| [ Index ] |
|
Code source de Horde 3.1.3 |
1 <?php 2 /** 3 * The Auth_cyrus class provides horde with the ability of administrating 4 * a Cyrus mail server authentications against another backend that Horde 5 * can update (eg SQL or LDAP). 6 * 7 * Required parameters:<pre> 8 * 'cyradmin' The username of the cyrus administrator 9 * 'cyrpass' The password for the cyrus administrator 10 * 'imap_dsn' The full IMAP DSN (i.e. 11 {localhost:993/imap/ssl/novalidate-cert}) 12 * 'backend' The complete hash for the Auth_* driver that cyrus 13 * authenticates against (eg SQL, LDAP). 14 * 'separator' Hierarchy separator to use (e.g., is it user/mailbox or 15 * user.mailbox)</pre> 16 * 17 * Optional values:<pre> 18 * 'unixhier' The value of imapd.conf's unixhierarchysep setting. 19 * Set this to 'true' if the value is true in imapd.conf 20 * 'folders' An array of folders to create under username. 21 * Doesn't create subfolders by default. 22 * 'quota' The quota (in kilobytes) to grant on the mailbox. 23 * Does not establish quota by default.</pre> 24 * 25 * Example Usage:<pre> 26 * $conf['auth']['driver'] = 'composite'; 27 * $conf['auth']['params']['loginscreen_switch'] = '_horde_select_loginscreen'; 28 * $conf['auth']['params']['admin_driver'] = 'cyrus'; 29 * $conf['auth']['params']['drivers']['imp'] = array('driver' => 'application', 30 * 'params' => array('app' => 'imp')); 31 * $conf['auth']['params']['drivers']['cyrus'] = array('driver' => 'cyrus', 32 * 'params' => array('cyradmin' => 'cyrus', 33 * 'cyrpass' => 'password', 34 * 'separator' => '.', 35 * 'imap_dsn' => '{maik.example.com/imap}')); 36 * $conf['auth']['params']['drivers']['cyrus']['params']['backend'] = array('driver' => 'sql', 37 * 'params' => array('phptype' => 'mysql', 38 * 'hostspec' => 'database.example.com', 39 * 'protocol' => 'tcp', 40 * 'username' => 'username', 41 * 'password' => 'password', 42 * 'database' => 'mail', 43 * 'table' => 'accountuser', 44 * 'encryption' => 'md5-hex', 45 * 'username_field' => 'username', 46 * 'password_field' => 'password')); 47 * 48 * if (!function_exists('_horde_select_loginscreen')) { 49 * function _horde_select_loginscreen() { 50 * return 'imp'; 51 * } 52 * }</pre> 53 * 54 * $Horde: framework/Auth/Auth/cyrus.php,v 1.15.10.14 2006/08/14 02:48:48 chuck Exp $ 55 * 56 * Copyright 2002-2006 Ilya <mail@krel.org> 57 * Copyright 2003-2006 Mike Cochrane <mike@graftonhall.co.nz> 58 * 59 * See the enclosed file COPYING for license information (LGPL). If you 60 * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html. 61 * 62 * @author Ilya <mail@krel.org> 63 * @author Mike Cochrane <mike@graftonhall.co.nz> 64 * @since Horde 3.0 65 * @package Horde_Auth 66 */ 67 class Auth_cyrus extends Auth { 68 69 /** 70 * Handle for the current IMAP connection. 71 * 72 * @var resource 73 */ 74 var $_imapStream; 75 76 /** 77 * Flag indicating if the IMAP connection is connected. 78 * 79 * @var boolean 80 */ 81 var $_connected; 82 83 /** 84 * Pointer to another Auth_ backend that Cyrus authenticates against. 85 * 86 * @var Auth 87 */ 88 var $_backend; 89 90 /** 91 * An array of capabilities, so that the driver can report which 92 * operations it supports and which it doesn't. 93 * 94 * @var array 95 */ 96 var $capabilities = array('add' => true, 97 'update' => true, 98 'resetpassword' => false, 99 'remove' => true, 100 'list' => false, 101 'groups' => false, 102 'transparent' => false); 103 104 /** 105 * Constructor. 106 * 107 * @param array $params A hash containing connection parameters. 108 */ 109 function Auth_cyrus($params = array()) 110 { 111 $this->_params = $params; 112 113 if (!isset($this->_params['separator'])) { 114 $this->_params['separator'] = '.'; 115 } 116 117 if (isset($this->_params['unixhier']) && $this->_params['unixhier'] == true) { 118 $this->_params['separator'] = '/'; 119 } 120 121 if (!Util::extensionExists('imap')) { 122 Horde::fatal(_("Auth_cyrus: Required imap extension not found."), __FILE__, __LINE__); 123 } 124 125 // Create backend instance. 126 $this->_backend = &Auth::singleton($this->_params['backend']['driver'], $this->_params['backend']['params']); 127 if (is_a($this->_backend, 'PEAR_Error')) { 128 return $this->_backend; 129 } 130 131 // Check the capabilities of the backend. 132 if (!$this->_backend->hasCapability('add') || 133 !$this->_backend->hasCapability('update') || 134 !$this->_backend->hasCapability('remove')) { 135 Horde::fatal(_("Auth_cyrus: Backend does not have required capabilites."), __FILE__, __LINE__); 136 } 137 138 $this->capabilities['list'] = $this->_backend->hasCapability('list'); 139 $this->capabilities['groups'] = $this->_backend->hasCapability('groups'); 140 $this->capabilities['transparent'] = $this->_backend->hasCapability('transparent'); 141 } 142 143 /** 144 * Add a set of authentication credentials. 145 * 146 * @param string $userId The userId to add. 147 * @param array $credentials The credentials to add. 148 * 149 * @return mixed True on success or a PEAR_Error object on failure. 150 */ 151 function addUser($userId, $credentials) 152 { 153 $this->_connect(); 154 155 $res = $this->_backend->addUser($userId, $credentials); 156 if (is_a($res, 'PEAR_Error')) { 157 return $res; 158 } 159 160 $name = imap_utf7_encode($userId); 161 if (@imap_createmailbox($this->_imapStream, 162 imap_utf7_encode($this->_params['imap_dsn'] . 163 'user' . $this->_params['separator'] . $name))) { 164 if (isset($this->_params['folders']) && is_array($this->_params['folders'])) { 165 foreach ($this->_params['folders'] as $folder) { 166 $this->_createSubFolder($name, $folder); 167 } 168 } 169 } else { 170 Horde::logMessage('IMAP mailbox creation for ' . $name . ' failed ', 171 __FILE__, __LINE__, PEAR_LOG_ERR); 172 return PEAR::raiseError(sprintf(_("IMAP mailbox creation failed: %s"), imap_last_error())); 173 } 174 175 if (isset($this->_params['quota']) && $this->_params['quota'] >= 0) { 176 if (!@imap_set_quota($this->_imapStream, 177 'user' . $this->_separator . $name, 178 $this->_params['quota'])) { 179 return PEAR::raiseError(sprintf(_("IMAP mailbox quota creation failed: %s"), imap_last_error())); 180 } 181 } 182 183 return true; 184 } 185 186 /** 187 * Delete a set of authentication credentials. 188 * 189 * @param string $userId The userId to delete. 190 * 191 * @return boolean Success or failure. 192 */ 193 function removeUser($userId) 194 { 195 $this->_connect(); 196 197 $res = $this->_backend->removeUser($userId); 198 if (is_a($res, 'PEAR_Error')) { 199 return $res; 200 } 201 202 /* Set ACL for mailbox deletion. */ 203 list($admin) = explode('@', $this->_params['cyradmin']); 204 @imap_setacl($this->_imapStream, 205 'user' . $this->_params['separator'] . $userId, 206 $admin, 'lrswipcda'); 207 208 /* Delete IMAP mailbox. */ 209 $imapresult = @imap_deletemailbox($this->_imapStream, 210 $this->_params['imap_dsn'] . 211 'user' . $this->_params['separator'] . $userId); 212 213 if (!$imapresult) { 214 return PEAR::raiseError(sprintf(_("IMAP mailbox deletion failed: %s"), imap_last_error())); 215 } 216 217 return $this->removeUserData($userId); 218 } 219 220 /** 221 * Attempts to open connections to the SQL and IMAP servers. 222 * 223 * @access private 224 * 225 * @return mixed True on success or a PEAR_Error object on failure. 226 */ 227 function _connect() 228 { 229 if (!$this->_connected) { 230 231 $this->_imapStream = @imap_open($this->_params['imap_dsn'], $this->_params['cyradmin'], 232 $this->_params['cyrpass'], OP_HALFOPEN); 233 234 if (!$this->_imapStream) { 235 Horde::fatal(sprintf(_("Can't connect to IMAP server: %s"), 236 imap_last_error()), __FILE__, __LINE__); 237 } 238 239 $this->_connected = true; 240 } 241 242 return true; 243 } 244 245 /** 246 * Disconnect from the IMAP server. 247 * 248 * @access private 249 * 250 * @return boolean True on success, false on failure. 251 */ 252 function _disconnect() 253 { 254 if ($this->_connected) { 255 @imap_close($this->_imapStream); 256 } 257 258 return true; 259 } 260 261 /** 262 * Creates a mailboxes supplied in configuration 263 * 264 * @access private 265 * 266 * @param string $userName For whom the folder will be created 267 * @param string $folderName Name of folder to create 268 */ 269 function _createSubFolder($userName, $folderName) 270 { 271 @imap_createmailbox($this->_imapStream, 272 imap_utf7_encode($this->_params['imap_dsn'] . 273 'user' . $this->_params['separator'] . $userName . 274 $this->_params['separator'] . $folderName)); 275 } 276 277 /** 278 * List all users in the system. 279 * 280 * @return mixed The array of userIds, or false on failure/unsupported. 281 */ 282 function listUsers() 283 { 284 return $this->_backend->listUsers(); 285 } 286 287 /** 288 * Update a set of authentication credentials. 289 * 290 * @param string $oldID The old userId. 291 * @param string $newID The new userId. 292 * @param array $credentials The new credentials 293 * 294 * @return mixed True on success or a PEAR_Error object on failure. 295 */ 296 function updateUser($oldID, $newID, $credentials) 297 { 298 return $this->_backend->updateUser($oldID, $newID, $credentials); 299 } 300 301 /** 302 * Return the URI of the login screen for this authentication method. 303 * 304 * @access private 305 * 306 * @param string $app The application to use. 307 * @param string $url The URL to redirect to after login. 308 * 309 * @return string The login screen URI. 310 */ 311 function _getLoginScreen($app = 'horde', $url = '') 312 { 313 return $this->_backend->_getLoginScreen($app, $url); 314 } 315 316 /** 317 * Checks if a userId exists in the sistem. 318 * 319 * @return boolean Whether or not the userId already exists. 320 */ 321 function exists($userId) 322 { 323 return $this->_backend->exists($userId); 324 } 325 326 /** 327 * Automatic authentication: Find out if the client matches an allowed IP 328 * block. 329 * 330 * @return boolean Whether or not the client is allowed. 331 */ 332 function transparent() 333 { 334 return $this->_backend->transparent(); 335 } 336 337 }
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 18:01:28 2007 | par Balluche grâce à PHPXref 0.7 |