|
|
@ -1,6 +1,5 @@ |
|
|
|
<?php |
|
|
|
namespace LAM\LOGIN; |
|
|
|
use DateTime; |
|
|
|
use LAM\LIB\TWO_FACTOR\TwoFactorProviderService; |
|
|
|
use \LAMConfig; |
|
|
|
use \LAMCfgMain; |
|
|
@ -602,7 +601,7 @@ if(isset($_POST['checklogin'])) { |
|
|
|
catch (LAMException $e) { |
|
|
|
$extraMessage = null; |
|
|
|
if (($searchLDAP !== null) && ($e->getLdapErrorCode() == 49)) { |
|
|
|
$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP, $username); |
|
|
|
$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP->server(), $username); |
|
|
|
$searchLDAP->close(); |
|
|
|
} |
|
|
|
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage(), $extraMessage); |
|
|
@ -610,36 +609,6 @@ if(isset($_POST['checklogin'])) { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* Tries to get additional information why invalid credentials was returned. E.g. account is locked. |
|
|
|
* |
|
|
|
* @param Ldap $ldap LDAP object to connect for getting extra data |
|
|
|
* @param string $username failed DN |
|
|
|
* @return string extra message |
|
|
|
*/ |
|
|
|
function getExtraInvalidCredentialsMessage($ldap, $username) { |
|
|
|
$attributes = array('dn', 'pwdaccountlockedtime', 'krbprincipalexpiration', |
|
|
|
'krbpasswordexpiration', 'passwordexpirationtime'); |
|
|
|
$userData = ldapGetDN($username, $attributes, $ldap->server()); |
|
|
|
$now = new DateTime('now', getTimeZone()); |
|
|
|
if (!empty($userData['pwdaccountlockedtime'][0])) { |
|
|
|
return _('Account is locked'); |
|
|
|
} |
|
|
|
if (!empty($userData['krbprincipalexpiration'][0])) { |
|
|
|
$kerberosExpirationDate = parseLDAPTimestamp($userData['krbprincipalexpiration'][0]); |
|
|
|
if ($now >= $kerberosExpirationDate) { |
|
|
|
return _('Kerberos account is expired'); |
|
|
|
} |
|
|
|
} |
|
|
|
if (!empty($userData['krbpasswordexpiration'][0])) { |
|
|
|
$kerberosExpirationDate = parseLDAPTimestamp($userData['krbpasswordexpiration'][0]); |
|
|
|
if ($now >= $kerberosExpirationDate) { |
|
|
|
return _('Kerberos password is expired'); |
|
|
|
} |
|
|
|
} |
|
|
|
return null; |
|
|
|
} |
|
|
|
|
|
|
|
//displays the login window
|
|
|
|
display_LoginPage($licenseValidator, $error_message); |
|
|
|
?>
|