summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kolab-webadmin.spec.in2
-rw-r--r--php/admin/include/auth.class.php12
-rw-r--r--php/admin/include/authenticate.php3
-rw-r--r--www/admin/user/user.php3
4 files changed, 15 insertions, 5 deletions
diff --git a/kolab-webadmin.spec.in b/kolab-webadmin.spec.in
index 4ba0db5..d85edf7 100644
--- a/kolab-webadmin.spec.in
+++ b/kolab-webadmin.spec.in
@@ -42,7 +42,7 @@ Source0: kolab-webadmin-%{version}.tar.gz
Prefix: %{l_prefix}
BuildRoot: %{l_buildroot}
BuildPreReq: OpenPKG, openpkg >= 2.0.0
-PreReq: OpenPKG, openpkg >= 2.2.0, kolabd >= 1.9.4-20050221
+PreReq: OpenPKG, openpkg >= 2.2.0, kolabd >= 1.9.4-20050409
PreReq: apache >= 1.3.31-2.2.0, apache::with_gdbm_ndbm = yes, apache::with_mod_auth_ldap = yes, apache::with_mod_dav = yes, apache::with_mod_php = yes, apache::with_mod_php_gdbm = yes, apache::with_mod_php_gettext = yes, apache::with_mod_php_imap = yes, apache::with_mod_php_openldap = yes, apache::with_mod_php_xml = yes, apache::with_mod_ssl = yes
PreReq: php-smarty >= 2.6.3
AutoReq: no
diff --git a/php/admin/include/auth.class.php b/php/admin/include/auth.class.php
index 949aded..e14ab69 100644
--- a/php/admin/include/auth.class.php
+++ b/php/admin/include/auth.class.php
@@ -24,7 +24,8 @@ require_once('mysmarty.php');
require_once('locale.php');
class KolabAuth {
- function KolabAuth( $do_auth = true ) {
+ function KolabAuth( $do_auth = true, $params = array() ) {
+ $this->params = $params;
if( isset( $_GET['logout'] ) || isset( $_POST['logout'] ) ) {
$this->logout();
} else if( $do_auth ) {
@@ -63,13 +64,19 @@ class KolabAuth {
}
if( $dn ) {
$auth_user = $ldap->uidForDn( $dn );
+ $auth_group = $ldap->groupForUid( $auth_user );
+ $tmp_group = ($auth_user=='manager')?'manager':$auth_group;
+ if( !in_array( $tmp_group, $this->params['allow_user_classes'] ) ) {
+ $this->error_string = _("User class '$tmp_group' is denied access");
+ $this->gotoLoginPage();
+ }
$bind_result = $ldap->bind( $dn, $_POST['password'] );
if( $bind_result ) {
// All OK!
$_SESSION['auth_dn'] = $dn;
$_SESSION['auth_user'] = $auth_user;
$_SESSION['auth_pw'] = $_POST['password'];
- $_SESSION['auth_group'] = $ldap->groupForUid( $auth_user );
+ $_SESSION['auth_group'] = $auth_group;
$_SESSION['remote_ip'] = $_SERVER['REMOTE_ADDR'];
return true;
} else {
@@ -155,6 +162,7 @@ class KolabAuth {
}
var $error_string = false;
+ var $params;
};
/*
Local variables:
diff --git a/php/admin/include/authenticate.php b/php/admin/include/authenticate.php
index f003af6..5c5721e 100644
--- a/php/admin/include/authenticate.php
+++ b/php/admin/include/authenticate.php
@@ -20,8 +20,9 @@
require_once('auth.class.php');
global $auth;
+global $params;
if( !isset($auth) ) {
- $auth =& new KolabAuth;
+ $auth =& new KolabAuth(true,$params);
}
/*
Local variables:
diff --git a/www/admin/user/user.php b/www/admin/user/user.php
index 506e1d8..f16a605 100644
--- a/www/admin/user/user.php
+++ b/www/admin/user/user.php
@@ -166,7 +166,8 @@ function policy2number( $pol, $default = 3 )
}
function apply_attributeaccess( &$entries ) {
- global $attributeaccess;
+ global $params;
+ $attributeaccess =& $params['attribute_access'];
foreach( $entries as $key=>$value ) {
if( ereg( '(.*)_[0-9]', $key, $regs ) ) {
$akey = $regs[1];