holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

"- fixed handling of passwords with special chars

Browse Source 
- made handling of empty passwords more obvious
- fixed primary group to use negative group-id"
This commit is contained in:
Ralf Becker 2007-06-20 06:49:02 +00:00
parent 53e075224c
commit 1697a56468
1 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
phpgwapi/inc/class.auth_ldap.inc.php
View File

@ -38,10 +38,6 @@
*/ */
function authenticate($username, $passwd) function authenticate($username, $passwd)
{ {
if (ereg('[()|&=*,<>!~]',$username))
{
return False;
}
// allow non-ascii in username & password // allow non-ascii in username & password
$username = $GLOBALS['egw']->translation->convert($username,$GLOBALS['egw']->translation->charset(),'utf-8'); $username = $GLOBALS['egw']->translation->convert($username,$GLOBALS['egw']->translation->charset(),'utf-8');
$passwd = $GLOBALS['egw']->translation->convert($passwd,$GLOBALS['egw']->translation->charset(),'utf-8'); $passwd = $GLOBALS['egw']->translation->convert($passwd,$GLOBALS['egw']->translation->charset(),'utf-8');
@ -62,7 +58,7 @@
$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber','shadowExpire'); $attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber','shadowExpire');
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)'; $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter); $filter = str_replace(array('%user','%domain'),array(ldap::quote($username),$GLOBALS['egw_info']['user']['domain']),$filter);
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
{ {
@ -84,16 +80,10 @@
return false; // account is expired return false; // account is expired
} }
$userDN = $allValues[0]['dn']; $userDN = $allValues[0]['dn'];
/*
generate a bogus password to pass if the user doesn't give us one
this gets around systems that are anonymous search enabled
*/
if (empty($passwd))
{
$passwd = crypt(microtime());
}
// try to bind as the user with user suplied password // try to bind as the user with user suplied password
if (@ldap_bind($ldap, $userDN, $passwd)) // only if a non-empty password given, in case anonymous search is enabled
if (!empty($passwd) && @ldap_bind($ldap, $userDN, $passwd))
{ {
if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap')
{ {
@ -106,12 +96,13 @@
'sn' => 'lastname', 'sn' => 'lastname',
'uidnumber' => 'account_id', 'uidnumber' => 'account_id',
'mail' => 'email', 'mail' => 'email',
'gidnumber' => 'primary_group',
) as $ldap_name => $acct_name) ) as $ldap_name => $acct_name)
{ {
$GLOBALS['auto_create_acct'][$acct_name] = $GLOBALS['auto_create_acct'][$acct_name] =
$GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8'); $GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
} }
// our group-ids are negative
$GLOBALS['auto_create_acct']['primary_group'] = -$allValues[0]['gidnumber'][0];
return True; return True;
} }
return ($id = $GLOBALS['egw']->accounts->name2id($username,'account_lid','u')) && return ($id = $GLOBALS['egw']->accounts->name2id($username,'account_lid','u')) &&