Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x

This commit is contained in:
Sarven Capadisli 2009-11-04 19:06:10 +00:00
commit eb42ad5635
14 changed files with 6449 additions and 2 deletions

View File

@ -474,3 +474,8 @@ StartPublicXRDS: Start XRDS output (right after the opening XRDS tag)
EndPublicXRDS: End XRDS output (right before the closing XRDS tag)
- $action: the current action
- &$xrdsoutputter - XRDSOutputter object to write to
CheckPassword: Check a username/password
- $nickname: The nickname to check
- $password: The password to check
- &$authenticated: set to true to indicate authentication succeeded.

1791
extlib/Net/LDAP2.php Normal file

File diff suppressed because it is too large Load Diff

1055
extlib/Net/LDAP2/Entry.php Normal file

File diff suppressed because it is too large Load Diff

514
extlib/Net/LDAP2/Filter.php Normal file
View File

@ -0,0 +1,514 @@
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the Net_LDAP2_Filter interface class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @copyright 2009 Benedikt Hallinger
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
* @version SVN: $Id: Filter.php 289978 2009-10-27 09:56:41Z beni $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* Includes
*/
require_once 'PEAR.php';
require_once 'Util.php';
/**
* Object representation of a part of a LDAP filter.
*
* This Class is not completely compatible to the PERL interface!
*
* The purpose of this class is, that users can easily build LDAP filters
* without having to worry about right escaping etc.
* A Filter is built using several independent filter objects
* which are combined afterwards. This object works in two
* modes, depending how the object is created.
* If the object is created using the {@link create()} method, then this is a leaf-object.
* If the object is created using the {@link combine()} method, then this is a container object.
*
* LDAP filters are defined in RFC-2254 and can be found under
* {@link http://www.ietf.org/rfc/rfc2254.txt}
*
* Here a quick copy&paste example:
* <code>
* $filter0 = Net_LDAP2_Filter::create('stars', 'equals', '***');
* $filter_not0 = Net_LDAP2_Filter::combine('not', $filter0);
*
* $filter1 = Net_LDAP2_Filter::create('gn', 'begins', 'bar');
* $filter2 = Net_LDAP2_Filter::create('gn', 'ends', 'baz');
* $filter_comp = Net_LDAP2_Filter::combine('or',array($filter_not0, $filter1, $filter2));
*
* echo $filter_comp->asString();
* // This will output: (|(!(stars=\0x5c0x2a\0x5c0x2a\0x5c0x2a))(gn=bar*)(gn=*baz))
* // The stars in $filter0 are treaten as real stars unless you disable escaping.
* </code>
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @link http://pear.php.net/package/Net_LDAP2/
*/
class Net_LDAP2_Filter extends PEAR
{
/**
* Storage for combination of filters
*
* This variable holds a array of filter objects
* that should be combined by this filter object.
*
* @access protected
* @var array
*/
protected $_subfilters = array();
/**
* Match of this filter
*
* If this is a leaf filter, then a matching rule is stored,
* if it is a container, then it is a logical operator
*
* @access protected
* @var string
*/
protected $_match;
/**
* Single filter
*
* If we operate in leaf filter mode,
* then the constructing method stores
* the filter representation here
*
* @acces private
* @var string
*/
protected $_filter;
/**
* Create a new Net_LDAP2_Filter object and parse $filter.
*
* This is for PERL Net::LDAP interface.
* Construction of Net_LDAP2_Filter objects should happen through either
* {@link create()} or {@link combine()} which give you more control.
* However, you may use the perl iterface if you already have generated filters.
*
* @param string $filter LDAP filter string
*
* @see parse()
*/
public function __construct($filter = false)
{
// The optional parameter must remain here, because otherwise create() crashes
if (false !== $filter) {
$filter_o = self::parse($filter);
if (PEAR::isError($filter_o)) {
$this->_filter = $filter_o; // assign error, so asString() can report it
} else {
$this->_filter = $filter_o->asString();
}
}
}
/**
* Constructor of a new part of a LDAP filter.
*
* The following matching rules exists:
* - equals: One of the attributes values is exactly $value
* Please note that case sensitiviness is depends on the
* attributes syntax configured in the server.
* - begins: One of the attributes values must begin with $value
* - ends: One of the attributes values must end with $value
* - contains: One of the attributes values must contain $value
* - present | any: The attribute can contain any value but must be existent
* - greater: The attributes value is greater than $value
* - less: The attributes value is less than $value
* - greaterOrEqual: The attributes value is greater or equal than $value
* - lessOrEqual: The attributes value is less or equal than $value
* - approx: One of the attributes values is similar to $value
*
* If $escape is set to true (default) then $value will be escaped
* properly. If it is set to false then $value will be treaten as raw filter value string.
* You should escape yourself using {@link Net_LDAP2_Util::escape_filter_value()}!
*
* Examples:
* <code>
* // This will find entries that contain an attribute "sn" that ends with "foobar":
* $filter = new Net_LDAP2_Filter('sn', 'ends', 'foobar');
*
* // This will find entries that contain an attribute "sn" that has any value set:
* $filter = new Net_LDAP2_Filter('sn', 'any');
* </code>
*
* @param string $attr_name Name of the attribute the filter should apply to
* @param string $match Matching rule (equals, begins, ends, contains, greater, less, greaterOrEqual, lessOrEqual, approx, any)
* @param string $value (optional) if given, then this is used as a filter
* @param boolean $escape Should $value be escaped? (default: yes, see {@link Net_LDAP2_Util::escape_filter_value()} for detailed information)
*
* @return Net_LDAP2_Filter|Net_LDAP2_Error
*/
public static function &create($attr_name, $match, $value = '', $escape = true)
{
$leaf_filter = new Net_LDAP2_Filter();
if ($escape) {
$array = Net_LDAP2_Util::escape_filter_value(array($value));
$value = $array[0];
}
switch (strtolower($match)) {
case 'equals':
$leaf_filter->_filter = '(' . $attr_name . '=' . $value . ')';
break;
case 'begins':
$leaf_filter->_filter = '(' . $attr_name . '=' . $value . '*)';
break;
case 'ends':
$leaf_filter->_filter = '(' . $attr_name . '=*' . $value . ')';
break;
case 'contains':
$leaf_filter->_filter = '(' . $attr_name . '=*' . $value . '*)';
break;
case 'greater':
$leaf_filter->_filter = '(' . $attr_name . '>' . $value . ')';
break;
case 'less':
$leaf_filter->_filter = '(' . $attr_name . '<' . $value . ')';
break;
case 'greaterorequal':
case '>=':
$leaf_filter->_filter = '(' . $attr_name . '>=' . $value . ')';
break;
case 'lessorequal':
case '<=':
$leaf_filter->_filter = '(' . $attr_name . '<=' . $value . ')';
break;
case 'approx':
case '~=':
$leaf_filter->_filter = '(' . $attr_name . '~=' . $value . ')';
break;
case 'any':
case 'present': // alias that may improve user code readability
$leaf_filter->_filter = '(' . $attr_name . '=*)';
break;
default:
return PEAR::raiseError('Net_LDAP2_Filter create error: matching rule "' . $match . '" not known!');
}
return $leaf_filter;
}
/**
* Combine two or more filter objects using a logical operator
*
* This static method combines two or more filter objects and returns one single
* filter object that contains all the others.
* Call this method statically: $filter = Net_LDAP2_Filter('or', array($filter1, $filter2))
* If the array contains filter strings instead of filter objects, we will try to parse them.
*
* @param string $log_op The locicall operator. May be "and", "or", "not" or the subsequent logical equivalents "&", "|", "!"
* @param array|Net_LDAP2_Filter $filters array with Net_LDAP2_Filter objects
*
* @return Net_LDAP2_Filter|Net_LDAP2_Error
* @static
*/
public static function &combine($log_op, $filters)
{
if (PEAR::isError($filters)) {
return $filters;
}
// substitude named operators to logical operators
if ($log_op == 'and') $log_op = '&';
if ($log_op == 'or') $log_op = '|';
if ($log_op == 'not') $log_op = '!';
// tests for sane operation
if ($log_op == '!') {
// Not-combination, here we only accept one filter object or filter string
if ($filters instanceof Net_LDAP2_Filter) {
$filters = array($filters); // force array
} elseif (is_string($filters)) {
$filter_o = self::parse($filters);
if (PEAR::isError($filter_o)) {
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: '.$filter_o->getMessage());
return $err;
} else {
$filters = array($filter_o);
}
} elseif (is_array($filters)) {
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is an array!');
return $err;
} else {
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is not a valid Net_LDAP2_Filter nor a filter string!');
return $err;
}
} elseif ($log_op == '&' || $log_op == '|') {
if (!is_array($filters) || count($filters) < 2) {
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: parameter $filters is not an array or contains less than two Net_LDAP2_Filter objects!');
return $err;
}
} else {
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: logical operator is not known!');
return $err;
}
$combined_filter = new Net_LDAP2_Filter();
foreach ($filters as $key => $testfilter) { // check for errors
if (PEAR::isError($testfilter)) {
return $testfilter;
} elseif (is_string($testfilter)) {
// string found, try to parse into an filter object
$filter_o = self::parse($testfilter);
if (PEAR::isError($filter_o)) {
return $filter_o;
} else {
$filters[$key] = $filter_o;
}
} elseif (!$testfilter instanceof Net_LDAP2_Filter) {
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: invalid object passed in array $filters!');
return $err;
}
}
$combined_filter->_subfilters = $filters;
$combined_filter->_match = $log_op;
return $combined_filter;
}
/**
* Parse FILTER into a Net_LDAP2_Filter object
*
* This parses an filter string into Net_LDAP2_Filter objects.
*
* @param string $FILTER The filter string
*
* @access static
* @return Net_LDAP2_Filter|Net_LDAP2_Error
* @todo Leaf-mode: Do we need to escape at all? what about *-chars?check for the need of encoding values, tackle problems (see code comments)
*/
public static function parse($FILTER)
{
if (preg_match('/^\((.+?)\)$/', $FILTER, $matches)) {
if (in_array(substr($matches[1], 0, 1), array('!', '|', '&'))) {
// Subfilter processing: pass subfilters to parse() and combine
// the objects using the logical operator detected
// we have now something like "&(...)(...)(...)" but at least one part ("!(...)").
// Each subfilter could be an arbitary complex subfilter.
// extract logical operator and filter arguments
$log_op = substr($matches[1], 0, 1);
$remaining_component = substr($matches[1], 1);
// split $remaining_component into individual subfilters
// we cannot use split() for this, because we do not know the
// complexiness of the subfilter. Thus, we look trough the filter
// string and just recognize ending filters at the first level.
// We record the index number of the char and use that information
// later to split the string.
$sub_index_pos = array();
$prev_char = ''; // previous character looked at
$level = 0; // denotes the current bracket level we are,
// >1 is too deep, 1 is ok, 0 is outside any
// subcomponent
for ($curpos = 0; $curpos < strlen($remaining_component); $curpos++) {
$cur_char = substr($remaining_component, $curpos, 1);
// rise/lower bracket level
if ($cur_char == '(' && $prev_char != '\\') {
$level++;
} elseif ($cur_char == ')' && $prev_char != '\\') {
$level--;
}
if ($cur_char == '(' && $prev_char == ')' && $level == 1) {
array_push($sub_index_pos, $curpos); // mark the position for splitting
}
$prev_char = $cur_char;
}
// now perform the splits. To get also the last part, we
// need to add the "END" index to the split array
array_push($sub_index_pos, strlen($remaining_component));
$subfilters = array();
$oldpos = 0;
foreach ($sub_index_pos as $s_pos) {
$str_part = substr($remaining_component, $oldpos, $s_pos - $oldpos);
array_push($subfilters, $str_part);
$oldpos = $s_pos;
}
// some error checking...
if (count($subfilters) == 1) {
// only one subfilter found
} elseif (count($subfilters) > 1) {
// several subfilters found
if ($log_op == "!") {
return PEAR::raiseError("Filter parsing error: invalid filter syntax - NOT operator detected but several arguments given!");
}
} else {
// this should not happen unless the user specified a wrong filter
return PEAR::raiseError("Filter parsing error: invalid filter syntax - got operator '$log_op' but no argument!");
}
// Now parse the subfilters into objects and combine them using the operator
$subfilters_o = array();
foreach ($subfilters as $s_s) {
$o = self::parse($s_s);
if (PEAR::isError($o)) {
return $o;
} else {
array_push($subfilters_o, self::parse($s_s));
}
}
$filter_o = self::combine($log_op, $subfilters_o);
return $filter_o;
} else {
// This is one leaf filter component, do some syntax checks, then escape and build filter_o
// $matches[1] should be now something like "foo=bar"
// detect multiple leaf components
// [TODO] Maybe this will make problems with filters containing brackets inside the value
if (stristr($matches[1], ')(')) {
return PEAR::raiseError("Filter parsing error: invalid filter syntax - multiple leaf components detected!");
} else {
$filter_parts = preg_split('/(?<!\\\\)(=|=~|>|<|>=|<=)/', $matches[1], 2, PREG_SPLIT_DELIM_CAPTURE);
if (count($filter_parts) != 3) {
return PEAR::raiseError("Filter parsing error: invalid filter syntax - unknown matching rule used");
} else {
$filter_o = new Net_LDAP2_Filter();
// [TODO]: Do we need to escape at all? what about *-chars user provide and that should remain special?
// I think, those prevent escaping! We need to check against PERL Net::LDAP!
// $value_arr = Net_LDAP2_Util::escape_filter_value(array($filter_parts[2]));
// $value = $value_arr[0];
$value = $filter_parts[2];
$filter_o->_filter = '('.$filter_parts[0].$filter_parts[1].$value.')';
return $filter_o;
}
}
}
} else {
// ERROR: Filter components must be enclosed in round brackets
return PEAR::raiseError("Filter parsing error: invalid filter syntax - filter components must be enclosed in round brackets");
}
}
/**
* Get the string representation of this filter
*
* This method runs through all filter objects and creates
* the string representation of the filter. If this
* filter object is a leaf filter, then it will return
* the string representation of this filter.
*
* @return string|Net_LDAP2_Error
*/
public function asString()
{
if ($this->isLeaf()) {
$return = $this->_filter;
} else {
$return = '';
foreach ($this->_subfilters as $filter) {
$return = $return.$filter->asString();
}
$return = '(' . $this->_match . $return . ')';
}
return $return;
}
/**
* Alias for perl interface as_string()
*
* @see asString()
* @return string|Net_LDAP2_Error
*/
public function as_string()
{
return $this->asString();
}
/**
* Print the text representation of the filter to FH, or the currently selected output handle if FH is not given
*
* This method is only for compatibility to the perl interface.
* However, the original method was called "print" but due to PHP language restrictions,
* we can't have a print() method.
*
* @param resource $FH (optional) A filehandle resource
*
* @return true|Net_LDAP2_Error
*/
public function printMe($FH = false)
{
if (!is_resource($FH)) {
if (PEAR::isError($FH)) {
return $FH;
}
$filter_str = $this->asString();
if (PEAR::isError($filter_str)) {
return $filter_str;
} else {
print($filter_str);
}
} else {
$filter_str = $this->asString();
if (PEAR::isError($filter_str)) {
return $filter_str;
} else {
$res = @fwrite($FH, $this->asString());
if ($res == false) {
return PEAR::raiseError("Unable to write filter string to filehandle \$FH!");
}
}
}
return true;
}
/**
* This can be used to escape a string to provide a valid LDAP-Filter.
*
* LDAP will only recognise certain characters as the
* character istself if they are properly escaped. This is
* what this method does.
* The method can be called statically, so you can use it outside
* for your own purposes (eg for escaping only parts of strings)
*
* In fact, this is just a shorthand to {@link Net_LDAP2_Util::escape_filter_value()}.
* For upward compatibiliy reasons you are strongly encouraged to use the escape
* methods provided by the Net_LDAP2_Util class.
*
* @param string $value Any string who should be escaped
*
* @static
* @return string The string $string, but escaped
* @deprecated Do not use this method anymore, instead use Net_LDAP2_Util::escape_filter_value() directly
*/
public static function escape($value)
{
$return = Net_LDAP2_Util::escape_filter_value(array($value));
return $return[0];
}
/**
* Is this a container or a leaf filter object?
*
* @access protected
* @return boolean
*/
protected function isLeaf()
{
if (count($this->_subfilters) > 0) {
return false; // Container!
} else {
return true; // Leaf!
}
}
}
?>

922
extlib/Net/LDAP2/LDIF.php Normal file
View File

@ -0,0 +1,922 @@
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the Net_LDAP2_LDIF interface class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @copyright 2009 Benedikt Hallinger
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
* @version SVN: $Id: LDIF.php 286718 2009-08-03 07:30:49Z beni $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* Includes
*/
require_once 'PEAR.php';
require_once 'Net/LDAP2.php';
require_once 'Net/LDAP2/Entry.php';
require_once 'Net/LDAP2/Util.php';
/**
* LDIF capabilitys for Net_LDAP2, closely taken from PERLs Net::LDAP
*
* It provides a means to convert between Net_LDAP2_Entry objects and LDAP entries
* represented in LDIF format files. Reading and writing are supported and may
* manipulate single entries or lists of entries.
*
* Usage example:
* <code>
* // Read and parse an ldif-file into Net_LDAP2_Entry objects
* // and print out the DNs. Store the entries for later use.
* require 'Net/LDAP2/LDIF.php';
* $options = array(
* 'onerror' => 'die'
* );
* $entries = array();
* $ldif = new Net_LDAP2_LDIF('test.ldif', 'r', $options);
* do {
* $entry = $ldif->read_entry();
* $dn = $entry->dn();
* echo " done building entry: $dn\n";
* array_push($entries, $entry);
* } while (!$ldif->eof());
* $ldif->done();
*
*
* // write those entries to another file
* $ldif = new Net_LDAP2_LDIF('test.out.ldif', 'w', $options);
* $ldif->write_entry($entries);
* $ldif->done();
* </code>
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @link http://pear.php.net/package/Net_LDAP22/
* @see http://www.ietf.org/rfc/rfc2849.txt
* @todo Error handling should be PEARified
* @todo LDAPv3 controls are not implemented yet
*/
class Net_LDAP2_LDIF extends PEAR
{
/**
* Options
*
* @access protected
* @var array
*/
protected $_options = array('encode' => 'base64',
'onerror' => null,
'change' => 0,
'lowercase' => 0,
'sort' => 0,
'version' => null,
'wrap' => 78,
'raw' => ''
);
/**
* Errorcache
*
* @access protected
* @var array
*/
protected $_error = array('error' => null,
'line' => 0
);
/**
* Filehandle for read/write
*
* @access protected
* @var array
*/
protected $_FH = null;
/**
* Says, if we opened the filehandle ourselves
*
* @access protected
* @var array
*/
protected $_FH_opened = false;
/**
* Linecounter for input file handle
*
* @access protected
* @var array
*/
protected $_input_line = 0;
/**
* counter for processed entries
*
* @access protected
* @var int
*/
protected $_entrynum = 0;
/**
* Mode we are working in
*
* Either 'r', 'a' or 'w'
*
* @access protected
* @var string
*/
protected $_mode = false;
/**
* Tells, if the LDIF version string was already written
*
* @access protected
* @var boolean
*/
protected $_version_written = false;
/**
* Cache for lines that have build the current entry
*
* @access protected
* @var boolean
*/
protected $_lines_cur = array();
/**
* Cache for lines that will build the next entry
*
* @access protected
* @var boolean
*/
protected $_lines_next = array();
/**
* Open LDIF file for reading or for writing
*
* new (FILE):
* Open the file read-only. FILE may be the name of a file
* or an already open filehandle.
* If the file doesn't exist, it will be created if in write mode.
*
* new (FILE, MODE, OPTIONS):
* Open the file with the given MODE (see PHPs fopen()), eg "w" or "a".
* FILE may be the name of a file or an already open filehandle.
* PERLs Net_LDAP2 "FILE|" mode does not work curently.
*
* OPTIONS is an associative array and may contain:
* encode => 'none' | 'canonical' | 'base64'
* Some DN values in LDIF cannot be written verbatim and have to be encoded in some way:
* 'none' No encoding.
* 'canonical' See "canonical_dn()" in Net::LDAP::Util.
* 'base64' Use base64. (default, this differs from the Perl interface.
* The perl default is "none"!)
*
* onerror => 'die' | 'warn' | NULL
* Specify what happens when an error is detected.
* 'die' Net_LDAP2_LDIF will croak with an appropriate message.
* 'warn' Net_LDAP2_LDIF will warn (echo) with an appropriate message.
* NULL Net_LDAP2_LDIF will not warn (default), use error().
*
* change => 1
* Write entry changes to the LDIF file instead of the entries itself. I.e. write LDAP
* operations acting on the entries to the file instead of the entries contents.
* This writes the changes usually carried out by an update() to the LDIF file.
*
* lowercase => 1
* Convert attribute names to lowercase when writing.
*
* sort => 1
* Sort attribute names when writing entries according to the rule:
* objectclass first then all other attributes alphabetically sorted by attribute name
*
* version => '1'
* Set the LDIF version to write to the resulting LDIF file.
* According to RFC 2849 currently the only legal value for this option is 1.
* When this option is set Net_LDAP2_LDIF tries to adhere more strictly to
* the LDIF specification in RFC2489 in a few places.
* The default is NULL meaning no version information is written to the LDIF file.
*
* wrap => 78
* Number of columns where output line wrapping shall occur.
* Default is 78. Setting it to 40 or lower inhibits wrapping.
*
* raw => REGEX
* Use REGEX to denote the names of attributes that are to be
* considered binary in search results if writing entries.
* Example: raw => "/(?i:^jpegPhoto|;binary)/i"
*
* @param string|ressource $file Filename or filehandle
* @param string $mode Mode to open filename
* @param array $options Options like described above
*/
public function __construct($file, $mode = 'r', $options = array())
{
$this->PEAR('Net_LDAP2_Error'); // default error class
// First, parse options
// todo: maybe implement further checks on possible values
foreach ($options as $option => $value) {
if (!array_key_exists($option, $this->_options)) {
$this->dropError('Net_LDAP2_LDIF error: option '.$option.' not known!');
return;
} else {
$this->_options[$option] = strtolower($value);
}
}
// setup LDIF class
$this->version($this->_options['version']);
// setup file mode
if (!preg_match('/^[rwa]\+?$/', $mode)) {
$this->dropError('Net_LDAP2_LDIF error: file mode '.$mode.' not supported!');
} else {
$this->_mode = $mode;
// setup filehandle
if (is_resource($file)) {
// TODO: checks on mode possible?
$this->_FH =& $file;
} else {
$imode = substr($this->_mode, 0, 1);
if ($imode == 'r') {
if (!file_exists($file)) {
$this->dropError('Unable to open '.$file.' for read: file not found');
$this->_mode = false;
}
if (!is_readable($file)) {
$this->dropError('Unable to open '.$file.' for read: permission denied');
$this->_mode = false;
}
}
if (($imode == 'w' || $imode == 'a')) {
if (file_exists($file)) {
if (!is_writable($file)) {
$this->dropError('Unable to open '.$file.' for write: permission denied');
$this->_mode = false;
}
} else {
if (!@touch($file)) {
$this->dropError('Unable to create '.$file.' for write: permission denied');
$this->_mode = false;
}
}
}
if ($this->_mode) {
$this->_FH = @fopen($file, $this->_mode);
if (false === $this->_FH) {
// Fallback; should never be reached if tests above are good enough!
$this->dropError('Net_LDAP2_LDIF error: Could not open file '.$file);
} else {
$this->_FH_opened = true;
}
}
}
}
}
/**
* Read one entry from the file and return it as a Net::LDAP::Entry object.
*
* @return Net_LDAP2_Entry
*/
public function read_entry()
{
// read fresh lines, set them as current lines and create the entry
$attrs = $this->next_lines(true);
if (count($attrs) > 0) {
$this->_lines_cur = $attrs;
}
return $this->current_entry();
}
/**
* Returns true when the end of the file is reached.
*
* @return boolean
*/
public function eof()
{
return feof($this->_FH);
}
/**
* Write the entry or entries to the LDIF file.
*
* If you want to build an LDIF file containing several entries AND
* you want to call write_entry() several times, you must open the filehandle
* in append mode ("a"), otherwise you will always get the last entry only.
*
* @param Net_LDAP2_Entry|array $entries Entry or array of entries
*
* @return void
* @todo implement operations on whole entries (adding a whole entry)
*/
public function write_entry($entries)
{
if (!is_array($entries)) {
$entries = array($entries);
}
foreach ($entries as $entry) {
$this->_entrynum++;
if (!$entry instanceof Net_LDAP2_Entry) {
$this->dropError('Net_LDAP2_LDIF error: entry '.$this->_entrynum.' is not an Net_LDAP2_Entry object');
} else {
if ($this->_options['change']) {
// LDIF change mode
// fetch change information from entry
$entry_attrs_changes = $entry->getChanges();
$num_of_changes = count($entry_attrs_changes['add'])
+ count($entry_attrs_changes['replace'])
+ count($entry_attrs_changes['delete']);
$is_changed = ($num_of_changes > 0 || $entry->willBeDeleted() || $entry->willBeMoved());
// write version if not done yet
// also write DN of entry
if ($is_changed) {
if (!$this->_version_written) {
$this->write_version();
}
$this->writeDN($entry->currentDN());
}
// process changes
// TODO: consider DN add!
if ($entry->willBeDeleted()) {
$this->writeLine("changetype: delete".PHP_EOL);
} elseif ($entry->willBeMoved()) {
$this->writeLine("changetype: modrdn".PHP_EOL);
$olddn = Net_LDAP2_Util::ldap_explode_dn($entry->currentDN(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs
$oldrdn = array_shift($olddn);
$oldparent = implode(',', $olddn);
$newdn = Net_LDAP2_Util::ldap_explode_dn($entry->dn(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs
$rdn = array_shift($newdn);
$parent = implode(',', $newdn);
$this->writeLine("newrdn: ".$rdn.PHP_EOL);
$this->writeLine("deleteoldrdn: 1".PHP_EOL);
if ($parent !== $oldparent) {
$this->writeLine("newsuperior: ".$parent.PHP_EOL);
}
// TODO: What if the entry has attribute changes as well?
// I think we should check for that and make a dummy
// entry with the changes that is written to the LDIF file
} elseif ($num_of_changes > 0) {
// write attribute change data
$this->writeLine("changetype: modify".PHP_EOL);
foreach ($entry_attrs_changes as $changetype => $entry_attrs) {
foreach ($entry_attrs as $attr_name => $attr_values) {
$this->writeLine("$changetype: $attr_name".PHP_EOL);
if ($attr_values !== null) $this->writeAttribute($attr_name, $attr_values, $changetype);
$this->writeLine("-".PHP_EOL);
}
}
}
// finish this entrys data if we had changes
if ($is_changed) {
$this->finishEntry();
}
} else {
// LDIF-content mode
// fetch attributes for further processing
$entry_attrs = $entry->getValues();
// sort and put objectclass-attrs to first position
if ($this->_options['sort']) {
ksort($entry_attrs);
if (array_key_exists('objectclass', $entry_attrs)) {
$oc = $entry_attrs['objectclass'];
unset($entry_attrs['objectclass']);
$entry_attrs = array_merge(array('objectclass' => $oc), $entry_attrs);
}
}
// write data
if (!$this->_version_written) {
$this->write_version();
}
$this->writeDN($entry->dn());
foreach ($entry_attrs as $attr_name => $attr_values) {
$this->writeAttribute($attr_name, $attr_values);
}
$this->finishEntry();
}
}
}
}
/**
* Write version to LDIF
*
* If the object's version is defined, this method allows to explicitely write the version before an entry is written.
* If not called explicitely, it gets called automatically when writing the first entry.
*
* @return void
*/
public function write_version()
{
$this->_version_written = true;
if (!is_null($this->version())) {
return $this->writeLine('version: '.$this->version().PHP_EOL, 'Net_LDAP2_LDIF error: unable to write version');
}
}
/**
* Get or set LDIF version
*
* If called without arguments it returns the version of the LDIF file or NULL if no version has been set.
* If called with an argument it sets the LDIF version to VERSION.
* According to RFC 2849 currently the only legal value for VERSION is 1.
*
* @param int $version (optional) LDIF version to set
*
* @return int
*/
public function version($version = null)
{
if ($version !== null) {
if ($version != 1) {
$this->dropError('Net_LDAP2_LDIF error: illegal LDIF version set');
} else {
$this->_options['version'] = $version;
}
}
return $this->_options['version'];
}
/**
* Returns the file handle the Net_LDAP2_LDIF object reads from or writes to.
*
* You can, for example, use this to fetch the content of the LDIF file yourself
*
* @return null|resource
*/
public function &handle()
{
if (!is_resource($this->_FH)) {
$this->dropError('Net_LDAP2_LDIF error: invalid file resource');
$null = null;
return $null;
} else {
return $this->_FH;
}
}
/**
* Clean up
*
* This method signals that the LDIF object is no longer needed.
* You can use this to free up some memory and close the file handle.
* The file handle is only closed, if it was opened from Net_LDAP2_LDIF.
*
* @return void
*/
public function done()
{
// close FH if we opened it
if ($this->_FH_opened) {
fclose($this->handle());
}
// free variables
foreach (get_object_vars($this) as $name => $value) {
unset($this->$name);
}
}
/**
* Returns last error message if error was found.
*
* Example:
* <code>
* $ldif->someAction();
* if ($ldif->error()) {
* echo "Error: ".$ldif->error()." at input line: ".$ldif->error_lines();
* }
* </code>
*
* @param boolean $as_string If set to true, only the message is returned
*
* @return false|Net_LDAP2_Error
*/
public function error($as_string = false)
{
if (Net_LDAP2::isError($this->_error['error'])) {
return ($as_string)? $this->_error['error']->getMessage() : $this->_error['error'];
} else {
return false;
}
}
/**
* Returns lines that resulted in error.
*
* Perl returns an array of faulty lines in list context,
* but we always just return an int because of PHPs language.
*
* @return int
*/
public function error_lines()
{
return $this->_error['line'];
}
/**
* Returns the current Net::LDAP::Entry object.
*
* @return Net_LDAP2_Entry|false
*/
public function current_entry()
{
return $this->parseLines($this->current_lines());
}
/**
* Parse LDIF lines of one entry into an Net_LDAP2_Entry object
*
* @param array $lines LDIF lines for one entry
*
* @return Net_LDAP2_Entry|false Net_LDAP2_Entry object for those lines
* @todo what about file inclusions and urls? "jpegphoto:< file:///usr/local/directory/photos/fiona.jpg"
*/
public function parseLines($lines)
{
// parse lines into an array of attributes and build the entry
$attributes = array();
$dn = false;
foreach ($lines as $line) {
if (preg_match('/^(\w+)(:|::|:<)\s(.+)$/', $line, $matches)) {
$attr =& $matches[1];
$delim =& $matches[2];
$data =& $matches[3];
if ($delim == ':') {
// normal data
$attributes[$attr][] = $data;
} elseif ($delim == '::') {
// base64 data
$attributes[$attr][] = base64_decode($data);
} elseif ($delim == ':<') {
// file inclusion
// TODO: Is this the job of the LDAP-client or the server?
$this->dropError('File inclusions are currently not supported');
//$attributes[$attr][] = ...;
} else {
// since the pattern above, the delimeter cannot be something else.
$this->dropError('Net_LDAP2_LDIF parsing error: invalid syntax at parsing entry line: '.$line);
continue;
}
if (strtolower($attr) == 'dn') {
// DN line detected
$dn = $attributes[$attr][0]; // save possibly decoded DN
unset($attributes[$attr]); // remove wrongly added "dn: " attribute
}
} else {
// line not in "attr: value" format -> ignore
// maybe we should rise an error here, but this should be covered by
// next_lines() already. A problem arises, if users try to feed data of
// several entries to this method - the resulting entry will
// get wrong attributes. However, this is already mentioned in the
// methods documentation above.
}
}
if (false === $dn) {
$this->dropError('Net_LDAP2_LDIF parsing error: unable to detect DN for entry');
return false;
} else {
$newentry = Net_LDAP2_Entry::createFresh($dn, $attributes);
return $newentry;
}
}
/**
* Returns the lines that generated the current Net::LDAP::Entry object.
*
* Note that this returns an empty array if no lines have been read so far.
*
* @return array Array of lines
*/
public function current_lines()
{
return $this->_lines_cur;
}
/**
* Returns the lines that will generate the next Net::LDAP::Entry object.
*
* If you set $force to TRUE then you can iterate over the lines that build
* up entries manually. Otherwise, iterating is done using {@link read_entry()}.
* Force will move the file pointer forward, thus returning the next entries lines.
*
* Wrapped lines will be unwrapped. Comments are stripped.
*
* @param boolean $force Set this to true if you want to iterate over the lines manually
*
* @return array
*/
public function next_lines($force = false)
{
// if we already have those lines, just return them, otherwise read
if (count($this->_lines_next) == 0 || $force) {
$this->_lines_next = array(); // empty in case something was left (if used $force)
$entry_done = false;
$fh = &$this->handle();
$commentmode = false; // if we are in an comment, for wrapping purposes
$datalines_read = 0; // how many lines with data we have read
while (!$entry_done && !$this->eof()) {
$this->_input_line++;
// Read line. Remove line endings, we want only data;
// this is okay since ending spaces should be encoded
$data = rtrim(fgets($fh));
if ($data === false) {
// error only, if EOF not reached after fgets() call
if (!$this->eof()) {
$this->dropError('Net_LDAP2_LDIF error: error reading from file at input line '.$this->_input_line, $this->_input_line);
}
break;
} else {
if (count($this->_lines_next) > 0 && preg_match('/^$/', $data)) {
// Entry is finished if we have an empty line after we had data
$entry_done = true;
// Look ahead if the next EOF is nearby. Comments and empty
// lines at the file end may cause problems otherwise
$current_pos = ftell($fh);
$data = fgets($fh);
while (!feof($fh)) {
if (preg_match('/^\s*$/', $data) || preg_match('/^#/', $data)) {
// only empty lines or comments, continue to seek
// TODO: Known bug: Wrappings for comments are okay but are treaten as
// error, since we do not honor comment mode here.
// This should be a very theoretically case, however
// i am willing to fix this if really necessary.
$this->_input_line++;
$current_pos = ftell($fh);
$data = fgets($fh);
} else {
// Data found if non emtpy line and not a comment!!
// Rewind to position prior last read and stop lookahead
fseek($fh, $current_pos);
break;
}
}
// now we have either the file pointer at the beginning of
// a new data position or at the end of file causing feof() to return true
} else {
// build lines
if (preg_match('/^version:\s(.+)$/', $data, $match)) {
// version statement, set version
$this->version($match[1]);
} elseif (preg_match('/^\w+::?\s.+$/', $data)) {
// normal attribute: add line
$commentmode = false;
$this->_lines_next[] = trim($data);
$datalines_read++;
} elseif (preg_match('/^\s(.+)$/', $data, $matches)) {
// wrapped data: unwrap if not in comment mode
if (!$commentmode) {
if ($datalines_read == 0) {
// first line of entry: wrapped data is illegal
$this->dropError('Net_LDAP2_LDIF error: illegal wrapping at input line '.$this->_input_line, $this->_input_line);
} else {
$last = array_pop($this->_lines_next);
$last = $last.trim($matches[1]);
$this->_lines_next[] = $last;
$datalines_read++;
}
}
} elseif (preg_match('/^#/', $data)) {
// LDIF comments
$commentmode = true;
} elseif (preg_match('/^\s*$/', $data)) {
// empty line but we had no data for this
// entry, so just ignore this line
$commentmode = false;
} else {
$this->dropError('Net_LDAP2_LDIF error: invalid syntax at input line '.$this->_input_line, $this->_input_line);
continue;
}
}
}
}
}
return $this->_lines_next;
}
/**
* Convert an attribute and value to LDIF string representation
*
* It honors correct encoding of values according to RFC 2849.
* Line wrapping will occur at the configured maximum but only if
* the value is greater than 40 chars.
*
* @param string $attr_name Name of the attribute
* @param string $attr_value Value of the attribute
*
* @access protected
* @return string LDIF string for that attribute and value
*/
protected function convertAttribute($attr_name, $attr_value)
{
// Handle empty attribute or process
if (strlen($attr_value) == 0) {
$attr_value = " ";
} else {
$base64 = false;
// ASCII-chars that are NOT safe for the
// start and for being inside the value.
// These are the int values of those chars.
$unsafe_init = array(0, 10, 13, 32, 58, 60);
$unsafe = array(0, 10, 13);
// Test for illegal init char
$init_ord = ord(substr($attr_value, 0, 1));
if ($init_ord > 127 || in_array($init_ord, $unsafe_init)) {
$base64 = true;
}
// Test for illegal content char
for ($i = 0; $i < strlen($attr_value); $i++) {
$char_ord = ord(substr($attr_value, $i, 1));
if ($char_ord > 127 || in_array($char_ord, $unsafe)) {
$base64 = true;
}
}
// Test for ending space
if (substr($attr_value, -1) == ' ') {
$base64 = true;
}
// If converting is needed, do it
// Either we have some special chars or a matching "raw" regex
if ($base64 || ($this->_options['raw'] && preg_match($this->_options['raw'], $attr_name))) {
$attr_name .= ':';
$attr_value = base64_encode($attr_value);
}
// Lowercase attr names if requested
if ($this->_options['lowercase']) $attr_name = strtolower($attr_name);
// Handle line wrapping
if ($this->_options['wrap'] > 40 && strlen($attr_value) > $this->_options['wrap']) {
$attr_value = wordwrap($attr_value, $this->_options['wrap'], PHP_EOL." ", true);
}
}
return $attr_name.': '.$attr_value;
}
/**
* Convert an entries DN to LDIF string representation
*
* It honors correct encoding of values according to RFC 2849.
*
* @param string $dn UTF8-Encoded DN
*
* @access protected
* @return string LDIF string for that DN
* @todo I am not sure, if the UTF8 stuff is correctly handled right now
*/
protected function convertDN($dn)
{
$base64 = false;
// ASCII-chars that are NOT safe for the
// start and for being inside the dn.
// These are the int values of those chars.
$unsafe_init = array(0, 10, 13, 32, 58, 60);
$unsafe = array(0, 10, 13);
// Test for illegal init char
$init_ord = ord(substr($dn, 0, 1));
if ($init_ord >= 127 || in_array($init_ord, $unsafe_init)) {
$base64 = true;
}
// Test for illegal content char
for ($i = 0; $i < strlen($dn); $i++) {
$char = substr($dn, $i, 1);
if (ord($char) >= 127 || in_array($init_ord, $unsafe)) {
$base64 = true;
}
}
// Test for ending space
if (substr($dn, -1) == ' ') {
$base64 = true;
}
// if converting is needed, do it
return ($base64)? 'dn:: '.base64_encode($dn) : 'dn: '.$dn;
}
/**
* Writes an attribute to the filehandle
*
* @param string $attr_name Name of the attribute
* @param string|array $attr_values Single attribute value or array with attribute values
*
* @access protected
* @return void
*/
protected function writeAttribute($attr_name, $attr_values)
{
// write out attribute content
if (!is_array($attr_values)) {
$attr_values = array($attr_values);
}
foreach ($attr_values as $attr_val) {
$line = $this->convertAttribute($attr_name, $attr_val).PHP_EOL;
$this->writeLine($line, 'Net_LDAP2_LDIF error: unable to write attribute '.$attr_name.' of entry '.$this->_entrynum);
}
}
/**
* Writes a DN to the filehandle
*
* @param string $dn DN to write
*
* @access protected
* @return void
*/
protected function writeDN($dn)
{
// prepare DN
if ($this->_options['encode'] == 'base64') {
$dn = $this->convertDN($dn).PHP_EOL;
} elseif ($this->_options['encode'] == 'canonical') {
$dn = Net_LDAP2_Util::canonical_dn($dn, array('casefold' => 'none')).PHP_EOL;
} else {
$dn = $dn.PHP_EOL;
}
$this->writeLine($dn, 'Net_LDAP2_LDIF error: unable to write DN of entry '.$this->_entrynum);
}
/**
* Finishes an LDIF entry
*
* @access protected
* @return void
*/
protected function finishEntry()
{
$this->writeLine(PHP_EOL, 'Net_LDAP2_LDIF error: unable to close entry '.$this->_entrynum);
}
/**
* Just write an arbitary line to the filehandle
*
* @param string $line Content to write
* @param string $error If error occurs, drop this message
*
* @access protected
* @return true|false
*/
protected function writeLine($line, $error = 'Net_LDAP2_LDIF error: unable to write to filehandle')
{
if (is_resource($this->handle()) && fwrite($this->handle(), $line, strlen($line)) === false) {
$this->dropError($error);
return false;
} else {
return true;
}
}
/**
* Optionally raises an error and pushes the error on the error cache
*
* @param string $msg Errortext
* @param int $line Line in the LDIF that caused the error
*
* @access protected
* @return void
*/
protected function dropError($msg, $line = null)
{
$this->_error['error'] = new Net_LDAP2_Error($msg);
if ($line !== null) $this->_error['line'] = $line;
if ($this->_options['onerror'] == 'die') {
die($msg.PHP_EOL);
} elseif ($this->_options['onerror'] == 'warn') {
echo $msg.PHP_EOL;
}
}
}
?>

View File

@ -0,0 +1,240 @@
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the Net_LDAP2_RootDSE interface class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Jan Wagner <wagner@netsols.de>
* @copyright 2009 Jan Wagner
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
* @version SVN: $Id: RootDSE.php 286718 2009-08-03 07:30:49Z beni $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* Includes
*/
require_once 'PEAR.php';
/**
* Getting the rootDSE entry of a LDAP server
*
* @category Net
* @package Net_LDAP2
* @author Jan Wagner <wagner@netsols.de>
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @link http://pear.php.net/package/Net_LDAP22/
*/
class Net_LDAP2_RootDSE extends PEAR
{
/**
* @access protected
* @var object Net_LDAP2_Entry
**/
protected $_entry;
/**
* Class constructor
*
* @param Net_LDAP2_Entry &$entry Net_LDAP2_Entry object of the RootDSE
*/
protected function __construct(&$entry)
{
$this->_entry = $entry;
}
/**
* Fetches a RootDSE object from an LDAP connection
*
* @param Net_LDAP2 $ldap Directory from which the RootDSE should be fetched
* @param array $attrs Array of attributes to search for
*
* @access static
* @return Net_LDAP2_RootDSE|Net_LDAP2_Error
*/
public static function fetch($ldap, $attrs = null)
{
if (!$ldap instanceof Net_LDAP2) {
return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!");
}
if (is_array($attrs) && count($attrs) > 0 ) {
$attributes = $attrs;
} else {
$attributes = array('vendorName',
'vendorVersion',
'namingContexts',
'altServer',
'supportedExtension',
'supportedControl',
'supportedSASLMechanisms',
'supportedLDAPVersion',
'subschemaSubentry' );
}
$result = $ldap->search('', '(objectClass=*)', array('attributes' => $attributes, 'scope' => 'base'));
if (self::isError($result)) {
return $result;
}
$entry = $result->shiftEntry();
if (false === $entry) {
return PEAR::raiseError('Could not fetch RootDSE entry');
}
$ret = new Net_LDAP2_RootDSE($entry);
return $ret;
}
/**
* Gets the requested attribute value
*
* Same usuage as {@link Net_LDAP2_Entry::getValue()}
*
* @param string $attr Attribute name
* @param array $options Array of options
*
* @access public
* @return mixed Net_LDAP2_Error object or attribute values
* @see Net_LDAP2_Entry::get_value()
*/
public function getValue($attr = '', $options = '')
{
return $this->_entry->get_value($attr, $options);
}
/**
* Alias function of getValue() for perl-ldap interface
*
* @see getValue()
* @return mixed
*/
public function get_value()
{
$args = func_get_args();
return call_user_func_array(array( &$this, 'getValue' ), $args);
}
/**
* Determines if the extension is supported
*
* @param array $oids Array of oids to check
*
* @access public
* @return boolean
*/
public function supportedExtension($oids)
{
return $this->checkAttr($oids, 'supportedExtension');
}
/**
* Alias function of supportedExtension() for perl-ldap interface
*
* @see supportedExtension()
* @return boolean
*/
public function supported_extension()
{
$args = func_get_args();
return call_user_func_array(array( &$this, 'supportedExtension'), $args);
}
/**
* Determines if the version is supported
*
* @param array $versions Versions to check
*
* @access public
* @return boolean
*/
public function supportedVersion($versions)
{
return $this->checkAttr($versions, 'supportedLDAPVersion');
}
/**
* Alias function of supportedVersion() for perl-ldap interface
*
* @see supportedVersion()
* @return boolean
*/
public function supported_version()
{
$args = func_get_args();
return call_user_func_array(array(&$this, 'supportedVersion'), $args);
}
/**
* Determines if the control is supported
*
* @param array $oids Control oids to check
*
* @access public
* @return boolean
*/
public function supportedControl($oids)
{
return $this->checkAttr($oids, 'supportedControl');
}
/**
* Alias function of supportedControl() for perl-ldap interface
*
* @see supportedControl()
* @return boolean
*/
public function supported_control()
{
$args = func_get_args();
return call_user_func_array(array(&$this, 'supportedControl' ), $args);
}
/**
* Determines if the sasl mechanism is supported
*
* @param array $mechlist SASL mechanisms to check
*
* @access public
* @return boolean
*/
public function supportedSASLMechanism($mechlist)
{
return $this->checkAttr($mechlist, 'supportedSASLMechanisms');
}
/**
* Alias function of supportedSASLMechanism() for perl-ldap interface
*
* @see supportedSASLMechanism()
* @return boolean
*/
public function supported_sasl_mechanism()
{
$args = func_get_args();
return call_user_func_array(array(&$this, 'supportedSASLMechanism'), $args);
}
/**
* Checks for existance of value in attribute
*
* @param array $values values to check
* @param string $attr attribute name
*
* @access protected
* @return boolean
*/
protected function checkAttr($values, $attr)
{
if (!is_array($values)) $values = array($values);
foreach ($values as $value) {
if (!@in_array($value, $this->get_value($attr, 'all'))) {
return false;
}
}
return true;
}
}
?>

516
extlib/Net/LDAP2/Schema.php Normal file
View File

@ -0,0 +1,516 @@
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the Net_LDAP2_Schema interface class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Jan Wagner <wagner@netsols.de>
* @author Benedikt Hallinger <beni@php.net>
* @copyright 2009 Jan Wagner, Benedikt Hallinger
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
* @version SVN: $Id: Schema.php 286718 2009-08-03 07:30:49Z beni $
* @link http://pear.php.net/package/Net_LDAP2/
* @todo see the comment at the end of the file
*/
/**
* Includes
*/
require_once 'PEAR.php';
/**
* Syntax definitions
*
* Please don't forget to add binary attributes to isBinary() below
* to support proper value fetching from Net_LDAP2_Entry
*/
define('NET_LDAP2_SYNTAX_BOOLEAN', '1.3.6.1.4.1.1466.115.121.1.7');
define('NET_LDAP2_SYNTAX_DIRECTORY_STRING', '1.3.6.1.4.1.1466.115.121.1.15');
define('NET_LDAP2_SYNTAX_DISTINGUISHED_NAME', '1.3.6.1.4.1.1466.115.121.1.12');
define('NET_LDAP2_SYNTAX_INTEGER', '1.3.6.1.4.1.1466.115.121.1.27');
define('NET_LDAP2_SYNTAX_JPEG', '1.3.6.1.4.1.1466.115.121.1.28');
define('NET_LDAP2_SYNTAX_NUMERIC_STRING', '1.3.6.1.4.1.1466.115.121.1.36');
define('NET_LDAP2_SYNTAX_OID', '1.3.6.1.4.1.1466.115.121.1.38');
define('NET_LDAP2_SYNTAX_OCTET_STRING', '1.3.6.1.4.1.1466.115.121.1.40');
/**
* Load an LDAP Schema and provide information
*
* This class takes a Subschema entry, parses this information
* and makes it available in an array. Most of the code has been
* inspired by perl-ldap( http://perl-ldap.sourceforge.net).
* You will find portions of their implementation in here.
*
* @category Net
* @package Net_LDAP2
* @author Jan Wagner <wagner@netsols.de>
* @author Benedikt Hallinger <beni@php.net>
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @link http://pear.php.net/package/Net_LDAP22/
*/
class Net_LDAP2_Schema extends PEAR
{
/**
* Map of entry types to ldap attributes of subschema entry
*
* @access public
* @var array
*/
public $types = array(
'attribute' => 'attributeTypes',
'ditcontentrule' => 'dITContentRules',
'ditstructurerule' => 'dITStructureRules',
'matchingrule' => 'matchingRules',
'matchingruleuse' => 'matchingRuleUse',
'nameform' => 'nameForms',
'objectclass' => 'objectClasses',
'syntax' => 'ldapSyntaxes'
);
/**
* Array of entries belonging to this type
*
* @access protected
* @var array
*/
protected $_attributeTypes = array();
protected $_matchingRules = array();
protected $_matchingRuleUse = array();
protected $_ldapSyntaxes = array();
protected $_objectClasses = array();
protected $_dITContentRules = array();
protected $_dITStructureRules = array();
protected $_nameForms = array();
/**
* hash of all fetched oids
*
* @access protected
* @var array
*/
protected $_oids = array();
/**
* Tells if the schema is initialized
*
* @access protected
* @var boolean
* @see parse(), get()
*/
protected $_initialized = false;
/**
* Constructor of the class
*
* @access protected
*/
protected function __construct()
{
$this->PEAR('Net_LDAP2_Error'); // default error class
}
/**
* Fetch the Schema from an LDAP connection
*
* @param Net_LDAP2 $ldap LDAP connection
* @param string $dn (optional) Subschema entry dn
*
* @access public
* @return Net_LDAP2_Schema|NET_LDAP2_Error
*/
public function fetch($ldap, $dn = null)
{
if (!$ldap instanceof Net_LDAP2) {
return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!");
}
$schema_o = new Net_LDAP2_Schema();
if (is_null($dn)) {
// get the subschema entry via root dse
$dse = $ldap->rootDSE(array('subschemaSubentry'));
if (false == Net_LDAP2::isError($dse)) {
$base = $dse->getValue('subschemaSubentry', 'single');
if (!Net_LDAP2::isError($base)) {
$dn = $base;
}
}
}
// Support for buggy LDAP servers (e.g. Siemens DirX 6.x) that incorrectly
// call this entry subSchemaSubentry instead of subschemaSubentry.
// Note the correct case/spelling as per RFC 2251.
if (is_null($dn)) {
// get the subschema entry via root dse
$dse = $ldap->rootDSE(array('subSchemaSubentry'));
if (false == Net_LDAP2::isError($dse)) {
$base = $dse->getValue('subSchemaSubentry', 'single');
if (!Net_LDAP2::isError($base)) {
$dn = $base;
}
}
}
// Final fallback case where there is no subschemaSubentry attribute
// in the root DSE (this is a bug for an LDAP v3 server so report this
// to your LDAP vendor if you get this far).
if (is_null($dn)) {
$dn = 'cn=Subschema';
}
// fetch the subschema entry
$result = $ldap->search($dn, '(objectClass=*)',
array('attributes' => array_values($schema_o->types),
'scope' => 'base'));
if (Net_LDAP2::isError($result)) {
return $result;
}
$entry = $result->shiftEntry();
if (!$entry instanceof Net_LDAP2_Entry) {
return PEAR::raiseError('Could not fetch Subschema entry');
}
$schema_o->parse($entry);
return $schema_o;
}
/**
* Return a hash of entries for the given type
*
* Returns a hash of entry for th givene type. Types may be:
* objectclasses, attributes, ditcontentrules, ditstructurerules, matchingrules,
* matchingruleuses, nameforms, syntaxes
*
* @param string $type Type to fetch
*
* @access public
* @return array|Net_LDAP2_Error Array or Net_LDAP2_Error
*/
public function &getAll($type)
{
$map = array('objectclasses' => &$this->_objectClasses,
'attributes' => &$this->_attributeTypes,
'ditcontentrules' => &$this->_dITContentRules,
'ditstructurerules' => &$this->_dITStructureRules,
'matchingrules' => &$this->_matchingRules,
'matchingruleuses' => &$this->_matchingRuleUse,
'nameforms' => &$this->_nameForms,
'syntaxes' => &$this->_ldapSyntaxes );
$key = strtolower($type);
$ret = ((key_exists($key, $map)) ? $map[$key] : PEAR::raiseError("Unknown type $type"));
return $ret;
}
/**
* Return a specific entry
*
* @param string $type Type of name
* @param string $name Name or OID to fetch
*
* @access public
* @return mixed Entry or Net_LDAP2_Error
*/
public function &get($type, $name)
{
if ($this->_initialized) {
$type = strtolower($type);
if (false == key_exists($type, $this->types)) {
return PEAR::raiseError("No such type $type");
}
$name = strtolower($name);
$type_var = &$this->{'_' . $this->types[$type]};
if (key_exists($name, $type_var)) {
return $type_var[$name];
} elseif (key_exists($name, $this->_oids) && $this->_oids[$name]['type'] == $type) {
return $this->_oids[$name];
} else {
return PEAR::raiseError("Could not find $type $name");
}
} else {
$return = null;
return $return;
}
}
/**
* Fetches attributes that MAY be present in the given objectclass
*
* @param string $oc Name or OID of objectclass
*
* @access public
* @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error
*/
public function may($oc)
{
return $this->_getAttr($oc, 'may');
}
/**
* Fetches attributes that MUST be present in the given objectclass
*
* @param string $oc Name or OID of objectclass
*
* @access public
* @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error
*/
public function must($oc)
{
return $this->_getAttr($oc, 'must');
}
/**
* Fetches the given attribute from the given objectclass
*
* @param string $oc Name or OID of objectclass
* @param string $attr Name of attribute to fetch
*
* @access protected
* @return array|Net_LDAP2_Error The attribute or Net_LDAP2_Error
*/
protected function _getAttr($oc, $attr)
{
$oc = strtolower($oc);
if (key_exists($oc, $this->_objectClasses) && key_exists($attr, $this->_objectClasses[$oc])) {
return $this->_objectClasses[$oc][$attr];
} elseif (key_exists($oc, $this->_oids) &&
$this->_oids[$oc]['type'] == 'objectclass' &&
key_exists($attr, $this->_oids[$oc])) {
return $this->_oids[$oc][$attr];
} else {
return PEAR::raiseError("Could not find $attr attributes for $oc ");
}
}
/**
* Returns the name(s) of the immediate superclass(es)
*
* @param string $oc Name or OID of objectclass
*
* @access public
* @return array|Net_LDAP2_Error Array of names or Net_LDAP2_Error
*/
public function superclass($oc)
{
$o = $this->get('objectclass', $oc);
if (Net_LDAP2::isError($o)) {
return $o;
}
return (key_exists('sup', $o) ? $o['sup'] : array());
}
/**
* Parses the schema of the given Subschema entry
*
* @param Net_LDAP2_Entry &$entry Subschema entry
*
* @access public
* @return void
*/
public function parse(&$entry)
{
foreach ($this->types as $type => $attr) {
// initialize map type to entry
$type_var = '_' . $attr;
$this->{$type_var} = array();
// get values for this type
if ($entry->exists($attr)) {
$values = $entry->getValue($attr);
if (is_array($values)) {
foreach ($values as $value) {
unset($schema_entry); // this was a real mess without it
// get the schema entry
$schema_entry = $this->_parse_entry($value);
// set the type
$schema_entry['type'] = $type;
// save a ref in $_oids
$this->_oids[$schema_entry['oid']] = &$schema_entry;
// save refs for all names in type map
$names = $schema_entry['aliases'];
array_push($names, $schema_entry['name']);
foreach ($names as $name) {
$this->{$type_var}[strtolower($name)] = &$schema_entry;
}
}
}
}
}
$this->_initialized = true;
}
/**
* Parses an attribute value into a schema entry
*
* @param string $value Attribute value
*
* @access protected
* @return array|false Schema entry array or false
*/
protected function &_parse_entry($value)
{
// tokens that have no value associated
$noValue = array('single-value',
'obsolete',
'collective',
'no-user-modification',
'abstract',
'structural',
'auxiliary');
// tokens that can have multiple values
$multiValue = array('must', 'may', 'sup');
$schema_entry = array('aliases' => array()); // initilization
$tokens = $this->_tokenize($value); // get an array of tokens
// remove surrounding brackets
if ($tokens[0] == '(') array_shift($tokens);
if ($tokens[count($tokens) - 1] == ')') array_pop($tokens); // -1 doesnt work on arrays :-(
$schema_entry['oid'] = array_shift($tokens); // first token is the oid
// cycle over the tokens until none are left
while (count($tokens) > 0) {
$token = strtolower(array_shift($tokens));
if (in_array($token, $noValue)) {
$schema_entry[$token] = 1; // single value token
} else {
// this one follows a string or a list if it is multivalued
if (($schema_entry[$token] = array_shift($tokens)) == '(') {
// this creates the list of values and cycles through the tokens
// until the end of the list is reached ')'
$schema_entry[$token] = array();
while ($tmp = array_shift($tokens)) {
if ($tmp == ')') break;
if ($tmp != '$') array_push($schema_entry[$token], $tmp);
}
}
// create a array if the value should be multivalued but was not
if (in_array($token, $multiValue) && !is_array($schema_entry[$token])) {
$schema_entry[$token] = array($schema_entry[$token]);
}
}
}
// get max length from syntax
if (key_exists('syntax', $schema_entry)) {
if (preg_match('/{(\d+)}/', $schema_entry['syntax'], $matches)) {
$schema_entry['max_length'] = $matches[1];
}
}
// force a name
if (empty($schema_entry['name'])) {
$schema_entry['name'] = $schema_entry['oid'];
}
// make one name the default and put the other ones into aliases
if (is_array($schema_entry['name'])) {
$aliases = $schema_entry['name'];
$schema_entry['name'] = array_shift($aliases);
$schema_entry['aliases'] = $aliases;
}
return $schema_entry;
}
/**
* Tokenizes the given value into an array of tokens
*
* @param string $value String to parse
*
* @access protected
* @return array Array of tokens
*/
protected function _tokenize($value)
{
$tokens = array(); // array of tokens
$matches = array(); // matches[0] full pattern match, [1,2,3] subpatterns
// this one is taken from perl-ldap, modified for php
$pattern = "/\s* (?:([()]) | ([^'\s()]+) | '((?:[^']+|'[^\s)])*)') \s*/x";
/**
* This one matches one big pattern wherin only one of the three subpatterns matched
* We are interested in the subpatterns that matched. If it matched its value will be
* non-empty and so it is a token. Tokens may be round brackets, a string, or a string
* enclosed by '
*/
preg_match_all($pattern, $value, $matches);
for ($i = 0; $i < count($matches[0]); $i++) { // number of tokens (full pattern match)
for ($j = 1; $j < 4; $j++) { // each subpattern
if (null != trim($matches[$j][$i])) { // pattern match in this subpattern
$tokens[$i] = trim($matches[$j][$i]); // this is the token
}
}
}
return $tokens;
}
/**
* Returns wether a attribute syntax is binary or not
*
* This method gets used by Net_LDAP2_Entry to decide which
* PHP function needs to be used to fetch the value in the
* proper format (e.g. binary or string)
*
* @param string $attribute The name of the attribute (eg.: 'sn')
*
* @access public
* @return boolean
*/
public function isBinary($attribute)
{
$return = false; // default to false
// This list contains all syntax that should be treaten as
// containing binary values
// The Syntax Definitons go into constants at the top of this page
$syntax_binary = array(
NET_LDAP2_SYNTAX_OCTET_STRING,
NET_LDAP2_SYNTAX_JPEG
);
// Check Syntax
$attr_s = $this->get('attribute', $attribute);
if (Net_LDAP2::isError($attr_s)) {
// Attribute not found in schema
$return = false; // consider attr not binary
} elseif (isset($attr_s['syntax']) && in_array($attr_s['syntax'], $syntax_binary)) {
// Syntax is defined as binary in schema
$return = true;
} else {
// Syntax not defined as binary, or not found
// if attribute is a subtype, check superior attribute syntaxes
if (isset($attr_s['sup'])) {
foreach ($attr_s['sup'] as $superattr) {
$return = $this->isBinary($superattr);
if ($return) {
break; // stop checking parents since we are binary
}
}
}
}
return $return;
}
// [TODO] add method that allows us to see to which objectclasses a certain attribute belongs to
// it should return the result structured, e.g. sorted in "may" and "must". Optionally it should
// be able to return it just "flat", e.g. array_merge()d.
// We could use get_all() to achieve this easily, i think
}
?>

View File

@ -0,0 +1,59 @@
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the Net_LDAP2_SchemaCache interface class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @copyright 2009 Benedikt Hallinger
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
* @version SVN: $Id: SchemaCache.interface.php 286718 2009-08-03 07:30:49Z beni $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* Interface describing a custom schema cache object
*
* To implement a custom schema cache, one must implement this interface and
* pass the instanciated object to Net_LDAP2s registerSchemaCache() method.
*/
interface Net_LDAP2_SchemaCache
{
/**
* Return the schema object from the cache
*
* Net_LDAP2 will consider anything returned invalid, except
* a valid Net_LDAP2_Schema object.
* In case you return a Net_LDAP2_Error, this error will be routed
* to the return of the $ldap->schema() call.
* If you return something else, Net_LDAP2 will
* fetch a fresh Schema object from the LDAP server.
*
* You may want to implement a cache aging mechanism here too.
*
* @return Net_LDAP2_Schema|Net_LDAP2_Error|false
*/
public function loadSchema();
/**
* Store a schema object in the cache
*
* This method will be called, if Net_LDAP2 has fetched a fresh
* schema object from LDAP and wants to init or refresh the cache.
*
* In case of errors you may return a Net_LDAP2_Error which will
* be routet to the client.
* Note that doing this prevents, that the schema object fetched from LDAP
* will be given back to the client, so only return errors if storing
* of the cache is something crucial (e.g. for doing something else with it).
* Normaly you dont want to give back errors in which case Net_LDAP2 needs to
* fetch the schema once per script run and instead use the error
* returned from loadSchema().
*
* @return true|Net_LDAP2_Error
*/
public function storeSchema($schema);
}

614
extlib/Net/LDAP2/Search.php Normal file
View File

@ -0,0 +1,614 @@
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the Net_LDAP2_Search interface class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Tarjej Huse <tarjei@bergfald.no>
* @author Benedikt Hallinger <beni@php.net>
* @copyright 2009 Tarjej Huse, Benedikt Hallinger
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
* @version SVN: $Id: Search.php 286718 2009-08-03 07:30:49Z beni $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* Includes
*/
require_once 'PEAR.php';
/**
* Result set of an LDAP search
*
* @category Net
* @package Net_LDAP2
* @author Tarjej Huse <tarjei@bergfald.no>
* @author Benedikt Hallinger <beni@php.net>
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @link http://pear.php.net/package/Net_LDAP22/
*/
class Net_LDAP2_Search extends PEAR implements Iterator
{
/**
* Search result identifier
*
* @access protected
* @var resource
*/
protected $_search;
/**
* LDAP resource link
*
* @access protected
* @var resource
*/
protected $_link;
/**
* Net_LDAP2 object
*
* A reference of the Net_LDAP2 object for passing to Net_LDAP2_Entry
*
* @access protected
* @var object Net_LDAP2
*/
protected $_ldap;
/**
* Result entry identifier
*
* @access protected
* @var resource
*/
protected $_entry = null;
/**
* The errorcode the search got
*
* Some errorcodes might be of interest, but might not be best handled as errors.
* examples: 4 - LDAP_SIZELIMIT_EXCEEDED - indicates a huge search.
* Incomplete results are returned. If you just want to check if there's anything in the search.
* than this is a point to handle.
* 32 - no such object - search here returns a count of 0.
*
* @access protected
* @var int
*/
protected $_errorCode = 0; // if not set - sucess!
/**
* Cache for all entries already fetched from iterator interface
*
* @access protected
* @var array
*/
protected $_iteratorCache = array();
/**
* What attributes we searched for
*
* The $attributes array contains the names of the searched attributes and gets
* passed from $Net_LDAP2->search() so the Net_LDAP2_Search object can tell
* what attributes was searched for ({@link searchedAttrs())
*
* This variable gets set from the constructor and returned
* from {@link searchedAttrs()}
*
* @access protected
* @var array
*/
protected $_searchedAttrs = array();
/**
* Cache variable for storing entries fetched internally
*
* This currently is only used by {@link pop_entry()}
*
* @access protected
* @var array
*/
protected $_entry_cache = false;
/**
* Constructor
*
* @param resource &$search Search result identifier
* @param Net_LDAP2|resource &$ldap Net_LDAP2 object or just a LDAP-Link resource
* @param array $attributes (optional) Array with searched attribute names. (see {@link $_searchedAttrs})
*
* @access public
*/
public function __construct(&$search, &$ldap, $attributes = array())
{
$this->PEAR('Net_LDAP2_Error');
$this->setSearch($search);
if ($ldap instanceof Net_LDAP2) {
$this->_ldap =& $ldap;
$this->setLink($this->_ldap->getLink());
} else {
$this->setLink($ldap);
}
$this->_errorCode = @ldap_errno($this->_link);
if (is_array($attributes) && !empty($attributes)) {
$this->_searchedAttrs = $attributes;
}
}
/**
* Returns an array of entry objects
*
* @return array Array of entry objects.
*/
public function entries()
{
$entries = array();
while ($entry = $this->shiftEntry()) {
$entries[] = $entry;
}
return $entries;
}
/**
* Get the next entry in the searchresult.
*
* This will return a valid Net_LDAP2_Entry object or false, so
* you can use this method to easily iterate over the entries inside
* a while loop.
*
* @return Net_LDAP2_Entry|false Reference to Net_LDAP2_Entry object or false
*/
public function &shiftEntry()
{
if ($this->count() == 0 ) {
$false = false;
return $false;
}
if (is_null($this->_entry)) {
$this->_entry = @ldap_first_entry($this->_link, $this->_search);
$entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry);
if ($entry instanceof Net_LDAP2_Error) $entry = false;
} else {
if (!$this->_entry = @ldap_next_entry($this->_link, $this->_entry)) {
$false = false;
return $false;
}
$entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry);
if ($entry instanceof Net_LDAP2_Error) $entry = false;
}
return $entry;
}
/**
* Alias function of shiftEntry() for perl-ldap interface
*
* @see shiftEntry()
* @return Net_LDAP2_Entry|false
*/
public function shift_entry()
{
$args = func_get_args();
return call_user_func_array(array( &$this, 'shiftEntry' ), $args);
}
/**
* Retrieve the next entry in the searchresult, but starting from last entry
*
* This is the opposite to {@link shiftEntry()} and is also very useful
* to be used inside a while loop.
*
* @return Net_LDAP2_Entry|false
*/
public function popEntry()
{
if (false === $this->_entry_cache) {
// fetch entries into cache if not done so far
$this->_entry_cache = $this->entries();
}
$return = array_pop($this->_entry_cache);
return (null === $return)? false : $return;
}
/**
* Alias function of popEntry() for perl-ldap interface
*
* @see popEntry()
* @return Net_LDAP2_Entry|false
*/
public function pop_entry()
{
$args = func_get_args();
return call_user_func_array(array( &$this, 'popEntry' ), $args);
}
/**
* Return entries sorted as array
*
* This returns a array with sorted entries and the values.
* Sorting is done with PHPs {@link array_multisort()}.
* This method relies on {@link as_struct()} to fetch the raw data of the entries.
*
* Please note that attribute names are case sensitive!
*
* Usage example:
* <code>
* // to sort entries first by location, then by surename, but descending:
* $entries = $search->sorted_as_struct(array('locality','sn'), SORT_DESC);
* </code>
*
* @param array $attrs Array of attribute names to sort; order from left to right.
* @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC
*
* @return array|Net_LDAP2_Error Array with sorted entries or error
* @todo what about server side sorting as specified in http://www.ietf.org/rfc/rfc2891.txt?
*/
public function sorted_as_struct($attrs = array('cn'), $order = SORT_ASC)
{
/*
* Old Code, suitable and fast for single valued sorting
* This code should be used if we know that single valued sorting is desired,
* but we need some method to get that knowledge...
*/
/*
$attrs = array_reverse($attrs);
foreach ($attrs as $attribute) {
if (!ldap_sort($this->_link, $this->_search, $attribute)){
$this->raiseError("Sorting failed for Attribute " . $attribute);
}
}
$results = ldap_get_entries($this->_link, $this->_search);
unset($results['count']); //for tidier output
if ($order) {
return array_reverse($results);
} else {
return $results;
}*/
/*
* New code: complete "client side" sorting
*/
// first some parameterchecks
if (!is_array($attrs)) {
return PEAR::raiseError("Sorting failed: Parameterlist must be an array!");
}
if ($order != SORT_ASC && $order != SORT_DESC) {
return PEAR::raiseError("Sorting failed: sorting direction not understood! (neither constant SORT_ASC nor SORT_DESC)");
}
// fetch the entries data
$entries = $this->as_struct();
// now sort each entries attribute values
// this is neccessary because later we can only sort by one value,
// so we need the highest or lowest attribute now, depending on the
// selected ordering for that specific attribute
foreach ($entries as $dn => $entry) {
foreach ($entry as $attr_name => $attr_values) {
sort($entries[$dn][$attr_name]);
if ($order == SORT_DESC) {
array_reverse($entries[$dn][$attr_name]);
}
}
}
// reformat entrys array for later use with array_multisort()
$to_sort = array(); // <- will be a numeric array similar to ldap_get_entries
foreach ($entries as $dn => $entry_attr) {
$row = array();
$row['dn'] = $dn;
foreach ($entry_attr as $attr_name => $attr_values) {
$row[$attr_name] = $attr_values;
}
$to_sort[] = $row;
}
// Build columns for array_multisort()
// each requested attribute is one row
$columns = array();
foreach ($attrs as $attr_name) {
foreach ($to_sort as $key => $row) {
$columns[$attr_name][$key] =& $to_sort[$key][$attr_name][0];
}
}
// sort the colums with array_multisort, if there is something
// to sort and if we have requested sort columns
if (!empty($to_sort) && !empty($columns)) {
$sort_params = '';
foreach ($attrs as $attr_name) {
$sort_params .= '$columns[\''.$attr_name.'\'], '.$order.', ';
}
eval("array_multisort($sort_params \$to_sort);"); // perform sorting
}
return $to_sort;
}
/**
* Return entries sorted as objects
*
* This returns a array with sorted Net_LDAP2_Entry objects.
* The sorting is actually done with {@link sorted_as_struct()}.
*
* Please note that attribute names are case sensitive!
* Also note, that it is (depending on server capabilitys) possible to let
* the server sort your results. This happens through search controls
* and is described in detail at {@link http://www.ietf.org/rfc/rfc2891.txt}
*
* Usage example:
* <code>
* // to sort entries first by location, then by surename, but descending:
* $entries = $search->sorted(array('locality','sn'), SORT_DESC);
* </code>
*
* @param array $attrs Array of sort attributes to sort; order from left to right.
* @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC
*
* @return array|Net_LDAP2_Error Array with sorted Net_LDAP2_Entries or error
* @todo Entry object construction could be faster. Maybe we could use one of the factorys instead of fetching the entry again
*/
public function sorted($attrs = array('cn'), $order = SORT_ASC)
{
$return = array();
$sorted = $this->sorted_as_struct($attrs, $order);
if (PEAR::isError($sorted)) {
return $sorted;
}
foreach ($sorted as $key => $row) {
$entry = $this->_ldap->getEntry($row['dn'], $this->searchedAttrs());
if (!PEAR::isError($entry)) {
array_push($return, $entry);
} else {
return $entry;
}
}
return $return;
}
/**
* Return entries as array
*
* This method returns the entries and the selected attributes values as
* array.
* The first array level contains all found entries where the keys are the
* DNs of the entries. The second level arrays contian the entries attributes
* such that the keys is the lowercased name of the attribute and the values
* are stored in another indexed array. Note that the attribute values are stored
* in an array even if there is no or just one value.
*
* The array has the following structure:
* <code>
* $return = array(
* 'cn=foo,dc=example,dc=com' => array(
* 'sn' => array('foo'),
* 'multival' => array('val1', 'val2', 'valN')
* )
* 'cn=bar,dc=example,dc=com' => array(
* 'sn' => array('bar'),
* 'multival' => array('val1', 'valN')
* )
* )
* </code>
*
* @return array associative result array as described above
*/
public function as_struct()
{
$return = array();
$entries = $this->entries();
foreach ($entries as $entry) {
$attrs = array();
$entry_attributes = $entry->attributes();
foreach ($entry_attributes as $attr_name) {
$attr_values = $entry->getValue($attr_name, 'all');
if (!is_array($attr_values)) {
$attr_values = array($attr_values);
}
$attrs[$attr_name] = $attr_values;
}
$return[$entry->dn()] = $attrs;
}
return $return;
}
/**
* Set the search objects resource link
*
* @param resource &$search Search result identifier
*
* @access public
* @return void
*/
public function setSearch(&$search)
{
$this->_search = $search;
}
/**
* Set the ldap ressource link
*
* @param resource &$link Link identifier
*
* @access public
* @return void
*/
public function setLink(&$link)
{
$this->_link = $link;
}
/**
* Returns the number of entries in the searchresult
*
* @return int Number of entries in search.
*/
public function count()
{
// this catches the situation where OL returned errno 32 = no such object!
if (!$this->_search) {
return 0;
}
return @ldap_count_entries($this->_link, $this->_search);
}
/**
* Get the errorcode the object got in its search.
*
* @return int The ldap error number.
*/
public function getErrorCode()
{
return $this->_errorCode;
}
/**
* Destructor
*
* @access protected
*/
public function _Net_LDAP2_Search()
{
@ldap_free_result($this->_search);
}
/**
* Closes search result
*
* @return void
*/
public function done()
{
$this->_Net_LDAP2_Search();
}
/**
* Return the attribute names this search selected
*
* @return array
* @see $_searchedAttrs
* @access protected
*/
protected function searchedAttrs()
{
return $this->_searchedAttrs;
}
/**
* Tells if this search exceeds a sizelimit
*
* @return boolean
*/
public function sizeLimitExceeded()
{
return ($this->getErrorCode() == 4);
}
/*
* SPL Iterator interface methods.
* This interface allows to use Net_LDAP2_Search
* objects directly inside a foreach loop!
*/
/**
* SPL Iterator interface: Return the current element.
*
* The SPL Iterator interface allows you to fetch entries inside
* a foreach() loop: <code>foreach ($search as $dn => $entry) { ...</code>
*
* Of course, you may call {@link current()}, {@link key()}, {@link next()},
* {@link rewind()} and {@link valid()} yourself.
*
* If the search throwed an error, it returns false.
* False is also returned, if the end is reached
* In case no call to next() was made, we will issue one,
* thus returning the first entry.
*
* @return Net_LDAP2_Entry|false
*/
public function current()
{
if (count($this->_iteratorCache) == 0) {
$this->next();
reset($this->_iteratorCache);
}
$entry = current($this->_iteratorCache);
return ($entry instanceof Net_LDAP2_Entry)? $entry : false;
}
/**
* SPL Iterator interface: Return the identifying key (DN) of the current entry.
*
* @see current()
* @return string|false DN of the current entry; false in case no entry is returned by current()
*/
public function key()
{
$entry = $this->current();
return ($entry instanceof Net_LDAP2_Entry)? $entry->dn() :false;
}
/**
* SPL Iterator interface: Move forward to next entry.
*
* After a call to {@link next()}, {@link current()} will return
* the next entry in the result set.
*
* @see current()
* @return void
*/
public function next()
{
// fetch next entry.
// if we have no entrys anymore, we add false (which is
// returned by shiftEntry()) so current() will complain.
if (count($this->_iteratorCache) - 1 <= $this->count()) {
$this->_iteratorCache[] = $this->shiftEntry();
}
// move on array pointer to current element.
// even if we have added all entries, this will
// ensure proper operation in case we rewind()
next($this->_iteratorCache);
}
/**
* SPL Iterator interface: Check if there is a current element after calls to {@link rewind()} or {@link next()}.
*
* Used to check if we've iterated to the end of the collection.
*
* @see current()
* @return boolean FALSE if there's nothing more to iterate over
*/
public function valid()
{
return ($this->current() instanceof Net_LDAP2_Entry);
}
/**
* SPL Iterator interface: Rewind the Iterator to the first element.
*
* After rewinding, {@link current()} will return the first entry in the result set.
*
* @see current()
* @return void
*/
public function rewind()
{
reset($this->_iteratorCache);
}
}
?>

View File

@ -0,0 +1,97 @@
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the example simple file based Schema Caching class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @copyright 2009 Benedikt Hallinger
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
* @version SVN: $Id: SimpleFileSchemaCache.php 286718 2009-08-03 07:30:49Z beni $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* A simple file based schema cacher with cache aging.
*
* Once the cache is too old, the loadSchema() method will return false, so
* Net_LDAP2 will fetch a fresh object from the LDAP server that will
* overwrite the current (outdated) old cache.
*/
class Net_LDAP2_SimpleFileSchemaCache implements Net_LDAP2_SchemaCache
{
/**
* Internal config of this cache
*
* @see Net_LDAP2_SimpleFileSchemaCache()
* @var array
*/
protected $config = array(
'path' => '/tmp/Net_LDAP_Schema.cache',
'max_age' => 1200
);
/**
* Initialize the simple cache
*
* Config is as following:
* path Complete path to the cache file.
* max_age Maximum age of cache in seconds, 0 means "endlessly".
*
* @param array $cfg Config array
*/
public function Net_LDAP2_SimpleFileSchemaCache($cfg)
{
foreach ($cfg as $key => $value) {
if (array_key_exists($key, $this->config)) {
if (gettype($this->config[$key]) != gettype($value)) {
$this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key does not match type ".gettype($this->config[$key])."!");
}
$this->config[$key] = $value;
} else {
$this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key is not defined!");
}
}
}
/**
* Return the schema object from the cache
*
* If file is existent and cache has not expired yet,
* then the cache is deserialized and returned.
*
* @return Net_LDAP2_Schema|Net_LDAP2_Error|false
*/
public function loadSchema()
{
$return = false; // Net_LDAP2 will load schema from LDAP
if (file_exists($this->config['path'])) {
$cache_maxage = filemtime($this->config['path']) + $this->config['max_age'];
if (time() <= $cache_maxage || $this->config['max_age'] == 0) {
$return = unserialize(file_get_contents($this->config['path']));
}
}
return $return;
}
/**
* Store a schema object in the cache
*
* This method will be called, if Net_LDAP2 has fetched a fresh
* schema object from LDAP and wants to init or refresh the cache.
*
* To invalidate the cache and cause Net_LDAP2 to refresh the cache,
* you can call this method with null or false as value.
* The next call to $ldap->schema() will then refresh the caches object.
*
* @param mixed $schema The object that should be cached
* @return true|Net_LDAP2_Error|false
*/
public function storeSchema($schema) {
file_put_contents($this->config['path'], serialize($schema));
return true;
}
}

572
extlib/Net/LDAP2/Util.php Normal file
View File

@ -0,0 +1,572 @@
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the Net_LDAP2_Util interface class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @copyright 2009 Benedikt Hallinger
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
* @version SVN: $Id: Util.php 286718 2009-08-03 07:30:49Z beni $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* Includes
*/
require_once 'PEAR.php';
/**
* Utility Class for Net_LDAP2
*
* This class servers some functionality to the other classes of Net_LDAP2 but most of
* the methods can be used separately as well.
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @link http://pear.php.net/package/Net_LDAP22/
*/
class Net_LDAP2_Util extends PEAR
{
/**
* Constructor
*
* @access public
*/
public function __construct()
{
// We do nothing here, since all methods can be called statically.
// In Net_LDAP <= 0.7, we needed a instance of Util, because
// it was possible to do utf8 encoding and decoding, but this
// has been moved to the LDAP class. The constructor remains only
// here to document the downward compatibility of creating an instance.
}
/**
* Explodes the given DN into its elements
*
* {@link http://www.ietf.org/rfc/rfc2253.txt RFC 2253} says, a Distinguished Name is a sequence
* of Relative Distinguished Names (RDNs), which themselves
* are sets of Attributes. For each RDN a array is constructed where the RDN part is stored.
*
* For example, the DN 'OU=Sales+CN=J. Smith,DC=example,DC=net' is exploded to:
* <kbd>array( [0] => array([0] => 'OU=Sales', [1] => 'CN=J. Smith'), [2] => 'DC=example', [3] => 'DC=net' )</kbd>
*
* [NOT IMPLEMENTED] DNs might also contain values, which are the bytes of the BER encoding of
* the X.500 AttributeValue rather than some LDAP string syntax. These values are hex-encoded
* and prefixed with a #. To distinguish such BER values, ldap_explode_dn uses references to
* the actual values, e.g. '1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com' is exploded to:
* [ { '1.3.6.1.4.1.1466.0' => "\004\002Hi" }, { 'DC' => 'example' }, { 'DC' => 'com' } ];
* See {@link http://www.vijaymukhi.com/vmis/berldap.htm} for more information on BER.
*
* It also performs the following operations on the given DN:
* - Unescape "\" followed by ",", "+", """, "\", "<", ">", ";", "#", "=", " ", or a hexpair
* and strings beginning with "#".
* - Removes the leading 'OID.' characters if the type is an OID instead of a name.
* - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order.
*
* OPTIONS is a list of name/value pairs, valid options are:
* casefold Controls case folding of attribute types names.
* Attribute values are not affected by this option.
* The default is to uppercase. Valid values are:
* lower Lowercase attribute types names.
* upper Uppercase attribute type names. This is the default.
* none Do not change attribute type names.
* reverse If TRUE, the RDN sequence is reversed.
* onlyvalues If TRUE, then only attributes values are returned ('foo' instead of 'cn=foo')
*
* @param string $dn The DN that should be exploded
* @param array $options Options to use
*
* @static
* @return array Parts of the exploded DN
* @todo implement BER
*/
public static function ldap_explode_dn($dn, $options = array('casefold' => 'upper'))
{
if (!isset($options['onlyvalues'])) $options['onlyvalues'] = false;
if (!isset($options['reverse'])) $options['reverse'] = false;
if (!isset($options['casefold'])) $options['casefold'] = 'upper';
// Escaping of DN and stripping of "OID."
$dn = self::canonical_dn($dn, array('casefold' => $options['casefold']));
// splitting the DN
$dn_array = preg_split('/(?<=[^\\\\]),/', $dn);
// clear wrong splitting (possibly we have split too much)
// /!\ Not clear, if this is neccessary here
//$dn_array = self::correct_dn_splitting($dn_array, ',');
// construct subarrays for multivalued RDNs and unescape DN value
// also convert to output format and apply casefolding
foreach ($dn_array as $key => $value) {
$value_u = self::unescape_dn_value($value);
$rdns = self::split_rdn_multival($value_u[0]);
if (count($rdns) > 1) {
// MV RDN!
foreach ($rdns as $subrdn_k => $subrdn_v) {
// Casefolding
if ($options['casefold'] == 'upper') $subrdn_v = preg_replace("/^(\w+=)/e", "''.strtoupper('\\1').''", $subrdn_v);
if ($options['casefold'] == 'lower') $subrdn_v = preg_replace("/^(\w+=)/e", "''.strtolower('\\1').''", $subrdn_v);
if ($options['onlyvalues']) {
preg_match('/(.+?)(?<!\\\\)=(.+)/', $subrdn_v, $matches);
$rdn_ocl = $matches[1];
$rdn_val = $matches[2];
$unescaped = self::unescape_dn_value($rdn_val);
$rdns[$subrdn_k] = $unescaped[0];
} else {
$unescaped = self::unescape_dn_value($subrdn_v);
$rdns[$subrdn_k] = $unescaped[0];
}
}
$dn_array[$key] = $rdns;
} else {
// normal RDN
// Casefolding
if ($options['casefold'] == 'upper') $value = preg_replace("/^(\w+=)/e", "''.strtoupper('\\1').''", $value);
if ($options['casefold'] == 'lower') $value = preg_replace("/^(\w+=)/e", "''.strtolower('\\1').''", $value);
if ($options['onlyvalues']) {
preg_match('/(.+?)(?<!\\\\)=(.+)/', $value, $matches);
$dn_ocl = $matches[1];
$dn_val = $matches[2];
$unescaped = self::unescape_dn_value($dn_val);
$dn_array[$key] = $unescaped[0];
} else {
$unescaped = self::unescape_dn_value($value);
$dn_array[$key] = $unescaped[0];
}
}
}
if ($options['reverse']) {
return array_reverse($dn_array);
} else {
return $dn_array;
}
}
/**
* Escapes a DN value according to RFC 2253
*
* Escapes the given VALUES according to RFC 2253 so that they can be safely used in LDAP DNs.
* The characters ",", "+", """, "\", "<", ">", ";", "#", "=" with a special meaning in RFC 2252
* are preceeded by ba backslash. Control characters with an ASCII code < 32 are represented as \hexpair.
* Finally all leading and trailing spaces are converted to sequences of \20.
*
* @param array $values An array containing the DN values that should be escaped
*
* @static
* @return array The array $values, but escaped
*/
public static function escape_dn_value($values = array())
{
// Parameter validation
if (!is_array($values)) {
$values = array($values);
}
foreach ($values as $key => $val) {
// Escaping of filter meta characters
$val = str_replace('\\', '\\\\', $val);
$val = str_replace(',', '\,', $val);
$val = str_replace('+', '\+', $val);
$val = str_replace('"', '\"', $val);
$val = str_replace('<', '\<', $val);
$val = str_replace('>', '\>', $val);
$val = str_replace(';', '\;', $val);
$val = str_replace('#', '\#', $val);
$val = str_replace('=', '\=', $val);
// ASCII < 32 escaping
$val = self::asc2hex32($val);
// Convert all leading and trailing spaces to sequences of \20.
if (preg_match('/^(\s*)(.+?)(\s*)$/', $val, $matches)) {
$val = $matches[2];
for ($i = 0; $i < strlen($matches[1]); $i++) {
$val = '\20'.$val;
}
for ($i = 0; $i < strlen($matches[3]); $i++) {
$val = $val.'\20';
}
}
if (null === $val) $val = '\0'; // apply escaped "null" if string is empty
$values[$key] = $val;
}
return $values;
}
/**
* Undoes the conversion done by escape_dn_value().
*
* Any escape sequence starting with a baskslash - hexpair or special character -
* will be transformed back to the corresponding character.
*
* @param array $values Array of DN Values
*
* @return array Same as $values, but unescaped
* @static
*/
public static function unescape_dn_value($values = array())
{
// Parameter validation
if (!is_array($values)) {
$values = array($values);
}
foreach ($values as $key => $val) {
// strip slashes from special chars
$val = str_replace('\\\\', '\\', $val);
$val = str_replace('\,', ',', $val);
$val = str_replace('\+', '+', $val);
$val = str_replace('\"', '"', $val);
$val = str_replace('\<', '<', $val);
$val = str_replace('\>', '>', $val);
$val = str_replace('\;', ';', $val);
$val = str_replace('\#', '#', $val);
$val = str_replace('\=', '=', $val);
// Translate hex code into ascii
$values[$key] = self::hex2asc($val);
}
return $values;
}
/**
* Returns the given DN in a canonical form
*
* Returns false if DN is not a valid Distinguished Name.
* DN can either be a string or an array
* as returned by ldap_explode_dn, which is useful when constructing a DN.
* The DN array may have be indexed (each array value is a OCL=VALUE pair)
* or associative (array key is OCL and value is VALUE).
*
* It performs the following operations on the given DN:
* - Removes the leading 'OID.' characters if the type is an OID instead of a name.
* - Escapes all RFC 2253 special characters (",", "+", """, "\", "<", ">", ";", "#", "="), slashes ("/"), and any other character where the ASCII code is < 32 as \hexpair.
* - Converts all leading and trailing spaces in values to be \20.
* - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order.
*
* OPTIONS is a list of name/value pairs, valid options are:
* casefold Controls case folding of attribute type names.
* Attribute values are not affected by this option. The default is to uppercase.
* Valid values are:
* lower Lowercase attribute type names.
* upper Uppercase attribute type names. This is the default.
* none Do not change attribute type names.
* [NOT IMPLEMENTED] mbcescape If TRUE, characters that are encoded as a multi-octet UTF-8 sequence will be escaped as \(hexpair){2,*}.
* reverse If TRUE, the RDN sequence is reversed.
* separator Separator to use between RDNs. Defaults to comma (',').
*
* Note: The empty string "" is a valid DN, so be sure not to do a "$can_dn == false" test,
* because an empty string evaluates to false. Use the "===" operator instead.
*
* @param array|string $dn The DN
* @param array $options Options to use
*
* @static
* @return false|string The canonical DN or FALSE
* @todo implement option mbcescape
*/
public static function canonical_dn($dn, $options = array('casefold' => 'upper', 'separator' => ','))
{
if ($dn === '') return $dn; // empty DN is valid!
// options check
if (!isset($options['reverse'])) {
$options['reverse'] = false;
} else {
$options['reverse'] = true;
}
if (!isset($options['casefold'])) $options['casefold'] = 'upper';
if (!isset($options['separator'])) $options['separator'] = ',';
if (!is_array($dn)) {
// It is not clear to me if the perl implementation splits by the user defined
// separator or if it just uses this separator to construct the new DN
$dn = preg_split('/(?<=[^\\\\])'.$options['separator'].'/', $dn);
// clear wrong splitting (possibly we have split too much)
$dn = self::correct_dn_splitting($dn, $options['separator']);
} else {
// Is array, check, if the array is indexed or associative
$assoc = false;
foreach ($dn as $dn_key => $dn_part) {
if (!is_int($dn_key)) {
$assoc = true;
}
}
// convert to indexed, if associative array detected
if ($assoc) {
$newdn = array();
foreach ($dn as $dn_key => $dn_part) {
if (is_array($dn_part)) {
ksort($dn_part, SORT_STRING); // we assume here, that the rdn parts are also associative
$newdn[] = $dn_part; // copy array as-is, so we can resolve it later
} else {
$newdn[] = $dn_key.'='.$dn_part;
}
}
$dn =& $newdn;
}
}
// Escaping and casefolding
foreach ($dn as $pos => $dnval) {
if (is_array($dnval)) {
// subarray detected, this means very surely, that we had
// a multivalued dn part, which must be resolved
$dnval_new = '';
foreach ($dnval as $subkey => $subval) {
// build RDN part
if (!is_int($subkey)) {
$subval = $subkey.'='.$subval;
}
$subval_processed = self::canonical_dn($subval);
if (false === $subval_processed) return false;
$dnval_new .= $subval_processed.'+';
}
$dn[$pos] = substr($dnval_new, 0, -1); // store RDN part, strip last plus
} else {
// try to split multivalued RDNS into array
$rdns = self::split_rdn_multival($dnval);
if (count($rdns) > 1) {
// Multivalued RDN was detected!
// The RDN value is expected to be correctly split by split_rdn_multival().
// It's time to sort the RDN and build the DN!
$rdn_string = '';
sort($rdns, SORT_STRING); // Sort RDN keys alphabetically
foreach ($rdns as $rdn) {
$subval_processed = self::canonical_dn($rdn);
if (false === $subval_processed) return false;
$rdn_string .= $subval_processed.'+';
}
$dn[$pos] = substr($rdn_string, 0, -1); // store RDN part, strip last plus
} else {
// no multivalued RDN!
// split at first unescaped "="
$dn_comp = preg_split('/(?<=[^\\\\])=/', $rdns[0], 2);
$ocl = ltrim($dn_comp[0]); // trim left whitespaces 'cause of "cn=foo, l=bar" syntax (whitespace after comma)
$val = $dn_comp[1];
// strip 'OID.', otherwise apply casefolding and escaping
if (substr(strtolower($ocl), 0, 4) == 'oid.') {
$ocl = substr($ocl, 4);
} else {
if ($options['casefold'] == 'upper') $ocl = strtoupper($ocl);
if ($options['casefold'] == 'lower') $ocl = strtolower($ocl);
$ocl = self::escape_dn_value(array($ocl));
$ocl = $ocl[0];
}
// escaping of dn-value
$val = self::escape_dn_value(array($val));
$val = str_replace('/', '\/', $val[0]);
$dn[$pos] = $ocl.'='.$val;
}
}
}
if ($options['reverse']) $dn = array_reverse($dn);
return implode($options['separator'], $dn);
}
/**
* Escapes the given VALUES according to RFC 2254 so that they can be safely used in LDAP filters.
*
* Any control characters with an ACII code < 32 as well as the characters with special meaning in
* LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a
* backslash followed by two hex digits representing the hexadecimal value of the character.
*
* @param array $values Array of values to escape
*
* @static
* @return array Array $values, but escaped
*/
public static function escape_filter_value($values = array())
{
// Parameter validation
if (!is_array($values)) {
$values = array($values);
}
foreach ($values as $key => $val) {
// Escaping of filter meta characters
$val = str_replace('\\', '\5c', $val);
$val = str_replace('*', '\2a', $val);
$val = str_replace('(', '\28', $val);
$val = str_replace(')', '\29', $val);
// ASCII < 32 escaping
$val = self::asc2hex32($val);
if (null === $val) $val = '\0'; // apply escaped "null" if string is empty
$values[$key] = $val;
}
return $values;
}
/**
* Undoes the conversion done by {@link escape_filter_value()}.
*
* Converts any sequences of a backslash followed by two hex digits into the corresponding character.
*
* @param array $values Array of values to escape
*
* @static
* @return array Array $values, but unescaped
*/
public static function unescape_filter_value($values = array())
{
// Parameter validation
if (!is_array($values)) {
$values = array($values);
}
foreach ($values as $key => $value) {
// Translate hex code into ascii
$values[$key] = self::hex2asc($value);
}
return $values;
}
/**
* Converts all ASCII chars < 32 to "\HEX"
*
* @param string $string String to convert
*
* @static
* @return string
*/
public static function asc2hex32($string)
{
for ($i = 0; $i < strlen($string); $i++) {
$char = substr($string, $i, 1);
if (ord($char) < 32) {
$hex = dechex(ord($char));
if (strlen($hex) == 1) $hex = '0'.$hex;
$string = str_replace($char, '\\'.$hex, $string);
}
}
return $string;
}
/**
* Converts all Hex expressions ("\HEX") to their original ASCII characters
*
* @param string $string String to convert
*
* @static
* @author beni@php.net, heavily based on work from DavidSmith@byu.net
* @return string
*/
public static function hex2asc($string)
{
$string = preg_replace("/\\\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\\1')).''", $string);
return $string;
}
/**
* Split an multivalued RDN value into an Array
*
* A RDN can contain multiple values, spearated by a plus sign.
* This function returns each separate ocl=value pair of the RDN part.
*
* If no multivalued RDN is detected, an array containing only
* the original rdn part is returned.
*
* For example, the multivalued RDN 'OU=Sales+CN=J. Smith' is exploded to:
* <kbd>array([0] => 'OU=Sales', [1] => 'CN=J. Smith')</kbd>
*
* The method trys to be smart if it encounters unescaped "+" characters, but may fail,
* so ensure escaped "+"es in attr names and attr values.
*
* [BUG] If you have a multivalued RDN with unescaped plus characters
* and there is a unescaped plus sign at the end of an value followed by an
* attribute name containing an unescaped plus, then you will get wrong splitting:
* $rdn = 'OU=Sales+C+N=J. Smith';
* returns:
* array('OU=Sales+C', 'N=J. Smith');
* The "C+" is treaten as value of the first pair instead as attr name of the second pair.
* To prevent this, escape correctly.
*
* @param string $rdn Part of an (multivalued) escaped RDN (eg. ou=foo OR ou=foo+cn=bar)
*
* @static
* @return array Array with the components of the multivalued RDN or Error
*/
public static function split_rdn_multival($rdn)
{
$rdns = preg_split('/(?<!\\\\)\+/', $rdn);
$rdns = self::correct_dn_splitting($rdns, '+');
return array_values($rdns);
}
/**
* Splits a attribute=value syntax into an array
*
* The split will occur at the first unescaped '=' character.
*
* @param string $attr Attribute and Value Syntax
*
* @return array Indexed array: 0=attribute name, 1=attribute value
*/
public static function split_attribute_string($attr)
{
return preg_split('/(?<!\\\\)=/', $attr, 2);
}
/**
* Corrects splitting of dn parts
*
* @param array $dn Raw DN array
* @param array $separator Separator that was used when splitting
*
* @return array Corrected array
* @access protected
*/
protected static function correct_dn_splitting($dn = array(), $separator = ',')
{
foreach ($dn as $key => $dn_value) {
$dn_value = $dn[$key]; // refresh value (foreach caches!)
// if the dn_value is not in attr=value format, then we had an
// unescaped separator character inside the attr name or the value.
// We assume, that it was the attribute value.
// [TODO] To solve this, we might ask the schema. Keep in mind, that UTIL class
// must remain independent from the other classes or connections.
if (!preg_match('/.+(?<!\\\\)=.+/', $dn_value)) {
unset($dn[$key]);
if (array_key_exists($key-1, $dn)) {
$dn[$key-1] = $dn[$key-1].$separator.$dn_value; // append to previous attr value
} else {
$dn[$key+1] = $dn_value.$separator.$dn[$key+1]; // first element: prepend to next attr name
}
}
}
return array_values($dn);
}
}
?>

View File

@ -130,6 +130,14 @@ $external_libraries=array(
'include'=>'Net/URL/Mapper.php',
'check_class'=>'Net_URL_Mapper'
),
array(
'name'=>'Net_LDAP2',
'pear'=>'Net_LDAP2',
'url'=>'http://pear.php.net/package/Net_LDAP2',
'deb'=>'php-net-ldap2',
'include'=>'Net/LDAP2.php',
'check_class'=>'Net_LDAP2'
),
array(
'name'=>'Net_Socket',
'pear'=>'Net_Socket',

View File

@ -127,8 +127,17 @@ function common_check_user($nickname, $password)
if (is_null($user) || $user === false) {
return false;
} else {
if (0 == strcmp(common_munge_password($password, $user->id),
$user->password)) {
$authenticated = false;
Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
if(! $authenticated){
//no handler asserted the user, so check ourselves
if (0 == strcmp(common_munge_password($password, $user->id),
$user->password)) {
//internal checking passed
$authenticated = true;
}
}
if($authenticated){
return $user;
} else {
return false;

View File

@ -0,0 +1,45 @@
<?php
/**
* StatusNet, the distributed open-source microblogging tool
*
* Plugin to enable LDAP Authentication and Authorization
*
* PHP version 5
*
* LICENCE: This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Plugin
* @package StatusNet
* @author Craig Andrews <candrews@integralblue.com>
* @copyright 2009 Craig Andrews http://candrews.integralblue.com
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
if (!defined('STATUSNET') && !defined('LACONICA')) {
exit(1);
}
class LdapPlugin extends Plugin
{
function __construct()
{
parent::__construct();
}
function onCheckPassword($nickname, $password, &$authenticated)
{
}
}