/** * Tries to logon to the HTTP server with given id and password * * @access public * * @param string $source Authentication source to be used * @param string $external_uid The ID entered * @param string $external_passwd The password of the user * * @return boolean True if the authentication was a success, false * otherwise */ public function Authenticate($source, $external_uid, $external_passwd) { require_once 'HTTP/Request.php'; // Set some default HTTP request options $request_options['method'] = 'GET'; $request_options['timeout'] = 5; $request_options['allowRedirects'] = true; $enc = ExternalAuthenticator::getAuthEnc($source); $port = ExternalAuthenticator::getAuthPort($source); $folder = ExternalAuthenticator::getOption($source, 'folder'); $proxy = ExternalAuthenticator::getOption($source, 'proxy'); $proxy_port = ExternalAuthenticator::getOption($source, 'proxy_port'); $proxy_user = ExternalAuthenticator::getOption($source, 'proxy_user'); $proxy_pass = ExternalAuthenticator::getOption($source, 'proxy_pass'); if (!is_null($proxy) && !is_null($proxy_port)) { ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy is set to ' . $proxy . ':' . $proxy_port); $request_options['proxy_host'] = $proxy; $request_options['proxy_port'] = $proxy_port; } else { ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy is not set'); } if (!is_null($proxy_user)) { ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy user is set to ' . $proxy_user); $request_options['proxy_user'] = $proxy_user; if (!is_null($proxy_pass)) { ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy password is set'); $request_options['proxy_pass'] = $proxy_pass; } else { ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy password is NOT set'); } } else { ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy user is NOT set'); } if ($enc == 'ssl') { $url = 'https://'; } else { $url = 'http://'; } $url .= ExternalAuthenticator::getAuthServer($source); if (!is_null($port)) { $url .= ':' . $port; } if (!is_null($folder)) { $url .= $folder; } ExternalAuthenticator::AuthLog($external_uid . '.http - Authentication URL is set to ' . $url); $request = new HTTP_Request($url, $request_options); $request->setBasicAuth($external_uid, $external_passwd); ExternalAuthenticator::AuthLog($external_uid . '.http - Sending authentication request'); $request->sendRequest(); // HTTP code 200 means everything is OK if ($request->getResponseCode() == 200) { ExternalAuthenticator::AuthLog($external_uid . '.http - Remote server returned code 200'); return true; } else { ExternalAuthenticator::AuthLog($external_uid . '.http - Authentication failed with HTTP code ' . $request->getResponseCode()); ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed')); return false; } }
/** * Tries to logon to the IMAP server with given id and password * * @access public * * @param string $source Authentication source to be used * @param string $external_uid The ID entered * @param string $external_passwd The password of the user * * @return boolean True if the authentication was a success, false * otherwise */ public function Authenticate($source, $external_uid, $external_passwd) { $servicetype = ExternalAuthenticator::getOption($source, 'protocol'); if (is_null($servicetype) || !in_array(strtolower($servicetype), array('imap', 'pop3'))) { ExternalAuthenticator::setAuthMessage(_t('IMAP_Authenticator.Protocol', 'Protocol is not set to a valid type')); return false; } $enc = ExternalAuthenticator::getAuthEnc($source); $port = ExternalAuthenticator::getAuthPort($source); if (is_null($port)) { if (is_null($enc)) { $port = self::$portlist["{$servicetype}"]['default']; } else { $port = self::$portlist["{$servicetype}"]["{$enc}"]; } } $connectstring = '{' . ExternalAuthenticator::getAuthServer($source); $connectstring .= ':' . $port; $connectstring .= '/' . $servicetype; if (!is_null($enc)) { $connectstring .= '/' . $enc; $validate = ExternalAuthenticator::getOption($source, 'certnovalidate'); if (!is_null($validate) || $validate) { $connectstring .= '/novalidate-cert'; } } else { $connectstring .= '/notls'; } $connectstring .= '}'; ExternalAuthenticator::AuthLog($external_uid . '.imap - Connect string to server is ' . $connectstring); ExternalAuthenticator::AuthLog($external_uid . '.imap - If you get a blank screen and the process end here, check php_imap module'); $mbox = @imap_open($connectstring, $external_uid, $external_passwd); if (!$mbox) { ExternalAuthenticator::AuthLog($external_uid . '.imap - ' . imap_last_error()); ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed')); return false; } else { ExternalAuthenticator::AuthLog($external_uid . '.imap - imap_open returned mailbox handle'); @imap_close($mbox); return true; } }
/** * Tries to logon to the LDAP server with given id and password * * @access public * * @param string $source The Authentication source to be used * @param string $external_anchor The ID entered * @param string $external_passwd The password of the user * * @return mixed Account details if succesful , false if not */ public function Authenticate($source, $external_anchor, $external_passwd) { // A password should have some lenght. An empty password will result // in a succesfull anonymous bind. A password should not be all spaces if (strlen(trim($external_passwd)) == 0) { ExternalAuthenticator::setAuthMessage(_t('LDAP_Authenticator.NoPasswd', 'Please enter a password')); return false; } // Do we support password expiration? $expire = ExternalAuthenticator::getOption($source, 'passwd_expiration'); $result = self::Connect($source, $external_anchor); if (is_string($result)) { ExternalAuthenticator::setAuthMessage($result); return false; } $dn = self::findDN($source, ExternalAuthenticator::getOption($source, 'attribute'), $external_anchor); if (is_bool($dn)) { @ldap_close(self::$ds); ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed')); return false; } // Restore the default error handler. We dont want a red bordered // screen on error, but a civilized message to the user restore_error_handler(); $success = false; //Initialize the result of the authentication ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Binding to LDAP as ' . $dn); $bind = @ldap_bind(self::$ds, $dn, $external_passwd); if ($bind != false) { ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP accepted password for ' . $dn); $accountdetails = self::lookupDetails($source, $dn, $external_anchor); if (!is_null($expire) && $expire) { ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Check if password has expired'); // Reset the SilverStripe error handler Debug::loadErrorHandlers(); // Do some calculations on the attributes to convert them // to the interval [now]-[expires at] if ($accountdetails['shadowmax']['value'] && $accountdetails['shadowlastchange']['value'] && $accountdetails['shadowwarning']['value']) { $today = floor(time() / 86400); $warnday = $accountdetails['shadowlastchange']['value'] + $accountdetails['shadowmax']['value'] - $accountdetails['shadowwarning']['value']; $toexpire = $accountdetails['shadowlastchange']['value'] + $accountdetails['shadowmax']['value'] - $today; ExternalAuthenticator::AuthLog($external_anchor . '.ldap - ' . $toexpire . ' before password expires ' . $towarn . ' days before warning'); // Out of luck. His password has expired. if ($toexpire < 0) { ExternalAuthenticator::setAuthMessage(_t('LDAP_Authenticator.Expired', 'Your password has expired')); ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP Authentication FAILED due to expired password'); } else { ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP Authentication success'); $success = array('firstname' => $accountdetails['firstname']['value'], 'surname' => $accountdetails['surname']['value'], 'email' => $accountdetails['email']['value'], 'group' => $accountdetails['group']['value']); // Lets be civilized and warn the user that he should // change his password soon if ($today >= $warnday) { ExternalAuthenticator::setAuthMessage(sprintf(_t('LDAP_Authenticator.WillExpire', 'Your password expires in %d days'), $toexpire)); } } } else { ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP password expiry enabled, but attributes not set; IGNORING'); ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP Authentication success'); $success = array('firstname' => $accountdetails['firstname']['value'], 'surname' => $accountdetails['surname']['value'], 'email' => $accountdetails['email']['value'], 'group' => $accountdetails['group']['value']); } } else { ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Password expiry not enabled'); // Reset the SilverStripe error handler Debug::loadErrorHandlers(); ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP Authentication success'); $success = array('firstname' => $accountdetails['firstname']['value'], 'surname' => $accountdetails['surname']['value'], 'email' => $accountdetails['email']['value'], 'group' => $accountdetails['group']['value']); } } else { // Reset the SilverStripe error handler Debug::loadErrorHandlers(); ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP authentication for ' . $dn . ' failed'); ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed')); $success = false; } @ldap_close(self::$ds); return $success; }