public function authenticate(&$uname, $password, &$response)
{
$result = FALSE;
if (preg_match($this->_prefs['usernameRegexp'], strtolower($uname), $pieces)) {
$q = $this->_db->DBReadLocalUser($uname);
if ($q) {
if (md5($password) == $q[0]['password']) {
$response = array('uid' => $q[0]['username'], 'mail' => $q[0]['mail'], 'cn' => $q[0]['displayname'], 'displayName' => $q[0]['displayname'], 'organization' => $q[0]['organization']);
$result = TRUE;
} else {
$result = FALSE;
}
} else {
$result = FALSE;
}
// Chain to the super class for any further properties to be added
// to the $response array:
parent::authenticate($uname, $password, $response);
}
return $result;
}
public function Tryauthenticate($uname, $password, &$response)
{
global $smarty;
// The username should not be their email address.
// So remove everything after any @ sign.
$uname = preg_replace('/@.*$/', '', $uname);
$uname = preg_replace('/^.*\\\\/', '', $uname);
// Bind to one of our LDAP servers:
foreach ($this->_ldapServers as $ldapServer) {
if ($this->_ldapUseSSL) {
$ldapServer = "ldaps://" . $ldapServer;
}
if ($ldapConn = ldap_connect($ldapServer)) {
// Unfortunately ldap_connect() doesn't actually send any packets,
// so it will pretty much always succeed even if the server's not
// there.
// So if the ldap_bind() fails, I have to fail quietly. :-(
// Set the protocol to 3 only:
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0);
// Connection made, now attempt to bind:
if ($ldapBind = @ldap_bind($ldapConn, $this->_ldapBindUser, $this->_ldapBindPass)) {
break;
} else {
// Failed to bind. If the error was 'Can't contact LDAP server'
// then fail quietly and try the next server, else complain.
$ldaperror = ldap_error($ldapConn);
if (!preg_match('/can[not\']* *contact *ldap *server/i', $ldaperror)) {
NSSError("Connected to {$ldapServer} but could not bind, it said {$ldaperror}");
}
}
}
}
if ($ldapBind) {
if (!is_array($this->_ldapBase)) {
$this->_ldapBase = array($this->_ldapBase);
}
foreach ($this->_ldapBase as $ldapBase) {
$ldapSearch = ldap_search($ldapConn, $ldapBase, "sAMAccountName={$uname}");
if ($ldapSearch && ($ldapEntry = ldap_first_entry($ldapConn, $ldapSearch)) && ($ldapDN = ldap_get_dn($ldapConn, $ldapEntry))) {
// We got a result and a DN for the user in question, so
// try binding as the user now:
if ($result = @ldap_bind($ldapConn, $ldapDN, $password)) {
if ($responseArray = ldap_get_attributes($ldapConn, ldap_first_entry($ldapConn, $ldapSearch))) {
$response = array();
foreach ($responseArray as $key => $value) {
if (@$value['count'] >= 1) {
$response[$key] = $value[0];
} else {
$response[$key] = $value;
}
// Store the list of groups they are a member of
if (strtolower($key) == $this->_ldapMemberKey) {
$groups = $value;
}
}
$response['organization'] = $this->_ldapOrg;
// Do the authorisation check. User must be a member of a group.
$authorisationPassed = TRUE;
if ($this->_ldapMemberKey != '' && $this->_ldapMemberRole != '') {
$authorisationPassed = FALSE;
foreach ($groups as $group) {
if (strtolower($group) == $this->_ldapMemberRole) {
$authorisationPassed = TRUE;
}
}
}
if (!$authorisationPassed) {
NSSError($smarty->getConfigVariable('ErrorUnauthorizedUser'), 'Authorisation Failed');
$result = -69;
if ($ldapConn) {
ldap_close($ldapConn);
}
return $result;
}
// Chain to the super class for any further properties to be added
// to the $response array:
parent::authenticate($uname, $password, $response);
if ($ldapConn) {
ldap_close($ldapConn);
}
return $result;
}
} else {
// We found a username matching but password didn't
if ($ldapConn) {
ldap_close($ldapConn);
}
return -69;
}
// } else {
// if ( $ldapConn ) {
// ldap_close($ldapConn);
// }
// return -69;
}
}
// If we get to here, we managed to contact the server, but couldn't
// find them in any of the BaseDNs we were told to search.
if ($ldapConn) {
ldap_close($ldapConn);
}
return -69;
} else {
NSSError('Check User: Unable to connect to any of the authentication servers; could not authenticate user.', 'LDAP Error');
if ($ldapConn) {
ldap_close($ldapConn);
}
return -70;
}
if ($ldapConn) {
ldap_close($ldapConn);
}
return $result;
}
public function authenticate(&$uname, $password, &$response)
{
$result = FALSE;
$mbox = @imap_open('{' . $this->_imapServer . '}INBOX', $uname, $password);
if ($mbox) {
$minfo = @imap_status($mbox, '{' . $this->_imapServer . '}INBOX', SA_MESSAGES);
if ($minfo) {
$response = array('uid' => strtolower($uname), 'mail' => strtolower($uname) . $this->_imapDomain, 'cn' => strtolower($uname) . $this->_imapDomain, 'displayName' => strtolower($uname) . $this->_imapDomain, 'organization' => $this->_imapOrg);
$result = TRUE;
// Chain to the super class for any further properties to be added
// to the $response array:
parent::authenticate($uname, $password, $response);
}
}
@imap_close($mbox);
return $result;
}
public function authenticate(&$uname, $password, &$response)
{
global $smarty;
$result = FALSE;
// Bind to one of our LDAP servers:
foreach ($this->_ldapServers as $ldapServer) {
//if($this->_ldapUseSSL){$ldapServer="ldaps://".$ldapServer;}
if ($ldapConn = ldap_connect($ldapServer)) {
// Set the protocol to 3 only:
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
// Connection made, now attempt to start TLS and bind anonymously:
// Only do start_tls if ldapUseSSL is false
if (!$this->_ldapUseSSL || ldap_start_tls($ldapConn)) {
if ($ldapBind = @ldap_bind($ldapConn, $this->_ldapDn, $this->_ldapPass)) {
break;
}
}
}
}
if ($ldapBind) {
$ldapSearch = ldap_search($ldapConn, $this->_ldapBase, "uid={$uname}");
if ($ldapSearch && ($ldapEntry = ldap_first_entry($ldapConn, $ldapSearch)) && ($ldapDN = ldap_get_dn($ldapConn, $ldapEntry))) {
// We got a result and a DN for the user in question, so
// try binding as the user now:
if ($result = @ldap_bind($ldapConn, $ldapDN, $password)) {
if ($responseArray = ldap_get_attributes($ldapConn, ldap_first_entry($ldapConn, $ldapSearch))) {
$response = array();
foreach ($responseArray as $key => $value) {
if (is_array($value) && $value['count'] >= 1) {
$response[$key] = $value[0];
} else {
$response[$key] = $value;
}
// Store the list of groups they are a member of
if (strtolower($key) == $this->_ldapMemberKey) {
$groups = $value;
}
}
// Set displayName=cn if not already set
if ($this->_ldapFullName != "displayName") {
$nameKeys = explode(" ", $this->_ldapFullName);
$nameWords = array();
foreach ($nameKeys as $k) {
if ($k) {
$nameWords[] = $response[$k];
}
}
$response['displayName'] = implode(' ', $nameWords);
}
if (!$response['cn']) {
$response['cn'] = $response['displayName'];
}
if (!$response['organization']) {
$response['organization'] = $this->_ldapOrg;
}
// Do the authorisation check. User must be a member of a group.
$authorisationPassed = TRUE;
if ($this->_ldapMemberKey != '' && $this->_ldapMemberRole != '') {
$authorisationPassed = FALSE;
foreach ($groups as $group) {
if (strtolower($group) == $this->_ldapMemberRole) {
$authorisationPassed = TRUE;
}
}
}
if (!$authorisationPassed) {
NSSError($smarty->getConfigVariable('ErrorUnauthorizedUser'), 'Authorisation Failed');
$result = FALSE;
}
// Chain to the super class for any further properties to be added
// to the $response array:
parent::authenticate($uname, $password, $response);
}
}
}
} else {
NSSError('Unable to connect to any of the LDAP servers; could not authenticate user.', 'LDAP Error');
}
if ($ldapConn) {
ldap_close($ldapConn);
}
return $result;
}
public function authenticate(&$uname, $password, &$response)
{
if ($uname == NSS_STATIC_UID && $password == 'changeme') {
$response = array('uid' => NSS_STATIC_UID, 'mail' => NSS_STATIC_UID . '@nowhere.org', 'cn' => 'Test User', 'displayName' => 'Test User');
// Chain to the super class for any further properties to be added
// to the $response array:
parent::authenticate($uname, $password, $response);
return TRUE;
}
return FALSE;
}
