Xnyo - Sources for file plugins/auth/activedirectory.php in version 4.0 Beta 1

Sources for file plugins/auth/activedirectory.php in version 4.0 Beta 1

Click on a comment to hide it. Click here to show all comments.


/**
 * Project:     Xnyo 4: Bubbles
 * File:        plugins/class/activedirectory.php
 *
 * Version:     4.0-dev
 * SVN Id:      $Id: activedirectory.php 5 2007-05-18 03:49:07Z bok $
 * SVN URL:     $HeadURL:
http://svn.syd.wholesalebroadband.com.au/xnyo/trunk/plugins/auth/activedirectory.php $
 * Authors:     Robert Amos <bok[at]odynia.org>
 *
 * Copyright (c) 2001-2007 Robert Amos <bok[at]odynia.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
**/

class XnyoAuthActiveDirectory implements XnyoAuthPlugin
{
    // Plugin Information
    public $_plugin_info = array
    (
        'name' => 'Xnyo Active Directory Authentication Plugin',
        'description' => 'Authenticates against an Active Directory domain controller',
        'action' => XNYO_PLUGIN_ACTION_RETURN
    );

    // Resource
    private $resource;
    private $xnyo;
    
    /**
     * Constructor
    **/
    public function __construct ()
    {
        $this->xnyo = $GLOBALS['xnyo_parent'];
    }

    /**
     * Login
    **/
    public function login ($user, $pass, $domain)
    {
        // check we have the ldap stuff available
        if (!function_exists('ldap_connect'))
            throw new XnyoError('The Active Directory authentication plugin requires LDAP to be installed.
Please see http://php.net/ldap');

        // check the parameters
        if (!isset($this->xnyo->session->params['server']) ||
!isset($this->xnyo->session->params['basedn']))
            throw new XnyoError('Unable to authenticate against an Active Directory DC because no server or
basedn were specified. Please set $xnyo->session->params[\'server\'] and
$xnyo->session->params[\'basedn\']');

        // no domain?
        if (is_null($domain))
        {
            if (preg_match('/^(.*?)\/(.*?)$/', $user, $m))
                $unc = $m[2].'@'.$m[1];
            elseif (!preg_match('/^.*?@.*?$/', $user))
                throw new XnyoError('No domain specified. Please either supply the domain via the domain
variable to Xnyo::login, or a username in the form DOMAIN\username or username@domain');
        } else
            $unc = $user.'@'.$domain;

        // open a connection to the server
        if (XNYO_DEBUG) $this->xnyo->d('Connecting to LDAP Server <b>%s</b>',
$this->xnyo->session->params['server']);
        $this->resource = @ldap_connect($this->xnyo->session->params['server']);

        // error?
        if (!$this->resource)
            throw new XnyoError('Connection to the LDAP server <b>%s</b> failed.',
$this->xnyo->session->params['server']);

        // bind as our user
        if (XNYO_DEBUG) $this->xnyo->d('Connected successfully. Binding as user <b>%s</b>.', $unc);
        if (!@ldap_bind($this->resource, $unc, $pass))
            throw new XnyoClient($this->xnyo->session->errors['access_denied']);

        // setup details
        $this->d = new stdClass;
        $this->d->username = $user;
        $this->d->unc = $unc;

        // find our groups
        $this->d->groups = $this->search('userPrincipalName=*'.$this->d->username.'*');
        if (XNYO_DEBUG) $this->xnyo->d('Authenticated successfully against Active Directory Domain as user
<b>%s</b>', $unc);
        return $this->d;
    }

    /**
     * Find all groups that our user belongs in
    **/
    private function search ($find, $recursive=false)
    {
        // perform the search
        $res = ldap_search($this->resource, $this->xnyo->session->params['basedn'], $find);

        // no matches?
        $m = ldap_count_entries($this->resource, $res);
        if (!$m)
            return false;

        // first record only please
        $m = ldap_get_entries($this->resource, $res);
        $m = $m[0];

        // is this their person record?
        if (!$recursive && preg_match('/CN=Person/i', $m['objectcategory'][0]))
        {
            $this->d->loginname = $m['name'][0];
            $this->d->email = $m['mail'][0];
            $this->d->extension = $m['ipphone'][0];
            $this->d->department = $m['department'][0];
        }

        // loop through and pull out all their membership details
        $groups = array();
        if (isset($m['memberof']) && is_array($m['memberof']))
        {
            foreach ($m['memberof'] as $v)
                if (preg_match('/CN=([^,]*?),/i', $v, $k))
                {
                    $groups[] = $k[1];
                    $mg = $this->search('name=*'.preg_replace('/\s\(.*?\)/', '', $k[1]).'*', true);
                    if (is_array($mg))
                        foreach ($mg as $l)
                            $groups[] = $l;
                }
        }

        return $groups;
    }
}