Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
| drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc | ||
|---|---|---|
| 36 | 36 |
|
| 37 | 37 |
if (@in_array('user_login_authenticate_validate', $form['#validate']) && $auth_conf->authenticationMode) {
|
| 38 | 38 |
$key = array_search('user_login_authenticate_validate', $form['#validate']);
|
| 39 |
$form['#validate'][$key] = 'ldap_authentication_core_override_user_login_authenticate_validate';
|
|
| 39 |
$form['#validate'][$key] = 'ldap_authentication_core_override_user_login_authenticate_validate'; |
|
| 40 | 40 |
array_splice($form['#validate'], $key + 1, 0, 'ldap_authentication_user_login_authenticate_validate'); |
| 41 | 41 |
} |
| 42 | 42 |
|
| ... | ... | |
| 207 | 207 |
elseif ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
|
| 208 | 208 |
if ($detailed_watchdog_log) {
|
| 209 | 209 |
watchdog('ldap_authentication', '%username : Previously authenticated in exclusive mode or uid is not 1. Clear uid
|
| 210 |
in form_state and attempt ldap authentication.', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 210 |
in form_state and attempt ldap authentication.', $watchdog_tokens, WATCHDOG_DEBUG); |
|
| 211 | 211 |
} |
| 212 | 212 |
$form_state['uid'] = NULL; // passed previous authentication, but only ldap should be used so override |
| 213 | 213 |
} |
| ... | ... | |
| 217 | 217 |
* II. Exit if no authentication servers. |
| 218 | 218 |
*/ |
| 219 | 219 |
if (!$auth_conf->hasEnabledAuthenticationServers()) {
|
| 220 |
watchdog('ldap_authentication', 'No LDAP servers configured.', array(), WATCHDOG_ERROR);
|
|
| 220 |
watchdog('ldap_authentication', 'No LDAP servers configured.', array(), WATCHDOG_ERROR);
|
|
| 221 | 221 |
form_set_error('name', 'Server Error: No LDAP servers configured.');
|
| 222 | 222 |
return; |
| 223 | 223 |
} |
| ... | ... | |
| 236 | 236 |
* IV. test credentials and if available get corresponding ldap user and ldap server |
| 237 | 237 |
*/ |
| 238 | 238 |
list($authentication_result, $ldap_user, $ldap_server_authenticated_on) = ldap_authentication_test_credentials($auth_conf, $sso_login, $authname, $form_state['values']['pass'], $watchdog_tokens); |
| 239 |
drupal_alter('ldap_entry', $ldap_user);
|
|
| 239 |
$params['account'] = $drupal_account; |
|
| 240 |
drupal_alter('ldap_entry', $ldap_user, $params);
|
|
| 240 | 241 |
if ($authentication_result != LDAP_AUTHENTICATION_RESULT_SUCCESS) {
|
| 241 | 242 |
ldap_authentication_fail_response($authentication_result, $auth_conf, $detailed_watchdog_log, $watchdog_tokens); |
| 242 | 243 |
return; |
| ... | ... | |
| 257 | 258 |
$watchdog_tokens['%account_name_attr'] = $ldap_server_authenticated_on->account_name_attr; |
| 258 | 259 |
$drupal_accountname = $ldap_user['attr'][ldap_server_massage_text($ldap_server_authenticated_on->account_name_attr, 'attr_name', LDAP_SERVER_MASSAGE_QUERY_ARRAY)][0]; |
| 259 | 260 |
if (!$drupal_accountname) {
|
| 260 |
watchdog('ldap_authentication', 'Derived drupal username from attribute %account_name_attr returned no username for authname %authname.', $watchdog_tokens, WATCHDOG_ERROR);
|
|
| 261 |
watchdog('ldap_authentication', 'Derived drupal username from attribute %account_name_attr returned no username for authname %authname.', $watchdog_tokens, WATCHDOG_ERROR);
|
|
| 261 | 262 |
return; |
| 262 | 263 |
} |
| 263 | 264 |
} |
| ... | ... | |
| 369 | 370 |
|
| 370 | 371 |
$watchdog_tokens['%username'] = $drupal_account->name; |
| 371 | 372 |
if (!$updated_account = user_save($drupal_account, $user_edit)) {
|
| 372 |
watchdog('ldap_authentication', 'Failed to make changes to user %username updated %changed.', $watchdog_tokens, WATCHDOG_ERROR);
|
|
| 373 |
watchdog('ldap_authentication', 'Failed to make changes to user %username updated %changed.', $watchdog_tokens, WATCHDOG_ERROR);
|
|
| 373 | 374 |
} |
| 374 | 375 |
elseif ($auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ) {
|
| 375 | 376 |
if (isset($user_edit['mail'])) {
|
| ... | ... | |
| 513 | 514 |
$drupal_account_is_authmapped = isset($authmaps['ldap_user']); |
| 514 | 515 |
$user_data = $drupal_account->data; |
| 515 | 516 |
if ($drupal_account->uid == 1 && $detailed_watchdog_log) {
|
| 516 |
watchdog('ldap_authentication', '%username : Drupal username maps to user 1, so do not authenticate with ldap', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 517 |
watchdog('ldap_authentication', '%username : Drupal username maps to user 1, so do not authenticate with ldap', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 517 | 518 |
} |
| 518 | 519 |
elseif ($detailed_watchdog_log) {
|
| 519 |
watchdog('ldap_authentication', '%username : Drupal User Account found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 520 |
watchdog('ldap_authentication', '%username : Drupal User Account found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 520 | 521 |
} |
| 521 | 522 |
} |
| 522 | 523 |
else { // account does not exist
|
| ... | ... | |
| 552 | 553 |
$authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT; |
| 553 | 554 |
$watchdog_tokens['%err_msg'] = $ldap_server->errorMsg('ldap');
|
| 554 | 555 |
if ($detailed_watchdog_log) {
|
| 555 |
watchdog('ldap_authentication', '%username : Failed connecting to %sid. Error: %err_msg', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 556 |
watchdog('ldap_authentication', '%username : Failed connecting to %sid. Error: %err_msg', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 556 | 557 |
} |
| 557 | 558 |
$watchdog_tokens['%err_msg'] = NULL; |
| 558 | 559 |
continue; // next server, please |
| 559 | 560 |
} |
| 560 | 561 |
elseif ($detailed_watchdog_log) {
|
| 561 |
watchdog('ldap_authentication', '%username : Success at connecting to %sid', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 562 |
watchdog('ldap_authentication', '%username : Success at connecting to %sid', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 562 | 563 |
} |
| 563 | 564 |
|
| 564 | 565 |
$bind_success = FALSE; |
| ... | ... | |
| 576 | 577 |
// with sso enabled this method of binding isn't valid |
| 577 | 578 |
foreach ($ldap_server->basedn as $basedn) {
|
| 578 | 579 |
$search = array('%basedn', '%username');
|
| 579 |
$transformname = $ldap_server->userUsernameToLdapNameTransform($authname, $watchdog_tokens);
|
|
| 580 |
$transformname = $ldap_server->userUsernameToLdapNameTransform($authname, $watchdog_tokens); |
|
| 580 | 581 |
$replace = array($basedn, $transformname); |
| 581 | 582 |
$userdn = str_replace($search, $replace, $ldap_server->user_dn_expression); |
| 582 | 583 |
$bind_success = ($ldap_server->bind($userdn, $password, FALSE) == LDAP_SUCCESS); |
| ... | ... | |
| 701 | 702 |
|
| 702 | 703 |
$watchdog_tokens['%result'] = $result; |
| 703 | 704 |
$watchdog_tokens['%auth_result'] = $authentication_result; |
| 704 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result) ;
|
|
| 705 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result) ; |
|
| 705 | 706 |
if ($detailed_watchdog_log) {
|
| 706 |
watchdog('ldap_authentication', '%username : Authentication result id=%result auth_result=%auth_result (%err_text)', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 707 |
watchdog('ldap_authentication', '%username : Authentication result id=%result auth_result=%auth_result (%err_text)', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 707 | 708 |
} |
| 708 | 709 |
|
| 709 | 710 |
return array($authentication_result, $ldap_user, $ldap_server); |
| 710 | 711 |
} |
| 711 | 712 |
|
| 712 | 713 |
function ldap_authentication_fail_response($authentication_result, $auth_conf, $detailed_watchdog_log, &$watchdog_tokens) {
|
| 713 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result);
|
|
| 714 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result); |
|
| 714 | 715 |
// fail scenario 1. ldap auth exclusive and failed throw error so no other authentication methods are allowed |
| 715 | 716 |
if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
|
| 716 | 717 |
if ($detailed_watchdog_log) {
|
| ... | ... | |
| 754 | 755 |
break; |
| 755 | 756 |
|
| 756 | 757 |
case LDAP_AUTHENTICATION_RESULT_FAIL_FIND: |
| 757 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 758 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 758 | 759 |
break; |
| 759 | 760 |
|
| 760 | 761 |
case LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED: |
| ... | ... | |
| 762 | 763 |
break; |
| 763 | 764 |
|
| 764 | 765 |
case LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS: |
| 765 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 766 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 766 | 767 |
break; |
| 767 | 768 |
|
| 768 | 769 |
case LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC: |
| ... | ... | |
| 777 | 778 |
|
| 778 | 779 |
return $msg; |
| 779 | 780 |
} |
| 780 |
|
|
Formats disponibles : Unified diff
Weekly update of contrib modules