extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-03 12:39:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

- fixed handling of passwords with special chars

Browse Source 
- made handling of empty passwords more obvious
- fixed primary group to use negative group-id
- patch 889: support other apache mod_auth_*
This commit is contained in:
Ralf Becker 2007-06-20 06:55:59 +00:00
parent fddb756140
commit 48289a5fdd
2 changed files with 13 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
login.php
View File

@ -84,6 +84,11 @@
/* Program starts here */ /* Program starts here */
// some apache mod_auth_* modules use REMOTE_USER instead of PHP_AUTH_USER, thanks to Sylvain Beucler
if ($GLOBALS['egw_info']['server']['auth_type'] == 'http' && !isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['REMOTE_USER']))
{
$_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER'];
}
if($GLOBALS['egw_info']['server']['auth_type'] == 'http' && isset($_SERVER['PHP_AUTH_USER'])) if($GLOBALS['egw_info']['server']['auth_type'] == 'http' && isset($_SERVER['PHP_AUTH_USER']))
{ {
$submit = True; $submit = True;
@ -93,12 +98,12 @@
} }
else else
{ {
$passwd = $_POST['passwd']; $passwd = get_magic_quotes_gpc() ? stripslashes($_POST['passwd']) : $_POST['passwd'];
$passwd_type = $_POST['passwd_type']; $passwd_type = $_POST['passwd_type'];
if($GLOBALS['egw_info']['server']['allow_cookie_auth']) if($GLOBALS['egw_info']['server']['allow_cookie_auth'])
{ {
$eGW_remember = explode('::::',stripslashes($_COOKIE['eGW_remember'])); $eGW_remember = explode('::::',get_magic_quotes_gpc() ? stripslashes($_COOKIE['eGW_remember']) : $_COOKIE['eGW_remember']);
if($eGW_remember[0] && $eGW_remember[1] && $eGW_remember[2]) if($eGW_remember[0] && $eGW_remember[1] && $eGW_remember[2])
{ {

21
phpgwapi/inc/class.auth_ldap.inc.php
View File

@ -38,10 +38,6 @@
*/ */
function authenticate($username, $passwd) function authenticate($username, $passwd)
{ {
if (ereg('[()|&=*,<>!~]',$username))
{
return False;
}
// allow non-ascii in username & password // allow non-ascii in username & password
$username = $GLOBALS['egw']->translation->convert($username,$GLOBALS['egw']->translation->charset(),'utf-8'); $username = $GLOBALS['egw']->translation->convert($username,$GLOBALS['egw']->translation->charset(),'utf-8');
$passwd = $GLOBALS['egw']->translation->convert($passwd,$GLOBALS['egw']->translation->charset(),'utf-8'); $passwd = $GLOBALS['egw']->translation->convert($passwd,$GLOBALS['egw']->translation->charset(),'utf-8');
@ -62,7 +58,7 @@
$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber','shadowExpire'); $attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber','shadowExpire');
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)'; $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter); $filter = str_replace(array('%user','%domain'),array(ldap::quote($username),$GLOBALS['egw_info']['user']['domain']),$filter);
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
{ {
@ -84,16 +80,10 @@
return false; // account is expired return false; // account is expired
} }
$userDN = $allValues[0]['dn']; $userDN = $allValues[0]['dn'];
/*
generate a bogus password to pass if the user doesn't give us one
this gets around systems that are anonymous search enabled
*/
if (empty($passwd))
{
$passwd = crypt(microtime());
}
// try to bind as the user with user suplied password // try to bind as the user with user suplied password
if (@ldap_bind($ldap, $userDN, $passwd)) // only if a non-empty password given, in case anonymous search is enabled
if (!empty($passwd) && @ldap_bind($ldap, $userDN, $passwd))
{ {
if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap')
{ {
@ -106,12 +96,13 @@
'sn' => 'lastname', 'sn' => 'lastname',
'uidnumber' => 'account_id', 'uidnumber' => 'account_id',
'mail' => 'email', 'mail' => 'email',
'gidnumber' => 'primary_group',
) as $ldap_name => $acct_name) ) as $ldap_name => $acct_name)
{ {
$GLOBALS['auto_create_acct'][$acct_name] = $GLOBALS['auto_create_acct'][$acct_name] =
$GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8'); $GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
} }
// our group-ids are negative
$GLOBALS['auto_create_acct']['primary_group'] = -$allValues[0]['gidnumber'][0];
return True; return True;
} }
return ($id = $GLOBALS['egw']->accounts->name2id($username,'account_lid','u')) && return ($id = $GLOBALS['egw']->accounts->name2id($username,'account_lid','u')) &&