LDAP Integration - 7192.diff - TYPO3 Forge

Core Community ExtensionsIncubator Distributions TYPO3 4.5 Projects TYPO3 4.6 Projects TYPO3 4.7 Projects TYPO3 6.0 Projects TYPO3 6.1 Projects TYPO3 6.2 Projects (+)

7192.diff

Patch file for the extension. - Tizian Schmidlin, 2010-08-12 12:52

Download (8.3 kB)

     # cat=basic/enable; type=int+; label=Logging level (0 = none, 1 = normal, 2 = extensive).
     logLevel = 1
     # cat=basic/enable; type=boolean; label=General: Enable NTLM SSO. If checked a windows user of a domain may automatically login throug his NT User.
     enableSSO = 1
     # cat=basic/enable; type=input; label=Enable NTLM SSO: one or more PID where the ldap server records and users for SSO are stored z.B. "1,2"
     ssoPID = 2

     $EM_CONF[$_EXTKEY] = array(
     	'title' => 'LDAP',
     	'description' => 'LDAP Integration',
     	'description' => 'LDAP Integration - modified',
     	'category' => 'module',
     	'shy' => 0,
     	'version' => '2.8.8',
     	'version' => '12.8.8',
     	'dependencies' => '',
     	'conflicts' => '',
     	'priority' => '',

      * @param	array		$server_info: all ldap-server configuration needed (see table eu_ldapserver)
      * @param	string		$username: username to be checked in ldap
      * @param	string		$password: password to be checked
      * @param	boolean		$enableSSO: if 1 no password is expected and SSO value is trusted blindly
      * @return	array		ldap-user attributes, if found and authentificated
      */
     	function checkNTUser ($server_info, $username, $password) {
     	function checkNTUser ($server_info, $username, $password, $enableSSO = false) {
     		// convert character set local -> remote
     		$username = $this->csObj->conv($username, $this->localChar, $this->remoteChar);
-...
+    				}
+    			}
     			// authenticate user over ldap with password, continue if SSO/NTLM is activated and we trust apache/mod_ntlm
     			if ($username && $password) {
     				@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
     				if ($this->conf['logLevel'] == 2) t3lib_div::devLog('try to bind: '.$username.' / '.$password, 'eu_ldap', 0);
     				$r = @ldap_bind($ds,$username,$password);
     				// authenticate with cuser and cpass if $enableSSO because with SSO password is not existing
     				if($enableSSO) {
     					$r = @ldap_bind($ds, $cuser, $cpass);
     				} else {
     					$r = @ldap_bind($ds,$username,$password);
+    				}
     				if ($r) {
     					if ($this->conf['logLevel'] == 2) t3lib_div::devLog('bind successful', 'eu_ldap', -1);

     			t3lib_div::devLog('No ldap extension in PHP', 'eu_ldap', 3);
     			return false;
+    		}
     		// get configuration form extension manager
     		$this->conf = unserialize($TYPO3_CONF_VARS['EXT']['extConf']['eu_ldap']);
     		return parent::init();
-...
     		$this->password = $this->loginData['uident_text'];
     		$this->username = $this->loginData['uname'];
     		// use SSO information if SSO is available and enabled
     		if($this->conf['enableSSO'] && !empty($_SERVER['PHP_AUTH_USER']) && empty($this->username) && empty($this->password)) {
     			$this->username = $_SERVER['PHP_AUTH_USER'];
     			$this->loginData['status'] = 'login';
     			$this->password = 'sso-no-password'.time();
     			$this->authInfo['db_user']['checkPidList'] = $this->conf['ssoPID'];
     			$this->authInfo['db_user']['check_pid_clause'] = 'AND pid IN ('.$this->conf['ssoPID'].') ';
+    		}
+    	}
     	function getUser()	{
     		$OK = false;
     		$user = null;
     		// $user['authenticated'] = false;
     		if ($this->conf['logLevel'] > 0) t3lib_div::devLog('getUser() called', 'eu_ldap', 0);
     		if ($this->loginData['status'] == 'login') {
-...
     						'',
     						'sorting'
     					);
     					die($sql);
     					t3lib_div::devLog('looking for LDAP server records: '.$sql, 'eu_ldap', 0);
+    				}
     				$objLdap = new tx_euldap_div;
     				while (($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($dbres)) && !($OK)) {
     					if ($this->conf['logLevel'] == 1) t3lib_div::devLog('checking server: '.$row['server'], 'eu_ldap', 0);
     					$ldapres = $objLdap->checkNTUser($row, $this->username, $this->password);
     					// get ldap user information - pass on the SSO setting, checkNTUser works different if SSO is enabled
     					$ldapres = $objLdap->checkNTUser($row, $this->username, $this->password, $this->conf['enableSSO']);
     					if (is_array($ldapres)) {
     						if ($this->conf['logLevel'] >= 1) t3lib_div::devLog('Login successful', 'eu_ldap', -1);
     						if ($row['automatic_import']) {
-...
+    				}
+    			}
+    		}
     		return $user;
+    	}
-...
     	 * @param	array		Data of user.
     	 * @return	boolean
     	 */
     function authUser(&$user)	{
     	global $TYPO3_CONF_VARS;
     	$OK = 100;
     	// $this->pObj->challengeStoredInCookie = false;
     	if ($this->username)	{
     		$OK = 0;
     		$OK = $user['authenticated'];
     		if(!$OK)     {
     				// Failed login attempt (wrong password) - write that to the log!
     	function authUser(&$user)	{
     		global $TYPO3_CONF_VARS;
     		$OK = 100;
     		// $this->pObj->challengeStoredInCookie = false;
     		if ($this->username)	{
     			$OK = 0;
     			$OK = $user['authenticated'];
     			if(!$OK)     {
     					// Failed login attempt (wrong password) - write that to the log!
     				if ($this->writeAttemptLog) {
     					$this->writelog(255,3,3,1,
     						"Login-attempt from %s (%s), username '%s', password not accepted!",
     						array($this->info['REMOTE_ADDR'], $this->info['REMOTE_HOST'], $this->username));
+    				}
     				if ($this->conf['logLevel'] == 1) t3lib_div::devLog('Password not accepted: '.$this->password, 'eu_ldap', 2);
+    			}
     			$OK = $OK ? 200 : ($this->conf['onlyLDAP'] ? 0 : 100);
+    		}
     		if ($OK && $user['lockToDomain'] && $user['lockToDomain']!=$this->authInfo['HTTP_HOST'])	{
     			// Lock domain didn't match, so error:
     			if ($this->writeAttemptLog) {
     				$this->writelog(255,3,3,1,
     					"Login-attempt from %s (%s), username '%s', password not accepted!",
     					array($this->info['REMOTE_ADDR'], $this->info['REMOTE_HOST'], $this->username));
     					"Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!",
     					Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->authInfo['db_user']['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']));
     				t3lib_div::sysLog(
     					sprintf( "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->authInfo['db_user']['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST'] ),
     					'Core',
     				);
+    			}
     			if ($this->conf['logLevel'] == 1) t3lib_div::devLog('Password not accepted: '.$this->password, 'eu_ldap', 2);
     			$OK = false;
+    		}
     		$OK = $OK ? 200 : ($this->conf['onlyLDAP'] ? 0 : 100);
     		return $OK;
+    	}
     	if ($OK && $user['lockToDomain'] && $user['lockToDomain']!=$this->authInfo['HTTP_HOST'])	{
     		// Lock domain didn't match, so error:
     		if ($this->writeAttemptLog) {
     			$this->writelog(255,3,3,1,
     				"Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!",
     				Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->authInfo['db_user']['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']));
     			t3lib_div::sysLog(
     				sprintf( "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->authInfo['db_user']['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST'] ),
     				'Core',
     			);
+    		}
     		$OK = false;
+    	}
     	return $OK;
+    }
+    }