packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/includes/functions.php
author Dan Fuhry <dan@fuhry.us>
Fri, 11 Jan 2013 05:41:41 -0500
changeset 4 2212b2ded8bf
parent 3 a044870a9d3d
child 8 f68fdcc18df9
permissions -rw-r--r--
Added OpenSSH public key support in LDAP

<?php

function redirect($url)
{
	header('HTTP/1.1 302 Found');
	header("Location: $url");
	exit;
}

/**
 * Queue a message that will be displayed in a box on the next page load
 * @param int Message type (E_NOTICE, E_WARNING, E_ERROR)
 * @param string Message string
 */

function queue_message($code, $message)
{
	$_SESSION['messages'][] = array(
			'code' => $code
			, 'message' => $message
		);
}

function smarty_function_get_next_uid()
{
	return get_next_available_uid();
}

function smarty_function_json_encode($params)
{
	return json_encode($params['value']);
}

function load_credentials()
{
	$config = yaml_parse_file("/usr/local/etc/ssoinabox/webcreds.yml");
	$keys = array('LDAP_BASEDN', 'UID_MIN', 'GID_MIN', 'ldap_server', 'ldap_manager', 'ldap_user_basedn', 'ldap_group_basedn', 'kerberos_admin', 'PHONE_EXT_MIN', 'hmac_secret');
	
	foreach ( $keys as $key )
	{
		if ( !isset($config[$key]) )
			die("Config key $key is not set");
		
		if ( preg_match('/^[A-Z_]+$/', $key) )
			define($key, $config[$key]);
		else
			$GLOBALS[$key] = $config[$key];
	}
}

/**
 * Test a password's policy compliance
 * @param string password
 * @return mixed true if compliant, otherwise a string describing why it isn't
 */

function test_password($str)
{
	if ( strlen($str) < 8 )
		return 'must be at least 8 characters in length';
	
	if ( countUniqueChars($str) < 6 )
		return 'must have at least 6 unique characters';
	
	if ( strlen($str) <= 16 )
	{
		if ( !preg_match('/[a-z]/', $str) )
			return 'must contain at least one lowercase letter';
		
		if ( !preg_match('/[A-Z]/', $str) )
			return 'must contain at least one lowercase letter';
		
		if ( !preg_match('/[0-9]/', $str) )
			return 'must contain at least one lowercase letter';
		
		if ( !preg_match('/[^A-Za-z0-9]/', $str) )
			return 'must contain at least one lowercase letter';
	}
	
	return true;
}

function countUniqueChars($str)
{
	$count = 0;
	$uniq = '';
	for ( $i = 0; $i < strlen($str); $i++ )
	{
		if ( strpos($uniq, $str{$i}) === false )
			$uniq .= $str{$i};
	}
	
	return strlen($uniq);
}

$ssh_key_lengths = array(
		// pubkey len => key bits
		'ecdsa-sha2-nistp521' => array('name' => 'ECDSA', 172 => 521)
		, 'ecdsa-sha2-nistp384' => array('name' => 'ECDSA', 136 => 384)
		, 'ecdsa-sha2-nistp256' => array('name' => 'ECDSA', 104 => 256)
		, 'ssh-dss' => array(
				'name' => 'DSA'
				, 432 => 1024
				, 433 => 1024
				, 434 => 1024
				, 435 => 1024
			)
		, 'ssh-rsa' => array(
				'name' => 'RSA'
				, 119 => 768
				, 151 => 1024
				, 215 => 1536
				, 277 => 2048
				, 279 => 2048
				, 407 => 3072
				, 535 => 4096
			)
	);

function smarty_function_decode_ssh_key($params, $smarty)
{
	global $ssh_key_lengths;
	
	if ( !isset($params['key']) )
		throw new SmartyException("No key provided");
	
	if ( !isset($params['out']) )
		throw new SmartyException("No output var provided");
	
	list($type, $key_b64) = preg_split('/\s+/', $params['key']);
	
	$key = base64_decode($key_b64);
	$bits = isset($ssh_key_lengths[$type][strlen($key)]) ? $ssh_key_lengths[$type][strlen($key)] : 0;
	
	$smarty->assign($params['out'], array(
			'fingerprint' => implode(':', str_split(md5($key), 2))
			, 'type' => $ssh_key_lengths[$type]['name']
			, 'bits' => $bits
		));
}