Ejemplo n.º 1
0
/**
* Check the username / password against the IMAP server
*/
function RIMAP_check($username, $password)
{
    global $c;
    $imap_username = $username;
    if (function_exists('mb_convert_encoding')) {
        $imap_username = mb_convert_encoding($imap_username, "UTF7-IMAP", mb_detect_encoding($imap_username));
    } else {
        $imap_username = imap_utf7_encode($imap_username);
    }
    //$imap_url = '{localhost:143/imap/notls}';
    //$imap_url = '{localhost:993/imap/ssl/novalidate-cert}';
    $imap_url = $c->authenticate_hook['config']['imap_url'];
    $auth_result = "ERR";
    $imap_stream = @imap_open($imap_url, $imap_username, $password, OP_HALFOPEN);
    //print_r(imap_errors());
    if ($imap_stream) {
        // disconnect
        imap_close($imap_stream);
        // login ok
        $auth_result = "OK";
    }
    if ($auth_result == "OK") {
        $principal = new Principal('username', $username);
        if (!$principal->Exists()) {
            dbg_error_log("PAM", "Principal '%s' doesn't exist in local DB, we need to create it", $username);
            if (strstr($username, '@')) {
                $name_arr = explode('@', $username);
                $fullname = ucfirst(strtolower($name_arr[0]));
                $email = $username;
            } else {
                $fullname = ucfirst(strtolower($username));
                $email = $username . "@" . $c->authenticate_hook['config']['email_base'];
            }
            $principal->Create(array('username' => $username, 'user_active' => true, 'email' => $email, 'fullname' => ucfirst($fullname)));
            if (!$principal->Exists()) {
                dbg_error_log("PAM", "Unable to create local principal for '%s'", $username);
                return false;
            }
            CreateHomeCollections($username);
        }
        return $principal;
    } else {
        dbg_error_log("PAM", "User %s is not a valid username (or password was wrong)", $username);
        return false;
    }
}
Ejemplo n.º 2
0
function principal_editor()
{
    global $c, $id, $can_write_principal, $session;
    $editor = new Editor(translate('Principal'), 'dav_principal');
    $editor->SetLookup('date_format_type', "SELECT 'E', 'European' UNION SELECT 'U', 'US Format' UNION SELECT 'I', 'ISO Format'");
    $editor->SetLookup('type_id', 'SELECT principal_type_id, principal_type_desc FROM principal_type ORDER BY principal_type_id');
    $editor->SetLookup('locale', 'SELECT \'\', \'' . translate("*** Default Locale ***") . '\' UNION SELECT locale, locale_name_locale FROM supported_locales ORDER BY 1 ASC');
    $editor->AddAttribute('locale', 'title', translate("The preferred language for this person."));
    $editor->AddAttribute('fullname', 'title', translate("The full name for this person, group or other type of principal."));
    $editor->SetWhere('principal_id=' . $id);
    $editor->AddField('is_admin', 'EXISTS( SELECT 1 FROM role_member WHERE role_no = 1 AND role_member.user_no = dav_principal.user_no )');
    $editor->AddAttribute('is_admin', 'title', translate('An "Administrator" user has full rights to the whole DAViCal System'));
    $post_values = false;
    if (isset($_POST['xxxxusername'])) {
        $_POST['xxxxusername'] = trim(str_replace('/', '', $_POST['xxxxusername']));
        if ($_POST['xxxxusername'] == '') {
            $c->messages[] = i18n("The username must not be blank, and may not contain a slash");
            $can_write_principal = false;
        }
    }
    if (isset($_POST['fullname']) && trim($_POST['fullname']) == '') {
        $c->messages[] = i18n("The full name must not be blank.");
        $can_write_principal = false;
    }
    if (isset($_POST['email']) && trim($_POST['email']) == '') {
        $c->messages[] = i18n("The email address really should not be blank.");
    }
    $pwstars = '@@@@@@@@@@';
    if ($can_write_principal && $editor->IsSubmit()) {
        $editor->WhereNewRecord("principal_id=(SELECT CURRVAL('dav_id_seq'))");
        if (!$session->AllowedTo('Admin')) {
            unset($_POST['admin_role']);
            unset($_POST['user_active']);
        }
        unset($_POST['password']);
        if ($_POST['newpass1'] != '' && $_POST['newpass1'] != $pwstars) {
            if ($_POST['newpass1'] == $_POST['newpass2']) {
                $_POST['password'] = $_POST['newpass1'];
            } else {
                $c->messages[] = "Password not updated. The supplied passwords do not match.";
            }
        }
        if (isset($_POST['fullname']) && !isset($_POST['displayname'])) {
            $_POST['displayname'] = $_POST['fullname'];
        }
        if (isset($_POST['default_privileges'])) {
            $privilege_bitpos = array_flip($privilege_names);
            $priv_names = array_keys($_POST['default_privileges']);
            $privs = privilege_to_bits($priv_names);
            $_POST['default_privileges'] = sprintf('%024s', decbin($privs));
            $editor->Assign('default_privileges', $privs_dec);
        }
        if ($editor->IsCreate()) {
            $c->messages[] = i18n("Creating new Principal record.");
        } else {
            $c->messages[] = i18n("Updating Principal record.");
        }
        $editor->Write();
        if ($_POST['type_id'] != 3 && $editor->IsCreate()) {
            /** We only add the default calendar if it isn't a group, and this is a create action */
            require_once 'auth-functions.php';
            CreateHomeCollections($editor->Value('username'));
        }
        if ($session->AllowedTo('Admin')) {
            if ($_POST['is_admin'] == 'on') {
                $sql = 'INSERT INTO role_member (role_no, user_no) SELECT 1, dav_principal.user_no FROM dav_principal WHERE user_no = :user_no AND NOT EXISTS(SELECT 1 FROM role_member rm WHERE rm.role_no = 1 AND rm.user_no = dav_principal.user_no )';
                $editor->Assign('is_admin', 't');
            } else {
                $sql = 'DELETE FROM role_member WHERE role_no = 1 AND user_no = :user_no';
                $editor->Assign('is_admin', 'f');
            }
            $params[':user_no'] = $editor->Value('user_no');
            $qry = new AwlQuery($sql, $params);
            $qry->Exec('admin-principal-edit');
        }
    } else {
        if (isset($id) && $id > 0) {
            $editor->GetRecord();
            if ($editor->IsSubmit()) {
                $c->messages[] = i18n('You do not have permission to modify this record.');
            }
        }
    }
    if ($editor->Available()) {
        $c->page_title = $editor->Title(translate('Principal') . ': ' . $editor->Value('fullname'));
    } else {
        $c->page_title = $editor->Title(translate('Create New Principal'));
        $privs = decbin(privilege_to_bits($c->default_privileges));
        $editor->Assign('default_privileges', $privs);
        $editor->Assign('user_active', 't');
        foreach ($c->template_usr as $k => $v) {
            $editor->Assign($k, $v);
        }
    }
    if ($post_values) {
        $editor->PostToValues();
        if (isset($_POST['default_privileges'])) {
            $privilege_bitpos = array_flip($privilege_names);
            $priv_names = array_keys($_POST['default_privileges']);
            $privs = privilege_to_bits($priv_names);
            $_POST['default_privileges'] = sprintf('%024s', decbin($privs));
            $editor->Assign('default_privileges', $_POST['default_privileges']);
        }
    }
    $prompt_principal_id = translate('Principal ID');
    $value_id = $editor->Available() ? '##principal_id.hidden####principal_id.value##' : translate('New Principal');
    $prompt_username = translate('Username');
    $prompt_password_1 = translate('Change Password');
    $prompt_password_2 = translate('Confirm Password');
    $prompt_fullname = translate('Fullname');
    $prompt_displayname = translate('Display Name');
    $prompt_email = translate('Email Address');
    $prompt_date_format = translate('Date Format Style');
    $prompt_admin = translate('Administrator');
    $prompt_active = translate('Active');
    $prompt_locale = translate('Locale');
    $prompt_type = translate('Principal Type');
    $prompt_privileges = translate('Privileges granted to All Users');
    $privs_html = build_privileges_html($editor, 'default_privileges');
    $admin_row_entry = '';
    $delete_principal_button = '';
    if ($session->AllowedTo('Admin')) {
        $admin_row_entry = ' <tr> <th class="right">' . $prompt_admin . ':</th><td class="left">##is_admin.checkbox##</td> </tr>';
        $admin_row_entry .= ' <tr> <th class="right">' . $prompt_active . ':</th><td class="left">##user_active.checkbox##</td> </tr>';
        if (isset($id)) {
            $delete_principal_button = '<a href="' . $c->base_url . '/admin.php?action=edit&t=principal&subaction=delete_principal&id=' . $id . '" class="submit">' . translate("Delete Principal") . '</a>';
        }
    }
    $id = $editor->Value('principal_id');
    $template = <<<EOTEMPLATE
##form##
<script language="javascript">
function toggle_privileges() {
  var argv = toggle_privileges.arguments;
  var argc = argv.length;

  if ( argc < 2 ) {
    return;
  }
  var match_me = argv[0];

  var set_to = -1;
  if ( argv[1] == 'all' ) {
    var form = document.getElementById(argv[2]);
    var fieldcount = form.elements.length;
    var matching = '/^' + match_me + '/';
    for (var i = 0; i < fieldcount; i++) {
      var fieldname = form.elements[i].name;
      if ( fieldname.match( match_me ) ) {
        if ( set_to == -1 ) {
          set_to = ( form.elements[i].checked ? 0 : 1 );
        }
        form.elements[i].checked = set_to;
      }
    }
  }
  else {
    for (var i = 1; i < argc; i++) {
      var f = document.getElementById( match_me + '_' + argv[i]);
      if ( set_to == -1 ) {
        set_to = ( f.checked ? 0 : 1 );
      }
      f.checked = set_to;
    }
  }
}
</script>
<style>
th.right, label.privilege {
  white-space:nowrap;
}
label.privilege {
  margin:0.2em 1em 0.2em 0.1em;
  padding:0 0.2em;
  line-height:1.6em;
  font-size:87%;
}
</style>
<table>
 <tr> <th class="right">{$prompt_principal_id}:</th><td class="left">
  <table width="100%" class="form_inner"><tr>
   <td>{$value_id}</td>
   <td align="right">{$delete_principal_button}</td>
  </tr></table>
 </td></tr>
 <tr> <th class="right">{$prompt_username}:</th>    <td class="left">##xxxxusername.input.50##</td> </tr>
 <tr> <th class="right">{$prompt_password_1}:</th>  <td class="left">##newpass1.password.{$pwstars}##</td> </tr>
 <tr> <th class="right">{$prompt_password_2}:</th>  <td class="left">##newpass2.password.{$pwstars}##</td> </tr>
 <tr> <th class="right">{$prompt_fullname}:</th>    <td class="left">##fullname.input.50##</td> </tr>
 <tr> <th class="right">{$prompt_email}:</th>       <td class="left">##email.input.50##</td> </tr>
 <tr> <th class="right">{$prompt_locale}:</th>      <td class="left">##locale.select##</td> </tr>
 <tr> <th class="right">{$prompt_date_format}:</th> <td class="left">##date_format_type.select##</td> </tr>
 <tr> <th class="right">{$prompt_type}:</th>        <td class="left">##type_id.select##</td> </tr>
 {$admin_row_entry}
 <tr> <th class="right" style="white-space:normal;">{$prompt_privileges}:</th><td class="left">{$privs_html}</td> </tr>
 <tr> <th class="right"></th>                   <td class="left" colspan="2">##submit##</td> </tr>
</table>
</form>
EOTEMPLATE;
    $editor->SetTemplate($template);
    return $editor;
}
Ejemplo n.º 3
0
/**
* Authenticate against a different PostgreSQL database which contains a usr table in
* the AWL format.
*
* Use this as in the following example config snippet:
*
* require_once('auth-functions.php');
*  $c->authenticate_hook = array(
*      'call'   => 'AuthExternalAwl',
*      'config' => array(
*           // A PgSQL database connection string for the database containing user records
*          'connection[]' => 'dbname=wrms host=otherhost port=5433 user=general',
*           // Which columns should be fetched from the database
*          'columns'    => "user_no, active, email_ok, joined, last_update AS updated, last_used, username, password, fullname, email",
*           // a WHERE clause to limit the records returned.
*          'where'    => "active AND org_code=7"
*      )
*  );
*
*/
function AuthExternalAWL($username, $password)
{
    global $c;
    $persistent = isset($c->authenticate_hook['config']['use_persistent']) && $c->authenticate_hook['config']['use_persistent'];
    if (isset($c->authenticate_hook['config']['columns'])) {
        $cols = $c->authenticate_hook['config']['columns'];
    } else {
        $cols = '*';
    }
    if (isset($c->authenticate_hook['config']['where'])) {
        $andwhere = ' AND ' . $c->authenticate_hook['config']['where'];
    } else {
        $andwhere = '';
    }
    $qry = new AwlQuery('SELECT ' . $cols . ' FROM usr WHERE lower(username) = :username ' . $andwhere, array(':username' => strtolower($username)));
    $authconn = $qry->SetConnection($c->authenticate_hook['config']['connection'], $persistent ? array(PDO::ATTR_PERSISTENT => true) : null);
    if (!$authconn) {
        echo <<<EOERRMSG
  <html><head><title>Database Connection Failure</title></head><body>
  <h1>Database Error</h1>
  <h3>Could not connect to PostgreSQL database</h3>
  </body>
  </html>
EOERRMSG;
        @ob_flush();
        exit(1);
    }
    if ($qry->Exec('Login', __LINE__, __FILE__) && $qry->rows() == 1) {
        $usr = $qry->Fetch();
        if (session_validate_password($password, $usr->password)) {
            $principal = new Principal('username', $username);
            if ($principal->Exists()) {
                if ($principal->modified <= $usr->updated) {
                    $principal->Update($usr);
                }
            } else {
                $principal->Create($usr);
                CreateHomeCollections($username);
            }
            /**
             * We disallow login by inactive users _after_ we have updated the local copy
             */
            if (isset($usr->active) && $usr->active == 'f') {
                return false;
            }
            return $principal;
        }
    }
    return false;
}
Ejemplo n.º 4
0
/**
* Synchronise a cached user with one from LDAP
* @param object $principal A Principal object to be updated (or created)
*/
function sync_user_from_LDAP(Principal &$principal, $mapping, $ldap_values)
{
    global $c;
    dbg_error_log("LDAP", "Going to sync the user from LDAP");
    $fields_to_set = array();
    $updateable_fields = Principal::updateableFields();
    foreach ($updateable_fields as $field) {
        if (isset($mapping[$field])) {
            $tab_part_fields = explode(',', $mapping[$field]);
            foreach ($tab_part_fields as $part_field) {
                if (isset($ldap_values[$part_field])) {
                    if (isset($fields_to_set[$field])) {
                        $fields_to_set[$field] .= ' ' . $ldap_values[$part_field];
                    } else {
                        $fields_to_set[$field] = $ldap_values[$part_field];
                    }
                }
            }
            dbg_error_log("LDAP", "Setting usr->%s to %s from LDAP field %s", $field, $fields_to_set[$field], $mapping[$field]);
        } else {
            if (isset($c->authenticate_hook['config']['default_value']) && is_array($c->authenticate_hook['config']['default_value']) && isset($c->authenticate_hook['config']['default_value'][$field])) {
                $fields_to_set[$field] = $c->authenticate_hook['config']['default_value'][$field];
                dbg_error_log("LDAP", "Setting usr->%s to %s from configured defaults", $field, $c->authenticate_hook['config']['default_value'][$field]);
            }
        }
    }
    if ($principal->Exists()) {
        $principal->Update($fields_to_set);
    } else {
        $principal->Create($fields_to_set);
        CreateHomeCollections($principal->username());
        CreateDefaultRelationships($principal->username());
    }
}