From 9b0bd4c15a0be253410de25aa211268b763c9d3c Mon Sep 17 00:00:00 2001 From: Tony Murray Date: Fri, 3 Jun 2016 10:56:42 -0500 Subject: [PATCH] Rename $ds to $ldap_connection $ds is a global variable, there are many name collisions in the code. Rename it to avoid the collisions. --- .../authentication/active_directory.inc.php | 58 +++++++++---------- .../authentication/ad-authorization.inc.php | 40 ++++++------- .../authentication/ldap-authorization.inc.php | 32 +++++----- html/includes/authentication/ldap.inc.php | 44 +++++++------- 4 files changed, 87 insertions(+), 87 deletions(-) diff --git a/html/includes/authentication/active_directory.inc.php b/html/includes/authentication/active_directory.inc.php index d936b44c8d..e6dda6b7e0 100644 --- a/html/includes/authentication/active_directory.inc.php +++ b/html/includes/authentication/active_directory.inc.php @@ -8,25 +8,25 @@ if (isset($config['auth_ad_check_certificates']) && putenv('LDAPTLS_REQCERT=never'); }; -$ds = @ldap_connect($config['auth_ad_url']); +$ldap_connection = @ldap_connect($config['auth_ad_url']); // disable referrals and force ldap version to 3 -ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); -ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); +ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); +ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3); function authenticate($username, $password) { - global $config, $ds; + global $config, $ldap_connection; - if ($ds) { + if ($ldap_connection) { // bind with sAMAccountName instead of full LDAP DN - if ($username && ldap_bind($ds, "{$username}@{$config['auth_ad_domain']}", $password)) { + if ($username && ldap_bind($ldap_connection, "{$username}@{$config['auth_ad_domain']}", $password)) { // group membership in one of the configured groups is required if (isset($config['auth_ad_require_groupmembership']) && $config['auth_ad_require_groupmembership'] > 0) { - $search = ldap_search($ds, $config['auth_ad_base_dn'], + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$username})", array('memberOf')); - $entries = ldap_get_entries($ds, $search); + $entries = ldap_get_entries($ldap_connection, $search); $user_authenticated = 0; @@ -53,7 +53,7 @@ function authenticate($username, $password) { } } else { - echo ldap_error($ds); + echo ldap_error($ldap_connection); } return 0; @@ -108,11 +108,11 @@ function user_exists_in_db($username) { } function user_exists($username) { - global $config, $ds; + global $config, $ldap_connection; - $search = ldap_search($ds, $config['auth_ad_base_dn'], + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$username})",array('samaccountname')); - $entries = ldap_get_entries($ds, $search); + $entries = ldap_get_entries($ldap_connection, $search); if ($entries['count']) { @@ -124,14 +124,14 @@ function user_exists($username) { function get_userlevel($username) { - global $config, $ds; + global $config, $ldap_connection; $userlevel = 0; // Find all defined groups $username is in - $search = ldap_search($ds, $config['auth_ad_base_dn'], + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$username})", array('memberOf')); - $entries = ldap_get_entries($ds, $search); + $entries = ldap_get_entries($ldap_connection, $search); // Loop the list and find the highest level foreach ($entries[0]['memberof'] as $entry) { @@ -146,12 +146,12 @@ function get_userlevel($username) { function get_userid($username) { - global $config, $ds; + global $config, $ldap_connection; $attributes = array('objectsid'); - $search = ldap_search($ds, $config['auth_ad_base_dn'], + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$username})", $attributes); - $entries = ldap_get_entries($ds, $search); + $entries = ldap_get_entries($ldap_connection, $search); if ($entries['count']) { return preg_replace('/.*-(\d+)$/','$1',sid_from_ldap($entries[0]['objectsid'][0])); @@ -172,7 +172,7 @@ function deluser($username) { function get_userlist() { - global $config, $ds; + global $config, $ldap_connection; $userlist = array(); $userhash = array(); @@ -180,14 +180,14 @@ function get_userlist() { foreach($ldap_groups as $ldap_group) { $group_cn = get_cn($ldap_group); - $search = ldap_search($ds, $config['auth_ad_base_dn'], "(cn={$group_cn})", array('member')); - $entries = ldap_get_entries($ds, $search); + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(cn={$group_cn})", array('member')); + $entries = ldap_get_entries($ldap_connection, $search); foreach($entries[0]['member'] as $member) { $member_cn = get_cn($member); - $search = ldap_search($ds, $config['auth_ad_base_dn'], "(cn={$member_cn})", + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(cn={$member_cn})", array('sAMAccountname', 'displayName', 'objectSID', 'mail')); - $results = ldap_get_entries($ds, $search); + $results = ldap_get_entries($ldap_connection, $search); foreach($results as $result) { if(isset($result['samaccountname'][0])) { $userid = preg_replace('/.*-(\d+)$/','$1', @@ -235,12 +235,12 @@ function update_user($user_id, $realname, $level, $can_modify_passwd, $email) { function get_fullname($username) { - global $config, $ds; + global $config, $ldap_connection; $attributes = array('name'); - $result = ldap_search($ds, $config['auth_ad_base_dn'], + $result = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$username})", $attributes); - $entries = ldap_get_entries($ds, $result); + $entries = ldap_get_entries($ldap_connection, $result); if ($entries['count'] > 0) { $membername = $entries[0]['name'][0]; } @@ -279,13 +279,13 @@ function get_group_list() { } function get_dn($samaccountname) { - global $config, $ds; + global $config, $ldap_connection; $attributes = array('dn'); - $result = ldap_search($ds, $config['auth_ad_base_dn'], + $result = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$samaccountname})", $attributes); - $entries = ldap_get_entries($ds, $result); + $entries = ldap_get_entries($ldap_connection, $result); if ($entries['count'] > 0) { return $entries[0]['dn']; } diff --git a/html/includes/authentication/ad-authorization.inc.php b/html/includes/authentication/ad-authorization.inc.php index 2f30129984..750c3f62dd 100644 --- a/html/includes/authentication/ad-authorization.inc.php +++ b/html/includes/authentication/ad-authorization.inc.php @@ -104,14 +104,14 @@ function user_exists_in_db($username) { } function user_exists($username) { - global $config, $ds; + global $config, $ldap_connection; if (auth_ldap_session_cache_get ('user_exists')) return 1; - $search = ldap_search($ds, $config['auth_ad_base_dn'], + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname=${username})",array('samaccountname')); - $entries = ldap_get_entries($ds, $search); + $entries = ldap_get_entries($ldap_connection, $search); if ($entries['count']) { /* @@ -127,7 +127,7 @@ function user_exists($username) { function get_userlevel($username) { - global $config, $ds; + global $config, $ldap_connection; $userlevel = auth_ldap_session_cache_get ('userlevel'); if ($userlevel) { @@ -138,9 +138,9 @@ function get_userlevel($username) { } // Find all defined groups $username is in - $search = ldap_search($ds, $config['auth_ad_base_dn'], + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$username})", array('memberOf')); - $entries = ldap_get_entries($ds, $search); + $entries = ldap_get_entries($ldap_connection, $search); // Loop the list and find the highest level foreach ($entries[0]['memberof'] as $entry) { @@ -156,7 +156,7 @@ function get_userlevel($username) { function get_userid($username) { - global $config, $ds; + global $config, $ldap_connection; $user_id = auth_ldap_session_cache_get ('userid'); if (isset ($user_id)) { @@ -167,9 +167,9 @@ function get_userid($username) { } $attributes = array('objectsid'); - $search = ldap_search($ds, $config['auth_ad_base_dn'], + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$username})", $attributes); - $entries = ldap_get_entries($ds, $search); + $entries = ldap_get_entries($ldap_connection, $search); if ($entries['count']) { $user_id = preg_replace('/.*-(\d+)$/','$1',sid_from_ldap($entries[0]['objectsid'][0])); @@ -191,7 +191,7 @@ function deluser($username) { function get_userlist() { - global $config, $ds; + global $config, $ldap_connection; $userlist = array(); $userhash = array(); @@ -199,14 +199,14 @@ function get_userlist() { foreach($ldap_groups as $ldap_group) { $group_cn = get_cn($ldap_group); - $search = ldap_search($ds, $config['auth_ad_base_dn'], "(cn={$group_cn})", array('member')); - $entries = ldap_get_entries($ds, $search); + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(cn={$group_cn})", array('member')); + $entries = ldap_get_entries($ldap_connection, $search); foreach($entries[0]['member'] as $member) { $member_cn = get_cn($member); - $search = ldap_search($ds, $config['auth_ad_base_dn'], "(cn={$member_cn})", + $search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(cn={$member_cn})", array('sAMAccountname', 'displayName', 'objectSID', 'mail')); - $results = ldap_get_entries($ds, $search); + $results = ldap_get_entries($ldap_connection, $search); foreach($results as $result) { if(isset($result['samaccountname'][0])) { $userid = preg_replace('/.*-(\d+)$/','$1', @@ -254,12 +254,12 @@ function update_user($user_id, $realname, $level, $can_modify_passwd, $email) { function get_fullname($username) { - global $config, $ds; + global $config, $ldap_connection; $attributes = array('name'); - $result = ldap_search($ds, $config['auth_ad_base_dn'], + $result = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$username})", $attributes); - $entries = ldap_get_entries($ds, $result); + $entries = ldap_get_entries($ldap_connection, $result); if ($entries['count'] > 0) { $membername = $entries[0]['name'][0]; } @@ -298,13 +298,13 @@ function get_group_list() { } function get_dn($samaccountname) { - global $config, $ds; + global $config, $ldap_connection; $attributes = array('dn'); - $result = ldap_search($ds, $config['auth_ad_base_dn'], + $result = ldap_search($ldap_connection, $config['auth_ad_base_dn'], "(samaccountname={$samaccountname})", $attributes); - $entries = ldap_get_entries($ds, $result); + $entries = ldap_get_entries($ldap_connection, $result); if ($entries['count'] > 0) { return $entries[0]['dn']; } diff --git a/html/includes/authentication/ldap-authorization.inc.php b/html/includes/authentication/ldap-authorization.inc.php index 5b68fdf82f..afda92e299 100644 --- a/html/includes/authentication/ldap-authorization.inc.php +++ b/html/includes/authentication/ldap-authorization.inc.php @@ -112,14 +112,14 @@ function adduser ($username, $password, $level, $email = '', $realname = '', $ca function user_exists ($username) { - global $config, $ds; + global $config, $ldap_connection; if (auth_ldap_session_cache_get ('user_exists')) return 1; $filter = '(' . $config['auth_ldap_prefix'] . $username . ')'; - $search = ldap_search ($ds, trim ($config['auth_ldap_suffix'], ','), $filter); - $entries = ldap_get_entries ($ds, $search); + $search = ldap_search ($ldap_connection, trim ($config['auth_ldap_suffix'], ','), $filter); + $entries = ldap_get_entries ($ldap_connection, $search); if ($entries['count']) { /* * Cache positiv result as this will result in more queries which we @@ -139,7 +139,7 @@ function user_exists ($username) { function get_userlevel ($username) { - global $config, $ds; + global $config, $ldap_connection; $userlevel = auth_ldap_session_cache_get ('userlevel'); if ($userlevel) { @@ -150,8 +150,8 @@ function get_userlevel ($username) { // Find all defined groups $username is in $filter = '(&(|(cn=' . join (')(cn=', array_keys ($config['auth_ldap_groups'])) . '))(' . $config['auth_ldap_groupmemberattr'] .'=' . get_membername ($username) . '))'; - $search = ldap_search ($ds, $config['auth_ldap_groupbase'], $filter); - $entries = ldap_get_entries($ds, $search); + $search = ldap_search ($ldap_connection, $config['auth_ldap_groupbase'], $filter); + $entries = ldap_get_entries($ldap_connection, $search); // Loop the list and find the highest level foreach ($entries as $entry) { @@ -168,7 +168,7 @@ function get_userlevel ($username) { function get_userid ($username) { - global $config, $ds; + global $config, $ldap_connection; $user_id = auth_ldap_session_cache_get ('userid'); if (isset ($user_id)) { @@ -178,8 +178,8 @@ function get_userid ($username) { } $filter = '(' . $config['auth_ldap_prefix'] . $username . ')'; - $search = ldap_search ($ds, trim ($config['auth_ldap_suffix'], ','), $filter); - $entries = ldap_get_entries ($ds, $search); + $search = ldap_search ($ldap_connection, trim ($config['auth_ldap_suffix'], ','), $filter); + $entries = ldap_get_entries ($ldap_connection, $search); if ($entries['count']) { $user_id = $entries[0]['uidnumber'][0]; @@ -197,13 +197,13 @@ function deluser ($username) { function get_userlist () { - global $config, $ds; + global $config, $ldap_connection; $userlist = array (); $filter = '(' . $config['auth_ldap_prefix'] . '*)'; - $search = ldap_search ($ds, trim ($config['auth_ldap_suffix'], ','), $filter); - $entries = ldap_get_entries ($ds, $search); + $search = ldap_search ($ldap_connection, trim ($config['auth_ldap_suffix'], ','), $filter); + $entries = ldap_get_entries ($ldap_connection, $search); if ($entries['count']) { foreach ($entries as $entry) { @@ -214,7 +214,7 @@ function get_userlist () { $ldap_groups = get_group_list (); foreach ($ldap_groups as $ldap_group) { $ldap_comparison = ldap_compare( - $ds, + $ldap_connection, $ldap_group, $config['auth_ldap_groupmemberattr'], get_membername($username) @@ -256,14 +256,14 @@ function update_user ($user_id, $realname, $level, $can_modify_passwd, $email) { function get_membername ($username) { - global $config, $ds; + global $config, $ldap_connection; if ($config['auth_ldap_groupmembertype'] == 'fulldn') { $membername = $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix']; } elseif ($config['auth_ldap_groupmembertype'] == 'puredn') { $filter = '(' . $config['auth_ldap_attr']['uid'] . '=' . $username . ')'; - $search = ldap_search($ds, $config['auth_ldap_groupbase'], $filter); - $entries = ldap_get_entries($ds, $search); + $search = ldap_search($ldap_connection, $config['auth_ldap_groupbase'], $filter); + $entries = ldap_get_entries($ldap_connection, $search); $membername = $entries[0]['dn']; } else { diff --git a/html/includes/authentication/ldap.inc.php b/html/includes/authentication/ldap.inc.php index a9679072fd..4948b63796 100644 --- a/html/includes/authentication/ldap.inc.php +++ b/html/includes/authentication/ldap.inc.php @@ -12,14 +12,14 @@ if ($config['auth_ldap_starttls'] && ($config['auth_ldap_starttls'] == 'optional function authenticate($username, $password) { - global $config, $ds; + global $config, $ldap_connection; - if ($username && $ds) { + if ($username && $ldap_connection) { if ($config['auth_ldap_version']) { - ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config['auth_ldap_version']); + ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, $config['auth_ldap_version']); } - if (ldap_bind($ds, $config['auth_ldap_prefix'].$username.$config['auth_ldap_suffix'], $password)) { + if (ldap_bind($ldap_connection, $config['auth_ldap_prefix'].$username.$config['auth_ldap_suffix'], $password)) { if (!$config['auth_ldap_group']) { return 1; } @@ -27,7 +27,7 @@ function authenticate($username, $password) { $ldap_groups = get_group_list(); foreach ($ldap_groups as $ldap_group) { $ldap_comparison = ldap_compare( - $ds, + $ldap_connection, $ldap_group, $config['auth_ldap_groupmemberattr'], get_membername($username) @@ -39,7 +39,7 @@ function authenticate($username, $password) { } } else { - echo ldap_error($ds); + echo ldap_error($ldap_connection); } } else { @@ -83,11 +83,11 @@ function adduser($username, $password, $level, $email='', $realname='', $can_mod function user_exists($username) { - global $config, $ds; + global $config, $ldap_connection; $filter = '('.$config['auth_ldap_prefix'].$username.')'; - $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ','), $filter); - $entries = ldap_get_entries($ds, $search); + $search = ldap_search($ldap_connection, trim($config['auth_ldap_suffix'], ','), $filter); + $entries = ldap_get_entries($ldap_connection, $search); if ($entries['count']) { return 1; } @@ -98,14 +98,14 @@ function user_exists($username) { function get_userlevel($username) { - global $config, $ds; + global $config, $ldap_connection; $userlevel = 0; // Find all defined groups $username is in $filter = '(&(|(cn='.join(')(cn=', array_keys($config['auth_ldap_groups'])).'))('.$config['auth_ldap_groupmemberattr'].'='.get_membername($username).'))'; - $search = ldap_search($ds, $config['auth_ldap_groupbase'], $filter); - $entries = ldap_get_entries($ds, $search); + $search = ldap_search($ldap_connection, $config['auth_ldap_groupbase'], $filter); + $entries = ldap_get_entries($ldap_connection, $search); // Loop the list and find the highest level foreach ($entries as $entry) { @@ -121,11 +121,11 @@ function get_userlevel($username) { function get_userid($username) { - global $config, $ds; + global $config, $ldap_connection; $filter = '('.$config['auth_ldap_prefix'].$username.')'; - $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ','), $filter); - $entries = ldap_get_entries($ds, $search); + $search = ldap_search($ldap_connection, trim($config['auth_ldap_suffix'], ','), $filter); + $entries = ldap_get_entries($ldap_connection, $search); if ($entries['count']) { return $entries[0]['uidnumber'][0]; @@ -144,13 +144,13 @@ function deluser($username) { function get_userlist() { - global $config, $ds; + global $config, $ldap_connection; $userlist = array(); $filter = '('.$config['auth_ldap_prefix'].'*)'; - $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ','), $filter); - $entries = ldap_get_entries($ds, $search); + $search = ldap_search($ldap_connection, trim($config['auth_ldap_suffix'], ','), $filter); + $entries = ldap_get_entries($ldap_connection, $search); if ($entries['count']) { foreach ($entries as $entry) { @@ -161,7 +161,7 @@ function get_userlist() { $ldap_groups = get_group_list(); foreach ($ldap_groups as $ldap_group) { $ldap_comparison = ldap_compare( - $ds, + $ldap_connection, $ldap_group, $config['auth_ldap_groupmemberattr'], get_membername($username) @@ -205,14 +205,14 @@ function update_user($user_id, $realname, $level, $can_modify_passwd, $email) { function get_membername($username) { - global $config, $ds; + global $config, $ldap_connection; if ($config['auth_ldap_groupmembertype'] == 'fulldn') { $membername = $config['auth_ldap_prefix'].$username.$config['auth_ldap_suffix']; } elseif ($config['auth_ldap_groupmembertype'] == 'puredn') { $filter = '('.$config['auth_ldap_attr']['uid'].'='.$username.')'; - $search = ldap_search($ds, $config['auth_ldap_groupbase'], $filter); - $entries = ldap_get_entries($ds, $search); + $search = ldap_search($ldap_connection, $config['auth_ldap_groupbase'], $filter); + $entries = ldap_get_entries($ldap_connection, $search); $membername = $entries[0]['dn']; } else {