/** * Check the username / password against the IMAP server */ function RIMAP_check($username, $password) { global $c; $imap_username = $username; if (function_exists('mb_convert_encoding')) { $imap_username = mb_convert_encoding($imap_username, "UTF7-IMAP", mb_detect_encoding($imap_username)); } else { $imap_username = imap_utf7_encode($imap_username); } //$imap_url = '{localhost:143/imap/notls}'; //$imap_url = '{localhost:993/imap/ssl/novalidate-cert}'; $imap_url = $c->authenticate_hook['config']['imap_url']; $auth_result = "ERR"; $imap_stream = @imap_open($imap_url, $imap_username, $password, OP_HALFOPEN); //print_r(imap_errors()); if ($imap_stream) { // disconnect imap_close($imap_stream); // login ok $auth_result = "OK"; } if ($auth_result == "OK") { $principal = new Principal('username', $username); if (!$principal->Exists()) { dbg_error_log("PAM", "Principal '%s' doesn't exist in local DB, we need to create it", $username); if (strstr($username, '@')) { $name_arr = explode('@', $username); $fullname = ucfirst(strtolower($name_arr[0])); $email = $username; } else { $fullname = ucfirst(strtolower($username)); $email = $username . "@" . $c->authenticate_hook['config']['email_base']; } $principal->Create(array('username' => $username, 'user_active' => true, 'email' => $email, 'fullname' => ucfirst($fullname))); if (!$principal->Exists()) { dbg_error_log("PAM", "Unable to create local principal for '%s'", $username); return false; } CreateHomeCollections($username); } return $principal; } else { dbg_error_log("PAM", "User %s is not a valid username (or password was wrong)", $username); return false; } }
function principal_editor() { global $c, $id, $can_write_principal, $session; $editor = new Editor(translate('Principal'), 'dav_principal'); $editor->SetLookup('date_format_type', "SELECT 'E', 'European' UNION SELECT 'U', 'US Format' UNION SELECT 'I', 'ISO Format'"); $editor->SetLookup('type_id', 'SELECT principal_type_id, principal_type_desc FROM principal_type ORDER BY principal_type_id'); $editor->SetLookup('locale', 'SELECT \'\', \'' . translate("*** Default Locale ***") . '\' UNION SELECT locale, locale_name_locale FROM supported_locales ORDER BY 1 ASC'); $editor->AddAttribute('locale', 'title', translate("The preferred language for this person.")); $editor->AddAttribute('fullname', 'title', translate("The full name for this person, group or other type of principal.")); $editor->SetWhere('principal_id=' . $id); $editor->AddField('is_admin', 'EXISTS( SELECT 1 FROM role_member WHERE role_no = 1 AND role_member.user_no = dav_principal.user_no )'); $editor->AddAttribute('is_admin', 'title', translate('An "Administrator" user has full rights to the whole DAViCal System')); $post_values = false; if (isset($_POST['xxxxusername'])) { $_POST['xxxxusername'] = trim(str_replace('/', '', $_POST['xxxxusername'])); if ($_POST['xxxxusername'] == '') { $c->messages[] = i18n("The username must not be blank, and may not contain a slash"); $can_write_principal = false; } } if (isset($_POST['fullname']) && trim($_POST['fullname']) == '') { $c->messages[] = i18n("The full name must not be blank."); $can_write_principal = false; } if (isset($_POST['email']) && trim($_POST['email']) == '') { $c->messages[] = i18n("The email address really should not be blank."); } $pwstars = '@@@@@@@@@@'; if ($can_write_principal && $editor->IsSubmit()) { $editor->WhereNewRecord("principal_id=(SELECT CURRVAL('dav_id_seq'))"); if (!$session->AllowedTo('Admin')) { unset($_POST['admin_role']); unset($_POST['user_active']); } unset($_POST['password']); if ($_POST['newpass1'] != '' && $_POST['newpass1'] != $pwstars) { if ($_POST['newpass1'] == $_POST['newpass2']) { $_POST['password'] = $_POST['newpass1']; } else { $c->messages[] = "Password not updated. The supplied passwords do not match."; } } if (isset($_POST['fullname']) && !isset($_POST['displayname'])) { $_POST['displayname'] = $_POST['fullname']; } if (isset($_POST['default_privileges'])) { $privilege_bitpos = array_flip($privilege_names); $priv_names = array_keys($_POST['default_privileges']); $privs = privilege_to_bits($priv_names); $_POST['default_privileges'] = sprintf('%024s', decbin($privs)); $editor->Assign('default_privileges', $privs_dec); } if ($editor->IsCreate()) { $c->messages[] = i18n("Creating new Principal record."); } else { $c->messages[] = i18n("Updating Principal record."); } $editor->Write(); if ($_POST['type_id'] != 3 && $editor->IsCreate()) { /** We only add the default calendar if it isn't a group, and this is a create action */ require_once 'auth-functions.php'; CreateHomeCollections($editor->Value('username')); } if ($session->AllowedTo('Admin')) { if ($_POST['is_admin'] == 'on') { $sql = 'INSERT INTO role_member (role_no, user_no) SELECT 1, dav_principal.user_no FROM dav_principal WHERE user_no = :user_no AND NOT EXISTS(SELECT 1 FROM role_member rm WHERE rm.role_no = 1 AND rm.user_no = dav_principal.user_no )'; $editor->Assign('is_admin', 't'); } else { $sql = 'DELETE FROM role_member WHERE role_no = 1 AND user_no = :user_no'; $editor->Assign('is_admin', 'f'); } $params[':user_no'] = $editor->Value('user_no'); $qry = new AwlQuery($sql, $params); $qry->Exec('admin-principal-edit'); } } else { if (isset($id) && $id > 0) { $editor->GetRecord(); if ($editor->IsSubmit()) { $c->messages[] = i18n('You do not have permission to modify this record.'); } } } if ($editor->Available()) { $c->page_title = $editor->Title(translate('Principal') . ': ' . $editor->Value('fullname')); } else { $c->page_title = $editor->Title(translate('Create New Principal')); $privs = decbin(privilege_to_bits($c->default_privileges)); $editor->Assign('default_privileges', $privs); $editor->Assign('user_active', 't'); foreach ($c->template_usr as $k => $v) { $editor->Assign($k, $v); } } if ($post_values) { $editor->PostToValues(); if (isset($_POST['default_privileges'])) { $privilege_bitpos = array_flip($privilege_names); $priv_names = array_keys($_POST['default_privileges']); $privs = privilege_to_bits($priv_names); $_POST['default_privileges'] = sprintf('%024s', decbin($privs)); $editor->Assign('default_privileges', $_POST['default_privileges']); } } $prompt_principal_id = translate('Principal ID'); $value_id = $editor->Available() ? '##principal_id.hidden####principal_id.value##' : translate('New Principal'); $prompt_username = translate('Username'); $prompt_password_1 = translate('Change Password'); $prompt_password_2 = translate('Confirm Password'); $prompt_fullname = translate('Fullname'); $prompt_displayname = translate('Display Name'); $prompt_email = translate('Email Address'); $prompt_date_format = translate('Date Format Style'); $prompt_admin = translate('Administrator'); $prompt_active = translate('Active'); $prompt_locale = translate('Locale'); $prompt_type = translate('Principal Type'); $prompt_privileges = translate('Privileges granted to All Users'); $privs_html = build_privileges_html($editor, 'default_privileges'); $admin_row_entry = ''; $delete_principal_button = ''; if ($session->AllowedTo('Admin')) { $admin_row_entry = ' <tr> <th class="right">' . $prompt_admin . ':</th><td class="left">##is_admin.checkbox##</td> </tr>'; $admin_row_entry .= ' <tr> <th class="right">' . $prompt_active . ':</th><td class="left">##user_active.checkbox##</td> </tr>'; if (isset($id)) { $delete_principal_button = '<a href="' . $c->base_url . '/admin.php?action=edit&t=principal&subaction=delete_principal&id=' . $id . '" class="submit">' . translate("Delete Principal") . '</a>'; } } $id = $editor->Value('principal_id'); $template = <<<EOTEMPLATE ##form## <script language="javascript"> function toggle_privileges() { var argv = toggle_privileges.arguments; var argc = argv.length; if ( argc < 2 ) { return; } var match_me = argv[0]; var set_to = -1; if ( argv[1] == 'all' ) { var form = document.getElementById(argv[2]); var fieldcount = form.elements.length; var matching = '/^' + match_me + '/'; for (var i = 0; i < fieldcount; i++) { var fieldname = form.elements[i].name; if ( fieldname.match( match_me ) ) { if ( set_to == -1 ) { set_to = ( form.elements[i].checked ? 0 : 1 ); } form.elements[i].checked = set_to; } } } else { for (var i = 1; i < argc; i++) { var f = document.getElementById( match_me + '_' + argv[i]); if ( set_to == -1 ) { set_to = ( f.checked ? 0 : 1 ); } f.checked = set_to; } } } </script> <style> th.right, label.privilege { white-space:nowrap; } label.privilege { margin:0.2em 1em 0.2em 0.1em; padding:0 0.2em; line-height:1.6em; font-size:87%; } </style> <table> <tr> <th class="right">{$prompt_principal_id}:</th><td class="left"> <table width="100%" class="form_inner"><tr> <td>{$value_id}</td> <td align="right">{$delete_principal_button}</td> </tr></table> </td></tr> <tr> <th class="right">{$prompt_username}:</th> <td class="left">##xxxxusername.input.50##</td> </tr> <tr> <th class="right">{$prompt_password_1}:</th> <td class="left">##newpass1.password.{$pwstars}##</td> </tr> <tr> <th class="right">{$prompt_password_2}:</th> <td class="left">##newpass2.password.{$pwstars}##</td> </tr> <tr> <th class="right">{$prompt_fullname}:</th> <td class="left">##fullname.input.50##</td> </tr> <tr> <th class="right">{$prompt_email}:</th> <td class="left">##email.input.50##</td> </tr> <tr> <th class="right">{$prompt_locale}:</th> <td class="left">##locale.select##</td> </tr> <tr> <th class="right">{$prompt_date_format}:</th> <td class="left">##date_format_type.select##</td> </tr> <tr> <th class="right">{$prompt_type}:</th> <td class="left">##type_id.select##</td> </tr> {$admin_row_entry} <tr> <th class="right" style="white-space:normal;">{$prompt_privileges}:</th><td class="left">{$privs_html}</td> </tr> <tr> <th class="right"></th> <td class="left" colspan="2">##submit##</td> </tr> </table> </form> EOTEMPLATE; $editor->SetTemplate($template); return $editor; }
/** * Authenticate against a different PostgreSQL database which contains a usr table in * the AWL format. * * Use this as in the following example config snippet: * * require_once('auth-functions.php'); * $c->authenticate_hook = array( * 'call' => 'AuthExternalAwl', * 'config' => array( * // A PgSQL database connection string for the database containing user records * 'connection[]' => 'dbname=wrms host=otherhost port=5433 user=general', * // Which columns should be fetched from the database * 'columns' => "user_no, active, email_ok, joined, last_update AS updated, last_used, username, password, fullname, email", * // a WHERE clause to limit the records returned. * 'where' => "active AND org_code=7" * ) * ); * */ function AuthExternalAWL($username, $password) { global $c; $persistent = isset($c->authenticate_hook['config']['use_persistent']) && $c->authenticate_hook['config']['use_persistent']; if (isset($c->authenticate_hook['config']['columns'])) { $cols = $c->authenticate_hook['config']['columns']; } else { $cols = '*'; } if (isset($c->authenticate_hook['config']['where'])) { $andwhere = ' AND ' . $c->authenticate_hook['config']['where']; } else { $andwhere = ''; } $qry = new AwlQuery('SELECT ' . $cols . ' FROM usr WHERE lower(username) = :username ' . $andwhere, array(':username' => strtolower($username))); $authconn = $qry->SetConnection($c->authenticate_hook['config']['connection'], $persistent ? array(PDO::ATTR_PERSISTENT => true) : null); if (!$authconn) { echo <<<EOERRMSG <html><head><title>Database Connection Failure</title></head><body> <h1>Database Error</h1> <h3>Could not connect to PostgreSQL database</h3> </body> </html> EOERRMSG; @ob_flush(); exit(1); } if ($qry->Exec('Login', __LINE__, __FILE__) && $qry->rows() == 1) { $usr = $qry->Fetch(); if (session_validate_password($password, $usr->password)) { $principal = new Principal('username', $username); if ($principal->Exists()) { if ($principal->modified <= $usr->updated) { $principal->Update($usr); } } else { $principal->Create($usr); CreateHomeCollections($username); } /** * We disallow login by inactive users _after_ we have updated the local copy */ if (isset($usr->active) && $usr->active == 'f') { return false; } return $principal; } } return false; }
/** * Synchronise a cached user with one from LDAP * @param object $principal A Principal object to be updated (or created) */ function sync_user_from_LDAP(Principal &$principal, $mapping, $ldap_values) { global $c; dbg_error_log("LDAP", "Going to sync the user from LDAP"); $fields_to_set = array(); $updateable_fields = Principal::updateableFields(); foreach ($updateable_fields as $field) { if (isset($mapping[$field])) { $tab_part_fields = explode(',', $mapping[$field]); foreach ($tab_part_fields as $part_field) { if (isset($ldap_values[$part_field])) { if (isset($fields_to_set[$field])) { $fields_to_set[$field] .= ' ' . $ldap_values[$part_field]; } else { $fields_to_set[$field] = $ldap_values[$part_field]; } } } dbg_error_log("LDAP", "Setting usr->%s to %s from LDAP field %s", $field, $fields_to_set[$field], $mapping[$field]); } else { if (isset($c->authenticate_hook['config']['default_value']) && is_array($c->authenticate_hook['config']['default_value']) && isset($c->authenticate_hook['config']['default_value'][$field])) { $fields_to_set[$field] = $c->authenticate_hook['config']['default_value'][$field]; dbg_error_log("LDAP", "Setting usr->%s to %s from configured defaults", $field, $c->authenticate_hook['config']['default_value'][$field]); } } } if ($principal->Exists()) { $principal->Update($fields_to_set); } else { $principal->Create($fields_to_set); CreateHomeCollections($principal->username()); CreateDefaultRelationships($principal->username()); } }