WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

show info if login failed and account can be determined as locked

This commit is contained in:
Roland Gruber 2020-06-21 21:33:43 +02:00
parent 38cbfb9dab
commit 780daded11
3 changed files with 47 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lam/lib/account.inc
View File

@ -1770,6 +1770,8 @@ function isDeveloperVersion($version) {
class LAMException extends Exception {
private $title;
private $ldapErrorCode;
/**
* Constructor.
@ -1777,10 +1779,12 @@ class LAMException extends Exception {
* @param string $title title
* @param string $message message (optional)
* @param Exception $cause (optional)
* @param int $ldapErrorCode original LDAP error code
*/
public function __construct($title, $message = null, $cause = null) {
public function __construct($title, $message = null, $cause = null, $ldapErrorCode = null) {
parent::__construct($message, null, $cause);
$this->title = $title;
$this->ldapErrorCode = $ldapErrorCode;
}
/**
@ -1792,6 +1796,15 @@ class LAMException extends Exception {
return $this->title;
}
/**
* Returns the original LDAP error code.
*
* @return int error code
*/
public function getLdapErrorCode() {
return $this->ldapErrorCode;
}
}
?>

8
lam/lib/ldap.inc
View File

@ -92,7 +92,6 @@ class Ldap{
ldap_set_option($this->server,LDAP_OPT_REFERRALS, $followReferrals);
$bind = @ldap_bind($this->server, $user, $passwd);
if ($bind) {
$return = ldap_errno($this->server);
$this->is_connected = true;
return;
}
@ -103,17 +102,17 @@ class Ldap{
|| ($errorNumber == 81)) {
// connection failed
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."), null, null, $errorNumber);
}
elseif ($errorNumber == 49) {
// user name/password invalid. Return to login page.
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (wrong password). ' . getDefaultLDAPErrorString($this->server));
throw new LAMException(_("Wrong password/user name combination. Please try again."), getDefaultLDAPErrorString($this->server));
throw new LAMException(_("Wrong password/user name combination. Please try again."), getDefaultLDAPErrorString($this->server), null, $errorNumber);
}
else {
// other errors
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
throw new LAMException(_("LDAP error, server says:"), "($errorNumber) " . getDefaultLDAPErrorString($this->server));
throw new LAMException(_("LDAP error, server says:"), "($errorNumber) " . getDefaultLDAPErrorString($this->server), null, $errorNumber);
}
}
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
@ -122,6 +121,7 @@ class Ldap{
/** Closes connection to server */
public function close() {
if ($this->server != null) {
$this->is_connected = false;
@ldap_close($this->server);
}
}

34
lam/templates/login.php
View File

@ -178,8 +178,9 @@ setlanguage(); // setting correct language
* @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
* @param string $error_message error message to display
* @param string $errorDetails error details
* @param string $extraMessage extra message that is shown as info
*/
function display_LoginPage($licenseValidator, $error_message, $errorDetails = null) {
function display_LoginPage($licenseValidator, $error_message, $errorDetails = null, $extraMessage = null) {
$config_object = $_SESSION['config'];
$cfgMain = $_SESSION["cfgMain"];
logNewMessage(LOG_DEBUG, "Display login page");
@ -405,12 +406,15 @@ function display_LoginPage($licenseValidator, $error_message, $errorDetails = nu
$row->add(new htmlSpacer(null, '20px'), 12);
$row->add(new htmlButton('checklogin', _("Login")), 12);
// error message
if(!empty($error_message)) {
if (!empty($error_message)) {
$row->add(new \htmlSpacer(null, '5px'), 12);
$message = new htmlStatusMessage('ERROR', $error_message, $errorDetails);
$message->colspan = 3;
$row->add($message, 12);
}
if (!empty($extraMessage)) {
$extraMessage = new htmlStatusMessage('INFO', $extraMessage);
$row->add($extraMessage, 12);
}
parseHtml(null, $row, array(), false, $tabindex, 'user');
?>
@ -590,12 +594,32 @@ if(isset($_POST['checklogin'])) {
die();
}
catch (LAMException $e) {
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage());
$extraMessage = null;
if (($searchLDAP !== null) && ($e->getLdapErrorCode() == 49)) {
$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP, $username);
}
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage(), $extraMessage);
exit();
}
}
/**
* Tries to get additional information why invalid credentials was returned. E.g. account is locked.
*
* @param Ldap $ldap LDAP object to connect for getting extra data
* @param string $username failed DN
* @return string extra message
*/
function getExtraInvalidCredentialsMessage($ldap, $username) {
$extraMessage = null;
$userData = ldapGetDN($username, array('dn', 'pwdaccountlockedtime'), $ldap->server());
if (!empty($userData['pwdaccountlockedtime'][0])) {
$extraMessage = _('Account is locked');
}
$ldap->close();
return $extraMessage;
}
//displays the login window
display_LoginPage($licenseValidator, $error_message);
?>