/** * Loads the server's rootDSE. * * @throw SimpleLdapException */ protected function rootdse() { if (!is_array($this->rootdse)) { $attributes = array('vendorName', 'vendorVersion', 'namingContexts', 'altServer', 'supportedExtension', 'supportedControl', 'supportedSASLMechanisms', 'supportedLDAPVersion', 'subschemaSubentry', 'objectClass', 'rootDomainNamingContext'); $result = SimpleLdap::clean($this->search('', 'objectclass=*', 'base', $attributes)); $this->rootdse = $result['']; } }
/** * Hash a string for use in an LDAP password field. */ public static function hash($string, $algorithm = NULL) { switch ($algorithm) { case 'crypt': $hash = '{CRYPT}' . crypt($string, substr($string, 0, 2)); break; case 'salted crypt': $hash = '{CRYPT}' . crypt($string, self::salt(2)); break; case 'extended des': $hash = '{CRYPT}' . crypt($string, '_' . self::salt(8)); break; case 'md5crypt': $hash = '{CRYPT}' . crypt($string, '$1$' . self::salt(9)); break; case 'blowfish': $hash = '{CRYPT}' . crypt($string, '$2a$12$' . self::salt(13)); break; case 'md5': $hash = '{MD5}' . base64_encode(md5($string, TRUE)); break; case 'salted md5': $salt = SimpleLdap::salt(8); $hash = '{SMD5}' . base64_encode(md5($string . $salt, TRUE) . $salt); break; case 'sha': $hash = '{SHA}' . base64_encode(sha1($string, TRUE)); break; case 'salted sha': $salt = SimpleLdap::salt(8); $hash = '{SSHA}' . base64_encode(sha1($string . $salt, TRUE) . $salt); break; case 'unicode': $string = '"' . $string . '"'; $length = drupal_strlen($string); $hash = NULL; for ($i = 0; $i < $length; $i++) { $hash .= "{$string[$i]}"; } break; case 'none': default: $hash = $string; } return $hash; }
/** * Load the schema. * * Schema parsing can be slow, so only the attributes that are specified, and * are not already cached, are loaded. * * @param array $attributes * A list of attributes to load. If not specified, all attributes are * loaded. * * @throw SimpleLdapException */ protected function load($attributes = NULL) { // If no attributes are specified, default to all attributes. if ($attributes === NULL) { $attributes = $this->attributes; } // Make sure $attributes is an array. if (!is_array($attributes)) { $attributes = array($attributes); } // Determine which attributes need to be loaded. $load = array(); foreach ($attributes as $attribute) { $attribute = drupal_strtolower($attribute); if (!isset($this->schema[$attribute])) { $load[] = $attribute; } } // Load the attributes. if (!empty($load)) { $result = SimpleLdap::clean($this->server->search($this->dn, 'objectclass=*', 'base', $load)); // Parse the schema. foreach ($load as $attribute) { $attribute = drupal_strtolower($attribute); $this->schema[$attribute] = array(); // Get the values for each attribute. if (isset($result[$this->dn][$attribute])) { foreach ($result[$this->dn][$attribute] as $value) { $parsed = $this->parse($value); $this->schema[$attribute][drupal_strtolower($parsed['name'])] = $parsed; } } } } }
/** * Hash an sid, using the current hashing method. * * This method is intentionally private. */ private function hashSid($sid) { $algorithm = variable_get('simple_ldap_sso_hashing_algorithm', 'sha'); return SimpleLdap::hash($sid, $algorithm); }
/** * Magic __set() function. * * @param string $name * The name of the attribute to set. * @param mixed $value * The value to assigned to the given attribute. */ public function __set($name, $value) { $attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name'); switch ($name) { case 'attributes': case 'exists': break; case 'dn': if ($this->dn != $value) { try { // Validate the DN format before trying to use it. SimpleLdap::ldap_explode_dn($value); // Save the old DN so a move operation can be done during save(). $this->move = $this->dn; $this->dn = $value; $this->dirty = TRUE; } catch (SimpleLdapException $e) { } } break; default: // Make sure $value is an array. if (!is_array($value)) { $value = array($value); } // Make sure $this->attributes[$name] exists. if (!isset($this->attributes[$name])) { $this->attributes[$name] = array(); } // Compare the curent value with the given value. $diff1 = @array_diff($this->attributes[$name], $value); $diff2 = @array_diff($value, $this->attributes[$name]); // If there are any differences, update the current value. if (!empty($diff1) || !empty($diff2)) { $this->attributes[$name] = $value; $this->dirty = TRUE; // Reconstruct the DN if the RDN attribute was just changed. if ($name == $attribute_name) { $parts = SimpleLdap::ldap_explode_dn($this->dn); unset($parts['count']); $parts[0] = $attribute_name . '=' . $value[0]; $this->move = $this->dn; $this->dn = implode(',', $parts); } } } }
/** * Magic __set() function. * * @param string $name * The name of the attribute to set. * @param mixed $value * The value to assigned to the given attribute. */ public function __set($name, $value) { $attribute_pass = simple_ldap_user_variable_get('simple_ldap_user_attribute_pass'); switch ($name) { // Read-only values. case 'attributes': case 'exists': break; case 'dn': if ($this->dn != $value) { try { // Validate the DN format before trying to use it. SimpleLdap::ldap_explode_dn($value); // Save the old DN, so a move operation can be done during save(). $this->move = $this->dn; $this->dn = $value; } catch (SimpleLdapException $e) { } } break; // Look up the raw password from the internal reverse hash map. This // intentionally falls through to default:. // Look up the raw password from the internal reverse hash map. This // intentionally falls through to default:. case $attribute_pass: if (isset(self::$hash[$value[0]])) { $algorithm = simple_ldap_user_variable_get('simple_ldap_user_password_hash'); $value = SimpleLdap::hash(self::$hash[$value[0]], $algorithm); } else { // A plain text copy of the password is not available. Do not // overwrite the existing value. return; } default: // Make sure $value is an array. if (!is_array($value)) { $value = array($value); } if (!array_key_exists('count', $value)) { $value['count'] = count($value); } // Make sure $this->attributes[$name] is an array. if (!isset($this->attributes[$name])) { $this->attributes[$name] = array(); } // Compare the current value with the given value. $diff1 = @array_diff($this->attributes[$name], $value); $diff2 = @array_diff($value, $this->attributes[$name]); // Don't trigger a write if the only difference is the count field, // which may be missing from the $value array. unset($diff1['count']); unset($diff2['count']); // If there are any differences, update the current value. if (!empty($diff1) || !empty($diff2)) { $this->attributes[$name] = $value; $this->dirty[$name] = $value; } } }