Context Navigation

authclass.php @ 716

Revision 716, 12.7 KB (checked in by DmitryChemerik, 10 months ago)
исправлена ошибка в при импорте пользователей групп adld, ldap, ntlm

Line
1	<?php
2
3	class SAMSAuthenticate {
4	var $SAMSConf;
5	var $authOk;
6	var $UserName;
7	var $UserGroup;
8	var $DomainName;
9	var $gauditor;
10	var $autherrorc;
11	var $autherrort;
12	var $userid;
13	var $accessdenied;
14	var $salt;
15
16	function SAMSAuthenticate()
17	{
18	global $SAMSConf;
19
20	$this->SAMSConf=$SAMSConf;
21	$this->authOk=0;
22	$this->UserName="";
23	$this->DomainName="";
24	$this->accessdenied=0;
25	}
26	function SetUserAuthErrorVariables()
27	{
28	global $SAMSConf;
29	$DB=new SAMSDB(&$SAMSConf);
30
31	$time=time();
32
33	if($this->authOk!=0 && $this->autherrorc!=0 )
34	{
35	$result=$DB->samsdb_query("UPDATE squiduser SET s_autherrorc='0',s_autherrort='0' WHERE s_user_id='$this->userid' ");
36	return(0);
37	}
38	if( $this->authOk==0 )
39	{
40	if($this->autherrorc>=2)
41	{
42	$result=$DB->samsdb_query("UPDATE squiduser SET s_autherrorc='0',s_autherrort='$time' WHERE s_user_id='$this->userid' ");
43	return(1);
44	}
45	if($this->autherrorc<2 && $time>$this->autherrort+60)
46	{
47	$result=$DB->samsdb_query("UPDATE squiduser SET s_autherrorc=s_autherrorc+1,s_autherrort='0' WHERE s_nick='$this->UserName' ");
48	return(-1);
49	}
50	}
51	}
52
53	function LoadUserVariables($request)
54	{
55	global $SAMSConf;
56	$DB=new SAMSDB(&$SAMSConf);
57	$num_rows=$DB->samsdb_query_value($request);
58
59	if($num_rows==1)
60	{
61	$row=$DB->samsdb_fetch_array();
62	$this->UserName=$row['s_nick'];
63	$this->UserGroup=$row['s_group_id'];
64	$this->gauditor=$row['s_gauditor'];
65	$this->autherrorc=$row['s_autherrorc'];
66	$this->autherrort=$row['s_autherrort'];
67	$this->userid=$row['s_user_id'];
68	$this->salt=substr($row['s_passwd'],0,2);
69	return(1);
70	}
71	else
72	$this->UserName="";
73
74	return(0);
75	}
76
77	function LoadUndefinedUserVariables($request)
78	{
79	global $SAMSConf;
80	$DB=new SAMSDB(&$SAMSConf);
81	$num_rows=$DB->samsdb_query_value($request);
82
83	if($num_rows>0)
84	{
85	$row=$DB->samsdb_fetch_array();
86	$this->UserName=$row['s_nick'];
87	$this->UserGroup=$row['s_group_id'];
88	$this->gauditor=$row['s_gauditor'];
89	$this->autherrorc=$row['s_autherrorc'];
90	$this->autherrort=$row['s_autherrort'];
91	$this->userid=$row['s_user_id'];
92	$this->salt=substr($row['s_passwd'],0,2);
93	return(1);
94	}
95	else
96	$this->UserName="";
97
98	return(0);
99	}
100
101
102	function ShowVariables()
103	{
104	echo "authOk=$this->authOk<BR>";
105	echo "UserName=$this->UserName<BR>";
106	echo "UserGroup=$this->UserGroup<BR>";
107	echo "DomainName=$this->DomainName<BR>";
108	echo "gauditor=$this->gauditor<BR>";
109	echo "autherrorc=$this->autherrorc<BR>";
110	echo "autherrort=$this->autherrort<BR>";
111	echo "userid=$this->userid<BR>";
112
113	}
114
115	}
116
117
118	class LDAPAuthenticate extends SAMSAuthenticate {
119	function UserAuthenticate($user, $password)
120	{
121	$this->UserName=$user;
122	$request="SELECT s_nick,s_passwd,s_domain,s_gauditor,squiduser.s_group_id,s_autherrorc,s_autherrort,s_user_id FROM squiduser WHERE s_nick=\"$user\" ";
123	if($this->LoadUserVariables($request)>0)
124	{
125
126	$host=GetAuthParameter("ldap","ldapserver");
127	$basedn=GetAuthParameter("ldap","basedn");
128	$usersrdn=GetAuthParameter("ldap","usersrdn");
129	$usersfilter=GetAuthParameter("ldap","usersfilter");
130	$usernameattr=GetAuthParameter("ldap","usernameattr");
131	$groupsrdn=GetAuthParameter("ldap","groupsrdn");
132	$groupsfilter=GetAuthParameter("ldap","groupsfilter");
133
134	include('src/ldap.php');
135	$samsldap = new sams_ldap($host, $basedn, $usersrdn, $usersfilter, $usernameattr, $groupsrdn, $groupsfilter, $user, $passwd);
136
137	if ($samsldap->Authenticate($this->UserName,$password))
138	{
139	$this->authOk=1;
140	}
141	}
142	return($this->authOk);
143	}
144	function UserIDAuthenticate($userid, $password)
145	{
146	$this->userid=$userid;
147	$request="SELECT s_nick,s_passwd,s_domain,s_gauditor,squiduser.s_group_id,s_autherrorc,s_autherrort,s_user_id FROM squiduser WHERE s_user_id='$userid'";
148	if($this->LoadUserVariables($request)>0)
149	{
150	$host=GetAuthParameter("ldap","ldapserver");
151	$basedn=GetAuthParameter("ldap","basedn");
152	$usersrdn=GetAuthParameter("ldap","usersrdn");
153	$usersfilter=GetAuthParameter("ldap","usersfilter");
154	$usernameattr=GetAuthParameter("ldap","usernameattr");
155	$groupsrdn=GetAuthParameter("ldap","groupsrdn");
156	$groupsfilter=GetAuthParameter("ldap","groupsfilter");
157
158	include('src/ldap.php');
159	$samsldap = new sams_ldap($host, $basedn, $usersrdn, $usersfilter, $usernameattr, $groupsrdn, $groupsfilter, $user, $passwd);
160
161	if ($samsldap->Authenticate($this->UserName,$password))
162	{
163	$this->authOk=1;
164	}
165	}
166	return($this->authOk);
167	}
168	}
169
170
171	class ADLDAuthenticate extends SAMSAuthenticate {
172	function UserAuthenticate($user, $password)
173	{
174	$this->UserName=$user;
175	$request="SELECT s_nick,s_passwd,s_domain,s_gauditor,squiduser.s_group_id,s_autherrorc,s_autherrort,s_user_id FROM squiduser WHERE s_nick=\"$user\" ";
176	if($this->LoadUserVariables($request)>0)
177	{
178	require_once("src/adldap.php");
179
180	$adldserver=GetAuthParameter("adld","adldserver");
181	$basedn=GetAuthParameter("adld","basedn");
182	$adadmin=GetAuthParameter("adld","adadmin");
183	$adadminpasswd=GetAuthParameter("adld","adadminpasswd");
184	$adldusergroup=GetAuthParameter("adld","usergroup");
185
186	$LDAPBASEDN2=strtok($basedn,".");
187	$LDAPBASEDN="DC=$LDAPBASEDN2";
188	while(strlen($LDAPBASEDN2)>0)
189	{
190	$LDAPBASEDN2=strtok(".");
191	if(strlen($LDAPBASEDN2)>0)
192	$LDAPBASEDN="$LDAPBASEDN,DC=$LDAPBASEDN2";
193	}
194
195	$pdc=array("$adldserver");
196	$options=array(account_suffix=>"@$basedn", base_dn=>"$LDAPBASEDN",domain_controllers=>$pdc,
197	ad_username=>"$adadmin",ad_password=>"$adadminpasswd","","","");
198
199	$ldap=new adLDAP($options);
200
201	if ($ldap->authenticate($this->UserName,$password))
202	{
203	$this->authOk=1;
204	}
205	}
206	return($this->authOk);
207	}
208	function UserIDAuthenticate($userid, $password)
209	{
210	$this->userid=$userid;
211	$request="SELECT s_nick,s_passwd,s_domain,s_gauditor,squiduser.s_group_id,s_autherrorc,s_autherrort,s_user_id FROM squiduser WHERE s_user_id='$userid'";
212
213	if($this->LoadUserVariables($request)>0)
214	{
215	require_once("src/adldap.php");
216	/*
217	$pdc=array($this->SAMSConf->LDAPSERVER);
218	$options=array(account_suffix=>"@".$this->SAMSConf->LDAPDOMAIN, base_dn=>$this->SAMSConf->LDAPBASEDN,domain_controllers=>$pdc,
219	ad_username=>$this->SAMSConf->LDAPUSER,ad_password=>$this->SAMSConf->LDAPUSERPASSWD,"","","");
220	$ldap=new adLDAP($options);
221	*/
222
223	$adldserver=GetAuthParameter("adld","adldserver");
224	$basedn=GetAuthParameter("adld","basedn");
225	$adadmin=GetAuthParameter("adld","adadmin");
226	$adadminpasswd=GetAuthParameter("adld","adadminpasswd");
227	$adldusergroup=GetAuthParameter("adld","usergroup");
228
229	$LDAPBASEDN2=strtok($basedn,".");
230	$LDAPBASEDN="DC=$LDAPBASEDN2";
231	while(strlen($LDAPBASEDN2)>0)
232	{
233	$LDAPBASEDN2=strtok(".");
234	if(strlen($LDAPBASEDN2)>0)
235	$LDAPBASEDN="$LDAPBASEDN,DC=$LDAPBASEDN2";
236	}
237
238	$pdc=array("$adldserver");
239	$options=array(account_suffix=>"@$basedn", base_dn=>"$LDAPBASEDN",domain_controllers=>$pdc,
240	ad_username=>"$adadmin",ad_password=>"$adadminpasswd","","","");
241
242	$ldap=new adLDAP($options);
243
244	if ($ldap->authenticate($this->UserName,$password))
245	{
246	$this->authOk=1;
247	}
248	}
249	return($this->authOk);
250	}
251
252	}
253
254
255	class NTLMAuthenticate extends SAMSAuthenticate {
256	function UserAuthenticate($user, $password)
257	{
258	global $SAMSConf; //added by DogEater
259	$request="SELECT s_nick,s_domain,s_gauditor,squiduser.s_group_id,s_autherrorc,s_autherrort,s_user_id FROM squiduser WHERE s_nick='$user' ";
260	$this->LoadUserVariables($request);
261
262	// $STR=$this->SAMSConf->WBINFOPATH." ".$this->UserName." \"$password\"";
263	// $e = escapeshellcmd( $STR );
264	// $aaa=ExecuteShellScript("bin/testwbinfopasswd", $e);
265	// $aaa=ExecuteShellScript("bin/testwbinfopasswd", $e);
266	$aaa=ntlm_auth ($this->UserName,$password,$SAMSConf->WBINFOPATH);
267	if(stristr($aaa,"OK" )!=false\|\|stristr($aaa,"ERR" )!=true)
268	// if(stristr($aaa,"authentication succeeded" )!=false\|\|stristr($aaa,"NT_STATUS_OK" )!=false)
269	{
270	$this->authOk=1;
271	if($SAMSConf->NTLMDOMAIN=="Y")
272	{
273	if(strrpos($user,"+" )!=false)
274	{
275	$domainname=strtok($user,"+");
276	$username=strtok("+");
277	}
278	if(stristr($user,"\\" )!=false)
279	{
280	$domainname=strtok($user,"\\");
281	$username=strtok("\\");
282	}
283	if(stristr($user,"@" )!=false)
284	{
285	$domainname=strtok($user,"@");
286	$username=strtok("@");
287	}
288	}
289	else
290	$username=$user;
291	}
292
293	return($this->authOk);
294	}
295
296
297	function UserIDAuthenticate($userid, $password)
298	{
299	global $SAMSConf; //added by DogEater
300	$this->userid=$userid;
301	$request="SELECT s_nick, s_domain, s_gauditor, squiduser.s_group_id, s_autherrorc, s_autherrort, s_user_id FROM squiduser WHERE s_user_id='$userid'";
302	$this->LoadUserVariables($request);
303
304	// $STR=$this->SAMSConf->WBINFOPATH." ".$this->UserName." \"$password\"";
305	// $e = escapeshellcmd( $STR );
306	// $aaa=ExecuteShellScript("bin/testwbinfopasswd", $e);
307	// $aaa=ExecuteShellScript("bin/testwbinfopasswd", $e);
308	$aaa=ntlm_auth($this->UserName,$password,$SAMSConf->WBINFOPATH);
309	// if(stristr($aaa,"authentication succeeded" )!=false\|\|stristr($aaa,"NT_STATUS_OK" )!=false)
310	if(stristr($aaa,"OK" )!=false\|\|stristr($aaa,"ERR" )!=true)
311	{
312	$this->authOk=1;
313	if($SAMSConf->NTLMDOMAIN=="Y")
314	{
315	if(strrpos($user,"+" )!=false)
316	{
317	$domainname=strtok($user,"+");
318	$username=strtok("+");
319	}
320	if(stristr($user,"\\" )!=false)
321	{
322	$domainname=strtok($user,"\\");
323	$username=strtok("\\");
324	}
325	if(stristr($user,"@" )!=false)
326	{
327	$domainname=strtok($user,"@");
328	$username=strtok("@");
329	}
330	}
331	else
332	$username=$user;
333	}
334
335	return($this->authOk);
336	}
337
338
339	}
340
341
342	class NCSAAuthenticate extends SAMSAuthenticate {
343	function UserAuthenticate($user, $password)
344	{
345	$this->UserName=$user;
346	$request="SELECT s_nick, s_passwd, s_domain, s_gauditor, squiduser.s_group_id, s_autherrorc, s_autherrort, s_user_id FROM squiduser WHERE s_user_id='$userid'";
347
348	$this->LoadUndefinedUserVariables($request);
349	$passwd=crypt($password, $this->salt);
350
351	$request=("SELECT s_nick,s_passwd,s_domain,s_gauditor,squiduser.s_group_id,s_autherrorc,s_autherrort,s_user_id FROM squiduser WHERE s_nick='$user' AND s_passwd='$passwd' ");
352	if($this->LoadUserVariables($request)>0)
353	$this->authOk=1;
354
355	if($this->authOk==0)
356	{
357	$request="SELECT s_nick,s_passwd,s_domain,s_gauditor,squiduser.s_group_id,s_autherrorc,s_autherrort,s_user_id FROM squiduser WHERE s_nick=\"$user\" ";
358	$this->LoadUserVariables($request);
359	}
360
361	return($this->authOk);
362	}
363	function UserIDAuthenticate($userid, $password)
364	{
365	$this->userid=$userid;
366	$request="SELECT s_nick, s_passwd, s_domain, s_gauditor, squiduser.s_group_id, s_autherrorc, s_autherrort, s_user_id FROM squiduser WHERE s_user_id='$userid'";
367
368	$this->LoadUndefinedUserVariables($request);
369	$passwd=crypt($password, $this->salt);
370
371	$request="SELECT s_nick, s_passwd, s_domain, s_gauditor, squiduser.s_group_id, s_autherrorc, s_autherrort, s_user_id FROM squiduser WHERE s_user_id='$userid' AND s_passwd='$passwd'";
372
373	if($this->LoadUserVariables($request)>0)
374	{
375	$this->authOk=1;
376	}
377	else
378	{
379	$request="SELECT s_nick, s_passwd, s_domain, s_gauditor, squiduser.s_group_id, s_autherrorc, s_autherrort, s_user_id FROM squiduser WHERE s_user_id='$userid'";
380	$this->LoadUndefinedUserVariables($request);
381	}
382	return($this->authOk);
383	}
384
385
386	}
387
388
389
390
391	/*
392	global $SAMSConf;
393	require('./mysqltools.php');
394	$SAMSConf=new SAMSCONFIG();
395	$RRR_SAMS=&$SAMSConf;
396	*/
397	/*
398	$USERAUTH = new NTLMAuthenticate(&$SAMSConf);
399	$rrr=$USERAUTH->UserAuthenticate("GOZNAK+adm","7 pfobnf~2~ADM");
400	echo "NTLM AUTHENTICATE user goznak+adm: $rrr\n";
401	*/
402	/*
403	echo "SAMSDB=$RRR_SAMS->SAMSDB\n";
404	$USERAUTH = new NCSAAuthenticate(&$SAMSConf);
405	$rrr=$USERAUTH->UserAuthenticate("chemerik_nb","qazwsx");
406	echo "NCSA AUTHENTICATE user chemerik: $rrr\n";
407	*/
408	/*
409	$USERAUTH = new ADLDAuthenticate(&$SAMSConf);
410	$rrr=$USERAUTH->UserAuthenticate("chemerik","qazwsx");
411	$USERAUTH->ShowVariables();
412	echo "ADLD AUTHENTICATE user chemerik: $rrr\n";
413	*/
414	function ntlm_auth ($login, $password,$path){
415	$descriptorspec = array(
416	0 => array("pipe", "r"), // stdin is a pipe that the child will read from
417	1 => array("pipe", "w") // stdout is a pipe that the child will write to
418	);
419	//$ntlm_auth = proc_open("bin/ntlm_auth ".$path, $descriptorspec, $pipes);
420	$ntlm_auth = proc_open("bin/testwbinfopasswd ".$path, $descriptorspec, $pipes);
421	if (is_resource($ntlm_auth)) {
422	// $pipes now looks like this:
423	// 0 => writeable handle connected to child stdin
424	// 1 => readable handle connected to child stdout
425	// Any error output will be appended to /tmp/error-output.txt
426
427	fwrite($pipes[0], "$login $password\n");
428	fclose($pipes[0]);
429
430	$ntlm_auth_says = stream_get_contents($pipes[1]);
431	fclose($pipes[1]);
432	// It is important that you close any pipes before calling
433	// proc_close in order to avoid a deadlock
434	$return_value = proc_close($ntlm_auth);
435	if ($return_value == 0 ){
436	return $ntlm_auth_says;
437	}
438	else {
439	die ("Error talking to ntlm_auth: ".$ntlm_auth_says.".\n");
440	}
441	}
442	}
443	?>

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/php/authclass.php @ 716

Download in other formats: