Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc | ||
---|---|---|
36 | 36 |
|
37 | 37 |
if (@in_array('user_login_authenticate_validate', $form['#validate']) && $auth_conf->authenticationMode) { |
38 | 38 |
$key = array_search('user_login_authenticate_validate', $form['#validate']); |
39 |
$form['#validate'][$key] = 'ldap_authentication_core_override_user_login_authenticate_validate';
|
|
39 |
$form['#validate'][$key] = 'ldap_authentication_core_override_user_login_authenticate_validate'; |
|
40 | 40 |
array_splice($form['#validate'], $key + 1, 0, 'ldap_authentication_user_login_authenticate_validate'); |
41 | 41 |
} |
42 | 42 |
|
... | ... | |
207 | 207 |
elseif ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) { |
208 | 208 |
if ($detailed_watchdog_log) { |
209 | 209 |
watchdog('ldap_authentication', '%username : Previously authenticated in exclusive mode or uid is not 1. Clear uid |
210 |
in form_state and attempt ldap authentication.', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
210 |
in form_state and attempt ldap authentication.', $watchdog_tokens, WATCHDOG_DEBUG); |
|
211 | 211 |
} |
212 | 212 |
$form_state['uid'] = NULL; // passed previous authentication, but only ldap should be used so override |
213 | 213 |
} |
... | ... | |
217 | 217 |
* II. Exit if no authentication servers. |
218 | 218 |
*/ |
219 | 219 |
if (!$auth_conf->hasEnabledAuthenticationServers()) { |
220 |
watchdog('ldap_authentication', 'No LDAP servers configured.', array(), WATCHDOG_ERROR);
|
|
220 |
watchdog('ldap_authentication', 'No LDAP servers configured.', array(), WATCHDOG_ERROR); |
|
221 | 221 |
form_set_error('name', 'Server Error: No LDAP servers configured.'); |
222 | 222 |
return; |
223 | 223 |
} |
... | ... | |
236 | 236 |
* IV. test credentials and if available get corresponding ldap user and ldap server |
237 | 237 |
*/ |
238 | 238 |
list($authentication_result, $ldap_user, $ldap_server_authenticated_on) = ldap_authentication_test_credentials($auth_conf, $sso_login, $authname, $form_state['values']['pass'], $watchdog_tokens); |
239 |
drupal_alter('ldap_entry', $ldap_user); |
|
239 |
$params['account'] = $drupal_account; |
|
240 |
drupal_alter('ldap_entry', $ldap_user, $params); |
|
240 | 241 |
if ($authentication_result != LDAP_AUTHENTICATION_RESULT_SUCCESS) { |
241 | 242 |
ldap_authentication_fail_response($authentication_result, $auth_conf, $detailed_watchdog_log, $watchdog_tokens); |
242 | 243 |
return; |
... | ... | |
257 | 258 |
$watchdog_tokens['%account_name_attr'] = $ldap_server_authenticated_on->account_name_attr; |
258 | 259 |
$drupal_accountname = $ldap_user['attr'][ldap_server_massage_text($ldap_server_authenticated_on->account_name_attr, 'attr_name', LDAP_SERVER_MASSAGE_QUERY_ARRAY)][0]; |
259 | 260 |
if (!$drupal_accountname) { |
260 |
watchdog('ldap_authentication', 'Derived drupal username from attribute %account_name_attr returned no username for authname %authname.', $watchdog_tokens, WATCHDOG_ERROR);
|
|
261 |
watchdog('ldap_authentication', 'Derived drupal username from attribute %account_name_attr returned no username for authname %authname.', $watchdog_tokens, WATCHDOG_ERROR); |
|
261 | 262 |
return; |
262 | 263 |
} |
263 | 264 |
} |
... | ... | |
369 | 370 |
|
370 | 371 |
$watchdog_tokens['%username'] = $drupal_account->name; |
371 | 372 |
if (!$updated_account = user_save($drupal_account, $user_edit)) { |
372 |
watchdog('ldap_authentication', 'Failed to make changes to user %username updated %changed.', $watchdog_tokens, WATCHDOG_ERROR);
|
|
373 |
watchdog('ldap_authentication', 'Failed to make changes to user %username updated %changed.', $watchdog_tokens, WATCHDOG_ERROR); |
|
373 | 374 |
} |
374 | 375 |
elseif ($auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ) { |
375 | 376 |
if (isset($user_edit['mail'])) { |
... | ... | |
513 | 514 |
$drupal_account_is_authmapped = isset($authmaps['ldap_user']); |
514 | 515 |
$user_data = $drupal_account->data; |
515 | 516 |
if ($drupal_account->uid == 1 && $detailed_watchdog_log) { |
516 |
watchdog('ldap_authentication', '%username : Drupal username maps to user 1, so do not authenticate with ldap', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
517 |
watchdog('ldap_authentication', '%username : Drupal username maps to user 1, so do not authenticate with ldap', $watchdog_tokens, WATCHDOG_DEBUG); |
|
517 | 518 |
} |
518 | 519 |
elseif ($detailed_watchdog_log) { |
519 |
watchdog('ldap_authentication', '%username : Drupal User Account found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
520 |
watchdog('ldap_authentication', '%username : Drupal User Account found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG); |
|
520 | 521 |
} |
521 | 522 |
} |
522 | 523 |
else { // account does not exist |
... | ... | |
552 | 553 |
$authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT; |
553 | 554 |
$watchdog_tokens['%err_msg'] = $ldap_server->errorMsg('ldap'); |
554 | 555 |
if ($detailed_watchdog_log) { |
555 |
watchdog('ldap_authentication', '%username : Failed connecting to %sid. Error: %err_msg', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
556 |
watchdog('ldap_authentication', '%username : Failed connecting to %sid. Error: %err_msg', $watchdog_tokens, WATCHDOG_DEBUG); |
|
556 | 557 |
} |
557 | 558 |
$watchdog_tokens['%err_msg'] = NULL; |
558 | 559 |
continue; // next server, please |
559 | 560 |
} |
560 | 561 |
elseif ($detailed_watchdog_log) { |
561 |
watchdog('ldap_authentication', '%username : Success at connecting to %sid', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
562 |
watchdog('ldap_authentication', '%username : Success at connecting to %sid', $watchdog_tokens, WATCHDOG_DEBUG); |
|
562 | 563 |
} |
563 | 564 |
|
564 | 565 |
$bind_success = FALSE; |
... | ... | |
576 | 577 |
// with sso enabled this method of binding isn't valid |
577 | 578 |
foreach ($ldap_server->basedn as $basedn) { |
578 | 579 |
$search = array('%basedn', '%username'); |
579 |
$transformname = $ldap_server->userUsernameToLdapNameTransform($authname, $watchdog_tokens);
|
|
580 |
$transformname = $ldap_server->userUsernameToLdapNameTransform($authname, $watchdog_tokens); |
|
580 | 581 |
$replace = array($basedn, $transformname); |
581 | 582 |
$userdn = str_replace($search, $replace, $ldap_server->user_dn_expression); |
582 | 583 |
$bind_success = ($ldap_server->bind($userdn, $password, FALSE) == LDAP_SUCCESS); |
... | ... | |
701 | 702 |
|
702 | 703 |
$watchdog_tokens['%result'] = $result; |
703 | 704 |
$watchdog_tokens['%auth_result'] = $authentication_result; |
704 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result) ;
|
|
705 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result) ; |
|
705 | 706 |
if ($detailed_watchdog_log) { |
706 |
watchdog('ldap_authentication', '%username : Authentication result id=%result auth_result=%auth_result (%err_text)', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
707 |
watchdog('ldap_authentication', '%username : Authentication result id=%result auth_result=%auth_result (%err_text)', $watchdog_tokens, WATCHDOG_DEBUG); |
|
707 | 708 |
} |
708 | 709 |
|
709 | 710 |
return array($authentication_result, $ldap_user, $ldap_server); |
710 | 711 |
} |
711 | 712 |
|
712 | 713 |
function ldap_authentication_fail_response($authentication_result, $auth_conf, $detailed_watchdog_log, &$watchdog_tokens) { |
713 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result);
|
|
714 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result); |
|
714 | 715 |
// fail scenario 1. ldap auth exclusive and failed throw error so no other authentication methods are allowed |
715 | 716 |
if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) { |
716 | 717 |
if ($detailed_watchdog_log) { |
... | ... | |
754 | 755 |
break; |
755 | 756 |
|
756 | 757 |
case LDAP_AUTHENTICATION_RESULT_FAIL_FIND: |
757 |
$msg = t('Sorry, unrecognized username or password.');
|
|
758 |
$msg = t('Sorry, unrecognized username or password.'); |
|
758 | 759 |
break; |
759 | 760 |
|
760 | 761 |
case LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED: |
... | ... | |
762 | 763 |
break; |
763 | 764 |
|
764 | 765 |
case LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS: |
765 |
$msg = t('Sorry, unrecognized username or password.');
|
|
766 |
$msg = t('Sorry, unrecognized username or password.'); |
|
766 | 767 |
break; |
767 | 768 |
|
768 | 769 |
case LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC: |
... | ... | |
777 | 778 |
|
778 | 779 |
return $msg; |
779 | 780 |
} |
780 |
|
Formats disponibles : Unified diff
Weekly update of contrib modules