summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/auth.inc42
-rw-r--r--etc/inc/authgui.inc6
2 files changed, 35 insertions, 13 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index cc486e0..734bb2a 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -60,10 +60,19 @@ function logout_session() {
function getAllowedGroups($logged_in_user) {
global $g, $config;
+ $allowed = array();
+ $allowed_groups = array();
+
log_error("Getting groups for {$logged_in_user}.");
+ $local_user = false;
+
+ foreach($config['system']['user'] as $username)
+ if($username['name'] = $logged_in_user)
+ $local_user = true;
+
/* return ldap groups if we are in ldap mode */
- if($config['system']['webgui']['backend'] == "ldap") {
+ if($config['system']['webgui']['backend'] == "ldap" && $local_user == false) {
$allowed_groups = ldap_get_groups($logged_in_user);
$fdny = fopen("/tmp/groups","w");
fwrite($fdny, print_r($allowed, true));
@@ -82,12 +91,12 @@ function getAllowedGroups($logged_in_user) {
}
$final_allowed = array();
-
+
foreach($config['system']['user'] as $username) {
- if($username['name'] = $logged_in_user)
+ if($username['name'] == $logged_in_user)
$allowed_groups = explode(",", $username['groupname']);
}
-
+
foreach($config['system']['group'] as $group) {
if(in_array($group['name'], $allowed_groups)) {
foreach($group['pages'] as $page) {
@@ -333,23 +342,35 @@ function getGroupHomePage($group = "") {
}
function isSystemAdmin($username = "") {
- global $groupindex, $userindex, $config, $g;
-
+ global $groupindex, $userindex, $config, $g, $_SESSION;
+
+ if($_SESSION['isSystemAdmin'])
+ return $_SESSION['isSystemAdmin'];
+
if($config['system']['webgui']['backend'] == "ldap") {
$groups = ldap_get_groups($username);
- if(is_array($groups))
- if(in_array("admins", $groups))
+ if(is_array($groups)){
+ if(in_array("admins", $groups)) {
+ $_SESSION['isSystemAdmin'] = true;
return true;
+ }
+ }
}
- if ($username == "") { return 0; }
+ if ($username == "") {
+ $_SESSION['isSystemAdmin'] = false;
+ return 0;
+ }
$gname = $config['system']['group'][$groupindex[$config['system']['user'][$userindex[$username]]['groupname']]]['name'];
if (isset($gname)) {
+ $_SESSION['isSystemAdmin'] = $gname === $g["admin_group"];
return ($gname === $g["admin_group"]);
}
+ $_SESSION['isSystemAdmin'] = false;
+
return 0;
}
@@ -761,7 +782,8 @@ function ldap_get_groups($username) {
if(!$ou) {
log_error("Could not resolve users home container for {$username}");
- return false;
+ $status = htpasswd_backed($username, $passwd);
+ return $status;
}
$search = ldap_search($ldap, $ou . "," . $ldapsearchbase, $ldapfilter, array('memberOf'));
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index c3d6f32..7dc1779 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -68,10 +68,10 @@ if (isset($_POST['scriptname']) && isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])
// Once here, the user has authenticated with the web server.
// Now, we give them access only to the appropriate pages for their group.
if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) {
- $g['privs'] = getAllowedGroups($HTTP_SERVER_VARS['AUTH_USER']);
- $allowed = $g['privs'];
+ $_SESSION['privs'] = getAllowedGroups($HTTP_SERVER_VARS['AUTH_USER']);
+ $allowed = $_SESSION['privs'];
- $allowed_groups = print_r($g['privs'],true);
+ $allowed_groups = print_r($_SESSION['privs'],true);
$fdny = fopen("/tmp/groups", "w");
fwrite($fdny, $allowed_groups);
fclose($fdny);
OpenPOWER on IntegriCloud