laipower/wp-content/plugins/authLdap-2.3.1/ldap.php

281 lines
7.9 KiB
PHP
Raw Normal View History

2020-04-07 13:03:04 +00:00
<?php
/**
* $Id: ldap.php 381646 2011-05-06 09:37:31Z heiglandreas $
*
* authLdap - Authenticate Wordpress against an LDAP-Backend.
* Copyright (c) 2008 Andreas Heigl<andreas@heigl.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* This file handles the basic LDAP-Tasks
*
* @author Andreas Heigl<andreas@heigl.org>
* @package authLdap
* @category authLdap
* @since 2008
*/
namespace Org_Heigl\AuthLdap;
use Exception;
class LDAP
{
private $_server = '';
private $_scheme = 'ldap';
private $_port = 389;
private $_baseDn = '';
private $_debug = false;
/**
* This property contains the connection handle to the ldap-server
*
* @var Ressource
*/
private $_ch = null;
private $_username = '';
private $_password = '';
private $_starttls = false;
public function __construct($URI, $debug = false, $starttls = false)
{
$this->_debug=$debug;
$array = parse_url($URI);
if (! is_array($array)) {
throw new Exception($URI . ' seems not to be a valid URI');
}
$url = array_map(function ($item) {
return urldecode($item);
}, $array);
if (false === $url) {
throw new Exception($URI . ' is an invalid URL');
}
if (! isset ( $url['scheme'] )) {
throw new Exception($URI . ' does not provide a scheme');
}
if (0 !== strpos($url['scheme'], 'ldap')) {
throw new Exception($URI . ' is an invalid LDAP-URI');
}
if (! isset ( $url['host'] )) {
throw new Exception($URI . ' does not provide a server');
}
if (! isset ( $url['path'] )) {
throw new Exception($URI . ' does not provide a search-base');
}
if (1 == strlen($url['path'])) {
throw new Exception($URI . ' does not provide a valid search-base');
}
$this -> _server = $url['host'];
$this -> _scheme = $url['scheme'];
$this -> _baseDn = substr($url['path'], 1);
if (isset ( $url['user'] )) {
$this -> _username = $url['user'];
}
if ('' == trim($this -> _username)) {
$this -> _username = 'anonymous';
}
if (isset ( $url['pass'] )) {
$this -> _password = $url['pass'];
}
if (isset ( $url['port'] )) {
$this -> _port = $url['port'];
}
$this->_starttls = $starttls;
}
/**
* Connect to the given LDAP-Server
*
* @return LDAP
* @throws AuthLdap_Exception
*/
public function connect()
{
$this -> disconnect();
if ('ldaps' == $this->_scheme && 389 == $this->_port) {
$this->_port = 636;
}
$this->_ch = @ldap_connect($this->_scheme . '://' . $this->_server . ':' . $this -> _port);
if (! $this->_ch) {
throw new AuthLDAP_Exception('Could not connect to the server');
}
ldap_set_option($this->_ch, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->_ch, LDAP_OPT_REFERRALS, 0);
//if configured try to upgrade encryption to tls for ldap connections
if ($this->_starttls) {
ldap_start_tls($this->_ch);
}
return $this;
}
/**
* Disconnect from a resource if one is available
*
* @return LDAP
*/
public function disconnect()
{
if (is_resource($this->_ch)) {
@ldap_unbind($this->_ch);
}
$this->_ch = null;
return $this;
}
/**
* Bind to an LDAP-Server with the given credentials
*
* @return LDAP
* @throw AuthLdap_Exception
*/
public function bind()
{
if (! $this->_ch) {
$this->connect();
}
if (! is_resource($this->_ch)) {
throw new AuthLDAP_Exception('No Resource-handle given');
}
$bind = false;
if (( ( $this->_username )
&& ( $this->_username != 'anonymous') )
&& ( $this->_password != '' ) ) {
$bind = @ldap_bind($this->_ch, $this->_username, $this->_password);
} else {
$bind = @ldap_bind($this->_ch);
}
if (! $bind) {
throw new AuthLDAP_Exception('bind was not successfull: ' . ldap_error($this->_ch));
}
return $this;
}
public function getErrorNumber()
{
return @ldap_errno($this->_ch);
}
public function getErrorText()
{
return @ldap_error($this->_ch);
}
/**
* This method does the actual ldap-serch.
*
* This is using the filter <var>$filter</var> for retrieving the attributes
* <var>$attributes</var>
*
*
* @param string $filter
* @param array $attributes
* @param string $base
* @return array
*/
public function search($filter, $attributes = array('uid'), $base = '' )
{
if (! is_Resource($this->_ch)) {
throw new AuthLDAP_Exception('No resource handle avbailable');
}
if (! $base) {
$base = $this->_baseDn;
}
$result = ldap_search($this->_ch, $base, $filter, $attributes);
if ($result === false) {
throw new AuthLDAP_Exception('no result found');
}
$this->_info = @ldap_get_entries($this->_ch, $result);
if ($this->_info === false) {
throw new AuthLDAP_Exception('invalid results found');
}
return $this -> _info;
}
/**
* This method sets debugging to ON
*/
public function debugOn()
{
$this->_debug = true;
return $this;
}
/**
* This method sets debugging to OFF
*/
public function debugOff()
{
$this->_debug = false;
return $this;
}
/**
* This method authenticates the user <var>$username</var> using the
* password <var>$password</var>
*
* @param string $username
* @param string $password
* @param string $filter OPTIONAL This parameter defines the Filter to be used
* when searchin for the username. This MUST contain the string '%s' which
* will be replaced by the vaue given in <var>$username</var>
* @return boolean true or false depending on successfull authentication or not
*/
public function authenticate($username, $password, $filter = '(uid=%s)')
{
//return true;
$this->connect();
$this->bind();
$res = $this->search(sprintf($filter, $username));
if (! $res || ! is_array($res) || ( $res ['count'] != 1 )) {
return false;
}
$dn = $res[0]['dn'];
if ($username && $password) {
if (@ldap_bind($this->_ch, $dn, $password)) {
return true;
}
}
return false;
}
/**
* $this method loggs errors if debugging is set to ON
*/
public function logError()
{
if ($this->_debug) {
$_v = debug_backtrace();
throw new AuthLDAP_Exception('[LDAP_ERROR]' . ldap_errno($this->_ch) . ':' . ldap_error($this->_ch), $_v[0]['line']);
}
}
}
class AuthLDAP_Exception extends Exception
{
public function __construct($message, $line = null)
{
parent :: __construct($message);
if ($line) {
$this -> line = $line;
}
}
}