vmario/yourls-ldap-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update plugin.php

Browse Source 
Fixing the group authentication and adding scope option.
This commit is contained in:
Henrique de Andrade 2016-11-18 10:54:11 -02:00 committed by GitHub
parent 58479c3055
commit 1c92562cb8
1 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
plugin.php
View File

@ -12,6 +12,7 @@ Author URI: http://k3a.me
// No direct call // No direct call
if( !defined( 'YOURLS_ABSPATH' ) ) die(); if( !defined( 'YOURLS_ABSPATH' ) ) die();
// returns true if the environment is set up right // returns true if the environment is set up right
function ldapauth_environment_check() { function ldapauth_environment_check() {
$required_params = array( $required_params = array(
@ -140,22 +141,27 @@ function ldapauth_is_valid_user( $value ) {
if (empty($ldapSuccess)) { // we don't need to do this if we already bound using username and LDAPAUTH_BIND_WITH_USER_TEMPLATE if (empty($ldapSuccess)) { // we don't need to do this if we already bound using username and LDAPAUTH_BIND_WITH_USER_TEMPLATE
$ldapSuccess = @ldap_bind($ldapConnection, $userDn, $_REQUEST['password']); $ldapSuccess = @ldap_bind($ldapConnection, $userDn, $_REQUEST['password']);
} }
@ldap_close($ldapConnection);
// success? // success?
if ($ldapSuccess) if ($ldapSuccess)
{ {
// are we checking group auth? // are we checking group auth?
if (defined('LDAPAUTH_GROUP_ATTR') && defined('LDAPAUTH_GROUP_REQ')) { if (defined('LDAPAUTH_GROUP_ATTR') && defined('LDAPAUTH_GROUP_REQ')) {
if (!array_key_exists(LDAPAUTH_GROUP_ATTR, $searchResult[0])) die('Not in any LDAP groups');
$in_group = false;
$in_group = false; $bind = ldap_bind($ldapConnection, LDAPAUTH_SEARCH_USER, LDAPAUTH_SEARCH_PASS);
$groups_to_check = explode(";", strtolower(LDAPAUTH_GROUP_REQ)); // This is now an array
$searchGroup = ldap_search($ldapConnection, LDAPAUTH_GROUP_REQ, LDAPAUTH_GROUP_ATTR . "=" . $_REQUEST['username']);
foreach($searchResult[0][LDAPAUTH_GROUP_ATTR] as $grps) { $searchG = ldap_get_entries($ldapConnection,$searchGroup);
if (in_array(strtolower($grps), $groups_to_check)) { $in_group = true; break; }
} if ( LDAPAUTH_GROUP_SCOP == 'base'){
if (!$in_group) die('Not in admin group'); if ($searchG[0]['dn'] == LDAPAUTH_GROUP_REQ) $in_group = true;
}
else{
if ($searchG[0]['dn']) $in_group = true;
}
if (!$in_group) die('Not in admin group');
} }
// attribute index returned by ldap_get_entries is lowercased (http://php.net/manual/en/function.ldap-get-entries.php) // attribute index returned by ldap_get_entries is lowercased (http://php.net/manual/en/function.ldap-get-entries.php)
@ -218,6 +224,7 @@ function ldapauth_logout_hook( $args ) {
* will work. Users that exist in both users/config.php and LDAP will need to use * will work. Users that exist in both users/config.php and LDAP will need to use
* their LDAP passwords * their LDAP passwords
*/ */
yourls_add_action ('plugins_loaded', 'ldapauth_merge_users'); yourls_add_action ('plugins_loaded', 'ldapauth_merge_users');
function ldapauth_merge_users() { function ldapauth_merge_users() {
global $ydb; global $ydb;
@ -230,7 +237,6 @@ function ldapauth_merge_users() {
$yourls_user_passwords = array_merge($yourls_user_passwords, $ydb->option['ldapauth_usercache']); $yourls_user_passwords = array_merge($yourls_user_passwords, $ydb->option['ldapauth_usercache']);
} }
} }
/** /**
* Create user in config file * Create user in config file
* Code reused from yourls_hash_passwords_now() * Code reused from yourls_hash_passwords_now()
@ -263,7 +269,6 @@ function ldapauth_create_user( $user, $new_password ) {
return $pass_hash; return $pass_hash;
} }
/** /**
* Hashes password the same way as yourls_hash_passwords_now() * Hashes password the same way as yourls_hash_passwords_now()
**/ **/
@ -274,7 +279,6 @@ function ldapauth_hash_password ($password) {
return $pass_hash; return $pass_hash;
} }
function ldapauth_debug ($msg) { function ldapauth_debug ($msg) {
if (defined('LDAPAUTH_DEBUG') && LDAPAUTH_DEBUG) { if (defined('LDAPAUTH_DEBUG') && LDAPAUTH_DEBUG) {
error_log("yourls_ldap_auth: " . $msg); error_log("yourls_ldap_auth: " . $msg);