From 89cbf152f6742c0c8ae2d0cf5876505a67008b14 Mon Sep 17 00:00:00 2001 From: Patrik Forsberg Date: Tue, 2 Feb 2021 07:13:48 +0100 Subject: [PATCH] Fixes issues with binding and authenticating users in nested groups (#12398) * Fixes issues with binding and authenticating users in nested groups Signed-off-by: Patrik Forsberg * re-instated the user group check for nested groups after identifying the real issue in ActiveDirectoryAuthorizer.php added fix for special characters in group checker in ActiveDirectoryAuthorizer.php Signed-off-by: Patrik Forsberg * fix for styleci/pr issues in ActiveDirectoryAuthorizer.php Signed-off-by: Patrik Forsberg * further fixes for styleci/pr in ActiveDirectoryAuthorizer.php Signed-off-by: Patrik Forsberg * fixed return value from userExists in ActiveDirectoryAuthorizer to return boolean instead of integer Signed-off-by: Patrik Forsberg * fix for styleci/pr issues Signed-off-by: Patrik Forsberg * cleanup * don't use boolval on int... Co-authored-by: Tony Murray --- LibreNMS/Authentication/ActiveDirectoryAuthorizer.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/LibreNMS/Authentication/ActiveDirectoryAuthorizer.php b/LibreNMS/Authentication/ActiveDirectoryAuthorizer.php index fe65907e3a..3d99751b5c 100644 --- a/LibreNMS/Authentication/ActiveDirectoryAuthorizer.php +++ b/LibreNMS/Authentication/ActiveDirectoryAuthorizer.php @@ -90,7 +90,8 @@ class ActiveDirectoryAuthorizer extends AuthorizerBase throw new AuthenticationException(); } - $group_dn = $result[0]['dn']; + // special character handling + $group_dn = addcslashes($result[0]['dn'], '()'); $search = ldap_search( $connection, @@ -118,10 +119,10 @@ class ActiveDirectoryAuthorizer extends AuthorizerBase $entries = ldap_get_entries($connection, $search); if ($entries['count']) { - return 1; + return true; } - return 0; + return false; } public function getUserlevel($username) @@ -226,7 +227,7 @@ class ActiveDirectoryAuthorizer extends AuthorizerBase ldap_set_option($this->ldap_connection, LDAP_OPT_NETWORK_TIMEOUT, -1); // restore timeout if ($bind_result) { - return; + return $bind_result; } ldap_set_option($this->ldap_connection, LDAP_OPT_NETWORK_TIMEOUT, Config::get('auth_ad_timeout', 5));