diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-28 06:21:29 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-28 06:21:29 +0000 |
| commit | a92906fee79473c156d609492550f488d96c76ca (patch) | |
| tree | 4cb925189e4ca94d0cf2d76a3d896bb36eb59d8e /etc/inc/auth.inc | |
| parent | 7e4a4513a330b9731e6c9b1e6e571defc2c4c73b (diff) | |
| download | pfsense-a92906fee79473c156d609492550f488d96c76ca.zip pfsense-a92906fee79473c156d609492550f488d96c76ca.tar.gz | |
* Refactor code a bit, split out user property search function
* Bring back filter code
Work sponsored-by: Centipede Networks
Diffstat (limited to 'etc/inc/auth.inc')
| -rw-r--r-- | etc/inc/auth.inc | 51 |
1 files changed, 45 insertions, 6 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 41882bf..475be79 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -519,7 +519,7 @@ function session_auth($backing) { } function pam_backed($username = "", $password = "") { - /* we do not support blank pwds, don't we? */ + /* do not allow blank passwords */ if ($username == "" || password == "") { return false; } if(! extension_loaded( 'pam_auth' )) { @@ -587,11 +587,52 @@ function passwd_backed($username, $passwd) { return false; } +function ldap_get_groups($username) { + global $config; + + $ldapserver = $config['system']['webgui']['ldapserver']; + $ldapbindun = $config['system']['webgui']['ldapbindun']; + $ldapbindpw = $config['system']['webgui']['ldapbindpw']; + $ldapfilter = $config['system']['webgui']['ldapfilter']; + $ldapsearchbase = $config['system']['webgui']['ldapsearchbase']; + + if (!($ldap = ldap_connect($ldapserver))) { + log_error("ERROR! LDAP could not connect to server {$ldapserver}. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + if (!($res = @ldap_bind($ldap, $ldapbindun, $ldapbindpw))) { + log_error("ERROR! LDAP could not bind to {$ldapserver}. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + $search = ldap_search($ldap, $ldapsearchbase, $ldapfilter); + if(!$search) + return array(); + + $info = ldap_get_entries($ldap, $search); + + $temp = fopen("/tmp/groupentries", "w"); + fwrite($temp, $info["count"] . " entries returned."); + fwrite($temp, print_r($info, true)); + fclose($temp); + + /* Time to close LDAP connection */ + ldap_close($ldap); + + return $info; +} + function ldap_backed($username, $passwd) { global $config; $ldapserver = $config['system']['webgui']['ldapserver']; $ldapsearchbase = $config['system']['webgui']['ldapsearchbase']; + $ldapbindun = $config['system']['webgui']['ldapbindun']; + $ldapbindpw = $config['system']['webgui']['ldapbindpw']; + $ldapfilter = $config['system']['webgui']['ldapfilter']; if(!$ldapsearchbase) log_error("WARNING! LDAP backend search base not defined."); @@ -609,17 +650,15 @@ function ldap_backed($username, $passwd) { } if (!($res = @ldap_bind($ldap, $username, $passwd))) { - log_error("ERROR! LDAP could not bind to {$ldapserver} - {$dn}. Defaulting to built-in htpasswd_backed()"); + log_error("ERROR! LDAP could not bind to {$ldapserver}. Defaulting to built-in htpasswd_backed()"); $status = htpasswd_backed($username, $passwd); return $status; } - - /* Time to close LDAP connection */ - ldap_close($ldap); + + ldap_get_groups($username); /* At this point we are binded to LDAP so the user was auth'd okay. */ return true; - } function htpasswd_backed($username, $passwd) { |
