Skip to content
GitLab
Select Git revision
  • dev default
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
class_passwordMethodSasl.inc 3.46 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4
5 
  Copyright (C) 2011-2019  FusionDirectory
6
7 
  This program is free software; you can redistribute it and/or modify
8 
  it under the terms of the GNU General Public License as published by
9 
  the Free Software Foundation; either version 2 of the License, or
10 
  (at your option) any later version.
11
12 
  This program is distributed in the hope that it will be useful,
13 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 
  GNU General Public License for more details.
16
17 
  You should have received a copy of the GNU General Public License
18 
  along with this program; if not, write to the Free Software
19 
  Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
20 
*/
21
22 
/*!
23 
 * \file class_passwordMethodSasl.inc
24 
 * Source code for class passwordMethodSasl
25 
 */
26
27 
/*!
28 
 * \brief This class contains all the functions for sasl password method
29 
 * \see passwordMethod
30 
 */
31 
class passwordMethodSasl extends passwordMethod
32 
{
33 
  // uid, or exop specified field value
34 
  var $uid    = '';
35 
  var $realm  = '';
36 
  var $exop   = '';
37
38 
  /*!
39 
   * \brief passwordMethodSasl Constructor
40 
   *
41 
   * \param string $dn The DN
42 
   * \param object $userTab The user main tab object
43 
   */
44 
  function __construct ($dn = '', $userTab = NULL)
45 
  {
46 
    global $config;
47 
    $this->realm  = trim($config->get_cfg_value('saslRealm', ''));
48 
    $this->exop   = trim($config->get_cfg_value('saslExop', ''));
49
50 
    if ($dn == '' || $dn == 'new') {
51 
      return;
52 
    }
53
54 
    $attr = (empty($this->exop) ? 'uid' : $this->exop);
55
56 
    if (($userTab !== NULL) && isset($userTab->$attr)) {
57 
      $this->uid = $userTab->$attr;
58 
    } else {
59 
      $ldap = $config->get_ldap_link();
60 
      $ldap->cd($config->current['BASE']);
61 
      $ldap->cat($dn, [$attr]);
62 
      if ($ldap->count() == 1) {
63 
        $attrs = $ldap->fetch();
64 
        $this->uid = $attrs[$attr][0];
65 
      } else {
66 
        $error = new FusionDirectoryError(htmlescape(sprintf(_('Cannot change password, unknown user "%s"'), $dn)));
67 
        $error->display();
68 
      }
69 
    }
70 
  }
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
/*! * \brief Is available * * \return TRUE if is avaibable */ public function is_available (): bool { if (empty($this->realm) && empty($this->exop)) { return FALSE; } return TRUE; } /*! * \brief Generate template hash * * \param string $pwd Password * \param bool $locked Should the password be locked * * \return string the password hash */ public function generate_hash (string $pwd, bool $locked = FALSE): string { if (empty($this->exop)) { if (empty($this->realm)) { $error = new FusionDirectoryError(htmlescape(_('You need to fill saslRealm or saslExop in the configuration screen in order to use SASL'))); $error->display(); } return '{SASL}'.($locked ? '!' : '').$this->uid.'@'.$this->realm; } else { // may not be the uid, see saslExop option return '{SASL}'.($locked ? '!' : '').$this->uid; } } function checkPassword ($pwd, $hash): bool { // We do not store passwords, can’t know if they’re the same return FALSE; } /*! * \brief Get the hash name */ static function get_hash_name () { return 'sasl'; } /*! * \brief Password needed * * \return boolean */ function need_password (): bool { global $config; return ($config->get_cfg_value('forceSaslPasswordAsk', 'FALSE') == 'TRUE'); } }