From 2f650197fb6965318123c40e6747558761063dfc Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Tue, 1 Jan 2008 00:06:18 +0000
Subject: * Missing = * Allow user manager to adhere to admins group

---
 etc/inc/auth.inc | 42 ++++++++++++++++++++++++++++++++----------
 1 file changed, 32 insertions(+), 10 deletions(-)

(limited to 'etc/inc/auth.inc')

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index cc486e0..734bb2a 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -60,10 +60,19 @@ function logout_session() {
 function getAllowedGroups($logged_in_user) {
 	global $g, $config;
 	
+	$allowed = array();
+	$allowed_groups = array();
+	
 	log_error("Getting groups for {$logged_in_user}.");
 	
+	$local_user = false;
+	
+	foreach($config['system']['user'] as $username) 
+		if($username['name'] = $logged_in_user) 
+			$local_user = true;
+	
 	/* return ldap groups if we are in ldap mode */
-	if($config['system']['webgui']['backend'] == "ldap") {
+	if($config['system']['webgui']['backend'] == "ldap" && $local_user == false) {
 		$allowed_groups = ldap_get_groups($logged_in_user);
 		$fdny = fopen("/tmp/groups","w");
 		fwrite($fdny, print_r($allowed, true));
@@ -82,12 +91,12 @@ function getAllowedGroups($logged_in_user) {
 	}
 	
 	$final_allowed = array();
-	
+
 	foreach($config['system']['user'] as $username) {
-		if($username['name'] = $logged_in_user) 
+		if($username['name'] == $logged_in_user) 
 			$allowed_groups  = explode(",", $username['groupname']);
 	}
-	
+		
 	foreach($config['system']['group'] as $group) {
 		if(in_array($group['name'], $allowed_groups)) {
 			foreach($group['pages'] as $page) {
@@ -333,23 +342,35 @@ function getGroupHomePage($group = "") {
 }
 
 function isSystemAdmin($username = "") {
-  global $groupindex, $userindex, $config, $g;
- 
+  global $groupindex, $userindex, $config, $g, $_SESSION;
+
+  if($_SESSION['isSystemAdmin']) 
+	return $_SESSION['isSystemAdmin'];
+
   if($config['system']['webgui']['backend'] == "ldap") {
 	$groups = ldap_get_groups($username);
-	if(is_array($groups))
-		if(in_array("admins", $groups))
+	if(is_array($groups)){
+		if(in_array("admins", $groups)) {
+			$_SESSION['isSystemAdmin'] = true;
 			return true;
+		}
+	}
   }
 
-  if ($username == "") { return 0; }
+  if ($username == "") { 
+		$_SESSION['isSystemAdmin'] = false; 
+		return 0; 
+  }
 
   $gname = $config['system']['group'][$groupindex[$config['system']['user'][$userindex[$username]]['groupname']]]['name'];
 
   if (isset($gname)) {
+	$_SESSION['isSystemAdmin'] = $gname === $g["admin_group"];
     return ($gname === $g["admin_group"]);
   }
 
+  $_SESSION['isSystemAdmin'] = false; 
+
   return 0;
 }
 
@@ -761,7 +782,8 @@ function ldap_get_groups($username) {
 
 	if(!$ou) {
 		log_error("Could not resolve users home container for {$username}");
-		return false;
+		$status = htpasswd_backed($username, $passwd);
+		return $status;	
 	}
 
 	$search = ldap_search($ldap, $ou . "," . $ldapsearchbase, $ldapfilter, array('memberOf'));
-- 
cgit v1.1