LILiK
/
lilik-users
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
253 KiB
Tree: 68cf9bbbb8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '68cf9bbbb8'
${ noResults }
lilik-users/lilikuser.php

458 lines
12 KiB
Raw Normal View History

first commit
11 years ago
 
  1. <?
  2. 

  3. $ssha=function($pw){
  4. 	if (!in_array(strtolower(substr($pw, 0, 5)), array('{ssha', '{cryp', '{sha}',))){
  5. 		$salt = substr(md5(uniqid(mt_rand(), true)), 0, 4);
  6. 		return '{SSHA}'.base64_encode( sha1( $pw . $salt, true) . $salt );
  7. 		}
  8. 	return $pw;
  9. };
  10. 

  11. class LdapAdapter{
  12. 	function __construct($host, $port, $user, $pass){
  13. 		$this->conn = ldap_connect($host,$port);
  14. 		ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
  15. 		ldap_bind($this->conn, $user, $pass);
  16. 	}
  17. 

  18. 	function bind($host, $port, $user, $pass){
  19. 		$conn = ldap_connect($host,$port);
  20. 		ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
  21. 		return ldap_bind($conn, $user, $pass);
  22. 	}
  23. 

  24. 	function get_ldap_attr($dn, $attr){
  25. #		$search = ldap_search($this->conn, $dn, "$attr=*", array($attr));

  26. 

  27. 		$dn_array=ldap_explode_dn($dn, 0);
  28. 		$new_dn=array();
  29. 		for ($i=1; $i<$dn_array['count']; $i++){
  30. 			$new_dn[]=$dn_array[$i];
  31. 		}
  32. 		$search=ldap_search($this->conn, implode(',', $new_dn), $dn_array[0]);
  33. 		if (ldap_count_entries($this->conn, $search)==0){
  34. 			return Null;
  35. 		}
  36. 		$entry = ldap_first_entry($this->conn, $search);
  37. 

  38. 		return ldap_get_values ($this->conn, $entry, $attr);
  39. 	}
  40. 

  41. 	function get_ldap_attr_max($dn, $attr){
  42. 		$search = ldap_search($this->conn, $dn, "$attr=*", array($attr));
  43. 		$entry = ldap_first_entry($this->conn, $search);
  44. 		$max=0;
  45. 		while( $entry){
  46. 			$tmp=ldap_get_values ($this->conn, $entry, $attr)[0];
  47. 			if ($tmp>$max){
  48. 				$max=$tmp;
  49. 			}
  50. 			$entry = ldap_next_entry($this->conn, $search);
  51. 		}
  52. 		return $max;
  53. 	}
  54. 

  55. 	function add_ldap_obj($dn, $obj){
  56. 		return ldap_add($this->conn, $dn, $obj);
  57. 	}
  58. 

  59. 	function exist_ldap_obj($dn){
  60. 		$dn_array=ldap_explode_dn($dn, 0);
  61. 		$new_dn=array();
  62. 		for ($i=1; $i<$dn_array['count']; $i++){
  63. 			$new_dn[]=$dn_array[$i];
  64. 		}
  65. 		$search=ldap_search($this->conn, implode(',', $new_dn), $dn_array[0]);
  66. 		if (ldap_count_entries($this->conn, $search)==0){
  67. 			return False;
  68. 		}
  69. 		return True;
  70. 	}
  71. 

  72. 	function set_ldap_attr($dn, $attr, $value){
  73. 		return ldap_modify($this->conn, $dn , array($attr=>$value));
  74. 	}
  75. }
  76. 

  77. abstract class Adapter{
  78. 	function __construct($dn){
  79. 		$this->dn = $dn;
  80. 		$this->setters = array();
  81. 		$this->getters = array();
  82. 	}
  83. 

  84. 	function add_getter($attr, $fn = Null){
  85. 		if (array_key_exists($attr, $this->getters)){
  86. 			$this->getters[$attr][]= $fn;
  87. 		}else{
  88. 			$this->getters[$attr] = array($fn);
  89. 		}
  90. 	}
  91. 

  92. 	function add_setter($attr, $fn = Null){
  93. 		if (array_key_exists($attr, $this->setters)){
  94. 			$this->setters[$attr][]= $fn;
  95. 		}else{
  96. 			$this->setters[$attr] = array($fn);
  97. 		}
  98. 	}
  99. 

  100. 	function get_attr($la, $username, $attr){
  101. 		if (array_key_exists($attr, $this->getters)){
  102. 			foreach ($this->getters[$attr] as $getter){
  103. 				$result=$la->get_ldap_attr(sprintf($this->dn, $username), $attr);
  104. 				if ($getter != Null)
  105. 					return $getter($result);
  106. 				return $result;
  107. 			}
  108. 		}
  109. 		return Null;
  110. 	}
  111. 

  112. 	function set_attr($la, $username, $attr, $value){
  113. 		$done=False;
  114. 		if (array_key_exists($attr, $this->setters)){
  115. 			$done=True;
  116. 			foreach ($this->setters[$attr] as $setter){
  117. 				if ($setter != Null)
  118. 					$value=$setter($value);
  119. 				$la->set_ldap_attr(sprintf($this->dn, $username), $attr, $value);
  120. 			}
  121. 		}
  122. 		return $done;
  123. 	}
  124. 

  125. 	function get_attributes(){
  126. 		$attributes=array();
  127. 		foreach ($this->setters as $setter => $value)
  128. 			$attributes[]=$setter;
  129. 		return $attributes;
  130. 	}
  131. 

  132. 	function exist($la, $username){
  133. 		if ($la->exist_ldap_obj(sprintf($this->dn, $username))){
  134. 			return True;
  135. 		}
  136. 		return False;
  137. 	}
  138. 

  139. 	function bind($username, $password){
  140. 		global $HOST, $PORT, $LOGIN_DN;
  141. 		return LdapAdapter::bind($HOST, $PORT, sprintf($this->dn,$username), $password);
  142. 	}
  143. 

  144. }
  145. 

  146. class MailAdapter extends Adapter{
  147. 	function __construct($dn){
  148. 		global $ssha;
  149. 		parent::__construct($dn);
  150. 		$this->add_getter('mail', function($x){return $x[0];}); # function($x){return substr($x, strlen("@lilik.it")*-1);}

  151. 		$this->add_setter('mail'); # function($x){return $x[0]."@lilik.it";}

  152. 

  153. 		$this->add_getter('cn', function($x){return $x[0];});
  154. 		$this->add_setter('cn');
  155. 

  156. 		$this->add_getter('userPassword', function($x){return $x[0];});
  157. 		$this->add_setter('userPassword', $ssha);
  158. 

  159. 		$this->add_getter('accountActive', function($x){return $x[0];});
  160. 		$this->add_setter('accountActive');
  161. 	}
  162. 

  163. 	function create($la, $id, $name, $surname, $password){
  164. 		global $ssha;
  165. 		$new_mail_obj=['cn'=> [sprintf('%s %s',$name,$surname)],
  166. 						'accountActive'=> ['FALSE'],
  167. 						'objectClass'=> ['top', 'VirtualMailAccount', 'Vacation', 'VirtualForward', 'amavisAccount'],
  168. 						'smtpAuth'=> ['FALSE'],
  169. 						'mailAutoreply'=> [sprintf('%s@lilik.it.autoreply',$id)],
  170. 						'uid'=> [sprintf('%s.lilik.it',$id)],
  171. 						'vacationEnd'=> ['200701010000'],
  172. 						'userPassword'=> [$ssha($password)],
  173. 						'amavisBypassSpamChecks'=> ['FALSE'],
  174. 						'amavisSpamTagLevel'=> ['3.0'],
  175. 						'otherTransport'=> ['phamm=>'],
  176. 						'vacationInfo'=> ['vacation'],
  177. 						'mail'=> [sprintf('%s@lilik.it',$id)],
  178. 						'vacationStart'=> ['200701010000'],
  179. 						'vacationActive'=> ['FALSE'],
  180. 						'amavisSpamTag2Level'=> ['5.5'],
  181. 						'vdHome'=> [sprintf('/home/mail_deliver/lilik.it/%s',$id)],
  182. 						'quota'=> ['1024000'],
  183. 						'mailbox'=> [sprintf('lilik.it/%s/',$id)],
  184. 						'forwardActive'=> ['FALSE'],
  185. 						'amavisBypassVirusChecks'=> ['FALSE'],
  186. 						'sn'=> [sprintf('%s',$surname)],
  187. 						'amavisSpamKillLevel'=> ['6.0'],
  188. 						'givenName'=> [sprintf('%s',$name)],
  189. 						'delete'=> ['FALSE'],
  190. 						'lastChange'=> [sprintf('%d',time())]
  191. 						];
  192. 

  193. 		return $la->add_ldap_obj(sprintf($this->dn,$id),$new_mail_obj);
  194. 	}
  195. }
  196. 

  197. class PosixAdapter extends Adapter{
  198. 	function __construct($dn){
  199. 		global $ssha;
  200. 		parent::__construct($dn);
  201. 

  202. 		$this->add_getter('cn', function($x){return $x[0];});
  203. 		$this->add_setter('cn');
  204. 

  205. 		$this->add_getter('host');
  206. 		$this->add_setter('host');
  207. 

  208. 		$this->add_getter('userPassword', function($x){return $x[0];});
  209. 		$this->add_setter('userPassword', $ssha);
  210. 

  211. 		$this->add_getter('memberOf');
  212. 		$this->add_setter('memberOf');
  213. 	}
  214. 

  215. 	function create($la, $id, $name, $surname, $password){
  216. 		global $ssha;
  217. 		$new_posix_obj=['uid'=> [sprintf('%s',$id)],
  218. 						'objectClass'=> ['top', 'shadowAccount', 'posixAccount', 'account'],
  219. 						'loginShell'=> ['/bin/bash'],
  220. 						'userPassword'=> [$ssha($password)],
  221. 						'uidNumber'=> [$la->get_ldap_attr_max('o=People,dc=lilik,dc=it', 'uidNumber')],
  222. 						'host'=> ['*'],
  223. 						'gidNumber'=> ['9000'], #stdusers

  224. 						'homeDirectory'=> [sprintf('/home/%s',$id)],
  225. 						'cn'=> [sprintf('%s %s',$name,$surname)],
  226. 						];
  227. 

  228. 		return $la->add_ldap_obj(sprintf($this->dn,$id),$new_posix_obj);
  229. 	}
  230. }
  231. 

  232. class GroupAdapter extends Adapter{
  233. 	function __construct($dn){
  234. 		parent::__construct($dn);
  235. 		$this->add_getter('member');
  236. 		$this->add_setter('member');
  237. 

  238. 	}
  239. }
  240. 

  241. abstract class pippo{
  242. 	function __construct($id){
  243. 		global $HOST, $PORT, $LOGIN_DN, $LOGIN_PASS;
  244. 		$this->id=$id;
  245. 		$this->la=new LdapAdapter($HOST, $PORT, $LOGIN_DN, $LOGIN_PASS);
  246. 	}
  247. 

  248. 	function get_attr($attr){
  249. 		foreach($this->adapters as $adapter){
  250. 			$result=$adapter->get_attr($this->la, $this->id, $attr);
  251. 			if ($result!=Null)
  252. 				return $result;
  253. 		}
  254. 		return Null;
  255. 	}
  256. 

  257. 	function set_attr($attr, $value){
  258. 		$result=False;
  259. 		foreach($this->adapters as $adapter){
  260. 			if ($adapter->set_attr($this->la, $this->id, $attr, $value)){
  261. 				$result=True;
  262. 			}
  263. 		}
  264. 		return $result;
  265. 	}
  266. 

  267. 	function add_in_list($attr, $value){
  268. 		$tmp=$this->get_attr($attr);
  269. 		if (in_array($value, $tmp)){
  270. 			return True;
  271. 		}
  272. 		$tmp[]=$value;
  273. 		unset($tmp['count']);
  274. 		if ($this->set_attr($attr, $tmp)){
  275. 			return True;
  276. 		}
  277. 		return False;
  278. 	}
  279. 

  280. 	function del_in_list($attr, $value){
  281. 		$tmp=$this->get_attr($attr);
  282. 		if (!in_array($value, $tmp)){
  283. 			return True;
  284. 		}
  285. 		if(($key = array_search($value, $tmp)) !== false) {
  286. 			unset($tmp[$key]);
  287. 		}
  288. 		unset($tmp['count']);
  289. 		$tmp=array_values($tmp);
  290. 		if ($this->set_attr($attr, $tmp)){
  291. 			return True;
  292. 		}
  293. 		return False;
  294. 	}
  295. 

  296. 	function exist(){
  297. 		foreach ($this->adapters as $adapter){
  298. 			if ($adapter->exist($this->la, $this->id)){
  299. 				return True;
  300. 			}
  301. 		}
  302. 		return False;
  303. 	}
  304. 

  305. 	function check_password($password){
  306. 		foreach ($this->adapters as $adapter)
  307. 			if ($adapter->bind($this->id, $password))
  308. 				return True;
  309. 	return False;
  310. 	}
  311. }
  312. 

  313. class LilikGroup extends pippo{
  314. 	function __construct($id){
  315. 		global $HOST, $PORT, $LOGIN_DN;
  316. 		parent::__construct($id);
  317. 		$this->adapters=[new GroupAdapter("cn=%s,o=Group,dc=lilik,dc=it")];
  318. 	}
  319. 

  320. 	function add_user($user){
  321. 		return $this->add_in_list('member', sprintf($user->adapters[1]->dn,$user->id));
  322. 	}
  323. 

  324. 	function del_user($user){
  325. 		return $this->del_in_list('member', sprintf($user->adapters[1]->dn,$user->id));
  326. 	}
  327. 

  328. 	function is_user($user){
  329. 		if (in_array(sprintf($user->adapters[1]->dn,$user->id), $this->get_attr('member'))){
  330. 			return True;
  331. 		}
  332. 		return False;
  333. 	}
  334. }
  335. 

  336. class LilikUser extends pippo{
  337. 	function __construct($id){
  338. 		parent::__construct($id);
  339. 		$this->adapters=array(new MailAdapter("mail=%s@lilik.it,vd=lilik.it,o=hosting,dc=lilik,dc=it"),
  340. 			new PosixAdapter("uid=%s,o=People,dc=lilik,dc=it"));
  341. 		$this->_flag=array('mail'=>'accountActive');
  342. 		$this->_host=array('ltsp'=>'ltsp',
  343. 					'users'=>'users');
  344. 		$this->_member=array('admin'=>'admin',
  345. 						'wiki'=>'wiki',
  346. 						'public_html'=>'public_html',
  347. 						'lilik.it'=>'lilik.it',
  348. 						'cloud'=>'cloud',
  349. 						'projects'=>'projects',
  350. 						'teambox'=>'teambox'
  351. 						);
  352. 		if ($this->exist()){
  353. 			$this->sanitize();
  354. 		}
  355. 	}
  356. 

  357. 	function is_admin(){
  358. 		return $this->status('admin');
  359. 	}
  360. 

  361. 	function enable($service){
  362. 		if (array_key_exists($service, $this->_flag)){
  363. 			return $this->set_attr($this->_flag[$service], 'TRUE');
  364. 		}elseif (array_key_exists($service, $this->_host)){
  365. 			return $this->add_in_list('host', $this->_host[$service]);
  366. 		}elseif (array_key_exists($service, $this->_member)){
  367. 			$l=new LilikGroup($this->_member[$service]);
  368. 			return $l->add_user($this);
  369. 		}else{
  370. 			throw new Exception("Service not found");
  371. 		}
  372. 	}
  373. 

  374. 	function disable($service){
  375. 		if (array_key_exists($service, $this->_flag)){
  376. 			return $this->set_attr($this->_flag[$service], 'FALSE');
  377. 		}elseif (array_key_exists($service, $this->_host)){
  378. 			return $this->del_in_list('host', $this->_host[$service]);
  379. 		}elseif (array_key_exists($service, $this->_member)){
  380. 			$l=new LilikGroup($this->_member[$service]);
  381. 			return $l->del_user($this);
  382. 		}else{
  383. 			throw new Exception("Service not found");
  384. 		}
  385. 	}
  386. 

  387. 	function status($service){
  388. 		if (array_key_exists($service, $this->_flag)){
  389. 			if ($this->get_attr($this->_flag[$service])=='TRUE'){
  390. 				return True;
  391. 			}
  392. 			return False;
  393. 		}elseif (array_key_exists($service, $this->_host)){
  394. 			if (in_array($this->_host[$service], $this->get_attr("host"))){
  395. 				return True;
  396. 			}
  397. 			return False;
  398. 		}elseif (array_key_exists($service, $this->_member)){
  399. 			$l=new LilikGroup($this->_member[$service]);
  400. 			return $l->is_user($this);
  401. 		}else{
  402. 			throw new Exception("Service not found");
  403. 		}
  404. 	}
  405. 

  406. 	function get_attributes(){
  407. 		$attributes=array();
  408. 		foreach ($this->adapters as $adapter)
  409. 			$attributes+= $adapter->get_attributes();
  410. 		return $attributes;
  411. 	}
  412. 

  413. 	function get_services(){
  414. 		$services=array();
  415. 		foreach (array($this->_flag, $this->_host, $this->_member) as $k)
  416. 			foreach ($k as $x => $value)
  417. 				$services[]= $x;
  418. 		return $services;
  419. 	}
  420. 

  421. 	function get_enabled_services(){
  422. 		$enabled_services=array();
  423. 		foreach ($this->get_services() as $service){
  424. 			if ($this->status($service)){
  425. 				$enabled_services[]=$service;
  426. 			}
  427. 		}
  428. 		return $enabled_services;
  429. 	}
  430. 

  431. 	function sanitize(){
  432. 		$tmp=explode(' ', $this->get_attr('cn'), 2);
  433. 		if (count($tmp) > 1){
  434. 			$name=$tmp[0];
  435. 			$surname=$tmp[1];
  436. 		}else{
  437. 			$name=$this->get_attr('cn');
  438. 			$surname='';
  439. 		}
  440. 		return $this->create($name, $surname, $this->get_attr('userPassword'));
  441. 	}
  442. 

  443. 	function create($name, $surname, $password){
  444. 		$result=True;
  445. 		foreach ($this->adapters as $adapter){
  446. 			if (!$adapter->exist($this->la, $this->id)){
  447. 				if (!$adapter->create($this->la, $this->id, $name, $surname, $password)){
  448. 					$result=False;
  449. 				}
  450. 			}
  451. 		}
  452. 		return $result;
  453. 	}
  454. 

  455. }
  456. 

  457. 

  458.