| 1 |
<?php |
<?php |
| 2 |
// $Id: ldapauth.module,v 1.44 2009/05/04 00:26:17 miglius Exp $ |
// $Id: ldapauth.module,v 1.45 2009/07/28 14:03:05 miglius Exp $ |
| 3 |
|
|
| 4 |
/** |
/** |
| 5 |
* @file |
* @file |
| 115 |
), |
), |
| 116 |
'admin/settings/ldap/ldapauth/activate' => array( |
'admin/settings/ldap/ldapauth/activate' => array( |
| 117 |
'title' => 'Activate LDAP Source', |
'title' => 'Activate LDAP Source', |
| 118 |
'page callback' => 'ldapauth_admin_activate', |
'page callback' => 'drupal_get_form', |
| 119 |
'page arguments' => array(5), |
'page arguments' => array('ldapauth_admin_activate'), |
| 120 |
'access arguments' => array('administer ldap modules'), |
'access arguments' => array('administer ldap modules'), |
| 121 |
'type' => MENU_CALLBACK, |
'type' => MENU_CALLBACK, |
| 122 |
'file' => 'ldapauth.admin.inc', |
'file' => 'ldapauth.admin.inc', |
| 123 |
), |
), |
| 124 |
'admin/settings/ldap/ldapauth/deactivate' => array( |
'admin/settings/ldap/ldapauth/deactivate' => array( |
| 125 |
'title' => 'De-Activate LDAP Source', |
'title' => 'De-activate LDAP Source', |
| 126 |
'page callback' => 'ldapauth_admin_deactivate', |
'page callback' => 'drupal_get_form', |
| 127 |
'page arguments' => array(5), |
'page arguments' => array('ldapauth_admin_deactivate'), |
| 128 |
'access arguments' => array('administer ldap modules'), |
'access arguments' => array('administer ldap modules'), |
| 129 |
'type' => MENU_CALLBACK, |
'type' => MENU_CALLBACK, |
| 130 |
'file' => 'ldapauth.admin.inc', |
'file' => 'ldapauth.admin.inc', |
| 201 |
|
|
| 202 |
// Replace the drupal authenticate function is it's used as validation. |
// Replace the drupal authenticate function is it's used as validation. |
| 203 |
if (isset($form['#validate']) && is_array($form['#validate']) && ($key = array_search('user_login_authenticate_validate', $form['#validate']))) |
if (isset($form['#validate']) && is_array($form['#validate']) && ($key = array_search('user_login_authenticate_validate', $form['#validate']))) |
| 204 |
$form['#validate'][$key] = 'ldapauth_login_validate'; |
$form['#validate'][$key] = 'ldapauth_login_authenticate_validate'; |
| 205 |
|
|
| 206 |
switch ($form_id) { |
switch ($form_id) { |
| 207 |
case 'user_login_block': |
case 'user_login_block': |
| 260 |
* |
* |
| 261 |
* If successful, sets the global $user object. |
* If successful, sets the global $user object. |
| 262 |
*/ |
*/ |
| 263 |
function ldapauth_login_validate($form, &$form_state) { |
function ldapauth_login_authenticate_validate($form, &$form_state) { |
| 264 |
ldapauth_authenticate($form_state['values']); |
ldapauth_authenticate($form_state['values']); |
| 265 |
} |
} |
| 266 |
|
|
| 275 |
$name = $form_values['name']; |
$name = $form_values['name']; |
| 276 |
$pass = trim($form_values['pass']); |
$pass = trim($form_values['pass']); |
| 277 |
|
|
| 278 |
|
// The user_login_name_validate() is not called if the user is being authenticated |
| 279 |
|
// from the httpauth or services modules, therefore call it here. |
| 280 |
|
$form_state['values'] = $form_values; |
| 281 |
|
user_login_name_validate(NULL, $form_state); |
| 282 |
|
|
| 283 |
// (Design decision) uid=1 (admin user) must always authenticate to local database |
// (Design decision) uid=1 (admin user) must always authenticate to local database |
| 284 |
// this user is critical for all drupal admin and upgrade operations so it is best |
// this user is critical for all drupal admin and upgrade operations so it is best |
| 285 |
// left with drupal's native authentication. |
// left with drupal's native authentication. |
| 305 |
} |
} |
| 306 |
} |
} |
| 307 |
|
|
| 308 |
|
$account = user_load(array('name' => $name, 'status' => 1)); |
| 309 |
|
if ($account && drupal_is_denied('mail', $account->mail)) { |
| 310 |
|
form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array('%name' => $account->name))); |
| 311 |
|
} |
| 312 |
|
|
| 313 |
|
// If there is any validations errors, we do not query LDAP. |
| 314 |
|
if (form_get_errors()) |
| 315 |
|
return; |
| 316 |
|
|
| 317 |
// Authenticate LDAP user. |
// Authenticate LDAP user. |
| 318 |
if (!($dn = _ldapauth_auth($name, $pass))) |
if (!($dn = _ldapauth_auth($name, $pass))) |
| 319 |
return; |
return; |
| 320 |
|
|
| 321 |
$account = user_load(array('name' => $name)); |
if (!$account) { |
|
if (!isset($account->uid)) { |
|
|
|
|
|
// Check if the username is allowed. |
|
|
if (drupal_is_denied('user', $name)) { |
|
|
drupal_set_message(t('The name %name has been denied access.', array('%name' => $name)), 'error'); |
|
|
return; |
|
|
} |
|
|
|
|
| 322 |
// Register this new user. |
// Register this new user. |
| 323 |
if ($ldap_user = _ldapauth_user_lookup($name)) { |
if ($ldap_user = _ldapauth_user_lookup($name)) { |
|
// Generate a random drupal password. LDAP password will be used anyways. |
|
|
$pass_new = (LDAPAUTH_LOGIN_PROCESS == LDAPAUTH_AUTH_EXCLUSIVED || !LDAPAUTH_SYNC_PASSWORDS) ? user_password(20) : $pass; |
|
|
|
|
| 324 |
// If mail attribute is missing, set the name as mail. |
// If mail attribute is missing, set the name as mail. |
| 325 |
$init = $mail = key_exists(($_ldapauth_ldap->getOption('mail_attr') ? $_ldapauth_ldap->getOption('mail_attr') : LDAPAUTH_DEFAULT_MAIL_ATTR), $ldap_user) ? $ldap_user[$_ldapauth_ldap->getOption('mail_attr')][0] : $name; |
$init = $mail = key_exists(($_ldapauth_ldap->getOption('mail_attr') ? $_ldapauth_ldap->getOption('mail_attr') : LDAPAUTH_DEFAULT_MAIL_ATTR), $ldap_user) ? $ldap_user[$_ldapauth_ldap->getOption('mail_attr')][0] : $name; |
| 326 |
|
|
| 327 |
|
// Check if the e-mail is not denied. |
| 328 |
|
if (drupal_is_denied('mail', $mail)) { |
| 329 |
|
form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array('%name' => $name))); |
| 330 |
|
return; |
| 331 |
|
} |
| 332 |
|
|
| 333 |
|
// Generate a random drupal password. LDAP password will be used anyways. |
| 334 |
|
$pass_new = (LDAPAUTH_LOGIN_PROCESS == LDAPAUTH_AUTH_EXCLUSIVED || !LDAPAUTH_SYNC_PASSWORDS) ? user_password(20) : $pass; |
| 335 |
|
|
| 336 |
$userinfo = array('name' => $name, 'pass' => $pass_new, 'mail' => $mail, 'init' => $init, 'status' => 1, 'authname_ldapauth' => $name, 'ldap_authentified' => TRUE, 'ldap_dn' => $ldap_user['dn'], 'ldap_config' => $_ldapauth_ldap->getOption('sid')); |
$userinfo = array('name' => $name, 'pass' => $pass_new, 'mail' => $mail, 'init' => $init, 'status' => 1, 'authname_ldapauth' => $name, 'ldap_authentified' => TRUE, 'ldap_dn' => $ldap_user['dn'], 'ldap_config' => $_ldapauth_ldap->getOption('sid')); |
| 337 |
$user = user_save('', $userinfo); |
$user = user_save('', $userinfo); |
| 338 |
watchdog('ldapauth', 'New external user %name created from the LDAP server %server.', array('%name' => $name, '%server' => $_ldapauth_ldap->getOption('name')), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit')); |
watchdog('ldapauth', 'New external user %name created from the LDAP server %server.', array('%name' => $name, '%server' => $_ldapauth_ldap->getOption('name')), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit')); |
| 339 |
} |
} |
| 340 |
} |
} |
|
else if ($account->status == 0) { |
|
|
// User is blocked. |
|
|
return; |
|
|
} |
|
| 341 |
else { |
else { |
| 342 |
// Login existing user. |
// Login existing user. |
| 343 |
$data = array( |
$data = array( |
Parent Directory
| 
Revision Log
| 
Revision Graph
| 
Patch