mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-06-02 02:25:09 +02:00
a8e2ecc343
It's permit to be sure to translate message in the right user language, even if its context isn't loaded at error emission time.
413 lines
12 KiB
PHP
413 lines
12 KiB
PHP
<?php
|
|
/*******************************************************************************
|
|
* Copyright (C) 2007 Easter-eggs
|
|
* http://ldapsaisie.labs.libre-entreprise.org
|
|
*
|
|
* Author: See AUTHORS file in top-level directory.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License version 2
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
******************************************************************************/
|
|
|
|
// Messages d'erreur
|
|
|
|
// Support
|
|
LSerror :: defineError('SAMBA_SUPPORT_01',
|
|
___("SAMBA Support : Unable to load smbHash class.")
|
|
);
|
|
LSerror :: defineError('SAMBA_SUPPORT_02',
|
|
___("SAMBA Support : The constant %{const} is not defined.")
|
|
);
|
|
|
|
LSerror :: defineError('SAMBA_SUPPORT_03',
|
|
___("SAMBA Support : The constants LS_SAMBA_SID_BASE_USER and LS_SAMBA_SID_BASE_GROUP must'nt have the same parity to keep SambaSID's unicity.")
|
|
);
|
|
|
|
// Autres erreurs
|
|
LSerror :: defineError('SAMBA_01',
|
|
___("SAMBA Support : The attribute %{dependency} is missing. Unable to forge the attribute %{attr}.")
|
|
);
|
|
LSerror :: defineError('SAMBA_02',
|
|
___("SAMBA Support : Can't get the sambaDomain object.")
|
|
);
|
|
LSerror :: defineError('SAMBA_03',
|
|
___("SAMBA Support : Error modifying the sambaDomain object.")
|
|
);
|
|
LSerror :: defineError('SAMBA_04',
|
|
___("SAMBA Support : The %{attr} of the sambaDomain object is incorrect.")
|
|
);
|
|
|
|
// CONSTANTES
|
|
|
|
// Le temps infini au sens NT
|
|
define('LS_SAMBA_INFINITY_TIME',2147483647);
|
|
|
|
/**
|
|
* Verification du support Samba par ldapSaisie
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval boolean true si Samba est pleinement supporté, false sinon
|
|
*/
|
|
function LSaddon_samba_support() {
|
|
|
|
$retval=true;
|
|
|
|
// Dependance de librairie
|
|
if ( !class_exists('smbHash') ) {
|
|
if ( !LSsession::includeFile(LS_LIB_DIR . 'class.smbHash.php') ) {
|
|
LSerror :: addErrorCode('SAMBA_SUPPORT_01');
|
|
$retval=false;
|
|
}
|
|
}
|
|
|
|
|
|
$MUST_DEFINE_CONST= array(
|
|
'LS_SAMBA_DOMAIN_SID',
|
|
'LS_SAMBA_DOMAIN_NAME',
|
|
'LS_SAMBA_HOME_PATH_FORMAT',
|
|
'LS_SAMBA_PROFILE_PATH_FORMAT',
|
|
'LS_SAMBA_DOMAIN_OBJECT_DN',
|
|
'LS_SAMBA_SID_BASE_USER',
|
|
'LS_SAMBA_SID_BASE_GROUP',
|
|
'LS_SAMBA_UIDNUMBER_ATTR',
|
|
'LS_SAMBA_GIDNUMBER_ATTR',
|
|
'LS_SAMBA_USERPASSWORD_ATTR'
|
|
);
|
|
|
|
foreach($MUST_DEFINE_CONST as $const) {
|
|
if ( (!defined($const)) || (constant($const) == "")) {
|
|
LSerror :: addErrorCode('SAMBA_SUPPORT_02',$const);
|
|
$retval=false;
|
|
}
|
|
}
|
|
|
|
// Pour l'intégrité des SID
|
|
if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) {
|
|
LSerror :: addErrorCode('SAMBA_SUPPORT_03');
|
|
$retval=false;
|
|
}
|
|
|
|
return $retval;
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaSID d'un utilisateur
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER
|
|
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string SambaSID ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaUserSID($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID'));
|
|
return;
|
|
}
|
|
|
|
$uidnumber_attr_val = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue();
|
|
$uidnumber_attr_val = $uidnumber_attr_val[0];
|
|
$uidNumber = $uidnumber_attr_val * 2 + LS_SAMBA_SID_BASE_USER;
|
|
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber;
|
|
|
|
return ($sambaSID);
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaSID d'un groupe
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
|
|
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string SambaSID ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaGroupSID($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaSID'));
|
|
return;
|
|
}
|
|
|
|
$gidnumber_attr_val = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue();
|
|
$gidnumber_attr_val = $gidnumber_attr_val[0];
|
|
$gidNumber = $gidnumber_attr_val * 2 + LS_SAMBA_SID_BASE_GROUP;
|
|
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
|
|
|
|
return ($sambaSID);
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaPrimaryGroupSID
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
|
|
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaPrimaryGroupSID($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID'));
|
|
return;
|
|
}
|
|
|
|
$gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue();
|
|
$gidNumber = $gidNumber[0] * 2 + LS_SAMBA_SID_BASE_GROUP;
|
|
$sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
|
|
|
|
return ($sambaPrimaryGroupSID);
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaNTPassword
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string sambaNTPassword ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaNTPassword($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaNTPassword'));
|
|
return;
|
|
}
|
|
|
|
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
|
$sambapassword = new smbHash;
|
|
$sambaNTPassword = $sambapassword -> nthash($password);
|
|
|
|
if($sambaNTPassword == '') {
|
|
return;
|
|
}
|
|
return $sambaNTPassword;
|
|
}
|
|
|
|
/**
|
|
* Generation de sambaLMPassword
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string sambaLMPassword ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_sambaLMPassword($ldapObject) {
|
|
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
|
|
LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaLMPassword'));
|
|
return;
|
|
}
|
|
|
|
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
|
$sambapassword = new smbHash;
|
|
$sambaLMPassword = $sambapassword -> lmhash($password);
|
|
|
|
if($sambaLMPassword == '') {
|
|
return;
|
|
}
|
|
return $sambaLMPassword;
|
|
}
|
|
|
|
/**
|
|
* Generation de uidNumber en utilisant l'objet sambaDomain
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval integer uidNumber ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_uidNumber_withSambaDomainObject($ldapObject) {
|
|
$sambaDomain = LSldap :: getLdapEntry ( LS_SAMBA_DOMAIN_OBJECT_DN );
|
|
if ($sambaDomain === false) {
|
|
LSerror :: addErrorCode('SAMBA_02');
|
|
return;
|
|
}
|
|
|
|
$uidNumber = $sambaDomain->getValue('uidNumber','single');
|
|
if (Net_LDAP2::isError($uidNumber) || $uidNumber==0) {
|
|
LSerror :: addErrorCode('SAMBA_04','uidNumber');
|
|
return;
|
|
}
|
|
|
|
$sambaDomain->replace(array('uidNumber' => ($uidNumber+1)));
|
|
$res = $sambaDomain->update();
|
|
if(!Net_LDAP2::isError($res)) {
|
|
return $uidNumber;
|
|
}
|
|
else {
|
|
LSerror :: addErrorCode('SAMBA_03');
|
|
return;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Generation de gidNumber en utilisant l'objet sambaDomain
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval integer gidNumber ou false si il y a un problème durant la génération
|
|
*/
|
|
function generate_gidNumber_withSambaDomainObject($ldapObject) {
|
|
$sambaDomain = LSldap :: getLdapEntry ( LS_SAMBA_DOMAIN_OBJECT_DN );
|
|
if ($sambaDomain === false) {
|
|
LSerror :: addErrorCode('SAMBA_02');
|
|
return;
|
|
}
|
|
|
|
$gidNumber = $sambaDomain->getValue('gidNumber','single');
|
|
if (Net_LDAP2::isError($gidNumber) || $gidNumber==0) {
|
|
LSerror :: addErrorCode('SAMBA_04','gidNumber');
|
|
return;
|
|
}
|
|
|
|
$sambaDomain->replace(array('gidNumber' => ($gidNumber+1)));
|
|
$res = $sambaDomain->update();
|
|
if(!Net_LDAP2::isError($res)) {
|
|
return $gidNumber;
|
|
}
|
|
else {
|
|
LSerror :: addErrorCode('SAMBA_03');
|
|
return;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Retourne le temps infini au sens NT
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval integer le temps infinie au sens NT
|
|
*/
|
|
function return_sambaInfinityTime($ldapObject) {
|
|
return LS_SAMBA_INFINITY_TIME;
|
|
}
|
|
|
|
/**
|
|
* Generation de l'attribut sambaPwdLastSet
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @param[in] $ldapObject L'objet ldap
|
|
*
|
|
* @retval string sambaPwdLastSet
|
|
*/
|
|
function generate_sambaPwdLastSet($ldapObject) {
|
|
return time();
|
|
}
|
|
|
|
/**
|
|
* Generation du sambaDomainName
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string Le sambaDomainName
|
|
*/
|
|
function generate_sambaDomainName($ldapObject) {
|
|
return LS_SAMBA_DOMAIN_NAME;
|
|
}
|
|
|
|
/**
|
|
* Generation du sambaHomePath
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string Le sambaHomePath
|
|
*/
|
|
function generate_sambaHomePath($ldapObject) {
|
|
return $ldapObject -> getFData(LS_SAMBA_HOME_PATH_FORMAT);
|
|
}
|
|
|
|
/**
|
|
* Generation du sambaProfilePath
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string Le sambaProfilePath
|
|
*/
|
|
function generate_sambaProfilePath($ldapObject) {
|
|
return $ldapObject -> getFData(LS_SAMBA_PROFILE_PATH_FORMAT);
|
|
}
|
|
|
|
/**
|
|
* Generation de l'attribut shadowExpire à partir de
|
|
* l'attribut sambaPwdMustChange
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string La valeur de shadowExpire
|
|
*/
|
|
function generate_shadowExpire_from_sambaPwdMustChange($ldapObject) {
|
|
$time=$ldapObject -> getValue('sambaPwdMustChange');
|
|
if (!empty($time)) {
|
|
$time=(int)$time[0];
|
|
return (string)round($time/86400);
|
|
}
|
|
return '';
|
|
}
|
|
|
|
/**
|
|
* Generation d'un timestamp a partir de l'attribut shadowExpire
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string Timestamp correspant à shadowExpire
|
|
*/
|
|
function generate_timestamp_from_shadowExpire($ldapObject) {
|
|
$days=$ldapObject -> getValue('shadowExpire');
|
|
if (!empty($days)) {
|
|
$days=(int)$days[0];
|
|
return (string)($days*86400);
|
|
}
|
|
return '';
|
|
}
|
|
|
|
/**
|
|
* Generation de l'attribut sambaPwdMustChange a partir de
|
|
* l'attribut shadowExpire
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string La valeur de sambaPwdMustChange
|
|
*/
|
|
function generate_sambaPwdMustChange_from_shadowExpire($ldapObject) {
|
|
return generate_timestamp_from_shadowExpire($ldapObject);
|
|
}
|
|
|
|
/**
|
|
* Generation de l'attribut sambaKickoffTime a partir de
|
|
* l'attribut shadowExpire
|
|
*
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
*
|
|
* @retval string La valeur de sambaKickoffTime
|
|
*/
|
|
function generate_sambaKickoffTime_from_shadowExpire($ldapObject) {
|
|
return generate_timestamp_from_shadowExpire($ldapObject);
|
|
}
|