0byt3m1n1
Path:
/
data
/
applications
/
aps
/
magento
/
1.1.3-2
/
standard
/
htdocs
/
lib
/
Zend
/
Auth
/
Adapter
/
[
Home
]
File: Ldap.php
<?php /** * Zend Framework * * LICENSE * * This source file is subject to the new BSD license that is bundled * with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://framework.zend.com/license/new-bsd * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@zend.com so we can send you a copy immediately. * * @category Zend * @package Zend_Auth * @subpackage Zend_Auth_Adapter * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License * @version $Id: Ldap.php 8862 2008-03-16 15:36:00Z thomas $ */ /** * @see Zend_Auth_Adapter_Interface */ #require_once 'Zend/Auth/Adapter/Interface.php'; /** * @category Zend * @package Zend_Auth * @subpackage Zend_Auth_Adapter * @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License */ class Zend_Auth_Adapter_Ldap implements Zend_Auth_Adapter_Interface { /** * The Zend_Ldap context. * * @var Zend_Ldap */ protected $_ldap = null; /** * The array of arrays of Zend_Ldap options passed to the constructor. * * @var array */ protected $_options = null; /** * The username of the account being authenticated. * * @var string */ protected $_username = null; /** * The password of the account being authenticated. * * @var string */ protected $_password = null; /** * Constructor * * @param array $options An array of arrays of Zend_Ldap options * @param string $username The username of the account being authenticated * @param string $password The password of the account being authenticated * @return void */ public function __construct(array $options = array(), $username = null, $password = null) { $this->_options = $options; if ($username !== null) { $this->setUsername($username); } if ($password !== null) { $this->setPassword($password); } } /** * Returns the username of the account being authenticated, or * NULL if none is set. * * @return string|null */ public function getUsername() { return $this->_username; } /** * Sets the username for binding * * @param string $username The username for binding * @return Zend_Auth_Adapter_Ldap Provides a fluent interface */ public function setUsername($username) { $this->_username = (string) $username; return $this; } /** * Returns the password of the account being authenticated, or * NULL if none is set. * * @return string|null */ public function getPassword() { return $this->_password; } /** * Sets the passwort for the account * * @param string $password The password of the account being authenticated * @return Zend_Auth_Adapter_Ldap Provides a fluent interface */ public function setPassword($password) { $this->_password = (string) $password; return $this; } /** * Returns the LDAP Object * * @return Zend_Ldap The Zend_Ldap object used to authenticate the credentials */ public function getLdap() { if ($this->_ldap === null) { /** * @see Zend_Ldap */ #require_once 'Zend/Ldap.php'; $this->_ldap = new Zend_Ldap(); } return $this->_ldap; } /** * Authenticate the user * * @throws Zend_Auth_Adapter_Exception * @return Zend_Auth_Result */ public function authenticate() { /** * @see Zend_Ldap_Exception */ #require_once 'Zend/Ldap/Exception.php'; $messages = array(); $messages[0] = ''; // reserved $messages[1] = ''; // reserved $username = $this->_username; $password = $this->_password; if (!$username) { $code = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND; $messages[0] = 'A username is required'; return new Zend_Auth_Result($code, '', $messages); } if (!$password) { /* A password is required because some servers will * treat an empty password as an anonymous bind. */ $code = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID; $messages[0] = 'A password is required'; return new Zend_Auth_Result($code, '', $messages); } $ldap = $this->getLdap(); $code = Zend_Auth_Result::FAILURE; $messages[0] = "Authority not found: $username"; /* Iterate through each server and try to authenticate the supplied * credentials against it. */ foreach ($this->_options as $name => $options) { if (!is_array($options)) { /** * @see Zend_Auth_Adapter_Exception */ #require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('Adapter options array not in array'); } $ldap->setOptions($options); try { $canonicalName = $ldap->getCanonicalAccountName($username); if ($messages[1]) $messages[] = $messages[1]; $messages[1] = ''; $messages[] = $this->_optionsToString($options); $ldap->bind($canonicalName, $password); $messages[0] = ''; $messages[1] = ''; $messages[] = "$canonicalName authentication successful"; return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $canonicalName, $messages); } catch (Zend_Ldap_Exception $zle) { /* LDAP based authentication is notoriously difficult to diagnose. Therefore * we bend over backwards to capture and record every possible bit of * information when something goes wrong. */ $err = $zle->getCode(); if ($err == Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH) { /* This error indicates that the domain supplied in the * username did not match the domains in the server options * and therefore we should just skip to the next set of * server options. */ continue; } else if ($err == Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT) { $code = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND; $messages[0] = "Account not found: $username"; } else if ($err == Zend_Ldap_Exception::LDAP_INVALID_CREDENTIALS) { $code = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID; $messages[0] = 'Invalid credentials'; } else { $line = $zle->getLine(); $messages[] = $zle->getFile() . "($line): " . $zle->getMessage(); $messages[] = str_replace($password, '*****', $zle->getTraceAsString()); $messages[0] = 'An unexpected failure occurred'; } $messages[1] = $zle->getMessage(); } } $msg = isset($messages[1]) ? $messages[1] : $messages[0]; $messages[] = "$username authentication failed: $msg"; return new Zend_Auth_Result($code, $username, $messages); } /** * Converts options to string * * @param array $options * @return string */ private function _optionsToString(array $options) { $str = ''; foreach ($options as $key => $val) { if ($key === 'password') $val = '*****'; if ($str) $str .= ','; $str .= $key . '=' . $val; } return $str; } }