Example #1
0
function authenticated_via_ldap($username, $password, &$ldap_displayname)
{
    global $LDAP_options, $debug_mode;
    if ($LDAP_options['cache_retry'] > $LDAP_options['cache_refresh'] or $LDAP_options['cache_refresh'] > $LDAP_options['cache_expiry']) {
        throw new RackTablesError('LDAP misconfiguration: refresh/retry/expiry mismatch', RackTablesError::MISCONFIGURED);
    }
    if ($LDAP_options['cache_expiry'] == 0) {
        // immediate expiry set means disabled cache
        return authenticated_via_ldap_nocache($username, $password, $ldap_displayname);
    }
    // authenticated_via_ldap_cache()'s way of locking can sometimes result in
    // a PDO error condition, which convertPDOException() was not able to dispatch.
    // To avoid reaching printPDOException() (which prints backtrace with password
    // argument in cleartext), any remaining PDO condition is converted locally.
    try {
        return authenticated_via_ldap_cache($username, $password, $ldap_displayname);
    } catch (PDOException $e) {
        if (isset($debug_mode) && $debug_mode) {
            // in debug mode re-throw DB exception as-is
            throw $e;
        } else {
            // re-create exception to hide private data from its backtrace
            throw new RackTablesError('LDAP caching error', RackTablesError::DB_WRITE_FAILED);
        }
    }
}
Example #2
0
function authenticated_via_ldap($username, $password, &$ldap_displayname)
{
    global $LDAP_options, $debug_mode;
    $LDAP_defaults = array('group_attr' => 'memberof', 'group_filter' => '/^[Cc][Nn]=([^,]+)/', 'cache_refresh' => 300, 'cache_retry' => 15, 'cache_expiry' => 600);
    foreach ($LDAP_defaults as $option_name => $option_value) {
        if (!array_key_exists($option_name, $LDAP_options)) {
            $LDAP_options[$option_name] = $option_value;
        }
    }
    try {
        // Destroy the cache each time config changes.
        if ($LDAP_options['cache_expiry'] != 0 && sha1(serialize($LDAP_options)) != loadScript('LDAPConfigHash')) {
            discardLDAPCache();
            saveScript('LDAPConfigHash', sha1(serialize($LDAP_options)));
            deleteScript('LDAPLastSuccessfulServer');
        }
        if ($LDAP_options['cache_retry'] > $LDAP_options['cache_refresh'] or $LDAP_options['cache_refresh'] > $LDAP_options['cache_expiry']) {
            throw new RackTablesError('LDAP misconfiguration: refresh/retry/expiry mismatch', RackTablesError::MISCONFIGURED);
        }
        if ($LDAP_options['cache_expiry'] == 0) {
            // immediate expiry set means disabled cache
            return authenticated_via_ldap_nocache($username, $password, $ldap_displayname);
        }
        // authenticated_via_ldap_cache()'s way of locking can sometimes result in
        // a PDO error condition that convertPDOException() was not able to dispatch.
        // To avoid reaching printPDOException() (which prints backtrace with password
        // argument in cleartext), any remaining PDO condition is converted locally.
        return authenticated_via_ldap_cache($username, $password, $ldap_displayname);
    } catch (PDOException $e) {
        if (isset($debug_mode) && $debug_mode) {
            // in debug mode re-throw DB exception as-is
            throw $e;
        } else {
            // re-create exception to hide private data from its backtrace
            throw new RackTablesError('LDAP caching error', RackTablesError::DB_WRITE_FAILED);
        }
    }
}