1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* admin interface for general ldap api settings
|
6 |
|
|
*
|
7 |
|
|
*/
|
8 |
|
|
|
9 |
|
|
function ldap_servers_settings() {
|
10 |
|
|
ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
11 |
|
|
|
12 |
|
|
if (! ldap_servers_ldap_extension_loaded()) {
|
13 |
|
|
drupal_set_message(t('PHP LDAP Extension is not loaded.'), "warning");
|
14 |
|
|
}
|
15 |
|
|
|
16 |
|
|
$form['#title'] = "Configure LDAP Preferences";
|
17 |
b42754b9
|
Assos Assos
|
|
18 |
85ad3d82
|
Assos Assos
|
|
19 |
|
|
$options = ldap_servers_encrypt_types('encrypt');
|
20 |
|
|
|
21 |
|
|
/** when this is changed, need to decrypt and possibly encrypt pwd in newly selected format
|
22 |
|
|
* ... thus default needs to be "No Encryption" to avoid confusion.
|
23 |
|
|
*/
|
24 |
|
|
|
25 |
|
|
$form['previous_encryption'] = array('#type' => 'hidden', '#default_value' => variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT));
|
26 |
|
|
$form['encryption'] = array('#type' => 'fieldset', '#title' => t('Encryption'));
|
27 |
|
|
$form['encryption']['ldap_servers_encryption'] = array(
|
28 |
|
|
'#type' => 'select',
|
29 |
|
|
'#options' => $options,
|
30 |
|
|
'#title' => t('Encrypt Stored LDAP Passwords?'),
|
31 |
|
|
'#default_value' => variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT),
|
32 |
|
|
'#description' => t('With encryption, passwords will be stored in encrypted form.
|
33 |
|
|
This is two way encryption because the actual password needs to used to bind to LDAP.
|
34 |
|
|
So it offers minimal defense if someone gets in the filespace. It mainly helps avoid the accidental
|
35 |
|
|
discovery of a clear text password.'),
|
36 |
|
|
);
|
37 |
|
|
|
38 |
|
|
|
39 |
|
|
// $options will be empty if server does not support mcrypt.
|
40 |
|
|
// Disable the form field and explain this to the user.
|
41 |
|
|
if (empty($options)) {
|
42 |
|
|
$form['encryption']['ldap_servers_encryption']['#options'] = array(LDAP_SERVERS_ENC_TYPE_CLEARTEXT => t('Not available.'));
|
43 |
|
|
$form['encryption']['ldap_servers_encryption']['#disabled'] = TRUE;
|
44 |
|
|
$form['encryption']['ldap_servers_encryption']['#description'] .= ' <strong>' . t('Encryption is not supported on this web server.') . '</strong>';
|
45 |
|
|
}
|
46 |
|
|
|
47 |
|
|
$form = system_settings_form($form);
|
48 |
|
|
array_unshift($form['#submit'], 'ldap_servers_settings_submit'); // needs to be first
|
49 |
|
|
return $form;
|
50 |
|
|
}
|
51 |
|
|
|
52 |
|
|
function ldap_servers_settings_submit($form, &$form_state) {
|
53 |
|
|
if ($form_state['submitted']) {
|
54 |
|
|
$new_encyption = $form_state['values']['ldap_servers_encryption'];
|
55 |
|
|
$old_encyption = $form_state['values']['previous_encryption'];
|
56 |
|
|
|
57 |
|
|
// use db instead of functions to avoid classes encryption and decryption
|
58 |
|
|
if ($new_encyption != $old_encyption) {
|
59 |
|
|
$servers = db_query("SELECT sid, bindpw FROM {ldap_servers} WHERE bindpw is not NULL AND bindpw <> ''")->fetchAllAssoc('sid');
|
60 |
|
|
foreach ($servers as $sid => $server) {
|
61 |
5136ce55
|
Assos Assos
|
if ($server->bindpw != '') {
|
62 |
|
|
$decrypted_bind_pwd = ldap_servers_decrypt($server->bindpw, $old_encyption);
|
63 |
|
|
$rencrypted = ldap_servers_encrypt($decrypted_bind_pwd, $new_encyption);
|
64 |
|
|
}
|
65 |
|
|
else {
|
66 |
|
|
$rencrypted = '';
|
67 |
|
|
}
|
68 |
85ad3d82
|
Assos Assos
|
db_query("UPDATE {ldap_servers} SET bindpw = :bindpw WHERE sid = :sid", array(':bindpw' => $rencrypted, ':sid' => $sid));
|
69 |
|
|
}
|
70 |
|
|
}
|
71 |
|
|
}
|
72 |
|
|
} |