tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#9894 Fixed ldap_search

This commit is contained in:
Daniel Maya 2022-11-24 12:07:48 +01:00
parent 38259c9f8d
commit 1ffac9bc80
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
pandora_console/include/auth/mysql.php
View File

@ -250,9 +250,9 @@ function process_user_login_remote($login, $pass, $api=false)
{ {
global $config, $mysql_cache; global $config, $mysql_cache;
// Remote authentication // Remote authentication.
switch ($config['auth']) { switch ($config['auth']) {
// LDAP // LDAP.
case 'ldap': case 'ldap':
$sr = ldap_process_user_login($login, $pass); $sr = ldap_process_user_login($login, $pass);
// Try with secondary server if not login. // Try with secondary server if not login.
@ -265,7 +265,7 @@ function process_user_login_remote($login, $pass, $api=false)
} }
break; break;
// Active Directory // Active Directory.
case 'ad': case 'ad':
if (enterprise_hook('ad_process_user_login', [$login, $pass]) === false) { if (enterprise_hook('ad_process_user_login', [$login, $pass]) === false) {
$config['auth_error'] = 'User not found in database or incorrect password'; $config['auth_error'] = 'User not found in database or incorrect password';
@ -273,7 +273,7 @@ function process_user_login_remote($login, $pass, $api=false)
} }
break; break;
// Remote Pandora FMS // Remote Pandora FMS.
case 'pandora': case 'pandora':
if (enterprise_hook('remote_pandora_process_user_login', [$login, $pass]) === false) { if (enterprise_hook('remote_pandora_process_user_login', [$login, $pass]) === false) {
$config['auth_error'] = 'User not found in database or incorrect password'; $config['auth_error'] = 'User not found in database or incorrect password';
@ -281,7 +281,7 @@ function process_user_login_remote($login, $pass, $api=false)
} }
break; break;
// Remote Integria // Remote Integria.
case 'integria': case 'integria':
if (enterprise_hook('remote_integria_process_user_login', [$login, $pass]) === false) { if (enterprise_hook('remote_integria_process_user_login', [$login, $pass]) === false) {
$config['auth_error'] = 'User not found in database or incorrect password'; $config['auth_error'] = 'User not found in database or incorrect password';
@ -289,7 +289,7 @@ function process_user_login_remote($login, $pass, $api=false)
} }
break; break;
// Unknown authentication method // Unknown authentication method.
default: default:
$config['auth_error'] = 'User not found in database or incorrect password'; $config['auth_error'] = 'User not found in database or incorrect password';
return false; return false;
@ -303,7 +303,7 @@ function process_user_login_remote($login, $pass, $api=false)
} }
} }
// Authentication ok, check if the user exists in the local database // Authentication ok, check if the user exists in the local database.
if (is_user($login)) { if (is_user($login)) {
if (!user_can_login($login) && $api === false) { if (!user_can_login($login) && $api === false) {
return false; return false;
@ -370,10 +370,10 @@ function process_user_login_remote($login, $pass, $api=false)
return $login; return $login;
} }
// The user does not exist and can not be created // The user does not exist and can not be created.
if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted($login)) { if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted($login)) {
$config['auth_error'] = __( $config['auth_error'] = __(
'Ooops User not found in 'Ooops User not found in
database or incorrect password' database or incorrect password'
); );
@ -967,6 +967,12 @@ function ldap_process_user_login($login, $password, $secondary_server=false)
$sr = ldap_search($ds, io_safe_output($ldap['ldap_base_dn']), $filter); $sr = ldap_search($ds, io_safe_output($ldap['ldap_base_dn']), $filter);
if (empty($sr) === true) {
$config['auth_error'] = 'ldap search failed';
@ldap_close($ds);
return false;
}
$memberof = ldap_get_entries($ds, $sr); $memberof = ldap_get_entries($ds, $sr);
if ($memberof['count'] == 0 && !isset($memberof[0]['memberof'])) { if ($memberof['count'] == 0 && !isset($memberof[0]['memberof'])) {