mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-12-25 17:20:13 +01:00
ldap auth auditor access patch
This commit is contained in:
parent
12bb5f0b43
commit
a8b87e0ce1
@ -43,6 +43,7 @@ $config['LDAP_ACCOUNT_OBJECTCLASS'] = 'zimbraAccount';
|
|||||||
$config['LDAP_BASE_DN'] = '';
|
$config['LDAP_BASE_DN'] = '';
|
||||||
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'zimbraDistributionList';
|
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'zimbraDistributionList';
|
||||||
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'zimbraMailForwardingAddress';
|
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'zimbraMailForwardingAddress';
|
||||||
|
$config['LDAP_AUDITOR_MEMBER_DN'] = '';
|
||||||
|
|
||||||
|
|
||||||
// AD specific settings
|
// AD specific settings
|
||||||
|
@ -80,9 +80,11 @@ class ModelUserAuth extends Model {
|
|||||||
|
|
||||||
$query = $ldap->query(LDAP_BASE_DN, "(|(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=$username))(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=$username)" . ")(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=" . $a['dn'] . ")))", array());
|
$query = $ldap->query(LDAP_BASE_DN, "(|(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=$username))(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=$username)" . ")(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=" . $a['dn'] . ")))", array());
|
||||||
|
|
||||||
|
$is_auditor = $this->check_ldap_membership($query->rows);
|
||||||
|
|
||||||
$emails = $this->get_email_array_from_ldap_attr($query->rows);
|
$emails = $this->get_email_array_from_ldap_attr($query->rows);
|
||||||
|
|
||||||
$this->add_session_vars($a['cn'], $username, $emails);
|
$this->add_session_vars($a['cn'], $username, $emails, $is_auditor);
|
||||||
|
|
||||||
AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against LDAP');
|
AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against LDAP');
|
||||||
|
|
||||||
@ -101,6 +103,33 @@ class ModelUserAuth extends Model {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
private function check_ldap_membership($e = array()) {
|
||||||
|
if(LDAP_AUDITOR_MEMBER_DN == '') { return 0; }
|
||||||
|
|
||||||
|
foreach($e as $a) {
|
||||||
|
foreach (array("member", "memberof") as $memberattr) {
|
||||||
|
if(isset($a[$memberattr])) {
|
||||||
|
|
||||||
|
if(isset($a[$memberattr]['count'])) {
|
||||||
|
for($i = 0; $i < $a[$memberattr]['count']; $i++) {
|
||||||
|
if($a[$memberattr][$i] == LDAP_AUDITOR_MEMBER_DN) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if($a[$memberattr] == LDAP_AUDITOR_MEMBER_DN) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
private function get_email_array_from_ldap_attr($e = array()) {
|
private function get_email_array_from_ldap_attr($e = array()) {
|
||||||
$data = array();
|
$data = array();
|
||||||
|
|
||||||
@ -128,7 +157,7 @@ class ModelUserAuth extends Model {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
private function add_session_vars($name = '', $email = '', $emails = array()) {
|
private function add_session_vars($name = '', $email = '', $emails = array(), $is_auditor = 0) {
|
||||||
$a = explode("@", $email);
|
$a = explode("@", $email);
|
||||||
|
|
||||||
$uid = $this->model_user_user->get_uid_by_email($email);
|
$uid = $this->model_user_user->get_uid_by_email($email);
|
||||||
@ -139,7 +168,13 @@ class ModelUserAuth extends Model {
|
|||||||
|
|
||||||
$_SESSION['username'] = $name;
|
$_SESSION['username'] = $name;
|
||||||
$_SESSION['uid'] = $uid;
|
$_SESSION['uid'] = $uid;
|
||||||
$_SESSION['admin_user'] = 0;
|
|
||||||
|
if($is_auditor == 1) {
|
||||||
|
$_SESSION['admin_user'] = 2;
|
||||||
|
} else {
|
||||||
|
$_SESSION['admin_user'] = 0;
|
||||||
|
}
|
||||||
|
|
||||||
$_SESSION['email'] = $email;
|
$_SESSION['email'] = $email;
|
||||||
$_SESSION['domain'] = $a[1];
|
$_SESSION['domain'] = $a[1];
|
||||||
$_SESSION['realname'] = $name;
|
$_SESSION['realname'] = $name;
|
||||||
@ -182,7 +217,7 @@ class ModelUserAuth extends Model {
|
|||||||
if($imap->login($username, $password)) {
|
if($imap->login($username, $password)) {
|
||||||
$imap->logout();
|
$imap->logout();
|
||||||
|
|
||||||
$this->add_session_vars($username, $username, array($username));
|
$this->add_session_vars($username, $username, array($username), 0);
|
||||||
|
|
||||||
$_SESSION['password'] = $password;
|
$_SESSION['password'] = $password;
|
||||||
|
|
||||||
@ -216,7 +251,7 @@ class ModelUserAuth extends Model {
|
|||||||
|
|
||||||
$emails = $this->get_email_array_from_ldap_attr($query->rows);
|
$emails = $this->get_email_array_from_ldap_attr($query->rows);
|
||||||
|
|
||||||
$this->add_session_vars($a['cn'], $username, $emails);
|
$this->add_session_vars($a['cn'], $username, $emails, 0);
|
||||||
|
|
||||||
AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against LDAP');
|
AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against LDAP');
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user