From 8e7ac286389669883b1a5684127b6d1e0a63b91f Mon Sep 17 00:00:00 2001 From: cajus Date: Fri, 21 Dec 2007 17:27:25 +0000 Subject: [PATCH] * Updated error message handling * Updated authentication methods git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8167 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/html/index.php | 16 ++-- gosa-core/html/logout.php | 67 +++++++++------- .../ihtml/themes/default/logout-close.tpl | 13 ++++ gosa-core/ihtml/themes/default/logout.tpl | 2 +- gosa-core/include/class_config.inc | 7 +- gosa-core/include/class_ldap.inc | 6 +- gosa-core/include/class_pluglist.inc | 3 +- gosa-core/include/functions.inc | 76 +++++++++++++++++-- 8 files changed, 135 insertions(+), 55 deletions(-) create mode 100644 gosa-core/ihtml/themes/default/logout-close.tpl diff --git a/gosa-core/html/index.php b/gosa-core/html/index.php index 92116e6e4..39f8b74f4 100644 --- a/gosa-core/html/index.php +++ b/gosa-core/html/index.php @@ -202,20 +202,20 @@ if ($config->data['MAIN']['FORCESSL'] == 'true' && $ssl != ''){ $htaccess_authenticated= FALSE; if (isset($config->data['MAIN']['HTACCESS_AUTH']) && preg_match('/^(yes|true)$/i', $config->data['MAIN']['HTACCESS_AUTH'])){ if (!isset($_SERVER['REMOTE_USER'])){ - echo "GOsa error: "._("There is a problem with the authentication setup. Please inform your system administrator."); - exit; + print_red(_("There is a problem with the authentication setup. Please inform your system administrator.")); + display_error_page(); } $tmp= process_htaccess($_SERVER['REMOTE_USER'], isset($_SERVER['KRB5CCNAME'])); $username= $tmp['username']; $server= $tmp['server']; if ($username == ""){ - echo "GOsa error: "._("Cannot find a valid user for the current authentication setup."); - exit; + print_red(_("Cannot find a valid user for the current authentication setup.")); + display_error_page(); } if ($server == ""){ - echo "GOsa error: "._("User information is not uniq accross the configured directories. Cannot authenticated."); - exit; + print_red(_("User information is not uniq accross the configured directories. Cannot authenticated.")); + display_error_page(); } $htaccess_authenticated= TRUE; @@ -303,8 +303,8 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces if ($htaccess_authenticated){ $ui= ldap_login_user_htaccess($username); if ($ui === NULL || !$ui){ - echo "GOsa error: "._("Authentication via htaccess not possible. Unable to retrieve user information."); - exit; + print_red(_("Authentication via htaccess not possible. Unable to retrieve user information.")); + display_error_page(); } } else { $ui= ldap_login_user($username, $_POST["password"]); diff --git a/gosa-core/html/logout.php b/gosa-core/html/logout.php index b6d4b5531..c06a7866e 100644 --- a/gosa-core/html/logout.php +++ b/gosa-core/html/logout.php @@ -41,6 +41,34 @@ if(isset($_SESSION['ui'])){ new log("security","logout","",array(),"User \"".$ui->username."\" logged out") ; } +/* Language setup */ +if ((!isset($config))||(empty($config->data['MAIN']['LANG']))){ + $lang= get_browser_language(); +} else { + $lang= $config->data['MAIN']['LANG']; +} + +$lang.=".UTF-8"; +putenv("LANGUAGE="); +putenv("LANG=$lang"); +setlocale(LC_ALL, $lang); +$GLOBALS['t_language']= $lang; +$GLOBALS['t_gettext_message_dir'] = $BASE_DIR.'/locale/'; + +/* Set the text domain as 'messages' */ +$domain = 'messages'; +bindtextdomain($domain, "$BASE_DIR/locale"); +textdomain($domain); + +/* Create smarty & Set template compile directory */ +$smarty= new smarty(); +if (isset ($config->data['MAIN']['COMPILE'])){ + $smarty->compile_dir= $config->data['MAIN']['COMPILE']; +} else { + $smarty->compile_dir= '/var/spool/gosa/'; +} + + /* If GET request is posted, the logout was forced by pressing the link */ if (isset($_GET['request'])){ @@ -48,38 +76,19 @@ if (isset($_GET['request'])){ @session_unset (); @session_destroy (); - /* Go back to the base via header */ - header ("Location: index.php"); - exit(); - -}else{ // The logout wasn't forced, so the session is invalid - - /* Language setup */ - if ((!isset($config))||(empty($config->data['MAIN']['LANG']))){ - $lang= get_browser_language(); - } else { - $lang= $config->data['MAIN']['LANG']; + /* If we're not using htaccess authentication, just redirect... */ + if (!isset($config->data['MAIN']['HTACCESS_AUTH']) && !isset($_SERVER['REMOTE_USER'])){ + header ("Location: index.php"); + exit(); } - $lang.=".UTF-8"; - putenv("LANGUAGE="); - putenv("LANG=$lang"); - setlocale(LC_ALL, $lang); - $GLOBALS['t_language']= $lang; - $GLOBALS['t_gettext_message_dir'] = $BASE_DIR.'/locale/'; + /* Else notice that the user has to close the browser... */ + $smarty->display (get_template_path('headers.tpl')); + $smarty->display (get_template_path('logout-close.tpl')); + exit; - /* Set the text domain as 'messages' */ - $domain = 'messages'; - bindtextdomain($domain, "$BASE_DIR/locale"); - textdomain($domain); - - /* Create smarty & Set template compile directory */ - $smarty= new smarty(); - if (isset ($config->data['MAIN']['COMPILE'])){ - $smarty->compile_dir= $config->data['MAIN']['COMPILE']; - } else { - $smarty->compile_dir= '/var/spool/gosa/'; - } +}else{ // The logout wasn't forced, so the session is invalid + $smarty->display (get_template_path('headers.tpl')); $smarty->display (get_template_path('logout.tpl')); exit; diff --git a/gosa-core/ihtml/themes/default/logout-close.tpl b/gosa-core/ihtml/themes/default/logout-close.tpl new file mode 100644 index 000000000..b98070723 --- /dev/null +++ b/gosa-core/ihtml/themes/default/logout-close.tpl @@ -0,0 +1,13 @@ + + +
+
+

{t}Your GOsa session has been closed!{/t}

+

+ {t}Please close this browser window and clean the authentication caches to avoid an automatic re-authentication by your browser.{/t} +

+
+
+ + + diff --git a/gosa-core/ihtml/themes/default/logout.tpl b/gosa-core/ihtml/themes/default/logout.tpl index 27005eed6..bf00c46ac 100644 --- a/gosa-core/ihtml/themes/default/logout.tpl +++ b/gosa-core/ihtml/themes/default/logout.tpl @@ -19,4 +19,4 @@ --> - + diff --git a/gosa-core/include/class_config.inc b/gosa-core/include/class_config.inc index 92c875117..9e3753790 100644 --- a/gosa-core/include/class_config.inc +++ b/gosa-core/include/class_config.inc @@ -222,9 +222,7 @@ class config { if (is_null($this->ldap) || (is_int($this->ldap) && $this->ldap == 0)){ $smarty= get_smarty(); print_red (_("Can't bind to LDAP. Please contact the system administrator.")); - $smarty->display (get_template_path('headers.tpl')); - echo ''.$_SESSION['errors'].''; - exit(); + display_error_page(); } if (!isset($_SESSION['size_limit'])){ @@ -550,8 +548,7 @@ class config { if (count($this->data['SERVERS']['SAMBA']) == 0){ if (!isset($this->current["SID"]) || !isset($this->current["RIDBASE"])){ print_red(_("SID and/or RIDBASE missing in your configuration!")); - echo $_SESSION['errors']; - exit; + display_error_page(); } else { $this->data['SERVERS']['SAMBA']['DEFAULT']= array( "SID" => $this->current["SID"], diff --git a/gosa-core/include/class_ldap.inc b/gosa-core/include/class_ldap.inc index 2d7a8fcee..763db832a 100644 --- a/gosa-core/include/class_ldap.inc +++ b/gosa-core/include/class_ldap.inc @@ -720,8 +720,7 @@ class LDAP{ /* Bail out, if we've nothing to do... */ if ($ocname == ""){ print_red(sprintf(_("Autocreation of subtree failed. No objectClass found for attribute '%s'."), $type)); - echo $_SESSION['errors']; - exit; + display_error_page(); } /* Assemble_entry */ @@ -769,8 +768,7 @@ class LDAP{ break; default: print_red(sprintf(_("Autocreation of type '%s' is currently not supported. Please report to the GOsa team."), $type)); - echo $_SESSION['errors']; - exit; + display_error_page(); } } diff --git a/gosa-core/include/class_pluglist.inc b/gosa-core/include/class_pluglist.inc index 6fdf9b320..1337de824 100644 --- a/gosa-core/include/class_pluglist.inc +++ b/gosa-core/include/class_pluglist.inc @@ -148,8 +148,7 @@ class pluglist { /* Read information from class variable */ if (!isset($info['CLASS'])){ print_red(_("Your gosa.conf format has changed. Please re-run setup!")); - echo $_SESSION['errors']; - exit; + display_error_page(); } $vars= get_class_vars($info['CLASS']); $plHeadline= $vars['plHeadline']; diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index 7d70459a5..7cd830f50 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -296,19 +296,73 @@ function process_htaccess ($username, $kerberos= FALSE) { global $config; - /* - Search for $username and optinal @REALM in all configured LDAP trees */ - /* - If uniq, fill username and server with the correct values and return */ - /* - Else return emtpy values where the error occurs */ + /* Search for $username and optional @REALM in all configured LDAP trees */ + foreach($config->data["LOCATIONS"] as $name => $data){ + + $config->set_current($name); + $mode= "kerberos"; + if (isset($config->current['KRBSASL']) && preg_match('/^true$/i', $config->current['KRBSASL'])){ + $mode= "sasl"; + } + + /* Look for entry or realm */ + $ldap= $config->get_ldap_link(); + if (!preg_match("/Success/i", $ldap->error)){ + print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error())); + $smarty= get_smarty(); + $smarty->display(get_template_path('headers.tpl')); + echo "".get_global('errors').""; + exit(); + } + $ldap->search("(&(objectClass=gosaAccount)(|(uid=$username)(userPassword={$mode}$username)))", array("uid")); + /* Found a uniq match? Return it... */ + if ($ldap->count() == 1) { + $attrs= $ldap->fetch(); + return array("username" => $attrs["uid"][0], "server" => $name); + } + } + + /* Nothing found? Return emtpy array */ return array("username" => "", "server" => ""); } function ldap_login_user_htaccess ($username) { - /* Use the username to fill the userinfo class as in ldap_login_user and return */ - /* Load acl, etc.*/ - return NULL; + global $config; + + /* Look for entry or realm */ + $ldap= $config->get_ldap_link(); + if (!preg_match("/Success/i", $ldap->error)){ + print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error())); + $smarty= get_smarty(); + $smarty->display(get_template_path('headers.tpl')); + echo "".get_global('errors').""; + exit(); + } + $ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid")); + /* Found no uniq match? Strange, because we did above... */ + if ($ldap->count() != 1) { + print_red(_("Username / UID is not unique. Please check your LDAP database.")); + return (NULL); + } + $attrs= $ldap->fetch(); + + /* got user dn, fill acl's */ + $ui= new userinfo($config, $ldap->getDN()); + $ui->username= $attrs['uid'][0]; + + /* No password check needed - the webserver did it for us */ + $ldap->disconnect(); + + /* Username is set, load subtreeACL's now */ + $ui->loadACL(); + + /* TODO: check java script for htaccess authentication */ + $_SESSION['js']= true; + + return ($ui); } @@ -3298,5 +3352,15 @@ function _get_tz_zones() ); return(array("TIMEZONES" => $timezones, "DST_ZONES" => $dst_timezones)); } + + +function display_error_page() +{ + $smarty= get_smarty(); + $smarty->display(get_template_path('headers.tpl')); + echo "".msg_dialog::get_dialogs().""; + exit(); +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> -- 2.30.2