mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-11-27 04:04:49 +01:00
222 lines
6.7 KiB
PHP
222 lines
6.7 KiB
PHP
|
<?php
|
|||
|
/*******************************************************************************
|
|||
|
* Copyright (C) 2007 Easter-eggs
|
|||
|
* http://ldapsaisie.labs.libre-entreprise.org
|
|||
|
*
|
|||
|
* Author: See AUTHORS file in top-level directory.
|
|||
|
*
|
|||
|
* This program is free software; you can redistribute it and/or
|
|||
|
* modify it under the terms of the GNU General Public License version 2
|
|||
|
* as published by the Free Software Foundation.
|
|||
|
*
|
|||
|
* This program is distributed in the hope that it will be useful,
|
|||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|||
|
* GNU General Public License for more details.
|
|||
|
*
|
|||
|
* You should have received a copy of the GNU General Public License
|
|||
|
* along with this program; if not, write to the Free Software
|
|||
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|||
|
|
|||
|
******************************************************************************/
|
|||
|
|
|||
|
|
|||
|
/*
|
|||
|
* Donn<EFBFBD>es de configuration pour le support SAMBA
|
|||
|
*/
|
|||
|
|
|||
|
// SID du domaine Samba g<>r<EFBFBD>
|
|||
|
define('LS_SAMBA_DOMAIN_SID','S-1-5-21-2421470416-3566881284-3047381809');
|
|||
|
|
|||
|
// Nombre de base pour le calcul des sambaSID Utilisateur
|
|||
|
define('LS_SAMBA_SID_BASE_USER',1000);
|
|||
|
|
|||
|
// Nombre de base pour le calcul des sambaSID Groupe
|
|||
|
define('LS_SAMBA_SID_BASE_GROUP',1001);
|
|||
|
|
|||
|
/*
|
|||
|
* NB : C'est deux nombres doivent <20>tre pour l'un paire et pour l'autre impaire
|
|||
|
* pour conserver l'unicit<EFBFBD> des SID
|
|||
|
*/
|
|||
|
|
|||
|
// Nom de l'attribut LDAP uidNumber
|
|||
|
define('LS_SAMBA_UIDNUMBER_ATTR','uidNumber');
|
|||
|
|
|||
|
// Nom de l'attribut LDAP gidNumber
|
|||
|
define('LS_SAMBA_GIDNUMBER_ATTR','gidNumber');
|
|||
|
|
|||
|
// Nom de l'attribut LDAP userPassword
|
|||
|
define('LS_SAMBA_USERPASSWORD_ATTR','userPassword');
|
|||
|
|
|||
|
// Message d'erreur
|
|||
|
|
|||
|
$GLOBALS['error_code']['SAMBA_SUPPORT_01']= array (
|
|||
|
'msg' => _("SAMBA Support : la classe smHash ne peut pas <20>tre charg<72>e."),
|
|||
|
'level' => 'c'
|
|||
|
);
|
|||
|
$GLOBALS['error_code']['SAMBA_SUPPORT_02']= array (
|
|||
|
'msg' => _("SAMBA Support : La constante %{const} n'est pas d<>finie."),
|
|||
|
'level' => 'c'
|
|||
|
);
|
|||
|
|
|||
|
$GLOBALS['error_code']['SAMBA_SUPPORT_03']= array (
|
|||
|
'msg' => _("SAMBA Support : Les constantes LS_SAMBA_SID_BASE_USER et LS_SAMBA_SID_BASE_GROUP ne doivent pas avoir la m<>me parit<69> pour l'unicit<69> des sambaSID."),
|
|||
|
'level' => 'c'
|
|||
|
);
|
|||
|
|
|||
|
|
|||
|
$GLOBALS['error_code']['SAMBA_01']= array (
|
|||
|
'msg' => _("SAMBA Support : L'attribut %{dependency} est introuvable. Impossible de g<>n<EFBFBD>rer l'attribut %{attr}."),
|
|||
|
'level' => 'c'
|
|||
|
);
|
|||
|
|
|||
|
/*
|
|||
|
* Fin des donn<EFBFBD>es de configuration
|
|||
|
*/
|
|||
|
|
|||
|
|
|||
|
/*
|
|||
|
* Verification du support Samba par ldapSaisie
|
|||
|
*
|
|||
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|||
|
*
|
|||
|
* @retval boolean true si Samba est pleinement support<EFBFBD>, false sinon
|
|||
|
*/
|
|||
|
function LSaddon_samba_support() {
|
|||
|
|
|||
|
$retval=true;
|
|||
|
|
|||
|
// Dependance de librairie
|
|||
|
if ( !class_exists('smbHash') ) {
|
|||
|
if ( ! @include_once(LS_LIB_DIR . 'class.smbHash.php') ) {
|
|||
|
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O1');
|
|||
|
$retval=false;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
$MUST_DEFINE_CONST= array(
|
|||
|
'LS_SAMBA_DOMAIN_SID',
|
|||
|
'LS_SAMBA_SID_BASE_USER',
|
|||
|
'LS_SAMBA_SID_BASE_GROUP',
|
|||
|
'LS_SAMBA_UIDNUMBER_ATTR',
|
|||
|
'LS_SAMBA_GIDNUMBER_ATTR',
|
|||
|
'LS_SAMBA_USERPASSWORD_ATTR'
|
|||
|
);
|
|||
|
|
|||
|
foreach($MUST_DEFINE_CONST as $const) {
|
|||
|
if ( constant($const) == '' ) {
|
|||
|
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O2',$const);
|
|||
|
$retval=false;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
// Pour l'int<6E>grit<69> des SID
|
|||
|
if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) {
|
|||
|
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O3');
|
|||
|
$retval=false;
|
|||
|
}
|
|||
|
|
|||
|
return $retval;
|
|||
|
}
|
|||
|
|
|||
|
/*
|
|||
|
* Generation de sambaSID
|
|||
|
*
|
|||
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|||
|
*
|
|||
|
* Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER
|
|||
|
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
|||
|
*
|
|||
|
* @param[in] $ldapObject L'objet ldap
|
|||
|
*
|
|||
|
* @retval string SambaSID ou false si il y a un probl<EFBFBD>me durant la g<EFBFBD>n<EFBFBD>ration
|
|||
|
*/
|
|||
|
function generate_sambaSID($ldapObject) {
|
|||
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
|||
|
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID'));
|
|||
|
return;
|
|||
|
}
|
|||
|
|
|||
|
$uidNumber = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_USER;
|
|||
|
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber;
|
|||
|
|
|||
|
return ($sambaSID);
|
|||
|
}
|
|||
|
|
|||
|
/*
|
|||
|
* Generation de sambaPrimaryGroupSID
|
|||
|
*
|
|||
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|||
|
*
|
|||
|
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
|
|||
|
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
|||
|
*
|
|||
|
* @param[in] $ldapObject L'objet ldap
|
|||
|
*
|
|||
|
* @retval string sambaPrimaryGroupSID ou false si il y a un probl<EFBFBD>me durant la g<EFBFBD>n<EFBFBD>ration
|
|||
|
*/
|
|||
|
function generate_sambaPrimaryGroupSID($ldapObject) {
|
|||
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
|||
|
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_02',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID'));
|
|||
|
return;
|
|||
|
}
|
|||
|
|
|||
|
$gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_GROUP;
|
|||
|
$sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
|
|||
|
|
|||
|
return ($sambaPrimaryGroupSID);
|
|||
|
}
|
|||
|
|
|||
|
/*
|
|||
|
* Generation de sambaNTPassword
|
|||
|
*
|
|||
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|||
|
*
|
|||
|
* @param[in] $ldapObject L'objet ldap
|
|||
|
*
|
|||
|
* @retval string sambaNTPassword ou false si il y a un probl<EFBFBD>me durant la g<EFBFBD>n<EFBFBD>ration
|
|||
|
*/
|
|||
|
function generate_sambaNTPassword($ldapObject) {
|
|||
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
|
|||
|
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_03',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaNTPassword'));
|
|||
|
return;
|
|||
|
}
|
|||
|
|
|||
|
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
|||
|
$sambapassword = new smbHash;
|
|||
|
$sambaNTPassword = $sambapassword -> nthash($password);
|
|||
|
|
|||
|
if($sambaNTPassword == '') {
|
|||
|
return;
|
|||
|
}
|
|||
|
return $sambaNTPassword;
|
|||
|
}
|
|||
|
|
|||
|
/*
|
|||
|
* Generation de sambaLMPassword
|
|||
|
*
|
|||
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|||
|
*
|
|||
|
* @param[in] $ldapObject L'objet ldap
|
|||
|
*
|
|||
|
* @retval string sambaLMPassword ou false si il y a un probl<EFBFBD>me durant la g<EFBFBD>n<EFBFBD>ration
|
|||
|
*/
|
|||
|
function generate_sambaLMPassword($ldapObject) {
|
|||
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
|
|||
|
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_04',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaLMPassword'));
|
|||
|
return;
|
|||
|
}
|
|||
|
|
|||
|
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
|||
|
$sambapassword = new smbHash;
|
|||
|
$sambaLMPassword = $sambapassword -> lmhash($password);
|
|||
|
|
|||
|
if($sambaLMPassword == '') {
|
|||
|
return;
|
|||
|
}
|
|||
|
return $sambaLMPassword;
|
|||
|
}
|
|||
|
|
|||
|
?>
|