'.$extended_error; } else { $auth_error = ldap_error($ldap_connection); } return 0; } function reauthenticate() { // not supported so return 0 return 0; } function passwordscanchange() { // not supported so return 0 return 0; } function changepassword() { // not supported so return 0 return 0; } function auth_usermanagement() { // not supported so return 0 return 0; } function adduser($username, $level = 0, $email = '', $realname = '', $can_modify_passwd = 0, $description = '', $twofactor = 0) { // Check to see if user is already added in the database if (!user_exists_in_db($username)) { $userid = dbInsert(array('username' => $username, 'realname' => $realname, 'email' => $email, 'descr' => $description, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'twofactor' => $twofactor, 'user_id' => get_userid($username)), 'users'); if ($userid == false) { return false; } else { foreach (dbFetchRows('select notifications.* from notifications where not exists( select 1 from notifications_attribs where notifications.notifications_id = notifications_attribs.notifications_id and notifications_attribs.user_id = ?) order by notifications.notifications_id desc', array($userid)) as $notif) { dbInsert(array('notifications_id'=>$notif['notifications_id'],'user_id'=>$userid,'key'=>'read','value'=>1), 'notifications_attribs'); } } return $userid; } else { return false; } } function user_exists_in_db($username) { $return = dbFetchCell('SELECT COUNT(*) FROM users WHERE username = ?', array($username), true); return $return; } function user_exists($username) { global $config, $ldap_connection; $search = ldap_search( $ldap_connection, $config['auth_ad_base_dn'], get_auth_ad_user_filter($username), array('samaccountname') ); $entries = ldap_get_entries($ldap_connection, $search); if ($entries['count']) { return 1; } return 0; } function get_userlevel($username) { global $config, $ldap_connection; $userlevel = 0; // Find all defined groups $username is in $search = ldap_search( $ldap_connection, $config['auth_ad_base_dn'], get_auth_ad_user_filter($username), array('memberOf') ); $entries = ldap_get_entries($ldap_connection, $search); unset($entries[0]['memberof']['count']); // Loop the list and find the highest level foreach ($entries[0]['memberof'] as $entry) { $group_cn = get_cn($entry); if (isset($config['auth_ad_groups'][$group_cn]['level']) && $config['auth_ad_groups'][$group_cn]['level'] > $userlevel) { $userlevel = $config['auth_ad_groups'][$group_cn]['level']; } } return $userlevel; } function get_userid($username) { global $config, $ldap_connection; $attributes = array('objectsid'); $search = ldap_search( $ldap_connection, $config['auth_ad_base_dn'], get_auth_ad_user_filter($username), $attributes ); $entries = ldap_get_entries($ldap_connection, $search); if ($entries['count']) { return preg_replace('/.*-(\d+)$/', '$1', sid_from_ldap($entries[0]['objectsid'][0])); } return -1; } function deluser($username) { dbDelete('bill_perms', '`user_name` = ?', array($username)); dbDelete('devices_perms', '`user_name` = ?', array($username)); dbDelete('ports_perms', '`user_name` = ?', array($username)); dbDelete('users_prefs', '`user_name` = ?', array($username)); dbDelete('users', '`user_name` = ?', array($username)); return dbDelete('users', '`username` = ?', array($username)); } function get_userlist() { global $config, $ldap_connection; $userlist = array(); $userhash = array(); $ldap_groups = get_group_list(); foreach ($ldap_groups as $ldap_group) { $search_filter = "(memberOf=$ldap_group)"; if ($config['auth_ad_user_filter']) { $search_filter = "(&{$config['auth_ad_user_filter']}$search_filter)"; } $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], $search_filter, array('samaccountname','displayname','objectsid','mail')); $results = ldap_get_entries($ldap_connection, $search); foreach ($results as $result) { if (isset($result['samaccountname'][0])) { $userid = preg_replace( '/.*-(\d+)$/', '$1', sid_from_ldap($result['objectsid'][0]) ); // don't make duplicates, user may be member of more than one group $userhash[$result['samaccountname'][0]] = array( 'realname' => $result['displayName'][0], 'user_id' => $userid, 'email' => $result['mail'][0] ); } } } foreach (array_keys($userhash) as $key) { $userlist[] = array( 'username' => $key, 'realname' => $userhash[$key]['realname'], 'user_id' => $userhash[$key]['user_id'], 'email' => $userhash[$key]['email'] ); } return $userlist; } function can_update_users() { // not supported so return 0 return 0; } function get_user($user_id) { // not supported so return 0 return dbFetchRow('SELECT * FROM `users` WHERE `user_id` = ?', array($user_id), true); } function update_user($user_id, $realname, $level, $can_modify_passwd, $email) { dbUpdate(array('realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id)); } function get_fullname($username) { global $config, $ldap_connection; $attributes = array('name'); $result = ldap_search( $ldap_connection, $config['auth_ad_base_dn'], get_auth_ad_user_filter($username), $attributes ); $entries = ldap_get_entries($ldap_connection, $result); if ($entries['count'] > 0) { $membername = $entries[0]['name'][0]; } else { $membername = $username; } return $membername; } function get_group_list() { global $config; $ldap_groups = array(); // show all Active Directory Users by default $default_group = 'Users'; if (isset($config['auth_ad_group'])) { if ($config['auth_ad_group'] !== $default_group) { $ldap_groups[] = $config['auth_ad_group']; } } if (!isset($config['auth_ad_groups']) && !isset($config['auth_ad_group'])) { $ldap_groups[] = get_dn($default_group); } foreach ($config['auth_ad_groups'] as $key => $value) { $ldap_groups[] = get_dn($key); } return $ldap_groups; } function get_dn($samaccountname) { global $config, $ldap_connection; $attributes = array('dn'); $result = ldap_search( $ldap_connection, $config['auth_ad_base_dn'], get_auth_ad_group_filter($samaccountname), $attributes ); $entries = ldap_get_entries($ldap_connection, $result); if ($entries['count'] > 0) { return $entries[0]['dn']; } else { return ''; } } function get_cn($dn) { $dn = str_replace('\\,', '~C0mmA~', $dn); preg_match('/[^,]*/', $dn, $matches, PREG_OFFSET_CAPTURE, 3); return str_replace('~C0mmA~', ',', $matches[0][0]); } function sid_from_ldap($sid) { $sidUnpacked = unpack('H*hex', $sid); $sidHex = array_shift($sidUnpacked); $subAuths = unpack('H2/H2/n/N/V*', $sid); $revLevel = hexdec(substr($sidHex, 0, 2)); $authIdent = hexdec(substr($sidHex, 4, 12)); return 'S-'.$revLevel.'-'.$authIdent.'-'.implode('-', $subAuths); }