mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-20 03:16:12 +00:00
system: remove authmode_fallback, allow multiple authmode #1929
Simplifies and alignes the code, although that is a backwards- incompatible change that should never have happened. Still a few things to do and extensive testing.
This commit is contained in:
Franco Fichtner
parent
6d0b93b856
commit
b78654eb98
@ -202,37 +202,17 @@ function session_auth(&$Login_Error)
|
||||
|
||||
/* Validate incoming login request */
|
||||
if (isset($_POST['login']) && !empty($_POST['usernamefld']) && !empty($_POST['passwordfld'])) {
|
||||
$authcfg = auth_get_authserver("Local Database");
|
||||
$authcfg_fallback = auth_get_authserver("Local Database");
|
||||
|
||||
if (isset($config['system']['webgui']['authmode'])) {
|
||||
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
|
||||
}
|
||||
|
||||
if (!empty($config['system']['webgui']['authmode_fallback'])) {
|
||||
if ($config['system']['webgui']['authmode_fallback'] == "__NO_FALLBACK__") {
|
||||
// no fallback
|
||||
$authcfg_fallback = false;
|
||||
} else {
|
||||
$authcfg_fallback = auth_get_authserver($config['system']['webgui']['authmode_fallback']);
|
||||
}
|
||||
}
|
||||
|
||||
if ($authcfg == $authcfg_fallback) {
|
||||
// it doesn't make sense to fallback to the same authenticator
|
||||
$authcfg_fallback = false;
|
||||
}
|
||||
|
||||
// authenticate using config settings, or local if failed
|
||||
$authenticator = get_authenticator($authcfg);
|
||||
$authservers = !empty($config['system']['webgui']['authmode']) ?
|
||||
explode(',', $config['system']['webgui']['authmode']) : array('Local Database');
|
||||
$is_authenticated = false;
|
||||
if ($authenticator != null && $authenticator->authenticate($_POST['usernamefld'], $_POST['passwordfld'])) {
|
||||
$is_authenticated = true;
|
||||
}
|
||||
if (!$is_authenticated && $authcfg_fallback !== false) {
|
||||
$authenticator = get_authenticator($authcfg_fallback);
|
||||
|
||||
foreach ($authservers as $authserver) {
|
||||
/* XXX careful, dereferenced below */
|
||||
$authenticator = get_authenticator(auth_get_authserver($authserver));
|
||||
if ($authenticator != null && $authenticator->authenticate($_POST['usernamefld'], $_POST['passwordfld'])) {
|
||||
$is_authenticated = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -55,42 +55,31 @@ while (($char = fgetc($fp)) !== false) {
|
||||
}
|
||||
}
|
||||
|
||||
$is_authenticated = false;
|
||||
$exit_status = -1;
|
||||
|
||||
if (!empty($auth_data['user']) && isset($auth_data['password'])) {
|
||||
$authcfg = auth_get_authserver("Local Database");
|
||||
$authcfg_fallback = auth_get_authserver("Local Database");
|
||||
$authservers = !empty($config['system']['webgui']['authmode']) ?
|
||||
explode(',', $config['system']['webgui']['authmode']) : array('Local Database');
|
||||
|
||||
if (isset($config['system']['webgui']['authmode'])) {
|
||||
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
|
||||
}
|
||||
|
||||
if (!empty($config['system']['webgui']['authmode_fallback'])) {
|
||||
if ($config['system']['webgui']['authmode_fallback'] == "__NO_FALLBACK__") {
|
||||
// no fallback
|
||||
$authcfg_fallback = false;
|
||||
} else {
|
||||
$authcfg_fallback = auth_get_authserver($config['system']['webgui']['authmode_fallback']);
|
||||
foreach ($authservers as $authserver) {
|
||||
if (authenticate_user($auth_data['user'], $auth_data['password'], auth_get_authserver($authserver))) {
|
||||
$is_authenticated = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (authenticate_user($auth_data['user'], $auth_data['password'], $authcfg)) {
|
||||
// auth OK
|
||||
if ($is_authenticated) {
|
||||
syslog(LOG_NOTICE, "user '".$auth_data['user']."' authenticated successfully\n");
|
||||
$exit_status = 0;
|
||||
} elseif ($authcfg != $authcfg_fallback && $authcfg_fallback !== false &&
|
||||
authenticate_user($auth_data['user'], $auth_data['password'], $authcfg_fallback)) {
|
||||
// auth OK, using fallback
|
||||
syslog(LOG_NOTICE, "user '".$auth_data['user']."' authenticated successfully (using fallback)\n");
|
||||
$exit_status = 0;
|
||||
} else {
|
||||
if (getUserEntry($auth_data['user']) === false) {
|
||||
$exit_status = 2;
|
||||
$exit_status = 2;
|
||||
}
|
||||
|
||||
syslog(LOG_WARNING, "user '".$auth_data['user']."' could not authenticate.\n");
|
||||
}
|
||||
}
|
||||
|
||||
// failed auth, return exit status -1
|
||||
closelog();
|
||||
|
||||
exit($exit_status);
|
||||
|
||||
@ -189,7 +189,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$input_errors[] = gettext("RADIUS Timeout value must be numeric and positive.");
|
||||
}
|
||||
if (empty($pconfig['name'])) {
|
||||
$input_errors[] = gettext("A server name must be provided");
|
||||
$input_errors[] = gettext('A server name must be provided.');
|
||||
} elseif (strpos($pconfig['name'], ',') !== false) {
|
||||
$input_errors[] = gettext('Invalid server name given.');
|
||||
}
|
||||
|
||||
if (count($input_errors) == 0) {
|
||||
|
||||
@ -33,8 +33,7 @@ require_once("guiconfig.inc");
|
||||
$save_and_test = false;
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$pconfig = array();
|
||||
$pconfig['authmode_fallback'] = !empty($config['system']['webgui']['authmode_fallback']) ? $config['system']['webgui']['authmode_fallback'] : "Local Database";
|
||||
foreach (array('session_timeout', 'authmode', 'password_policy_duration',
|
||||
foreach (array('session_timeout', 'password_policy_duration',
|
||||
'enable_password_policy_constraints',
|
||||
'password_policy_complexity', 'password_policy_length') as $fieldname) {
|
||||
if (!empty($config['system']['webgui'][$fieldname])) {
|
||||
@ -43,7 +42,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$pconfig[$fieldname] = null;
|
||||
}
|
||||
}
|
||||
|
||||
$pconfig['authmode'] = !empty($config['system']['webgui']['authmode']) ? explode(',', $config['system']['webgui']['authmode']) : array();
|
||||
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$pconfig = $_POST;
|
||||
$input_errors = array();
|
||||
@ -54,6 +53,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
if (count($input_errors) == 0) {
|
||||
$authsrv = auth_get_authserver($pconfig['authmode']);
|
||||
if (!empty($pconfig['savetest'])) {
|
||||
# XXX this needs repairing...
|
||||
if ($authsrv['type'] == "ldap") {
|
||||
$save_and_test = true;
|
||||
} else {
|
||||
@ -61,8 +61,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
}
|
||||
}
|
||||
|
||||
foreach (array('session_timeout', 'authmode', 'authmode_fallback', 'password_policy_duration',
|
||||
'enable_password_policy_constraints',
|
||||
foreach (array('session_timeout', 'password_policy_duration', 'enable_password_policy_constraints',
|
||||
'password_policy_complexity', 'password_policy_length') as $fieldname) {
|
||||
if (!empty($pconfig[$fieldname])) {
|
||||
$config['system']['webgui'][$fieldname] = $pconfig[$fieldname];
|
||||
@ -71,6 +70,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($pconfig['authmode'])) {
|
||||
$config['system']['webgui']['authmode'] = implode(',', $pconfig['authmode']);
|
||||
} elseif (isset($config['system']['webgui']['authmode'])) {
|
||||
unset($config['system']['webgui']['authmode']);
|
||||
}
|
||||
|
||||
write_config();
|
||||
}
|
||||
@ -78,9 +82,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
|
||||
legacy_html_escape_form_data($pconfig);
|
||||
include("head.inc");
|
||||
?>
|
||||
|
||||
?>
|
||||
<body>
|
||||
|
||||
<style>
|
||||
.password_policy_constraints {
|
||||
display:none;
|
||||
@ -136,10 +141,10 @@ endif;?>
|
||||
<tr>
|
||||
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Authentication Server"); ?></td>
|
||||
<td>
|
||||
<select name="authmode" class="selectpicker" data-style="btn-default" >
|
||||
<select name="authmode[]" multiple="multiple" class="selectpicker" data-style="btn-default">
|
||||
<?php
|
||||
foreach (auth_get_authserver_list() as $auth_key => $auth_server) :?>
|
||||
<option value="<?=$auth_key; ?>" <?=$auth_key == $pconfig['authmode'] ? "selected=\"selected\"" : "";?>>
|
||||
<option value="<?= $auth_key ?>" <?= in_array($auth_key, $pconfig['authmode']) ? 'selected="selected"' : '' ?>>
|
||||
<?=htmlspecialchars($auth_server['name']);?>
|
||||
</option>
|
||||
<?php
|
||||
@ -147,23 +152,6 @@ endif;?>
|
||||
</select>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Authentication Server (fallback)"); ?></td>
|
||||
<td>
|
||||
<select name="authmode_fallback" class="selectpicker" data-style="btn-default" >
|
||||
<?php
|
||||
foreach (auth_get_authserver_list() as $auth_key => $auth_server) :?>
|
||||
<option value="<?=$auth_key; ?>" <?=$auth_key == $pconfig['authmode_fallback'] ? "selected=\"selected\"" : "";?>>
|
||||
<?=htmlspecialchars($auth_server['name']);?>
|
||||
</option>
|
||||
<?php
|
||||
endforeach; ?>
|
||||
<option value="__NO_FALLBACK__" <?= $pconfig['authmode_fallback'] == "__NO_FALLBACK__" ? "selected=\"selected\"" : "";?> >
|
||||
<?=gettext("--No Fallback--");?>
|
||||
</option>
|
||||
</select>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_enable_password_policy_constraints" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Policy'); ?></td>
|
||||
<td>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user