packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/includes/functions.php
author Dan Fuhry <dan@fuhry.us>
Fri, 11 Jan 2013 05:41:41 -0500
changeset 4 2212b2ded8bf
parent 3 a044870a9d3d
child 8 f68fdcc18df9
permissions -rw-r--r--
Added OpenSSH public key support in LDAP
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     1
<?php
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     2
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     3
function redirect($url)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     4
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     5
	header('HTTP/1.1 302 Found');
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     6
	header("Location: $url");
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     7
	exit;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     8
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     9
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    10
/**
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    11
 * Queue a message that will be displayed in a box on the next page load
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    12
 * @param int Message type (E_NOTICE, E_WARNING, E_ERROR)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    13
 * @param string Message string
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    14
 */
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    15
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    16
function queue_message($code, $message)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    17
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    18
	$_SESSION['messages'][] = array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    19
			'code' => $code
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    20
			, 'message' => $message
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    21
		);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    22
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    23
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    24
function smarty_function_get_next_uid()
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    25
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    26
	return get_next_available_uid();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    27
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    28
4
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    29
function smarty_function_json_encode($params)
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    30
{
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    31
	return json_encode($params['value']);
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    32
}
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    33
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    34
function load_credentials()
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    35
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    36
	$config = yaml_parse_file("/usr/local/etc/ssoinabox/webcreds.yml");
3
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    37
	$keys = array('LDAP_BASEDN', 'UID_MIN', 'GID_MIN', 'ldap_server', 'ldap_manager', 'ldap_user_basedn', 'ldap_group_basedn', 'kerberos_admin', 'PHONE_EXT_MIN', 'hmac_secret');
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    38
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    39
	foreach ( $keys as $key )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    40
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    41
		if ( !isset($config[$key]) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    42
			die("Config key $key is not set");
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    43
		
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    44
		if ( preg_match('/^[A-Z_]+$/', $key) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    45
			define($key, $config[$key]);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    46
		else
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    47
			$GLOBALS[$key] = $config[$key];
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    48
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    49
}
3
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    50
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    51
/**
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    52
 * Test a password's policy compliance
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    53
 * @param string password
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    54
 * @return mixed true if compliant, otherwise a string describing why it isn't
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    55
 */
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    56
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    57
function test_password($str)
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    58
{
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    59
	if ( strlen($str) < 8 )
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    60
		return 'must be at least 8 characters in length';
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    61
	
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    62
	if ( countUniqueChars($str) < 6 )
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    63
		return 'must have at least 6 unique characters';
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    64
	
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    65
	if ( strlen($str) <= 16 )
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    66
	{
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    67
		if ( !preg_match('/[a-z]/', $str) )
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    68
			return 'must contain at least one lowercase letter';
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    69
		
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    70
		if ( !preg_match('/[A-Z]/', $str) )
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    71
			return 'must contain at least one lowercase letter';
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    72
		
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    73
		if ( !preg_match('/[0-9]/', $str) )
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    74
			return 'must contain at least one lowercase letter';
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    75
		
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    76
		if ( !preg_match('/[^A-Za-z0-9]/', $str) )
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    77
			return 'must contain at least one lowercase letter';
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    78
	}
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    79
	
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    80
	return true;
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    81
}
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    82
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    83
function countUniqueChars($str)
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    84
{
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    85
	$count = 0;
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    86
	$uniq = '';
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    87
	for ( $i = 0; $i < strlen($str); $i++ )
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    88
	{
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    89
		if ( strpos($uniq, $str{$i}) === false )
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    90
			$uniq .= $str{$i};
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    91
	}
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    92
	
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    93
	return strlen($uniq);
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
    94
}
4
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    95
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    96
$ssh_key_lengths = array(
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    97
		// pubkey len => key bits
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    98
		'ecdsa-sha2-nistp521' => array('name' => 'ECDSA', 172 => 521)
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    99
		, 'ecdsa-sha2-nistp384' => array('name' => 'ECDSA', 136 => 384)
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   100
		, 'ecdsa-sha2-nistp256' => array('name' => 'ECDSA', 104 => 256)
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   101
		, 'ssh-dss' => array(
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   102
				'name' => 'DSA'
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   103
				, 432 => 1024
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   104
				, 433 => 1024
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   105
				, 434 => 1024
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   106
				, 435 => 1024
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   107
			)
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   108
		, 'ssh-rsa' => array(
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   109
				'name' => 'RSA'
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   110
				, 119 => 768
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   111
				, 151 => 1024
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   112
				, 215 => 1536
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   113
				, 277 => 2048
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   114
				, 279 => 2048
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   115
				, 407 => 3072
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   116
				, 535 => 4096
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   117
			)
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   118
	);
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   119
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   120
function smarty_function_decode_ssh_key($params, $smarty)
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   121
{
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   122
	global $ssh_key_lengths;
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   123
	
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   124
	if ( !isset($params['key']) )
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   125
		throw new SmartyException("No key provided");
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   126
	
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   127
	if ( !isset($params['out']) )
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   128
		throw new SmartyException("No output var provided");
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   129
	
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   130
	list($type, $key_b64) = preg_split('/\s+/', $params['key']);
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   131
	
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   132
	$key = base64_decode($key_b64);
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   133
	$bits = isset($ssh_key_lengths[$type][strlen($key)]) ? $ssh_key_lengths[$type][strlen($key)] : 0;
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   134
	
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   135
	$smarty->assign($params['out'], array(
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   136
			'fingerprint' => implode(':', str_split(md5($key), 2))
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   137
			, 'type' => $ssh_key_lengths[$type]['name']
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   138
			, 'bits' => $bits
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   139
		));
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   140
}