![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index f6626a8ac9aa9497cb633eb53c83c6d05ac71a6f..d9d12986fd5aa5ba65846f3604594aa4025f3899 100644 (file)
$ui= new userinfo($config, $ldap->getDN());
$ui->username= $attrs['uid'][0];
+ /* Bail out if we have login restrictions set, for security reasons
+ the message is the same than failed user/pw */
+ if (!$ui->loginAllowed()){
+ return (NULL);
+ }
+
/* No password check needed - the webserver did it for us */
$ldap->disconnect();
$ui= new userinfo($config, $ldap->getDN());
$ui->username= $attrs['uid'][0];
+ /* Bail out if we have login restrictions set, for security reasons
+ the message is the same than failed user/pw */
+ if (!$ui->loginAllowed()){
+ return (NULL);
+ }
+
/* password check, bind as user with supplied password */
$ldap->disconnect();
$ldap= new LDAP($ui->dn, $password, $config->current['SERVER'],
function expand_id($rule, $attributes)
{
/* Check for id rule */
- if(preg_match('/^id(:|#)\d+$/',$rule)){
- return (array("\{$rule}"));
+ if(preg_match('/^id(:|#|!)\d+$/',$rule)){
+ return (array("{$rule}"));
}
/* Check for clean attribute */
$proposed= recurse($stripped, $variables);
/* Get list of used ID's */
- $used= array();
$ldap= $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
- $ldap->search('(uid=*)');
-
- while($attrs= $ldap->fetch()){
- $used[]= $attrs['uid'][0];
- }
/* Remove used uids and watch out for id tags */
$ret= array();
foreach($proposed as $uid){
/* Check for id tag and modify uid if needed */
- if(preg_match('/\{id:\d+}/',$uid)){
- $size= preg_replace('/^.*{id:(\d+)}.*$/', '\\1', $uid);
+ if(preg_match('/\{id(:|!)\d+}/',$uid, $m)){
+ $size= preg_replace('/^.*{id(:|!)(\d+)}.*$/', '\\2', $uid);
- for ($i= 0, $p= pow(10,$size); $i < $p; $i++){
- $number= sprintf("%0".$size."d", $i);
- $res= preg_replace('/{id:(\d+)}/', $number, $uid);
- if (!in_array($res, $used)){
+ $start= $m[1]==":"?0:-1;
+ for ($i= $start, $p= pow(10,$size); $i < $p; $i++){
+ if ($i == -1) {
+ $number= "";
+ } else {
+ $number= sprintf("%0".$size."d", $i+1);
+ }
+ $res= preg_replace('/{id(:|!)\d+}/', $number, $uid);
+
+ $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn'));
+ if($ldap->count() == 0){
$uid= $res;
break;
}
mt_srand((double) microtime()*1000000);
$number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1));
$res= preg_replace('/{id#(\d+)}/', $number, $uid);
- if (!in_array($res, $used)){
+ $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn'));
+ if($ldap->count() == 0){
$uid= $res;
break;
}
}
/* Don't assign used ones */
- if (!in_array($uid, $used)){
+ $ldap->search("(uid=".preg_replace('/[{}]/', '', $uid).")",array('dn'));
+ if($ldap->count() == 0){
/* Add uid, but remove {} first. These are invalid anyway. */
$ret[]= preg_replace('/[{}]/', '', $uid);
}
$checks['gosaObject']['IS_MUST_HAVE'] = TRUE;
/* GOsa Account class */
- $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.1";
+ $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6";
$checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema");
$checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount");
$checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE;
}
+
function cred_decrypt($input,$password) {
$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, pack("H*", $input), MCRYPT_MODE_ECB, $iv);
}
+
function get_object_info()
{
return(session::get('objectinfo'));
}
+
function set_object_info($str = "")
{
session::set('objectinfo',$str);
}
+function isIpInNet($ip, $net, $mask) {
+ // Move to long ints
+ $ip= ip2long($ip);
+ $net= ip2long($net);
+ $mask= ip2long($mask);
+
+ // Mask given IP with mask. If it returns "net", we're in...
+ $res= $ip & $mask;
+
+ return ($res == $net);
+}
+
+
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>