_params["url"]); ldap_bind(self::$_connection); } /** * @see Identity_Driver::guest. */ public function guest() { if (empty(self::$_guest_user)) { self::$_guest_user = new Ldap_User(); self::$_guest_user->id = 0; self::$_guest_user->name = "Guest"; self::$_guest_user->guest = true; self::$_guest_user->admin = false; self::$_guest_user->locale = null; self::$_guest_user->groups = array($this->everybody()); } return self::$_guest_user; } /** * @see Identity_Driver::create_user. */ public function create_user($name, $full_name, $password) { throw new Exception("@todo INVALID OPERATION"); } /** * @see Identity_Driver::is_correct_password. */ public function is_correct_password($user, $password) { $valid = $user->password; // Try phpass first, since that's what we generate. if (strlen($valid) == 34) { require_once(MODPATH . "user/lib/PasswordHash.php"); $hashGenerator = new PasswordHash(10, true); return $hashGenerator->CheckPassword($password, $valid); } $salt = substr($valid, 0, 4); // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); if (!strcmp($guess, $valid)) { return true; } // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities $sanitizedPassword = html::specialchars($password, false); $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) : ($salt . md5($salt . $sanitizedPassword)); if (!strcmp($guess, $valid)) { return true; } return false; } /** * @see Identity_Driver::lookup_user. */ public function lookup_user($id) { $result = ldap_search(self::$_connection, self::$_params["user_domain"], "uidNumber=$id"); $entries = ldap_get_entries(self::$_connection, $result); if ($entries["count"] > 0) { $cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn"); return new Ldap_User($entries[0]); } return null; } /** * @see Identity_Driver::lookup_user_by_name. */ public function lookup_user_by_name($name) { $result = ldap_search(self::$_connection, self::$_params["user_domain"], "uid=$name"); $entries = ldap_get_entries(self::$_connection, $result); if ($entries["count"] > 0) { $cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn"); return new Ldap_User($entries[0]); } return null; } /** * @see Identity_Driver::create_group. */ public function create_group($name) { throw new Exception("@todo INVALID OPERATION"); } /** * @see Identity_Driver::everybody. */ public function everybody() { return ldap::lookup_group_by_name(self::$_params["everybody_group"]); } /** * @see Identity_Driver::registered_users. */ public function registered_users() { return ldap::lookup_group_by_name(self::$_params["registered_users_group"]); } /** * @see Identity_Driver::lookup_group_by_name. */ static function lookup_group_by_name($name) { $result = ldap_search(self::$_connection, self::$_params["group_domain"], "cn=$name"); $entry_id = ldap_first_entry(, $result); if ($entry_id) { $cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn"); $gid_number_entry = ldap_get_values(self::$_connection, $entry_id, "gidNumber"); return new Ldap_Group_Model($gid_number_entry[0], $cn_entry[0]); } return null; } /** * @see Identity_Driver::get_user_list. */ public function get_user_list($ids) { throw new Exception("@todo NOT IMPLEMENTED"); } static function groups_for($user) { $result = ldap_search(self::$_connection, self::$_params["group_domain"], "(memberUid=$user->name)"); $associated_groups = Kohana::config("ldap.groups"); $groups = array(); for ($entry_id = ldap_first_entry(self::$_connection, $result); $entry_id != false; $entry_id = ldap_next_entry(self::$_connection, $entry_id)) { $group_id = ldap_get_values(self::$_connection, $entry_id, "gidNumber"); $group_name = ldap_get_values(self::$_connection, $entry_id, "cn"); if (in_array($group_name[0], $associated_groups)) { $groups[] = new Ldap_Group($group_id[0], $group_name[0]); } } return $groups; } } // End Identity Gallery Driver class Ldap_User implements User_Definition { private $ldap_entry; public function __construct($ldap_entry=null) { $this->ldap_entry = $ldap_entry; } public function display_name() { return $this->ldap_entry["displayname"][0]; } public function __get($key) { switch($key) { case "name": return $this->ldap_entry["uid"][0]; case "guest": return false; case "id": return $this->ldap_entry["uidnumber"][0]; case "groups": return Identity_Ldap::Driver::groups_for($this); case "locale": // @todo return null; case "admin": return in_array($this->ldap_entry["uid"][0], Kohana::config("ldap.admins")); default: throw new Exception("@todo UNKNOWN_KEY ($key)"); } } } class Ldap_Group implements Group_Definition { public $id; public $name; public function __construct($id, $name) { $this->id = $id; $this->name = $name; $this->special = false; } }