|
From: Luis M <le...@us...> - 2004-10-29 06:08:51
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/auth/authtypes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19458 Modified Files: slashAuthLDAP.class Log Message: fixed a number of bugs: 1. sql only users can authenticate (thanks to pre_auth) 2. ldap only users need to authenticate twice (dunno why) 3. ldap only users pre_auth fails always (dunno why) also, added a new method to generate a psl password (psl_passwd) Index: slashAuthLDAP.class =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/include/modules/auth/authtypes/slashAuthLDAP.class,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** slashAuthLDAP.class 29 Oct 2004 05:21:46 -0000 1.6 --- slashAuthLDAP.class 29 Oct 2004 06:08:35 -0000 1.7 *************** *** 21,25 **** var $ds = ""; /** database connection */ var $found = ""; /** search results found */ ! /** * PSL LDAP's pre-validation --- 21,38 ---- var $ds = ""; /** database connection */ var $found = ""; /** search results found */ ! ! /** ! * PSL password ! * ! * Arranges password in std PSL format ! * ! */ ! function psl_passwd ($username,$password,$challenge) ! { ! $md5_pw = md5("$username:$password"); ! $pw = md5("$md5_pw:$challenge"); ! return $pw; ! } ! /** * PSL LDAP's pre-validation *************** *** 43,47 **** // debug("challenge", $challenge); ! if ( $_PSL['LDAP_Auth_Register'] != true ) { debug("return","bailing out"); --- 56,60 ---- // debug("challenge", $challenge); ! if ( $_PSL['LDAP_Register_Auth'] != true ) { debug("return","bailing out"); *************** *** 51,67 **** // generate the expected response ! $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo ! $expected_response = md5("$md5_pw:$challenge"); ! // debug("expected_response", $expected_response); ! // True when JS is disabled ! if ($response == "") { ! $md5_pw_net = md5("$username:$password"); ! $response = md5("$md5_pw_net:$challenge"); ! } - // Response is set, JS might be enabled... // compare the responses ! if ($expected_response == $response) { // success $is_user = true; --- 64,76 ---- // generate the expected response ! $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo $expected_response = md5("$md5_pw:$challenge"); ! ! $response = $this->psl_passwd($username,$password,$challenge); // compare the responses ! debug("responses","$expected_response == $response"); ! if ($expected_response == $response) ! { // success $is_user = true; *************** *** 69,72 **** --- 78,82 ---- $this->auth["error"] = pslgetText("LDAP preauthentication failed."); } + debug("return",$is_user); return $is_user; } *************** *** 85,88 **** --- 95,103 ---- { global $challenge,$_PSL; + if ( $this->psl_preauth($username, $password, $user_info) == true ) + { + debug("return","user pre-authed"); + return true; + } $this->Host = $_PSL['LDAP_Host']; $this->Port = $_PSL['LDAP_Port']; *************** *** 183,187 **** $ary['username'] = $username; /** NOT NEEDED ? */ $ary['uname'] = $username; /** NOT NEEDED ? */ ! $ary['password'] = md5("$username:$password"); /** Plain text? */ /** permissions TODO ask if this is right way? */ $perms = array('nobody'=>20,'user'=>21); --- 198,202 ---- $ary['username'] = $username; /** NOT NEEDED ? */ $ary['uname'] = $username; /** NOT NEEDED ? */ ! $ary['password'] = $this->psl_passwd($username,$password,$challenge); /** permissions TODO ask if this is right way? */ $perms = array('nobody'=>20,'user'=>21); *************** *** 192,195 **** --- 207,211 ---- $this->auth["error"] = pslgetText("Could not register authenticated user in SQL db"); } + return true; } else { // failed - return with error message |
