4d173e6746
DbUserBackend: Lowercase usernames before fetching password hashes
...
The BINARY cast to make trailing spaces significant (#4030 ) also
made these queries case-sensitive. This wasn't identified at the
time because the query itself wasn't case-insensitive, but the
default collation on the `name` column. (Tests sometimes are the
perfect mitigation for this...)
fixes #4184
2020-06-24 14:08:30 +02:00
f63dfa5294
DbUserBackend: Use binary string comparison if it's a mysql db
2019-12-11 10:15:05 +01:00
668ae38497
ExternalBackend: Don't authenticate a user if `REMOTE_USER` is empty
2019-12-05 15:13:02 +01:00
d6c4df7a5d
Use password_hash and password_verify
2018-07-03 13:08:06 +02:00
72ec132f25
Correct interfaces to conform to PHP 7.2+
2018-01-24 11:50:10 +01:00
8c7ccce4a7
Make multi-domain authn working w/ upper-case domains in user names
...
refs #3232
2018-01-16 10:36:22 +01:00
1aae1eab23
DBUserBackend: Replace internal crypt handling with PasswordHelper
...
refs #2954
2017-11-21 08:26:24 +01:00
c196a7c7c4
Modify authentication function to support alternative algorithms
...
The existing usage of crypt() was borderline incorrect. This simplified
function will allow hashes of other types (e.g. bcrypt) and thus
mitigate #2954 (use password_hash) until this can be implemented.
The getSalt protected method was also removed as this is no longer
required, though this can be added again in future.
2017-11-06 22:48:42 +13:00
4b11afe7d5
Remove unused method LdapUserBackend::setConfig()
2017-07-11 17:08:16 +02:00
bd23d008ca
Auth: Make sure to set the configured domain on LDAP/MSAD user backends
2017-07-11 17:02:32 +02:00
cbde758fc6
Remove unused domain-aware auth related functions from UserBackend
...
These functions made it into the master branch accidentally.
2017-07-11 17:01:06 +02:00
686d022987
Merge pull request #2863 from Icinga/feature/domain-support-for-authn-authz-2153
2017-06-21 13:16:36 +02:00
0cbec01743
Make auth via LDAP user backends domain-aware
...
refs #2153
2017-06-12 13:31:07 +02:00
05288e9bea
Add interface for user backends which are responsible for a specific domain
...
refs #2153
2017-06-12 13:31:07 +02:00
2b9e9bf2b3
User: split the username into localpart and domain (if given)
2017-06-12 13:31:07 +02:00
f323310174
DbUserBackend: don't fail at validation if there aren't any active users
...
refs #2598
2017-02-24 15:29:05 +01:00
0716f87852
Update german translation
2016-12-13 13:57:27 +01:00
3a816ce0f7
ExternalBackend: Don't throw an error if it's not possible to clean usernames
2016-11-16 12:04:46 +01:00
0bd00ba3d0
ExternalBackend: Simplify how remote users are identified
...
refs #12164
2016-11-16 11:55:54 +01:00
d9330486e9
Replace ExternalBackend::getRemoteUserEnvvars() with an attribute
...
refs #12164
2016-11-04 17:27:36 +01:00
d6ac6c8374
setup/AuthenticationPage: don't show the warning about external backend configuration if REDIRECT_REMOTE_USER is set
...
refs #12164
2016-10-18 15:19:13 +02:00
4d6160d987
ExternalBackend::getRemoteUser(): restore previous default behavior
...
refs #12164
2016-10-18 10:22:06 +02:00
ab01d2f915
ExternalBackend: don't reference more than necessary from the config
...
refs #12164
2016-10-18 10:17:21 +02:00
ce951295d3
ExternalBackend: make the variable a webserver assigns a username to configurable
...
refs #12164
2016-10-17 18:46:00 +02:00
29c221418b
External authentication: respect REDIRECT_REMOTE_USER as well
...
refs #12164
2016-10-17 16:19:26 +02:00
99d08bf03b
Get remote user from $_SERVER if env does not have it in external auth
...
refs #11391
2016-04-11 14:09:04 +02:00
2ac54d7c3e
lib: Add ExternalBackend::getRemoteUser()
...
If the user is authenticated via the web server, this method should be used to retrieve the user because
it supports both reading the user from the environment or from the $_SERVER variable as fallback.
refs #11391
2016-04-11 14:01:36 +02:00
c803ec64c5
lib: Move getters before setters in ExternalBackend
2016-04-11 10:57:01 +02:00
474803fee4
Change all license headers to only reflect a file's year of creation
...
refs #11000
2016-02-08 15:41:00 +01:00
fc8873ec0a
Use getenv() instead of $_SERVER to get REMOTE_USER
...
refs #10488
2015-12-18 13:46:34 +01:00
d2cc854a61
LdapUserBackend: Set a query's base DN when a table gets required
...
This ensures that the query receives the correct base DN even if the table
gets adjusted by calling from() subsequently.
refs #10567
2015-11-11 12:55:17 +01:00
505f5902c7
LdapUserBackend: Utilize $virtualTables
2015-11-10 09:56:27 +01:00
9b826e6e5f
Drop class Ldap\Expression and introduce LdapQuery::$nativeFilter
...
I'm about to add support for our Data\Filter implementation, since it cannot
parse native LDAP filters and a user may have configured such, we need to
differentiate the two types of filter.
refs #10370
2015-11-09 13:04:02 +01:00
878bd78587
LdapUserBackend: Unfold the user_name_attribute automatically
...
This is.. the currently easiest solution. As long as attribute unfolding
is not very performance intensive this solution suffices.
refs #10367
refs #10332
2015-10-16 17:25:42 +02:00
58fc87b2e5
Repository: Ensure that we'll internally only work with virtual table names
...
refs #10367
2015-10-16 14:46:44 +02:00
7ef76932d4
DbRepository: Validate the table when inserting, updating and deleting
2015-10-16 12:36:47 +02:00
17e8f01d24
Use the DN to fetch group memberships from LDAP
...
fixes #9901
2015-09-18 15:34:12 +02:00
056ab0c96c
Fix that DbUserBackend::inspect() reports 0 users when only one exists
...
refs #9739
Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
2015-09-01 23:08:24 +02:00
d2a4b880b1
Revert "Accept DbUserBackends with only one single user"
...
This reverts commit c8d065b3e0#9739
2015-09-01 23:05:34 +02:00
1e6c394693
Controller: Create the filter editor in setupFilterControl() ...
...
...instead of demanding a concrete controller to do so.
We still have to decide how to handle parameter preservation
properly.
refs #9029
2015-08-13 17:05:13 +02:00
4b6849eea7
Repository: Introduce query column blacklists
...
We can no longer use $filterColumns to blacklist query columns so
there is now another set of column names required to achieve this.
refs #9029
2015-08-13 14:06:27 +02:00
316a4d8b82
Merge branch 'master' into bugfix/allow-to-configure-how-to-manage-groups-9609
2015-07-30 16:16:04 +02:00
a234852f32
Merge branch 'feature/basic-auth-9660'
...
resolves #9660
2015-07-30 15:05:07 +02:00
37ef87b9ab
lib: Fix PHPDoc in ExternalBackend
...
refs #9660
2015-07-29 15:46:40 +02:00
1b5c5deace
lib: Rename remote user to external user
...
We renamed our backend. Code now reflects this.
refs #9660
2015-07-29 15:44:32 +02:00
3f7081296b
Merge branch 'master' into bugfix/allow-to-configure-how-to-manage-groups-9609
2015-07-29 15:02:20 +02:00
13edbf901d
UserBackend: Implement interface ConfigAwareFactory
...
refs #9609
2015-07-29 13:44:26 +02:00
83aafe8cda
Allow to discover LDAP connections in the wizard as well
...
...
2015-07-29 09:26:53 +02:00
4d44a0625c
lib: Move UserBackendInterface::authenticate() to new interface Authenticatable
...
refs #9660
2015-07-29 09:25:14 +02:00
c8d065b3e0
Accept DbUserBackends with only one single user
...
fixes #9739
2015-07-28 12:41:08 +02:00
Johannes Meyer
Eric Lippmann
Alexander A. Klimov
Markus Frosch
ss23
Johannes Meyer
Eric Lippmann
Alexander A. Klimov
Russell Kubik
Matthias Jentsch