ryxeo-glpi-git / inc / auth.class.php @ b67d8923
Historique | Voir | Annoter | Télécharger (26,1 ko)
| 1 |
<?php
|
|---|---|
| 2 |
|
| 3 |
|
| 4 |
/*
|
| 5 |
* @version $Id: auth.class.php 7763 2009-01-06 18:44:50Z moyo $
|
| 6 |
-------------------------------------------------------------------------
|
| 7 |
GLPI - Gestionnaire Libre de Parc Informatique
|
| 8 |
Copyright (C) 2003-2009 by the INDEPNET Development Team.
|
| 9 |
|
| 10 |
http://indepnet.net/ http://glpi-project.org
|
| 11 |
-------------------------------------------------------------------------
|
| 12 |
|
| 13 |
LICENSE
|
| 14 |
|
| 15 |
This file is part of GLPI.
|
| 16 |
|
| 17 |
GLPI is free software; you can redistribute it and/or modify
|
| 18 |
it under the terms of the GNU General Public License as published by
|
| 19 |
the Free Software Foundation; either version 2 of the License, or
|
| 20 |
(at your option) any later version.
|
| 21 |
|
| 22 |
GLPI is distributed in the hope that it will be useful,
|
| 23 |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 24 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
| 25 |
GNU General Public License for more details.
|
| 26 |
|
| 27 |
You should have received a copy of the GNU General Public License
|
| 28 |
along with GLPI; if not, write to the Free Software
|
| 29 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
| 30 |
--------------------------------------------------------------------------
|
| 31 |
*/
|
| 32 |
|
| 33 |
// ----------------------------------------------------------------------
|
| 34 |
// Original Author of file:
|
| 35 |
// Purpose of file:
|
| 36 |
// ----------------------------------------------------------------------
|
| 37 |
|
| 38 |
if (!defined('GLPI_ROOT')) { |
| 39 |
die("Sorry. You can't access directly to this file"); |
| 40 |
} |
| 41 |
|
| 42 |
/**
|
| 43 |
* Identification class used to login
|
| 44 |
**/
|
| 45 |
class Identification { |
| 46 |
//! Error string
|
| 47 |
var $err; |
| 48 |
/** User class variable
|
| 49 |
* @see User
|
| 50 |
*/
|
| 51 |
var $user; |
| 52 |
//! External authentification variable : boolean
|
| 53 |
var $extauth = 0; |
| 54 |
///External authentifications methods;
|
| 55 |
var $auth_methods; |
| 56 |
|
| 57 |
///Indicates if the user is authenticated or not
|
| 58 |
var $auth_succeded = 0; |
| 59 |
|
| 60 |
///Indicates if the user is already present in database
|
| 61 |
var $user_present = 0; |
| 62 |
/// Really used ??? define twice but never used...
|
| 63 |
var $auth_parameters = array (); |
| 64 |
/// LDAP connection descriptor
|
| 65 |
var $ldap_connection; |
| 66 |
|
| 67 |
/**
|
| 68 |
* Constructor
|
| 69 |
**/
|
| 70 |
function Identification() { |
| 71 |
$this->err = ""; |
| 72 |
$this->user = new User(); |
| 73 |
} |
| 74 |
|
| 75 |
/**
|
| 76 |
* Is the user exists in the DB
|
| 77 |
* @param $name user login to check
|
| 78 |
* @return 0 (Not in the DB -> check external auth), 1 ( Exist in the DB with a password -> check first local connection and external after), 2 (Exist in the DB with no password -> check only external auth)
|
| 79 |
*
|
| 80 |
**/
|
| 81 |
function userExists($name) { |
| 82 |
global $DB, $LANG; |
| 83 |
|
| 84 |
$query = "SELECT * FROM glpi_users WHERE name='$name'"; |
| 85 |
$result = $DB->query($query); |
| 86 |
if ($DB->numrows($result) == 0) { |
| 87 |
$this->addToError($LANG["login"][14]); |
| 88 |
return 0; |
| 89 |
} else {
|
| 90 |
$pwd = $DB->result($result, 0, "password"); |
| 91 |
$pwdmd5 = $DB->result($result, 0, "password_md5"); |
| 92 |
if (empty ($pwd) && empty ($pwdmd5)) |
| 93 |
return 2; |
| 94 |
else
|
| 95 |
return 1; |
| 96 |
} |
| 97 |
|
| 98 |
} |
| 99 |
/**
|
| 100 |
* Try a IMAP/POP connection
|
| 101 |
*
|
| 102 |
* @param $host IMAP/POP host to connect
|
| 103 |
* @param $login Login to try
|
| 104 |
* @param $pass Password to try
|
| 105 |
*
|
| 106 |
* @return boolean : connection success
|
| 107 |
*
|
| 108 |
**/
|
| 109 |
function connection_imap($host, $login, $pass) { |
| 110 |
// we prevent some delay...
|
| 111 |
if (empty ($host)) { |
| 112 |
return false; |
| 113 |
} |
| 114 |
|
| 115 |
error_reporting(16); |
| 116 |
if ($mbox = imap_open($host, $login, $pass)){ |
| 117 |
//if($mbox)$mbox =
|
| 118 |
imap_close($mbox);
|
| 119 |
return true; |
| 120 |
} |
| 121 |
$this->addToError(imap_last_error());
|
| 122 |
|
| 123 |
imap_close($mbox);
|
| 124 |
return false; |
| 125 |
} |
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
/**
|
| 130 |
* Find a user in a LDAP and return is BaseDN
|
| 131 |
* Based on GRR auth system
|
| 132 |
*
|
| 133 |
* @param $id ID of the LDAP config (use to find replicate)
|
| 134 |
* @param $host LDAP host to connect
|
| 135 |
* @param $port LDAP port
|
| 136 |
* @param $use_tls use a tls connection
|
| 137 |
* @param $basedn Basedn to use
|
| 138 |
* @param $rdn Root dn
|
| 139 |
* @param $rpass Root Password
|
| 140 |
* @param $login_attr login attribute
|
| 141 |
* @param $login User Login
|
| 142 |
* @param $password User Password
|
| 143 |
* @param $condition Condition used to restrict login
|
| 144 |
* @param $deref_options Deref option used
|
| 145 |
*
|
| 146 |
* @return String : basedn of the user / false if not founded
|
| 147 |
**/
|
| 148 |
function connection_ldap($id,$host, $port, $basedn, $rdn, $rpass, $login_attr, $login, $password, $condition = "", $use_tls = false,$deref_options) { |
| 149 |
// TODO try to pass array of connection config to minimise parameters
|
| 150 |
|
| 151 |
global $CFG_GLPI, $LANG; |
| 152 |
|
| 153 |
// we prevent some delay...
|
| 154 |
if (empty ($host)) { |
| 155 |
return false; |
| 156 |
} |
| 157 |
|
| 158 |
$this->ldap_connection = try_connect_ldap($host, $port, $rdn, $rpass, $use_tls,$login, $password,$deref_options,$id); |
| 159 |
|
| 160 |
if ($this->ldap_connection) { |
| 161 |
$dn = ldap_search_user_dn($this->ldap_connection, $basedn, $login_attr, $login, $condition); |
| 162 |
if (@ldap_bind($this->ldap_connection, $dn, $password)) { |
| 163 |
|
| 164 |
//@ldap_unbind($this->ldap_connection);
|
| 165 |
//Hook to implement to restrict access by checking the ldap directory
|
| 166 |
if (doHookFunction("restrict_ldap_auth", $dn)) { |
| 167 |
return $dn; |
| 168 |
} else {
|
| 169 |
$this->addToError($LANG["login"][16]); |
| 170 |
return false; |
| 171 |
} |
| 172 |
} |
| 173 |
|
| 174 |
$this->addToError($LANG["login"][12]); |
| 175 |
return false; |
| 176 |
} else {
|
| 177 |
$this->addToError($LANG["ldap"][6]); |
| 178 |
return false; |
| 179 |
} |
| 180 |
} |
| 181 |
|
| 182 |
|
| 183 |
/**
|
| 184 |
* Find a user in the GLPI DB
|
| 185 |
*
|
| 186 |
* @param $name User Login
|
| 187 |
* @param $password User Password
|
| 188 |
*
|
| 189 |
* try to connect to DB
|
| 190 |
* update the instance variable user with the user who has the name $name
|
| 191 |
* and the password is $password in the DB.
|
| 192 |
* If not found or can't connect to DB updates the instance variable err
|
| 193 |
* with an eventual error message
|
| 194 |
*
|
| 195 |
* @return boolean : user in GLPI DB with the right password
|
| 196 |
**/
|
| 197 |
function connection_db($name, $password) { |
| 198 |
global $DB, $LANG; |
| 199 |
// sanity check... we prevent empty passwords...
|
| 200 |
//
|
| 201 |
if (empty ($password)) { |
| 202 |
$this->addToError($LANG["login"][13]); |
| 203 |
return false; |
| 204 |
} |
| 205 |
|
| 206 |
$query = "SELECT password, password_md5 from glpi_users where (name = '" . $name . "')"; |
| 207 |
$result = $DB->query($query); |
| 208 |
if (!$result) { |
| 209 |
$this->addToError($LANG["login"][14]); |
| 210 |
return false; |
| 211 |
} |
| 212 |
if ($result) { |
| 213 |
if ($DB->numrows($result) == 1) { |
| 214 |
$password_md5_db = $DB->result($result, 0, "password_md5"); |
| 215 |
$password_md5_post = md5($password); |
| 216 |
|
| 217 |
if (strcmp($password_md5_db, $password_md5_post) == 0) { |
| 218 |
return true; |
| 219 |
} else {
|
| 220 |
|
| 221 |
$query2 = "SELECT PASSWORD('" . addslashes($password) . "') as password"; |
| 222 |
$result2 = $DB->query($query2); |
| 223 |
if (!$result2 || $DB->numrows($result2) != 1) { |
| 224 |
$this->addToError($LANG["login"][12]); |
| 225 |
return false; |
| 226 |
} |
| 227 |
$pass1 = $DB->result($result, 0, "password"); |
| 228 |
$pass2 = $DB->result($result2, 0, "password"); |
| 229 |
|
| 230 |
if (!empty($pass1)&&strcmp($pass1, $pass2) == 0) { |
| 231 |
return true; |
| 232 |
} |
| 233 |
} |
| 234 |
$this->addToError($LANG["login"][12]); |
| 235 |
return false; |
| 236 |
} else {
|
| 237 |
$this->addToError($LANG["login"][12]); |
| 238 |
return false; |
| 239 |
} |
| 240 |
} |
| 241 |
|
| 242 |
$this->addToError("#".$DB->errno().": ".$DB->error()); |
| 243 |
|
| 244 |
return false; |
| 245 |
|
| 246 |
} // connection_db()
|
| 247 |
|
| 248 |
|
| 249 |
/**
|
| 250 |
* Try to get login of external auth method
|
| 251 |
*
|
| 252 |
* @param $auth_method extenral auth type
|
| 253 |
*
|
| 254 |
* @return boolean : user login success
|
| 255 |
**/
|
| 256 |
function getAlternateAuthSystemsUserLogin($auth_method=-1){ |
| 257 |
global $CFG_GLPI; |
| 258 |
|
| 259 |
switch ($auth_method){ |
| 260 |
case AUTH_CAS: |
| 261 |
include (GLPI_ROOT . "/lib/phpcas/CAS.php"); |
| 262 |
$cas = new phpCas(); |
| 263 |
$cas->client(CAS_VERSION_2_0, $CFG_GLPI["cas_host"], intval($CFG_GLPI["cas_port"]), $CFG_GLPI["cas_uri"]); |
| 264 |
// force CAS authentication
|
| 265 |
$cas->forceAuthentication();
|
| 266 |
$this->user->fields['name'] = $cas->getUser(); |
| 267 |
return true; |
| 268 |
break;
|
| 269 |
case AUTH_EXTERNAL: |
| 270 |
$login_string=$_SERVER[$CFG_GLPI["existing_auth_server_field"]]; |
| 271 |
|
| 272 |
$login=$login_string; |
| 273 |
|
| 274 |
$pos = stripos($login_string,"\\"); |
| 275 |
if (!$pos === false) { |
| 276 |
$login = substr($login_string, $pos + 1); |
| 277 |
} |
| 278 |
if (isValidLogin($login)){ |
| 279 |
$this->user->fields['name'] = $login; |
| 280 |
return true; |
| 281 |
} |
| 282 |
break;
|
| 283 |
case AUTH_X509: |
| 284 |
// From eGroupWare http://www.egroupware.org
|
| 285 |
// an X.509 subject looks like:
|
| 286 |
// CN=john.doe/OU=Department/O=Company/C=xx/Email=john@comapy.tld/L=City/
|
| 287 |
$sslattribs = explode('/',$_SERVER['SSL_CLIENT_S_DN']); |
| 288 |
while(($sslattrib = next($sslattribs))){ |
| 289 |
list($key,$val) = explode('=',$sslattrib); |
| 290 |
$sslattributes[$key] = $val; |
| 291 |
} |
| 292 |
if(isset($sslattributes[$CFG_GLPI["x509_email_field"]]) |
| 293 |
&&isValidEmail($sslattributes[$CFG_GLPI["x509_email_field"]]) |
| 294 |
&&isValidLogin($sslattributes[$CFG_GLPI["x509_email_field"]])){ |
| 295 |
$this->user->fields['name'] = $sslattributes[$CFG_GLPI["x509_email_field"]]; |
| 296 |
|
| 297 |
// Can do other things if need : only add it here
|
| 298 |
$this->user->fields['email']=$this->user->fields['name']; |
| 299 |
|
| 300 |
return true; |
| 301 |
} |
| 302 |
break;
|
| 303 |
} |
| 304 |
return false; |
| 305 |
} |
| 306 |
|
| 307 |
|
| 308 |
/**
|
| 309 |
* Init session for the user is defined
|
| 310 |
*
|
| 311 |
* @return nothing
|
| 312 |
**/
|
| 313 |
function initSession() { |
| 314 |
global $CFG_GLPI, $LANG; |
| 315 |
|
| 316 |
$this->destroySession();
|
| 317 |
startGlpiSession(); |
| 318 |
// Check ID exists and load complete user from DB (plugins...)
|
| 319 |
if (isset($this->user->fields['ID']) && $this->user->getFromDB($this->user->fields['ID'])){ |
| 320 |
if (!$this->user->fields['deleted']&&$this->user->fields['active']){ |
| 321 |
$_SESSION["glpiID"] = $this->user->fields['ID']; |
| 322 |
$_SESSION["glpiname"] = $this->user->fields['name']; |
| 323 |
$_SESSION["glpirealname"] = $this->user->fields['realname']; |
| 324 |
$_SESSION["glpifirstname"] = $this->user->fields['firstname']; |
| 325 |
$_SESSION["glpilanguage"] = $this->user->fields['language']; |
| 326 |
$_SESSION["glpidefault_entity"] = $this->user->fields['FK_entities']; |
| 327 |
loadLanguage(); |
| 328 |
$_SESSION["glpitracking_order"] = $this->user->fields['tracking_order']; |
| 329 |
$_SESSION["glpiauthorisation"] = true; |
| 330 |
$_SESSION["glpiextauth"] = $this->extauth; |
| 331 |
$_SESSION["glpiauth_method"] = $this->user->fields['auth_method']; |
| 332 |
$_SESSION["glpisearchcount"] = array (); |
| 333 |
$_SESSION["glpisearchcount2"] = array (); |
| 334 |
$_SESSION["glpiroot"] = $CFG_GLPI["root_doc"]; |
| 335 |
$_SESSION["glpilist_limit"] = $this->user->fields['list_limit']; |
| 336 |
$_SESSION["glpicrontimer"] = time(); |
| 337 |
|
| 338 |
// glpiprofiles -> other available profile with link to the associated entities
|
| 339 |
doHook("init_session");
|
| 340 |
|
| 341 |
initEntityProfiles($_SESSION["glpiID"]); |
| 342 |
// Use default profile if exist
|
| 343 |
|
| 344 |
if (isset($_SESSION['glpiprofiles'][$this->user->fields['FK_profiles']])){ |
| 345 |
changeProfile($this->user->fields['FK_profiles']); |
| 346 |
} else { // Else use first |
| 347 |
changeProfile(key($_SESSION['glpiprofiles'])); |
| 348 |
} |
| 349 |
|
| 350 |
// glpiactiveprofile -> active profile
|
| 351 |
// glpiactiveentities -> active entities
|
| 352 |
|
| 353 |
// Already done un changeProfile
|
| 354 |
//cleanCache("GLPI_HEADER_".$_SESSION["glpiID"]);
|
| 355 |
if (!isset($_SESSION["glpiactiveprofile"]["interface"])){ |
| 356 |
$this->auth_succeded=false; |
| 357 |
$this->addToError($LANG["login"][25]); |
| 358 |
} |
| 359 |
} else {
|
| 360 |
$this->addToError($LANG["login"][20]); |
| 361 |
} |
| 362 |
|
| 363 |
} else {
|
| 364 |
$this->auth_succeded=false; |
| 365 |
$this->addToError($LANG["login"][25]); |
| 366 |
} |
| 367 |
} |
| 368 |
/**
|
| 369 |
* Destroy the current session
|
| 370 |
*
|
| 371 |
* @return nothing
|
| 372 |
**/
|
| 373 |
function destroySession() { |
| 374 |
startGlpiSession(); |
| 375 |
|
| 376 |
$_SESSION = array (); |
| 377 |
|
| 378 |
session_destroy(); |
| 379 |
} |
| 380 |
|
| 381 |
/**
|
| 382 |
* Get the current identification error
|
| 383 |
*
|
| 384 |
* @return string : current identification error
|
| 385 |
**/
|
| 386 |
function getErr() { |
| 387 |
return $this->err; |
| 388 |
} |
| 389 |
/**
|
| 390 |
* Get the current user object
|
| 391 |
*
|
| 392 |
* @return object : current user
|
| 393 |
**/
|
| 394 |
function getUser() { |
| 395 |
return $this->user; |
| 396 |
} |
| 397 |
|
| 398 |
/**
|
| 399 |
* Get all the authentication methods parameters
|
| 400 |
* and return it as an array
|
| 401 |
*
|
| 402 |
* @todo is it the correct place to this function ? Maybe split it into and add it to AuthMail and AuthLdap classes ?
|
| 403 |
*
|
| 404 |
* @return nothing
|
| 405 |
**/
|
| 406 |
function getAuthMethods() { |
| 407 |
global $DB; |
| 408 |
|
| 409 |
$auth_methods_ldap = array (); |
| 410 |
|
| 411 |
//Get all the ldap directories
|
| 412 |
$sql = "SELECT * FROM glpi_auth_ldap"; |
| 413 |
$result = $DB->query($sql); |
| 414 |
if ($DB->numrows($result) > 0) { |
| 415 |
|
| 416 |
//Store in an array all the directories
|
| 417 |
while ($ldap_method = $DB->fetch_array($result)){ |
| 418 |
$auth_methods_ldap[$ldap_method["ID"]] = $ldap_method; |
| 419 |
} |
| 420 |
} |
| 421 |
|
| 422 |
$auth_methods_mail = array (); |
| 423 |
//Get all the pop/imap servers
|
| 424 |
$sql = "SELECT * FROM glpi_auth_mail"; |
| 425 |
$result = $DB->query($sql); |
| 426 |
if ($DB->numrows($result) > 0) { |
| 427 |
|
| 428 |
//Store all in an array
|
| 429 |
while ($mail_method = $DB->fetch_array($result)){ |
| 430 |
$auth_methods_mail[$mail_method["ID"]] = $mail_method; |
| 431 |
} |
| 432 |
} |
| 433 |
//Return all the authentication methods in an array
|
| 434 |
$this->auth_methods = array ( |
| 435 |
"ldap" => $auth_methods_ldap, |
| 436 |
"mail" => $auth_methods_mail |
| 437 |
); |
| 438 |
} |
| 439 |
|
| 440 |
/**
|
| 441 |
* Add a message to the global identification error message
|
| 442 |
* @param $message the message to add
|
| 443 |
*
|
| 444 |
* @return nothing
|
| 445 |
**/
|
| 446 |
function addToError($message){ |
| 447 |
if (!ereg($message,$this->err)){ |
| 448 |
$this->err.=$message."<br>\n"; |
| 449 |
} |
| 450 |
} |
| 451 |
|
| 452 |
} |
| 453 |
|
| 454 |
/**
|
| 455 |
* Class used to manage Auth mail config
|
| 456 |
**/
|
| 457 |
class AuthMail extends CommonDBTM { |
| 458 |
|
| 459 |
/**
|
| 460 |
* Constructor
|
| 461 |
**/
|
| 462 |
function AuthMail() { |
| 463 |
|
| 464 |
$this->table = "glpi_auth_mail"; |
| 465 |
$this->type = AUTH_MAIL_TYPE; |
| 466 |
} |
| 467 |
|
| 468 |
function prepareInputForUpdate($input) { |
| 469 |
if (isset ($input['mail_server']) && !empty ($input['mail_server'])){ |
| 470 |
$input["imap_auth_server"] = constructMailServerConfig($input); |
| 471 |
} |
| 472 |
return $input; |
| 473 |
} |
| 474 |
|
| 475 |
function prepareInputForAdd($input) { |
| 476 |
|
| 477 |
if (isset ($input['mail_server']) && !empty ($input['mail_server'])){ |
| 478 |
$input["imap_auth_server"] = constructMailServerConfig($input); |
| 479 |
} |
| 480 |
return $input; |
| 481 |
} |
| 482 |
|
| 483 |
/**
|
| 484 |
* Print the auth mail form
|
| 485 |
*
|
| 486 |
*@param $target form target
|
| 487 |
*@param $ID Integer : ID of the item
|
| 488 |
*
|
| 489 |
*@return Nothing (display)
|
| 490 |
**/
|
| 491 |
function showForm($target, $ID) { |
| 492 |
|
| 493 |
global $LANG; |
| 494 |
|
| 495 |
if (!haveRight("config", "w")) { |
| 496 |
return false; |
| 497 |
} |
| 498 |
|
| 499 |
$spotted = false; |
| 500 |
if (empty ($ID)) { |
| 501 |
|
| 502 |
if ($this->getEmpty()){ |
| 503 |
$spotted = true; |
| 504 |
} |
| 505 |
} else {
|
| 506 |
if ($this->getFromDB($ID)){ |
| 507 |
$spotted = true; |
| 508 |
} |
| 509 |
} |
| 510 |
|
| 511 |
if (canUseImapPop()) {
|
| 512 |
|
| 513 |
echo "<form action=\"$target\" method=\"post\">"; |
| 514 |
if (!empty ($ID)){ |
| 515 |
echo "<input type='hidden' name='ID' value='" . $ID . "'>"; |
| 516 |
} |
| 517 |
|
| 518 |
echo "<div class='center'>"; |
| 519 |
echo "<table class='tab_cadre_fixe'>"; |
| 520 |
echo "<tr><th colspan='2'>" . $LANG["login"][3] . "</th></tr>"; |
| 521 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["common"][16] . "</td><td><input size='30' type=\"text\" name=\"name\" value=\"" . $this->fields["name"] . "\" ></td></tr>"; |
| 522 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["setup"][164] . "</td><td><input size='30' type=\"text\" name=\"imap_host\" value=\"" . $this->fields["imap_host"] . "\" ></td></tr>"; |
| 523 |
|
| 524 |
showMailServerConfig($this->fields["imap_auth_server"]); |
| 525 |
|
| 526 |
if (empty ($ID)){ |
| 527 |
echo "<tr class='tab_bg_2'><td align='center' colspan=4><input type=\"submit\" name=\"add_mail\" class=\"submit\" value=\"" . $LANG["buttons"][2] . "\" ></td></tr></table>"; |
| 528 |
} else {
|
| 529 |
echo "<tr class='tab_bg_2'><td align='center' colspan=2><input type=\"submit\" name=\"update_mail\" class=\"submit\" value=\"" . $LANG["buttons"][7] . "\" >"; |
| 530 |
echo " <input type=\"submit\" name=\"delete_mail\" class=\"submit\" value=\"" . $LANG["buttons"][6] . "\" ></td></tr></table>"; |
| 531 |
|
| 532 |
echo "<br><table class='tab_cadre'>"; |
| 533 |
echo "<tr><th colspan='2'>" . $LANG["login"][21] . "</th></tr>"; |
| 534 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["login"][6] . "</td><td><input size='30' type=\"text\" name=\"imap_login\" value=\"\" ></td></tr>"; |
| 535 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["login"][7] . "</td><td><input size='30' type=\"password\" name=\"imap_password\" value=\"\" ></td></tr>"; |
| 536 |
echo "<tr class='tab_bg_2'><td align='center' colspan=2><input type=\"submit\" name=\"test_mail\" class=\"submit\" value=\"" . $LANG["buttons"][2] . "\" ></td></tr>"; |
| 537 |
echo "</table> "; |
| 538 |
|
| 539 |
} |
| 540 |
echo "</div>"; |
| 541 |
} else {
|
| 542 |
echo "<input type=\"hidden\" name=\"IMAP_Test\" value=\"1\" >"; |
| 543 |
|
| 544 |
echo "<div class='center'> <table class='tab_cadre_fixe'>"; |
| 545 |
echo "<tr><th colspan='2'>" . $LANG["setup"][162] . "</th></tr>"; |
| 546 |
echo "<tr class='tab_bg_2'><td class='center'><p class='red'>" . $LANG["setup"][165] . "</p><p>" . $LANG["setup"][166] . "</p></td></tr></table></div>"; |
| 547 |
} |
| 548 |
|
| 549 |
echo "</form>"; |
| 550 |
} |
| 551 |
|
| 552 |
|
| 553 |
} |
| 554 |
|
| 555 |
|
| 556 |
/**
|
| 557 |
* Class used to manage Auth LDAP config
|
| 558 |
**/
|
| 559 |
class AuthLDAP extends CommonDBTM { |
| 560 |
|
| 561 |
/**
|
| 562 |
* Constructor
|
| 563 |
**/
|
| 564 |
function AuthLDAP() { |
| 565 |
global $CFG_GLPI; |
| 566 |
|
| 567 |
$this->table = "glpi_auth_ldap"; |
| 568 |
$this->type = AUTH_LDAP_TYPE; |
| 569 |
|
| 570 |
} |
| 571 |
|
| 572 |
function post_getEmpty () { |
| 573 |
$this->fields["ldap_port"]="389"; |
| 574 |
$this->fields['ldap_condition']=''; |
| 575 |
$this->fields["ldap_login"]="uid"; |
| 576 |
$this->fields['ldap_use_tls']=0; |
| 577 |
$this->fields['ldap_field_group']=''; |
| 578 |
$this->fields['ldap_group_condition']=''; |
| 579 |
$this->fields['ldap_search_for_groups']=0; |
| 580 |
$this->fields['ldap_field_group_member']=''; |
| 581 |
$this->fields["ldap_field_email"]="mail"; |
| 582 |
$this->fields["ldap_field_realname"]="cn"; |
| 583 |
$this->fields['ldap_field_firstname']='givenname'; |
| 584 |
$this->fields["ldap_field_phone"]="telephonenumber"; |
| 585 |
$this->fields['ldap_field_phone2']=''; |
| 586 |
$this->fields['ldap_field_mobile']=''; |
| 587 |
$this->fields['ldap_field_comments']=''; |
| 588 |
$this->fields['use_dn']=0; |
| 589 |
} |
| 590 |
|
| 591 |
/**
|
| 592 |
* Preconfig datas for standard system
|
| 593 |
* @param $type type of standard system : AD
|
| 594 |
*@return nothing
|
| 595 |
**/
|
| 596 |
function preconfig($type){ |
| 597 |
|
| 598 |
switch($type){ |
| 599 |
case 'AD': |
| 600 |
$this->fields['ldap_port']="389"; |
| 601 |
$this->fields['ldap_condition']='(objectClass=user)'; |
| 602 |
$this->fields['ldap_login']='samaccountname'; |
| 603 |
$this->fields['ldap_use_tls']=0; |
| 604 |
$this->fields['ldap_field_group']='memberof'; |
| 605 |
$this->fields['ldap_group_condition']='(objectClass=user)'; |
| 606 |
$this->fields['ldap_search_for_groups']=0; |
| 607 |
$this->fields['ldap_field_group_member']=''; |
| 608 |
$this->fields['ldap_field_email']='mail'; |
| 609 |
$this->fields['ldap_field_realname']='sn'; |
| 610 |
$this->fields['ldap_field_firstname']='givenname'; |
| 611 |
$this->fields['ldap_field_phone']='telephonenumber'; |
| 612 |
$this->fields['ldap_field_phone2']='othertelephone'; |
| 613 |
$this->fields['ldap_field_mobile']='mobile'; |
| 614 |
$this->fields['ldap_field_comments']='info'; |
| 615 |
$this->fields['use_dn']=1; |
| 616 |
break;
|
| 617 |
default:
|
| 618 |
$this->post_getEmpty();
|
| 619 |
break;
|
| 620 |
|
| 621 |
} |
| 622 |
} |
| 623 |
|
| 624 |
function prepareInputForUpdate($input){ |
| 625 |
if (isset($input["ldap_pass"])&&empty($input["ldap_pass"])){ |
| 626 |
unset($input["ldap_pass"]); |
| 627 |
} |
| 628 |
return $input; |
| 629 |
} |
| 630 |
|
| 631 |
/**
|
| 632 |
* Print the auth ldap form
|
| 633 |
*
|
| 634 |
*@param $target form target
|
| 635 |
*@param $ID Integer : ID of the item
|
| 636 |
*
|
| 637 |
*@return Nothing (display)
|
| 638 |
**/
|
| 639 |
function showForm($target, $ID) { |
| 640 |
|
| 641 |
global $LANG; |
| 642 |
|
| 643 |
if (!haveRight("config", "w")){ |
| 644 |
return false; |
| 645 |
} |
| 646 |
|
| 647 |
$spotted = false; |
| 648 |
if (empty ($ID)) { |
| 649 |
if ($this->getEmpty()){ |
| 650 |
$spotted = true; |
| 651 |
} |
| 652 |
if (isset($_GET['preconfig'])){ |
| 653 |
$this->preconfig($_GET['preconfig']); |
| 654 |
} |
| 655 |
} else {
|
| 656 |
if ($this->getFromDB($ID)){ |
| 657 |
$spotted = true; |
| 658 |
} |
| 659 |
} |
| 660 |
|
| 661 |
if (canUseLdap()) {
|
| 662 |
|
| 663 |
if (empty($ID)){ |
| 664 |
echo $LANG["ldap"][16].": "; |
| 665 |
echo "<a href='$target?next=extauth_ldap&preconfig=AD'>".$LANG["ldap"][17]."</a> "; |
| 666 |
echo "<a href='$target?next=extauth_ldap&preconfig=default'>".$LANG["common"][44]."</a>"; |
| 667 |
} |
| 668 |
|
| 669 |
echo "<form action=\"$target\" method=\"post\">"; |
| 670 |
if (!empty($ID)){ |
| 671 |
echo "<input type='hidden' name='ID' value='" . $ID . "'>"; |
| 672 |
} |
| 673 |
|
| 674 |
echo "<div class='center'>"; |
| 675 |
|
| 676 |
echo "<table class='tab_cadre_fixe'>"; |
| 677 |
echo "<tr><th colspan='4'>" . $LANG["login"][2] . "</th></tr>"; |
| 678 |
|
| 679 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["common"][16] . "</td><td><input type=\"text\" name=\"name\" value=\"" . $this->fields["name"] . "\"></td>"; |
| 680 |
echo "<td align='center' colspan=2></tr>"; |
| 681 |
|
| 682 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["common"][52] . "</td><td><input type=\"text\" name=\"ldap_host\" value=\"" . $this->fields["ldap_host"] . "\"></td>"; |
| 683 |
echo "<td class='center'>" . $LANG["setup"][172] . "</td><td><input id='ldap_port' type=\"text\" name=\"ldap_port\" value=\"" . $this->fields["ldap_port"] . "\"></td></tr>"; |
| 684 |
|
| 685 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["setup"][154] . "</td><td><input type=\"text\" name=\"ldap_basedn\" value=\"" . $this->fields["ldap_basedn"] . "\" ></td>"; |
| 686 |
echo "<td class='center'>" . $LANG["setup"][155] . "</td><td><input type=\"text\" name=\"ldap_rootdn\" value=\"" . $this->fields["ldap_rootdn"] . "\" ></td></tr>"; |
| 687 |
|
| 688 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["setup"][156] . "</td><td><input type=\"password\" name=\"ldap_pass\" value=\"\" ></td>"; |
| 689 |
echo "<td class='center'>" . $LANG["setup"][228] . "</td><td><input type=\"text\" name=\"ldap_login\" value=\"" . $this->fields["ldap_login"] . "\" ></td></tr>"; |
| 690 |
|
| 691 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["setup"][159] . "</td><td colspan='3'><input type=\"text\" name=\"ldap_condition\" value=\"" . $this->fields["ldap_condition"] . "\" size='100'></td></tr>"; |
| 692 |
|
| 693 |
echo "<tr class='tab_bg_2'>"; |
| 694 |
echo "<td class='center'>" . $LANG["setup"][180] . "</td><td>"; |
| 695 |
if (function_exists("ldap_start_tls")) { |
| 696 |
$ldap_use_tls = $this->fields["ldap_use_tls"]; |
| 697 |
echo "<select name='ldap_use_tls'>\n"; |
| 698 |
echo "<option value='0' " . (!$ldap_use_tls ? " selected " : "") . ">" . $LANG["choice"][0] . "</option>\n"; |
| 699 |
echo "<option value='1' " . ($ldap_use_tls ? " selected " : "") . ">" . $LANG["choice"][1] . "</option>\n"; |
| 700 |
echo "</select>\n"; |
| 701 |
} else {
|
| 702 |
echo "<input type='hidden' name='ldap_use_tls' value='0'>"; |
| 703 |
echo $LANG["setup"][181]; |
| 704 |
|
| 705 |
} |
| 706 |
echo "</td>"; |
| 707 |
echo "<td class='center'>" . $LANG["setup"][186] . "</td><td>"; |
| 708 |
dropdownGMT("timezone",$this->fields["timezone"]); |
| 709 |
echo"</td></tr>"; |
| 710 |
|
| 711 |
echo "<tr class='tab_bg_2'>"; |
| 712 |
echo "<td class='center'>" . $LANG["ldap"][30] . "</td><td colspan='3'>"; |
| 713 |
$alias_options[LDAP_DEREF_NEVER] = $LANG["ldap"][31]; |
| 714 |
$alias_options[LDAP_DEREF_ALWAYS] = $LANG["ldap"][32]; |
| 715 |
$alias_options[LDAP_DEREF_SEARCHING] = $LANG["ldap"][33]; |
| 716 |
$alias_options[LDAP_DEREF_FINDING] = $LANG["ldap"][34]; |
| 717 |
dropdownArrayValues("ldap_opt_deref",$alias_options,$this->fields["ldap_opt_deref"]); |
| 718 |
echo"</td></tr>"; |
| 719 |
|
| 720 |
|
| 721 |
echo "<tr class='tab_bg_1'><td align='center' colspan='4'>" . $LANG["setup"][259] . "</td></tr>"; |
| 722 |
|
| 723 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["setup"][254] . "</td><td>"; |
| 724 |
$ldap_search_for_groups = $this->fields["ldap_search_for_groups"]; |
| 725 |
|
| 726 |
echo "<select name='ldap_search_for_groups'>\n"; |
| 727 |
echo "<option value='0' " . (($ldap_search_for_groups == 0) ? " selected " : "") . ">" . $LANG["setup"][256] . "</option>\n"; |
| 728 |
echo "<option value='1' " . (($ldap_search_for_groups == 1) ? " selected " : "") . ">" . $LANG["setup"][257] . "</option>\n"; |
| 729 |
echo "<option value='2' " . (($ldap_search_for_groups == 2) ? " selected " : "") . ">" . $LANG["setup"][258] . "</option>\n"; |
| 730 |
echo "</select>\n"; |
| 731 |
echo "</td>"; |
| 732 |
echo "<td class='center'>" . $LANG["setup"][260] . "</td><td><input type=\"text\" name=\"ldap_field_group\" value=\"" . $this->fields["ldap_field_group"] . "\" ></td></tr>"; |
| 733 |
|
| 734 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["setup"][253] . "</td><td>"; |
| 735 |
echo "<input type=\"text\" name=\"ldap_group_condition\" value=\"" . $this->fields["ldap_group_condition"] . "\" ></td>"; |
| 736 |
echo "<td class='center'>" . $LANG["setup"][255] . "</td><td><input type=\"text\" name=\"ldap_field_group_member\" value=\"" . $this->fields["ldap_field_group_member"] . "\" ></td></tr>"; |
| 737 |
|
| 738 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["setup"][262] . "</td>"; |
| 739 |
echo "<td>"; |
| 740 |
dropdownYesNo("use_dn",$this->fields["use_dn"]); |
| 741 |
echo"</td>"; |
| 742 |
echo "<td align='center' colspan='2'></td></tr>"; |
| 743 |
|
| 744 |
echo "<tr class='tab_bg_1'><td align='center' colspan='4'>" . $LANG["setup"][167] . "</td></tr>"; |
| 745 |
|
| 746 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["common"][48] . "</td><td><input type=\"text\" name=\"ldap_field_realname\" value=\"" . $this->fields["ldap_field_realname"] . "\" ></td>"; |
| 747 |
echo "<td class='center'>" . $LANG["common"][43] . "</td><td><input type=\"text\" name=\"ldap_field_firstname\" value=\"" . $this->fields["ldap_field_firstname"] . "\" ></td></tr>"; |
| 748 |
|
| 749 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["common"][25] . "</td><td><input type=\"text\" name=\"ldap_field_comments\" value=\"" . $this->fields["ldap_field_comments"] . "\" ></td>"; |
| 750 |
echo "<td class='center'>" . $LANG["setup"][14] . "</td><td><input type=\"text\" name=\"ldap_field_email\" value=\"" . $this->fields["ldap_field_email"] . "\" ></td></tr>"; |
| 751 |
|
| 752 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["help"][35] . "</td><td><input type=\"text\" name=\"ldap_field_phone\" value=\"" . $this->fields["ldap_field_phone"] . "\" ></td>"; |
| 753 |
echo "<td class='center'>" . $LANG["help"][35] . " 2</td><td><input type=\"text\" name=\"ldap_field_phone2\" value=\"" . $this->fields["ldap_field_phone2"] . "\" ></td></tr>"; |
| 754 |
|
| 755 |
echo "<tr class='tab_bg_2'><td class='center'>" . $LANG["common"][42] . "</td><td><input type=\"text\" name=\"ldap_field_mobile\" value=\"" . $this->fields["ldap_field_mobile"] . "\" ></td>"; |
| 756 |
echo "<td class='center'> </td><td> </td></tr>"; |
| 757 |
|
| 758 |
if (empty ($ID)){ |
| 759 |
echo "<tr class='tab_bg_2'><td align='center' colspan=4><input type=\"submit\" name=\"add_ldap\" class=\"submit\" value=\"" . $LANG["buttons"][2] . "\" ></td></tr></table>"; |
| 760 |
} else {
|
| 761 |
echo "<tr class='tab_bg_2'><td align='center' colspan=2><input type=\"submit\" name=\"update_ldap\" class=\"submit\" value=\"" . $LANG["buttons"][2] . "\" ></td>"; |
| 762 |
echo "<td align='center' colspan=2><input type=\"submit\" name=\"delete_ldap\" class=\"submit\" value=\"" . $LANG["buttons"][6] . "\" ></td></tr>"; |
| 763 |
echo "</table>"; |
| 764 |
echo "<br><table class='tab_cadre_fixe'>"; |
| 765 |
echo "<tr><th colspan='4'>" . $LANG["ldap"][9] . "</th></tr>"; |
| 766 |
|
| 767 |
if (isset($_SESSION["LDAP_TEST_MESSAGE"])){ |
| 768 |
echo "<tr class='tab_bg_2'><td align='center' colspan=4>"; |
| 769 |
echo $_SESSION["LDAP_TEST_MESSAGE"]; |
| 770 |
echo"</td></tr>"; |
| 771 |
unset($_SESSION["LDAP_TEST_MESSAGE"]); |
| 772 |
} |
| 773 |
|
| 774 |
echo "<tr class='tab_bg_2'><td align='center' colspan=4><input type=\"submit\" name=\"test_ldap\" class=\"submit\" value=\"" . $LANG["buttons"][2] . "\" ></td></tr>"; |
| 775 |
echo "</table> "; |
| 776 |
|
| 777 |
} |
| 778 |
|
| 779 |
echo "</div></form>"; |
| 780 |
|
| 781 |
if (!empty ($ID)){ |
| 782 |
showReplicatesList($target,$ID); |
| 783 |
} |
| 784 |
|
| 785 |
} else {
|
| 786 |
echo "<input type=\"hidden\" name=\"LDAP_Test\" value=\"1\" >"; |
| 787 |
echo "<div class='center'><table class='tab_cadre_fixe'>"; |
| 788 |
echo "<tr><th colspan='2'>" . $LANG["setup"][152] . "</th></tr>"; |
| 789 |
echo "<tr class='tab_bg_2'><td class='center'><p class='red'>" . $LANG["setup"][157] . "</p><p>" . $LANG["setup"][158] . "</p></td></tr></table></div>"; |
| 790 |
} |
| 791 |
|
| 792 |
|
| 793 |
} |
| 794 |
} |
| 795 |
|
| 796 |
/**
|
| 797 |
* Class used to manage LDAP replicate config
|
| 798 |
**/
|
| 799 |
class AuthLdapReplicate extends CommonDBTM{ |
| 800 |
/**
|
| 801 |
* Constructor
|
| 802 |
**/
|
| 803 |
function AuthLdapReplicate() |
| 804 |
{
|
| 805 |
$this->table ="glpi_auth_ldap_replicate"; |
| 806 |
} |
| 807 |
} |
| 808 |
?>
|