LILiK
/
lilik-users
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
1 Branch
253 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
lilik-users/lilikuser.php

500 lines
13 KiB
Raw Permalink Normal View History

first commit
11 years ago
aggiunta segnalazione errore connessione ldap
11 years ago
first commit
11 years ago
enabled PosixGroup support
11 years ago
first commit
11 years ago
enabled PosixGroup support
11 years ago
first commit
11 years ago
aggiunta segnalazione errore connessione ldap
11 years ago
first commit
11 years ago
fix bug
11 years ago
first commit
11 years ago
fix bug
11 years ago
add im group
11 years ago
first commit
11 years ago
enabled PosixGroup support
11 years ago
first commit
11 years ago
aggiunta segnalazione errore connessione ldap
11 years ago
first commit
11 years ago
enabled PosixGroup support
11 years ago
fix bug
11 years ago
enabled PosixGroup support
11 years ago
first commit
11 years ago
enabled PosixGroup support
11 years ago
fix bug
11 years ago
enabled PosixGroup support
11 years ago
first commit
11 years ago
enabled PosixGroup support
11 years ago
fix bug
11 years ago
enabled PosixGroup support
11 years ago
first commit
11 years ago
fix bug
11 years ago
first commit
11 years ago
 
  1. <?
  2. 

  3. $ssha=function($pw){
  4. 	if (!in_array(strtolower(substr($pw, 0, 5)), array('{ssha', '{cryp', '{sha}',))){
  5. 		$salt = substr(md5(uniqid(mt_rand(), true)), 0, 4);
  6. 		return '{SSHA}'.base64_encode( sha1( $pw . $salt, true) . $salt );
  7. 		}
  8. 	return $pw;
  9. };
  10. 

  11. class LdapAdapter{
  12. 	function __construct($host, $port, $user, $pass){
  13. 		$this->conn = ldap_connect($host,$port);
  14. 		ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
  15. 		$this->bind_status = ldap_bind($this->conn, $user, $pass);
  16. 

  17. 	}
  18. 

  19. 	function get_bind_status(){
  20. 		return $this->bind_status;
  21. 	}
  22. 

  23. 	function bind($host, $port, $user, $pass){
  24. 		$conn = ldap_connect($host,$port);
  25. 		ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
  26. 		return ldap_bind($conn, $user, $pass);
  27. 	}
  28. 

  29. 	function get_ldap_attr($dn, $attr){
  30. #		$search = ldap_search($this->conn, $dn, "$attr=*", array($attr));

  31. 

  32. 		$dn_array=ldap_explode_dn($dn, 0);
  33. 		$new_dn=array();
  34. 		for ($i=1; $i<$dn_array['count']; $i++){
  35. 			$new_dn[]=$dn_array[$i];
  36. 		}
  37. 		$search=ldap_search($this->conn, implode(',', $new_dn), $dn_array[0]);
  38. 		if (ldap_count_entries($this->conn, $search)==0){
  39. 			return Null;
  40. 		}
  41. 		$entry = ldap_first_entry($this->conn, $search);
  42. 

  43. 		return ldap_get_values ($this->conn, $entry, $attr);
  44. 	}
  45. 

  46. 	function get_ldap_attr_max($dn, $attr){
  47. 		$search = ldap_search($this->conn, $dn, "$attr=*", array($attr));
  48. 		$entry = ldap_first_entry($this->conn, $search);
  49. 		$max=0;
  50. 		while( $entry){
  51. 			$tmp=ldap_get_values ($this->conn, $entry, $attr)[0];
  52. 			if ($tmp>$max){
  53. 				$max=$tmp;
  54. 			}
  55. 			$entry = ldap_next_entry($this->conn, $search);
  56. 		}
  57. 		return $max;
  58. 	}
  59. 

  60. 	function add_ldap_obj($dn, $obj){
  61. 		return ldap_add($this->conn, $dn, $obj);
  62. 	}
  63. 

  64. 	function exist_ldap_obj($dn){
  65. 		$dn_array=ldap_explode_dn($dn, 0);
  66. 		$new_dn=array();
  67. 		for ($i=1; $i<$dn_array['count']; $i++){
  68. 			$new_dn[]=$dn_array[$i];
  69. 		}
  70. 		$search=ldap_search($this->conn, implode(',', $new_dn), $dn_array[0]);
  71. 		if (ldap_count_entries($this->conn, $search)==0){
  72. 			return False;
  73. 		}
  74. 		return True;
  75. 	}
  76. 

  77. 	function set_ldap_attr($dn, $attr, $value){
  78. 		return ldap_modify($this->conn, $dn , array($attr=>$value));
  79. 	}
  80. }
  81. 

  82. abstract class Adapter{
  83. 	function __construct($dn){
  84. 		$this->dn = $dn;
  85. 		$this->setters = array();
  86. 		$this->getters = array();
  87. 	}
  88. 

  89. 	function add_getter($attr, $fn = Null){
  90. 		if (array_key_exists($attr, $this->getters)){
  91. 			$this->getters[$attr][]= $fn;
  92. 		}else{
  93. 			$this->getters[$attr] = array($fn);
  94. 		}
  95. 	}
  96. 

  97. 	function add_setter($attr, $fn = Null){
  98. 		if (array_key_exists($attr, $this->setters)){
  99. 			$this->setters[$attr][]= $fn;
  100. 		}else{
  101. 			$this->setters[$attr] = array($fn);
  102. 		}
  103. 	}
  104. 

  105. 	function get_attr($la, $username, $attr){
  106. 		if (array_key_exists($attr, $this->getters)){
  107. 			foreach ($this->getters[$attr] as $getter){
  108. 				$result=$la->get_ldap_attr(sprintf($this->dn, $username), $attr);
  109. 				if ($getter != Null)
  110. 					return $getter($result);
  111. 				return $result;
  112. 			}
  113. 		}
  114. 		return Null;
  115. 	}
  116. 

  117. 	function set_attr($la, $username, $attr, $value){
  118. 		$done=False;
  119. 		if (array_key_exists($attr, $this->setters)){
  120. 			$done=True;
  121. 			foreach ($this->setters[$attr] as $setter){
  122. 				if ($setter != Null)
  123. 					$value=$setter($value);
  124. 				$la->set_ldap_attr(sprintf($this->dn, $username), $attr, $value);
  125. 			}
  126. 		}
  127. 		return $done;
  128. 	}
  129. 

  130. 	function get_attributes(){
  131. 		$attributes=array();
  132. 		foreach ($this->setters as $setter => $value)
  133. 			$attributes[]=$setter;
  134. 		return $attributes;
  135. 	}
  136. 

  137. 	function exist($la, $username){
  138. 		if ($la->exist_ldap_obj(sprintf($this->dn, $username))){
  139. 			return True;
  140. 		}
  141. 		return False;
  142. 	}
  143. 

  144. 	function bind($username, $password){
  145. 		global $HOST, $PORT, $LOGIN_DN;
  146. 		return LdapAdapter::bind($HOST, $PORT, sprintf($this->dn,$username), $password);
  147. 	}
  148. 

  149. }
  150. 

  151. class MailAdapter extends Adapter{
  152. 	function __construct($dn){
  153. 		global $ssha;
  154. 		parent::__construct($dn);
  155. 		$this->add_getter('mail', function($x){return $x[0];}); # function($x){return substr($x, strlen("@lilik.it")*-1);}

  156. 		$this->add_setter('mail'); # function($x){return $x[0]."@lilik.it";}

  157. 

  158. 		$this->add_getter('cn', function($x){return $x[0];});
  159. 		$this->add_setter('cn');
  160. 

  161. 		$this->add_getter('userPassword', function($x){return $x[0];});
  162. 		$this->add_setter('userPassword', $ssha);
  163. 

  164. 		$this->add_getter('accountActive', function($x){return $x[0];});
  165. 		$this->add_setter('accountActive');
  166. 	}
  167. 

  168. 	function create($la, $id, $name, $surname, $password){
  169. 		global $ssha;
  170. 		$new_mail_obj=['cn'=> [sprintf('%s %s',$name,$surname)],
  171. 						'accountActive'=> ['FALSE'],
  172. 						'objectClass'=> ['top', 'VirtualMailAccount', 'Vacation', 'VirtualForward', 'amavisAccount'],
  173. 						'smtpAuth'=> ['FALSE'],
  174. 						'mailAutoreply'=> [sprintf('%s@lilik.it.autoreply',$id)],
  175. 						'uid'=> [sprintf('%s.lilik.it',$id)],
  176. 						'vacationEnd'=> ['200701010000'],
  177. 						'userPassword'=> [$ssha($password)],
  178. 						'amavisBypassSpamChecks'=> ['FALSE'],
  179. 						'amavisSpamTagLevel'=> ['3.0'],
  180. 						'otherTransport'=> ['phamm=>'],
  181. 						'vacationInfo'=> ['vacation'],
  182. 						'mail'=> [sprintf('%s@lilik.it',$id)],
  183. 						'vacationStart'=> ['200701010000'],
  184. 						'vacationActive'=> ['FALSE'],
  185. 						'amavisSpamTag2Level'=> ['5.5'],
  186. 						'vdHome'=> [sprintf('/home/mail_deliver/lilik.it/%s',$id)],
  187. 						'quota'=> ['1024000'],
  188. 						'mailbox'=> [sprintf('lilik.it/%s/',$id)],
  189. 						'forwardActive'=> ['FALSE'],
  190. 						'amavisBypassVirusChecks'=> ['FALSE'],
  191. 						'sn'=> [sprintf('%s',$surname)],
  192. 						'amavisSpamKillLevel'=> ['6.0'],
  193. 						'givenName'=> [sprintf('%s',$name)],
  194. 						'delete'=> ['FALSE'],
  195. 						'lastChange'=> [sprintf('%d',time())]
  196. 						];
  197. 

  198. 		return $la->add_ldap_obj(sprintf($this->dn,$id),$new_mail_obj);
  199. 	}
  200. }
  201. 

  202. class PosixAdapter extends Adapter{
  203. 	function __construct($dn){
  204. 		global $ssha;
  205. 		parent::__construct($dn);
  206. 

  207. 		$this->add_getter('cn', function($x){return $x[0];});
  208. 		$this->add_setter('cn');
  209. 

  210. 		$this->add_getter('host');
  211. 		$this->add_setter('host');
  212. 

  213. 		$this->add_getter('userPassword', function($x){return $x[0];});
  214. 		$this->add_setter('userPassword', $ssha);
  215. 

  216. 		$this->add_getter('memberOf');
  217. 		$this->add_setter('memberOf');
  218. 	}
  219. 

  220. 	function create($la, $id, $name, $surname, $password){
  221. 		global $ssha;
  222. 		$new_posix_obj=['uid'=> [sprintf('%s',$id)],
  223. 						'objectClass'=> ['top', 'shadowAccount', 'posixAccount', 'account'],
  224. 						'loginShell'=> ['/bin/bash'],
  225. 						'userPassword'=> [$ssha($password)],
  226. 						'uidNumber'=> [$la->get_ldap_attr_max('o=People,dc=lilik,dc=it', 'uidNumber')],
  227. 						'host'=> ['*'],
  228. 						'gidNumber'=> ['9000'], #stdusers

  229. 						'homeDirectory'=> [sprintf('/home/%s',$id)],
  230. 						'cn'=> [sprintf('%s %s',$name,$surname)],
  231. 						];
  232. 

  233. 		return $la->add_ldap_obj(sprintf($this->dn,$id),$new_posix_obj);
  234. 	}
  235. }
  236. 

  237. class GroupAdapter extends Adapter{
  238. 	function __construct($dn){
  239. 		parent::__construct($dn);
  240. 		$this->add_getter('member');
  241. 		$this->add_setter('member');
  242. 

  243. 		$this->add_getter('memberUid');
  244. 		$this->add_setter('memberUid');
  245. 

  246. 	}
  247. }
  248. 

  249. 

  250. abstract class pippo{
  251. 	function __construct($id){
  252. 		global $HOST, $PORT, $LOGIN_DN, $LOGIN_PASS;
  253. 		$this->id=$id;
  254. 		$this->la=new LdapAdapter($HOST, $PORT, $LOGIN_DN, $LOGIN_PASS);
  255. 	}
  256. 

  257. 	function get_bind_status(){
  258. 		return $this->la->get_bind_status();
  259. 	}
  260. 

  261. 	function get_attr($attr){
  262. 		foreach($this->adapters as $adapter){
  263. 			$result=$adapter->get_attr($this->la, $this->id, $attr);
  264. 			if ($result!=Null)
  265. 				return $result;
  266. 		}
  267. 		return Null;
  268. 	}
  269. 

  270. 	function set_attr($attr, $value){
  271. 		$result=False;
  272. 		foreach($this->adapters as $adapter){
  273. 			if ($adapter->set_attr($this->la, $this->id, $attr, $value)){
  274. 				$result=True;
  275. 			}
  276. 		}
  277. 		return $result;
  278. 	}
  279. 

  280. 	function add_in_list($attr, $value){
  281. 		$tmp=$this->get_attr($attr);
  282. 		if (in_array($value, $tmp)){
  283. 			return True;
  284. 		}
  285. 		$tmp[]=$value;
  286. 		unset($tmp['count']);
  287. 		if ($this->set_attr($attr, $tmp)){
  288. 			return True;
  289. 		}
  290. 		return False;
  291. 	}
  292. 

  293. 	function del_in_list($attr, $value){
  294. 		$tmp=$this->get_attr($attr);
  295. 		if (!in_array($value, $tmp)){
  296. 			return True;
  297. 		}
  298. 		if(($key = array_search($value, $tmp)) !== false) {
  299. 			unset($tmp[$key]);
  300. 		}
  301. 		unset($tmp['count']);
  302. 		$tmp=array_values($tmp);
  303. 		if ($this->set_attr($attr, $tmp)){
  304. 			return True;
  305. 		}
  306. 		return False;
  307. 	}
  308. 

  309. 	function exist(){
  310. 		foreach ($this->adapters as $adapter){
  311. 			if ($adapter->exist($this->la, $this->id)){
  312. 				return True;
  313. 			}
  314. 		}
  315. 		return False;
  316. 	}
  317. 

  318. 	function check_password($password){
  319. 		foreach ($this->adapters as $adapter)
  320. 			if ($adapter->bind($this->id, $password))
  321. 				return True;
  322. 	return False;
  323. 	}
  324. }
  325. 

  326. class LilikGroup extends pippo{
  327.         function __construct($id, $is_posix=False){
  328.                 global $HOST, $PORT, $LOGIN_DN;
  329.                 parent::__construct($id);
  330.                 $this->adapters=[new GroupAdapter("cn=%s,o=Group,dc=lilik,dc=it")];
  331.                 $this->is_posix=$is_posix;
  332.                 if ($is_posix){
  333.                         $this->member_attr="memberUid";
  334.                 }else{
  335.                         $this->member_attr="member";
  336.                 }
  337.         }
  338. 

  339.         function get_id($user){
  340.                 if ($this->is_posix){
  341.                         return $user->id;
  342.                 }else{
  343.                         return sprintf($user->adapters[1]->dn,$user->id);
  344.                 }
  345.         }
  346. 

  347.         function add_user($user){
  348.                 return $this->add_in_list($this->member_attr, $this->get_id($user));
  349.         }
  350. 

  351.         function del_user($user){
  352.                 return $this->del_in_list($this->member_attr, $this->get_id($user));
  353.         }
  354. 

  355.         function is_user($user){
  356.                 if (in_array($this->get_id($user), $this->get_attr($this->member_attr))){
  357.                         return True;
  358.                 }
  359.                 return False;
  360.         }
  361. }
  362. 

  363. class LilikUser extends pippo{
  364. 	function __construct($id){
  365. 		parent::__construct($id);
  366. 		$this->adapters=array(new MailAdapter("mail=%s@lilik.it,vd=lilik.it,o=hosting,dc=lilik,dc=it"),
  367. 			new PosixAdapter("uid=%s,o=People,dc=lilik,dc=it"));
  368. 		$this->_flag=array('mail'=>'accountActive');
  369. 		$this->_host=array('ltsp'=>'ltsp',
  370. 					'users'=>'users');
  371. 		$this->_member=array('admin'=>'admin',
  372. 						'wiki'=>'wiki',
  373. 						'lilik.it'=>'lilik.it',
  374. 						'cloud'=>'cloud',
  375. 						'projects'=>'projects',
  376. 						'teambox'=>'teambox',
  377. 						'im'=>'im'
  378. 						);
  379. 		$this->_posix_member=array('users_sites'=>'users_sites');
  380. 

  381. 		if ($this->exist()){
  382. 			$this->sanitize();
  383. 		}
  384. 	}
  385. 

  386. 	function is_admin(){
  387. 		return $this->status('admin');
  388. 	}
  389. 

  390. 	function is_binded(){
  391. 		
  392. 	}
  393. 

  394. 	function enable($service){
  395. 		if (array_key_exists($service, $this->_flag)){
  396. 			return $this->set_attr($this->_flag[$service], 'TRUE');
  397. 		}elseif (array_key_exists($service, $this->_host)){
  398. 			return $this->add_in_list('host', $this->_host[$service]);
  399. 		}elseif (array_key_exists($service, $this->_member)){
  400. 			$l=new LilikGroup($this->_member[$service]);
  401. 			return $l->add_user($this);
  402. 		}elseif (array_key_exists($service, $this->_posix_member)){
  403. 			$l=new LilikGroup($this->_posix_member[$service], True);
  404. 			return $l->add_user($this);
  405. 		}else{
  406. 			throw new Exception("Service not found");
  407. 		}
  408. 	}
  409. 

  410. 	function disable($service){
  411. 		if (array_key_exists($service, $this->_flag)){
  412. 			return $this->set_attr($this->_flag[$service], 'FALSE');
  413. 		}elseif (array_key_exists($service, $this->_host)){
  414. 			return $this->del_in_list('host', $this->_host[$service]);
  415. 		}elseif (array_key_exists($service, $this->_member)){
  416. 			$l=new LilikGroup($this->_member[$service]);
  417. 			return $l->del_user($this);
  418. 		}elseif (array_key_exists($service, $this->_posix_member)){
  419. 			$l=new LilikGroup($this->_posix_member[$service], True);
  420. 			return $l->del_user($this);
  421. 		}else{
  422. 			throw new Exception("Service not found");
  423. 		}
  424. 	}
  425. 

  426. 	function status($service){
  427. 		if (array_key_exists($service, $this->_flag)){
  428. 			if ($this->get_attr($this->_flag[$service])=='TRUE'){
  429. 				return True;
  430. 			}
  431. 			return False;
  432. 		}elseif (array_key_exists($service, $this->_host)){
  433. 			if (in_array($this->_host[$service], $this->get_attr("host"))){
  434. 				return True;
  435. 			}
  436. 			return False;
  437. 		}elseif (array_key_exists($service, $this->_member)){
  438. 			$l=new LilikGroup($this->_member[$service]);
  439. 			return $l->is_user($this);
  440. 		}elseif (array_key_exists($service, $this->_posix_member)){
  441. 			$l=new LilikGroup($this->_posix_member[$service], True);
  442. 			return $l->is_user($this);
  443. 		}else{
  444. 			throw new Exception("Service not found");
  445. 		}
  446. 	}
  447. 

  448. 	function get_attributes(){
  449. 		$attributes=array();
  450. 		foreach ($this->adapters as $adapter)
  451. 			$attributes+= $adapter->get_attributes();
  452. 		return $attributes;
  453. 	}
  454. 

  455. 	function get_services(){
  456. 		$services=array();
  457. 		foreach (array($this->_flag, $this->_host, $this->_member, $this->_posix_member) as $k)
  458. 			foreach ($k as $x => $value)
  459. 				$services[]= $x;
  460. 		return $services;
  461. 	}
  462. 

  463. 	function get_enabled_services(){
  464. 		$enabled_services=array();
  465. 		foreach ($this->get_services() as $service){
  466. 			if ($this->status($service)){
  467. 				$enabled_services[]=$service;
  468. 			}
  469. 		}
  470. 		return $enabled_services;
  471. 	}
  472. 

  473. 	function sanitize(){
  474. 		$tmp=explode(' ', $this->get_attr('cn'), 2);
  475. 		if (count($tmp) > 1){
  476. 			$name=$tmp[0];
  477. 			$surname=$tmp[1];
  478. 		}else{
  479. 			$name=$this->get_attr('cn');
  480. 			$surname='';
  481. 		}
  482. 		return $this->create($name, $surname, $this->get_attr('userPassword'));
  483. 	}
  484. 

  485. 	function create($name, $surname, $password){
  486. 		$result=True;
  487. 		foreach ($this->adapters as $adapter){
  488. 			if (!$adapter->exist($this->la, $this->id)){
  489. 				if (!$adapter->create($this->la, $this->id, $name, $surname, $password)){
  490. 					$result=False;
  491. 				}
  492. 			}
  493. 		}
  494. 		return $result;
  495. 	}
  496. 

  497. }
  498. 

  499. 

  500.