1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* admin interface for general ldap api settings
|
6 |
|
|
*
|
7 |
|
|
*/
|
8 |
|
|
|
9 |
|
|
function ldap_servers_settings() {
|
10 |
|
|
ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
11 |
|
|
|
12 |
|
|
if (! ldap_servers_ldap_extension_loaded()) {
|
13 |
|
|
drupal_set_message(t('PHP LDAP Extension is not loaded.'), "warning");
|
14 |
|
|
}
|
15 |
|
|
|
16 |
|
|
$https_approaches = array();
|
17 |
|
|
$https_approaches[] = t('Use secure pages or secure login module to redirect to SSL (https)');
|
18 |
|
|
$https_approaches[] = t('Run entire site with SSL (https)');
|
19 |
|
|
$https_approaches[] = t('Remove logon block and redirect all /user page to https via webserver redirect');
|
20 |
|
|
|
21 |
|
|
$form['#title'] = "Configure LDAP Preferences";
|
22 |
|
|
$form['ssl'] = array('#type' => 'fieldset', '#title' => t('Require HTTPS on Credential Pages'));
|
23 |
|
|
$form['ssl']['ldap_servers_require_ssl_for_credentails'] = array(
|
24 |
|
|
'#type' => 'checkbox',
|
25 |
|
|
'#title' => t('If checked, modules using LDAP will not allow credentials to
|
26 |
|
|
be entered on or submitted to HTTP pages, only HTTPS. This option should be used with an
|
27 |
|
|
approach to get all logon forms to be https, such as:') .
|
28 |
|
|
theme('item_list', array('items' => $https_approaches)),
|
29 |
|
|
'#default_value' => variable_get('ldap_servers_require_ssl_for_credentails', 0),
|
30 |
|
|
);
|
31 |
|
|
|
32 |
|
|
$options = ldap_servers_encrypt_types('encrypt');
|
33 |
|
|
|
34 |
|
|
/** when this is changed, need to decrypt and possibly encrypt pwd in newly selected format
|
35 |
|
|
* ... thus default needs to be "No Encryption" to avoid confusion.
|
36 |
|
|
*/
|
37 |
|
|
|
38 |
|
|
$form['previous_encryption'] = array('#type' => 'hidden', '#default_value' => variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT));
|
39 |
|
|
$form['encryption'] = array('#type' => 'fieldset', '#title' => t('Encryption'));
|
40 |
|
|
$form['encryption']['ldap_servers_encryption'] = array(
|
41 |
|
|
'#type' => 'select',
|
42 |
|
|
'#options' => $options,
|
43 |
|
|
'#title' => t('Encrypt Stored LDAP Passwords?'),
|
44 |
|
|
'#default_value' => variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT),
|
45 |
|
|
'#description' => t('With encryption, passwords will be stored in encrypted form.
|
46 |
|
|
This is two way encryption because the actual password needs to used to bind to LDAP.
|
47 |
|
|
So it offers minimal defense if someone gets in the filespace. It mainly helps avoid the accidental
|
48 |
|
|
discovery of a clear text password.'),
|
49 |
|
|
);
|
50 |
|
|
|
51 |
|
|
|
52 |
|
|
// $options will be empty if server does not support mcrypt.
|
53 |
|
|
// Disable the form field and explain this to the user.
|
54 |
|
|
if (empty($options)) {
|
55 |
|
|
$form['encryption']['ldap_servers_encryption']['#options'] = array(LDAP_SERVERS_ENC_TYPE_CLEARTEXT => t('Not available.'));
|
56 |
|
|
$form['encryption']['ldap_servers_encryption']['#disabled'] = TRUE;
|
57 |
|
|
$form['encryption']['ldap_servers_encryption']['#description'] .= ' <strong>' . t('Encryption is not supported on this web server.') . '</strong>';
|
58 |
|
|
}
|
59 |
|
|
|
60 |
|
|
$form = system_settings_form($form);
|
61 |
|
|
array_unshift($form['#submit'], 'ldap_servers_settings_submit'); // needs to be first
|
62 |
|
|
return $form;
|
63 |
|
|
}
|
64 |
|
|
|
65 |
|
|
function ldap_servers_settings_submit($form, &$form_state) {
|
66 |
|
|
if ($form_state['submitted']) {
|
67 |
|
|
$new_encyption = $form_state['values']['ldap_servers_encryption'];
|
68 |
|
|
$old_encyption = $form_state['values']['previous_encryption'];
|
69 |
|
|
|
70 |
|
|
// use db instead of functions to avoid classes encryption and decryption
|
71 |
|
|
if ($new_encyption != $old_encyption) {
|
72 |
|
|
$servers = db_query("SELECT sid, bindpw FROM {ldap_servers} WHERE bindpw is not NULL AND bindpw <> ''")->fetchAllAssoc('sid');
|
73 |
|
|
foreach ($servers as $sid => $server) {
|
74 |
|
|
$decrypted_bind_pwd = ldap_servers_decrypt($server->bindpw, $old_encyption);
|
75 |
|
|
$rencrypted = ldap_servers_encrypt($decrypted_bind_pwd, $new_encyption);
|
76 |
|
|
db_query("UPDATE {ldap_servers} SET bindpw = :bindpw WHERE sid = :sid", array(':bindpw' => $rencrypted, ':sid' => $sid));
|
77 |
|
|
}
|
78 |
|
|
}
|
79 |
|
|
}
|
80 |
|
|
} |