diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2009-11-15 15:17:25 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2009-11-15 15:17:25 +0100 |
| commit | e259aa7939e5d3cd704351d4d53d1d1497217a11 (patch) | |
| tree | 7ea32b1ec14a252f21c4980fd263e0ed67726f1f | |
| parent | 7917b6f2f2768c559c2b891f5c0077afe3eeef69 (diff) | |
| download | rpg-e259aa7939e5d3cd704351d4d53d1d1497217a11.tar.gz rpg-e259aa7939e5d3cd704351d4d53d1d1497217a11.tar.bz2 | |
Added isCaseSensitive() to auth backends FS#1657
Ignore-this: 3591e5a36126c72bd9b931e4aa832da8
darcs-hash:20091115141725-7ad00-7c2fc662d1999731660673d05299c4f357b797b3.gz
| -rw-r--r-- | inc/auth.php | 19 | ||||
| -rw-r--r-- | inc/auth/ad.class.php | 7 | ||||
| -rw-r--r-- | inc/auth/basic.class.php | 18 | ||||
| -rw-r--r-- | inc/auth/ldap.class.php | 7 | ||||
| -rw-r--r-- | inc/auth/mysql.class.php | 7 |
5 files changed, 50 insertions, 8 deletions
diff --git a/inc/auth.php b/inc/auth.php index 5995459fe..6483caff4 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -357,8 +357,17 @@ function auth_ismanager($user=null,$groups=null,$adminonly=false){ // prepare an array containing only true values for array_map call $alltrue = array_fill(0, count($superusers), true); $superusers = array_map('auth_nameencode', $superusers, $alltrue); + + // case insensitive? + if(!$auth->isCaseSensitive()){ + $superusers = array_map('utf8_strtolower',$superusers); + $user = utf8_strtolower($user); + } + + // check user match if(in_array($user, $superusers)) return true; + // check managers if(!$adminonly){ $managers = explode(',', $conf['manager']); $managers = array_unique($managers); @@ -366,6 +375,7 @@ function auth_ismanager($user=null,$groups=null,$adminonly=false){ // prepare an array containing only true values for array_map call $alltrue = array_fill(0, count($managers), true); $managers = array_map('auth_nameencode', $managers, $alltrue); + if(!$auth->isCaseSensitive()) $managers = array_map('utf8_strtolower',$managers); if(in_array($user, $managers)) return true; } @@ -376,6 +386,9 @@ function auth_ismanager($user=null,$groups=null,$adminonly=false){ $cnt = count($groups); for($i=0; $i<$cnt; $i++){ $groups[$i] = '@'.auth_nameencode($groups[$i]); + if(!$auth->isCaseSensitive()){ + $groups[$i] = utf8_strtolower($groups[$i]); + } } // check groups against superuser and manager @@ -447,6 +460,8 @@ function auth_aclcheck($id,$user,$groups){ //if user is superuser or in superusergroup return 255 (acl_admin) if(auth_isadmin($user,$groups)) { return AUTH_ADMIN; } + $ci = ''; + if(!$auth->isCaseSensitive()) $ci = 'ui'; $user = $auth->cleanUser($user); $groups = array_map(array($auth,'cleanGroup'),(array)$groups); @@ -473,7 +488,7 @@ function auth_aclcheck($id,$user,$groups){ } //check exact match first - $matches = preg_grep('/^'.preg_quote($id,'/').'\s+('.$regexp.')\s+/',$AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($id,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments @@ -497,7 +512,7 @@ function auth_aclcheck($id,$user,$groups){ } do{ - $matches = preg_grep('/^'.$path.'\s+('.$regexp.')\s+/',$AUTH_ACL); + $matches = preg_grep('/^'.$path.'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php index 8eb8b06d8..aac17f33c 100644 --- a/inc/auth/ad.class.php +++ b/inc/auth/ad.class.php @@ -178,6 +178,13 @@ class auth_ad extends auth_basic { } /** + * Most values in LDAP are case-insensitive + */ + function isCaseSensitive(){ + return false; + } + + /** * Initialize the AdLDAP library and connect to the server */ function _init(){ diff --git a/inc/auth/basic.class.php b/inc/auth/basic.class.php index a1f77dea5..c08422488 100644 --- a/inc/auth/basic.class.php +++ b/inc/auth/basic.class.php @@ -323,15 +323,23 @@ class auth_basic { } /** + * Return case sensitivity of the backend [OPTIONAL] + * + * When your backend is caseinsensitive (eg. you can login with USER and + * user) then you need to overwrite this method and return false + */ + function isCaseSensitive(){ + return true; + } + + /** * Sanitize a given username [OPTIONAL] * * This function is applied to any user name that is given to * the backend and should also be applied to any user name within * the backend before returning it somewhere. * - * This should be used to enforce username restrictions. Eg. when - * the backend is case insensitive all usernames should be lowercased - * here. + * This should be used to enforce username restrictions. * * @author Andreas Gohr <andi@splitbrain.org> * @param string $user - username @@ -348,9 +356,7 @@ class auth_basic { * the backend and should also be applied to any groupname within * the backend before returning it somewhere. * - * This should be used to enforce groupname restrictions. Eg. when - * the backend is case insensitive all groupames should be lowercased - * here. + * This should be used to enforce groupname restrictions. * * Groupnames are to be passed without a leading '@' here. * diff --git a/inc/auth/ldap.class.php b/inc/auth/ldap.class.php index 8eb797a11..c51924135 100644 --- a/inc/auth/ldap.class.php +++ b/inc/auth/ldap.class.php @@ -248,6 +248,13 @@ class auth_ldap extends auth_basic { } /** + * Most values in LDAP are case-insensitive + */ + function isCaseSensitive(){ + return false; + } + + /** * Make LDAP filter strings. * * Used by auth_getUserData to make the filter diff --git a/inc/auth/mysql.class.php b/inc/auth/mysql.class.php index 26cfb85d9..b1c6a3a52 100644 --- a/inc/auth/mysql.class.php +++ b/inc/auth/mysql.class.php @@ -401,6 +401,13 @@ class auth_mysql extends auth_basic { } /** + * MySQL is case-insensitive + */ + function isCaseSensitive(){ + return false; + } + + /** * Adds a user to a group. * * If $force is set to '1' non existing groups would be created. |