/**
* Tries to logon to the HTTP server with given id and password
*
* @access public
*
* @param string $source Authentication source to be used
* @param string $external_uid The ID entered
* @param string $external_passwd The password of the user
*
* @return boolean True if the authentication was a success, false
* otherwise
*/
public function Authenticate($source, $external_uid, $external_passwd)
{
require_once 'HTTP/Request.php';
// Set some default HTTP request options
$request_options['method'] = 'GET';
$request_options['timeout'] = 5;
$request_options['allowRedirects'] = true;
$enc = ExternalAuthenticator::getAuthEnc($source);
$port = ExternalAuthenticator::getAuthPort($source);
$folder = ExternalAuthenticator::getOption($source, 'folder');
$proxy = ExternalAuthenticator::getOption($source, 'proxy');
$proxy_port = ExternalAuthenticator::getOption($source, 'proxy_port');
$proxy_user = ExternalAuthenticator::getOption($source, 'proxy_user');
$proxy_pass = ExternalAuthenticator::getOption($source, 'proxy_pass');
if (!is_null($proxy) && !is_null($proxy_port)) {
ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy is set to ' . $proxy . ':' . $proxy_port);
$request_options['proxy_host'] = $proxy;
$request_options['proxy_port'] = $proxy_port;
} else {
ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy is not set');
}
if (!is_null($proxy_user)) {
ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy user is set to ' . $proxy_user);
$request_options['proxy_user'] = $proxy_user;
if (!is_null($proxy_pass)) {
ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy password is set');
$request_options['proxy_pass'] = $proxy_pass;
} else {
ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy password is NOT set');
}
} else {
ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy user is NOT set');
}
if ($enc == 'ssl') {
$url = 'https://';
} else {
$url = 'http://';
}
$url .= ExternalAuthenticator::getAuthServer($source);
if (!is_null($port)) {
$url .= ':' . $port;
}
if (!is_null($folder)) {
$url .= $folder;
}
ExternalAuthenticator::AuthLog($external_uid . '.http - Authentication URL is set to ' . $url);
$request = new HTTP_Request($url, $request_options);
$request->setBasicAuth($external_uid, $external_passwd);
ExternalAuthenticator::AuthLog($external_uid . '.http - Sending authentication request');
$request->sendRequest();
// HTTP code 200 means everything is OK
if ($request->getResponseCode() == 200) {
ExternalAuthenticator::AuthLog($external_uid . '.http - Remote server returned code 200');
return true;
} else {
ExternalAuthenticator::AuthLog($external_uid . '.http - Authentication failed with HTTP code ' . $request->getResponseCode());
ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed'));
return false;
}
}
/**
* Tries to logon to the FTP server with given id and password
*
* @access public
*
* @param string $source Authentication source to be used
* @param string $external_uid The ID entered
* @param string $external_passwd The password of the user
*
* @return boolean True if the authentication was a success, false
* otherwise
*/
public function Authenticate($source, $external_uid, $external_passwd)
{
$enc = ExternalAuthenticator::getAuthEnc($source);
$port = ExternalAuthenticator::getAuthPort($source);
if (is_null($port)) {
$port = self::$port;
}
ExternalAuthenticator::AuthLog($external_uid . '.ftp - Connecting to ' . ExternalAuthenticator::getAuthServer($source) . ' port ' . $port);
if ($enc == 'ssl') {
ExternalAuthenticator::AuthLog($external_uid . '.ftp - Connection type is SSL');
$conn = @ftp_ssl_connect(ExternalAuthenticator::getAuthServer($source), $port);
} else {
$conn = @ftp_connect(ExternalAuthenticator::getAuthServer($source), $port);
}
if (!$conn) {
ExternalAuthenticator::AuthLog($external_uid . '.ftp - Connection to server failed');
ExternalAuthenticator::setAuthMessage(_t('FTP_Authenticator.NoConnect', 'Could not connect to FTP server'));
return false;
} else {
ExternalAuthenticator::AuthLog($external_uid . '.ftp - Connection to server succeeded');
}
if (!@ftp_login($conn, $external_uid, $external_passwd)) {
ExternalAuthenticator::AuthLog($external_uid . '.ftp - User credentials failed at ftp server');
ftp_close($conn);
ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed'));
return false;
} else {
ExternalAuthenticator::AuthLog($external_uid . '.ftp - ftp server validated credentials');
ftp_close($conn);
return true;
}
}
/**
* Tries to logon to the IMAP server with given id and password
*
* @access public
*
* @param string $source Authentication source to be used
* @param string $external_uid The ID entered
* @param string $external_passwd The password of the user
*
* @return boolean True if the authentication was a success, false
* otherwise
*/
public function Authenticate($source, $external_uid, $external_passwd)
{
$servicetype = ExternalAuthenticator::getOption($source, 'protocol');
if (is_null($servicetype) || !in_array(strtolower($servicetype), array('imap', 'pop3'))) {
ExternalAuthenticator::setAuthMessage(_t('IMAP_Authenticator.Protocol', 'Protocol is not set to a valid type'));
return false;
}
$enc = ExternalAuthenticator::getAuthEnc($source);
$port = ExternalAuthenticator::getAuthPort($source);
if (is_null($port)) {
if (is_null($enc)) {
$port = self::$portlist["{$servicetype}"]['default'];
} else {
$port = self::$portlist["{$servicetype}"]["{$enc}"];
}
}
$connectstring = '{' . ExternalAuthenticator::getAuthServer($source);
$connectstring .= ':' . $port;
$connectstring .= '/' . $servicetype;
if (!is_null($enc)) {
$connectstring .= '/' . $enc;
$validate = ExternalAuthenticator::getOption($source, 'certnovalidate');
if (!is_null($validate) || $validate) {
$connectstring .= '/novalidate-cert';
}
} else {
$connectstring .= '/notls';
}
$connectstring .= '}';
ExternalAuthenticator::AuthLog($external_uid . '.imap - Connect string to server is ' . $connectstring);
ExternalAuthenticator::AuthLog($external_uid . '.imap - If you get a blank screen and the process end here, check php_imap module');
$mbox = @imap_open($connectstring, $external_uid, $external_passwd);
if (!$mbox) {
ExternalAuthenticator::AuthLog($external_uid . '.imap - ' . imap_last_error());
ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed'));
return false;
} else {
ExternalAuthenticator::AuthLog($external_uid . '.imap - imap_open returned mailbox handle');
@imap_close($mbox);
return true;
}
}
/**
* Does an ldap connect and binds as the guest user or as the optional dn.
*
* @param string $source Authentication source to be used
* @param string $external_anchor The ID entered by the user (for logging purposes only)
* @return boolean on success, error message on fail.
*/
private function Connect($source, $external_anchor)
{
// First we verify the setting and adapt where needed
$uri = ExternalAuthenticator::getAuthServer($source);
$enc = ExternalAuthenticator::getAuthEnc($source);
if (is_null($enc)) {
$uri = self::$uri_header["default"] . $uri;
} else {
$uri = self::$uri_header["{$enc}"] . $uri;
}
$port = ExternalAuthenticator::getAuthPort($source);
if (is_null($port)) {
if (is_null($enc)) {
$port = self::$portlist["default"];
} else {
$port = self::$portlist["{$enc}"];
}
}
$version = ExternalAuthenticator::getOption($source, "ldapversion");
if (is_null($version)) {
$version = self::$version;
}
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Connecting to ' . $uri . ' port ' . $port . ' LDAP version ' . $version);
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - If process stops here, check PHP LDAP module');
$bindas = ExternalAuthenticator::getOption($source, "bind_as");
$bindpw = ExternalAuthenticator::getOption($source, "bind_pw");
// Revert to the PHP error handler to prevent the SilverStripe
// error handler from interfering
restore_error_handler();
/* Connect to the LDAP server. */
self::$ds = @ldap_connect($uri, $port);
if (!self::$ds) {
Debug::loadErrorHandlers();
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Failed to connect');
return _t('LDAP_Authenticator.NotConnected', 'Failed to connect to LDAP server.');
} else {
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Connect succeeded');
}
if (!ldap_set_option(self::$ds, LDAP_OPT_PROTOCOL_VERSION, $version)) {
Debug::loadErrorHandlers();
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP set to prot. version ' . $version . ' failed');
return sprintf(_t('LDAP_Authenticator.Version', 'Set LDAP protocol version to %d failed'), $version);
} else {
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP set to protocol version ' . $version);
}
if ($enc == "tls") {
if (!@ldap_start_tls(self::$ds)) {
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - TLS initialization failed ' . ldap_errno(self::$ds) . ':' . ldap_error(self::$ds));
return sprintf(_t('LDAP_Authenticator.TLS', 'Start TLS failed: [%d] %s'), ldap_errno(self::$ds), ldap_error(self::$ds));
} else {
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - TLS initialization success');
}
} else {
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - TLS not set');
}
if (!is_null($bindas)) {
$bind = @ldap_bind(self::$ds, $bindas, $bindpw);
} else {
$bind = @ldap_bind(self::$ds);
}
// Reset the SilverStripe error handler
Debug::loadErrorHandlers();
if (!$bind) {
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Bind failed ' . ldap_errno(self::$ds) . ':' . ldap_error(self::$ds));
return _t('LDAP_Authenticator.NoBind', 'Could not bind to LDAP server.');
} else {
ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Bind success');
}
return true;
}
