2 /*******************************************************************************
3 * Copyright (C) 2007 Easter-eggs
4 * http://ldapsaisie.labs.libre-entreprise.org
6 * Author: See AUTHORS file in top-level directory.
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version 2
10 * as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 ******************************************************************************/
26 LSerror :: defineError('SAMBA_SUPPORT_01',
27 _("SAMBA Support : Unable to load smbHash class.")
29 LSerror :: defineError('SAMBA_SUPPORT_02',
30 _("SAMBA Support : The constant %{const} is not defined.")
33 LSerror :: defineError('SAMBA_SUPPORT_03',
34 _("SAMBA Support : The constants LS_SAMBA_SID_BASE_USER and LS_SAMBA_SID_BASE_GROUP must'nt have the same parity to keep SambaSID's unicity.")
38 LSerror :: defineError('SAMBA_01',
39 _("SAMBA Support : The attribute %{dependency} is missing. Unable to forge the attribute %{attr}.")
41 LSerror :: defineError('SAMBA_02',
42 _("SAMBA Support : Can't get the sambaDomain object.")
44 LSerror :: defineError('SAMBA_03',
45 _("SAMBA Support : Error modifying the sambaDomain object.")
47 LSerror :: defineError('SAMBA_04',
48 _("SAMBA Support : The %{attr} of the sambaDomain object is incorrect.")
53 // Le temps infini au sens NT
54 define('LS_SAMBA_INFINITY_TIME',2147483647);
57 * Verification du support Samba par ldapSaisie
59 * @author Benjamin Renard <brenard@easter-eggs.com>
61 * @retval boolean true si Samba est pleinement supporté, false sinon
63 function LSaddon_samba_support() {
67 // Dependance de librairie
68 if ( !class_exists('smbHash') ) {
69 if ( !LSsession::includeFile(LS_LIB_DIR . 'class.smbHash.php') ) {
70 LSerror :: addErrorCode('SAMBA_SUPPORT_01');
76 $MUST_DEFINE_CONST= array(
77 'LS_SAMBA_DOMAIN_SID',
78 'LS_SAMBA_DOMAIN_NAME',
79 'LS_SAMBA_HOME_PATH_FORMAT',
80 'LS_SAMBA_PROFILE_PATH_FORMAT',
81 'LS_SAMBA_DOMAIN_OBJECT_DN',
82 'LS_SAMBA_SID_BASE_USER',
83 'LS_SAMBA_SID_BASE_GROUP',
84 'LS_SAMBA_UIDNUMBER_ATTR',
85 'LS_SAMBA_GIDNUMBER_ATTR',
86 'LS_SAMBA_USERPASSWORD_ATTR'
89 foreach($MUST_DEFINE_CONST as $const) {
90 if ( (!defined($const)) || (constant($const) == "")) {
91 LSerror :: addErrorCode('SAMBA_SUPPORT_02',$const);
96 // Pour l'intégrité des SID
97 if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) {
98 LSerror :: addErrorCode('SAMBA_SUPPORT_03');
106 * Generation de sambaSID d'un utilisateur
108 * @author Benjamin Renard <brenard@easter-eggs.com>
110 * Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER
111 * sambaSID = LS_SAMBA_DOMAIN_SID-Number
113 * @param[in] $ldapObject L'objet ldap
115 * @retval string SambaSID ou false si il y a un problème durant la génération
117 function generate_sambaUserSID($ldapObject) {
118 if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) {
119 LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID'));
123 $uidnumber_attr_val = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue();
124 $uidnumber_attr_val = $uidnumber_attr_val[0];
125 $uidNumber = $uidnumber_attr_val * 2 + LS_SAMBA_SID_BASE_USER;
126 $sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber;
132 * Generation de sambaSID d'un groupe
134 * @author Benjamin Renard <brenard@easter-eggs.com>
136 * Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
137 * sambaSID = LS_SAMBA_DOMAIN_SID-Number
139 * @param[in] $ldapObject L'objet ldap
141 * @retval string SambaSID ou false si il y a un problème durant la génération
143 function generate_sambaGroupSID($ldapObject) {
144 if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
145 LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaSID'));
149 $gidnumber_attr_val = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue();
150 $gidnumber_attr_val = $gidnumber_attr_val[0];
151 $gidNumber = $gidnumber_attr_val * 2 + LS_SAMBA_SID_BASE_GROUP;
152 $sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
158 * Generation de sambaPrimaryGroupSID
160 * @author Benjamin Renard <brenard@easter-eggs.com>
162 * Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
163 * sambaSID = LS_SAMBA_DOMAIN_SID-Number
165 * @param[in] $ldapObject L'objet ldap
167 * @retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération
169 function generate_sambaPrimaryGroupSID($ldapObject) {
170 if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
171 LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID'));
175 $gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue();
176 $gidNumber = $gidNumber[0] * 2 + LS_SAMBA_SID_BASE_GROUP;
177 $sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
179 return ($sambaPrimaryGroupSID);
183 * Generation de sambaNTPassword
185 * @author Benjamin Renard <brenard@easter-eggs.com>
187 * @param[in] $ldapObject L'objet ldap
189 * @retval string sambaNTPassword ou false si il y a un problème durant la génération
191 function generate_sambaNTPassword($ldapObject) {
192 if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
193 LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaNTPassword'));
197 $password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
198 $sambapassword = new smbHash;
199 $sambaNTPassword = $sambapassword -> nthash($password);
201 if($sambaNTPassword == '') {
204 return $sambaNTPassword;
208 * Generation de sambaLMPassword
210 * @author Benjamin Renard <brenard@easter-eggs.com>
212 * @param[in] $ldapObject L'objet ldap
214 * @retval string sambaLMPassword ou false si il y a un problème durant la génération
216 function generate_sambaLMPassword($ldapObject) {
217 if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
218 LSerror :: addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaLMPassword'));
222 $password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
223 $sambapassword = new smbHash;
224 $sambaLMPassword = $sambapassword -> lmhash($password);
226 if($sambaLMPassword == '') {
229 return $sambaLMPassword;
233 * Generation de uidNumber en utilisant l'objet sambaDomain
235 * @author Benjamin Renard <brenard@easter-eggs.com>
237 * @param[in] $ldapObject L'objet ldap
239 * @retval integer uidNumber ou false si il y a un problème durant la génération
241 function generate_uidNumber_withSambaDomainObject($ldapObject) {
242 $sambaDomain = LSldap :: getLdapEntry ( LS_SAMBA_DOMAIN_OBJECT_DN );
243 if ($sambaDomain === false) {
244 LSerror :: addErrorCode('SAMBA_02');
248 $uidNumber = $sambaDomain->getValue('uidNumber','single');
249 if (Net_LDAP2::isError($uidNumber) || $uidNumber==0) {
250 LSerror :: addErrorCode('SAMBA_04','uidNumber');
254 $sambaDomain->replace(array('uidNumber' => ($uidNumber+1)));
255 $res = $sambaDomain->update();
256 if(!Net_LDAP2::isError($res)) {
260 LSerror :: addErrorCode('SAMBA_03');
266 * Generation de gidNumber en utilisant l'objet sambaDomain
268 * @author Benjamin Renard <brenard@easter-eggs.com>
270 * @param[in] $ldapObject L'objet ldap
272 * @retval integer gidNumber ou false si il y a un problème durant la génération
274 function generate_gidNumber_withSambaDomainObject($ldapObject) {
275 $sambaDomain = LSldap :: getLdapEntry ( LS_SAMBA_DOMAIN_OBJECT_DN );
276 if ($sambaDomain === false) {
277 LSerror :: addErrorCode('SAMBA_02');
281 $gidNumber = $sambaDomain->getValue('gidNumber','single');
282 if (Net_LDAP2::isError($gidNumber) || $gidNumber==0) {
283 LSerror :: addErrorCode('SAMBA_04','gidNumber');
287 $sambaDomain->replace(array('gidNumber' => ($gidNumber+1)));
288 $res = $sambaDomain->update();
289 if(!Net_LDAP2::isError($res)) {
293 LSerror :: addErrorCode('SAMBA_03');
299 * Retourne le temps infini au sens NT
301 * @author Benjamin Renard <brenard@easter-eggs.com>
303 * @param[in] $ldapObject L'objet ldap
305 * @retval integer le temps infinie au sens NT
307 function return_sambaInfinityTime($ldapObject) {
308 return LS_SAMBA_INFINITY_TIME;
312 * Generation de l'attribut sambaPwdLastSet
314 * @author Benjamin Renard <brenard@easter-eggs.com>
316 * @param[in] $ldapObject L'objet ldap
318 * @retval string sambaPwdLastSet
320 function generate_sambaPwdLastSet($ldapObject) {
325 * Generation du sambaDomainName
327 * @author Benjamin Renard <brenard@easter-eggs.com>
329 * @retval string Le sambaDomainName
331 function generate_sambaDomainName($ldapObject) {
332 return LS_SAMBA_DOMAIN_NAME;
336 * Generation du sambaHomePath
338 * @author Benjamin Renard <brenard@easter-eggs.com>
340 * @retval string Le sambaHomePath
342 function generate_sambaHomePath($ldapObject) {
343 return $ldapObject -> getFData(LS_SAMBA_HOME_PATH_FORMAT);
347 * Generation du sambaProfilePath
349 * @author Benjamin Renard <brenard@easter-eggs.com>
351 * @retval string Le sambaProfilePath
353 function generate_sambaProfilePath($ldapObject) {
354 return $ldapObject -> getFData(LS_SAMBA_PROFILE_PATH_FORMAT);
358 * Generation de l'attribut shadowExpire à partir de
359 * l'attribut sambaPwdMustChange
361 * @author Benjamin Renard <brenard@easter-eggs.com>
363 * @retval string La valeur de shadowExpire
365 function generate_shadowExpire_from_sambaPwdMustChange($ldapObject) {
366 $time=$ldapObject -> getValue('sambaPwdMustChange');
369 return (string)round($time/86400);
375 * Generation d'un timestamp a partir de l'attribut shadowExpire
377 * @author Benjamin Renard <brenard@easter-eggs.com>
379 * @retval string Timestamp correspant à shadowExpire
381 function generate_timestamp_from_shadowExpire($ldapObject) {
382 $days=$ldapObject -> getValue('shadowExpire');
385 return (string)($days*86400);
391 * Generation de l'attribut sambaPwdMustChange a partir de
392 * l'attribut shadowExpire
394 * @author Benjamin Renard <brenard@easter-eggs.com>
396 * @retval string La valeur de sambaPwdMustChange
398 function generate_sambaPwdMustChange_from_shadowExpire($ldapObject) {
399 return generate_timestamp_from_shadowExpire($ldapObject);
403 * Generation de l'attribut sambaKickoffTime a partir de
404 * l'attribut shadowExpire
406 * @author Benjamin Renard <brenard@easter-eggs.com>
408 * @retval string La valeur de sambaKickoffTime
410 function generate_sambaKickoffTime_from_shadowExpire($ldapObject) {
411 return generate_timestamp_from_shadowExpire($ldapObject);