/web/acc/admin/update_ldap.php |
---|
1,15 → 1,17 |
<?php |
/* written by steweb57 & Rexy */ |
/************************************************ |
* CONF FILES * |
*************************************************/ |
/* written by steweb57 */ |
require_once("lib/alcasar/freeradius/siteconfig.php"); |
require_once("lib/alcasar/freeradius/ldapconfig.php"); |
/************************************************************************ |
* CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION * |
*************************************************************************/ |
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-enabled/alcasar"); |
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/mods-available/ldap"); |
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-available/alcasar"); |
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/modules/ldap"); |
define ("ALCASAR_CONF_FILE", "/usr/local/etc/alcasar.conf"); |
/**************************************************************** |
* ERROR FONCTION * |
* FONCTION ERREUR * |
*****************************************************************/ |
function erreur($er){ |
17,9 → 19,9 |
exit(); |
} |
/******************************************************** |
* FORM VARIABLES * |
*********************************************************/ |
/**************************************************************** |
* VARIABLES DE FORMULAIRE * |
*****************************************************************/ |
//Récupération des variables de formulaire |
if (isset($_POST['auth_enable'])) $auth_enable = $_POST['auth_enable']; else erreur('Erreur de variable auth_enable'); |
53,15 → 55,18 |
exit("Fichier de configuration du module ldap pour freeradius non présent"); |
} |
if (!is_writable(ALCASAR_RADIUS_SITE)){ |
exit("Vous n'avez pas les droits d'écriture sur le fichier /etc/raddb/sites-enabled/alcasar"); |
exit("Vous n'avez pas les droits d'écriture sur le fichier /etc/raddb/sites-available/alcasar"); |
} |
if (!is_writable(ALCASAR_RADIUS_MODULE_LDAP)){ |
exit("Vous n'avez pas les droits d'écriture sur le fichier /etc/raddb/mods-available/ldap"); |
exit("Vous n'avez pas les droits d'écriture sur le fichier /etc/raddb/modules/ldap"); |
} |
/**************************************************************** |
* File sites-enabled/alcasar * |
* Fichier ALCASAR_RADIUS_SITE * |
*****************************************************************/ |
$site = new siteConfig(); |
$site->load(ALCASAR_RADIUS_SITE); |
if ($auth_enable == "1"){ //test $auth_enable |
/* |
ON ACTIVE LE LDAP |
*/ |
71,6 → 76,14 |
fail=1 |
} |
*/ |
if ($site->authorize->ldap === false){ // always test before update |
$site->authorize->addSection('ldap'); |
$site->authorize->ldap->addPair('fail','1'); |
}else{ |
if ($site->authorize->ldap->fail === false){ // always test before update |
$site->authorize->ldap->addPair('fail','1'); |
} |
} |
/* |
Configure authenticate section with |
Auth-Type LDAP { |
77,40 → 90,59 |
ldap |
} |
*/ |
if ($site->authenticate->getSectionInstance('Auth-Type','LDAP')===false){ // always test before update |
$site->authenticate->addSection('Auth-Type', 'LDAP'); |
$site->authenticate->getSectionInstance('Auth-Type','LDAP')->addSection('ldap'); |
} |
} else { |
/* |
ON DESACTIVE LE LDAP |
*/ |
if ($site->authorize->ldap !== false){ // always test before update |
$site->authorize->deleteSection("ldap"); |
} |
if ($site->authenticate->getSectionInstance('Auth-Type','LDAP')!==false){ // always test before update |
$site->authenticate->deleteSection('Auth-Type','LDAP'); |
} |
} |
//Sauvegarde du /etc/raddb/sites-available/alcasar |
$site->save(ALCASAR_RADIUS_SITE); |
/**************************************************************** |
* File mods/available/ldap * |
* Fichier ALCASAR_RADIUS_MODULE_LDAP * |
*****************************************************************/ |
//$ldap->host = $ldap_server; |
//$ldap->identity = $ldap_user; |
//$ldap->password = $ldap_password; |
//$ldap->basedn = $ldap_base_dn; |
//on ne modifie ALCASAR_RADIUS_MODULE_LDAP uniquement si l'authentification ldap est active |
if ($auth_enable == "1"){ //test $auth_enable |
// chargement de la configuration courante |
$ldap = new ldapConfig(); |
$ldap->load(ALCASAR_RADIUS_MODULE_LDAP); |
// mise à jours des données |
//$ldap->server = $ldap_server; |
$ldap->host = $ldap_server; |
$ldap->identity = $ldap_user; |
$ldap->password = $ldap_password; |
$ldap->basedn = $ldap_base_dn; |
//$ldap->filter = $ldap_filter; |
//$ldap->uid = $ldap_filter; |
//$ldap->base_filter = $ldap_base_filter; |
$ldap->uid = $ldap_filter; |
$ldap->base_filter = $ldap_base_filter; |
//sauvegarde du fichier /etc/raddb/modules/ldap |
$ldap->save(ALCASAR_RADIUS_MODULE_LDAP); |
} //test $auth_enable |
/******************************************************** |
* File modification & services restart * |
* Redémarage des service * |
*********************************************************/ |
//test d'accès au serveur |
//si réussite |
// - écriture config ldap complète dans alcasar.conf |
// - appel script-shell (alcasar-ldap.sh) |
// - modif des 2 fichier ci-dessus |
// - actions si dessous |
if ($auth_enable == "1") { |
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=off', 'LDAP=on', file_get_contents(ALCASAR_CONF_FILE))); |
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=$ldap_server/g\" ".ALCASAR_CONF_FILE); |
exec("ln -s /etc/raddb/mods-available/ldap /etc/raddb/mods-enabled/ldap"); |
} |
else { |
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=on', 'LDAP=off', file_get_contents(ALCASAR_CONF_FILE))); |
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=0.0.0.0/g\" ".ALCASAR_CONF_FILE); |
exec("rm -f /etc/raddb/mods-enabled/ldap"); |
} |
#exec("sudo /usr/local/bin/alcasar-iptables.sh"); |
#exec("sudo /usr/bin/systemctl restart radiusd"); |
exec("sudo /usr/local/bin/alcasar-iptables.sh"); |
exec("sudo /usr/bin/systemctl restart radiusd"); |
/**************************************************************** |
* Redirection vers la page de configuration LDAP * |
/web/acc/admin/ldap.php |
---|
1,11 → 1,14 |
<?php |
/* written by steweb57 & Rexy */ |
require_once("lib/alcasar/freeradius/siteconfig.php"); |
require_once("lib/alcasar/freeradius/ldapconfig.php"); |
/* written by steweb57 */ |
/**************************************************************** |
* CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION * |
*****************************************************************/ |
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-enabled/alcasar"); |
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/mods-available/ldap"); |
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-available/alcasar"); |
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/modules/ldap"); |
/**************************************************************** |
* Choice of language * |
135,16 → 138,25 |
//par défaut : # base_filter = "(objectclass=radiusprofile)" |
/******************************************************** |
*Lecture Fichier de conf * |
* Fichier ALCASAR_RADIUS_SITE * |
*********************************************************/ |
//Lecture du fichier /usr/local/etc/alcasar.conf |
//$ldap_server = $ldap->host; // others options only in alcasar 3.x ($ldap->server) |
//$ldap_identity = $ldap->identity; |
//$ldap_password = $ldap->password; |
//$ldap_basedn = $ldap->basedn; |
//$ldap_filter = $ldap->uid; // others options only in alcasar 3.x ($ldap->filter) |
//$ldap_base_filter = $ldap->base_filter; |
$site = new siteConfig(); |
$site->load(ALCASAR_RADIUS_SITE); |
$ldap_on = $site->authorize->ldap; |
/******************************************************** |
* Fichier ALCASAR_RADIUS_MODULE_LDAP * |
*********************************************************/ |
//Lecture du fichier /etc/raddb/modules/ldap |
$ldap = new ldapConfig(); |
$ldap->load(ALCASAR_RADIUS_MODULE_LDAP); |
$ldap_server = $ldap->host; // others options only in alcasar 3.x ($ldap->server) |
$ldap_identity = $ldap->identity; |
$ldap_password = $ldap->password; |
$ldap_basedn = $ldap->basedn; |
$ldap_filter = $ldap->uid; // others options only in alcasar 3.x ($ldap->filter) |
$ldap_base_filter = $ldap->base_filter; |
function ldap_test($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_filter, $f_ldap_port = "389"){ |
// Test du serveur |
if (!$sock = @fsockopen($f_ldap_server, $f_ldap_port, $num, $error, 2)) { |
/web/acc/admin/lib/alcasar/freeradius/ldapconfig.php |
---|
0,0 → 1,354 |
<?php |
/* |
This class handled of ldap configuration. |
WARNING! This class can't says if the configuration is valid or not. |
*/ |
class ldapConfig |
{ |
protected $_items = Array(); |
protected $_tls = array(); |
protected $instanceName; |
public function __construct($instanceName=null) { |
if ($instanceName!== null) |
$this->instanceName = $instanceName; |
// LDAP setting |
$this->_items['protocol'] = 'ldap'; |
$this->_items['host'] = 'test'; |
$this->_items['server'] = $this->_items['protocol'].'://'.$this->_items['host']; |
$this->_items['port'] = '389';//not use yet (689 = ldaps) |
$this->_items['identity'] = ''; |
$this->_items['password'] = ''; |
$this->_items['basedn'] = 'dc=example,dc=com'; |
$this->_items['uid'] = 'uid'; |
$this->_items['filter'] = "({$this->_items['uid']}=%{User-Name})"; |
$this->_items['base_filter'] = ''; |
$this->_items['ldap_connections_number'] = '5'; |
$this->_items['timeout'] = '4'; |
$this->_items['timelimit'] = '3'; |
$this->_items['net_timeout'] = '1'; |
// TLS setting related items |
$this->_tls['start_tls'] = 'no'; // if no all tls config are comments |
$this->_tls['cacertfile'] = '#'; |
$this->_tls['cacertdir'] = '#'; |
$this->_tls['certfile'] = '#'; |
$this->_tls['keyfile'] = '#'; |
$this->_tls['randfile'] = '#'; |
$this->_tls['require_cert'] = '#'; |
// others ldap setting (optional) |
$this->_items['default_profile'] = '#'; |
$this->_items['profile_attribute'] = '#'; |
$this->_items['access_attr'] = '#'; |
// Mapping of RADIUS dictionary attributes to LDAP |
// directory attributes. |
$this->_items['dictionary_mapping'] = '${confdir}/ldap.attrmap'; |
// for ldap like NOVEL |
$this->_items['password_attribute'] = '#'; |
$this->_items['edir_account_policy_check'] = 'no'; |
// Group membership checking. Disabled by default. |
$this->_items['groupname_attribute'] = '#'; |
$this->_items['groupmembership_filter'] = '#'; |
$this->_items['groupmembership_attribute'] = '#'; |
$this->_items['compare_check_items'] = '#'; |
$this->_items['do_xlat'] = '#'; |
$this->_items['access_attr_used_for_allow'] = '#'; |
// auth option |
$this->_items['set_auth_type'] = '#'; |
// debug option |
$this->_items['ldap_debug'] = '#'; |
} |
public function __get($attr){ // to get an $item |
if ($attr==='tls'){ |
return $this->_tls; |
} elseif (array_key_exists($attr, $this->_items)){ |
return $this->_items[$attr]; |
} elseif (array_key_exists($attr, $this->_tls)){ |
return $this->_tls[$attr]; |
} |
// nothing else! |
} |
public function __set($attr, $value){// to set an $item |
if (array_key_exists($attr, $this->_items)){ |
switch ($attr){ |
case "protocol": |
$this->_items['protocol'] = $value; |
$this->_items['server'] = $this->_items['protocol'].'://'.$this->_items['host']; |
break; |
case "host": |
$this->_items['host'] = $value; |
$this->_items['server'] = $this->_items['protocol'].'://'.$this->_items['host']; |
break; |
case "server": |
// extract protocole & host |
$tmp = explode("://",$value,2); |
if (count($tmp) == 2){ |
$this->_items['protocol'] = $tmp[0]; |
$this->_items['host'] = $tmp[1]; |
} else { |
$this->_items['protocol'] = 'ldap'; |
$this->_items['host'] = $tmp[0]; |
} |
$this->_items['server'] = $this->_items['protocol'].'://'.$this->_items['host']; |
break; |
case "uid": |
$this->_items['uid'] = $value; |
$this->_items['filter'] = "(".$this->_items['uid']."=%{User-Name})"; |
break; |
case "filter": |
// extract uid |
if (preg_match('`^[\(]([\sa-zA-Z0-9_-]*)=\%\{User-Name\}\)`',$value)){ |
$this->_items['uid'] = preg_replace('`^[\(]([\sa-zA-Z0-9_-]*)=\%\{User-Name\}\)`','$1',$value); |
} else { |
$this->_items['uid'] = 'uid'; |
} |
$this->_items['filter'] = "({$this->_items['uid']}=%{User-Name})"; |
break; |
default: |
$this->_items[$attr] = $value; |
} |
} elseif (array_key_exists($attr, $this->_tls)){ |
$this->_tls[$attr] = $value; |
} |
} |
public function load($confFile){ |
// use here the parsing class |
require_once("configreader.php"); |
$r = new configReader($confFile); |
/* |
loading only if the file containt only one ldap instance. |
If more instance are found, we use the default values instead. |
*/ |
if (is_object($r->ldap)){ |
$this->instanceName = $r->ldap->getInstanceName(); |
$items = $r->ldap->getpair(); |
foreach ($items as $pair){ |
$pairName = $pair->getName(); |
$pairValue = $pair->getPair($pairName); |
if (array_key_exists($pairName , $this->_items)) |
$this->$pairName = $pairValue; // we use __set() function to have all exceptions! |
} |
if (is_object($r->ldap->tls)){ |
$tls = $r->ldap->tls->getpair(); |
foreach ($tls as $pair){ |
$tlsPairName = $pair->getName(); |
$tlsPairValue = $pair->getPair($tlsPairName); |
if (array_key_exists($tlsPairName , $this->_tls)) |
$this->$tlsPairName = $pairValue; // we use __set() function to have all exceptions! |
} |
} |
} |
} |
public function __toString() { |
return $this->save(null, true); |
} |
protected function _noComment($name, $value, $quote = false){ |
if ($value !== '#'){ |
if ($quote === true){ |
return $name." = \"".$value."\""; |
} else { |
return $name." = ".$value; |
} |
} |
} |
public function save($savefile = null, $returnconfig = false){ |
// make config file |
$config = " |
# Lightweight Directory Access Protocol (LDAP) |
# |
# This module definition allows you to use LDAP for |
# authorization and authentication. |
# |
# See raddb/sites-available/default for reference to the |
# ldap module in the authorize and authenticate sections. |
# |
# However, LDAP can be used for authentication ONLY when the |
# Access-Request packet contains a clear-text User-Password |
# attribute. LDAP authentication will NOT work for any other |
# authentication method. |
# |
# This means that LDAP servers don't understand EAP. If you |
# force \"Auth-Type = LDAP\", and then send the server a |
# request containing EAP authentication, then authentication |
# WILL NOT WORK. |
# |
# The solution is to use the default configuration, which does |
# work. |
# |
# Setting \"Auth-Type = LDAP\" is ALMOST ALWAYS WRONG. We |
# really can't emphasize this enough. |
# |
ldap ".$this->instanceName."{ |
# |
# Note that this needs to match the name in the LDAP |
# server certificate, if you're using ldaps. |
server = \"".$this->_items['server']."\" |
identity = \"".$this->_items['identity']."\" |
password = ".$this->_items['password']." |
basedn = \"".$this->_items['basedn']."\" |
filter = \"".$this->_items['filter']."\" |
base_filter = \"".$this->_items['base_filter']."\" |
# How many connections to keep open to the LDAP server. |
# This saves time over opening a new LDAP socket for |
# every authentication request. |
ldap_connections_number = ".$this->_items['ldap_connections_number']." |
# seconds to wait for LDAP query to finish. default: 20 |
timeout = ".$this->_items['timeout']." |
# seconds LDAP server has to process the query (server-side |
# time limit). default: 20 |
# |
# LDAP_OPT_TIMELIMIT is set to this value. |
timelimit = ".$this->_items['timelimit']." |
# |
# seconds to wait for response of the server. (network |
# failures) default: 10 |
# |
# LDAP_OPT_NETWORK_TIMEOUT is set to this value. |
net_timeout = ".$this->_items['net_timeout']." |
# |
# This subsection configures the tls related items |
# that control how FreeRADIUS connects to an LDAP |
# server. It contains all of the \"tls_*\" configuration |
# entries used in older versions of FreeRADIUS. Those |
# configuration entries can still be used, but we recommend |
# using these. |
# |
tls { |
# Set this to 'yes' to use TLS encrypted connections |
# to the LDAP database by using the StartTLS extended |
# operation. |
# |
# The StartTLS operation is supposed to be |
# used with normal ldap connections instead of |
# using ldaps (port 689) connections |
start_tls = ".$this->_tls['start_tls']." |
# cacertfile = /path/to/cacert.pem |
# cacertdir = /path/to/ca/dir/ |
# certfile = /path/to/radius.crt |
# keyfile = /path/to/radius.key |
# randfile = /path/to/rnd |
".$this->_noComment("cacertfile", $this->_tls['cacertfile'])." |
".$this->_noComment("cacertdir", $this->_tls['cacertdir'])." |
".$this->_noComment("certfile", $this->_tls['certfile'])." |
".$this->_noComment("keyfile", $this->_tls['keyfile'])." |
".$this->_noComment("randfile", $this->_tls['randfile'])." |
# Certificate Verification requirements. Can be: |
# \"never\" (don't even bother trying) |
# \"allow\" (try, but don't fail if the cerificate |
# can't be verified) |
# \"demand\" (fail if the certificate doesn't verify.) |
# |
# The default is \"allow\" |
# require_cert = \"demand\" |
".$this->_noComment("require_cert", $this->_tls['require_cert'], true)." |
} |
# default_profile = \"cn=radprofile,ou=dialup,o=My Org,c=UA\" |
# profile_attribute = \"radiusProfileDn\" |
# access_attr = \"dialupAccess\" |
".$this->_noComment("default_profile", $this->_items['default_profile'], true)." |
".$this->_noComment("profile_attribute", $this->_items['profile_attribute'], true)." |
".$this->_noComment("access_attr", $this->_items['access_attr'], true)." |
# Mapping of RADIUS dictionary attributes to LDAP |
# directory attributes. |
dictionary_mapping = ".$this->_items['dictionary_mapping']." |
# Set password_attribute = nspmPassword to get the |
# user's password from a Novell eDirectory |
# backend. This will work ONLY IF FreeRADIUS has been |
# built with the --with-edir configure option. |
# |
# See also the following links: |
# |
# http://www.novell.com/coolsolutions/appnote/16745.html |
# https://secure-support.novell.com/KanisaPlatform/Publishing/558/3009668_f.SAL_Public.html |
# |
# Novell may require TLS encrypted sessions before returning |
# the user's password. |
# |
# password_attribute = userPassword |
".$this->_noComment("access_attr", $this->_items['access_attr'])." |
# Un-comment the following to disable Novell |
# eDirectory account policy check and intruder |
# detection. This will work *only if* FreeRADIUS is |
# configured to build with --with-edir option. |
# |
edir_account_policy_check = no |
".$this->_noComment("access_attr", $this->_items['access_attr'])." |
# |
# Group membership checking. Disabled by default. |
# |
# groupname_attribute = cn |
# groupmembership_filter = \"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))\" |
# groupmembership_attribute = radiusGroupName |
".$this->_noComment("groupname_attribute", $this->_items['groupname_attribute'])." |
".$this->_noComment("groupmembership_filter", $this->_items['groupmembership_filter'], true)." |
".$this->_noComment("groupmembership_attribute", $this->_items['groupmembership_attribute'])." |
# compare_check_items = yes |
# do_xlat = yes |
# access_attr_used_for_allow = yes |
".$this->_noComment("compare_check_items", $this->_items['compare_check_items'])." |
".$this->_noComment("do_xlat", $this->_items['do_xlat'])." |
".$this->_noComment("access_attr_used_for_allow", $this->_items['access_attr_used_for_allow'])." |
# |
# By default, if the packet contains a User-Password, |
# and no other module is configured to handle the |
# authentication, the LDAP module sets itself to do |
# LDAP bind for authentication. |
# |
# THIS WILL ONLY WORK FOR PAP AUTHENTICATION. |
# |
# THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP). |
# |
# You can disable this behavior by setting the following |
# configuration entry to \"no\". |
# |
# allowed values: {no, yes} |
# set_auth_type = yes |
# set_auth_type = no |
".$this->_noComment("set_auth_type", $this->_items['set_auth_type'])." |
# ldap_debug: debug flag for LDAP SDK |
# (see OpenLDAP documentation). Set this to enable |
# huge amounts of LDAP debugging on the screen. |
# You should only use this if you are an LDAP expert. |
# |
# default: 0x0000 (no debugging messages) |
# Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS) |
#ldap_debug = 0x0028 |
".$this->_noComment("ldap_debug", $this->_items['ldap_debug'])." |
} |
"; |
if ($savefile !== null){ |
// save config file |
if (is_file($savefile)){ |
// save the file |
if (!is_writable($savefile)) |
return false; |
$updatedFile = fopen( $savefile, 'w' ); |
fwrite( $updatedFile, $config ); |
fclose( $updatedFile ); |
} else { |
// create a new file |
$newFile = fopen($savefile, 'w') or die("can't create file"); |
fwrite( $newFile, $config ); |
fclose( $newFile ); |
} |
} |
// test $returnconfig |
if (($returnconfig===true)||($returnconfig==="yes")){ |
return $config; |
}else{ |
return true; |
} |
} |
} |
?> |
/web/acc/admin/lib/alcasar/freeradius/siteconfig.php |
---|
0,0 → 1,627 |
<?php |
/* |
This class handled of ldap configuration. |
WARNING! This class can't says if the configuration is valid or not. |
*/ |
require_once('configreader.php'); |
class siteConfig |
{ |
/* |
$_sections : radius sections container |
*/ |
protected $_sections = Array(); |
public function __construct() { |
$this->_sections['authorize'] = new sectionItem('authorize'); |
$this->_sections['authenticate'] = new sectionItem('authorize'); |
$this->_sections['preacct'] = new sectionItem('preacct'); |
$this->_sections['accounting'] = new sectionItem('accounting'); |
$this->_sections['session'] = new sectionItem('session'); |
$this->_sections['post-auth'] = new sectionItem('post-auth'); |
$this->_sections['pre-proxy'] = new sectionItem('pre-proxy'); |
$this->_sections['post-proxy'] = new sectionItem('post-proxy'); |
} |
private function _doSpace($nbspace = 0){ |
$resp=""; |
for ($i = 1; $i <= $nbspace; $i++){ |
$resp.=" "; |
} |
return $resp; |
} |
private function _writeModule($module, $default=null, $space=0){ |
if (is_object($module)){ |
if ($module->getType()==='section'){ |
$resp = $this->_doSpace($space).$module." ".$module->getInstanceName(); |
if (count($module->getAll())>0){ |
$resp .= " { \n"; |
foreach ($module->getAll() as $childItem) { |
$resp .= $this->_writeModule($childItem, null, $space+1); |
} |
$resp .= $this->_doSpace($space)." } \n"; |
} elseif ($module->getInstanceName()!==""){ |
$resp .= " { \n"; |
$resp .= "\n"; |
$resp .= $this->_doSpace($space)." } \n"; |
} else { |
$resp .= "\n"; |
} |
return $resp; |
}elseif ($module->getType()==='pair'){ |
$resp = $this->_doSpace($space).$module->getName()."="; |
$resp .=$module->getPair($module->getName()); |
$resp .="\n"; |
return $resp; |
} else { |
} |
} elseif (is_array($module)&&count($module)>0) { |
/* |
for section width multiple instance |
!!! empty section are array too!! we must count the array! |
*/ |
$resp = ""; |
foreach ($module as $instance) { |
$resp .= $this->_doSpace($space). $this->_writeModule($instance, $default, $space); |
} |
return $resp; |
} else { |
return $default; |
} |
} |
public function __get($attr){ |
if (array_key_exists($attr, $this->_sections)){ |
return $this->_sections[$attr]; |
} |
return false; |
} |
public function __set($attr, $value){ |
/* |
Ne prend pas en compte les section contenant un "-". Pour ce cas utiliser la méthode setSection('sectionName', 'myvalue'). |
*/ |
$this->setSection($sectionName, $value); |
exit('ee'); |
} |
public function setSection($sectionName, $value){ |
if (array_key_exists($sectionName, $this->_sections)){ |
$this->_sections[$sectionName] = $value; |
} |
} |
public function load($confFile){ |
// use here the parsing class |
require_once("configreader.php"); |
$r = new configReader($confFile); |
$this->_sections['authorize'] = $r->getSection('authorize'); |
$this->_sections['authenticate'] = $r->getSection('authenticate'); |
$this->_sections['preacct'] = $r->getSection('preacct'); |
$this->_sections['accounting'] = $r->getSection('accounting'); |
$this->_sections['session'] = $r->getSection('session'); |
$this->_sections['post-auth'] = $r->getSection('post-auth'); |
$this->_sections['pre-proxy'] = $r->getSection('pre-proxy'); |
$this->_sections['post-proxy'] = $r->getSection('post-proxy'); |
} |
public function __toString() { |
return "siteConfig"; |
} |
public function save($savefile = null, $returnconfig = false){ |
/* |
outpout with template (faster and we can write a lot of comments) |
*/ |
$config = " |
###################################################################### |
# |
# As of 2.0.0, FreeRADIUS supports virtual hosts using the |
# \"server\" section, and configuration directives. |
# |
# Virtual hosts should be put into the \"sites-available\" |
# directory. Soft links should be created in the \"sites-enabled\" |
# directory to these files. This is done in a normal installation. |
# |
# |
###################################################################### |
# |
# Read \"man radiusd\" before editing this file. See the section |
# titled DEBUGGING. It outlines a method where you can quickly |
# obtain the configuration you want, without running into |
# trouble. See also \"man unlang\", which documents the format |
# of this file. |
# |
# This configuration is designed to work in the widest possible |
# set of circumstances, with the widest possible number of |
# authentication methods. This means that in general, you should |
# need to make very few changes to this file. |
# |
# The best way to configure the server for your local system |
# is to CAREFULLY edit this file. Most attempts to make large |
# edits to this file will BREAK THE SERVER. Any edits should |
# be small, and tested by running the server with \"radiusd -X\". |
# Once the edits have been verified to work, save a copy of these |
# configuration files somewhere. (e.g. as a \"tar\" file). Then, |
# make more edits, and test, as above. |
# |
# There are many \"commented out\" references to modules such |
# as ldap, sql, etc. These references serve as place-holders. |
# If you need the functionality of that module, then configure |
# it in radiusd.conf, and un-comment the references to it in |
# this file. In most cases, those small changes will result |
# in the server being able to connect to the DB, and to |
# authenticate users. |
# |
###################################################################### |
# |
# In 1.x, the \"authorize\", etc. sections were global in |
# radiusd.conf. As of 2.0, they SHOULD be in a server section. |
# |
# The server section with no virtual server name is the \"default\" |
# section. It is used when no server name is specified. |
# |
# We don't indent the rest of this file, because doing so |
# would make it harder to read. |
# |
# Authorization. First preprocess (hints and huntgroups files), |
# then realms, and finally look in the \"users\" file. |
# |
# The order of the realm modules will determine the order that |
# we try to find a matching realm. |
# |
# Make *sure* that 'preprocess' comes before any realm if you |
# need to setup hints for the remote radius server |
authorize { |
# |
# The preprocess module takes care of sanitizing some bizarre |
# attributes in the request, and turning them into attributes |
# which are more standard. |
# |
# It takes care of processing the 'raddb/hints' and the |
# 'raddb/huntgroups' files. |
# |
# It also adds the %{Client-IP-Address} attribute to the request. |
".$this->_writeModule($this->_sections['authorize']->preprocess, '# preprocess')." |
# |
# If you want to have a log of authentication requests, |
# un-comment the following line, and the 'detail auth_log' |
# section, above. |
".$this->_writeModule($this->_sections['authorize']->getSection('auth-log'), '# auth_log')." |
# |
# The chap module will set 'Auth-Type := CHAP' if we are |
# handling a CHAP request and Auth-Type has not already been set |
".$this->_writeModule($this->_sections['authorize']->chap, '# chap')." |
# |
# If the users are logging in with an MS-CHAP-Challenge |
# attribute for authentication, the mschap module will find |
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' |
# to the request, which will cause the server to then use |
# the mschap module for authentication. |
".$this->_writeModule($this->_sections['authorize']->mschap, '# mschap')." |
# |
# If you have a Cisco SIP server authenticating against |
# FreeRADIUS, uncomment the following line, and the 'digest' |
# line in the 'authenticate' section. |
".$this->_writeModule($this->_sections['authorize']->digest, '# digest')." |
# |
# Look for IPASS style 'realm/', and if not found, look for |
# '@realm', and decide whether or not to proxy, based on |
# that. |
".$this->_writeModule($this->_sections['authorize']->IPASS, '# IPASS')." |
# |
# If you are using multiple kinds of realms, you probably |
# want to set \"ignore_null = yes\" for all of them. |
# Otherwise, when the first style of realm doesn't match, |
# the other styles won't be checked. |
# |
".$this->_writeModule($this->_sections['authorize']->suffix, '# suffix')." |
".$this->_writeModule($this->_sections['authorize']->ntdomain, '# ntdomain')." |
# |
# This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP |
# authentication. |
# |
# It also sets the EAP-Type attribute in the request |
# attribute list to the EAP type from the packet. |
# |
# As of 2.0, the EAP module returns \"ok\" in the authorize stage |
# for TTLS and PEAP. In 1.x, it never returned \"ok\" here, so |
# this change is compatible with older configurations. |
# |
# The example below uses module failover to avoid querying all |
# of the following modules if the EAP module returns \"ok\". |
# Therefore, your LDAP and/or SQL servers will not be queried |
# for the many packets that go back and forth to set up TTLS |
# or PEAP. The load on those servers will therefore be reduced. |
# |
".$this->_writeModule($this->_sections['authorize']->eap, '# eap { |
# ok = return |
# }')." |
# |
# Pull crypt'd passwords from /etc/passwd or /etc/shadow, |
# using the system API's to get the password. If you want |
# to read /etc/passwd or /etc/shadow directly, see the |
# passwd module in radiusd.conf. |
# |
".$this->_writeModule($this->_sections['authorize']->unix, '# unix')." |
# |
# Read the 'users' file |
".$this->_writeModule($this->_sections['authorize']->files, '# files')." |
# |
# Look in an SQL database. The schema of the database |
# is meant to mirror the \"users\" file. |
# |
# See \"Authorization Queries\" in sql.conf |
".$this->_writeModule($this->_sections['authorize']->sql, 'sql')." |
".$this->_writeModule($this->_sections['authorize']->noresetcounter, 'noresetcounter')." |
".$this->_writeModule($this->_sections['authorize']->dailycounter, 'dailycounter')." |
".$this->_writeModule($this->_sections['authorize']->monthlycounter, 'monthlycounter')." |
# |
# If you are using /etc/smbpasswd, and are also doing |
# mschap authentication, the un-comment this line, and |
# configure the 'etc_smbpasswd' module, above. |
".$this->_writeModule($this->_sections['authorize']->etc_smbpasswd, '# etc_smbpasswd')." |
# |
# The ldap module will set Auth-Type to LDAP if it has not |
# already been set |
".$this->_writeModule($this->_sections['authorize']->ldap, '# ldap { |
# fail = 1 |
# }')." |
# |
# Enforce daily limits on time spent logged in. |
".$this->_writeModule($this->_sections['authorize']->daily, '# daily')." |
# |
# Use the checkval modulel |
".$this->_writeModule($this->_sections['authorize']->checkval, '# checkval')." |
".$this->_writeModule($this->_sections['authorize']->expiration, 'expiration')." |
".$this->_writeModule($this->_sections['authorize']->logintime, 'logintime')." |
# |
# If no other module has claimed responsibility for |
# authentication, then try to use PAP. This allows the |
# other modules listed above to add a \"known good\" password |
# to the request, and to do nothing else. The PAP module |
# will then see that password, and use it to do PAP |
# authentication. |
# |
# This module should be listed last, so that the other modules |
# get a chance to set Auth-Type for themselves. |
# |
".$this->_writeModule($this->_sections['authorize']->pap, '# pap')." |
# |
# If \"status_server = yes\", then Status-Server messages are passed |
# through the following section, and ONLY the following section. |
# This permits you to do DB queries, for example. If the modules |
# listed here return \"fail\", then NO response is sent. |
# |
".$this->_writeModule($this->_sections['authorize']->getSection('Autz-Type'), '# Autz-Type Status-Server { |
# |
# }')." |
} |
# Authentication. |
# |
# |
# This section lists which modules are available for authentication. |
# Note that it does NOT mean 'try each module in order'. It means |
# that a module from the 'authorize' section adds a configuration |
# attribute 'Auth-Type := FOO'. That authentication type is then |
# used to pick the apropriate module from the list below. |
# |
# In general, you SHOULD NOT set the Auth-Type attribute. The server |
# will figure it out on its own, and will do the right thing. The |
# most common side effect of erroneously setting the Auth-Type |
# attribute is that one authentication method will work, but the |
# others will not. |
# |
# The common reasons to set the Auth-Type attribute by hand |
# is to either forcibly reject the user (Auth-Type := Reject), |
# or to or forcibly accept the user (Auth-Type := Accept). |
# |
# Note that Auth-Type := Accept will NOT work with EAP. |
# |
# Please do not put \"unlang\" configurations into the \"authenticate\" |
# section. Put them in the \"post-auth\" section instead. That's what |
# the post-auth section is for. |
# |
authenticate { |
# # |
# # PAP authentication, when a back-end database listed |
# # in the 'authorize' section supplies a password. The |
# # password can be clear-text, or encrypted. |
".$this->_writeModule($this->_sections['authenticate']->getSectionInstance('Auth-Type','PAP'), '# Auth-Type PAP { |
# pap |
# }')." |
# |
# # |
# # Most people want CHAP authentication |
# # A back-end database listed in the 'authorize' section |
# # MUST supply a CLEAR TEXT password. Encrypted passwords |
# # won't work. |
".$this->_writeModule($this->_sections['authenticate']->getSectionInstance('Auth-Type','CHAP'), '# Auth-Type CHAP { |
# chap |
# }')." |
# |
# # |
# # MSCHAP authentication. |
".$this->_writeModule($this->_sections['authenticate']->getSectionInstance('Auth-Type','MS-CHAP'), '# Auth-Type MS-CHAP { |
# mschap |
# }')." |
# |
# # |
# # If you have a Cisco SIP server authenticating against |
# # FreeRADIUS, uncomment the following line, and the 'digest' |
# # line in the 'authorize' section. |
".$this->_writeModule($this->_sections['authenticate']->digest, '# digest')." |
# |
# # |
# # Pluggable Authentication Modules. |
".$this->_writeModule($this->_sections['authenticate']->pam, '# pam')." |
# |
# # |
# # See 'man getpwent' for information on how the 'unix' |
# # module checks the users password. Note that packets |
# # containing CHAP-Password attributes CANNOT be authenticated |
# # against /etc/passwd! See the FAQ for details. |
# # |
".$this->_writeModule($this->_sections['authenticate']->unix, '# unix')." |
# |
# # Uncomment it if you want to use ldap for authentication |
# # |
# # Note that this means \"check plain-text password against |
# # the ldap database\", which means that EAP won't work, |
# # as it does not supply a plain-text password. |
".$this->_writeModule($this->_sections['authenticate']->getSectionInstance('Auth-Type','LDAP'), '# Auth-Type LDAP { |
# ldap |
# }')." |
# |
# # |
# # Allow EAP authentication. |
".$this->_writeModule($this->_sections['authenticate']->eap, '# eap')." |
} |
# |
# Pre-accounting. Decide which accounting type to use. |
# |
preacct { |
".$this->_writeModule($this->_sections['preacct']->preprocess, '# preprocess')." |
# |
# Ensure that we have a semi-unique identifier for every |
# request, and many NAS boxes are broken. |
".$this->_writeModule($this->_sections['preacct']->acct_unique, '# acct_unique')." |
# |
# Look for IPASS-style 'realm/', and if not found, look for |
# '@realm', and decide whether or not to proxy, based on |
# that. |
# |
# Accounting requests are generally proxied to the same |
# home server as authentication requests. |
".$this->_writeModule($this->_sections['preacct']->IPASS, '# IPASS')." |
".$this->_writeModule($this->_sections['preacct']->suffix, '# suffix')." |
".$this->_writeModule($this->_sections['preacct']->ntdomain, '# ntdomain')." |
# |
# Read the 'acct_users' file |
".$this->_writeModule($this->_sections['preacct']->files, '# files')." |
} |
# |
# Accounting. Log the accounting data. |
# |
accounting { |
# |
# Create a 'detail'ed log of the packets. |
# Note that accounting requests which are proxied |
# are also logged in the detail file. |
".$this->_writeModule($this->_sections['accounting']->detail, '# detail')." |
".$this->_writeModule($this->_sections['accounting']->daily, '# daily')." |
# Update the wtmp file |
# |
# If you don't use \"radlast\", you can delete this line. |
".$this->_writeModule($this->_sections['accounting']->unix, '# unix')." |
# |
# For Simultaneous-Use tracking. |
# |
# Due to packet losses in the network, the data here |
# may be incorrect. There is little we can do about it. |
".$this->_writeModule($this->_sections['accounting']->radutmp, '# radutmp')." |
".$this->_writeModule($this->_sections['accounting']->sradutmp, '# sradutmp')." |
# Return an address to the IP Pool when we see a stop record. |
".$this->_writeModule($this->_sections['accounting']->main_pool, '# main_pool')." |
# |
# Log traffic to an SQL database. |
# |
# See \"Accounting queries\" in sql.conf |
".$this->_writeModule($this->_sections['accounting']->sql, 'sql')." |
# |
# Instead of sending the query to the SQL server, |
# write it into a log file. |
# |
".$this->_writeModule($this->_sections['accounting']->sql_log, '# sql_log')." |
# Cisco VoIP specific bulk accounting |
".$this->_writeModule($this->_sections['accounting']->getSection('pgsql-voip'), '# pgsql-voip')." |
# Filter attributes from the accounting response. |
".$this->_writeModule($this->_sections['accounting']->getSection('attr_filter.accounting_response'), 'attr_filter.accounting_response')." |
# |
# See \"Autz-Type Status-Server\" for how this works. |
# |
".$this->_writeModule($this->_sections['accounting']->getSectionInstance('Acct-Type','Status-Server'), '# Acct-Type Status-Server { |
# |
# }')." |
} |
# Session database, used for checking Simultaneous-Use. Either the radutmp |
# or rlm_sql module can handle this. |
# The rlm_sql module is *much* faster |
session { |
".$this->_writeModule($this->_sections['session']->radutmp, '# radutmp')." |
# |
# See \"Simultaneous Use Checking Queries\" in sql.conf |
".$this->_writeModule($this->_sections['session']->sql, '# sql')." |
} |
# Post-Authentication |
# Once we KNOW that the user has been authenticated, there are |
# additional steps we can take. |
post-auth { |
# Get an address from the IP Pool. |
".$this->_writeModule($this->_sections['post-auth']->main_pool, '# main_pool')." |
# |
# If you want to have a log of authentication replies, |
# un-comment the following line, and the 'detail reply_log' |
# section, above. |
".$this->_writeModule($this->_sections['post-auth']->reply_log, '# reply_log')." |
# |
# After authenticating the user, do another SQL query. |
# |
# See \"Authentication Logging Queries\" in sql.conf |
".$this->_writeModule($this->_sections['post-auth']->sql, '# sql')." |
# |
# Instead of sending the query to the SQL server, |
# write it into a log file. |
# |
".$this->_writeModule($this->_sections['post-auth']->sql_log, '# sql_log')." |
# |
# Un-comment the following if you have set |
# 'edir_account_policy_check = yes' in the ldap module sub-section of |
# the 'modules' section. |
# |
".$this->_writeModule($this->_sections['post-auth']->ldap, '# ldap')." |
".$this->_writeModule($this->_sections['post-auth']->exec, '# exec')." |
# |
# Access-Reject packets are sent through the REJECT sub-section of the |
# post-auth section. |
# |
# Add the ldap module name (or instance) if you have set |
# 'edir_account_policy_check = yes' in the ldap module configuration |
# |
Post-Auth-Type REJECT { |
attr_filter.access_reject |
} |
".$this->_writeModule($this->_sections['post-auth']->files, '# files')." |
} |
# |
# When the server decides to proxy a request to a home server, |
# the proxied request is first passed through the pre-proxy |
# stage. This stage can re-write the request, or decide to |
# cancel the proxy. |
# |
# Only a few modules currently have this method. |
# |
pre-proxy { |
".$this->_writeModule($this->_sections['preacct']->attr_rewrite, '# attr_rewrite')." |
# Uncomment the following line if you want to change attributes |
# as defined in the preproxy_users file. |
".$this->_writeModule($this->_sections['preacct']->files, '# files')." |
# Uncomment the following line if you want to filter requests |
# sent to remote servers based on the rules defined in the |
# 'attrs.pre-proxy' file. |
".$this->_writeModule($this->_sections['preacct']->getSection('attr_filter.pre-proxy'), '# attr_filter.pre-proxy')." |
# If you want to have a log of packets proxied to a home |
# server, un-comment the following line, and the |
# 'detail pre_proxy_log' section, above. |
".$this->_writeModule($this->_sections['preacct']->pre_proxy_log, '# pre_proxy_log')." |
} |
# |
# When the server receives a reply to a request it proxied |
# to a home server, the request may be massaged here, in the |
# post-proxy stage. |
# |
post-proxy { |
# If you want to have a log of replies from a home server, |
# un-comment the following line, and the 'detail post_proxy_log' |
# section, above. |
".$this->_writeModule($this->_sections['post-proxy']->post_proxy_log, '# post_proxy_log')." |
".$this->_writeModule($this->_sections['post-proxy']->attr_rewrite, '# attr_rewrite')." |
# Uncomment the following line if you want to filter replies from |
# remote proxies based on the rules defined in the 'attrs' file. |
".$this->_writeModule($this->_sections['post-proxy']->getSection('attr_filter.post-proxy'), '# attr_filter.post-proxy')." |
# |
# If you are proxying LEAP, you MUST configure the EAP |
# module, and you MUST list it here, in the post-proxy |
# stage. |
# |
# You MUST also use the 'nostrip' option in the 'realm' |
# configuration. Otherwise, the User-Name attribute |
# in the proxied request will not match the user name |
# hidden inside of the EAP packet, and the end server will |
# reject the EAP request. |
# |
".$this->_writeModule($this->_sections['post-proxy']->eap, '# eap')." |
# |
# If the server tries to proxy a request and fails, then the |
# request is processed through the modules in this section. |
# |
# The main use of this section is to permit robust proxying |
# of accounting packets. The server can be configured to |
# proxy accounting packets as part of normal processing. |
# Then, if the home server goes down, accounting packets can |
# be logged to a local \"detail\" file, for processing with |
# radrelay. When the home server comes back up, radrelay |
# will read the detail file, and send the packets to the |
# home server. |
# |
# With this configuration, the server always responds to |
# Accounting-Requests from the NAS, but only writes |
# accounting packets to disk if the home server is down. |
# |
".$this->_writeModule($this->_sections['post-proxy']->getSection('Post-Proxy-Type'), '# Post-Proxy-Type Fail { |
# detail |
# }')." |
}"; |
if ($savefile !== null){ |
// save config file |
if (is_file($savefile)){ |
// save the file |
if (!is_writable($savefile)) |
return false; |
$updatedFile = fopen( $savefile, 'w' ); |
fwrite( $updatedFile, $config ); |
fclose( $updatedFile ); |
} else { |
// create a new file |
$newFile = fopen($savefile, 'w') or die("can't create file"); |
fwrite( $newFile, $config ); |
fclose( $newFile ); |
} |
} |
// test $returnconfig |
if ($returnconfig){ |
return $config; |
}else{ |
return true; |
} |
} |
} |
/web/acc/admin/lib/alcasar/freeradius/configreader.php |
---|
0,0 → 1,585 |
<?php |
/* |
TODO : |
- contrôler et tester les expressions régulières |
- prise en compte de tous les types de commentaires "# et *" |
- prise en compte d'une valeurs multi-lignes |
-> pas de setter pour le configreader |
*/ |
/** |
* Page contenant les classes <b>confItem</b>, <b>pairItem</b>, <b>sectionItem</b> et <b>configReader</b>. |
* Ces classes permettent de parser des fichiers de configuration du même format |
* que ceux utilisés par freeradius. |
*/ |
/** |
* Classe abstraite <b>confItem</b>. |
* |
* @name confItem |
* @author steweb57 |
* @version 0.2.0 |
*/ |
Abstract class confItem |
{ |
/** |
* Variable contenant le type d'item (pair ou section) |
* @var string |
*/ |
protected $_type = null; |
/** |
* Variable contenant le nom de l'item |
* @var string |
*/ |
protected $_name = null; |
/** |
* Variable contenant le nom de l'instance de l'item (section uniquement) |
* @var string |
*/ |
protected $_instanceName = null; |
/** |
* Variable contenant le lien vers la section parente (section uniquement???) |
* @var string |
*/ |
protected $_parent = null; |
/** |
* Tableau contenant les parametres (items) |
* @var array |
*/ |
protected $_items = array(); |
/** |
* Return the parent confItem |
* |
* @name getParent()() |
* @return confItem |
*/ |
public function getParent(){ |
return $this->_parent; |
} |
/** |
* return the type of the confItem |
* |
* @name getType() |
* @return string |
*/ |
public function getType(){ |
return $this->_type; |
} |
/** |
* return all items |
* |
* @name getAll() |
* @return array() |
*/ |
public function getAll(){ |
return $this->_items; |
} |
/** |
* return the name of the confItem |
* |
* @name getName() |
* @return string |
*/ |
public function getName(){ |
return $this->_name; |
} |
/** |
* return the instance name of the confItem |
* |
* @name getInstanceName() |
* @return string |
*/ |
public function getInstanceName(){ |
return $this->_instanceName; |
} |
/** |
* |
* Return the specified atribute |
* |
* @name __get() |
* @param string $attr |
* @return mixed (confitem object or string) |
*/ |
public function __get($attr) { |
$resp=array(); |
foreach ($this->_items as $item){ |
if (is_object($item)){ |
if ($item->getName() === $attr){ |
$resp[] = $item; |
} |
} else { |
if (array_key_exists($attr, $this->_items)) |
$resp[] = $this->_items[$attr]; |
} |
} |
if (count($resp)===0){ |
return false; |
}elseif (count($resp)===1){ |
return $resp[0]; |
} else { |
return $resp;// si vide, on répond par un array vide ou par false? |
} |
} |
/** |
* Converte the object to a string |
* |
* @name __toString() |
* @return string |
*/ |
public function __toString() { |
return $this->_name; |
} |
} |
/** |
* Classe <b>pairItem</b>. |
* |
* @name pairItem |
* @author steweb57 |
* @version 0.2.0 |
*/ |
class pairItem extends confItem |
{ |
/** |
* Constructeur |
* |
* <p>création de l'instance de la classe</p> |
* |
* @name pairItem::__construct() |
* @param string $pairName, $value |
* @return void |
*/ |
public function __construct($pairName,$value) { |
$this->_type = 'pair'; |
$this->_items[$pairName] = $value; |
$this->_name = $pairName; |
} |
/** |
* Converte the object to a string |
* |
* @name __toString() |
* @return string |
*/ |
public function __toString() { |
return $this->_items[$this->_name];// on retourne la valeur |
} |
/** |
* Get a pair value |
* |
* @name getPair() |
* @param string $pairName |
* @return mixed (string or array) |
*/ |
public function getPair($pairName = null){ |
if ($pairName!==null){ |
if (array_key_exists($pairName, $this->_items)){ |
return $this->_items[$pairName]; // on renvoie une valeur |
} else { |
return false; |
} |
} else { |
return $this->_items; //on renvoie un tableau |
} |
} |
public function __get($pairName){ |
return $this->getPair($pairName); |
} |
/** |
* Set a pair value |
* |
* @name getPair() |
* @param string $pairName |
* @param string $value |
* @return bool |
*/ |
public function setPair($pairName, $value){ |
if (array_key_exists($pairName, $this->_items)){ |
$this->_items[$pairName] = $value; |
return true; |
} else { |
return false; |
} |
} |
public function __set($pairName, $value){ |
return $this->setPair($pairName, $value); |
} |
} |
/** |
* Classe <b>sectionItem</b>. |
* |
* @name sectionItem |
* @author steweb57 |
* @version 0.3.6 |
*/ |
class sectionItem extends confItem //extends pairItems????? |
{ |
/** |
* Constructeur |
* |
* <p>création de l'instance de la classe</p> |
* |
* @name sectionItem::__construct() |
* @param string $name |
* @param string $instanceName |
* @param sectionItem $parent |
* @return void |
*/ |
public function __construct($name, $instanceName = "", sectionItem &$parent=null) { |
$this->_type = 'section'; |
$this->_parent = $parent; |
$this->_name = $name; |
$this->_instanceName = $instanceName; |
} |
/** |
* add a new child sectionItem |
* |
* @name addSection() |
* @param string $name |
* @param string $instanceName |
* @return sectionItem object |
*/ |
public function addSection($name, $instanceName = "") { |
$this->_items[] = new sectionItem($name, $instanceName, $this); |
return end($this->_items); |
} |
/** |
* add a new child pairItem |
* |
* @name addPair() |
* @param string $pairName |
* @param string $value |
* @return pairItem Object |
*/ |
public function addPair($pairName, $value) { |
$this->_items[] = new pairItem($pairName, $value); |
return end($this->_items); |
} |
/** |
* return the child instance of the confSection by instanceName |
* |
* @name getInstance() |
* @param string $instanceName |
* @return mixed (sectionItem object or array()) |
*/ |
public function getInstance($instanceName=null){ |
if ($instanceName === null) |
return false; |
$resp = array(); |
foreach ($this->_items as $item){ |
if ($item->getType() !== 'section'){ |
continue; |
} |
if ($item->getInstanceName() === $instanceName){ |
$resp[] = $item; |
} |
} |
if (count($resp)===0){ |
return false; |
}elseif (count($resp)===1){ |
return $resp[0]; |
} else { |
return $resp; |
} |
} |
/** |
* return the child instance of the confSection by instanceName and sectionName |
* |
* @name getSectionInstance() |
* @param string $sectionName |
* @param string $instanceName |
* @return mixed (sectionItem object or array()) |
*/ |
public function getSectionInstance($sectionName = null, $instanceName=null){ |
if (($sectionName === null)||($instanceName === null)) |
return false; |
$resp = array(); |
foreach ($this->_items as $item){ |
if ($item->getType() !== 'section'){ |
continue; |
} |
if (($item->getName() === $sectionName)&&($item->getInstanceName() === $instanceName)){ |
$resp[] = $item; |
} |
} |
if (count($resp)===0){ |
return false; |
}elseif (count($resp)===1){ |
return $resp[0]; |
} else { |
return $resp; |
} |
} |
/** |
* return child sectionItems of the sectionItem |
* |
* @name getSection() |
* @param string $sectionName |
* @return mixed (sectionItem object or array()) |
*/ |
public function getSection($sectionName = null){ |
$resp = array(); |
foreach ($this->_items as $item){ |
if ($item->getType() !== 'section'){ |
continue; |
} |
if ($sectionName === null){ |
$resp[] = $item; |
} else { |
if ($item->getName() === $sectionName){ |
$resp[] = $item; |
} |
} |
} |
if (count($resp)===0){ |
return false; |
}elseif (count($resp)===1){ |
return $resp[0]; |
} else { |
return $resp; |
} |
} |
/** |
* return child pairItems of the sectionItem |
* |
* @name getPair() |
* @param string $pairName |
* @return mixed (pairItem object or array()) |
*/ |
public function getPair($pairName = null){ |
$resp = array(); |
foreach ($this->_items as $item){ |
if ($item->getType() !== 'pair'){ |
continue; |
} |
if ($pairName === null){ |
$resp[] = $item; |
} else { |
if ($item->getName() === $pairName){ |
$resp[] = $item; |
} |
} |
} |
if (count($resp)===0){ |
return false; |
}elseif (count($resp)===1){ |
return $resp[0]; |
} else { |
return $resp; |
} |
} |
public function __get($name){ |
if ($this->getSection($name)!==false){ |
return $this->getSection($name); |
} elseif ($this->getPair($name)!==false) { |
return $this->getPair($name); |
} elseif ($this->getInstance($name)!==false) { |
return $this->getInstance($name); |
} else { |
return false; |
} |
} |
public function deleteSection($sectionName, $instanceName=null){ |
$t = false; |
foreach ($this->_items as $key => $item){ |
if ($item->getType() !== 'section'){ |
continue; |
} |
if ($item->getName() === $sectionName){ |
if ($instanceName!==null){ |
if ($item->getInstanceName() === $instanceName){ |
unset($this->_items[$key]); |
$t = true; |
} |
} else { |
unset($this->_items[$key]); |
$t = true; |
} |
} |
} |
return $t; |
} |
public function setSection($sectionName, sectionItem $sectionItem){ |
$t = false; |
foreach ($this->_items as $key => $item){ |
if ($item->getType() !== 'section'){ |
continue; |
} |
if ($item->getName() === $sectionName){ |
$this->_items[$key] = $sectionItem; |
$t = true; |
} |
} |
return $t; |
} |
public function setInstance($instanceName, $value){ |
foreach ($this->_items as $key => $item){ |
if ($item->getType() !== 'section'){ |
continue; |
} |
if ($item->getInstanceName() === $instanceName){ |
$this->_items[$key] = $value; |
} |
} |
// test pour valeur de retour ? |
} |
public function setSectionInstance($sectionName, $instanceName, $value){ |
foreach ($this->_items as $key => $item){ |
if ($item->getType() !== 'section'){ |
continue; |
} |
if (($item->getName() === $sectionName)&&($item->getInstanceName() === $instanceName)){ |
$this->_items[$key] = $value; |
} |
} |
// test pour valeur de retour ? |
} |
public function __set($name, $value){ |
return $this->setSection($name, $value); |
// use others methode width instance ? |
// create section if not existe? |
} |
} |
/** |
* Classe <b>configReader</b>. |
* |
* @name configReader |
* @author steweb57 |
* @version 0.4.0 |
*/ |
class configReader extends sectionItem |
{ |
private $_file = null; |
private $_pt = null; |
protected $_name = "root"; |
/** |
* Constructeur |
* |
* <p>création de l'instance de la classe</p> |
* |
* @name configReader::__construct() |
* @param string $filename |
* @return void |
*/ |
public function __construct($filename=null) { |
if ($filename !== null){ |
$this->parse($filename); |
} |
} |
/** |
* Destructeur |
*/ |
public function __destruct() { |
$this->_file = NULL; |
} |
/** |
* |
* @name configReader::_deleteComment() |
* @param string $line |
* @return void |
*/ |
private function _deleteComment($line){ |
return $line; |
} |
/** |
* parse the configFile |
* |
* @name config_file::parse() |
* @param file $filename |
* @return void |
*/ |
public function parse($filename=null){ |
if ($filename !== null){ |
// test is_file et file_exist à faire |
$this->_file = $filename; |
} |
if ($this->_file===null) return false; |
$fro = fopen( $this->_file, 'r' ); |
while( $line = fgets( $fro ) ) |
{ |
/* |
on saute les commentaires |
*/ |
if (preg_match('/^[[:space:]]*#/',$line) || preg_match('/^[[:space:]]*$/',$line)) |
continue; |
//test d'entrée dans une section |
if (preg_match('`^([\sa-zA-Z0-9_-]*{[\s[:print:]]*)$`',$line)){//test section |
// Nétoyage des commentaires et espaces |
$tmp = explode("{", $line, 2); |
$line = trim($tmp[0]); |
// test here if exist an instance name |
$tmpInstanceName = ""; |
$t = explode(" ", $line, 2); |
$tmpSectionName = $t[0]; |
if (count($t)>1){ |
$tmpInstanceName = $t[1]; |
} |
// end test of an instance name |
if ($this->_pt===null){ |
$this->addSection($tmpSectionName, $tmpInstanceName); |
$this->_pt = end($this->_items); |
} else { |
$this->_pt = $this->_pt->addSection($tmpSectionName, $tmpInstanceName); |
} |
} |
//recherche fin de section |
elseif (preg_match('`^([\s]*}[\s[:print:]]*)$`',$line)){//test fin de section |
$this->_pt = $this->_pt->getParent(); |
} |
//test de présence d'une pair parametre/valeur |
elseif (preg_match('`^([\s[:print:]]*=)`',$line)){ //test pair |
$tmpPair = trim($line); |
list($pairName, $pairValue) = explode('=', $tmpPair, 2); |
$pairName = trim($pairName); |
$pairValue = trim($pairValue); |
/* |
A FAIRE : |
- prendre en compte le multi-ligne |
*/ |
$l = strlen($pairValue); |
if (strpos($pairValue, "'") === 0){ // valeur entre des quotes |
$pairValue = preg_replace("`^[']([[:print:]]*)[']([[:print:]]*)`","$1",$pairValue); |
}elseif(strpos($pairValue, '"') === 0){// valeur entre des double-quotes |
$pairValue = preg_replace('`^["]([[:print:]]*)["]([[:print:]]*)`','$1',$pairValue); |
}else{ // valeur sans quote ou double-quote |
//suppression des commentaires (pour un # dans la chaine, alors il faut que la chaine soit entre quote ou double-quote) |
$tmp = explode("#", $pairValue, 2); |
$pairValue = trim($tmp[0]); |
} |
if ($this->_pt===null){ |
$this->addPair($pairName,$pairValue); |
} else { |
$this->_pt->addPair($pairName,$pairValue); |
} |
} |
//test de présence d'un parametre (c'est traité comme une section mais sans contenu!) |
elseif (preg_match('`^([\s[:print:]]*)$`',$line)) { //test value |
$tmpItem = trim($line); |
if ($this->_pt===null){ |
$this->addSection($tmpItem); |
} else { |
$this->_pt->addSection($tmpItem); |
} |
} |
} |
fclose( $fro ); |
$this->_pt=null; |
} |
} |
?> |