auth.inc.diff - pfSense - pfSense bugtracker

Feature #3410 » auth.inc.diff

Daniel Hazelbaker, 01/23/2014 09:29 PM

                     $ldapbindpw         = $authcfg['ldap_bindpw'];
                     $ldapauthcont       = $authcfg['ldap_authcn'];
                     $ldapnameattribute  = strtolower($authcfg['ldap_attr_user']);
                     $ldapgroupattribute  = strtolower($authcfg['ldap_attr_member']);
                     $ldapfilter         = "({$ldapnameattribute}={$username})";
     		$ldapgroupattribute = strtolower($authcfg['ldap_attr_group']);
                     $ldapmemberattribute  = strtolower($authcfg['ldap_attr_member']);
                     $ldapfilter         = "(|(&(objectClass=inetOrgPerson)({$ldapnameattribute}={$username}))(&(objectClass=posixGroup)({$ldapmemberattribute}={$username})))";
                     $ldaptype           = "";
                     $ldapver            = $authcfg['ldap_protver'];
     		if (empty($ldapbindun) || empty($ldapbindpw))
-...
     	} else
     		return false;
     	$ldapdn             = $_SESSION['ldapdn'];
     	$ldapdn = $ldapbasedn;
     	/*Convert attribute to lowercase.  php ldap arrays put everything in lowercase */
     	$ldapgroupattribute = strtolower($ldapgroupattribute);
     	$memberof = array();
             /* Setup CA environment if needed. */
-...
     	/* get groups from DN found */
     	/* use ldap_read instead of search so we don't have to do a bunch of extra work */
     	/* since we know the DN is in $_SESSION['ldapdn'] */
     	//$search    = ldap_read($ldap, $ldapdn, "(objectclass=*)", array($ldapgroupattribute));
     	//$search    = ldap_read($ldap, $ldapdn, "(objectclass=*)", array($ldapmemberattribute));
     	if ($ldapscope == "one")
                     $ldapfunc = "ldap_list";
             else
                     $ldapfunc = "ldap_search";
     	$search    = @$ldapfunc($ldap, $ldapdn, $ldapfilter, array($ldapgroupattribute));
     	$search    = @$ldapfunc($ldap, $ldapdn, $ldapfilter, array($ldapmemberattribute, $ldapgroupattribute, 'objectClass'));
     	$info      = @ldap_get_entries($ldap, $search);
     	$countem = $info["count"];
     	if(is_array($info[0][$ldapgroupattribute])) {
     		/* Iterate through the groups and throw them into an array */
     		foreach ($info[0][$ldapgroupattribute] as $member) {
     			if (stristr($member, "CN=") !== false) {
     				$membersplit = explode(",", $member);
     				$memberof[] = preg_replace("/CN=/i", "", $membersplit[0]);
     	for ($g = 0; $g < $countem; $g++) {
     		if(is_array($info[$g][$ldapmemberattribute]) && in_array('inetOrgPerson', $info[$g]['objectclass'])) {
     			/* Iterate through the groups and throw them into an array */
     			foreach ($info[$g][$ldapmemberattribute] as $member) {
     				if (stristr($member, "CN=") !== false) {
     					$membersplit = explode(",", $member);
     					$memberof[] = preg_replace("/CN=/i", "", $membersplit[0]);
+    				}
+    			}
+    		}
     		if(is_array($info[$g][$ldapgroupattribute]) && $info[$g][$ldapgroupattribute]['count'] > 0 && in_array('posixGroup', $info[$g]['objectclass'])) {
     			$memberof[] = $info[$g][$ldapgroupattribute][0];
+    		}
+    	}
     	/* Time to close LDAP connection */

(1-1/1)

Project

General

Profile

pfSense

Feature #3410 » auth.inc.diff