Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
drupal7/sites/all/modules/honeypot/honeypot.info | ||
---|---|---|
6 | 6 |
|
7 | 7 |
files[] = honeypot.test |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2018-02-27
|
|
10 |
version = "7.x-1.24"
|
|
9 |
; Information added by Drupal.org packaging script on 2018-08-09
|
|
10 |
version = "7.x-1.25"
|
|
11 | 11 |
core = "7.x" |
12 | 12 |
project = "honeypot" |
13 |
datestamp = "1519706887" |
|
14 |
|
|
13 |
datestamp = "1533849190" |
drupal7/sites/all/modules/honeypot/honeypot.install | ||
---|---|---|
69 | 69 |
} |
70 | 70 |
|
71 | 71 |
// Delete 'honeypot' directory from files directory. |
72 |
file_unmanaged_delete_recursive(file_default_scheme() . '://honeypot'); |
|
72 |
file_unmanaged_delete_recursive(honeypot_file_default_scheme() . '://honeypot');
|
|
73 | 73 |
} |
74 | 74 |
|
75 | 75 |
/** |
drupal7/sites/all/modules/honeypot/honeypot.module | ||
---|---|---|
78 | 78 |
if (variable_get('honeypot_protect_all_forms', 0) && !in_array($form_id, $unprotected_forms)) { |
79 | 79 |
// Don't protect system forms - only admins should have access, and system |
80 | 80 |
// forms may be programmatically submitted by drush and other modules. |
81 |
if (strpos($form_id, 'system_') === FALSE && strpos($form_id, 'search_') === FALSE && strpos($form_id, 'views_exposed_form_') === FALSE) {
|
|
81 |
if (preg_match('/[^a-zA-Z]system_/', $form_id) === 0 && preg_match('/[^a-zA-Z]search_/', $form_id) === 0 && preg_match('/[^a-zA-Z]views_exposed_form_/', $form_id) === 0) {
|
|
82 | 82 |
honeypot_add_form_protection($form, $form_state, array('honeypot', 'time_restriction')); |
83 | 83 |
} |
84 | 84 |
} |
... | ... | |
503 | 503 |
* The path to the honeypot.css file. |
504 | 504 |
*/ |
505 | 505 |
function honeypot_get_css_file_path() { |
506 |
return file_default_scheme() . '://honeypot/honeypot.css'; |
|
506 |
return honeypot_file_default_scheme() . '://honeypot/honeypot.css';
|
|
507 | 507 |
} |
508 | 508 |
|
509 | 509 |
/** |
... | ... | |
513 | 513 |
* The honeypot element class name (e.g. 'url'). |
514 | 514 |
*/ |
515 | 515 |
function honeypot_create_css($element_name) { |
516 |
$path = file_default_scheme() . '://honeypot'; |
|
516 |
$path = honeypot_file_default_scheme() . '://honeypot';
|
|
517 | 517 |
|
518 | 518 |
if (!file_prepare_directory($path, FILE_CREATE_DIRECTORY)) { |
519 | 519 |
drupal_set_message(t('Unable to create Honeypot CSS directory, %path. Check the permissions on your files directory.', array('%path' => file_uri_target($path))), 'error'); |
... | ... | |
592 | 592 |
|
593 | 593 |
return $honeypot_time; |
594 | 594 |
} |
595 |
|
|
596 |
/** |
|
597 |
* Gets the default file stream for honeypot. |
|
598 |
* |
|
599 |
* @return |
|
600 |
* 'public', 'private' or any other file scheme defined as the default. |
|
601 |
* |
|
602 |
* @see file_default_scheme() |
|
603 |
*/ |
|
604 |
function honeypot_file_default_scheme() { |
|
605 |
return variable_get('honeypot_file_default_scheme', file_default_scheme()); |
|
606 |
} |
drupal7/sites/all/modules/honeypot/honeypot.test | ||
---|---|---|
387 | 387 |
// Make sure the Honeypot CSS file exists. |
388 | 388 |
$this->assertTrue(file_exists($honeypot_css)); |
389 | 389 |
} |
390 |
|
|
391 |
/** |
|
392 |
* Test CSS file availability. |
|
393 |
*/ |
|
394 |
public function testHoneypotCssAvailability() { |
|
395 |
// Public CSS file can be consumed. |
|
396 |
variable_set('file_default_scheme', 'public'); |
|
397 |
if ($wrapper = file_stream_wrapper_get_instance_by_uri(honeypot_get_css_file_path())) { |
|
398 |
$url = $wrapper->getExternalUrl(); |
|
399 |
} |
|
400 |
$this->drupalGet($url); |
|
401 |
$this->assertResponse(200); |
|
402 |
|
|
403 |
|
|
404 |
// Private CSS file can not be consumed. |
|
405 |
variable_set('file_default_scheme', 'private'); |
|
406 |
honeypot_cron(); |
|
407 |
if ($wrapper = file_stream_wrapper_get_instance_by_uri(honeypot_get_css_file_path())) { |
|
408 |
$url = $wrapper->getExternalUrl(); |
|
409 |
} |
|
410 |
$this->drupalGet($url); |
|
411 |
$this->assertNoResponse(200); |
|
412 |
|
|
413 |
// Site default is private, but override honeypot's to public to consume. |
|
414 |
variable_set('honeypot_file_default_scheme', 'public'); |
|
415 |
honeypot_cron(); |
|
416 |
if ($wrapper = file_stream_wrapper_get_instance_by_uri(honeypot_get_css_file_path())) { |
|
417 |
$url = $wrapper->getExternalUrl(); |
|
418 |
} |
|
419 |
$this->drupalGet($url); |
|
420 |
$this->assertResponse(200); |
|
421 |
} |
|
422 |
|
|
390 | 423 |
} |
391 | 424 |
|
392 | 425 |
/** |
... | ... | |
444 | 477 |
$this->drupalGet('node'); |
445 | 478 |
$this->assertText(t('has been banned'), 'User banned successfully.'); |
446 | 479 |
} |
480 |
|
|
447 | 481 |
} |
drupal7/sites/all/modules/honeypot/tests/honeypot_test.info | ||
---|---|---|
4 | 4 |
package = Testing |
5 | 5 |
hidden = true |
6 | 6 |
|
7 |
; Information added by Drupal.org packaging script on 2018-02-27
|
|
8 |
version = "7.x-1.24"
|
|
7 |
; Information added by Drupal.org packaging script on 2018-08-09
|
|
8 |
version = "7.x-1.25"
|
|
9 | 9 |
core = "7.x" |
10 | 10 |
project = "honeypot" |
11 |
datestamp = "1519706887" |
|
12 |
|
|
11 |
datestamp = "1533849190" |
drupal7/sites/all/modules/ldap/INSTALL.txt | ||
---|---|---|
1 |
|
|
2 | 1 |
================================================================================== |
3 |
LDAP Installation instructions:
|
|
2 |
Prerequisites
|
|
4 | 3 |
================================================================================== |
5 | 4 |
|
6 |
Note: This does not automatically upgrade for Drupal 6 LDAP Integration Modules. |
|
7 |
This functionality may be developed. Some notes are below. |
|
5 |
To set up LDAP efficiently, you need to acquire the relevant information for the |
|
6 |
domain you are authenticating against. |
|
7 |
|
|
8 |
Contact your organization's staff to receive the necessary information. This |
|
9 |
should include: |
|
10 |
|
|
11 |
* The servers available to you (hostname, port, encryption preference) |
|
12 |
* The binding method (service account including credentials, if necessary) |
|
13 |
* If applicable, the structure of the data you are trying to sync, e.g. |
|
14 |
sAMAccountName is the unique name attribute for your Active Directory. |
|
15 |
|
|
16 |
### Requirements |
|
8 | 17 |
|
9 |
1) Download the whole package of files from |
|
10 |
http://drupal.org/project/ldap |
|
18 |
The following requirements need to be met for you to work with any of the LDAP |
|
19 |
modules. |
|
20 |
|
|
21 |
* PHP version 5.6. |
|
22 |
* PHP LDAP extension. |
|
23 |
|
|
24 |
================================================================================== |
|
25 |
Installation instructions: |
|
26 |
================================================================================== |
|
11 | 27 |
|
12 |
2) Upload the LDAP files to the modules directory.
|
|
28 |
1) Download the LDAP module as you would any other.
|
|
13 | 29 |
|
14 |
3) Go to admin/build/modules and enable the needed modules from the
|
|
15 |
Lightweight Directory Access Protocal group.
|
|
30 |
2) Go to admin/build/modules and enable the needed modules from the
|
|
31 |
Lightweight Directory Access Protocol group.
|
|
16 | 32 |
|
17 |
4) Enable and configure ldap servers and configure at least one server.
|
|
33 |
3) Enable and configure ldap servers and configure at least one server.
|
|
18 | 34 |
|
19 |
5) Enable the other LDAP modules you need.
|
|
35 |
4) Enable the other LDAP modules you need.
|
|
20 | 36 |
|
21 |
6) LDAP Help is just for debugging and administrator help. Use it if you have problems.
|
|
22 |
Disable it in production; it adds no functionality or end user help. |
|
37 |
5) LDAP Help is just for debugging and administrator help. Use it if you have
|
|
38 |
problems. Disable it in production; it adds no functionality or end user help.
|
|
23 | 39 |
|
24 | 40 |
================================================================================== |
25 |
Older PHP versions
|
|
41 |
Configuration overrides
|
|
26 | 42 |
================================================================================== |
27 |
These modules will NOT work If you are using PHP 4 or any other version less |
|
28 |
than 5.1. |
|
43 |
|
|
44 |
If you need to selectively disable LDAP functionality and cannot disable the |
|
45 |
modules, use configuration overrides, such as the following in settings.php and |
|
46 |
clearing your cache afterwards. |
|
47 |
|
|
48 |
// Disable the server you are syncing users from LDAP to Drupal. |
|
49 |
$conf['ldap_user_conf']['drupalAcctProvisionServer'] = 0; |
|
50 |
// Disable LDAP authentication. |
|
51 |
$conf['ldap_authentication_conf']['sids'] = []; |
|
52 |
// Set bind DN and bind password for service account. |
|
53 |
$conf['ldap_servers_overrides']['my_server']['binddn'] = 'my_dn'; |
|
54 |
$conf['ldap_servers_overrides']['my_server']['bindpw'] = 'my_password'; |
|
55 |
|
|
56 |
IMPORTANT: These overrides will change the data in your admin forms, saving them |
|
57 |
will save them permanently in the database. |
|
29 | 58 |
|
30 | 59 |
================================================================================== |
31 | 60 |
More documentation is available at: |
32 | 61 |
|
33 | 62 |
http://drupal.org/project/ldap -- project homepage |
34 | 63 |
http://drupal.org/node/997082 - project documentation |
35 |
================================================================================== |
|
36 |
|
|
37 |
Crossgrading: |
|
38 |
|
|
39 |
Drupal 6 ldapauth -> ldap_authentication |
|
40 |
- get rid of authmap records associated with ldapauth with the following sql: |
|
41 |
DELETE FROM authmap WHERE module = 'ldapauth' |
|
64 |
================================================================================== |
drupal7/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConfAdmin.class.php | ||
---|---|---|
114 | 114 |
'users of this site to be authenticated by visiting the URL ' . |
115 | 115 |
'"user/login/sso, or automatically if selecting "automated ' . |
116 | 116 |
'single sign-on" below. Set up of LDAP authentication must be ' . |
117 |
'performed on the web server. Please review the !readme file ' . |
|
118 |
'for more information.', array('!readme' => |
|
119 |
l(t('README.txt'), drupal_get_path('module', 'ldap_sso') . '/README.txt'))) |
|
117 |
'performed on the web server. Please review the readme file of the '. |
|
118 |
'ldap_sso module for more information.') |
|
120 | 119 |
. '</p>'; |
121 | 120 |
|
122 | 121 |
$values['ssoExcludedPathsDescription'] = '<p>' . |
... | ... | |
379 | 378 |
'#title' => t('Deny access to users without Ldap Authorization Module |
380 | 379 |
authorization mappings such as Drupal roles. |
381 | 380 |
Requires LDAP Authorization to be enabled and configured!'), |
382 |
'#default_value' => $this->excludeIfNoAuthorizations,
|
|
381 |
'#default_value' => $this->excludeIfNoAuthorizations, |
|
383 | 382 |
'#description' => t($this->excludeIfNoAuthorizationsDescription, $tokens), |
384 | 383 |
'#disabled' => (boolean)(!module_exists('ldap_authorization')), |
385 | 384 |
); |
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.admin.inc | ||
---|---|---|
5 | 5 |
* Administrative page callbacks for the ldap_authentication module. |
6 | 6 |
*/ |
7 | 7 |
|
8 |
|
|
9 | 8 |
/** |
10 | 9 |
* form for adding, updating, and deleting a single ldap authorization mapping |
11 | 10 |
* |
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.api.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* summary of hooks and other developer related functions
|
|
5 |
* Summary of hooks and other developer related functions.
|
|
6 | 6 |
*/ |
7 | 7 |
|
8 | 8 |
/** |
9 |
* Allow a custom module to examine the user's ldap details |
|
10 |
* and refuse authentication. See also: http://drupal.org/node/1634930 |
|
9 |
* Allow a custom module to check user's ldap details and refuse authentication. |
|
11 | 10 |
* |
12 |
* @param array $ldap_user |
|
13 |
* See README.developers.txt for structure |
|
14 |
* @param string $name |
|
15 |
* The drupal account name or proposed drupal account name if none exists yet |
|
16 |
* @param boolean $hook_result |
|
17 |
* TRUE for allow, FALSE for deny. |
|
18 |
* If set to TRUE or FALSE, another module has already set this and function should |
|
19 |
* be careful about overriding this. |
|
11 |
* See also: http://drupal.org/node/1634930. |
|
20 | 12 |
* |
21 |
* @return boolean &$hook_result passed by reference |
|
13 |
* @param array $ldap_user |
|
14 |
* See README.developers.txt for structure. |
|
15 |
* @param string $name |
|
16 |
* The drupal account name or proposed drupal account name if none exists yet. |
|
17 |
* @param bool $hook_result |
|
18 |
* TRUE for allow, FALSE for deny. |
|
19 |
* If set to TRUE or FALSE, another module has already set this and function |
|
20 |
* should be careful about overriding this. |
|
22 | 21 |
*/ |
23 |
function hook_ldap_authentication_allowuser_results_alter($ldap_user, $name, &$hook_result) { |
|
24 |
|
|
25 |
if ($hook_result === FALSE) { // other module has denied user, should not override
|
|
22 |
function hook_ldap_authentication_allowuser_results_alter(array $ldap_user, $name, &$hook_result) {
|
|
23 |
// Other module has denied user, should not override. |
|
24 |
if ($hook_result === FALSE) { |
|
26 | 25 |
return; |
27 | 26 |
} |
28 |
elseif ($hook_result === TRUE) { // other module has allowed, maybe override |
|
27 |
// Other module has allowed, maybe override. |
|
28 |
elseif ($hook_result === TRUE) { |
|
29 | 29 |
if (mymodule_dissapproves($ldap_user, $name)) { |
30 | 30 |
$hook_result = FALSE; |
31 | 31 |
} |
32 | 32 |
} |
33 |
|
|
34 | 33 |
} |
35 | 34 |
|
36 | 35 |
/** |
37 |
* Allow a custom module to alter $ldap_user before validating user login.
|
|
36 |
* Allow a custom module to alter $ldap_user. |
|
38 | 37 |
* |
39 |
* @param array $ldap_user |
|
40 |
* See README.developers.txt for structure |
|
38 |
* @param array $ldap_user |
|
39 |
* See README.developers.txt for structure. |
|
40 |
* @param array $params |
|
41 |
* Array of parameters. Includes account key with the Drupal account as value. |
|
41 | 42 |
*/ |
42 |
function hook_ldap_entry_alter(&$ldap_user) {
|
|
43 |
function hook_ldap_entry_alter(array &$ldap_user, array $params) {
|
|
43 | 44 |
$ldap_user['mail'] = 'newmail@example.com'; |
44 | 45 |
} |
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc | ||
---|---|---|
36 | 36 |
|
37 | 37 |
if (@in_array('user_login_authenticate_validate', $form['#validate']) && $auth_conf->authenticationMode) { |
38 | 38 |
$key = array_search('user_login_authenticate_validate', $form['#validate']); |
39 |
$form['#validate'][$key] = 'ldap_authentication_core_override_user_login_authenticate_validate';
|
|
39 |
$form['#validate'][$key] = 'ldap_authentication_core_override_user_login_authenticate_validate'; |
|
40 | 40 |
array_splice($form['#validate'], $key + 1, 0, 'ldap_authentication_user_login_authenticate_validate'); |
41 | 41 |
} |
42 | 42 |
|
... | ... | |
207 | 207 |
elseif ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) { |
208 | 208 |
if ($detailed_watchdog_log) { |
209 | 209 |
watchdog('ldap_authentication', '%username : Previously authenticated in exclusive mode or uid is not 1. Clear uid |
210 |
in form_state and attempt ldap authentication.', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
210 |
in form_state and attempt ldap authentication.', $watchdog_tokens, WATCHDOG_DEBUG); |
|
211 | 211 |
} |
212 | 212 |
$form_state['uid'] = NULL; // passed previous authentication, but only ldap should be used so override |
213 | 213 |
} |
... | ... | |
217 | 217 |
* II. Exit if no authentication servers. |
218 | 218 |
*/ |
219 | 219 |
if (!$auth_conf->hasEnabledAuthenticationServers()) { |
220 |
watchdog('ldap_authentication', 'No LDAP servers configured.', array(), WATCHDOG_ERROR);
|
|
220 |
watchdog('ldap_authentication', 'No LDAP servers configured.', array(), WATCHDOG_ERROR); |
|
221 | 221 |
form_set_error('name', 'Server Error: No LDAP servers configured.'); |
222 | 222 |
return; |
223 | 223 |
} |
... | ... | |
236 | 236 |
* IV. test credentials and if available get corresponding ldap user and ldap server |
237 | 237 |
*/ |
238 | 238 |
list($authentication_result, $ldap_user, $ldap_server_authenticated_on) = ldap_authentication_test_credentials($auth_conf, $sso_login, $authname, $form_state['values']['pass'], $watchdog_tokens); |
239 |
drupal_alter('ldap_entry', $ldap_user); |
|
239 |
$params['account'] = $drupal_account; |
|
240 |
drupal_alter('ldap_entry', $ldap_user, $params); |
|
240 | 241 |
if ($authentication_result != LDAP_AUTHENTICATION_RESULT_SUCCESS) { |
241 | 242 |
ldap_authentication_fail_response($authentication_result, $auth_conf, $detailed_watchdog_log, $watchdog_tokens); |
242 | 243 |
return; |
... | ... | |
257 | 258 |
$watchdog_tokens['%account_name_attr'] = $ldap_server_authenticated_on->account_name_attr; |
258 | 259 |
$drupal_accountname = $ldap_user['attr'][ldap_server_massage_text($ldap_server_authenticated_on->account_name_attr, 'attr_name', LDAP_SERVER_MASSAGE_QUERY_ARRAY)][0]; |
259 | 260 |
if (!$drupal_accountname) { |
260 |
watchdog('ldap_authentication', 'Derived drupal username from attribute %account_name_attr returned no username for authname %authname.', $watchdog_tokens, WATCHDOG_ERROR);
|
|
261 |
watchdog('ldap_authentication', 'Derived drupal username from attribute %account_name_attr returned no username for authname %authname.', $watchdog_tokens, WATCHDOG_ERROR); |
|
261 | 262 |
return; |
262 | 263 |
} |
263 | 264 |
} |
... | ... | |
369 | 370 |
|
370 | 371 |
$watchdog_tokens['%username'] = $drupal_account->name; |
371 | 372 |
if (!$updated_account = user_save($drupal_account, $user_edit)) { |
372 |
watchdog('ldap_authentication', 'Failed to make changes to user %username updated %changed.', $watchdog_tokens, WATCHDOG_ERROR);
|
|
373 |
watchdog('ldap_authentication', 'Failed to make changes to user %username updated %changed.', $watchdog_tokens, WATCHDOG_ERROR); |
|
373 | 374 |
} |
374 | 375 |
elseif ($auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ) { |
375 | 376 |
if (isset($user_edit['mail'])) { |
... | ... | |
513 | 514 |
$drupal_account_is_authmapped = isset($authmaps['ldap_user']); |
514 | 515 |
$user_data = $drupal_account->data; |
515 | 516 |
if ($drupal_account->uid == 1 && $detailed_watchdog_log) { |
516 |
watchdog('ldap_authentication', '%username : Drupal username maps to user 1, so do not authenticate with ldap', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
517 |
watchdog('ldap_authentication', '%username : Drupal username maps to user 1, so do not authenticate with ldap', $watchdog_tokens, WATCHDOG_DEBUG); |
|
517 | 518 |
} |
518 | 519 |
elseif ($detailed_watchdog_log) { |
519 |
watchdog('ldap_authentication', '%username : Drupal User Account found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
520 |
watchdog('ldap_authentication', '%username : Drupal User Account found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG); |
|
520 | 521 |
} |
521 | 522 |
} |
522 | 523 |
else { // account does not exist |
... | ... | |
552 | 553 |
$authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT; |
553 | 554 |
$watchdog_tokens['%err_msg'] = $ldap_server->errorMsg('ldap'); |
554 | 555 |
if ($detailed_watchdog_log) { |
555 |
watchdog('ldap_authentication', '%username : Failed connecting to %sid. Error: %err_msg', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
556 |
watchdog('ldap_authentication', '%username : Failed connecting to %sid. Error: %err_msg', $watchdog_tokens, WATCHDOG_DEBUG); |
|
556 | 557 |
} |
557 | 558 |
$watchdog_tokens['%err_msg'] = NULL; |
558 | 559 |
continue; // next server, please |
559 | 560 |
} |
560 | 561 |
elseif ($detailed_watchdog_log) { |
561 |
watchdog('ldap_authentication', '%username : Success at connecting to %sid', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
562 |
watchdog('ldap_authentication', '%username : Success at connecting to %sid', $watchdog_tokens, WATCHDOG_DEBUG); |
|
562 | 563 |
} |
563 | 564 |
|
564 | 565 |
$bind_success = FALSE; |
... | ... | |
576 | 577 |
// with sso enabled this method of binding isn't valid |
577 | 578 |
foreach ($ldap_server->basedn as $basedn) { |
578 | 579 |
$search = array('%basedn', '%username'); |
579 |
$transformname = $ldap_server->userUsernameToLdapNameTransform($authname, $watchdog_tokens);
|
|
580 |
$transformname = $ldap_server->userUsernameToLdapNameTransform($authname, $watchdog_tokens); |
|
580 | 581 |
$replace = array($basedn, $transformname); |
581 | 582 |
$userdn = str_replace($search, $replace, $ldap_server->user_dn_expression); |
582 | 583 |
$bind_success = ($ldap_server->bind($userdn, $password, FALSE) == LDAP_SUCCESS); |
... | ... | |
701 | 702 |
|
702 | 703 |
$watchdog_tokens['%result'] = $result; |
703 | 704 |
$watchdog_tokens['%auth_result'] = $authentication_result; |
704 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result) ;
|
|
705 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result) ; |
|
705 | 706 |
if ($detailed_watchdog_log) { |
706 |
watchdog('ldap_authentication', '%username : Authentication result id=%result auth_result=%auth_result (%err_text)', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
707 |
watchdog('ldap_authentication', '%username : Authentication result id=%result auth_result=%auth_result (%err_text)', $watchdog_tokens, WATCHDOG_DEBUG); |
|
707 | 708 |
} |
708 | 709 |
|
709 | 710 |
return array($authentication_result, $ldap_user, $ldap_server); |
710 | 711 |
} |
711 | 712 |
|
712 | 713 |
function ldap_authentication_fail_response($authentication_result, $auth_conf, $detailed_watchdog_log, &$watchdog_tokens) { |
713 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result);
|
|
714 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result); |
|
714 | 715 |
// fail scenario 1. ldap auth exclusive and failed throw error so no other authentication methods are allowed |
715 | 716 |
if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) { |
716 | 717 |
if ($detailed_watchdog_log) { |
... | ... | |
754 | 755 |
break; |
755 | 756 |
|
756 | 757 |
case LDAP_AUTHENTICATION_RESULT_FAIL_FIND: |
757 |
$msg = t('Sorry, unrecognized username or password.');
|
|
758 |
$msg = t('Sorry, unrecognized username or password.'); |
|
758 | 759 |
break; |
759 | 760 |
|
760 | 761 |
case LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED: |
... | ... | |
762 | 763 |
break; |
763 | 764 |
|
764 | 765 |
case LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS: |
765 |
$msg = t('Sorry, unrecognized username or password.');
|
|
766 |
$msg = t('Sorry, unrecognized username or password.'); |
|
766 | 767 |
break; |
767 | 768 |
|
768 | 769 |
case LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC: |
... | ... | |
777 | 778 |
|
778 | 779 |
return $msg; |
779 | 780 |
} |
780 |
|
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.info | ||
---|---|---|
16 | 16 |
|
17 | 17 |
test_dependencies[] = ldap_sso:ldap_sso |
18 | 18 |
|
19 |
; Information added by Drupal.org packaging script on 2017-08-27
|
|
20 |
version = "7.x-2.3"
|
|
19 |
; Information added by Drupal.org packaging script on 2018-08-13
|
|
20 |
version = "7.x-2.4"
|
|
21 | 21 |
core = "7.x" |
22 | 22 |
project = "ldap" |
23 |
datestamp = "1503841448" |
|
24 |
|
|
23 |
datestamp = "1534201086" |
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.install | ||
---|---|---|
5 | 5 |
* Install, update and uninstall functions for the LDAP authentication module. |
6 | 6 |
*/ |
7 | 7 |
|
8 |
|
|
9 | 8 |
/** |
10 | 9 |
* Implements hook_requirements(). |
11 | 10 |
*/ |
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.module | ||
---|---|---|
10 | 10 |
*/ |
11 | 11 |
define('LDAP_AUTHENTICATION_PROJECT_TAG', 'ldap'); |
12 | 12 |
|
13 |
define('LDAP_AUTHENTICATION_MIXED', 1);
|
|
14 |
define('LDAP_AUTHENTICATION_EXCLUSIVE', 2);
|
|
13 |
define('LDAP_AUTHENTICATION_MIXED', 1); |
|
14 |
define('LDAP_AUTHENTICATION_EXCLUSIVE', 2); |
|
15 | 15 |
define('LDAP_AUTHENTICATION_MODE_DEFAULT', 1); |
16 | 16 |
|
17 | 17 |
define('LDAP_AUTHENTICATION_EXCL_IF_NO_AUTHZ_DEFAULT', 0); |
18 |
define('LDAP_AUTHENTICATION_CONFLICT_LOG', 1);
|
|
19 |
define('LDAP_AUTHENTICATION_CONFLICT_RESOLVE', 2);
|
|
18 |
define('LDAP_AUTHENTICATION_CONFLICT_LOG', 1); |
|
19 |
define('LDAP_AUTHENTICATION_CONFLICT_RESOLVE', 2); |
|
20 | 20 |
define('LDAP_AUTHENTICATION_CONFLICT_RESOLVE_DEFAULT', 2); |
21 | 21 |
|
22 |
define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY', 1);
|
|
23 |
define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE', 2);
|
|
24 |
define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE', 3);
|
|
25 |
define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DEFAULT', 1);
|
|
22 |
define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY', 1); |
|
23 |
define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE', 2); |
|
24 |
define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE', 3); |
|
25 |
define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DEFAULT', 1); |
|
26 | 26 |
|
27 |
define('LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE', 2);
|
|
28 |
define('LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE', 3);
|
|
29 |
define('LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW', 4);
|
|
30 |
define('LDAP_AUTHENTICATION_EMAIL_FIELD_DEFAULT', 3);
|
|
27 |
define('LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE', 2); |
|
28 |
define('LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE', 3); |
|
29 |
define('LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW', 4); |
|
30 |
define('LDAP_AUTHENTICATION_EMAIL_FIELD_DEFAULT', 3); |
|
31 | 31 |
|
32 |
define('LDAP_AUTHENTICATION_EMAIL_TEMPLATE_NONE', 1);
|
|
32 |
define('LDAP_AUTHENTICATION_EMAIL_TEMPLATE_NONE', 1); |
|
33 | 33 |
define('LDAP_AUTHENTICATION_EMAIL_TEMPLATE_ALWAYS', 2); |
34 | 34 |
define('LDAP_AUTHENTICATION_EMAIL_TEMPLATE_IF_EMPTY', 3); |
35 | 35 |
define('LDAP_AUTHENTICATION_EMAIL_TEMPLATE_DEFAULT', 3); |
... | ... | |
42 | 42 |
define('LDAP_AUTHENTICATION_TEMPLATE_USAGE_RESOLVE_CONFLICT_DEFAULT', 0); |
43 | 43 |
define('LDAP_AUTHENTICATION_TEMPLATE_USAGE_PROMPT_USER_DEFAULT', 0); |
44 | 44 |
|
45 |
define('LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW', 2);
|
|
46 |
define('LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE', 3);
|
|
47 |
define('LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW', 4);
|
|
48 |
define('LDAP_AUTHENTICATION_PASSWORD_FIELD_DEFAULT', 2);
|
|
49 |
|
|
50 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT', 1);
|
|
51 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_BIND', 2);
|
|
52 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_FIND', 3);
|
|
53 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED', 4);
|
|
54 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS', 5);
|
|
55 |
define('LDAP_AUTHENTICATION_RESULT_SUCCESS', 6);
|
|
56 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC', 7);
|
|
45 |
define('LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW', 2); |
|
46 |
define('LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE', 3); |
|
47 |
define('LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW', 4); |
|
48 |
define('LDAP_AUTHENTICATION_PASSWORD_FIELD_DEFAULT', 2); |
|
49 |
|
|
50 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT', 1); |
|
51 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_BIND', 2); |
|
52 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_FIND', 3); |
|
53 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED', 4); |
|
54 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS', 5); |
|
55 |
define('LDAP_AUTHENTICATION_RESULT_SUCCESS', 6); |
|
56 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC', 7); |
|
57 | 57 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_SERVER' , 8); |
58 | 58 |
|
59 |
define('LDAP_AUTHENTICATION_ACCT_CREATION_DEFAULT', 4);
|
|
59 |
define('LDAP_AUTHENTICATION_ACCT_CREATION_DEFAULT', 4); |
|
60 | 60 |
define('LDAP_AUTHENTICATION_ACCT_CREATION_USER_SETTINGS_FOR_LDAP', 1); |
61 |
define('LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR', 4);
|
|
61 |
define('LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR', 4); |
|
62 | 62 |
|
63 | 63 |
define('LDAP_AUTHENTICATION_HELP_LINK_TEXT_DEFAULT', 'Logon Help'); |
64 | 64 |
|
... | ... | |
250 | 250 |
* Implements hook_info(). |
251 | 251 |
*/ |
252 | 252 |
function ldap_authentication_info($field = 0) { |
253 |
$info['name']= 'ldap_authentication'; |
|
253 |
$info['name'] = 'ldap_authentication';
|
|
254 | 254 |
$info['protocol'] = 'LDAP'; |
255 | 255 |
|
256 | 256 |
if ($field) { |
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.theme.inc | ||
---|---|---|
48 | 48 |
$msg = t('This page is only useful for the site administrator. All other users |
49 | 49 |
need to reset their passwords'); |
50 | 50 |
if ($auth_conf->ldapUserHelpLinkUrl) { |
51 |
$msg .= ' ' . t('at') . ' ' . l(t($auth_conf->ldapUserHelpLinkText), $auth_conf->ldapUserHelpLinkUrl) . '.';
|
|
51 |
$msg .= ' ' . t('at') . ' ' . l(t($auth_conf->ldapUserHelpLinkText), $auth_conf->ldapUserHelpLinkUrl) . '.'; |
|
52 | 52 |
} |
53 | 53 |
else { |
54 |
$msg .= ' ' . t('with one of your organizations password management sites.');
|
|
54 |
$msg .= ' ' . t('with one of your organizations password management sites.'); |
|
55 | 55 |
} |
56 | 56 |
} |
57 | 57 |
else { // mixed mode |
drupal7/sites/all/modules/ldap/ldap_authentication/tests/ldap_authentication.test | ||
---|---|---|
5 | 5 |
* ldap_authentication simpletests |
6 | 6 |
* |
7 | 7 |
*/ |
8 |
|
|
8 | 9 |
module_load_include('php', 'ldap_test', 'LdapTestCase.class'); |
9 | 10 |
module_load_include('module', 'ldap_authentication'); |
10 | 11 |
|
... | ... | |
225 | 226 |
); |
226 | 227 |
|
227 | 228 |
$this->drupalPost('user', $edit, t('Log in')); |
228 |
$this->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid );
|
|
229 |
$this->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid ); |
|
229 | 230 |
$this->drupalLogout(); |
230 | 231 |
|
231 | 232 |
/** LDAP_authen.EM.ULT.drupal.goodpwd - result: failed logon **/ |
... | ... | |
677 | 678 |
module_exists('ldap_authentication') && |
678 | 679 |
(variable_get('ldap_simpletest', 2) > 0) |
679 | 680 |
); |
680 |
$this->assertTrue($setup_success, ' ldap_authentication UI setup successful', $this->testId('user interface tests'));
|
|
681 |
$this->assertTrue($setup_success, ' ldap_authentication UI setup successful', $this->testId('user interface tests')); |
|
681 | 682 |
|
682 | 683 |
$sid = 'activedirectory1'; |
683 | 684 |
$sids = array('activedirectory1'); |
drupal7/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* |
|
6 |
* abstract class to represent an ldap_authorization consumer behavior |
|
5 |
* Abstract class to represent an ldap_authorization consumer behavior |
|
7 | 6 |
* such as drupal_role, og_group, etc. each authorization comsumer |
8 | 7 |
* will extend this class with its own class named |
9 |
* LdapAuthorizationConsumer<consumer type> such as LdapAuthorizationConsumerDrupalRole |
|
10 |
* |
|
8 |
* LdapAuthorizationConsumer<consumer type> such as LdapAuthorizationConsumerDrupalRole. |
|
11 | 9 |
*/ |
12 | 10 |
|
11 |
/** |
|
12 |
* |
|
13 |
*/ |
|
13 | 14 |
class LdapAuthorizationConsumerAbstract { |
14 | 15 |
|
15 |
public $consumerType = NULL; // machine name of consumer. e.g. og_group, drupal_role, etc. |
|
16 |
/** |
|
17 |
* Machine name of consumer. e.g. og_group, drupal_role, etc. |
|
18 |
*/ |
|
19 |
public $consumerType = NULL; |
|
16 | 20 |
|
17 | 21 |
/** |
18 |
* the following properties are generally populated from a
|
|
22 |
* The following properties are generally populated from a
|
|
19 | 23 |
* call to hook_ldap_authorization_consumer() |
20 | 24 |
*/ |
21 |
public $name; // user interface name of consumer. e.g. drupal role, og group |
|
22 |
public $namePlural; // user interface name of consumer. e.g. drupal roles, og groups |
|
23 |
public $shortName; // user interface short name of consumer. e.g. role, group |
|
24 |
public $shortNamePlural; // user interface short name of consumer plural, e.g. roles, groups |
|
25 |
public $description;// e.g. roles, groups |
|
26 |
public $consumerModule; // module providing consumer functionality e.g. ldap_authorization_drupal_roles |
|
27 | 25 |
|
28 |
public $consumerConf; // LDAPConsumerConf object class encapuslating admin form |
|
29 |
public $testLink; // link to test this consumer |
|
30 |
public $editLink; // link to configure this consumer |
|
26 |
/** |
|
27 |
* User interface name of consumer. e.g. drupal role, og group. |
|
28 |
*/ |
|
29 |
public $name; |
|
30 |
|
|
31 |
/** |
|
32 |
* User interface name of consumer. e.g. drupal roles, og groups. |
|
33 |
*/ |
|
34 |
public $namePlural; |
|
35 |
/** |
|
36 |
* User interface short name of consumer. e.g. role, group. |
|
37 |
*/ |
|
38 |
public $shortName; |
|
39 |
|
|
40 |
/** |
|
41 |
* User interface short name of consumer plural, e.g. roles, groups. |
|
42 |
*/ |
|
43 |
public $shortNamePlural; |
|
44 |
|
|
45 |
/** |
|
46 |
* E.g. roles, groups. |
|
47 |
*/ |
|
48 |
public $description; |
|
49 |
/** |
|
50 |
* Module providing consumer functionality e.g. ldap_authorization_drupal_roles. |
|
51 |
*/ |
|
52 |
public $consumerModule; |
|
53 |
|
|
54 |
/** |
|
55 |
* LDAPConsumerConf object class encapuslating admin form. |
|
56 |
*/ |
|
57 |
public $consumerConf; |
|
58 |
|
|
59 |
/** |
|
60 |
* Link to test this consumer. |
|
61 |
*/ |
|
62 |
public $testLink; |
|
63 |
|
|
64 |
/** |
|
65 |
* Link to configure this consumer. |
|
66 |
*/ |
|
67 |
public $editLink; |
|
31 | 68 |
|
32 | 69 |
public $emptyConsumer = array( |
33 | 70 |
'exists' => TRUE, |
34 | 71 |
'value' => NULL, |
35 | 72 |
'name' => NULL, |
36 |
'map_to_string' => NULL |
|
37 |
);
|
|
73 |
'map_to_string' => NULL,
|
|
74 |
); |
|
38 | 75 |
|
39 |
/**
|
|
76 |
/** |
|
40 | 77 |
* @property boolean $allowConsumerObjectCreation |
41 | 78 |
* |
42 | 79 |
* Does this consumer module support creating consumer objects |
43 | 80 |
* (drupal roles, og groups, etc.) |
44 |
* |
|
45 | 81 |
*/ |
46 | 82 |
|
47 | 83 |
public $allowConsumerObjectCreation = FALSE; |
48 | 84 |
|
49 |
/**
|
|
85 |
/** |
|
50 | 86 |
* @property boolean $detailedWatchdogLog |
51 | 87 |
* |
52 | 88 |
* should watchdog log be used for debugging, useful for non programmers |
53 | 89 |
* who don't have php debugging enabled |
54 |
* |
|
55 | 90 |
*/ |
56 | 91 |
public $detailedWatchdogLog = FALSE; |
57 | 92 |
|
58 | 93 |
|
59 |
/**
|
|
94 |
/** |
|
60 | 95 |
* @property array $defaultConsumerConfProperties |
61 | 96 |
* default properties for consumer admin UI form |
62 | 97 |
*/ |
63 | 98 |
public $defaultConsumerConfProperties = array( |
64 |
'onlyApplyToLdapAuthenticated' => TRUE, |
|
65 |
'useMappingsAsFilter' => TRUE, |
|
66 |
'synchOnLogon' => TRUE, |
|
67 |
'revokeLdapProvisioned' => TRUE, |
|
68 |
'regrantLdapProvisioned' => TRUE, |
|
69 |
'createConsumers' => TRUE, |
|
70 |
); |
|
71 |
|
|
72 |
/** |
|
73 |
* Constructor Method |
|
74 |
* |
|
75 |
* @param string $consumer_type e.g. drupal_role, og_group |
|
76 |
* @param array $params as associative array of default properties |
|
99 |
'onlyApplyToLdapAuthenticated' => TRUE, |
|
100 |
'useMappingsAsFilter' => TRUE, |
|
101 |
'synchOnLogon' => TRUE, |
|
102 |
'revokeLdapProvisioned' => TRUE, |
|
103 |
'regrantLdapProvisioned' => TRUE, |
|
104 |
'createConsumers' => TRUE, |
|
105 |
); |
|
106 |
|
|
107 |
/** |
|
108 |
* Constructor Method. |
|
77 | 109 |
* |
110 |
* @param string $consumer_type |
|
111 |
* e.g. drupal_role, og_group. |
|
112 |
* @param array $params |
|
113 |
* as associative array of default properties. |
|
78 | 114 |
*/ |
79 |
function __construct($consumer_type, $params) { |
|
115 |
public function __construct($consumer_type, $params) {
|
|
80 | 116 |
$this->consumerType = $consumer_type; |
81 | 117 |
$this->name = $params['consumer_name']; |
82 |
$this->namePlural= $params['consumer_name_plural']; |
|
118 |
$this->namePlural = $params['consumer_name_plural'];
|
|
83 | 119 |
$this->shortName = $params['consumer_short_name']; |
84 |
$this->shortNamePlural= $params['consumer_short_name_plural']; |
|
120 |
$this->shortNamePlural = $params['consumer_short_name_plural'];
|
|
85 | 121 |
$this->consumerModule = $params['consumer_module']; |
86 | 122 |
$this->mappingDirections = $params['consumer_mapping_directions']; |
87 | 123 |
$this->testLink = l(t('test') . ' ' . $this->name, LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $this->consumerType); |
... | ... | |
90 | 126 |
$this->consumerConf = new LdapAuthorizationConsumerConf($this); |
91 | 127 |
} |
92 | 128 |
|
93 |
|
|
94 | 129 |
/** |
95 |
* function to normalize mappings
|
|
130 |
* Function to normalize mappings
|
|
96 | 131 |
* should be overridden when mappings are not stored as map|authorization_id format |
97 | 132 |
* where authorization_id is the format returned by |
98 | 133 |
* LdapAuthorizationConsumerAbstract::usersAuthorizations() |
99 | 134 |
* |
100 |
* for example ldap_authorization_og may store mapping target as:
|
|
101 |
* Campus Accounts|group-name=knitters,role-name=administrator member |
|
135 |
* For example ldap_authorization_og may store mapping target as:
|
|
136 |
* Campus Accounts|group-name=knitters,role-name=administrator member.
|
|
102 | 137 |
* |
103 | 138 |
* normalized mappings are of form such as for organic groups: |
104 | 139 |
* |
... | ... | |
136 | 171 |
} |
137 | 172 |
|
138 | 173 |
/** |
139 |
* |
|
140 |
* create authorization consumers |
|
174 |
* Create authorization consumers. |
|
141 | 175 |
* |
142 | 176 |
* @param string (lowercase) $consumer_id |
143 |
* @param array $consumer as associative array with the following key/values |
|
177 |
* @param array $consumer |
|
178 |
* as associative array with the following key/values |
|
144 | 179 |
* 'value' => NULL | mixed consumer such as drupal role name, og group entity, etc. |
145 | 180 |
* 'name' => name of consumer for UI, logging etc. |
146 | 181 |
* 'map_to_string' => string mapped to in ldap authorization. mixed case string |
147 | 182 |
* 'exists' => TRUE indicates consumer is known to exist, |
148 | 183 |
* FALSE indicates consumer is known to not exist, |
149 |
* NULL indicate consumer's existance not checked yet |
|
150 |
* |
|
184 |
* NULL indicate consumer's existance not checked yet. |
|
151 | 185 |
*/ |
152 | 186 |
public function createConsumer($consumer_id, $consumer) { |
153 |
// method must be overridden
|
|
187 |
// Method must be overridden.
|
|
154 | 188 |
} |
155 | 189 |
|
156 | 190 |
/** |
157 |
* populate consumer side of $consumers array
|
|
191 |
* Populate consumer side of $consumers array.
|
|
158 | 192 |
* |
159 |
* @param array $consumers as associative array keyed on $consumer_id with values |
|
193 |
* @param array $consumers |
|
194 |
* as associative array keyed on $consumer_id with values |
|
160 | 195 |
* of $consumer. $consumer_id and $consumer have structure in LdapAuthorizationConsumerAbstractClass::createConsumer |
161 |
* when values are $consumer['exists'] != TRUE need to be populated by consumer object |
|
162 |
* @param boolean $create_missing_consumers indicates if consumers (drupal roles, og groups, etc) should be created |
|
163 |
* if values are NULL, object will be created if |
|
196 |
* when values are $consumer['exists'] != TRUE need to be populated by consumer object. |
|
197 |
* @param bool $create_missing_consumers |
|
198 |
* indicates if consumers (drupal roles, og groups, etc) should be created |
|
199 |
* if values are NULL, object will be created if. |
|
164 | 200 |
* |
165 | 201 |
* @return $consumers by reference |
166 | 202 |
*/ |
167 |
|
|
168 | 203 |
public function populateConsumersFromConsumerIds(&$consumers, $create_missing_consumers = FALSE) { |
169 |
// method must be overridden
|
|
204 |
// Method must be overridden.
|
|
170 | 205 |
} |
171 | 206 |
|
207 |
/** |
|
208 |
* |
|
209 |
*/ |
|
172 | 210 |
public function authorizationDiff($initial, $current) { |
173 | 211 |
return array_diff($initial, $current); |
174 | 212 |
} |
175 | 213 |
|
176 |
|
|
177 | 214 |
/** |
178 |
* grant authorizations to a user
|
|
215 |
* Grant authorizations to a user.
|
|
179 | 216 |
* |
180 |
* @param object $user drupal user object |
|
181 |
* @param array $consumers in form of LdapAuthorizationConsumerAbstractClass::populateConsumersFromConsumerIds |
|
182 |
* @param array $ldap_entry is ldap data from ldap entry which drupal user is mapped to |
|
183 |
* @param boolean $user_save. should user object be saved by authorizationGrant method |
|
217 |
* @param object $user |
|
218 |
* drupal user object. |
|
219 |
* @param array $consumers |
|
220 |
* in form of LdapAuthorizationConsumerAbstractClass::populateConsumersFromConsumerIds. |
|
221 |
* @param array $ldap_entry |
|
222 |
* is ldap data from ldap entry which drupal user is mapped to. |
|
223 |
* @param bool $user_save |
|
224 |
* should user object be saved by authorizationGrant method. |
|
184 | 225 |
* |
185 | 226 |
* @return array $results. Array of form |
186 | 227 |
* array( |
... | ... | |
190 | 231 |
* where 1s and 0s represent success and failure to grant |
191 | 232 |
* |
192 | 233 |
* |
193 |
* method may be desireable to override, if consumer benefits from adding grants as a group rather than one at a time |
|
234 |
* method may be desireable to override, if consumer benefits from adding grants as a group rather than one at a time
|
|
194 | 235 |
*/ |
195 |
|
|
196 | 236 |
public function authorizationGrant(&$user, &$user_auth_data, $consumers, $ldap_entry = NULL, $user_save = TRUE) { |
197 | 237 |
$this->filterOffPastAuthorizationRecords($user, $user_auth_data); |
198 | 238 |
$this->grantsAndRevokes('grant', $user, $user_auth_data, $consumers, $ldap_entry, $user_save); |
199 | 239 |
} |
200 | 240 |
|
201 | 241 |
/** |
202 |
* revoke authorizations to a user
|
|
242 |
* Revoke authorizations to a user.
|
|
203 | 243 |
* |
204 |
* @param object $user drupal user object |
|
205 |
* @param array $consumers in form of LdapAuthorizationConsumerAbstractClass::populateConsumersFromConsumerIds |
|
206 |
* @param array $ldap_entry is ldap data from ldap entry which drupal user is mapped to |
|
207 |
* @param boolean $user_save. should user object be saved by authorizationGrant method |
|
244 |
* @param object $user |
|
245 |
* drupal user object. |
|
246 |
* @param array $consumers |
|
247 |
* in form of LdapAuthorizationConsumerAbstractClass::populateConsumersFromConsumerIds. |
|
248 |
* @param array $ldap_entry |
|
249 |
* is ldap data from ldap entry which drupal user is mapped to. |
|
250 |
* @param bool $user_save |
|
251 |
* should user object be saved by authorizationGrant method. |
|
208 | 252 |
* |
209 | 253 |
* @return array $results. Array of form |
210 | 254 |
* array( |
... | ... | |
212 | 256 |
* <authz consumer id2> => 0, |
213 | 257 |
* ) |
214 | 258 |
* where 1s and 0s represent success and failure to revoke |
215 |
* $user_auth_data is returned by reference |
|
259 |
* $user_auth_data is returned by reference
|
|
216 | 260 |
* |
217 |
* method may be desireable to override, if consumer benefits from revoking grants as a group rather than one at a time |
|
261 |
* method may be desireable to override, if consumer benefits from revoking grants as a group rather than one at a time
|
|
218 | 262 |
*/ |
219 |
|
|
220 | 263 |
public function authorizationRevoke(&$user, &$user_auth_data, $consumers, $ldap_entry, $user_save = TRUE) { |
221 | 264 |
$this->filterOffPastAuthorizationRecords($user, $user_auth_data); |
222 | 265 |
$this->grantsAndRevokes('revoke', $user, $user_auth_data, $consumers, $ldap_entry, $user_save); |
223 | 266 |
} |
224 | 267 |
|
225 |
|
|
226 |
|
|
227 | 268 |
/** |
228 |
* this is a function to clear off
|
|
269 |
* This is a function to clear off.
|
|
229 | 270 |
*/ |
230 | 271 |
public function filterOffPastAuthorizationRecords(&$user, &$user_auth_data, $time = NULL) { |
231 | 272 |
if ($time != NULL || variable_get('ldap_help_user_data_clear', 0)) { |
... | ... | |
244 | 285 |
} |
245 | 286 |
|
246 | 287 |
/** |
247 |
* some authorization schemes such as organic groups, require a certain order. implement this method |
|
248 |
* to sort consumer ids/authorization ids |
|
249 |
* |
|
250 |
* @param string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids |
|
251 |
* @param $consumers associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
288 |
* Some authorization schemes such as organic groups, require a certain order. implement this method |
|
289 |
* to sort consumer ids/authorization ids. |
|
252 | 290 |
* |
253 |
* alters $consumers by reference |
|
291 |
* @param string $op |
|
292 |
* 'grant' or 'revoke' signifying what to do with the $consumer_ids. |
|
293 |
* @param $consumers |
|
294 |
* associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
254 | 295 |
* |
296 |
* alters $consumers by reference |
|
255 | 297 |
*/ |
256 |
public function sortConsumerIds($op, &$consumers) { } |
|
257 |
|
|
298 |
public function sortConsumerIds($op, &$consumers) {} |
|
258 | 299 |
|
259 | 300 |
/** |
260 |
* attempt to flush related caches. This will be something like og_invalidate_cache($gids) |
|
261 |
* |
|
262 |
* @param $consumers associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
263 |
* |
|
301 |
* Attempt to flush related caches. This will be something like og_invalidate_cache($gids) |
|
264 | 302 |
* |
303 |
* @param $consumers |
|
304 |
* associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
265 | 305 |
*/ |
266 |
public function flushRelatedCaches($consumers = NULL) { }
|
|
306 |
public function flushRelatedCaches($consumers = NULL) {} |
|
267 | 307 |
|
268 | 308 |
/** |
269 |
* @param string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids |
|
309 |
* @param string $op |
|
310 |
* 'grant' or 'revoke' signifying what to do with the $consumer_ids. |
|
270 | 311 |
* @param drupal user object $object |
271 |
* @param array $user_auth_data is array specific to this consumer_type. Stored at $user->data['ldap_authorizations'][<consumer_type>] |
|
272 |
* @param $consumers as associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
273 |
* @param array $ldap_entry, when available user's ldap entry. |
|
274 |
* @param boolean $user_save indicates is user data array should be saved or not. this depends on the implementation calling this function |
|
312 |
* @param array $user_auth_data |
|
313 |
* is array specific to this consumer_type. Stored at $user->data['ldap_authorizations'][<consumer_type>]. |
|
314 |
* @param $consumers |
|
315 |
* as associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
316 |
* @param array $ldap_entry, |
|
317 |
* when available user's ldap entry. |
|
318 |
* @param bool $user_save |
|
319 |
* indicates is user data array should be saved or not. this depends on the implementation calling this function. |
|
275 | 320 |
*/ |
276 |
|
|
277 | 321 |
protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumers, &$ldap_entry = NULL, $user_save = TRUE) { |
278 | 322 |
|
279 | 323 |
if (!is_array($user_auth_data)) { |
... | ... | |
305 | 349 |
/** grants **/ |
306 | 350 |
if ($op == 'grant') { |
307 | 351 |
if ($user_has_authorization && !$user_has_authorization_recorded) { |
308 |
// grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant
|
|
352 |
// Grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant.
|
|
309 | 353 |
$results[$consumer_id] = TRUE; |
310 | 354 |
$user_auth_data[$consumer_id] = array( |
311 | 355 |
'date_granted' => time(), |
... | ... | |
313 | 357 |
); |
314 | 358 |
} |
315 | 359 |
elseif (!$user_has_authorization && $consumer['exists']) { |
316 |
// grant case 2: consumer exists, but user is not member. grant authorization |
|
317 |
$results[$consumer_id] = $this->grantSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); // allow consuming module to add additional data to $user_auth_data |
|
360 |
// Grant case 2: consumer exists, but user is not member. grant authorization |
|
361 |
// allow consuming module to add additional data to $user_auth_data. |
|
362 |
$results[$consumer_id] = $this->grantSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); |
|
318 | 363 |
$existing = empty($user_auth_data[$consumer_id]) ? array() : $user_auth_data[$consumer_id]; |
319 | 364 |
$user_auth_data[$consumer_id] = $existing + array( |
320 | 365 |
'date_granted' => time(), |
... | ... | |
322 | 367 |
); |
323 | 368 |
} |
324 | 369 |
elseif ($consumer['exists'] !== TRUE) { |
325 |
// grant case 3: something is wrong. consumers should have been created before calling grantsAndRevokes
|
|
370 |
// Grant case 3: something is wrong. consumers should have been created before calling grantsAndRevokes.
|
|
326 | 371 |
$results[$consumer_id] = FALSE; |
327 | 372 |
} |
328 | 373 |
elseif ($consumer['exists'] === TRUE) { |
329 |
// grant case 4: consumer exists and user has authorization recorded. do nothing
|
|
374 |
// Grant case 4: consumer exists and user has authorization recorded. do nothing.
|
|
330 | 375 |
$results[$consumer_id] = TRUE; |
331 | 376 |
} |
332 | 377 |
else { |
333 |
// grant case 5: $consumer['exists'] has not been properly set before calling function
|
|
378 |
// Grant case 5: $consumer['exists'] has not been properly set before calling function.
|
|
334 | 379 |
$results[$consumer_id] = FALSE; |
335 | 380 |
watchdog('ldap_authorization', "grantsAndRevokes consumer[exists] not properly set. consumer_id=$consumer_id, op=$op, username=%username", $watchdog_tokens, WATCHDOG_ERROR); |
336 | 381 |
} |
... | ... | |
340 | 385 |
|
341 | 386 |
$log .= "revoking existing consumer object, "; |
342 | 387 |
if ($user_has_authorization) { |
343 |
// revoke case 1: user has authorization, revoke it. revokeSingleAuthorization will remove $user_auth_data[$consumer_id] |
|
344 |
$results[$consumer_id] = $this->revokeSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); // defer to default for $user_save param |
|
345 |
$log .= t(',result=') . (boolean)($results[$consumer_id]); |
|
388 |
// Revoke case 1: user has authorization, revoke it. revokeSingleAuthorization will remove $user_auth_data[$consumer_id] |
|
389 |
// defer to default for $user_save param. |
|
390 |
$results[$consumer_id] = $this->revokeSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); |
|
391 |
$log .= t(',result=') . (boolean) ($results[$consumer_id]); |
|
346 | 392 |
} |
347 |
elseif ($user_has_authorization_recorded) {
|
|
348 |
// revoke case 2: user does not have authorization, but has record of it. remove record of it.
|
|
393 |
elseif ($user_has_authorization_recorded) { |
|
394 |
// Revoke case 2: user does not have authorization, but has record of it. remove record of it.
|
|
349 | 395 |
unset($user_auth_data[$consumer_id]); |
350 | 396 |
$results[$consumer_id] = TRUE; |
351 | 397 |
} |
352 | 398 |
else { |
353 |
// revoke case 3: trying to revoke something that isn't there
|
|
399 |
// Revoke case 3: trying to revoke something that isn't there.
|
|
354 | 400 |
$results[$consumer_id] = TRUE; |
355 | 401 |
} |
356 | 402 |
|
... | ... | |
368 | 414 |
$user_edit = $user->data; |
369 | 415 |
$user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data; |
370 | 416 |
$user = user_save($user, $user_edit); |
371 |
$user_auth_data = $user->data['ldap_authorizations'][$this->consumerType]; // reload this. |
|
417 |
// Reload this. |
|
418 |
$user_auth_data = $user->data['ldap_authorizations'][$this->consumerType]; |
|
372 | 419 |
} |
373 | 420 |
$this->flushRelatedCaches($consumers); |
374 | 421 |
|
... | ... | |
382 | 429 |
} |
383 | 430 |
|
384 | 431 |
/** |
385 |
* @param drupal user object $user to have $consumer_id revoked |
|
386 |
* @param string lower case $consumer_id $consumer_id such as drupal role name, og group name, etc. |
|
387 |
* @param mixed $consumer. depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
388 |
* @param array $user_auth_data array of $user data specific to this consumer type. |
|
389 |
* stored in $user->data['ldap_authorizations'][<consumer_type>] array |
|
390 |
* @param boolean $reset signifying if caches associated with $consumer_id should be invalidated. |
|
432 |
* @param drupal user object $user |
|
433 |
* to have $consumer_id revoked. |
|
434 |
* @param string lower case $consumer_id |
|
435 |
* $consumer_id such as drupal role name, og group name, etc. |
|
436 |
* @param mixed $consumer |
|
437 |
* depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
438 |
* @param array $user_auth_data |
|
439 |
* array of $user data specific to this consumer type. |
|
440 |
* stored in $user->data['ldap_authorizations'][<consumer_type>] array. |
|
441 |
* @param bool $reset |
|
442 |
* signifying if caches associated with $consumer_id should be invalidated. |
|
391 | 443 |
* |
392 |
* return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will |
|
444 |
* return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will
|
|
393 | 445 |
* not be saved and reloaded, so a returned TRUE may be misleading. |
394 |
* $user_auth_data should have successfully revoked consumer id removed |
|
446 |
* $user_auth_data should have successfully revoked consumer id removed.
|
|
395 | 447 |
*/ |
396 |
|
|
397 | 448 |
public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) { |
398 |
// method must be overridden
|
|
449 |
// Method must be overridden.
|
|
399 | 450 |
} |
400 | 451 |
|
401 | 452 |
/** |
402 |
* @param stdClass $user as drupal user object to have $consumer_id granted |
|
403 |
* @param string lower case $consumer_id $consumer_id such as drupal role name, og group name, etc. |
|
404 |
* @param mixed $consumer. depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
405 |
* @param array $user_auth_data in form |
|
453 |
* @param object $user |
|
454 |
* as drupal user object to have $consumer_id granted. |
|
455 |
* @param string lower case $consumer_id |
|
456 |
* $consumer_id such as drupal role name, og group name, etc. |
|
457 |
* @param mixed $consumer |
|
458 |
* depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
459 |
* @param array $user_auth_data |
|
460 |
* in form |
|
406 | 461 |
* array('my drupal role' => |
407 | 462 |
* 'date_granted' => 1351814718, |
408 | 463 |
* 'consumer_id_mixed_case' => 'My Drupal Role', |
409 | 464 |
* ) |
410 |
* @param boolean $reset signifying if caches associated with $consumer_id should be invalidated. |
|
411 |
* @return boolean FALSE on failure or TRUE on success |
|
465 |
* @param bool $reset |
|
466 |
* signifying if caches associated with $consumer_id should be invalidated. |
|
467 |
* @return boolean FALSE on failure or TRUE on success |
|
412 | 468 |
*/ |
413 | 469 |
public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) { |
414 |
// method must be overridden
|
|
470 |
// Method must be overridden.
|
|
415 | 471 |
} |
416 | 472 |
|
417 | 473 |
/** |
418 |
* Return all user consumer ids
|
|
419 |
* regardless of it they were granted by this module
|
|
420 |
*
|
|
421 |
* @param user object $user
|
|
422 |
* @return array of consumer ids such as array('3-2','7-2'), array('admin','user_admin')
|
|
423 |
*/
|
|
424 |
|
|
474 |
* Return all user consumer ids
|
|
475 |
* regardless of it they were granted by this module.
|
|
476 |
*
|
|
477 |
* @param user object $user
|
|
478 |
*
|
|
479 |
* @return array of consumer ids such as array('3-2','7-2'), array('admin','user_admin')
|
|
480 |
*/ |
|
425 | 481 |
public function usersAuthorizations(&$user) { |
426 |
// method must be overridden
|
|
482 |
// Method must be overridden.
|
|
427 | 483 |
} |
428 | 484 |
|
429 | 485 |
/** |
430 |
* put authorization ids in displayable format
|
|
486 |
* Put authorization ids in displayable format.
|
|
431 | 487 |
*/ |
432 | 488 |
public function convertToFriendlyAuthorizationIds($authorizations) { |
433 | 489 |
return $authorizations; |
434 | 490 |
} |
435 | 491 |
|
436 | 492 |
/** |
437 |
* @param drupal user object $user to have $consumer_id granted |
|
438 |
* @param string lower case $consumer_id $consumer_id such as drupal role name, og group name, etc. |
|
439 |
* @param mixed $consumer. depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
440 |
* |
|
441 |
* return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will |
|
442 |
* not be saved and reloaded, so a returned TRUE may be misleading. |
|
443 |
*/ |
|
493 |
* @param drupal user object $user |
|
494 |
* to have $consumer_id granted. |
|
495 |
* @param string lower case $consumer_id |
|
496 |
* $consumer_id such as drupal role name, og group name, etc. |
|
497 |
* @param mixed $consumer |
|
498 |
* depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
499 |
* |
|
500 |
* return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will |
|
501 |
* not be saved and reloaded, so a returned TRUE may be misleading. |
|
502 |
*/ |
|
444 | 503 |
public function createSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data) { |
445 |
// method must be overridden
|
|
504 |
// Method must be overridden.
|
|
446 | 505 |
} |
447 | 506 |
|
448 | 507 |
/** |
449 |
* @param drupal user object $user |
|
450 |
* @param string lowercase $consumer_id such as drupal role name, og group name, etc. |
|
451 |
* |
|
452 |
* @return boolean if an ldap_authorization_* module granted the authorization id |
|
453 |
*/ |
|
508 |
* @param drupal user object $user |
|
509 |
* @param string lowercase $consumer_id |
|
510 |
* such as drupal role name, og group name, etc. |
|
511 |
* |
|
512 |
* @return boolean if an ldap_authorization_* module granted the authorization id |
|
513 |
*/ |
|
454 | 514 |
public function hasLdapGrantedAuthorization(&$user, $consumer_id) { |
455 | 515 |
return (!empty($user->data['ldap_authorizations'][$this->consumerType][$consumer_id])); |
456 | 516 |
} |
457 | 517 |
|
458 | 518 |
/** |
459 | 519 |
* NOTE this is in mixed case, since we must rely on whatever module is storing |
460 |
* the authorization id |
|
520 |
* the authorization id.
|
|
461 | 521 |
* |
462 | 522 |
* @param drupal user object $user |
463 |
* @param string lowercase case $consumer_id such as drupal role name, og group name, etc. |
|
523 |
* @param string lowercase case $consumer_id |
|
524 |
* such as drupal role name, og group name, etc. |
|
464 | 525 |
* |
465 | 526 |
* @return param boolean is user has authorization id, regardless of what module granted it. |
466 | 527 |
*/ |
... | ... | |
469 | 530 |
} |
470 | 531 |
|
471 | 532 |
/** |
472 |
* Validate authorization mappings on LDAP Authorization OG Admin form.
|
|
473 |
*
|
|
474 |
* @param array $mapping single mapping in format generated in normalizeMappings method
|
|
475 |
* @param array $form_values from authorization configuration form
|
|
476 |
* @param boolean $clear_cache
|
|
477 |
*
|
|
478 |
* @return array of form array($message_type, $message_text) where message type is status, warning, or error
|
|
479 |
* and $message_text is what the user should see.
|
|
480 |
*
|
|
481 |
*/
|
|
482 |
|
|
533 |
* Validate authorization mappings on LDAP Authorization OG Admin form.
|
|
534 |
*
|
|
535 |
* @param array $mapping
|
|
536 |
* single mapping in format generated in normalizeMappings method.
|
|
537 |
* @param array $form_values
|
|
538 |
* from authorization configuration form.
|
|
539 |
* @param bool $clear_cache
|
|
540 |
*
|
|
541 |
* @return array of form array($message_type, $message_text) where message type is status, warning, or error
|
|
542 |
* and $message_text is what the user should see.
|
|
543 |
*/ |
|
483 | 544 |
public function validateAuthorizationMappingTarget($mapping, $form_values = NULL, $clear_cache = FALSE) { |
484 | 545 |
$message_type = NULL; |
485 | 546 |
$message_text = NULL; |
486 | 547 |
return array($message_type, $message_text); |
487 | 548 |
} |
488 | 549 |
|
489 |
|
|
490 | 550 |
} |
drupal7/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConf.class.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* class to encapsulate an ldap entry to authorization consumer ids mapping configuration
|
|
5 |
* Class to encapsulate an ldap entry to authorization consumer ids mapping configuration.
|
|
6 | 6 |
* |
7 |
* this is the lightweight version of the class for use on logon etc.
|
|
7 |
* This is the lightweight version of the class for use on logon etc.
|
|
8 | 8 |
* the LdapAuthorizationConsumerConfAdmin extends this class and has save, |
9 | 9 |
* iterate, etc methods. |
10 |
* |
|
11 | 10 |
*/ |
12 | 11 |
|
13 | 12 |
/** |
14 |
* LDAP Authorization Consumer Configuration |
|
13 |
* LDAP Authorization Consumer Configuration.
|
|
15 | 14 |
*/ |
16 | 15 |
class LdapAuthorizationConsumerConf { |
17 | 16 |
|
... | ... | |
44 | 43 |
public $hasError = FALSE; |
45 | 44 |
public $errorName = NULL; |
46 | 45 |
|
47 |
|
|
46 |
/** |
|
47 |
* |
|
48 |
*/ |
|
48 | 49 |
public function clearError() { |
49 | 50 |
$this->hasError = FALSE; |
50 | 51 |
$this->errorMsg = NULL; |
51 | 52 |
$this->errorName = NULL; |
52 | 53 |
} |
53 |
/** |
|
54 |
* Constructor Method |
|
54 |
|
|
55 |
/** |
|
56 |
* Constructor Method. |
|
55 | 57 |
*/ |
56 |
function __construct(&$consumer, $_new = FALSE, $_sid = NULL) { |
|
58 |
public function __construct(&$consumer, $_new = FALSE, $_sid = NULL) {
|
|
57 | 59 |
$this->consumer = $consumer; |
58 | 60 |
$this->consumerType = $consumer->consumerType; |
59 | 61 |
if ($_new) { |
... | ... | |
66 | 68 |
watchdog('ldap_authorization', 'failed to load existing %consumer object', array('%consumer' => $consumer->consumerType), WATCHDOG_ERROR); |
67 | 69 |
} |
68 | 70 |
} |
69 |
// default value for deriveFromEntryAttrMatchingUserAttr set up this way for backward compatibility in 1.0 branch,
|
|
71 |
// Default value for deriveFromEntryAttrMatchingUserAttr set up this way for backward compatibility in 1.0 branch,
|
|
70 | 72 |
// make deriveFromEntryAttrMatchingUserAttr default to dn in 2.0 branch. |
71 | 73 |
} |
72 | 74 |
|
75 |
/** |
|
76 |
* |
|
77 |
*/ |
|
73 | 78 |
protected function loadFromDb() { |
74 | 79 |
if (module_exists('ctools')) { |
75 | 80 |
ctools_include('export'); |
... | ... | |
83 | 88 |
else { |
84 | 89 |
$select = db_select('ldap_authorization', 'ldap_authorization'); |
85 | 90 |
$select->fields('ldap_authorization'); |
86 |
$select->condition('ldap_authorization.consumer_type', $this->consumerType);
|
|
91 |
$select->condition('ldap_authorization.consumer_type', $this->consumerType); |
|
87 | 92 |
$server_record = $select->execute()->fetchObject(); |
88 | 93 |
} |
89 | 94 |
|
... | ... | |
92 | 97 |
return FALSE; |
93 | 98 |
} |
94 | 99 |
|
95 |
foreach ($this->field_to_properties_map() as $db_field_name => $property_name ) {
|
|
100 |
foreach ($this->field_to_properties_map() as $db_field_name => $property_name) { |
|
96 | 101 |
if (isset($server_record->$db_field_name)) { |
97 | 102 |
if (in_array($db_field_name, $this->field_to_properties_serialized())) { |
98 | 103 |
$this->{$property_name} = unserialize($server_record->$db_field_name); |
... | ... | |
102 | 107 |
} |
103 | 108 |
} |
104 | 109 |
} |
105 |
$this->numericConsumerConfId = isset($server_record->numeric_consumer_conf_id)? $server_record->numeric_consumer_conf_id : NULL; |
|
110 |
$this->numericConsumerConfId = isset($server_record->numeric_consumer_conf_id) ? $server_record->numeric_consumer_conf_id : NULL;
|
|
106 | 111 |
$this->server = ldap_servers_get_servers($this->sid, NULL, TRUE); |
107 | 112 |
return TRUE; |
108 | 113 |
|
109 | 114 |
} |
110 | 115 |
|
111 |
// direct mapping of db to object properties |
|
116 |
/** |
|
117 |
* Direct mapping of db to object properties. |
|
118 |
*/ |
|
112 | 119 |
public static function field_to_properties_map() { |
113 | 120 |
return array( |
114 | 121 |
'sid' => 'sid', |
... | ... | |
127 | 134 |
); |
128 | 135 |
} |
129 | 136 |
|
137 |
/** |
|
138 |
* |
|
139 |
*/ |
|
130 | 140 |
public static function field_to_properties_serialized() { |
131 | 141 |
return array('mappings'); |
132 | 142 |
} |
133 | 143 |
|
134 | 144 |
/** |
135 |
* Destructor Method |
|
145 |
* Destructor Method.
|
|
136 | 146 |
*/ |
137 |
function __destruct() { |
|
147 |
public function __destruct() {
|
|
138 | 148 |
|
139 | 149 |
} |
140 | 150 |
|
141 | 151 |
protected $_sid; |
142 | 152 |
protected $_new; |
143 | 153 |
|
154 |
/** |
|
155 |
* |
|
156 |
*/ |
|
144 | 157 |
protected function linesToArray($lines) { |
145 | 158 |
$lines = trim($lines); |
146 | 159 |
|
... | ... | |
156 | 169 |
return $array; |
157 | 170 |
} |
158 | 171 |
|
159 |
|
|
172 |
/** |
|
173 |
* |
|
174 |
*/ |
|
160 | 175 |
protected function pipeListToArray($mapping_list_txt, $make_item0_lowercase = FALSE) { |
161 | 176 |
$result_array = array(); |
162 | 177 |
$mappings = preg_split('/[\n\r]+/', $mapping_list_txt); |
... | ... | |
168 | 183 |
} |
169 | 184 |
return $result_array; |
170 | 185 |
} |
186 |
|
|
171 | 187 |
} |
drupal7/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* class to encapsulate an ldap authorization ldap entry to authorization ids mapping |
|
6 |
* |
|
5 |
* Class to encapsulate an ldap authorization ldap entry to authorization ids mapping. |
|
7 | 6 |
*/ |
8 | 7 |
|
9 | 8 |
module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConf.class'); |
10 |
/**
|
|
11 |
* LDAP Authorization Consumer Configration Admin Class
|
|
12 |
*/
|
|
9 |
/** |
|
10 |
* LDAP Authorization Consumer Configration Admin Class.
|
|
11 |
*/ |
|
13 | 12 |
class LdapAuthorizationConsumerConfAdmin extends LdapAuthorizationConsumerConf { |
14 | 13 |
|
15 |
|
|
14 |
/** |
|
15 |
* |
|
16 |
*/ |
|
16 | 17 |
public function save() { |
17 | 18 |
|
18 | 19 |
$op = $this->inDatabase ? 'edit' : 'insert'; |
19 |
$values = new stdClass; // $this; |
|
20 |
// $this;. |
|
21 |
$values = new stdClass(); |
|
20 | 22 |
$values->sid = $this->sid; |
21 | 23 |
$values->numeric_consumer_conf_id = $this->numericConsumerConfId; |
22 | 24 |
$values->consumer_type = $this->consumerType; |
23 | 25 |
$values->consumer_module = $this->consumer->consumerModule; |
24 | 26 |
$values->status = ($this->status) ? 1 : 0; |
25 |
$values->only_ldap_authenticated = (int)$this->onlyApplyToLdapAuthenticated; |
|
26 |
$values->use_first_attr_as_groupid = (int)$this->useFirstAttrAsGroupId; |
|
27 |
$values->only_ldap_authenticated = (int) $this->onlyApplyToLdapAuthenticated;
|
|
28 |
$values->use_first_attr_as_groupid = (int) $this->useFirstAttrAsGroupId;
|
|
27 | 29 |
$values->mappings = serialize($this->mappings); |
28 |
$values->use_filter = (int)$this->useMappingsAsFilter; |
|
29 |
$values->synch_to_ldap = (int)$this->synchToLdap; |
|
30 |
$values->synch_on_logon = (int)$this->synchOnLogon; |
|
31 |
$values->revoke_ldap_provisioned = (int)$this->revokeLdapProvisioned; |
|
32 |
$values->create_consumers = (int)$this->createConsumers; |
|
33 |
$values->regrant_ldap_provisioned = (int)$this->regrantLdapProvisioned; |
|
30 |
$values->use_filter = (int) $this->useMappingsAsFilter;
|
|
31 |
$values->synch_to_ldap = (int) $this->synchToLdap;
|
|
32 |
$values->synch_on_logon = (int) $this->synchOnLogon;
|
|
33 |
$values->revoke_ldap_provisioned = (int) $this->revokeLdapProvisioned;
|
|
34 |
$values->create_consumers = (int) $this->createConsumers;
|
|
35 |
$values->regrant_ldap_provisioned = (int) $this->regrantLdapProvisioned;
|
|
34 | 36 |
|
35 | 37 |
if (module_exists('ctools')) { |
36 | 38 |
ctools_include('export'); |
37 |
// Populate our object with ctool's properties |
|
39 |
// Populate our object with ctool's properties.
|
|
38 | 40 |
$object = ctools_export_crud_new('ldap_authorization'); |
39 | 41 |
foreach ($object as $property => $value) { |
40 | 42 |
if (!isset($values->$property)) { |
... | ... | |
44 | 46 |
try { |
45 | 47 |
$values->export_type = NULL; |
46 | 48 |
$result = ctools_export_crud_save('ldap_authorization', $values); |
47 |
} catch (Exception $e) { |
|
49 |
} |
|
50 |
catch (Exception $e) { |
|
48 | 51 |
$values->export_type = EXPORT_IN_DATABASE; |
49 | 52 |
$result = ctools_export_crud_save('ldap_authorization', $values); |
50 | 53 |
} |
51 |
ctools_export_load_object_reset('ldap_authorization'); // ctools_export_crud_save doesn't invalidate cache |
Formats disponibles : Unified diff
Weekly update of contrib modules