Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix fake patch... #24

Merged
merged 1 commit into from Dec 22, 2017
Merged

Fix fake patch... #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
130 changes: 130 additions & 0 deletions sources/extra_files/app/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
View file
Open in desktop
@@ -0,0 +1,130 @@
<?php

namespace Baikal\Core;

/**
* This is an abstract authentication, that allows to create external
* authentication backends. User are automatic created, when the does not exists
* in baikal (can disabled).
*
* @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
abstract class AbstractExternalAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {

/**
* enable autocreation of user
*
* @var PDO
*/
protected $enableAutoCreation;

/**
* Reference to PDO connection
*
* @var PDO
*/
private $pdo;

/**
* PDO table name we'll be using
*
* @var string
*/
private $tableName;

/**
* Creates the backend object.
*
* If the filename argument is passed in, it will parse out the specified file fist.
*
* @param PDO $pdo
* @param string $realm
* @param string $tableName The PDO table name to use
*/
public function __construct(\PDO $pdo, $realm = 'BaikalDAV', $tableName = 'users') {

$this->pdo = $pdo;
$this->tableName = $tableName;
$this->enableAutoCreation = true;
}

/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
public function validateUserPass($username, $password) {

if (!$this->validateUserPassExternal($username, $password))
return false;

$this->currentUser = $username;
if ($this->enableAutoCreation)
$this->autoUserCreation($username);

return true;
}

/**
* Validates a username and password agains external backend
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
public abstract function validateUserPassExternal($username, $password);

/**
* return the displayname and email from the external Backend
*
* @param string $username
* @return array ('displayname' => string, 'email' => string)
*/
public function getAccountValues($username) {

return array();
}

/**
* create an internal user, when user not exists
*
* @param string $username
*/
private function autoUserCreation($username) {

/* search user in DB and do nothing, when user exists */
$stmt = $this->pdo->prepare('SELECT username FROM '.$this->tableName.' WHERE username = ?');
$stmt->execute(array($username));
$result = $stmt->fetchAll();
if (count($result) != 0)
return;

/* get account values from backend */
$values = $this->getAccountValues($username);
if (!isset($values['displayname']) OR strlen($values['displayname']) === 0)
$values['displayname'] = $username;
if (!isset($values['email']) OR strlen($values['email']) === 0) {
if(filter_var($username, FILTER_VALIDATE_EMAIL))
$values['email'] = $username;
else
$values['email'] = 'unset-mail';
}

/* create user */
$user = new \Baikal\Model\User();
$user->set('username', $username);
$user->set('displayname', $values['displayname']);
$user->set('email', $values['email']);
$user->persist();
}

}
75 changes: 75 additions & 0 deletions sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
View file
Open in desktop
@@ -0,0 +1,75 @@
<?php

namespace Baikal\Core;

/**
* This is an authentication backend that uses a ldap backend to authenticate user.
*
* @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
class LDAPUserBindAuth extends AbstractExternalAuth {

/**
* AccountValues for getAccountValues
*
* @var array ('displayname' => string, 'email' => string)
*/
private $accountValues;

/**
* Validates a username and password over ldap
*
* @param string $username
* @param string $password
* @return bool
*/
public function validateUserPassExternal($username, $password) {

/* create ldap connection */
$conn = ldap_connect(BAIKAL_DAV_LDAP_URI);
if (!$conn)
return false;
if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3))
return false;

/* bind with user
* error_handler have to change, because a failed bind raises an error
* this raise a secuity issue because in the stack trace is the password of user readable
*/
$arr = explode('@', $username, 2);
$dn = str_replace('%n', $username, BAIKAL_DAV_LDAP_DN_TEMPLATE);
$dn = str_replace('%u', $arr[0], $dn);
if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn);

set_error_handler("\Baikal\Core\LDAPUserBindAuth::exception_error_handler");
$bind = ldap_bind($conn, $dn, $password);
restore_error_handler();
if (!$bind) {
ldap_close($conn);
return false;
}

/* read displayname and email from user */
$this->accountValues = array();
$sr = ldap_read($conn, $dn, '(objectclass=*)', array(BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR, BAIKAL_DAV_LDAP_EMAIL_ATTR));
$entry = ldap_get_entries($conn, $sr);
if (isset($entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0]))
$this->accountValues['displayname'] = $entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0];
if (isset($entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0]))
$this->accountValues['email'] = $entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0];

/* close */
ldap_close($conn);
return true;
}

public function getAccountValues($username) {

return $this->accountValues;
}

# WorkAround error_handler in failed bind of LDAP
public static function exception_error_handler($errno, $errstr, $errfile, $errline) {
}
}