OpenACS

hectorr
committed
MAIN:hectorr:20180423151931
on 23 Apr 18
Prefer string comparison operators to 'string equal' and 'empty_string_p'
openacs-4/.../acs-ldap-authentication/tcl/ldap-procs.tcl (+57 -57)
21 21     } ]
22 22 }
23 23
24 24 ad_proc set_default_parameter_value {
25 25     parameter_name package_key default_value
26 26 } {
27 27     db_dml set_parameter_value {
28 28         update apm_parameters
29 29            set default_value = :default_value
30 30          where package_key = :package_key
31 31            and parameter_name = :parameter_name
32 32     }
33 33 }
34 34
35 35 ad_proc -public ldap_user_exists { email } {
36 36     Checks to see if a user with the given email address exists in either the local
37 37     database or on the LDAP server.  Returns 1 if the user exists, 0 otherwise.
38 38 } {
39 39     # check to see if the user is in the local cc_users table
40 40     set user_id [cc_email_user $email]
41       if ![empty_string_p $user_id] {
  41     if { $user_id ne "" } {
42 42         # user is in local database
43 43         return 1
44 44     }
45 45     # check the LDAP server
46 46     set dn [ldap_get_dn_from_email $email]
47       if ![empty_string_p $dn] {
  47     if { $dn ne "" } {
48 48         # user is on LDAP server
49 49         return 1
50 50     }
51 51     return 0
52 52 }
53 53
54 54 ad_proc -public ldap_get_dn_from_email { email } {
55 55     Queries the LDAP server for an entry with given email address.  If it finds
56 56     exactly one entry that matches, then it returns the DN of that entry.  Otherwise
57 57     it returns the empty string.
58 58 } {
59 59     ns_log debug "ldap_get_dn_from_email: $email"
60 60
61 61     # Set the LDAP environment variables
62 62     util_unlist [ldap_set_environment] url rootdn rootpw basedn security_method
63 63
64 64     set dn [db_exec_plsql get_dn_from_email {
65 65         begin
66 66         :1 := acs_ldap.get_dn_from_email(
67 67             url => :url,
68 68             rootdn => :rootdn,
69 69             rootpw => :rootpw,
70 70             basedn => :basedn,
71 71             security_method => :security_method,
72 72             email => :email);
73 73         end;
74 74     }]
75 75
76 76     if ![ldap_valid_value_p $dn] {
77 77         # There was a problem with the query
78 78         ns_log Notice "ldap_get_dn_from_email: invalid value $dn"
79 79         return ""
80 80     }
81 81
82 82     # Relative DNs are returned from the LDAP call.  If a basedn is
83 83     # supplied, append it now to set the full DN.
84       if ![empty_string_p $basedn] {
  84     if { $basedn ne "" } {
85 85         set dn "$dn, $basedn"
86 86     }
87 87
88 88     return $dn
89 89 }
90 90
91 91 ad_proc -public ldap_check_password { email password_from_form } {
92 92     Returns the user's user_id if the password is correct for the given email.
93 93     Returns the empty_string otherwise.  If the password is correct, it also updates
94 94     the user's local information from the LDAP server.
95 95 } {
96 96     # Set the LDAP environment variables
97 97     util_unlist [ldap_set_environment] url rootdn rootpw basedn security_method
98 98
99 99     # Get the dn for the password
100 100     set dn [ldap_get_dn_from_email $email]
101 101
102       if [empty_string_p $dn] {
  102     if { $dn eq "" } {
103 103         # No user with the email address given is on the LDAP server
104 104         return ""
105 105     }
106 106
107 107     # Hash the password
108 108     #set password [ns_sha1 "$password_from_form"]
109 109     set password $password_from_form
110 110
111 111     # Verify the hashed password
112 112     if ![db_exec_plsql password_validate {
113 113         begin
114 114         :1 := acs_ldap.authenticate (
115 115             url => :url,
116 116             security_method => :security_method,
117 117             dn => :dn,
118 118             password => :password);
119 119         end;
120 120     }] {
121 121         return ""
122 122     }
123 123
124 124     # check to see if the user is in the local cc_users table
125 125     set user_id [cc_email_user $email]
126       if [empty_string_p $user_id] {
  126     if { $user_id eq "" } {
127 127         # insert user into local database
128 128         set user_id [ldap_add_user_from_dn $dn]
129 129
130 130         if !$user_id {
131 131             return ""
132 132         }
133 133     } else {
134 134         # Keep local user info in sync
135 135         ldap_sync_user_from_dn $dn
136 136     }
137 137
138 138     # Keep local password in sync
139 139     ad_change_password $user_id $password_from_form
140 140
141 141     return $user_id
142 142 }
143 143
144 144 ad_proc -public ldap_change_password { dn password_from_form } {
145 145     Change the user's password on the LDAP server.  Return 1 if successful,
146 146     0 otherwise.
 
157 157     if ![db_exec_plsql password_update {
158 158         begin
159 159         :1 := acs_ldap.change_password (
160 160             url => :url,
161 161             rootdn => :rootdn,
162 162             rootpw => :rootpw,
163 163             security_method => :security_method,
164 164             dn => :dn,
165 165             password => :password);
166 166         end;
167 167     } ] {
168 168         return 0
169 169     }
170 170
171 171     set user_id [db_string user_id_select {
172 172         select object_id
173 173           from ldap_attributes
174 174          where dn = :dn
175 175     } -default ""]
176 176
177       if ![empty_string_p $user_id] {
  177     if { $user_id ne "" } {
178 178         # Keep local password in sync
179 179         ad_change_password $user_id $password_from_form
180 180     }
181 181
182 182     return 1
183 183 }
184 184
185 185 ad_proc -public ldap_user_new {
186 186     { -dn "" }
187 187     email first_names last_name password password_question password_answer
188 188     {url ""} {email_verified_p "t"} {member_state "approved"} {user_id ""}
189 189 } {
190 190     Creates a new user locally.  Then associates this user with the
191 191     given dn if one is supplied or with a newly created dn otherwise.
192 192     Returns the user_id upon success or the empty_string upon failure.
193 193 } {
194 194     ns_log debug "LDAP_USER_NEW $dn $email $first_names $last_name"
195 195
196 196     set user_id [ad_user_new $email $first_names $last_name \
197 197             $password $password_question $password_answer $url \
198 198             $email_verified_p $member_state $user_id]
199 199
200 200     if !$user_id {
201 201         # We could not create the user locally so exit.
202 202         return ""
203 203     }
204 204
205       if [empty_string_p $dn] {
  205     if { $dn eq "" } {
206 206         # No dn was supplied so we need to create one
207 207         set dn [ldap_make_dn $user_id]
208 208     }
209 209
210 210     if ![ldap_add_object $user_id $dn] {
211 211         # We could not associate the dn with the user
212 212         return 0
213 213     }
214 214
215 215     return $user_id
216 216 }
217 217
218 218 ad_proc ldap_add_user_to_server { dn first_names last_name email password } {
219 219     Add an entry to the LDAP server for the given dn and populate it with
220 220     the infor from the other arguments.  Return 1 upon success or 0 otherwise.
221 221 } {
222 222     ns_log debug "LDAP_ADD_USER_TO_SERVER $dn $first_names $last_name $email $password"
223 223
224 224     # Set the LDAP environment variables
225 225     util_unlist [ldap_set_environment] url rootdn rootpw basedn security_method