From 56f462662624c9ea21c90bc0b748c3feac7ab2f9 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sun, 12 Jan 2014 19:58:15 +0000 Subject: [PATCH] added separate IP list for self service --- lam/HISTORY | 11 ++++--- lam/docs/manual-sources/howto.xml | 7 ++++- .../manual-sources/images/configGeneral1.png | Bin 18180 -> 22254 bytes lam/lib/config.inc | 9 ++++-- lam/lib/security.inc | 9 +++++- lam/templates/config/mainmanage.php | 28 +++++++++++++++++- 6 files changed, 55 insertions(+), 9 deletions(-) diff --git a/lam/HISTORY b/lam/HISTORY index d3357ce9..4a26def9 100644 --- a/lam/HISTORY +++ b/lam/HISTORY @@ -2,6 +2,9 @@ March 2014 4.5 - IMAP: allow dynamic admin user names by replacing wildcards with LDAP attributes - Personal: allow to set fields read-only - Added option to server profile if referrals should be followed (fixes problems with Samba 4 and AD) + - LAM Pro: + -> Separate IP restriction list for self service + 18.12.2013 4.4 - PyKota support: users, groups, printers, billing codes @@ -11,14 +14,14 @@ March 2014 4.5 - Unix: switch also additional membership if primary group is changed (RFE 108) - Windows: fixed user name handling, sAMAccountName now optional - Apache 2.4 support (requires Apache "version" module) - - added Turkish, Ukrainian and US English translation + - Added Turkish, Ukrainian and US English translation - LAM Pro: -> Bind DLZ support -> Samba/Shadow: display password change date in self service -> Custom fields: support custom label and icon, auto-completion -> User self registration: support constant attribute values -> Self service: allow to set custom field labels - - fixed bugs: + - Fixed bugs: -> Format of photo in Personal tab (158) @@ -34,14 +37,14 @@ March 2014 4.5 -> Custom fields: read-only fields for admin interface and file upload for binary data -> Custom scripts: support user self registration -> Password self reset: Samba 3 sync, identification with login attribute, Samba 4 support - - fixed bugs: + - Fixed bugs: -> Custom fields: auto-adding object classes via profile editor fixed -> PHP 5.5 compatibility -> Lamdaemon: do not show message if home directory to delete was not found (154) 18.06.2013 4.2.1 - - fixed bugs: + - Fixed bugs: -> Unix: suggested user name must be lower case -> Quota: profile editor does not work in some cases diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml index 49a65384..521d4e9e 100644 --- a/lam/docs/manual-sources/howto.xml +++ b/lam/docs/manual-sources/howto.xml @@ -720,6 +720,10 @@ Have fun! most installations. If you use LDAP referrals please activate referral following for your server profile (tab General settings -> Server settings -> Advanced options). + + The self service pages now have an own option for allowed IPs. + If your LAM installation uses IP restrictions please update the LAM + main configuration.
@@ -994,7 +998,8 @@ Have fun! You may also set a list of IP addresses which are allowed to access LAM. The IPs can be specified as full IP (e.g. 123.123.123.123) or with the "*" wildcard (e.g. 123.123.123.*). Users which try to - access LAM via an untrusted IP only get blank pages. + access LAM via an untrusted IP only get blank pages. There is a + separate field for LAM Pro self service. Session encryption will encrypt sensitive data like passwords in your session files. This is only available when diff --git a/lam/docs/manual-sources/images/configGeneral1.png b/lam/docs/manual-sources/images/configGeneral1.png index 46cf276fe500ae81c9532934bf7c335615173099..121da807f7c41d1d8da057c87ae5bc763ccae310 100644 GIT binary patch literal 22254 zcmeFZbzD^I-ZwmojfhAoxkW-+=|-glq`Re?p=*Fqk*-Zkj?gVIPzGjw-13R1pHfB7i`y zo!z+(euDQRi5$FPIlPfnzH{f!_^jLv_;}a$t%d^x@-Pwnb-I>qXCDrM{05N}eXZ=8 zxH0Lbt$cXVw%e=!<;juQD=`ARhs@~{#6>b?TAFc7GViSIm`lZSr>#q^27Y!Cl~1rA z_iOK47zbsUYqCso+{7c0c}U>vIXq3NgkRjz_ff%3kaB;-E{Y z5Xh^Wjrb7AhkKu|&LsTD6Xa`Wv$L{JI(8!)**ML>nBE;hj3}TC|O&cMg}; zESc1sDsLRtk3dgqHn5kw^`x6T>e(X%l*jT#Wzz7ZAQ!2V@nEiGN?gE##(R-oSwJ_wAUQ! z8Ji;3;m6ioodHU8$D?YV7@7WG`f_A~@fIBM7sn0Hu(qBgMIA(X4lOZHhml|qN|`;0 z!ieL(wxH=Gp-SHb>6Pd&adDgTn>sRxbAynM7%cP9>iysF(KOd@@9k33n8eu7-3_2Da}Rvr7dk4j06k7OQ8}^Ji}4 zq)Q8pV&>iPG>UAEak#nN2R*Boy%I3HQ6(XvhNfJdcM}#xdz0;`_PV*p#TF8v5u(jg zimLW|c6ccCKmuTjbSbv_+_8batnr>?rRo&2bJ`EEtiRaiPAe)%! zT1AlhIJbB3!j}$MLr8AMPX1~N6X1sRD29j+6dP_Nxg5C9?am^RLPI0kn8eJ$7P7PH z$`NgR9c}HoMf`bnLIV5AYKLliiO7_c_{$4)F_MAOdU^RsfZ6#-lhkVLJVj6c1 z`6I)uV5jN3iY7gg9Yzczy!>d&>SlvtWxk9)vz$>Bi-5q!CmJ7LE~`mC27dGeU64?3 z2k&%+b*_Dfq^OYV<&Y$6*!EO?QviM@E%HG2@>;5exKT{QXhq%lfrk)|vtBfs5?YL18Fdu{bHEOHIOO zRF=awvQlS~eV@54r-r6%!bliZ3wnE5T`znp8EgtBk{ND`DTq=tGSYF6{05hSxi1bK zi>56zFNUE4{ADve!F@>z=S|g_7yECF)o*|LbBGD6Yirf4tcDmAMW>R4M&3VnJuE-A zRD1-Yj$t`zvUuoYCMxf3(oC?ZhG0eh_hmOs^$rI=D^Nx7oG8?rMq$cI__sWMA=gls z0t{45Tkw9bsfmW$N9C0+E5B4lDO_#q^uCvKBJR*oefx$ZmZo5azD*eq+Go$_wpZp) zO&x_`W}({UKB$ZxENHT(>d&`CV-IUz1*G9$D+(f_Mn{S17avEqgm<)Lq(B&S%5!cS zD7}1wZe715CMW+kU@js;8VWo3;gVTzr03N8K?r-P!J(V8k1wf0A$8_us$ZVE&;T+A zibyUsLH1SIy_J`r$qGNNzZhdbIzmy_qpJ50`I5N!_zY%0nRBwvV~%yr$2bO?M4&GS z{M(ti+fc{%K_^W+8de5kgtc}R8ftBD?(FOzAJ^}P>V{gYC^=NiM8PygQY9vj&n$ay z+&Zf?$1k-%Wy0&Tn9ODUa}g)K@ItLk9ER4zaHs4YCMvbms%l~yPEX2Nn3%?nFgXP} z~bJut1k#9a?07`ISs|gWYp&jVek(6)_vCILlQYV;A!BZZdqG_EdXX zX?=ZuFXyB~&TB6cabC9u&ry_HzS^F&6UPL{A3z{83?l#2ed>R_vHhD9CUkTl1+qRq z8CbX3?RyrZqoP1B!*_Oe?mW2XZ%w*1pX%hq4EezLX!dT8n!4H8+2keFvuB0XT&jg5 zBi-W6CQ2bS8caSneWs!OzxJ27bag#0uR(I`Mj!OJ%)A#5B4P%IuQTxuC5or=IxHQW zCT?IgB-{UaO}JarX^De9xY{sHLeE>d+V_ZFA@oFNC%Zt3*k&vir0O1C@{C7%dV1`v zP-aPBV4#l9b=z?JJ7RGl8-jg`JQO5Lx**zcd32KRstR; zJ8MI^4d;8EpFVxkgJa4!a_V8n1?t5H$6J%)sl{&lOUIKgdJSF}0x>&B9R|Q&d#?aK9-du*m?qPCt~X;>hUXMwdrzi!*!Siag7A6NSjOv&=BjhAqzR2gt-b_rt`?t(@l9p&m2M@IsIph4hh6wCUh^7 zAUuyyw{S?9G)mG8F8wInS0<_*C_Q$5;0mAbtmPIK=+?U*ZJ3d(WX93m(V5xY-@Bim`>Jdcn0k1(v)ds zgDVr)Sl!nT2f$ahhLV#K5~|n@Vc`nAfM1*+ZH~iSUCV4H-G4^WcgC{1gO5{EW*@8- zQ(EPqNkz}whd8ev`VTY?w6a!)l7&Bhyi(X__UY4ggxlHdDYh!#u&leW``c9KZ~Ej2 zPn$qPM00$3f)ho!rl(QugGw42jIvCsp+xwQh3D#`IXI}^!{CuSO-3fd-th~&i$+iu zPYBnWWxQ&W%_aLql!QFTZ0Jo1bc&ps4~NA_ksX?lairn!NCKn^ogwn(yFjiL{aOnF%)x*$ZoeB07F*9Z7)s86cCe~c0Y?aVMnpug6u*tk7LVnEXxj`3ZKq}m zZmljkvrIo48f9ish7bQn=g{1%HIPw_95mY;Z&`m=U~^~#Ra3h+NGyvj7al&#ZpzH| z_}+#bDffd8zS3S~oofei2&rG<+wsHokA;Q?R3QD+hf+rII4=fj(1>-gB6m)9!sXNk zR$gH0-9CQ2Xp5*cH6^dY9BJvgIn@{r?JcfXoVx^|Ts^=E-jCX1VBb8|B0=^!CzM&( zAS)$QV!bxbD!_4`-Q*WJpa^H;f1}c(rX(pgWQECDSXy$Xzuh8qx)52rRnxh9&>Voj zc%&vKE}qO|_fd{*wQX`lccftB8Tb#e&ZC((U`=ci88SXskdmpmh1_xzE7|uyk6?g> z#svB|R4%a{neth{=qgXGEA)ZbqN}EFA)el<#|I=RjxY z{)IkP1IEVBa3~m8FDM{DnIQdgvNG=7BHe`Ye7PFp!JQpxGDkH@$<_5j!TIH7CFjpM zfrS~5{NJ|l%5j#N4`f)6SA5 z8Ce&lX3DdxE>|JclcBM7sBIUFPvEkS2hmo7(sN;PanUUAaWq3~wiNH4Qp*B$qO~8R zsCz|iY)`yap3xKP`MMIT+70Q*jfsfQ>Xyo1miq>VonS2%N}|mojP!Az>Ate?>?_{1 zv9Xz~aatM9Z`$t-8Ap2dHW?yFFBjh86|3j9_;gTEEV7YNbHu&=5pL1{JDf3x{l6U}B0$5HJ=mobuk>v^KyOLVKj5tYn45XYWu(bMXaJa2oAKu!7w& zC@@f1rw(+YR1d5$5P|6ZCemTryOiaw2j+$fjb=U?L``e1@xIjTuu$0Uqe?Fydlwfq z!sMl{xKjJYpFY^czP`Sy+Wc0dMcoP9tU5JiU$0*8SNqeoDy*JxS&h;VX+V#$=YBrg zurz=4zC_d7CZ&o##STAT{3xvkdal8wDwc_d7O|?J{n+Yzv36m0&DJiFC|MVFXr4ce zIYJ(z&nmY@tL02gj>=qU$J9bdct_v2hxrFv;t@7jj<5y^drnUY!M6rGluTUR+eUkf zu2%eD`;SaHQ(w;Y368qXsruU^UM~xm2!%NH9Y?lY#KcD&!^93-)Kmg6?*v_Rg80!m zl-yfCq$kb@bLRTwYDY)a(S6))pCH1mWSr!^I&s~#7qD@}m3KHq$K3CRa6%jxA_#{$}IOy%jmL1mCmiD;HHQATW zy0!|%9F`mOR78=xhfn#q#ilgrZqiUuwXxkR*IZAri*-kNLO2)71m!+>i>Fqf_Zrup zGu|M}c+lCmx_FFFGo`8YdxOp51C4s=iOJ^i`h%Hbs{CO-OX`lhS^S49t>3fQ15>h+ zUg);f)zw+p7h}z^&E{8jKS`>$s66hsPNp@?u8hs}@0OR(vU8zyR@(hqWuQiUXOQ(X z9S=e_lNWyB;e88d&9zn!UT%E6g|O&nXJcdIdH%Ix{aT{s`;o?vI@qOq9Q1KMRF5Xx zyYAb4r@13%i(DV`wZ?3z;oZf?&aLupGbtU~dBAyy z;v-H$LxF~j1%!ng2g8hm;a$03b(Lid2#9Hj7N3#DJeHKxr{6;GiOZ=(f6AN?mCW+r9zc$xBYl79}I)2e_-X3@OJ;b zLlG;n$93%wJIYGvBg`<;lT=O3?q+*;H~bP~EG9-nyme1IT}nEn0ppw}8Cmo>8Hb<} zTW_V@muqwX!Xp;yUctrmJ?v)SH(ZDYuCpj5PE?k7cd!L5)|r?BGaD9wD;K8x<`xQgoO6Km8quakOc z<&-%+&a1;jfo1cf4Vq^X_mkO8vmN~E$!u@r_=Zwv2Hokndl=Wy0QY-9F4}Bh*F%{V zsd|$zYK8Ve6wyLcg@`;uOh94W6v#;}hNFH5P$bG{()+KbsHJJHkL) z{R%h7FUPZ$OmkMv%Qf}f-89YAC0G$(KI;aou4am+xdm;3A4Tu1Ot3`BR&otK-+@@q6ye z?JpHR=1XhPEhObjyR19y%w6UEXZe`_f&X?Lvw5Ze#%Q&KLR6CQ1rwF9)wt6 z)F$D6z#Cq%K7yqOaGaimhDM>myf7j^U#@q&@dubnL_NE;tcsR)u>q#_5SuxpESk{- zM~X}f+#=g^yN#cOrBZ8VmhD(gG z@yt;rVnIaRT$tn99KOu7w3|0hP_d*OJH1_9MB$|Fj>X$*N z1;}~rnZCXzMSo-$!%qeqGyD|nq)(s1DK@r$A+1%kf`jiD>VsKk`=bnCGqyUlT6)O` zHtBdfpU5HK>HAA3>m7$D3_zCnWI5V++*mK(XgP+uSu?d!AS}6}V4P7kfr^SkQ?i3v z;F{A9bJOweL1^M;qATVFxQ# zr6{j6bGW{KxZv*^Ov7`HM!2}1oSZ9;V>znk9MR{(>HTb?3!%unw~yh`c57iEy)b*R zAO}BQv}dh*e;ZT#xppevM*eUFqwW8U&kq@W({aqba0u zI+{%KdOXWTlXa(z$*vx*C~{s3iZi<~p_MPgIz0dlBVs*G$;zq%(EdP6u4Z{)N#*fM zpYd+QkeywUC^bvLz?hTP27dAtK>JNPHlO+V^R6BtZnvMoy7jlm$J+$YW&mW#%D^Bi z-T7tbz!Ee#Czz}FF2WPpXT_C?Xt$+i5Ee#=_(k+4cW38dL3nhE3ezP&bXb&E2h3&o zx5|`}pd#0hy8vt^OcLL~Ek?!PAR#@|($Qg+XXSY+purTwI(&XS`%%76cLsrQ~w_AU;p@gnT+%div?{WPZ+G&d)ExE^7<)>;mT}jQbhcV8q4Ea zs#KWr&^3rf)6B_vqDL+wc9arHK_n+5Iq*v9LnRLhdr9{*ccQ8q#ji;Dd)S?NBk&=K z$!*GpKANE!h8@IZ9V-=7#0*i@Bze#0*=RJ2Td$Hsl0LfFuc7H>Yr^r%YHJO&CR9+O!mAI!5 zs%`)-sDS#9e50C+bw;Yo?LX#;vZw@5R!&-g^7$V9ZEwejgJ{U^iY8OL@nHOai*oum z$lO12RR8yc|Afi=zrFOgUgDVs@C|@WKa9NrIP)@WvwTGRub=*8M`h=EG~4v~XBfo6 z0hxAW`SV5OwuI0A%AtOcR@pTp_uKrC`xso5MWrRxiL3&vzyK5pak7Q@;dONaYQ)#8 zBDyUI@x+R&YaT*+BwRm5mIvF=Qfb7+9l-@YOAu5| z`qddKlumMFwThX?&XTXI`jZ4R+}sy|kOHo)0v3o`!tcL- zpZP7l*{no;!kVk)D(U_DoGYX?WhDCd#1FYwr9);FN;<&OIohKh$4(b2om!G(WvR$Mkkhj{I|}8e zoT!?OM0&dOkr2vM0jzH0&1SYEzAVb-_{57wjGlA*@{n6{Afp>~KHXx$y^!S$*bIQ} z=>k+6<_uNlZ*Q?yh=xyc9js=y9c(#?R3C+qMg#^*Y3ez2e}LUOL!(;ev*!*A{bg5sO+-q2q~tsH&B4L?R0nHQk`;#l;0VpW{QkpcY>ES6NL$ zW%-l@9(m2rUqWaNJ70L_nw-6Y(r|p|qF0#DtdvzJSct;8mUY+EH#0a`*b8;s@Pras z0lkD~$|hxJWd0-U`zU;gxdtJWL{H_1oB2F`M-cYF|E>F3wtxH9k($ikVaX_~3hwys zC5cucN|NE1c^b(s>)0lulA5uHmuB&$7pybcHs#_WfGRo6jRHg z#D(nDHAA)4PwC|)5}zb5b?d!!d<(DF<#v2~>9!xMHsEju+rN&538R7b_VC%FH!JJ* z)*SIx@uuCh`fcz~#SUR9&-vl!8lqmK73-~}HG%DOG^WA^P+^$qSYl2^l|jo{$U3p+J99?0E|Msoig>n#LLH(12f*&sLz`H| z;2-$}lK+I-ES|wGJu~Oc(=oa363&Yi>M>(|fI)L+azn?G3RPn&v`k`A^jDSMh0FBP z*2S@2Yh-5E+qWxrEa;I~TA|Zl{+TR1d!TS&(JL;<=_UK1!AMu@(8pI#~r*H#dj!G$Pwt1$jWp zc{CqJ8+q!DOB_t$q=yPu%fHy$^1AF_ExV)`JqC59p6voDbfv~{d5R$D#1XfT>3%Ma8g&F$)dUTA4w{+fc4q73$rGN zC91^7zsw4iA{JzlaDmoQNdkcN_3P&woj4>XrY0sq?KpxpqsIc9=ex_7uq8Zna;CLp z?ItWal#G|?*Vhot_qde1a*~pz4d=hUE&TqwFz%6y*>pt?v$(kLNYQ;fjjH!!-ncSV z1(W%#a_*J=cU*rwXbVl35a%jH!d13cJ`IKv;q?t7Z83)<;$ob72dfNt8WkSa<6QZT zO-(;T6XV?*+uCv`mU5o(GUT{fSZpR=gA6(Vu27fH(xy1V`1j!bpCy|mtTH7I(vJ-C z74(xONLN{T0+hlD-A4m*Xl(4DjgMUh#YDukFxQpb?AMtCs^wCt*$bES z(J@b{0P)OIb(tHi1h0E}D&qYVepbsG3!A;kPe4H6=H{k6-9WpYrD!3+2z$R(Y=K@L`Z>GEoGfD#&)jDcRNxVNuZLzaM;b{l{(9g&%go0R0_;R%*S ztjkLzWtuK{3Iyq}$_LPTi~=a+M5zm4ZQRrGP9k9}@cJ}2RaNJfZ(|kKPFvaqo~Qq{ zcKa_lI-{rcAvu^4dwYAi+j>L%IRQZw`InQI4D|F#FC7%Tyz~*{Q2I(PfjUVAh0}qY z+$R8UfB3k)+4d{ZUkkp+f!4lM9gI;9Hy`0=FmiVAlM+O>$mHUoQ?r_hCfhw`@vdpJ zEq~5*+gB6VJ=rPYw-*pNn5Xb8nxHoG>r3@z(%lnNP_R=_*v$-5E4LsthHm$zcFxh{ z&d>1$yw%puEMKn}r4tBf|I#NC%c7+vFaIUU(`GN~3D8MZRE7avgdCA47}&&^n3uDw zBg)Y_Do_3nbbqVtfE+fYqGz zb}&G^9i$o`8*IV21^EOrec#5rCn=dVCy`QME-bMlDnj*=ecv3tsUsw&J{EbJl3 zlpG(C@i7Aewc{``N{~2Us@hS9B)+C+ViGnr2DK)BTfyLJwNZP^c(LL3=S;nP?{%#j z)mR%Buak>ho!Sc4@sqz*p<-g!VuL(HlKoH49#s_tTq@T69rD;O!RP*&{cIMd*&Q zmJNEOyArc*qNb)0R4}J~M?3kJGc(y}`3pw5$Ow(+RDB^`T@P<-e*(HjwFuvf7~cz( zsfKH>$N@R|uf&c2w0aW2)~u=q&>YVv6Mrb0KobG zQMvkmvf2NeV%q;-n`Da&z^ALJxdAEn0n@(cc+9e}`mdk<6!#{!+LeKx{H_uV4*0u@ z_Rk_W7O;SP0HjfS2{gdkIe`-EJXW{0TL53hmZVEZ1vcNS@{J~8h=D55z`^M$Br$B~ z2A$=T$#uXUClAv4*EP2?Uy5Du;1Bw?0NZIYph)=fZ z{IDYr*-+j*^Qc_xYufJ=taOuoY;4X6uW4KVp|s+9`t;+E*HQs}M#WX*R)Ijfr2R_4 ziX=p=knt(+H8q+>{6smsQa5*k+8Q7@v$*N-uQkm*6<8k_C1sJcg5#64{Q{$88=Yc2 z*NA@;_;H#-1shBoFCN@1*STxU`R@u*H5J#f%I!*^?WwA{=kHG@EnSEdQ5M~=$-Yr_ zk06=>us-P~?h~Y@>lB8J^yQlQDMRr}?A8tqyW=I(4gkP|3Lf`it@#fu3DC#y1mc?F z=!#6vqlXrk)-G_aXCY|w?=d{@lOcP~{H9Ahve@_wQia{~Yvm)7_X$y1y8~KuO!w@a zLS6~Zb={o@8YFvMx(B-W>FKRC6WWsvKXSjLw`Hae=feP}R~2FPpOQ7*IFcXv6p2m8 zL6dkLVgW=tVD`+BA{>-)6_v3uB-`*ANy>&{upLi@iyN))pcoBIc%Kul|}r>UyLsWG0KO~x~a31RE;*p(3a-rs+xy0QhTQ? z(>5(8GlmP_EC=5vv_A+A6B+Gw9@P7w~PPu3a^M_Y3zW8;CTFz+y^VT^3JHJ%H%>q)Z`PQd&{mvNone{JU+CdJc ze06_*tJ~e!_YZ_)>IC`Mzi(Df@BPdj$c4`z4$R3BCkeRic|Tz%xnbvVEh{_GLuO1P zzc3SIDXUiY$jgnv|Zco`>DpfjJ&;5&W{hC5WzmFDIArdclkTSB6nykU+XqH$42K;+idj3 zNprx!5OKxdaZm*qgDpx45mFn^Wko~HWt=__YY45oA}&99y8knQUy|R z&06t)4IS*$=T9n#fOAexP7;b`mrWMG0J`~YSp*{$yD6rATvBvm^70(3)1;I)gHdJi zPcG_kIHA`XF0P#~xUV6IpCeq;fBaz~6d1^Nw`+`>njgINGZl>M_B~|8}25^EaUTCOx za{PmI)gGVR?5qqB#&~+<@QWB7WIfFZD$q<6h+~MKv>2#3!pSq(?`hu~oHS(u5kShd}t zwau?xtf%%wfJp6UFIN=9FDS;;DTC=WpwinQ*lO z|7Ct|>y-Y=Q$Yg1l@W;A`xsU8aPM27fyIG{)x9vsCM?u*23R>dDN6Cf+bCgKFpq|q zd>bYPhGb!Aj^X!$$?d>k7C7|xQ-@61WVWUO{#LL4#CkiR@3|%7C2FJ{ly#z0>!oqN ziXL(-DEsHapEK?U5YCZ8C4EuRNda)KagEyw*h7iiUnVQ779-< zCM4(MV85WJYAY?5@qQOzcZ%VQZWw;~LDMPPFVhq4WjT%Pj%H)B=rBG+&+!KY$t&l) z(&XgUF1e zgJcC}t;v%!Qc88E80>H9EjoT`Q^Ct85{WpNLKZxb)Mp4zdj%oudGP3H< ze;_TXt`YxAVW;Uz!n+m+khJro_2HCHskP1p{BWV|mH;Kzs+@}G7!vZ%P-)9C=vFPd z?a;n>WSohgi3J`zv>mifJvat1`4#gpSWR_OXQe2obI`pZ1ZR5(+3x;unRx*#rzYBY zmoG9`s~&9+kW_o}T!FKiS3gE8K=?Gq-m!-&GR*9_>Af1XF{t*S;uh8@?! zL_zuP-kW7PexzM_ky|p)qpM|3bL4sVZ$f9smxxuu+zDi)Jz9;yi#FQpgK;!$7Vr)s z^+*@ggO(PW?s%6gzt9}5#R*!GV>U=ghY%=enp!v2^0Y69$0<4Qgbulh7HHH~8wh&P zDZ~m*FOD;}s>-KC#arQcOzsC7E#sZis2q_o6XL<4-ErFH#QGX1^@V>dr%a#B_VyjH zQ36r!Q6>;78zrG!eyDK1{D-t-s_LI8nP*po0fuYXF;2|t-g`k@cSUs|_M*8|%cEa= zw_U93ag+0&V^CdKB7XN>fzF3eA}i++8u>XQWr0}F)#Ic+)AGWr&>-52cIccT*Ihq> z>*ed$AGMHYKl=1hd*ycp=fNN`+NAh4u;QJbt)~IeZ3ZwZi8LYjJa~AS58M8tpDCt5 zMrN`959GWgY9rW#*jH-50gk^06WvLQ83g>|aH?5?jqPG3+ExT1R9OZc;bJM6zo`b2 zPHc)aGyH@i2ec;q5`L~Q#9S~PbID@I(W*O*2FUFA?RP>Y%zS()b0?vTQlyNNQX1*$ z;&R(Dst)eecsV)LAdhs(K%RWZV6h%_==l7^Xp+k@V&3JPK{|6z8hh0|d0ncv}tsAA*U ziie+nTQ^~TLO>V(jRHWSdO9@eCfsvx~BbgnAf^jsV%g)L!tt+Gr0_4 zlHq*xT87qzAb_5UwN>x|jOF1`_mh+2FOnI%dw)n~medLH`VOep3LP1#N*tDZS?dL? z<>yAhye>mA@W!R*ND;AoIhql{FR*l3?~I&sdiQ(bG6T4`Qx(I&1p%*K;>R9E85sdqP8!7BAe3lA7w26Ld4t-B9v{w)>dFj zl;xjk2@sJ;q4h*}qiu{YJ`r9CSuT^^s(>ypgp@nje?xcIM@7Z{pQxSp#FU)~pY!`= z_xGm7>lt&hI=Z+}f`rp0vsVY8+d$z?LBU=YFB7HG1eI-J6{$`Ji;@R^esO~s0M^t&fFW*mWO0Ee_vI1V{}p;qhfxblk& zi0rNc(asL7m{^OD&?QgsWAaG>Mn--CfvzXzYSq!ix*q7*`b+Env~d6Pqwzi|J#`rx zAhY6;*I<?TTjE&CW=DG(HsVI{Dd9UGHJJo!&$)n z{3C{j$L75MP3zp(r@LyZ7^!ER&Uzom+7)fh9p-j|g55gU-QUm7FqQGr%h^d1)gk%! zf?qHIh4p7;s_R~`X|yLs%VlGNj-4Gg#*fchC3V5qP_vOb(Jm+RxE>H--@jHs>jf=$ zQ;s)6QpF!|J>GjpHLoe!vORX#IVU$=SeBDX8@x4!DQI7zAkJ&(&u98_+ygMvd-tks zK&V5wxxY(qQdQ|VuU4Xyi!Ag9c%pvr_C%~zW3~n z)U6i6+AD>R?HJH~O-f65zFkRjWpb+p5Qc@Cem0wz!mm@0bi*j|+##;J1WC1NNraKb z2W`({Ae5bX;nh0GWq5&%FV_uLS}pS>cCSsKcHrqx&Ehq=N<8klx)Ha;G>hL{5Rfj z78MAjs*xaeRQ6JziJ4O~Uwidlw1b1gz`E175Jz3zz=7Lz0FW!7ZlS4|H@}HQBClQh zXk$Yr{CbgzNLoQbVJzSi5uQ*og=~+U$0o?XA_m}(Jw2{oKuPK=p1ON@c(}WJIv?Dz z>b>8M1w82hO`e*XsG;Bl2912xgaN5aWtO*rfTeDvq z{PNP!q&L~~G|bJ%pcfw!RcY7cjy7D4Xu(e=Yk*%~xM2g8*z@!3zEkKj1VZF?^;`g7 zAR$8%4Q*cvl~7LA9-flJgv?ZORfc?D8n$LxNTgfL|HcY{*_?&h**><6MWy*RC|W-u z*Ye{%J-NU&;aM3xbVEE>F?~HkcxOL&n1uz~DYSGG@?DIe#p-PT0j|r0+sLu7Rl+hlAx0GYyeQ4$fx)B_XCZjSBaUzh|MHfNM|fF z{Gd-lv)m$mWL<2bjnai#?-ZppkFY|q@$vE+j~yIe$HJ;{UVSwE%xks8xTQrbIawE2 z&4;(|?d?~39qUXBd5SJ~L|z2IsSLRr8UvzNDfH zzrHnX%fg`>qkjA@YY}#93**oRe1gHRhHaq*r%Wt#LuCFaftP#J_{nGclyawC zjN4VFn*jHI+Z`o*TApN~i<2rY>oJ~Wui~X3iPm7`R?WKTLd|*s%=KUe ze6`DFf4W_&cy~PKc&W>F2=|0pDT>SUbn)}u`B)|$3tYKc=gYxzOKvoxB~uQ8ESA6p z7DT)N^C$b~4!tM|-3kxXd{{_OSXgDH@P3yPC0rn3$MJP;hMa?g(!@mCWho^+6%|)P zJ9lKEi-QsY-r^eH++Gu|@O?6#B8^g$xVSik$6f$1AuRVKbvpBaJ~%(!->yH_MZW_M zI^5m_Zs=eZsCFvKTt{o zf)wx6vNw{7%3A!wtb@8&QJ^<8|&!Ud*#s|WY)txY#v#&cR47#emSX;j)w zez=B3rq>7DHl?UK@HK4|u&$}S_Ge-K{w)T5tB&=T4fVCSK{;c`5adzU_ZLkG+BZJy z`?@^F@pz3Vpgt)ja!pTOsVn%FWayl9%yRsZ`&PA)v8qst1a>`5094`@X>e$|;+R_< zS<@?VvTrv!{5=>5qmtQBv9+Mz*$is-37~05aF$sywou(nX`Bt_}V`D+guO?jG zth234hD*#3KcBd`prxKTkvj^xLzg@r?ICTYht@c_;_NWlnrsufbtm_q#CL9R+f2OZ zu(Gk?N=|$BSyV!Tn3$N|JW1B&{A9Pawe{%8Ia+FHYN}vhl3cLb{cvqSPI$7A^fB4S zZe^G`Kjee%%HijhExUG!=l5ee7XtzUy7aBB^WRb%^?!W*@%roE->D9dj(+(P_4baW z)H^2dVr50V@JifmRnY&Y5B_}q9igQ)QlQa!16Wb<4yWOirW|=U?+2#1>)r7v)P_T6 zs|M-`!g`l;hb*QreWgc|(LArtuJ*N+np+U|3=m0#bAii&`59CWn1 ztLx6`IWQ}~6k{UlY-wp(5OJvKeJBTHviHk+dU}>DyKnN}yNDX>=F@Ji3wEn@-bT9a zrf8b^_j{&uwTo* z<2^nFg|3p4VT6W`4mkxyPnwKP&bMz*si+#$-cmoJC%891Kyc4T{<%>D zaK`gMje5t^y~T)#M**UZQTJ|qDmCq;rJ=FoNnBc53Jkp0V!|#5u(w{Dk!C+G^-p0>8O<(+RLt-O)6GKn17 zXw#KB1H<{f{aR+W)qvBcZ_TU71~d~7k1J>(Fu-e=n`cX<&+WS6;o$)q?)t~?wz9^? z#tI7In)yTlqQLt8@#9C@Xb?AzjE$pXW4EUp5D%#y1yDZ_|j-G|6xBfh2CkU&FdAU)S? zO^Lb{o83_Q$JGSuyFPFBSq(KRtTZZ5`JFdjq_r5lWZxK!E-Yl-FVm?cmQCd8bG5ub zPi6Ws{OS=xZW%@jGH!&>IW&>M<5NYRkD_G#8 z;ZxV^{F=$!h+o~ITQ|Q`9@JP~9UrU1E&TbZc;*1g5QPuM0b)zb6llgl!VnF<>u`%c3y!hZC;nvj zA2AUHbvohPw_V(~ZU`p-0i+8&_|cm1^4-wP%w>N(A*}OXWIT9DvYE;Zq=l1ru@7ge zQ9NFaVL)xq6N%6)qxj?HpZNVgSHdR9Q9$~*=it}P*d|ADb*T{Xb)djm(f!~sV_(e? zLX3rVFw~u3ZCt{xwwAy_lAnsc4ym89*Ln8LC!0M|;_UPbK_5rROFCPo8*(q0ChAZX z)>_4i+0KpxSHn`j-kU$cJyM z2bZFXR*g=^#iP`_)r_HA5AKs+&9nD+_)aVRgK=t~$Ko}&_|3V(cb(rglK7XGWiDTp6OWLSehXsDfKVwAOtDcn=fO85Cnt$2`1;pJF zSunaY@2;q$lN1s0sXd#{b?iZ+x~b`MV06OuoA@^yKg%7(KHghjFYJk{Wm4ye>kN8~ zk6tO3lY4PWpru^3{OZ-r4ZViq+>yE*Rm(3P=BvvEHnS`fJG;B=J&D;IiB=OtV5(M0 z6w-;xW!b1D;o@v=ZVFKJ_SHYG+aM6oAA4}Cv8RFf=B+bsZQlI>xqLY$P5pMgGFRiC zl9m>9<+`KekI*pHya^7|qxpAzux;XGAvYds(VgLOINWZ2>3ABJ^swZ)!{Rq@e$(D~ z7G{j8bI+N3%gE=4^H07{!yBAd6+P|us3SQb_i2b^nkV>u*o0PcCnhHH^6~~UT%Ku@SFoc?Q=t? zto)&7@l#cH^JC>#=4Yltzv}L5zB6}kz3HQq2$MXns@+dbX{{FRxrGb$oa@X7pnP5Xv{VT7bfvKC=?0`Wt(}4 zyQ=7Ud`x&avq)s0t922NcMp}Z9jhkZ^nj*sJ-{R>DsmP)Mc;uV5V+)WfGu%lfb&}2 zG!m(=K4D(=zAO>^oapc0|LODfjYgxRqpdeLH|2GAbkW?VDfSx?U;#9pdu=gaj1VpFvtjF%ci0D_GH32s?Z#W*p zCE=XyL#GlD1fsMErwXM~scLF!fQIvXdUIs#!fe!F?vv{3LPI}431~>HIJQMs_pqu} z^jJ?_oIK#%_ay^8U0tC_bn?_G9&swv7$>R@B4uU%yl6cC`ch*vg_!O=6ZC+~jRV6= zd`_doAD;lLa}ml8AWzC^#9c@vrd$A6PPo9pv0e@W6jkqpd(pnH-&hSBG&FE7e40&3 zUf#zvV#i-0V*Qdp!`S4j($UcXr|+Wpe|K`CmxO*xlzgS^zUR`Nfu!}}c*~eyjX>xi z61~1F5a?IUO*E5*K9iE3#QEsn`0w>tUp!bX3Sj(+zU+vcwO9OuUhs6`=H$o&YIhVQ z42iBiUco#(Qnl>cYNF?Dry z*Zkch_BK+{UmfXo!s52&}Bw}gt^~OUt9a2YWAD&y)T(OUgk;W zM=`OfZJ11bG5Do9D(VX)sUcmh!uW+i6tT3}SSZ_QROj{qf^5cUcM073j1a;_qa;Q0 z6haFPcS(vEO4q!BAyL}Nai2w@Z+u3kvz!%#;GFIef~h;os)G|NM7dY)lc>vKg_OSY z8OQqz9?#Cs0?FOp-hS`iJ#fqoh(>$Q=L8qO<@0A0iZON-NzW~QbN4i3nWY^S>z_)S-x6~#R^jb5A9 zWipvU=9YiLV5QbEne_W$ z2!@6N?d#c7h5lp%yOmFtZ)-;G#HJiJK2l7n8G6l4U3i}Iy>4pS1MDv%t8dHIOZDS! z-4F8JoM~D*@~op3Vz1a3=p0RhQ}>vAWmv!SKy+K+mYQ8zw-btJ(jB>Nvp^!@Q*oi`HA6&x5-x!X+EjpclEmjH95#o$G6I+Xe6v3hBV;1MduAB8;OI z$97d!R=T*jd=LnpJEqz-rn9}=GI8$yR3){HrSrQHVr}a*~6_R zst=N&F^lVBn##Q6_{ek>1B$PYoH0PzaRjSZeoJGsv-1y$cfu#HKmIgH3VLPg@oOU{ zU_dxvk2qsH-7VuH{;{1zi8ZoHyxlixeEi|5mW7iT%)2!G_h>LBb#!!6Qc^D4CMjg^J1X&L zr?9XG4u)1yUz%TBQ<)+@Ke0QLOt$dr0x+(Oj0_YCbqh6*;UA=ndwbohZTqcl7Ar33 zpXrYnhae$gOH29cTWdC=KZz$Z)xWKV#GikbkfHfyB&yfa%af&;oUD%2&58K5=^5|w z@7=!DuFE`tpBT=frv2q(>b|V}#yZ#B&!Uc^ZvO2KF7L;Vu2rd9-{axs_)ev;=9+)A zl%*d1l^1Fz2FVs6K+PnYL)Nb%78{c=c_VmfsyAYTEH`K^UXog38xeU{KN+UCiEfy3 zac-vJX$>)scyxM>vl?Q4w;Ys(qpJUtOQ&7OIhwW0ARqZEGifw{-*{dLx*a(3j z7@#78|Cri#If50Ejfj{6Dk|#qqVxjz`pELVstp8!{R8~kA!J)whe99}5HZ+m1;-z| zvrZaMPVZ3;&I<{9f@UZ>F*0J75I&QBi#kuxGhEX&&M<7Sh&J(6i#17)LL*yrOG#Oa zr8PBO3;ITZ2zI3GC_cZrBU0xMHb80eK0S3kSYW%39q6q^8Fbt2H8PATE@r=)sP@il zcX#vyZGk*4X0<~A>%j{O;XmIkP_e;hBMIUIusZO8{MlCfOc;Fr*EcC?BZ$y4Cb8Q^ zMLW1;+sRmNh->%V$)?LqjFdCzJP-_Q^ot}~7h)xm5D*Bm zx%r9}-BB=Nae3fjWwY+8LdVEWcD~kUYMnSmo7hYMc9h7k4;KFP`+@|AR9s9hLVLd4 zju_`Qu2PZPVYm9{_ca#rp9s1G4%f_14R@apA8p59*%~iBCEz~9n|&RCmb84TZ9U@g zly`5B_-?7^%jvq(#xfyx8>*}MOr;nsHkK!_u|tTpT4Yi=|D)|LSMS^*k1s8=^NH(A zM#c%tK720OMT5w6^Qqbrr+|K36Jg&@LBbarLwO!UONuYd^N_x1zp`2iypu!z00seT zIg2&!Hb9p`I%e+ z7pxGH`v&!jJweBVgLQ4(2JOO`&b~I=puQf)!lH7n!A$XWV@h62R&PJdr~DsaY?{1^ z8!z=%Tu|;`DQRe29q4u?*7^EkBq`|kxncwb)i|G4%Vl3(?;l%*3ob mpIVj*LKS z3bY5va7m0L#6bVjDrh65S|pjnPIhaP>T0LCtuW(3AMRN;@9+rW3|-j;tP}_CiXB3O z4DZf+PK@$2kC(d|+^JIW8M&cVRfo%3EY(TXC(%_`LDk2oxwO7xE4G`sZ(%5yPiaz- zP~`ml;6u@g?qB?*lBU|2k0y$Cec<_jIzNZ03@(w0;vF5ud>aS0);DsxAMfH)#<99z zw4g-uHOvgfgn<<;2w&Schd8#bN4^zWQJy=-nqxk{Lw)!du8 z^7V^*oLRMjE+t|Q|H#+*Qe_7#-ibPXxIS$5b^bNxvrbDgPX;XvAQ}*3nvK~l5AB>PxPJf z9DiZ0hPeS=Zv5)X@YdaJY9RbM0zzNDR^43fTcg?Bt-ty|<%$<^aczx%e_GmHLntxP z{^OdFyqLw~uOHHX4OS&D2<`VlgEG497$SdlC-4XgYH>!bEG|N!P#GCZkFl*jZ*MHM z^2gcV$^14t$m?S`ZA?3Y7kPLp3|-G=J-wC#b0-~NzpjT-N2+acTi3MjzG@*-#DzdS zAB`z{9$*C;J`g0~x?5XbK5a%P^?RS^Zi|-oHUOJ)s?fbC^@i6$MJv7Y#zBb{hsJC^ zJk0tV&V?g)z`|5j#WV(q2jlbSw-@0S3>Nv#IOwE4x_$ zFU=$3GbF;naB&NRK?lpGSt+3e(;@MvccoUaCw!k$VbDfR^TC<{^_g6(d+ty_(OMqw zn#85Drn<_rgM%m-$5CFkJ>~$h5bI|@etr%A&c3uh^|XwkhA(91bG4E%Ha7fsGPtrQ z=tz}eYQ7G1shxgYoZ}k0c=%dSlbgy#SgGx#noGxee}Xh;1~nL8c)toDhl}@1h90LL zUS9QjMV&1zcEha|^-1@{-0;E1L`K|t_#D3s6G2rKk2H~xYs*#JOs)1Bcyz{%>nHSi~Cv?CbY*VnpJxBhXyx=2gezb0!+*_ZEfkW(aTl(Jyb6l zde_ai&hA@ovx_S2dF7{1cXoEou21%UO-FgfF@8#I7N-g#KfhAec3;>qo=<&y(0(fJ z_nsOT`r;9=(qFgW*alz51XIs9M+kWvo}P9zVPxd5vXRsb7PC)=wy0B5PJNn*xLNCb zE*bAU(<^AQRSoX*mr~oM<4gN{cUdtpVw|@2Gfq3^`@;_vgyH4;i&8U|&gb9QbOpeU zJ_70psoByfaCnXbU63<;1rE+G2C zr~%BuS?sO@!dsVUMAr_7zyElM)^B?V*yvM$6EAeB#{6js#Ml-4&v#Gm2dH4RfPwJG zZ92a31fP(({|7duWTQJ~L`G)!Yj-l&-pjm*j<1foFDxy!wYNrvZyM-RvD+~NXNmnx zI7UJ>c55L;{O<0qF9|*TJ+-t^8nmoC%N#1HYBIS-hD}L{=}w8sh#@0m zc1VHtZ8Q=D5`=~LwTu4AH)O}1*GUpe=3BTB)9gancTI|q{&74x31*xbFHjmE3*aFv z?M#kxnW=G<=Al3M+#RHxuQ6F|x1Fz9^FdskMXNSTX!~SygoNwUE2pEMa@n88b0@b8 z8s-YLg?w~vNr4w+vzV*(xV!ZAn<|5!H=&SUTwMw39zrqh*1bgy&sDek=suO8!?Z9N zd^SYAva-V&xPJZAu3?vtM%Gc<(s>NCvfBLVVC2YUMi+|wz`OQhY=?aNK+_lJg8%XZ zujqNsH2%2r_7#zjY|a=yROsfQg;p{ySG6R=`d&6obhg3czJuK3=6FD;;bJKuPrc%W zX0-x$MPZ@k$;J>^P_W4O9S?LA6h>p%^uK-kmRRT*Wsqcv0g(=pXu6qKTgUf(>Qai6 zo7m~jrE=XRyu0PU#g;H>_uSsZwgoN1GGEU>2p;UOdxKpJj`X(mCP$;j% z-puLt#P%93Ev^0joZH30BG+F_i!YYPYNRqQ9^SSN3Iyt}s{Z4{>Jssnu7S6C3eUgP zQa_u+eFtxE@k+pFEDSf!%(G{=3xcerVIsEnYoc@n``g);5~4nkk_sl5@Zi&J6P=w= zO=7XMg6}SlowbClZ3$Y^naxv`pAd@OsQWrdi}4sF%Q`d)=Zv{?+0^?gt24$g#N-!E zPFC2GMloxz6Jpa~Uw&i01(Q5mhO7cvbRjK%u&m(DE+9Z1u6)h~yu?{wg%I%iIfXt9 z0o*cTk<(-I)%6V0x~~ZK5(Q4L&vzzY($IKM&@#wp2UhRk zHLlnvmDSr%Tg&`xyTz6Ctan%5(^JQ$7@^CzSJR|=}qr~WI z&x7-G)!L7CR#wl?hi7ML?)Oy9d9C`m92}y5|2`0m~H_U1eEqk;2{q03_yf(^qw?FRk*efVfM2?;k7F_c7E_x0X) zq@1p7*B#yayNHugs^j|GkE0vs1sY-l-8bSM7-RSr$zk1(Kg~8bFNsNE=c<+cvY4;0 zj^^Rv!4FoyxV~Or8MUmWSuF@3C^OBwk35>_Qj30|BN8wDTNJq@-C8t7Fa9?gdH04R zG@qNeZT$J2M|ovQh$~bJwPJcXz)9h(APZT6irmG7?N=JgQn{I^xHTtfnfKm;2Kq znCPY>MZa1#!2OE-)$b(T7=+uJ90mM$_(TV*gd?O+cl3PEB75+)-7dWn5`ylazZmC) zX(l9qM$)4{R9xiSt(WoC}6Y-#E8%`J3-XKbuN6@E8 zmZfLH`8bO=`62d3ubYuzuJT>SFnvSJ5jnl)r!tr=@0*&{2b%TF^{VvU9-aFOL-FKbBkr^sHl3Hnu6oahg$_%3WT{C>9eBF84k|QC@B455-=^TJ^VE#k3naYEqQq!UMYh+<{wT zF5d^ElC0$SWOx}E2Vq(@d9zk=rA%*NQIy@C!0BWm+1U_hdV9b9_|fs>$BPbfNnYoZ z{fcG5I9>xL921VIqhed}o^K9(8?%gS%~fty6??sj$MRNIU7z=jlqRxT>iTR-)s(Vb zUCp(a@>h?cUz3WRDsZ$jSHj?vh%UmzQmBuTBdK zI~+2)dwWj~*|x&)Uc6C|!h!@n>UA0O==?=aW_5C};3)|e_goM7;p3U<; z{G+LYt#1YSxS{W3O5Lz}iYM|7q<);31gR6EdDkMg78~?%0f%P2`T+|oq}%3QAW@Og zKw=quBI>UNxI|#I>!?Hn7s`4f$DAXO8%I_?Gk+zWZlE zQ8?&+*OXDGwhGl#$LM!`o;YIlFit>J1HX{l_9+UD+d6_m)anFp=Vy8QWwj)^Id4=*Kt;pSvSdUA3S z+y};pyqsKfpPjY!hxhMaIiDCy{8@U7^gD2Iai5ZsI_ zeCM`P;86+BXR8nv$PmxYW_-wsC!spIJYAEo{@ZlN*H=QN@8#-33Y=NJytK^i7h$AT z$T8QNu3C<}Bz3A^uq@JbMZx|r$QDeawj}pQ?QA;ir|k0v=!M0HwR z6J=@V;pq}Y2nslw*h_fupuo!b0v~asmqeC6YH;jnRoVO1k1TVJf#r!5DGycA@d@*L zV3fOIMeng7c5AVYF-k41tdHkkM@Yv;Mn=wxy!gyamp4Hc`YQqr&iEWh zT|7Y2Wdg=f~z-d>+2@;i0MBmx}PFNJxki6uM> zeJacKDwXLzg@URe&<}BTl!)_@3^_K1M24bx!57~bxS`R}%BxscOg&JihhNq5xYqQ< z&AmNH#o1^DR8+-oZxDA#ir(>WHC{)=cC`Ul55n+_-0cvrA10;=xik}T8kW%Yd}6rdl-vjNVCVb$RxhtP0T&ow&FHQC zJev4}$%i6QS+ONklLXvfAz3b{*qnSWTxF8+1a>w3;9zoh6}s>)_#T>0#uGFH(=9t` z>4KOSl0*S<7CweQXN~f>lM4G@U_0?-5v7tmOwEw`^*bxfeYe|GiwF{^WQ3qMu_xqw z?gTeF`UOIx4Jfe}R!-MYQkIaSd8$u(aYSY~ss3&~AqXJ>Xb z)}Eq^i!Hvyo10BdudUNRn5v>+{rdhq1|TQ)VCOv3F%WjK$Oi>F16i^E7JD?L-x#H+|+Vw`NM8%z6A`(`NlWCa=-5BTZJ;E_9yGp1G5vZMVcB;@Wu~)ZK z*C=<@+^|V_NU2?v?lF8OfZR=y`g7N%HR_Ji-(&k=@A>mgKR=uc%lRt*Zc@{C*)q5| z!$|zgMCj<0dXuL6dFHjChYDuPpFT0MYJlM_nBy!wt5TNWM(^rZ8%&LbrHr0!>DX1g zuRZ;F8g79O$;!`f_LKg7(0+h`>wginh_r+^PO?#@qg$Jnc6)k~_V9AuB4N?f|2uAZV*Y-LBDW|ErEJ!7-JKvIT` zm2ziZ8QL=8fPnRV^S2;U{A%S??+7L~G&940vci2| zLp)|?waH?GgyiOLEPTJm5IH4G4Etzdp{$|7fQ^cbwH2Fa|MO_dbO!>F*4Fi>*iP(J z>Rus~*D5+_7vPN&y=;rP7v9v%p-CMfo?@okI5Ioz6Op}p!%vBsj0vFe@7wEVLPGn= z6hf3}Xh+A#$8)#WDOA=0)0j9%)rT5)p zd#EtADLX(~R)(VnHUdl)pnh|-YD*aX&WNLBx-{23;O$0$c2&ZiZBNm;*n@XEfN3(#eG#U-#K#~5#=9)?H;O4A|Ai~fY0lM@nlRi{j; zUDYT7yDbgX*g$j|Xi)iIES+95a#7{fVv?fZbagkoUzS5b4Ep-n>Rk0pmwxHCHX8K$ zBvsueC?BM8q@(!f7`p>GzqziT9+ko!S-G-Jnf5+Kdi!S=KLPPdG^Av6eiP5mt}45| z8-psQH|J4I(Ts>+v@4yC%PT63R__40^Y(39f4`((R#uh@H7+hr3o9vAOT*>adT{6> z?8#Ws?!-KkQ;NK=2cbz+lJ>&#vZAgcv%1ergZ9eWngk5cy^D(Wkp`B{%_1$$BC{Hr zQ|0@r27*~dNDzL5K8;ZWh71+a*1}eHCULc>&vmV6_-@g?SsZ~I^8+~SJR}<#TqZ>j z!zD3k-B!9!j(}Rc#X5_q!M_k^CzMB zW5Ir@sZ(b2MbRXX*D$>Hh9djfGXUW~f4;U^d$BcTMl>O4vZS7)WD(WXT~chFDS02J zJUJFQM9E}0vX)?4#>+>i9L=z^^XY}QRD(l7VKpX1N3FjcDvc7U)T4&2-}JrlGYs*H zPrmY)eAt+{2p~E=Rq1!>Id$Wsr-(6M=+LkM1*|^2Zz1iNCUVVZ5%Rm(PC4?;gZ}`{ z@K4-{WMY0uXZWSBPWdg^w4<1b8}eEGXJuvUgitpN#Z{~SOaF$u#tFIf!?LM-;HSJ#6rq-IT;O%qA)ujjE~Cw;a15}K%< z{*h0Fs43Osm*}(=|1R9*V};OAWL zZ|D;Sl%e)rDnC&?dB2ogKy+wxX?BVaAF4~K6$nr&KF1$dlA|oIER~>m66~1mYOFxY zZ;k}91w2<{?&Dy3lBcp!_cGr@l|^A*=B9yh53;a8Hb%!sW0y1kta6M*SfH8c{~a{h zKe2T=PbgHzpBMmaBCIdRCQKj69zOafZ4`tmr3+U7^}Nyly=>F}f7Jhe#_s=H&rpZ` zrC~3t-6Mz$!2b{(c5U~|^lWj6r<#c8pYiyIS6(m~NvLXk{@Ak}9Z=4RT(hz0Kbj%N zwf{;vJAPnD`iDKjx{Y2~0?%?N;>n6p1egdcazPHeXON6m(=u2qYi>3=!k-gMP|**@ z`yCx0Ro)9D^s3kyy->+JTb34lM(HK2|7!}8JpLyGI~%|(ZA|fg9|Pf-bhFcLhR?*vbN_h2dv*enP!WL zWGq!<_J?it^4nh`)YPs2JQjVTCVnu3;aM$Z_H&kK7w!PSB0r-#@RwHEUmI%g zN*}8U7YgseKiNO@WC(Gk{%6KE9iH@$Apx<j9TG0rEkhIat*#I_p#V?}Ch;gJ6>7 z=%i?kfl9KcPe0vILJBXxntfzdXE1ugQ0||1kP;Z2ITR~#bshKFZzu1eLqJwpf#IsI zy1X))4(--0d;jUS!_KW+keZYJvJcH0{pHGb9vi~8R@-WA%fk|4dC?#z?FpyJBfE)_ zkVKxkX^`34uNSi0-5$3H*~H!5FqVd)6SR}_Rz9cO{t5yGU-G_mj}R0ErxktUPc!Wp z;w!}`(n7KP&O5gGZ2z9l)k(IA4B`c6;NzXrmKIX`?ot0Pq(8}{sPQ0pg8pz~jN4-F z#%d^)R_fI_noe#r?(1=Z(7cE)mW*1x#UK}3rl6yM=l5R2ZA#*>%$KF=QiH40OYz>R zH@=AS6X-gaTeQMNL`X#&nJizv+!Ff`4>r_%INd0@14-kna~DM>f;z6siMHcwy96V5 zuC}SE?&)b8y_wF-<7fe`uB9=6Yre!M-p>ZEC!!aZmqUg2PLWXHl_E`ZbNQ8(3KZCn z$wpra?4nLo{`)YY%&T9KYb#fy%%qhB32?PaO2gdm9^WkwvbFGOrT;XWHlMGTgsl%G zsK>{=+CFA^y#EBE05UlL9g^}?5Sfy`v%vbkxA!RtNly1}eZ6FrKf0<%`Wq`7!t7StfaE4eU1K=g_`1c+<#mJ|BlkN)InF zu_`jJ@?=(cXz1#KPKPA7iC$8)vW{a%PN~VVkFs91>t)+|0O9S4{R}Mh{l}HhkVakA zVbjFaqXa-)*H71vM#CEcOs3l>J}Me*(wT>M(hX@K3GUbre%OuRz>Ame%E1Llfo6yyLkviKW0r3TTn0&@QXn~DT{;4 z9T-?9cSnKJ^V1dgox|Go<7G)g9yGkwq&Taqv&*7yi3kV?pacY4Yg@zRZUYbJ2dGmU z8x1cnAA-z%yKR1cC?3&a;7ssVpbv3ct6ZNfaDb59{(Sv8& zl%G^VEl-AC$M2cmd*Ks@44DjSz%bssbc8B$^~NcTbYPnvhUn`@<50sR`u91>~ONd!(B@{lp>OPN1qD zSN#EEGh~_MEh{H?wJgmjTFcfs>OD$GjpSKvz^oe`#PZvE*m)Nx`$KkNc^Ga{Te<;a zie;<#>Z>z|Oa;{3^Wf7|z2>x1jYA$6fE9x=|8YEk!7UuYUn^HN^r>GPB3x%(Hc>gH zTx*368GSYarW-&vLD2t5x`p9@O#>0m!;eBOM*qqr`_ibagjrM`aZ~^xc~-`n0W}Lj z-FQukBWoEp7&jVBGC`q8mgaUUa;%mWLe%#Osdcg>+ia@Tm?_5$6*`)~IDt||AorY71Ljj54ptJTPcSo^nF5X#|t5yit`_~bABT5M`Y_5zy$oq8DUPSWKfBzt5!SS z7SXIUciyxT;Jft1@6T}R;F_LyrhO7$rZ{h|k_imWtQaB#j2_bp5thlNKRyck>L~s+ zj~ENZUMaUxDm9^es%w-JF(w4C@%kNZ*iTlXoez_9Pp15r`2h2Ku^H&Z+5gJ|&0CH; zujcm2xo~c{$E|2t9bM%AyoP7Ne-$BoeB(5ZC9JQEf}ppa|3$x}m6vx4{Q)8!T?bZ1 zLqegReo#puFm?Y76v_s!T)jY+6|10}+?_)?Pst_-urf5O5j92^J(@n2uuS(yPwB*Aplheg8eKZE=6U1bD!uCAq!yni}!D*%Hov_I8lp(9`3c zWvRTF41Au}UOT`^n?Jd>w-**}x3qM5+thS-_=v>zHkw)6LEzRHn1-1Sd8P2Qd!DlH z_N{VuTa}rdg8B&i)q}d)V~fY+7g94FkrOhSG&3lG%eftqrVSzEo4vT@EUfgZ%QtT# zVE&x&yNO14+BKe zvUP-*S5({&(D`&`xx091r@hE%cBgBiTqZNjLXrpvf&(8H zSmU+tK&cM8dS9)ruLEbooQG&(nDl9CH0`L~@~kAdO*|bl3Ch6tz;M&H9J)ixKOZG7w0JVu% zJw!kl33QD3(7!>3CQ?5jEd!{bS{1+#xU5H{`m@yKj{D0`Yd0xHRs&@_&Bcm=Gx_;p zk&J5%oTh3y;|0AxPV3AEvkrf0%rt6|s8|Z$E6cNJ*Ek+B;E)PjRVd{I1wQ7^5J8GR z{)c=ovi-{B&8e4IA(Kg2?<~sC>uwie7VlqwZez`KojO!bzlpV#wG}tN8Incvzs}!& z0=DLb)E^8Yk|vtQ%pzV<8lf=RK+vXK75NpPr2fvZ3-G7*1&Nw7vzl(Vd`en{)gOQo zs>;$_doPc#Wc@}#L!)@%I+k-hStui=yA5Nf%CMCXNRJ#NRldIj{k)BGRuT)%9;KF0x;4Cek=_!FK{2ZoH&n+3znK)CptMjJZ^}W zU1qvE|IB+^fChK>n7Y6qaksHGz3i(H$5m!ofp!Fu0;TQJHu)+cw%bx`Y^%0MR`IX% z%%G5s-xETG@s%xh-a z&_#;0libtjB%Q@4v{skeckJw@6aEI5s*efBPB{!G9NG4@$vHTHOTMh8Cnt!uQEd`U zbt;OqgZXvN9?CjbIyCf7ycOj5H8UEC7~{_iSa4`%ZthHsc@c==;;OMduM{(MGV<-6 zWtvMdu>D|^((iE5pKp_8M|^7-=D_5NqtOq@WtP;W@vLgZQG2QUk1z%@$_IZ`^U1X- zDtsIs@?P{^jvc{(ege4z*MWkL1Je=0d& zWS4?Kjul=QSAy@o-QClSl>Kuu|x@n1j+`$-Eb%%kX}5*2cwJtt$7;FCfOj~UkUymRTQTB z!iEizA*s7Q8Iu&J##L61?oZ&ug1(ZWz>XgUeT3&&_9oKQs`)SOECS4I8OyLB8WHO*oN_PW z3r*DK+2N%Jfp=UbljD{pJ~AZcNlTVu$ez!1jr4qr2U#qa*;Vp{&&lpY5`3n_XyErD z-qk5NtNqPa0he>DAoU9K>!ThZUW|zD5ef5ALG0UnG+z2GN4}z zFMZjGJrFbX5H-*X;z^e-Ll0ELRi>v~ex2_%m#^%$>7-ogsHtI;q1Z#(9tkQS(ggST z;NioJOru`y!oi`TXQ^*|H>8H(6M2j*(PHUJFx!QNl;NCRtxa&fra)z#J3)+U$D z!NGA-HlbBgQL%2Ao|(D-yNHUBQJgaL>sO9?8{x7)%y8LHq2Mq-4UHf3NnDcW)<-L1 z%xa~Bbu&?=y9tk$)yquZ!t&J0oLz1%fL2q~c4J|0ZEbh=7KoBr>JKP;ifbHpzGv5UZt?Y(KyEd&@(+(-qn~qh0OoK7OCSd=|Rfpfc~<9xsT$+55S%VVr;a1#9kp zH98&06Q+uF>b)Q8>%K-3yor5Asi&HXWRqA?s6#~AUW+Mx542xjP_Tf4pueXFG$vAp z{?mMYox5*oY3bLmU!T44v81BQ*QmlJCl>-rpyXtV{Fbh8I$tbuGF)6aEv}l`YC9}r1_$u~uHR?=P ze~pb~2s#J*?0IPQ_r+HM!NF+VV|4gsONfy5NCNL$az5vqHbO0ao4s89aM~eR*&6#@ zpci%B9v?{JwX+t!N6@I4t8=cqo{Ip9$n`kia`V{?F}!#A0xyr-X9^mI=A$43o)mgS zqA4;8=dS{zg{pcbpTO=z25QD}g} zw{LTWx@jUQzhi4l9165xqdCe2D=P_2O--?}+=(9b_!DL;o!r{4o8Bcx{R#Z1=f$gs zMMZC}&$r*ftgBpmGJ>MyOf>h$OJ46Yy`!o-RIpp$&w-yG9aTH*Yk9ZFb6adB6;h-w zEGz&8nbio$K2GFos;a6Q7#OUsu7Xc!kWakba(fW>yz8;QeX?#=n*}-W09(jCVcyA8 zA$N0glJfHMRFssJ(a|q7j}8ylG6eVqYHRt!!yOC_4Bo;-v1LEPV6Lt=`wjPV8K=ir z+))R|r^m;qRH-#iPWzJXA?Vm%UI?2L1-_f4a}dlHR!*$oYX`yWeVuO6b8HMoM#d_Q z7q=FlnOImV%FD-h1MZ|uIG}k->beByXW8>X@oV)KGnGRF0|WE(^FXiF-rnBbZ3<+V zGfe2{=%Mcw7JbJz+55p#Es9z~BGs%dB8L&-TuwjdhiVmX`ZkuTY{^ zqQ>>Xgtm5(UR(O8_|XyA;(m8?shZ@Gul}o97^8)y4@*A$U7a719=_AmMPpu{r1V5Ya0jpa)16+S)Pm@@+bTL*Kr|a=$Q< zb$74N$=M!EDZ(M;-B`2VdQ#_p>$6u-p9*(69aAo+F@uwk<-<3pGY2vxa{m}tNN2~tZ!f7Yyv|D)5bF?d%P z4Q#a7KpgZ}tc3mMaC!otLwj4><{1qq=h*zbHU;+2%uG5On!4kDzFv!EwMD zrxAm?o@!u~fkNHNrmnU&m`nglObirVKr8QbaiBZ<8EEikK^y#Vs5CS+_h+g~Jnr31 zzY4tpUfa>xmWnz3f%yADYb?yZVa_(Zv8&98zyRQM$O zr?VXfBgL%N196+-jky-nJd=?OD=VuSV5#ceT%4S$6c{j2QDa_NrA9|b=MQAdX9AV^ zs&!RJ$iVL+eF1)chFofD>W?d(p$+$U*FeMX-`UY&G@2z_?bVnj8U(cKBLFA(cTP{& z*sS+gi!-ZLnCFd|;^E3hd$~EPR8d=3hcRF2+#AEDSPm)+RJci@&~8%qtlq9J{~ENk?uXOmW;q^{g?G8_ zi0{Cu7TBl;%o;9ar{w9|OA`~8*~LXlmg=jkizjP#0C*>Qpm z>lGrxDOx70gvCwk>z{QdKte~R&&l)WpwaLd3e-eSP;^DmLh;w7zCV0}=Ka|viq}(@ zJywFDY^CN2AkjRDtsU@;RwJ-OBO~!0wpV#&1B|%FxuXn77E~8R6(Z%bnVvsCJS|$R z;rf#ge@Pt~X7O^n#;Lou7I!v{>hjm@m|NM|$v~A(0LT!oZ0pMhbWBnTLm)A9*)+=& z60om5+sRrBKvMAURDHUS!R4J8qDw0F>G9DFkZNrap{T%4_``MSE!a8s`TwmX2J^$N&@kPs@ z9nidor>3R=qFkl`2zQFkC5Av)R<^5uB?7)V2{w+FL4+}=ajkTc9R|pT`d34$t?_P@Jj#d#<0iD;)BKisv8MCkqAPcqTb|-RYGvLzy0TY;?fOFAGm+NqBybOvDXSg_(i{GT8+@*5bZZ7AT8#}VQGPTT-JvmSDY>~443Tlw-+XfH5fC$3q2FnQ=$suZ z4K>88-1zp(Qua5dd@%z^_zZtnmk9yMJJ4&_;hkH7A}`Al0;WJATTA&8L#=t&>tm4g z)2!4X_`7~jY+i6StbCtTz~0$;3Wsu7h~#LYsih}+BrR=PF$Ni8qc{3`)1!vHip*L)~2SvMAKAj9oZZ%ni?-7&`ABV znxT&^LMPl6W#r_Ff&CsG9W5>{PEJm4Y;2sXbFnD_)kP6MegII$%*R)AcYEys+R;sV zbFm!aakZHVBBHIiWq_&Pk-MGDx$HYRJ3|}D%(=G-5MfARm4@5FKOcblxMYfk%lW>I zKk6%YK*&@Jf(*z#V4ka^0h4ezWAhru;XboH>k_;G{m1GK6s#>(r#B7zJfoZ$;h-Jk(5HW>oZsc5V(K;&ib(vdyo0PJCgD6@DLy*bTqUj0*MbFwm@tG ze8odV1RQ3~YFp4F$o)SRHb5Nl6%C$c6;OL7K7X{@)6&wSudffFu$tNwfJXff{Q$J1 zrJ=zf;R5wqh9H6f$PrZU93CI%Sfh|WeF}i~(TvT2l}&+0)zZpJYdVV7cD9YkonEoA`x;b@W_5M8>Qkx7ZyxL+lqUnMb6QZ-jSQdVC7@nd@C1aN8BC#0PB*9J&e z4)>qhT_W#o?f3Y9XG;H>Jvv;VaE$)Rm;mPT!Ol974-->m&3k^{n?_u5*gX@PfgcgN zso>QQHj=QOdz<6yiaF;1zfn^=0Bb8O<^@eh>1TVuSlVY4k)86BE7;(B7&wvg+4Ebk_%$>L zaf7m@w9wGdGL;YnwY+iy?l3?aB)95?n)8}Jg5E$N$RU5;3!vNPQ_!G#^a+Pwhp7K|JJlsJ8 zHb;V(|I|&Cf+mF-rv;a-l@&HCC@78i9EUWH;i4qMHQ>(&!7H?c1Qosz#EkH!Yq)}N2x?fOG5McajeWXA6`m61NQx~Y?k!n1b zSy*_u0Xv8~6`h=%L`B5&sbfejOr5H1fjZO1N-Bq z5g{5%AKiNa#MiCZZ%#UPz7s6>lQcv!Xj|ir)#bA04H*M=W}>++TyalTSJ9`3btXk* z9a_-|Z#ePx^}W8n27ws^AKx`-G7<{rN;|!A+0?YG_Uh{KUp$@y1&C3<22@b5 z_>OWU!vi1+Km(lh409%=PTK@AH|uek&1Ea)l-O9mP5nm9#&hYp_rv>+0}?}?;S6rA zdiQz~g#LGYj$sBwQJDRhCOmhay&j$_{{DK%!r0s0*$G}Rv5?{RH(b7+@fR*vuA+EH z|HS&TC5D%=py_}BWB})G@X+mN z5v_=>ZoDOOjC=_dK?_jbBe$)yXZ<)|)`8gQs2>UFtrZfHA;Tp+9XadaBuv#&rvg(AB9(NxSm2E#B0xwBF;@bWhZSbi_G`Vwu@bc5UHw0J zN`O%ZhFrNyDmXfN!XJ;WG6k7)T-6D~r=rt=`?N1f=pGccp?Qm>%cW;zaG6a-z(L8+ zb-CHJRFa^kmKM(+AFEdz0|*<9@;2qE`os$3bf+X#Z55D?gd z;?s)@M@GgR;4W;a*!;5$dZPXSeqi`~Fi2FQFfcGy6MvZsXG$f2aZCurBl9W&r=!m@ z04g|Ns=%K`4i>`}&rOIGhdA>B?Mw|63h$1j{? z@7tFmxbUR?WoAEl8BLU5B-$z{mIZDRzJ~$9faHt;J+?wEva|!i%mYs1%x4p4x!JRA zNvPNdDl*9qrdy{swfubQ>KWyPcu0-%Ev9AGPCPh|9>jIqzy)6IJ-=9u)&>MCe>>~r zJtPF_pYK98Fi9zAW@kb1^Pf^{q5xeL|H`Ghz{-IL3@%~eHy{F$Zf$EDn)DB4RD=c% z1}62O{Bbh)s2sROGtH^ruCcjSsIYaAu_+dWh|rZxRn0*-u^=YUb$WY{J7mmJMuhAI z$PpbMCL%fdC%FEtqu#<)6yaTxT0i*@76E~{<=u&LZX^_FB z+K+|;i=ZrqbU9TyxutFW76-FGFJLiz&p?z|4^Np z(&w2rIZ1ZJdE8&baQJB0A)J;HH?|s^Rl0JV97GfU#|r50$g#^sHpu-pYrs_?VsE8j J`64=>{|9}xe7pbv diff --git a/lam/lib/config.inc b/lam/lib/config.inc index ddcefb0e..1753ff0d 100644 --- a/lam/lib/config.inc +++ b/lam/lib/config.inc @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2003 - 2012 Roland Gruber + Copyright (C) 2003 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1400,6 +1400,9 @@ class LAMCfgMain { /** list of hosts which may access LAM */ public $allowedHosts; + /** list of hosts which may access LAM Pro self service */ + public $allowedHostsSelfService; + /** session encryption */ public $encryptSession; @@ -1441,7 +1444,7 @@ class LAMCfgMain { "logLevel", "logDestination", "allowedHosts", "passwordMinLength", "passwordMinUpper", "passwordMinLower", "passwordMinNumeric", "passwordMinClasses", "passwordMinSymbol", "mailEOL", 'errorReporting', - 'encryptSession'); + 'encryptSession', 'allowedHostsSelfService'); /** * Loads preferences from config file @@ -1453,6 +1456,7 @@ class LAMCfgMain { $this->logLevel = LOG_NOTICE; $this->logDestination = "SYSLOG"; $this->allowedHosts = ""; + $this->allowedHostsSelfService = ''; $this->encryptSession = 'true'; $this->reload(); } @@ -1521,6 +1525,7 @@ class LAMCfgMain { if (!in_array("logLevel", $saved)) array_push($file_array, "\n\n# log level\n" . "logLevel: " . $this->logLevel); if (!in_array("logDestination", $saved)) array_push($file_array, "\n\n# log destination\n" . "logDestination: " . $this->logDestination); if (!in_array("allowedHosts", $saved)) array_push($file_array, "\n\n# list of hosts which may access LAM\n" . "allowedHosts: " . $this->allowedHosts); + if (!in_array("allowedHostsSelfService", $saved)) array_push($file_array, "\n\n# list of hosts which may access LAM Pro self service\n" . "allowedHostsSelfService: " . $this->allowedHostsSelfService); if (!in_array("encryptSession", $saved)) array_push($file_array, "\n\n# encrypt session data\n" . "encryptSession: " . $this->encryptSession); if (!in_array("passwordMinLength", $saved)) array_push($file_array, "\n\n# Password: minimum password length\n" . "passwordMinLength: " . $this->passwordMinLength); if (!in_array("passwordMinUpper", $saved)) array_push($file_array, "\n\n# Password: minimum uppercase characters\n" . "passwordMinUpper: " . $this->passwordMinUpper); diff --git a/lam/lib/security.inc b/lam/lib/security.inc index d5ffa5ca..8ee5ea5e 100644 --- a/lam/lib/security.inc +++ b/lam/lib/security.inc @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2006 - 2013 Roland Gruber + Copyright (C) 2006 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -32,6 +32,8 @@ $Id$ include_once('config.inc'); /** ldap connection */ include_once('ldap.inc'); +/** common functions */ +include_once('account.inc'); // check client IP address checkClientIP(); @@ -104,6 +106,11 @@ function checkClientIP() { if (isset($_SESSION['cfgMain'])) $cfg = $_SESSION['cfgMain']; else $cfg = new LAMCfgMain(); $allowedHosts = $cfg->allowedHosts; + $url = getCallingURL(); + if ((strpos($url, '/selfService/selfService') !== false) || ((strpos($url, '/misc/ajax.php?') !== false) && strpos($url, 'selfservice=1') !== false)) { + // self service pages have separate IP list + $allowedHosts = $cfg->allowedHostsSelfService; + } // skip test if no hosts are defined if ($allowedHosts == "") return; $allowedHosts = explode(",", $allowedHosts); diff --git a/lam/templates/config/mainmanage.php b/lam/templates/config/mainmanage.php index cf7ae048..a3f5078f 100644 --- a/lam/templates/config/mainmanage.php +++ b/lam/templates/config/mainmanage.php @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2003 - 2013 Roland Gruber + Copyright (C) 2003 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -104,6 +104,29 @@ if (isset($_POST['submitFormData'])) { } else $allowedHosts = ""; $cfg->allowedHosts = $allowedHosts; + // set allowed hosts for self service + if (isLAMProVersion()) { + if (isset($_POST['allowedHostsSelfService'])) { + $allowedHostsSelfService = $_POST['allowedHostsSelfService']; + $allowedHostsSelfServiceList = explode("\n", $allowedHostsSelfService); + for ($i = 0; $i < sizeof($allowedHostsSelfServiceList); $i++) { + $allowedHostsSelfServiceList[$i] = trim($allowedHostsSelfServiceList[$i]); + // ignore empty lines + if ($allowedHostsSelfServiceList[$i] == "") { + unset($allowedHostsSelfServiceList[$i]); + continue; + } + // check each line + $ipRegex = '/^[0-9a-f\\.:\\*]+$/i'; + if (!preg_match($ipRegex, $allowedHostsSelfServiceList[$i]) || (strlen($allowedHostsSelfServiceList[$i]) > 15)) { + $errors[] = sprintf(_("The IP address %s is invalid!"), htmlspecialchars(str_replace('%', '%%', $allowedHostsSelfServiceList[$i]))); + } + } + $allowedHostsSelfService = implode(",", $allowedHostsSelfServiceList); + } + else $allowedHostsSelfService = ""; + $cfg->allowedHostsSelfService = $allowedHostsSelfService; + } // set session encryption if (function_exists('mcrypt_create_iv')) { $encryptSession = 'false'; @@ -271,6 +294,9 @@ $securityTable = new htmlTable(); $options = array(5, 10, 20, 30, 60, 90, 120, 240); $securityTable->addElement(new htmlTableExtendedSelect('sessionTimeout', $options, array($cfg->sessionTimeout), _("Session timeout"), '238'), true); $securityTable->addElement(new htmlTableExtendedInputTextarea('allowedHosts', implode("\n", explode(",", $cfg->allowedHosts)), '30', '7', _("Allowed hosts"), '241'), true); +if (isLAMProVersion()) { + $securityTable->addElement(new htmlTableExtendedInputTextarea('allowedHostsSelfService', implode("\n", explode(",", $cfg->allowedHostsSelfService)), '30', '7', _("Allowed hosts (self service)"), '241'), true); +} $encryptSession = ($cfg->encryptSession === 'true'); $encryptSessionBox = new htmlTableExtendedInputCheckbox('encryptSession', $encryptSession, _('Encrypt session'), '245'); $encryptSessionBox->setIsEnabled(function_exists('mcrypt_create_iv'));