packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/includes/functions.php
<?php
function redirect($url)
{
header('HTTP/1.1 302 Found');
header("Location: $url");
exit;
}
/**
* Queue a message that will be displayed in a box on the next page load
* @param int Message type (E_NOTICE, E_WARNING, E_ERROR)
* @param string Message string
*/
function queue_message($code, $message)
{
$_SESSION['messages'][] = array(
'code' => $code
, 'message' => $message
);
}
function smarty_function_get_next_uid()
{
return get_next_available_uid();
}
function smarty_function_json_encode($params)
{
return json_encode($params['value']);
}
function load_credentials()
{
$config = yaml_parse_file("/usr/local/etc/ssoinabox/webcreds.yml");
$keys = array('LDAP_BASEDN', 'UID_MIN', 'GID_MIN', 'ldap_server', 'ldap_manager', 'ldap_user_basedn', 'ldap_group_basedn', 'kerberos_admin', 'PHONE_EXT_MIN', 'hmac_secret');
foreach ( $keys as $key )
{
if ( !isset($config[$key]) )
die("Config key $key is not set");
if ( preg_match('/^[A-Z_]+$/', $key) )
define($key, $config[$key]);
else
$GLOBALS[$key] = $config[$key];
}
}
/**
* Test a password's policy compliance
* @param string password
* @return mixed true if compliant, otherwise a string describing why it isn't
*/
function test_password($str)
{
if ( strlen($str) < 8 )
return 'must be at least 8 characters in length';
if ( countUniqueChars($str) < 6 )
return 'must have at least 6 unique characters';
if ( strlen($str) <= 16 )
{
if ( !preg_match('/[a-z]/', $str) )
return 'must contain at least one lowercase letter';
if ( !preg_match('/[A-Z]/', $str) )
return 'must contain at least one lowercase letter';
if ( !preg_match('/[0-9]/', $str) )
return 'must contain at least one lowercase letter';
if ( !preg_match('/[^A-Za-z0-9]/', $str) )
return 'must contain at least one lowercase letter';
}
return true;
}
function countUniqueChars($str)
{
$count = 0;
$uniq = '';
for ( $i = 0; $i < strlen($str); $i++ )
{
if ( strpos($uniq, $str{$i}) === false )
$uniq .= $str{$i};
}
return strlen($uniq);
}
$ssh_key_lengths = array(
// pubkey len => key bits
'ecdsa-sha2-nistp521' => array('name' => 'ECDSA', 172 => 521)
, 'ecdsa-sha2-nistp384' => array('name' => 'ECDSA', 136 => 384)
, 'ecdsa-sha2-nistp256' => array('name' => 'ECDSA', 104 => 256)
, 'ssh-dss' => array(
'name' => 'DSA'
, 432 => 1024
, 433 => 1024
, 434 => 1024
, 435 => 1024
)
, 'ssh-rsa' => array(
'name' => 'RSA'
, 119 => 768
, 151 => 1024
, 215 => 1536
, 277 => 2048
, 279 => 2048
, 407 => 3072
, 535 => 4096
)
);
function smarty_function_decode_ssh_key($params, $smarty)
{
global $ssh_key_lengths;
if ( !isset($params['key']) )
throw new SmartyException("No key provided");
if ( !isset($params['out']) )
throw new SmartyException("No output var provided");
list($type, $key_b64) = preg_split('/\s+/', $params['key']);
$key = base64_decode($key_b64);
$bits = isset($ssh_key_lengths[$type][strlen($key)]) ? $ssh_key_lengths[$type][strlen($key)] : 0;
$smarty->assign($params['out'], array(
'fingerprint' => implode(':', str_split(md5($key), 2))
, 'type' => $ssh_key_lengths[$type]['name']
, 'bits' => $bits
));
}