2007-11-15 19:07:24 +01:00
< ? php
/*******************************************************************************
* Copyright ( C ) 2007 Easter - eggs
* http :// ldapsaisie . labs . libre - entreprise . org
*
* Author : See AUTHORS file in top - level directory .
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 59 Temple Place - Suite 330 , Boston , MA 02111 - 1307 , USA .
******************************************************************************/
/*
2008-04-25 16:09:27 +02:00
* Données de configuration pour le support SAMBA
2008-02-12 18:59:44 +01:00
*/
2007-11-15 19:07:24 +01:00
2008-04-25 16:09:27 +02:00
// SID du domaine Samba géré
2008-02-12 18:59:44 +01:00
define ( 'LS_SAMBA_DOMAIN_SID' , 'S-1-5-21-2421470416-3566881284-3047381809' );
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
// Nombre de base pour le calcul des sambaSID Utilisateur
define ( 'LS_SAMBA_SID_BASE_USER' , 1000 );
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
// Nombre de base pour le calcul des sambaSID Groupe
define ( 'LS_SAMBA_SID_BASE_GROUP' , 1001 );
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
/*
2008-04-25 16:09:27 +02:00
* NB : C 'est deux nombres doivent être pour l' un paire et pour l ' autre impaire
* pour conserver l ' unicité des SID
2008-02-12 18:59:44 +01:00
*/
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
// Nom de l'attribut LDAP uidNumber
define ( 'LS_SAMBA_UIDNUMBER_ATTR' , 'uidNumber' );
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
// Nom de l'attribut LDAP gidNumber
define ( 'LS_SAMBA_GIDNUMBER_ATTR' , 'gidNumber' );
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
// Nom de l'attribut LDAP userPassword
define ( 'LS_SAMBA_USERPASSWORD_ATTR' , 'userPassword' );
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
// Message d'erreur
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
$GLOBALS [ 'error_code' ][ 'SAMBA_SUPPORT_01' ] = array (
2008-04-25 16:09:27 +02:00
'msg' => _ ( " SAMBA Support : la classe smHash ne peut pas être chargée. " ),
2008-02-12 18:59:44 +01:00
'level' => 'c'
);
$GLOBALS [ 'error_code' ][ 'SAMBA_SUPPORT_02' ] = array (
2008-04-25 16:09:27 +02:00
'msg' => _ ( " SAMBA Support : La constante % { const} n'est pas définie. " ),
2008-02-12 18:59:44 +01:00
'level' => 'c'
);
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
$GLOBALS [ 'error_code' ][ 'SAMBA_SUPPORT_03' ] = array (
2008-04-25 16:09:27 +02:00
'msg' => _ ( " SAMBA Support : Les constantes LS_SAMBA_SID_BASE_USER et LS_SAMBA_SID_BASE_GROUP ne doivent pas avoir la même parité pour l'unicité des sambaSID. " ),
2008-02-12 18:59:44 +01:00
'level' => 'c'
);
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
$GLOBALS [ 'error_code' ][ 'SAMBA_01' ] = array (
2008-04-25 16:09:27 +02:00
'msg' => _ ( " SAMBA Support : L'attribut % { dependency} est introuvable. Impossible de générer l'attribut % { attr}. " ),
2008-02-12 18:59:44 +01:00
'level' => 'c'
);
2007-11-15 19:07:24 +01:00
/*
2008-04-25 16:09:27 +02:00
* Fin des données de configuration
2008-02-12 18:59:44 +01:00
*/
2007-11-15 19:07:24 +01:00
/*
* Verification du support Samba par ldapSaisie
2008-02-12 18:59:44 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2008-04-25 16:09:27 +02:00
* @ retval boolean true si Samba est pleinement supporté , false sinon
2008-02-12 18:59:44 +01:00
*/
function LSaddon_samba_support () {
$retval = true ;
// Dependance de librairie
if ( ! class_exists ( 'smbHash' ) ) {
if ( ! @ include_once ( LS_LIB_DIR . 'class.smbHash.php' ) ) {
$GLOBALS [ 'LSerror' ] -> addErrorCode ( 'SAMBA_SUPPORT_O1' );
$retval = false ;
}
}
$MUST_DEFINE_CONST = array (
'LS_SAMBA_DOMAIN_SID' ,
'LS_SAMBA_SID_BASE_USER' ,
'LS_SAMBA_SID_BASE_GROUP' ,
'LS_SAMBA_UIDNUMBER_ATTR' ,
'LS_SAMBA_GIDNUMBER_ATTR' ,
'LS_SAMBA_USERPASSWORD_ATTR'
);
foreach ( $MUST_DEFINE_CONST as $const ) {
if ( constant ( $const ) == '' ) {
$GLOBALS [ 'LSerror' ] -> addErrorCode ( 'SAMBA_SUPPORT_O2' , $const );
$retval = false ;
}
}
2008-04-25 16:09:27 +02:00
// Pour l'intégrité des SID
2008-02-12 18:59:44 +01:00
if ( ( LS_SAMBA_SID_BASE_USER % 2 ) == ( LS_SAMBA_SID_BASE_GROUP % 2 ) ) {
$GLOBALS [ 'LSerror' ] -> addErrorCode ( 'SAMBA_SUPPORT_O3' );
$retval = false ;
}
return $retval ;
}
2007-11-15 19:07:24 +01:00
/*
2008-02-12 18:59:44 +01:00
* Generation de sambaSID
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
* Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER
* sambaSID = LS_SAMBA_DOMAIN_SID - Number
*
* @ param [ in ] $ldapObject L ' objet ldap
*
2008-04-25 16:09:27 +02:00
* @ retval string SambaSID ou false si il y a un problème durant la génération
2008-02-12 18:59:44 +01:00
*/
function generate_sambaSID ( $ldapObject ) {
if ( get_class ( $ldapObject -> attrs [ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) {
$GLOBALS [ 'LSerror' ] -> addErrorCode ( 'SAMBA_01' , array ( 'dependency' => LS_SAMBA_UIDNUMBER_ATTR , 'attr' => 'sambaSID' ));
return ;
}
$uidNumber = $ldapObject -> attrs [ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue () * 2 + LS_SAMBA_SID_BASE_USER ;
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber ;
return ( $sambaSID );
}
2007-11-15 19:07:24 +01:00
/*
2008-02-12 18:59:44 +01:00
* Generation de sambaPrimaryGroupSID
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
* sambaSID = LS_SAMBA_DOMAIN_SID - Number
*
* @ param [ in ] $ldapObject L ' objet ldap
*
2008-04-25 16:09:27 +02:00
* @ retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération
2008-02-12 18:59:44 +01:00
*/
function generate_sambaPrimaryGroupSID ( $ldapObject ) {
if ( get_class ( $ldapObject -> attrs [ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
$GLOBALS [ 'LSerror' ] -> addErrorCode ( 'SAMBA_02' , array ( 'dependency' => LS_SAMBA_GIDNUMBER_ATTR , 'attr' => 'sambaPrimaryGroupSID' ));
return ;
}
$gidNumber = $ldapObject -> attrs [ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue () * 2 + LS_SAMBA_SID_BASE_GROUP ;
$sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber ;
return ( $sambaPrimaryGroupSID );
}
2007-11-15 19:07:24 +01:00
/*
2008-02-12 18:59:44 +01:00
* Generation de sambaNTPassword
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
* @ param [ in ] $ldapObject L ' objet ldap
*
2008-04-25 16:09:27 +02:00
* @ retval string sambaNTPassword ou false si il y a un problème durant la génération
2008-02-12 18:59:44 +01:00
*/
function generate_sambaNTPassword ( $ldapObject ) {
2007-11-15 19:07:24 +01:00
if ( get_class ( $ldapObject -> attrs [ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
$GLOBALS [ 'LSerror' ] -> addErrorCode ( 'SAMBA_03' , array ( 'dependency' => LS_SAMBA_USERPASSWORD_ATTR , 'attr' => 'sambaNTPassword' ));
return ;
}
2008-02-12 18:59:44 +01:00
$password = $ldapObject -> attrs [ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword ();
debug ( 'pwd : ' . $password );
$sambapassword = new smbHash ;
$sambaNTPassword = $sambapassword -> nthash ( $password );
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
if ( $sambaNTPassword == '' ) {
return ;
}
return $sambaNTPassword ;
}
2007-11-15 19:07:24 +01:00
/*
2008-02-12 18:59:44 +01:00
* Generation de sambaLMPassword
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
* @ param [ in ] $ldapObject L ' objet ldap
*
2008-04-25 16:09:27 +02:00
* @ retval string sambaLMPassword ou false si il y a un problème durant la génération
2008-02-12 18:59:44 +01:00
*/
function generate_sambaLMPassword ( $ldapObject ) {
2007-11-15 19:07:24 +01:00
if ( get_class ( $ldapObject -> attrs [ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
$GLOBALS [ 'LSerror' ] -> addErrorCode ( 'SAMBA_04' , array ( 'dependency' => LS_SAMBA_USERPASSWORD_ATTR , 'attr' => 'sambaLMPassword' ));
return ;
}
2008-02-12 18:59:44 +01:00
$password = $ldapObject -> attrs [ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword ();
$sambapassword = new smbHash ;
$sambaLMPassword = $sambapassword -> lmhash ( $password );
2007-11-15 19:07:24 +01:00
2008-02-12 18:59:44 +01:00
if ( $sambaLMPassword == '' ) {
return ;
}
return $sambaLMPassword ;
}
2007-11-15 19:07:24 +01:00
?>