From 38736d8f16348ef13cae37325a352ade79262ca1 Mon Sep 17 00:00:00 2001 From: guruevi Date: Fri, 6 Mar 2009 17:30:23 +0000 Subject: [PATCH] 2009-03-05 Evi Vanoost * include/auth/dev.php: Updated examples * include/auth/ldap.php: Moved stuff in a more logical order and globalized $ldap_cache since now it is called from a function so it needs not be local git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1519 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 8 +++ pandora_console/include/auth/dev.php | 2 + pandora_console/include/auth/ldap.php | 100 +++++++++++++------------- 3 files changed, 62 insertions(+), 48 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 3f07a9211a..e709a092db 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,11 @@ +2009-03-05 Evi Vanoost + + * include/auth/dev.php: Updated examples + + * include/auth/ldap.php: Moved stuff in a more logical order + and globalized $ldap_cache since now it is called from a function + so it needs not be local + 2009-03-05 Sancho Lerena * include/functions_reporting.php: Fixed notice. diff --git a/pandora_console/include/auth/dev.php b/pandora_console/include/auth/dev.php index 9d3f90e7f5..77117a2000 100644 --- a/pandora_console/include/auth/dev.php +++ b/pandora_console/include/auth/dev.php @@ -25,6 +25,8 @@ $config["admin_can_add_user"] = false; $config["admin_can_delete_user"] = false; $config["admin_can_disable_user"] = false; +global $dev_cache; //This variable needs to be globalized because this file is called from within a function and thus local + //DON'T USE THIS IF YOU DON'T KNOW WHAT YOU'RE DOING die ("This is a very dangerous authentication scheme. Only use for programming in case you should uncomment this line"); diff --git a/pandora_console/include/auth/ldap.php b/pandora_console/include/auth/ldap.php index f5d81489e0..c8cb923d77 100644 --- a/pandora_console/include/auth/ldap.php +++ b/pandora_console/include/auth/ldap.php @@ -31,6 +31,48 @@ $config["admin_can_make_admin"] = false; $req_keys = array ("ldap_server", "ldap_base_dn", "ldap_login_attr", "ldap_admin_group_name", "ldap_admin_group_attr", "ldap_admin_group_type", "ldap_user_filter", "ldap_user_attr"); $opt_keys = array ("ldap_port", "ldap_start_tls", "ldap_version", "ldap_admin_dn", "ldap_admin_pwd"); +global $ldap_cache; //Needs to be globalized because process_config () function calls this file first and the variable would be local and subsequently lost +$ldap_cache = array (); +$ldap_cache["error"] = ""; +$ldap_cache["ds"] = ""; + +//Put each required key in a variable. +foreach ($req_keys as $key) { + if (!isset ($config["auth"][$key])) { + user_error ("Required key ".$key." not set", E_USER_ERROR); + } +} + +// Convert group name to lower case to prevent problems +$config["auth"]["ldap_admin_group_attr"] = strtolower ($config["auth"]["ldap_admin_group_attr"]); +$config["auth"]["ldap_admin_group_type"] = strtolower ($config["auth"]["ldap_admin_group_type"]); + +foreach ($opt_keys as $key) { + if (!isset ($config["auth"][$key])) { + switch ($key) { + case "ldap_start_tls": + $config["auth"][$key] = false; + continue; + case "ldap_version": + $config["auth"][$key] = 0; + continue; + case "ldap_admin_dn": + case "ldap_admin_pwd": + $config["auth"][$key] = ""; + continue; + default: + //Key not implemented + continue; + } + } +} + +//Reference the global use authorization error to last ldap error. +$config["auth_error"] = &$ldap_cache["error"]; + +unset ($req_keys, $opt_keys); + + /** * process_user_login accepts $login and $pass and handles it according to current authentication scheme * @@ -312,6 +354,7 @@ function ldap_load_user ($login) { global $ldap_cache, $config; $ret = false; + $time = get_system_time (); if (ldap_connect_bind ()) { $sr = ldap_search ($ldap_cache["ds"], $config["auth"]["ldap_base_dn"], "(&(".$config["auth"]["ldap_login_attr"]."=".$login.")".$config["auth"]["ldap_user_filter"].")", array_values ($config["auth"]["ldap_user_attr"])); @@ -326,8 +369,8 @@ function ldap_load_user ($login) { } else { $ret = array (); foreach ($config["auth"]["ldap_user_attr"] as $internal_key => $ldap_key) { - $ret["last_connect"] = get_system_time (); - $ret["registered"] = get_system_time (); + $ret["last_connect"] = $time; + $ret["registered"] = $time; $ret["is_admin"] = is_user_admin ($info[0][$config["auth"]["ldap_user_attr"]["id_user"]][0]); if (isset ($info[0][$ldap_key])) { $ret[$internal_key] = $info[0][$ldap_key][0]; @@ -354,7 +397,7 @@ function ldap_load_user ($login) { function create_user () { global $ldap_cache; - $ldap_cache["error"] = 'Not yet supported.'; + $ldap_cache["error"] .= 'Creating users not supported.'; return false; } @@ -366,7 +409,7 @@ function create_user () { function process_user () { global $ldap_cache; - $ldap_cache["error"] = 'Not yet supported.'; + $ldap_cache["error"] .= 'Updating users not supported.'; return false; } @@ -378,7 +421,7 @@ function process_user () { function process_user_password ( $user, $password_old, $password_new ) { global $ldap_cache; - $ldap_cache["error"] = 'Not yet supported'; + $ldap_cache["error"] = 'Changing passwords not supported'; return false; } @@ -392,7 +435,7 @@ function process_user_password ( $user, $password_old, $password_new ) { function delete_user ($user) { global $ldap_cache; - $ldap_cache["error"] = 'Not yet supported'; + $ldap_cache["error"] = 'Deleting users not supported'; return false; } @@ -466,9 +509,9 @@ function ldap_connect_bind () { $ret = false; - if (!empty ($config["auth"]["ldap_port"]) && (empty ($ldap_cache["ds"]) || !is_resource ($ldap_cache["ds"]))) { + if (!empty ($config["auth"]["ldap_port"]) && !is_resource ($ldap_cache["ds"])) { $ldap_cache["ds"] = @ldap_connect ($config["auth"]["ldap_server"], $config["auth"]["ldap_port"]); - } elseif (empty ($ldap_cache["ds"]) || !is_resource ($ldap_cache["ds"])) { + } elseif (!is_resource ($ldap_cache["ds"])) { $ldap_cache["ds"] = @ldap_connect ($config["auth"]["ldap_server"]); } else { return true; @@ -503,43 +546,4 @@ function ldap_connect_bind () { } } -$ldap_cache = array (); -$ldap_cache["error"] = ""; -$ldap_cache["ds"] = ""; - -//Put each required key in a variable. -foreach ($req_keys as $key) { - if (!isset ($config["auth"][$key])) { - user_error ("Required key ".$key." not set", E_USER_ERROR); - } -} - -// Convert group name to lower case to prevent problems -$config["auth"]["ldap_admin_group_attr"] = strtolower ($config["auth"]["ldap_admin_group_attr"]); -$config["auth"]["ldap_admin_group_type"] = strtolower ($config["auth"]["ldap_admin_group_type"]); - -foreach ($opt_keys as $key) { - if (!isset ($config["auth"][$key])) { - switch ($key) { - case "ldap_start_tls": - $config["auth"][$key] = false; - continue; - case "ldap_version": - $config["auth"][$key] = 0; - continue; - case "ldap_admin_dn": - case "ldap_admin_pwd": - $config["auth"][$key] = ""; - continue; - default: - //Key not implemented - continue; - } - } -} - -//Reference the global use authorization error to last ldap error. -$config["auth_error"] = &$ldap_cache["error"]; - -unset ($req_keys, $opt_keys); -?> +?> \ No newline at end of file