You are here

class SimpleLdap in Simple LDAP 8

A wrapper for PHP's LDAP functions, with associated helper methods.

Hierarchy

Expanded class hierarchy of SimpleLdap

4 files declare their use of SimpleLdap
SimpleLdapServer.php in src/SimpleLdapServer.php
SimpleLdapSSOSettingsForm.php in modules/simple_ldap_sso/src/Form/SimpleLdapSSOSettingsForm.php
Contains \Drupal\simple_ldap_sso\Form\SimpleLdapSsoSettingsForm
SimpleLdapTest.php in tests/src/Functional/SimpleLdapTest.php
SimpleLdapUserManagerTest.php in modules/simple_ldap_user/tests/src/Unit/SimpleLdapUserManagerTest.php
Contains \Drupal\Tests\simple_ldap\Unit\SimpleLdapUserManagerTest
1 string reference to 'SimpleLdap'
simple_ldap.services.yml in ./simple_ldap.services.yml
simple_ldap.services.yml
1 service uses SimpleLdap
simple_ldap.ldap_wrapper in ./simple_ldap.services.yml
Drupal\simple_ldap\SimpleLdap

File

src/SimpleLdap.php, line 13

Namespace

Drupal\simple_ldap
View source
class SimpleLdap {
  private $connection;

  /**
   * @var boolean
   */
  private $bound;
  public function __construct(SimpleLdapConnectionInterface $connection) {
    $this->connection = $connection;
    $this->bound = FALSE;
  }
  public function __destruct() {
    $this
      ->ldapUnbind();
  }

  /**
   * Cleans up an array returned by the ldap_* functions.
   *
   * @param array $entry
   *   An LDAP entry as returned by SimpleLdapServer::search()
   *
   * @return array
   *   A scrubbed array, with all of the "extra crud" removed, with the DN of the record as the array index.
   *
   * @throws SimpleLdapException
   */
  public function clean($entry) {
    if (!is_array($entry)) {
      throw new SimpleLdapException('Can only clean an array.');
    }
    $clean = array();

    // Yes, this is ugly, but so are the ldap_*() results.
    for ($i = 0; $i < $entry['count']; $i++) {
      $clean[$entry[$i]['dn']] = array();
      for ($j = 0; $j < $entry[$i]['count']; $j++) {
        $clean[$entry[$i]['dn']][$entry[$i][$j]] = array();
        for ($k = 0; $k < $entry[$i][$entry[$i][$j]]['count']; $k++) {
          $clean[$entry[$i]['dn']][$entry[$i][$j]][] = $entry[$i][$entry[$i][$j]][$k];
        }
      }
    }
    return $clean;
  }

  /**
   * Cleans an attribute array, removing empty items.
   *
   * @param array $attributes
   *   Array of attributes that needs to be cleaned.
   * @param boolean $strip_empty_array
   *   Determines whether an attribute consisting of an empty array should be
   *   stripped or left intact. Defaults to TRUE.
   *
   * @return array
   *   A scrubbed array with no empty attributes.
   */
  public function removeEmptyAttributes($attributes, $strip_empty_array = TRUE) {
    foreach ($attributes as $key => $value) {
      if (is_array($value)) {

        // Remove empty values.
        foreach ($value as $k => $v) {
          if (empty($v)) {
            unset($attributes[$key][$k]);
          }
        }

        // Remove the 'count' property.
        unset($value['count']);
        unset($attributes[$key]['count']);

        // Remove attributes with no values.
        if ($strip_empty_array && count($attributes[$key]) == 0) {
          unset($attributes[$key]);
        }
      }
    }
    return $attributes;
  }

  /**
   * Generates a random salt of the given length.
   */
  public function salt($length) {
    $possible = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./';
    $str = '';
    while (strlen($str) < $length) {
      $str .= substr($possible, rand() % strlen($possible), 1);
    }
    return $str;
  }

  /**
   * Hash a string for use in an LDAP password field.
   */
  public function hash($string, $algorithm = NULL) {
    switch ($algorithm) {
      case 'crypt':
        $hash = '{CRYPT}' . crypt($string, substr($string, 0, 2));
        break;
      case 'salted crypt':
        $hash = '{CRYPT}' . crypt($string, self::salt(2));
        break;
      case 'extended des':
        $hash = '{CRYPT}' . crypt($string, '_' . self::salt(8));
        break;
      case 'md5crypt':
        $hash = '{CRYPT}' . crypt($string, '$1$' . self::salt(9));
        break;
      case 'blowfish':
        $hash = '{CRYPT}' . crypt($string, '$2a$12$' . self::salt(13));
        break;
      case 'md5':
        $hash = '{MD5}' . base64_encode(md5($string, TRUE));
        break;
      case 'salted md5':
        $salt = SimpleLdap::salt(8);
        $hash = '{SMD5}' . base64_encode(md5($string . $salt, TRUE) . $salt);
        break;
      case 'sha':
        $hash = '{SHA}' . base64_encode(sha1($string, TRUE));
        break;
      case 'salted sha':
        $salt = SimpleLdap::salt(8);
        $hash = '{SSHA}' . base64_encode(sha1($string . $salt, TRUE) . $salt);
        break;
      case 'unicode':
        $string = '"' . $string . '"';
        $length = drupal_strlen($string);
        $hash = NULL;
        for ($i = 0; $i < $length; $i++) {
          $hash .= "{$string[$i]}\0";
        }
        break;
      case 'none':
      default:
        $hash = $string;
    }
    return $hash;
  }

  /**
   * Returns an array of supported hash types.
   *
   * The keys of this array are also the values supported by SimpleLdap::hash().
   * The values are translated, human-readable values.
   */
  public static function hashes() {
    $types = array();

    // Crypt, and Salted Crypt.
    $types['crypt'] = t('Crypt');
    $types['salted crypt'] = t('Salted Crypt');

    // Extended DES.
    if (defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 1) {
      $types['extended des'] = t('Extended DES');
    }

    // MD5Crypt.
    if (defined('CRYPT_MD5') || CRYPT_MD5 == 1) {
      $types['md5crypt'] = t('MD5Crypt');
    }

    // Blowfish.
    if (defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 1) {
      $types['blowfish'] = t('Blowfish');
    }

    // MD5
    $types['md5'] = t('MD5');

    // SMD5.
    $types['salted md5'] = t('Salted MD5');

    // SHA.
    $types['sha'] = t('SHA');

    // SSHA.
    $types['salted sha'] = t('Salted SHA');

    // Unicode (used by Active Directory).
    $types['unicode'] = t('Unicode');
    return $types;
  }

  /**
   * Wrapper function for ldap_bind().
   *
   * @param string $bind_rdn
   *   The RDN to bind with. If not specified, and anonymous bind is attempted.
   * @param string $bind_password
   *   The password to use during the bind.
   *
   * @return boolean
   *   Returns TRUE on success or FALSE on failure.
   */
  public function ldapBind($bind_rdn = NULL, $bind_password = NULL) {
    $bound = @ldap_bind($this->connection
      ->getResource(), $bind_rdn, $bind_password);
    $this->bound = $bound;
    return $bound;
  }

  /**
   * Wrapper function for ldap_unbind().
   *
   * @return boolean
   *   TRUE on success
   *
   * @throws SimpleLdapException
   */
  public function ldapUnbind() {
    $return = FALSE;

    // Check that the LDAP connection is currently bound.
    if ($this->bound && $this->connection
      ->getResource()) {

      // If unbinding is successful, $return should be TRUE.
      $return = @ldap_unbind($this->connection
        ->getResource());
      if (!$return) {
        throw new SimpleLdapException('ldap_unbind wrapper: ', $this->connection
          ->getResource());
      }
    }
    $this->bound = FALSE;
    return $return;
  }

  /**
   * Wrapper function for ldap_control_paged_result().
   *
   * @param int $pagesize
   *  The number of entries by page.
   * @param bool $iscritical
   *  Indicates whether the pagination is critical of not. If true and if the
   *  server doesn't support pagination, the search will return no result.
   * @param string $cookie
   *  An opaque structure sent by the server.
   * @return bool
   *  TRUE on success
   *
   * @throws \Drupal\simple_ldap\SimpleLdapException
   */
  public function controlPagedResult($pagesize, $iscritical, $cookie) {
    $return = @ldap_control_paged_result($this->connection
      ->getResource(), $pagesize, $iscritical, $cookie);
    if ($return === FALSE) {
      throw new SimpleLdapException('ldap_control_paged_result wrapper: ', $this->connection
        ->getResource());
    }
    return $return;
  }

  /**
   * Wrapper function for ldap_control_paged_result_response().
   *
   * @param resource $result
   *   An LDAP search result identifier.
   * @param string $cookie
   *   An opaque structure sent by the server.
   * @param int $estimated
   *   The estimated number of entries to retrieve.
   *
   * @return boolean
   *   TRUE on success.
   */
  public function controlPageResultResponse($result, &$cookie = NULL, &$estimated = NULL) {
    $return = @ldap_control_paged_result_response($this->connection
      ->getResource(), $result, $cookie, $estimated);
    return $return;
  }

  /**
   * @param string $base_dn
   *   The base DN for the directory.
   * @param string $filter
   *   The LDAP filter to apply.
   * @param array $attributes
   *   An array of the required attributes.
   * @param int $attrsonly
   *   Should be set to 1 if only attribute types are wanted. If set to 0 both
   *   attributes types and attribute values are fetched which is the default
   *   behaviour.
   * @param int $sizelimit
   *   Enables you to limit the count of entries fetched. Setting this to 0
   *   means no limit.
   * @param int $timelimit
   *   Sets the number of seconds how long is spend on the search. Setting this
   *   to 0 means no limit.
   * @param int $deref
   *   Specifies how aliases should be handled during the search.
   * @return resource'
   *   LDAP search result identifier.
   *
   * @throws \Drupal\simple_ldap\SimpleLdapException
   */
  public function ldapRead($base_dn, $filter, $attributes = array(), $attrsonly = 0, $sizelimit = 0, $timelimit = 0, $deref = NULL) {
    $return = @ldap_read($this->connection
      ->getResource(), $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $this
      ->getDefaultDeref($deref));
    if ($return === FALSE) {
      throw new SimpleLdapException('ldap_read wrapper: ', $this->connection
        ->getResource());
    }
    return $return;
  }

  /**
   * Wrapper function for ldap_list().
   *
   * @param string $base_dn
   *   The base DN for the directory.
   * @param string $filter
   *   The LDAP filter to apply.
   * @param array $attributes
   *   An array of the required attributes.
   * @param int $attrsonly
   *   Should be set to 1 if only attribute types are wanted. If set to 0 both
   *   attributes types and attribute values are fetched which is the default
   *   behaviour.
   * @param int $sizelimit
   *   Enables you to limit the count of entries fetched. Setting this to 0
   *   means no limit.
   * @param int $timelimit
   *   Sets the number of seconds how long is spend on the search. Setting this
   *   to 0 means no limit.
   * @param int $deref
   *   Specifies how aliases should be handled during the search.
   *
   * @return resource
   *   LDAP search result identifier.
   *
   * @throws SimpleLdapException
   */
  public function ldapList($base_dn, $filter, $attributes = array(), $attrsonly = 0, $sizelimit = 0, $timelimit = 0, $deref = NULL) {
    $return = @ldap_list($this->connection
      ->getResource(), $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $this
      ->getDefaultDeref($deref));
    if ($return === FALSE) {
      throw new SimpleLdapException('ldap_list wrapper: ', $this->connection
        ->getResource());
    }
    return $return;
  }

  /**
   * Wrapper function for ldap_search().
   *
   * @param string $base_dn
   *   The base DN for the directory.
   * @param string $filter
   *   The LDAP filter to apply.
   * @param array $attributes
   *   An array of the required attributes.
   * @param int $attrsonly
   *   Should be set to 1 if only attribute types are wanted. If set to 0 both
   *   attributes types and attribute values are fetched which is the default
   *   behaviour.
   * @param int $sizelimit
   *   Enables you to limit the count of entries fetched. Setting this to 0
   *   means no limit.
   * @param int $timelimit
   *   Sets the number of seconds how long is spend on the search. Setting this
   *   to 0 means no limit.
   * @param int $deref
   *   Specifies how aliases should be handled during the search.
   *
   * @return resource
   *   LDAP search result identifier.
   *
   * @throws SimpleLdapException
   */
  public function ldapSearch($base_dn, $filter, $attributes = array(), $attrsonly = 0, $sizelimit = 0, $timelimit = 0, $deref = NULL) {
    $return = @ldap_search($this->connection
      ->getResource(), $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $this
      ->getDefaultDeref($deref));
    if ($return === FALSE) {
      throw new SimpleLdapException('ldap_search wrapper: ', $this->connection
        ->getResource());
    }
    return $return;
  }

  /**
   * Wrapper function for ldap_get_entries().
   *
   * @param resource $result_identifier
   *   An LDAP search result identifier.
   *
   * @return array
   *   An array of LDAP entries.
   *
   * @throws SimpleLdapException
   */
  public function getEntries($result_identifier) {
    $return = @ldap_get_entries($this->connection
      ->getResource(), $result_identifier);

    // Error handling.
    if ($return === FALSE) {
      throw new SimpleLdapException('ldap_get_entries wrapper: ', $this->connection
        ->getResource());
    }
    return $return;
  }

  /**
   * Wrapper function for ldap_free_result().
   *
   * @param resource $result_identifier
   *   LDAP search result identifier.
   *
   * @return boolean
   *   TRUE on success.
   *
   * @throws SimpleLdapException
   */
  public function freeResult($result_identifier) {
    $return = @ldap_free_result($result_identifier);

    // Error handling.
    if ($return === FALSE) {
      throw new SimpleLdapException('ldap_free_result wrapper: ', $result_identifier);
    }
    return $return;
  }

  /**
   * Whether the wrapper has a successful binding or not.
   *
   * @return bool
   */
  public function isBound() {
    return $this->bound;
  }

  /**
   * Wrapper function for ldap_connect().
   *
   * @throws \Drupal\simple_ldap\SimpleLdapException
   */
  public function connect() {
    $this->connection
      ->connect();
  }

  /**
   * Wrapper function for ldap_close().
   */
  public function disconnect() {
    $this->connection
      ->disconnect();
    $this->bound = FALSE;
  }

  /**
   * Helper function to keep constant out of the function parameter signature.
   *
   * @param $deref
   * @return int
   */
  protected function getDefaultDeref($deref) {
    if ($deref == NULL) {
      return LDAP_DEREF_NEVER;
    }
    return $deref;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
SimpleLdap::$bound private property
SimpleLdap::$connection private property
SimpleLdap::clean public function Cleans up an array returned by the ldap_* functions.
SimpleLdap::connect public function Wrapper function for ldap_connect().
SimpleLdap::controlPagedResult public function Wrapper function for ldap_control_paged_result().
SimpleLdap::controlPageResultResponse public function Wrapper function for ldap_control_paged_result_response().
SimpleLdap::disconnect public function Wrapper function for ldap_close().
SimpleLdap::freeResult public function Wrapper function for ldap_free_result().
SimpleLdap::getDefaultDeref protected function Helper function to keep constant out of the function parameter signature.
SimpleLdap::getEntries public function Wrapper function for ldap_get_entries().
SimpleLdap::hash public function Hash a string for use in an LDAP password field.
SimpleLdap::hashes public static function Returns an array of supported hash types.
SimpleLdap::isBound public function Whether the wrapper has a successful binding or not.
SimpleLdap::ldapBind public function Wrapper function for ldap_bind().
SimpleLdap::ldapList public function Wrapper function for ldap_list().
SimpleLdap::ldapRead public function
SimpleLdap::ldapSearch public function Wrapper function for ldap_search().
SimpleLdap::ldapUnbind public function Wrapper function for ldap_unbind().
SimpleLdap::removeEmptyAttributes public function Cleans an attribute array, removing empty items.
SimpleLdap::salt public function Generates a random salt of the given length.
SimpleLdap::__construct public function
SimpleLdap::__destruct public function