/**
* Loads the server's rootDSE.
*
* @throw SimpleLdapException
*/
protected function rootdse()
{
if (!is_array($this->rootdse)) {
$attributes = array('vendorName', 'vendorVersion', 'namingContexts', 'altServer', 'supportedExtension', 'supportedControl', 'supportedSASLMechanisms', 'supportedLDAPVersion', 'subschemaSubentry', 'objectClass', 'rootDomainNamingContext');
$result = SimpleLdap::clean($this->search('', 'objectclass=*', 'base', $attributes));
$this->rootdse = $result[''];
}
}
/**
* Hash a string for use in an LDAP password field.
*/
public static function hash($string, $algorithm = NULL)
{
switch ($algorithm) {
case 'crypt':
$hash = '{CRYPT}' . crypt($string, substr($string, 0, 2));
break;
case 'salted crypt':
$hash = '{CRYPT}' . crypt($string, self::salt(2));
break;
case 'extended des':
$hash = '{CRYPT}' . crypt($string, '_' . self::salt(8));
break;
case 'md5crypt':
$hash = '{CRYPT}' . crypt($string, '$1$' . self::salt(9));
break;
case 'blowfish':
$hash = '{CRYPT}' . crypt($string, '$2a$12$' . self::salt(13));
break;
case 'md5':
$hash = '{MD5}' . base64_encode(md5($string, TRUE));
break;
case 'salted md5':
$salt = SimpleLdap::salt(8);
$hash = '{SMD5}' . base64_encode(md5($string . $salt, TRUE) . $salt);
break;
case 'sha':
$hash = '{SHA}' . base64_encode(sha1($string, TRUE));
break;
case 'salted sha':
$salt = SimpleLdap::salt(8);
$hash = '{SSHA}' . base64_encode(sha1($string . $salt, TRUE) . $salt);
break;
case 'unicode':
$string = '"' . $string . '"';
$length = drupal_strlen($string);
$hash = NULL;
for ($i = 0; $i < $length; $i++) {
$hash .= "{$string[$i]}";
}
break;
case 'none':
default:
$hash = $string;
}
return $hash;
}
/**
* Load the schema.
*
* Schema parsing can be slow, so only the attributes that are specified, and
* are not already cached, are loaded.
*
* @param array $attributes
* A list of attributes to load. If not specified, all attributes are
* loaded.
*
* @throw SimpleLdapException
*/
protected function load($attributes = NULL)
{
// If no attributes are specified, default to all attributes.
if ($attributes === NULL) {
$attributes = $this->attributes;
}
// Make sure $attributes is an array.
if (!is_array($attributes)) {
$attributes = array($attributes);
}
// Determine which attributes need to be loaded.
$load = array();
foreach ($attributes as $attribute) {
$attribute = drupal_strtolower($attribute);
if (!isset($this->schema[$attribute])) {
$load[] = $attribute;
}
}
// Load the attributes.
if (!empty($load)) {
$result = SimpleLdap::clean($this->server->search($this->dn, 'objectclass=*', 'base', $load));
// Parse the schema.
foreach ($load as $attribute) {
$attribute = drupal_strtolower($attribute);
$this->schema[$attribute] = array();
// Get the values for each attribute.
if (isset($result[$this->dn][$attribute])) {
foreach ($result[$this->dn][$attribute] as $value) {
$parsed = $this->parse($value);
$this->schema[$attribute][drupal_strtolower($parsed['name'])] = $parsed;
}
}
}
}
}
/**
* Hash an sid, using the current hashing method.
*
* This method is intentionally private.
*/
private function hashSid($sid)
{
$algorithm = variable_get('simple_ldap_sso_hashing_algorithm', 'sha');
return SimpleLdap::hash($sid, $algorithm);
}
/**
* Magic __set() function.
*
* @param string $name
* The name of the attribute to set.
* @param mixed $value
* The value to assigned to the given attribute.
*/
public function __set($name, $value)
{
$attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
switch ($name) {
case 'attributes':
case 'exists':
break;
case 'dn':
if ($this->dn != $value) {
try {
// Validate the DN format before trying to use it.
SimpleLdap::ldap_explode_dn($value);
// Save the old DN so a move operation can be done during save().
$this->move = $this->dn;
$this->dn = $value;
$this->dirty = TRUE;
} catch (SimpleLdapException $e) {
}
}
break;
default:
// Make sure $value is an array.
if (!is_array($value)) {
$value = array($value);
}
// Make sure $this->attributes[$name] exists.
if (!isset($this->attributes[$name])) {
$this->attributes[$name] = array();
}
// Compare the curent value with the given value.
$diff1 = @array_diff($this->attributes[$name], $value);
$diff2 = @array_diff($value, $this->attributes[$name]);
// If there are any differences, update the current value.
if (!empty($diff1) || !empty($diff2)) {
$this->attributes[$name] = $value;
$this->dirty = TRUE;
// Reconstruct the DN if the RDN attribute was just changed.
if ($name == $attribute_name) {
$parts = SimpleLdap::ldap_explode_dn($this->dn);
unset($parts['count']);
$parts[0] = $attribute_name . '=' . $value[0];
$this->move = $this->dn;
$this->dn = implode(',', $parts);
}
}
}
}
/**
* Magic __set() function.
*
* @param string $name
* The name of the attribute to set.
* @param mixed $value
* The value to assigned to the given attribute.
*/
public function __set($name, $value)
{
$attribute_pass = simple_ldap_user_variable_get('simple_ldap_user_attribute_pass');
switch ($name) {
// Read-only values.
case 'attributes':
case 'exists':
break;
case 'dn':
if ($this->dn != $value) {
try {
// Validate the DN format before trying to use it.
SimpleLdap::ldap_explode_dn($value);
// Save the old DN, so a move operation can be done during save().
$this->move = $this->dn;
$this->dn = $value;
} catch (SimpleLdapException $e) {
}
}
break;
// Look up the raw password from the internal reverse hash map. This
// intentionally falls through to default:.
// Look up the raw password from the internal reverse hash map. This
// intentionally falls through to default:.
case $attribute_pass:
if (isset(self::$hash[$value[0]])) {
$algorithm = simple_ldap_user_variable_get('simple_ldap_user_password_hash');
$value = SimpleLdap::hash(self::$hash[$value[0]], $algorithm);
} else {
// A plain text copy of the password is not available. Do not
// overwrite the existing value.
return;
}
default:
// Make sure $value is an array.
if (!is_array($value)) {
$value = array($value);
}
if (!array_key_exists('count', $value)) {
$value['count'] = count($value);
}
// Make sure $this->attributes[$name] is an array.
if (!isset($this->attributes[$name])) {
$this->attributes[$name] = array();
}
// Compare the current value with the given value.
$diff1 = @array_diff($this->attributes[$name], $value);
$diff2 = @array_diff($value, $this->attributes[$name]);
// Don't trigger a write if the only difference is the count field,
// which may be missing from the $value array.
unset($diff1['count']);
unset($diff2['count']);
// If there are any differences, update the current value.
if (!empty($diff1) || !empty($diff2)) {
$this->attributes[$name] = $value;
$this->dirty[$name] = $value;
}
}
}
