mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-11-24 10:59:07 +01:00
413 lines
12 KiB
PHP
413 lines
12 KiB
PHP
<?php
|
|
/*******************************************************************************
|
|
* Copyright (C) 2007 Easter-eggs
|
|
* http://ldapsaisie.labs.libre-entreprise.org
|
|
*
|
|
* Author: See AUTHORS file in top-level directory.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License version 2
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
******************************************************************************/
|
|
|
|
// Messages d'erreur
|
|
|
|
// Support
|
|
LSerror :: defineError('SAMBA_SUPPORT_01',
|
|
_("SAMBA Support : Unable to load smbHash class.")
|
|
);
|
|
LSerror :: defineError('SAMBA_SUPPORT_02',
|
|
_("SAMBA Support : The constant %{const} is not defined.")
|
|
);
|
|
|
|
LSerror :: defineError('SAMBA_SUPPORT_03',
|
|
_("SAMBA Support : The constants LS_SAMBA_SID_BASE_USER and LS_SAMBA_SID_BASE_GROUP must'nt have the same parity to keep SambaSID's unicity.")
|
|
);
|
|
|
|
// Autres erreurs
|
|
LSerror :: defineError('SAMBA_01',
|
|
_("SAMBA Support : The attribute %{dependency} is missing. Unable to forge the attribute %{attr}.")
|
|
);
|
|
LSerror :: defineError('SAMBA_02',
|
|
_("SAMBA Support : Can't get the sambaDomain object.")
|
|
);
|
|
LSerror :: defineError('SAMBA_03',
|
|
_("SAMBA Support : Error modifying the sambaDomain object.")
|
|
);
|
|
LSerror :: defineError('SAMBA_04',
|
|
_("SAMBA Support : The %{attr} of the sambaDomain object is incorrect.")
|
|
);
|
|
|
|
// CONSTANTES
|
|
|
|
// Le temps infini au sens NT
|
|
define('LS_SAMBA_INFINITY_TIME',2147483647);
|
|
|
|
/**
|
|
* Verification du support Samba par ldapSaisie
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval boolean true si Samba est pleinement supporté, false sinon
|
|
*/
|
|
function LSaddon_samba_support() {
|
|
|
|
$retval=true;
|
|
|
|
// Dependance de librairie
|
|
if ( !class_exists('smbHash') ) {
|
|
if ( !LSsession::includeFile(LS_LIB_DIR . 'class.smbHash.php') ) {
|
|
LSerror :: addErrorCode('SAMBA_SUPPORT_01');
|
|
$retval=false;
|
|
}
|
|
}
|
|
|
|
|
|
$MUST_DEFINE_CONST= array(
|
|
'LS_SAMBA_DOMAIN_SID',
|
|
'LS_SAMBA_DOMAIN_NAME',
|
|
'LS_SAMBA_HOME_PATH_FORMAT',
|
|
'LS_SAMBA_PROFILE_PATH_FORMAT',
|
|
'LS_SAMBA_DOMAIN_OBJECT_DN',
|
|
'LS_SAMBA_SID_BASE_USER',
|
|
'LS_SAMBA_SID_BASE_GROUP',
|
|
'LS_SAMBA_UIDNUMBER_ATTR',
|
|
'LS_SAMBA_GIDNUMBER_ATTR',
|
|
'LS_SAMBA_USERPASSWORD_ATTR'
|
|
);
|
|
|
|
foreach($MUST_DEFINE_CONST as $const) {
|
|
if ( (!defined($const)) || (constant($const) == "")) {
|
|
LSerror :: addErrorCode('SAMBA_SUPPORT_02',$const);
|
|
$retval=false;
|
|
}
|
|
}
|
|
|
|
// Pour l'intégrité des SID
|
|
if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) {
|
|
LSerror :: addErrorCode('SAMBA_SUPPORT_03');
|
|
$retval=false;
|
|
}
|
|
|
|
return $retval;
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaSID d'un utilisateur
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER
|
|
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string SambaSID ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaUserSID($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID'));
|
|
return;
|
|
}
|
|
|
|
$uidnumber_attr_val = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue();
|
|
$uidnumber_attr_val = $uidnumber_attr_val[0];
|
|
$uidNumber = $uidnumber_attr_val * 2 + LS_SAMBA_SID_BASE_USER;
|
|
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber;
|
|
|
|
return ($sambaSID);
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaSID d'un groupe
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
|
|
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string SambaSID ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaGroupSID($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaSID'));
|
|
return;
|
|
}
|
|
|
|
$gidnumber_attr_val = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue();
|
|
$gidnumber_attr_val = $gidnumber_attr_val[0];
|
|
$gidNumber = $gidnumber_attr_val * 2 + LS_SAMBA_SID_BASE_GROUP;
|
|
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
|
|
|
|
return ($sambaSID);
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaPrimaryGroupSID
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
|
|
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaPrimaryGroupSID($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID'));
|
|
return;
|
|
}
|
|
|
|
$gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue();
|
|
$gidNumber = $gidNumber[0] * 2 + LS_SAMBA_SID_BASE_GROUP;
|
|
$sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
|
|
|
|
return ($sambaPrimaryGroupSID);
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaNTPassword
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string sambaNTPassword ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaNTPassword($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaNTPassword'));
|
|
return;
|
|
}
|
|
|
|
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
|
$sambapassword = new smbHash;
|
|
$sambaNTPassword = $sambapassword -> nthash($password);
|
|
|
|
if($sambaNTPassword == '') {
|
|
return;
|
|
}
|
|
return $sambaNTPassword;
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaLMPassword
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string sambaLMPassword ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaLMPassword($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaLMPassword'));
|
|
return;
|
|
}
|
|
|
|
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
|
$sambapassword = new smbHash;
|
|
$sambaLMPassword = $sambapassword -> lmhash($password);
|
|
|
|
if($sambaLMPassword == '') {
|
|
return;
|
|
}
|
|
return $sambaLMPassword;
|
|
}
|
|
|
|
/**
|
|
* Generation de uidNumber en utilisant l'objet sambaDomain
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval integer uidNumber ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_uidNumber_withSambaDomainObject($ldapObject) {
|
|
$sambaDomain = LSldap :: getLdapEntry ( LS_SAMBA_DOMAIN_OBJECT_DN );
|
|
if ($sambaDomain === false) {
|
|
LSerror :: addErrorCode('SAMBA_02');
|
|
return;
|
|
}
|
|
|
|
$uidNumber = $sambaDomain->getValue('uidNumber','single');
|
|
if (Net_LDAP2::isError($uidNumber) || $uidNumber==0) {
|
|
LSerror :: addErrorCode('SAMBA_04','uidNumber');
|
|
return;
|
|
}
|
|
|
|
$sambaDomain->replace(array('uidNumber' => ($uidNumber+1)));
|
|
$res = $sambaDomain->update();
|
|
if(!Net_LDAP2::isError($res)) {
|
|
return $uidNumber;
|
|
}
|
|
else {
|
|
LSerror :: addErrorCode('SAMBA_03');
|
|
return;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Generation de gidNumber en utilisant l'objet sambaDomain
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval integer gidNumber ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_gidNumber_withSambaDomainObject($ldapObject) {
|
|
$sambaDomain = LSldap :: getLdapEntry ( LS_SAMBA_DOMAIN_OBJECT_DN );
|
|
if ($sambaDomain === false) {
|
|
LSerror :: addErrorCode('SAMBA_02');
|
|
return;
|
|
}
|
|
|
|
$gidNumber = $sambaDomain->getValue('gidNumber','single');
|
|
if (Net_LDAP2::isError($gidNumber) || $gidNumber==0) {
|
|
LSerror :: addErrorCode('SAMBA_04','gidNumber');
|
|
return;
|
|
}
|
|
|
|
$sambaDomain->replace(array('gidNumber' => ($gidNumber+1)));
|
|
$res = $sambaDomain->update();
|
|
if(!Net_LDAP2::isError($res)) {
|
|
return $gidNumber;
|
|
}
|
|
else {
|
|
LSerror :: addErrorCode('SAMBA_03');
|
|
return;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Retourne le temps infini au sens NT
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval integer le temps infinie au sens NT
|
|
*/
|
|
function return_sambaInfinityTime($ldapObject) {
|
|
return LS_SAMBA_INFINITY_TIME;
|
|
}
|
|
|
|
/**
|
|
* Generation de l'attribut sambaPwdLastSet
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string sambaPwdLastSet
|
|
*/
|
|
function generate_sambaPwdLastSet($ldapObject) {
|
|
return time();
|
|
}
|
|
|
|
/**
|
|
* Generation du sambaDomainName
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string Le sambaDomainName
|
|
*/
|
|
function generate_sambaDomainName($ldapObject) {
|
|
return LS_SAMBA_DOMAIN_NAME;
|
|
}
|
|
|
|
/**
|
|
* Generation du sambaHomePath
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string Le sambaHomePath
|
|
*/
|
|
function generate_sambaHomePath($ldapObject) {
|
|
return $ldapObject -> getFData(LS_SAMBA_HOME_PATH_FORMAT);
|
|
}
|
|
|
|
/**
|
|
* Generation du sambaProfilePath
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string Le sambaProfilePath
|
|
*/
|
|
function generate_sambaProfilePath($ldapObject) {
|
|
return $ldapObject -> getFData(LS_SAMBA_PROFILE_PATH_FORMAT);
|
|
}
|
|
|
|
/**
|
|
* Generation de l'attribut shadowExpire à partir de
|
|
* l'attribut sambaPwdMustChange
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string La valeur de shadowExpire
|
|
*/
|
|
function generate_shadowExpire_from_sambaPwdMustChange($ldapObject) {
|
|
$time=$ldapObject -> getValue('sambaPwdMustChange');
|
|
if (!empty($time)) {
|
|
$time=(int)$time[0];
|
|
return (string)round($time/86400);
|
|
}
|
|
return '';
|
|
}
|
|
|
|
/**
|
|
* Generation d'un timestamp a partir de l'attribut shadowExpire
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string Timestamp correspant à shadowExpire
|
|
*/
|
|
function generate_timestamp_from_shadowExpire($ldapObject) {
|
|
$days=$ldapObject -> getValue('shadowExpire');
|
|
if (!empty($days)) {
|
|
$days=(int)$days[0];
|
|
return (string)($days*86400);
|
|
}
|
|
return '';
|
|
}
|
|
|
|
/**
|
|
* Generation de l'attribut sambaPwdMustChange a partir de
|
|
* l'attribut shadowExpire
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string La valeur de sambaPwdMustChange
|
|
*/
|
|
function generate_sambaPwdMustChange_from_shadowExpire($ldapObject) {
|
|
return generate_timestamp_from_shadowExpire($ldapObject);
|
|
}
|
|
|
|
/**
|
|
* Generation de l'attribut sambaKickoffTime a partir de
|
|
* l'attribut shadowExpire
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string La valeur de sambaKickoffTime
|
|
*/
|
|
function generate_sambaKickoffTime_from_shadowExpire($ldapObject) {
|
|
return generate_timestamp_from_shadowExpire($ldapObject);
|
|
}
|
|
|