1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class passwordMethod
24 {
25 var $config = false;
26 var $attrs= array();
27 var $display = FALSE;
28 var $hash= "";
29 var $lockable = TRUE;
31 // Konstructor
32 function passwordMethod($config)
33 {
34 }
36 function create_template_hash($attrs)
37 {
38 if($this->get_hash_name() == ""){
39 return("{crypt}N0T$3T4N0W");
40 }else{
41 return('{'.$this->get_hash().'}').'N0T$3T4N0W';
42 }
43 }
45 function get_hash_name()
46 {
47 }
50 function is_locked($config,$dn = "")
51 {
52 if(!$this->lockable) return FALSE;
54 /* Get current password hash */
55 $pwd ="";
56 if(!empty($dn)){
57 $ldap = $config->get_ldap_link();
58 $ldap->cd($config->current['BASE']);
59 $ldap->cat($dn);
60 $attrs = $ldap->fetch();
61 if(isset($attrs['userPassword'][0])){
62 $pwd = $attrs['userPassword'][0];
63 }
64 }elseif(isset($this->attrs['userPassword'][0])){
65 $pwd = $this->attrs['userPassword'][0];
66 }
67 return(preg_match("/^[^\}]*+\}!/",$pwd));
68 }
71 function lock_account($config,$dn = "")
72 {
73 if(!$this->lockable) return FALSE;
75 /* Get current password hash */
76 $pwd ="";
77 $ldap = $config->get_ldap_link();
78 $ldap->cd($config->current['BASE']);
79 if(!empty($dn)){
80 $ldap->cat($dn);
81 $attrs = $ldap->fetch();
82 if(isset($attrs['userPassword'][0])){
83 $pwd = $attrs['userPassword'][0];
84 }
85 }elseif(isset($this->attrs['userPassword'][0])){
86 $pwd = $this->attrs['userPassword'][0];
87 $dn = $this->attrs['dn'];
88 }
90 /* We can only lock/unlock non-empty passwords */
91 if(!empty($pwd)){
93 /* Check if this entry is already locked. */
94 if(preg_match("/^[^\}]*+\}!/",$pwd)){
95 return(TRUE);
96 }
98 /* Lock entry */
99 $pwd = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$pwd);
100 $ldap->cd($dn);
101 $ldap->modify(array("userPassword" => $pwd));
102 return($ldap->success());
103 }
104 return(FALSE);
105 }
108 function unlock_account($config,$dn = "")
109 {
110 if(!$this->lockable) return FALSE;
112 /* Get current password hash */
113 $pwd ="";
114 $ldap = $config->get_ldap_link();
115 $ldap->cd($config->current['BASE']);
116 if(!empty($dn)){
117 $ldap->cat($dn);
118 $attrs = $ldap->fetch();
119 if(isset($attrs['userPassword'][0])){
120 $pwd = $attrs['userPassword'][0];
121 }
122 }elseif(isset($this->attrs['userPassword'][0])){
123 $pwd = $this->attrs['userPassword'][0];
124 $dn = $this->attrs['dn'];
125 }
127 /* We can only lock/unlock non-empty passwords */
128 if(!empty($pwd)){
130 /* Check if this entry is already locked. */
131 if(!preg_match("/^[^\}]*+\}!/",$pwd)){
132 return (TRUE);
133 }
135 /* Lock entry */
136 $pwd = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$pwd);
137 $ldap->cd($dn);
138 $ldap->modify(array("userPassword" => $pwd));
139 return($ldap->success());
140 }
141 return(FALSE);
142 }
145 // this function returns all loaded classes for password encryption
146 static function get_available_methods()
147 {
148 global $class_mapping, $config;
149 $ret =false;
150 $i =0;
152 /* Only */
153 if(!session::is_set("passwordMethod::get_available_methods")){
154 foreach($class_mapping as $class => $path) {
155 if(preg_match('/passwordMethod/i', $class) && !preg_match("/^passwordMethod$/i", $class)){
156 $name = preg_replace ("/passwordMethod/i", "", $class);
157 $test = new $class($config, "");
158 if($test->is_available()) {
159 $plugs= $test->get_hash_name();
160 if (!is_array($plugs)){
161 $plugs= array($plugs);
162 }
164 foreach ($plugs as $plugname){
166 $cfg = $test->is_configurable();
168 $ret['name'][$i]= $plugname;
169 $ret['class'][$i]=$class;
170 $ret['is_configurable'][$i]= $cfg;
171 $ret['object'][$i]= $test;
172 $ret['desc'][$i] = $test->get_description();
173 $ret[$i]['name'] = $plugname;
174 $ret[$i]['class'] = $class;
175 $ret[$i]['object']= $test;
176 $ret[$i]['is_configurable']= $cfg;
177 $ret[$i]['desc'] = $test->get_description();
178 $ret[$plugname]=$class;
179 $i++;
180 }
181 }
182 }
183 }
184 session::set("passwordMethod::get_available_methods",$ret);
185 }
186 return(session::get("passwordMethod::get_available_methods"));
187 }
190 function get_description()
191 {
192 return("");
193 }
196 // Method to let password backends remove additional information besides
197 // the userPassword attribute
198 function remove_from_parent()
199 {
200 }
203 // Method to let passwords backends manage additional information
204 // besides the userAttribute entry
205 function set_password($password)
206 {
207 return(TRUE);
208 }
211 // Return true if this password method provides a configuration dialog
212 function is_configurable()
213 {
214 return FALSE;
215 }
218 // Provide a subdialog to configure a password method
219 function configure()
220 {
221 return "";
222 }
225 // Save information to LDAP
226 function save($dn)
227 {
228 }
231 // Try to find out if it's our hash...
232 static function get_method($password_hash,$dn = "")
233 {
234 global $config;
236 $methods= passwordMethod::get_available_methods();
238 foreach ($methods['class'] as $class){
240 $test = new $class($config,$dn);
241 # All listed methods are available.
242 # if(!$test->is_available())continue;
243 $method= $test->_extract_method($password_hash);
244 if ($method != ""){
245 $test->set_hash($method);
246 return $test;
247 }
248 }
250 msg_dialog::display(_("Error"), _("Cannot find a suitable password method for the current hash!"), ERROR_DIALOG);
252 return NULL;
253 }
256 function _extract_method($password_hash)
257 {
258 $hash= $this->get_hash_name();
259 if (preg_match("/^\{$hash\}/i", $password_hash)){
260 return $hash;
261 }
263 return "";
264 }
267 static function make_hash($password, $hash)
268 {
269 global $config;
271 $methods= passwordMethod::get_available_methods();
272 $tmp= new $methods[$hash]($config);
273 $tmp->set_hash($hash);
274 return $tmp->generate_hash($password);
275 }
278 function set_hash($hash)
279 {
280 $this->hash= $hash;
281 }
284 function get_hash()
285 {
286 return $this->hash;
287 }
289 function adapt_from_template($dn)
290 {
291 return($this);
292 }
293 }
294 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
295 ?>