[FEATURE] add LDAP authentication support for uploaders

[jirafeau_mojo42.git] / lib / functions.php

diff --git a/lib/functions.php b/lib/functions.php
index cfc7dce8250f58c1debeec5e23477d97dca71c74..58001902d71b0ceda4922be9588ea57ef1b6f9db 100644 (file)
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -142,6 +142,11 @@ function jirafeau_fatal_error($errorText, $cfg = array())
     exit;
 }
 
+function jirafeau_non_fatal_error($errorText)
+{
+    echo '<div class="error"><p>' . $errorText . '</p></div>';
+}
+
 function jirafeau_clean_rm_link($link)
 {
     $p = s2p("$link");
@@ -190,20 +195,23 @@ function jirafeau_ini_to_bytes($value)
     $modifier = substr($value, -1);
     $bytes = substr($value, 0, -1);
     switch (strtoupper($modifier)) {
-    case 'P':
-        $bytes *= 1024;
-        // no break
-    case 'T':
-        $bytes *= 1024;
-        // no break
-    case 'G':
-        $bytes *= 1024;
-        // no break
-    case 'M':
-        $bytes *= 1024;
-        // no break
-    case 'K':
-        $bytes *= 1024;
+        default:
+            return intval($value);
+            break;
+        case 'P':
+            $bytes *= 1024;
+            // no break
+        case 'T':
+            $bytes *= 1024;
+            // no break
+        case 'G':
+            $bytes *= 1024;
+            // no break
+        case 'M':
+            $bytes *= 1024;
+            // no break
+        case 'K':
+            $bytes *= 1024;
     }
     return $bytes;
 }
@@ -243,7 +251,6 @@ function jirafeau_get_max_upload_chunk_size_bytes($max_upload_chunk_size_bytes =
         }
         return $size;
     }
-
     $size = min(
         jirafeau_get_max_upload_size_bytes(),
         $max_upload_chunk_size_bytes
@@ -262,19 +269,19 @@ function jirafeau_get_max_upload_chunk_size_bytes($max_upload_chunk_size_bytes =
 function jirafeau_upload_errstr($code)
 {
     switch ($code) {
-    case UPLOAD_ERR_INI_SIZE:
-    case UPLOAD_ERR_FORM_SIZE:
-        return t('Your file exceeds the maximum authorized file size. ');
+        case UPLOAD_ERR_INI_SIZE:
+        case UPLOAD_ERR_FORM_SIZE:
+            return t('Your file exceeds the maximum authorized file size. ');
 
-    case UPLOAD_ERR_PARTIAL:
-    case UPLOAD_ERR_NO_FILE:
-        return
-            t('Your file was not uploaded correctly. You may succeed in retrying. ');
+        case UPLOAD_ERR_PARTIAL:
+        case UPLOAD_ERR_NO_FILE:
+            return
+                t('Your file was not uploaded correctly. You may succeed in retrying. ');
 
-    case UPLOAD_ERR_NO_TMP_DIR:
-    case UPLOAD_ERR_CANT_WRITE:
-    case UPLOAD_ERR_EXTENSION:
-        return t('Internal error. You may not succeed in retrying. ');
+        case UPLOAD_ERR_NO_TMP_DIR:
+        case UPLOAD_ERR_CANT_WRITE:
+        case UPLOAD_ERR_EXTENSION:
+            return t('Internal error. You may not succeed in retrying. ');
     }
     return t('Unknown error. ');
 }
@@ -617,6 +624,14 @@ function check_errors($cfg)
     if ($cfg['one_time_download'] && $cfg['litespeed_workaround']) {
         add_error(t('INCOMPATIBLE_OPTIONS_W'), 'one_time_download=true<br>litespeed_workaround=true');
     }
+    if ($cfg['upload_ldap_auth'] === true) {
+        if (sizeof($cfg['upload_password']) > 0) {
+            add_error(t('INCOMPATIBLE_OPTIONS_W'), 'upload_ldap_auth=true<br>sizeof(upload_password) > 0');
+        }
+        if (sizeof($cfg['upload_ip_nopassword']) > 0) {
+            add_error(t('INCOMPATIBLE_OPTIONS_W'), 'upload_ldap_auth=true<br>sizeof(upload_ip_nopassword) > 0');
+        }
+    }
 }
 
 /**
@@ -1474,7 +1489,7 @@ function jirafeau_admin_session_start()
     $_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true));
 }
 
-function jirafeau_admin_session_end()
+function jirafeau_session_end()
 {
     $_SESSION = array();
     session_destroy();
@@ -1494,6 +1509,17 @@ function jirafeau_admin_csrf_field()
     return "<input type='hidden' name='admin_csrf' value='". $_SESSION['admin_csrf'] . "'/>";
 }
 
+function jirafeau_user_session_start()
+{
+    $_SESSION['user_auth'] = true;
+}
+
+function jirafeau_user_session_logged()
+{
+    return isset($_SESSION['user_auth']) &&
+        $_SESSION['user_auth'] === true;
+}
+
 function jirafeau_dir_size($dir)
 {
     $size = 0;
@@ -1574,3 +1600,49 @@ function jirafeau_default_web_root()
 {
     return $_SERVER['HTTP_HOST'] . str_replace('install.php', '', $_SERVER['REQUEST_URI']);
 }
+
+function jirafeau_has_ldap_auth($cfg)
+{
+    return $cfg['upload_ldap_auth'] === true;
+}
+
+function jirafeau_challenge_ldap_auth($cfg, $user, $password)
+{
+    if (!jirafeau_has_ldap_auth($cfg)) {
+        return "upload_ldap_auth not set";
+    }
+    if (strlen($cfg['upload_ldap_host']) == 0) {
+        return "upload_ldap_host not set";
+    }
+    if (strlen($cfg['upload_ldap_base_dn']) == 0) {
+        return "upload_ldap_base_dn not set";
+    }
+    $host = $cfg['upload_ldap_host'];
+    $base_dn = $cfg['upload_ldap_base_dn'];
+    $con = ldap_connect("ldap://$host");
+    $ldap_user = "cn=$user,$base_dn";
+    if (!$con) {
+        return "cannot initiate connection to ldap server";
+    }
+    ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
+    ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
+    $bind = ldap_bind_ext($con, $ldap_user, $password, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);
+    if (!$bind) {
+        ldap_close($con);
+        return "cannot bind to ldap server";
+    }
+    $parsing = ldap_parse_result($con, $bind, $errcode, $matcheddn, $errmsg, $referrals, $ctrls);
+    if (!$parsing) {
+        ldap_close($con);
+        return "cannot parlse ldap results";
+    }
+    if ($errcode == 49) {
+        ldap_close($con);
+        return "bad password";
+    }
+    if ($errcode != 0) {
+        ldap_close($con);
+        return "ldap auth error: $errmsg ($errcode)";
+    }
+    return true;
+}