|
|
|
|
$this->default->server['id'] = array(
|
|
|
|
'desc'=>'Server ID',
|
|
|
|
'default'=>null);
|
|
|
|
|
|
|
|
$this->default->server['name'] = array(
|
|
|
|
'desc'=>'Server name',
|
|
|
|
'default'=>null);
|
|
|
|
|
|
|
|
# Connectivity Info
|
|
|
|
$this->default->server['host'] = array(
|
|
|
|
'desc'=>'Host Name',
|
|
|
|
'default'=>'127.0.0.1');
|
|
|
|
|
|
|
|
$this->default->server['port'] = array(
|
|
|
|
'desc'=>'Port Number',
|
|
|
|
'default'=>null);
|
|
|
|
|
|
|
|
# Read or write only access
|
|
|
|
$this->default->server['read_only'] = array(
|
|
|
|
'desc'=>'Server is in READ ONLY mode',
|
|
|
|
'default'=>false);
|
|
|
|
|
|
|
|
$this->default->server['visible'] = array(
|
|
|
|
'desc'=>'Whether this server is visible',
|
|
|
|
'default'=>true);
|
|
|
|
|
2011-05-20 23:53:39 +10:00
|
|
|
$this->default->server['hide_noaccess_base'] = array(
|
|
|
|
'desc'=>'If base DNs are not accessible, hide them instead of showing create',
|
|
|
|
'default'=>false);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
# Authentication Information
|
|
|
|
$this->default->login['auth_type'] = array(
|
|
|
|
'desc'=>'Authentication Type',
|
|
|
|
'default'=>'session');
|
|
|
|
|
|
|
|
/*
|
|
|
|
/* ID to login to this application, this assumes that there is
|
|
|
|
* application authentication on top of authentication required to
|
|
|
|
* access the data source **
|
|
|
|
$this->default->login['auth_id'] = array(
|
|
|
|
'desc'=>'User Login ID to login to this DS',
|
|
|
|
'untested'=>true,
|
|
|
|
'default'=>null);
|
|
|
|
|
|
|
|
$this->default->login['auth_pass'] = array(
|
|
|
|
'desc'=>'User Login Password to login to this DS',
|
|
|
|
'untested'=>true,
|
|
|
|
'default'=>null);
|
|
|
|
*/
|
|
|
|
|
|
|
|
$this->default->login['auth_text'] = array(
|
|
|
|
'desc'=>'Text to show at the login prompt',
|
|
|
|
'default'=>null);
|
|
|
|
|
|
|
|
$this->default->login['bind_id'] = array(
|
|
|
|
'desc'=>'User Login ID to bind to this DS',
|
|
|
|
'default'=>null);
|
|
|
|
|
2020-02-19 23:11:17 +01:00
|
|
|
$this->default->login['bind_dn_template'] = array(
|
|
|
|
'desc'=>'Template string for user login DN to bind to this DS. Use \'%s\' where user input should be inserted.',
|
|
|
|
'default'=>null);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
$this->default->login['bind_pass'] = array(
|
|
|
|
'desc'=>'User Login Password to bind to this DS',
|
|
|
|
'default'=>null);
|
|
|
|
|
|
|
|
$this->default->login['timeout'] = array(
|
|
|
|
'desc'=>'Session timout in seconds',
|
|
|
|
'default'=>session_cache_expire()-1);
|
|
|
|
|
2010-07-09 18:01:47 -07:00
|
|
|
$this->default->login['sasl_dn_regex'] = array(
|
|
|
|
'desc'=>'SASL authorization id to user dn PCRE regular expression',
|
|
|
|
'untested'=>true,
|
|
|
|
'default'=>null);
|
|
|
|
|
|
|
|
$this->default->login['sasl_dn_replacement'] = array(
|
|
|
|
'desc'=>'SASL authorization id to user dn PCRE regular expression replacement string',
|
|
|
|
'untested'=>true,
|
|
|
|
'default'=>null);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
# Prefix for custom pages
|
|
|
|
$this->default->custom['pages_prefix'] = array(
|
|
|
|
'desc'=>'Prefix name for custom pages',
|
|
|
|
'default'=>'custom_');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new database object
|
|
|
|
*/
|
|
|
|
public function newServer($type) {
|
|
|
|
if (class_exists($type)) {
|
|
|
|
$this->index = count($this->objects)+1;
|
|
|
|
$this->objects[$this->index] = new $type($this->index);
|
|
|
|
|
|
|
|
$this->objects[$this->index]->setDefaults($this->default);
|
|
|
|
return $this->index;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
printf('ERROR: Class [%s] doesnt exist',$type);
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set values for a database object.
|
|
|
|
*/
|
|
|
|
public function setValue($key,$setting,$value) {
|
|
|
|
if (! $this->objects[$this->index]->isDefaultKey($key))
|
|
|
|
error("ERROR: Setting a key [$key] that isnt predefined.",'error',true);
|
|
|
|
|
|
|
|
if (! $this->objects[$this->index]->isDefaultSetting($key,$setting))
|
|
|
|
error("ERROR: Setting a index [$key,$setting] that isnt predefined.",'error',true);
|
|
|
|
|
|
|
|
# Test if its should be an array or not.
|
|
|
|
if (is_array($this->objects[$this->index]->getValue($key,$setting)) && ! is_array($value))
|
|
|
|
error("Error in configuration file, {$key}['$setting'] SHOULD be an array of values.",'error',true);
|
|
|
|
|
|
|
|
if (! is_array($this->objects[$this->index]->getValue($key,$setting)) && is_array($value))
|
|
|
|
error("Error in configuration file, {$key}['$setting'] should NOT be an array of values.",'error',true);
|
|
|
|
|
|
|
|
# Store the value in the object.
|
|
|
|
$this->objects[$this->index]->setValue($key,$setting,$value);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get a list of all the configured servers.
|
|
|
|
*
|
|
|
|
* @param boolean Only show visible servers.
|
|
|
|
* @return array list of all configured servers.
|
|
|
|
*/
|
|
|
|
public function getServerList($isVisible=true) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
static $CACHE;
|
|
|
|
|
|
|
|
if (isset($CACHE[$isVisible]))
|
|
|
|
return $CACHE[$isVisible];
|
|
|
|
|
|
|
|
$CACHE[$isVisible] = array();
|
|
|
|
|
|
|
|
# Debugging incase objects is not set.
|
|
|
|
if (! $this->objects) {
|
|
|
|
print "<PRE>";
|
|
|
|
debug_print_backtrace();
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
|
|
|
foreach ($this->objects as $id => $server)
|
|
|
|
if (! $isVisible || ($isVisible && $server->getValue('server','visible')))
|
|
|
|
$CACHE[$isVisible][$id] = $server;
|
|
|
|
|
2011-04-29 14:08:07 +10:00
|
|
|
masort($CACHE[$isVisible],'name');
|
|
|
|
|
2009-07-01 16:09:17 +10:00
|
|
|
return $CACHE[$isVisible];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return an object Instance of a configured database.
|
|
|
|
*
|
|
|
|
* @param int Index
|
|
|
|
* @return object Datastore instance object.
|
|
|
|
*/
|
|
|
|
public function Instance($index=null) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
2009-07-01 16:09:17 +10:00
|
|
|
|
|
|
|
# If no index defined, then pick the lowest one.
|
2011-04-26 22:35:43 +10:00
|
|
|
if (is_null($index) || ! trim($index) || ! is_numeric($index))
|
2009-07-01 16:09:17 +10:00
|
|
|
$index = min($this->GetServerList())->getIndex();
|
|
|
|
|
|
|
|
if (! isset($this->objects[$index]))
|
2010-03-14 23:48:40 +11:00
|
|
|
debug_dump_backtrace(sprintf('Error: Datastore instance [%s] doesnt exist?',htmlspecialchars($index)),1);
|
2009-07-01 16:09:17 +10:00
|
|
|
|
|
|
|
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED)
|
2009-08-19 13:39:37 +10:00
|
|
|
debug_log('Returning instance of database (%s)',3,0,__FILE__,__LINE__,__METHOD__,$index);
|
2009-07-01 16:09:17 +10:00
|
|
|
|
|
|
|
return $this->objects[$index];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return an object Instance of a configured database.
|
|
|
|
*
|
|
|
|
* @param string Name of the instance to retrieve
|
|
|
|
* @return object Datastore instance object.
|
|
|
|
*/
|
|
|
|
public function InstanceName($name=null) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
2009-07-01 16:09:17 +10:00
|
|
|
|
|
|
|
foreach ($this->getServerList(false) as $index)
|
|
|
|
if ($this->objects[$index]->getName() == $name)
|
|
|
|
return $this->objects[$index];
|
|
|
|
|
|
|
|
# If we get here, then no object with the name exists.
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return an object Instance of a configured database.
|
|
|
|
*
|
|
|
|
* @param string ID of the instance to retrieve
|
|
|
|
* @return object Datastore instance object.
|
|
|
|
*/
|
|
|
|
public function InstanceId($id=null) {
|
2009-08-19 13:39:37 +10:00
|
|
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
|
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
2009-07-01 16:09:17 +10:00
|
|
|
|
|
|
|
foreach ($this->getServerList(false) as $index)
|
|
|
|
if ($this->objects[$index->getIndex()]->getValue('server','id') == $id)
|
|
|
|
return $this->objects[$index->getIndex()];
|
|
|
|
|
|
|
|
# If we get here, then no object with the name exists.
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
?>
|