Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
  #1  
Old 01-22-2010, 08:54 PM
danlavu danlavu is offline
 
Join Date: Dec 2009
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default ldap authentication admincp

I've been modifying malcomx's code (https://vborg.vbsupport.ru/showthrea...highlight=ldap) so I can achieve a couple of things.

- To have a bind user query the directory, so it's more secure
- To have admincp and modcp be ldap authenticated

So, I haven't coded in a long, LONG time, and when I did code it was in Java, but getting back into it, it wasn't *that* difficult but I'm running into a snag I was wondering if somebody can help me with.

Note:

Regular users work fine, ldap works, no password, wrong password, bad user, kicks the user out of the system.

Admincp on the other hand, bad username kicks the them out, but any user that is found in ldap is permitted to login, if they do not have admin access, the page just refreshes, but if they have admin privileges, regardless of whatever password they put in, they're allowed to login.

The same code works for regular users for a normal login, so if anybody has any insight to why this might not be working, I think this would help anybody who wanted full ldap authentication for their systems.

For some reason, regardless of whatever I put in, the bind is successful.

Thanks for looking.

Code:
<?php
//
// main php file for vBulletin authentication against LDAP
// (c) andreas sartori, 2006
//

error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'controller.php');
define('LDDEBUG', true);

// some basic requirements
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');
require_once(DIR . '/ldapAuth/ldapfunctions.inc.php');
require_once(DIR . '/ldapAuth/ldapconfig.inc.php');

if(defined('LDDEBUG')) { $fp=fopen('/tmp/apache.debug', "a+"); }
if(defined('LDDEBUG')) { wrlog("++ -------- START -------- ++"); }

// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
        if(defined('LDDEBUG')) { wrlog("++ LoginType:\t Login to admincp or modcp"); }

        //if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
        //return;

        //if ($vbulletin->GPC['vb_login_password'] == '')
        //{
        //      if(defined('LDDEBUG')) { wrlog("-- LoginError:\t No Password"); }
                //if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
        //      eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
        //}

        // create the ldap search filter
        $ldapFilter = "(samaccountname=" . $vbulletin->GPC['vb_login_username'] .")";
        if(defined('LDDEBUG')) { wrlog("++ LdapFiler:\t $ldapFilter"); }

        // connect to the LDAP Server
        $ldapConnection = ldap_connect($ldapServer, $ldapPort);

        if($ldapConnection)
        {
                $ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
                if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t connection successful"); }
                // search for the username and get the DN
                $searchDn=ldap_search($ldapConnection,$ldapBase,$ldapFilter);
                $searchResult=ldap_get_entries($ldapConnection,$searchDn);

                // if no user is found in ldap, redirect to standard error
                if(sizeof($searchResult) < 2)
                {
                        if(defined('LDDEBUG')) { wrlog("++ LdapSearch:\t there is no such user in the directory"); }
                        if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
                        eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'],$strikes)));
                }

                // write the FIRST found DN to $bindDn;
                $bindDn=$searchResult[0]['dn'];
                if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $bindDn"); }


                // bind to the ldap server with specified credentials (dn, password)
                $ldap_bind = @ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);

                if($ldap_bind)
                {
                if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t bind successful"); }
                }
                else
                {
                if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t bind failed"); }
                }


                if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $ldapConnection"); }
                if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $bindDn"); }
                if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $vbulletin->GPC['vb_login_password']"); }
                if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $ldap_bind"); }
                // close the server connection
                ldap_close($ldapConnection);

                // ldap bind did not succeed, wrong username/password combination
                if ($ldap_bind != 1)
                {
                        if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t ldap bind did not succeed"); }
                        if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
                        eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
                }
                else
                {
                        //generate a template for vBulletin user database
                        //$randomSalt=genSalt();
                        //$randomPass=md5(crypt($randomSalt,$randomSalt));
                        //$newuser =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
                        //$newuser->set('username', $vbulletin->GPC['vb_login_username']);

                        // get the email address from ldap
                        //$ldapConnection = ldap_connect($ldapServer, $ldapPort);
                        //if($ldapConnection)
                        //{
                        //$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
                                //if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t Fetching email address"); }
                                //$searchEmail=ldap_search($ldapConnection,$ldapBase,$ldapFilter, $ldapEmailAttr);
                                //$userEmail=ldap_get_entries($ldapConnection,$searchEmail);
                                //if(sizeof($userEmail) < 2)
                                //{
                                //      if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t user has no emailaddress"); }
                                //      $newuser->set('email', $noEmailExists);
                                //}
                                //else
                                //{
                                //      if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t user has an email address"); }
                                //      $newuser->set('email', $userEmail[0]['mail'][0]);
                                //}
                        //}

                        //ldap_close($ldapConnection);

                        //$newuser->set('password', $randomPass);
                        //$newuser->set('usergroupid', 2);

                        //$newuser->pre_save();

                        // try to create the user in vBulletin; if it works save the dataset else just login
                        //if (!empty($newuser->errors))
                        //{
                                //if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t user already in vBulletin"); }
                                //$vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
                                $vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
                                verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
                                exec_unstrike_user($vbulletin->GPC['vb_login_username']);
                                process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
                                if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t logging in"); if($fp) { fclose($fp); } }
                                do_login_redirect();
                        //}
                        //else
                        //{
                        //      if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t creating user in vBulletin database"); }
                        //      $newuser->set_info('coppauser', false);
                        //      $vbulletin->userinfo['userid']
                        //      = $userid
                        //      = $newuser->save();
                        //      $vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
                        //      $vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
                        //      verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
                        //      exec_unstrike_user($vbulletin->GPC['vb_login_username']);
                        //      process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
                        //      if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t logging in"); if($fp) { fclose($fp); } }
                        //      do_login_redirect();
                        //}
                }
        }
}

if(defined('LDDEBUG')) { wrlog("++ LoginType:\t Normal Login"); }

// if there is no password submitted, redirect to standard error
if ($vbulletin->GPC['vb_login_password'] == '')
{
        if(defined('LDDEBUG')) { wrlog("-- LoginError:\t No Password"); }
        if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
        eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}

// create the ldap search filter
$ldapFilter = "(samaccountname=" . $vbulletin->GPC['vb_login_username'] .")";
if(defined('LDDEBUG')) { wrlog("++ LdapFiler:\t $ldapFilter"); }

// connect to the LDAP Server
$ldapConnection = ldap_connect($ldapServer, $ldapPort);

if($ldapConnection)
{
        $ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
        if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t connection successful"); }
        // search for the username and get the DN
        $searchDn=ldap_search($ldapConnection,$ldapBase,$ldapFilter);
        $searchResult=ldap_get_entries($ldapConnection,$searchDn);

        // if no user is found in ldap, redirect to standard error
        if(sizeof($searchResult) < 2)
        {
                if(defined('LDDEBUG')) { wrlog("++ LdapSearch:\t there is no such user in the directory"); }
                if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
                eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'],$strikes)));
        }

        // write the FIRST found DN to $bindDn;
        $bindDn=$searchResult[0]['dn'];

        // bind to the ldap server with specified credentials (dn, password)
        $ldap_bind = @ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);

        // close the server connection
        ldap_close($ldapConnection);

        if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $ldapConnection"); }
        if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $bindDn"); }
        if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $vbulletin->GPC['vb_login_password']"); }


        // ldap bind did not succeed, wrong username/password combination
        if ($ldap_bind != 1)
        {
                if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t ldap bind did not succeed"); }
                if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
                eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
        }
        else
        {
                // generate a template for vBulletin user database
                $randomSalt=genSalt();
                $randomPass=md5(crypt($randomSalt,$randomSalt));
                $newuser =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
                $newuser->set('username', $vbulletin->GPC['vb_login_username']);

                // get the email address from ldap
                $ldapConnection = ldap_connect($ldapServer, $ldapPort);
                if($ldapConnection)
                {
                        $ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
                        if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t Fetching email address"); }
                        $searchEmail=ldap_search($ldapConnection,$ldapBase,$ldapFilter, $ldapEmailAttr);
                        $userEmail=ldap_get_entries($ldapConnection,$searchEmail);
                        if(sizeof($userEmail) < 2)
                        {
                                if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t user has no emailaddress"); }
                                $newuser->set('email', $noEmailExists);
                        }
                        else
                        {
                                if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t user has an email address"); }
                                $newuser->set('email', $userEmail[0]['mail'][0]);
                        }
                }

                ldap_close($ldapConnection);

                $newuser->set('password', $randomPass);
                $newuser->set('usergroupid', 2);

                $newuser->pre_save();

                // try to create the user in vBulletin; if it works save the dataset else just login
                if (!empty($newuser->errors))
                {
                        if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t user already in vBulletin"); }
                        $vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
                        $vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
                        verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
                        exec_unstrike_user($vbulletin->GPC['vb_login_username']);
                        process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
                        if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t logging in"); if($fp) { fclose($fp); } }
                        do_login_redirect();
                }
                else
                {
                        if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t creating user in vBulletin database"); }
                        $newuser->set_info('coppauser', false);
                        $vbulletin->userinfo['userid']
                        = $userid
                        = $newuser->save();
                        $vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
                        $vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
                        verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
                        exec_unstrike_user($vbulletin->GPC['vb_login_username']);
                        process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
                        if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t logging in"); if($fp) { fclose($fp); } }
                        do_login_redirect();
                }
        }
}
if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
?>
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:18 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03765 seconds
  • Memory Usage 2,197KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete