author | Dan Fuhry <dan@fuhry.us> |
Fri, 18 Jan 2013 19:59:50 -0500 | |
changeset 5 | cdd708efa505 |
parent 4 | 2212b2ded8bf |
child 8 | f68fdcc18df9 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
||
3 |
function redirect($url) |
|
4 |
{ |
|
5 |
header('HTTP/1.1 302 Found'); |
|
6 |
header("Location: $url"); |
|
7 |
exit; |
|
8 |
} |
|
9 |
||
10 |
/** |
|
11 |
* Queue a message that will be displayed in a box on the next page load |
|
12 |
* @param int Message type (E_NOTICE, E_WARNING, E_ERROR) |
|
13 |
* @param string Message string |
|
14 |
*/ |
|
15 |
||
16 |
function queue_message($code, $message) |
|
17 |
{ |
|
18 |
$_SESSION['messages'][] = array( |
|
19 |
'code' => $code |
|
20 |
, 'message' => $message |
|
21 |
); |
|
22 |
} |
|
23 |
||
24 |
function smarty_function_get_next_uid() |
|
25 |
{ |
|
26 |
return get_next_available_uid(); |
|
27 |
} |
|
28 |
||
4
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
29 |
function smarty_function_json_encode($params) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
30 |
{ |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
31 |
return json_encode($params['value']); |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
32 |
} |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
33 |
|
0 | 34 |
function load_credentials() |
35 |
{ |
|
36 |
$config = yaml_parse_file("/usr/local/etc/ssoinabox/webcreds.yml"); |
|
3 | 37 |
$keys = array('LDAP_BASEDN', 'UID_MIN', 'GID_MIN', 'ldap_server', 'ldap_manager', 'ldap_user_basedn', 'ldap_group_basedn', 'kerberos_admin', 'PHONE_EXT_MIN', 'hmac_secret'); |
0 | 38 |
|
39 |
foreach ( $keys as $key ) |
|
40 |
{ |
|
41 |
if ( !isset($config[$key]) ) |
|
42 |
die("Config key $key is not set"); |
|
43 |
||
44 |
if ( preg_match('/^[A-Z_]+$/', $key) ) |
|
45 |
define($key, $config[$key]); |
|
46 |
else |
|
47 |
$GLOBALS[$key] = $config[$key]; |
|
48 |
} |
|
49 |
} |
|
3 | 50 |
|
51 |
/** |
|
52 |
* Test a password's policy compliance |
|
53 |
* @param string password |
|
54 |
* @return mixed true if compliant, otherwise a string describing why it isn't |
|
55 |
*/ |
|
56 |
||
57 |
function test_password($str) |
|
58 |
{ |
|
59 |
if ( strlen($str) < 8 ) |
|
60 |
return 'must be at least 8 characters in length'; |
|
61 |
||
62 |
if ( countUniqueChars($str) < 6 ) |
|
63 |
return 'must have at least 6 unique characters'; |
|
64 |
||
65 |
if ( strlen($str) <= 16 ) |
|
66 |
{ |
|
67 |
if ( !preg_match('/[a-z]/', $str) ) |
|
68 |
return 'must contain at least one lowercase letter'; |
|
69 |
||
70 |
if ( !preg_match('/[A-Z]/', $str) ) |
|
71 |
return 'must contain at least one lowercase letter'; |
|
72 |
||
73 |
if ( !preg_match('/[0-9]/', $str) ) |
|
74 |
return 'must contain at least one lowercase letter'; |
|
75 |
||
76 |
if ( !preg_match('/[^A-Za-z0-9]/', $str) ) |
|
77 |
return 'must contain at least one lowercase letter'; |
|
78 |
} |
|
79 |
||
80 |
return true; |
|
81 |
} |
|
82 |
||
83 |
function countUniqueChars($str) |
|
84 |
{ |
|
85 |
$count = 0; |
|
86 |
$uniq = ''; |
|
87 |
for ( $i = 0; $i < strlen($str); $i++ ) |
|
88 |
{ |
|
89 |
if ( strpos($uniq, $str{$i}) === false ) |
|
90 |
$uniq .= $str{$i}; |
|
91 |
} |
|
92 |
||
93 |
return strlen($uniq); |
|
94 |
} |
|
4
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
95 |
|
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
96 |
$ssh_key_lengths = array( |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
97 |
// pubkey len => key bits |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
98 |
'ecdsa-sha2-nistp521' => array('name' => 'ECDSA', 172 => 521) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
99 |
, 'ecdsa-sha2-nistp384' => array('name' => 'ECDSA', 136 => 384) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
100 |
, 'ecdsa-sha2-nistp256' => array('name' => 'ECDSA', 104 => 256) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
101 |
, 'ssh-dss' => array( |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
102 |
'name' => 'DSA' |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
103 |
, 432 => 1024 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
104 |
, 433 => 1024 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
105 |
, 434 => 1024 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
106 |
, 435 => 1024 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
107 |
) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
108 |
, 'ssh-rsa' => array( |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
109 |
'name' => 'RSA' |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
110 |
, 119 => 768 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
111 |
, 151 => 1024 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
112 |
, 215 => 1536 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
113 |
, 277 => 2048 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
114 |
, 279 => 2048 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
115 |
, 407 => 3072 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
116 |
, 535 => 4096 |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
117 |
) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
118 |
); |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
119 |
|
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
120 |
function smarty_function_decode_ssh_key($params, $smarty) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
121 |
{ |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
122 |
global $ssh_key_lengths; |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
123 |
|
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
124 |
if ( !isset($params['key']) ) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
125 |
throw new SmartyException("No key provided"); |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
126 |
|
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
127 |
if ( !isset($params['out']) ) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
128 |
throw new SmartyException("No output var provided"); |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
129 |
|
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
130 |
list($type, $key_b64) = preg_split('/\s+/', $params['key']); |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
131 |
|
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
132 |
$key = base64_decode($key_b64); |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
133 |
$bits = isset($ssh_key_lengths[$type][strlen($key)]) ? $ssh_key_lengths[$type][strlen($key)] : 0; |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
134 |
|
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
135 |
$smarty->assign($params['out'], array( |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
136 |
'fingerprint' => implode(':', str_split(md5($key), 2)) |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
137 |
, 'type' => $ssh_key_lengths[$type]['name'] |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
138 |
, 'bits' => $bits |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
139 |
)); |
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
3
diff
changeset
|
140 |
} |