--- ldap_integration/ldapauth.module 2009-10-02 15:30:42.000000000 +0200+++

1. --- ldap_integration/ldapauth.module    2009-10-02 15:30:42.000000000 +0200
2. +++ /Users/useruser/Downloads/ldap_integration/ldapauth.module  2009-10-27 15:29:16.000000000 +0100
3. @@ -1,5 +1,5 @@
4.  <?php
5. -// $Id: ldapauth.module,v 1.45 2009/07/28 14:03:05 miglius Exp $
6. +// $Id: ldapauth.module,v 1.46 2009/10/27 14:29:16 miglius Exp $
7.  
8.  /**
9.   * @file
10. @@ -115,16 +115,16 @@ function ldapauth_menu() {
11.      ),
12.      'admin/settings/ldap/ldapauth/activate' => array(
13.        'title' => 'Activate LDAP Source',
14. -      'page callback' => 'ldapauth_admin_activate',
15. -      'page arguments' => array(5),
16. +      'page callback' => 'drupal_get_form',
17. +      'page arguments' => array('ldapauth_admin_activate'),
18.        'access arguments' => array('administer ldap modules'),
19.        'type' => MENU_CALLBACK,
20.        'file' => 'ldapauth.admin.inc',
21.      ),
22.      'admin/settings/ldap/ldapauth/deactivate' => array(
23. -      'title' => 'De-Activate LDAP Source',
24. -      'page callback' => 'ldapauth_admin_deactivate',
25. -      'page arguments' => array(5),
26. +      'title' => 'De-activate LDAP Source',
27. +      'page callback' => 'drupal_get_form',
28. +      'page arguments' => array('ldapauth_admin_deactivate'),
29.        'access arguments' => array('administer ldap modules'),
30.        'type' => MENU_CALLBACK,
31.        'file' => 'ldapauth.admin.inc',
32. @@ -201,7 +201,7 @@ function ldapauth_form_alter(&$form, $fo
33.  
34.    // Replace the drupal authenticate function is it's used as validation.
35.    if (isset($form['#validate']) && is_array($form['#validate']) && ($key = array_search('user_login_authenticate_validate', $form['#validate'])))
36. -    $form['#validate'][$key] = 'ldapauth_login_validate';
37. +    $form['#validate'][$key] = 'ldapauth_login_authenticate_validate';
38.  
39.    switch ($form_id) {
40.      case 'user_login_block':
41. @@ -260,7 +260,7 @@ function ldapauth_exit() {
42.   *
43.   * If successful, sets the global $user object.
44.   */
45. -function ldapauth_login_validate($form, &$form_state) {
46. +function ldapauth_login_authenticate_validate($form, &$form_state) {
47.    ldapauth_authenticate($form_state['values']);
48.  }
49.  
50. @@ -275,6 +275,11 @@ function ldapauth_authenticate($form_val
51.    $name = $form_values['name'];
52.    $pass = trim($form_values['pass']);
53.  
54. +  // The user_login_name_validate() is not called if the user is being authenticated
55. +  // from the httpauth or services modules, therefore call it here.
56. +  $form_state['values'] = $form_values;
57. +  user_login_name_validate(NULL, $form_state);
58. +
59.    // (Design decision) uid=1 (admin user) must always authenticate to local database
60.    // this user is critical for all drupal admin and upgrade operations so it is best
61.    // left with drupal's native authentication.
62. @@ -300,36 +305,39 @@ function ldapauth_authenticate($form_val
63.      }
64.    }
65.  
66. +  $account = user_load(array('name' => $name, 'status' => 1));
67. +  if ($account && drupal_is_denied('mail', $account->mail)) {
68. +    form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array('%name' => $account->name)));
69. +  }
70. +
71. +  // If there is any validations errors, we do not query LDAP.
72. +  if (form_get_errors())
73. +    return;
74. +
75.    // Authenticate LDAP user.
76.    if (!($dn = _ldapauth_auth($name, $pass)))
77.      return;
78.  
79. -  $account = user_load(array('name' => $name));
80. -  if (!isset($account->uid)) {
81. -
82. -    // Check if the username is allowed.
83. -    if (drupal_is_denied('user', $name)) {
84. -      drupal_set_message(t('The name %name has been denied access.', array('%name' => $name)), 'error');
85. -      return;
86. -    }
87. -
88. +  if (!$account) {
89.      // Register this new user.
90.      if ($ldap_user = _ldapauth_user_lookup($name)) {
91. -      // Generate a random drupal password. LDAP password will be used anyways.
92. -      $pass_new = (LDAPAUTH_LOGIN_PROCESS == LDAPAUTH_AUTH_EXCLUSIVED || !LDAPAUTH_SYNC_PASSWORDS) ? user_password(20) : $pass;
93. -
94.        // If mail attribute is missing, set the name as mail.
95.        $init = $mail = key_exists(($_ldapauth_ldap->getOption('mail_attr') ? $_ldapauth_ldap->getOption('mail_attr') : LDAPAUTH_DEFAULT_MAIL_ATTR), $ldap_user) ? $ldap_user[$_ldapauth_ldap->getOption('mail_attr')][0] : $name;
96.  
97. +      // Check if the e-mail is not denied.
98. +      if (drupal_is_denied('mail', $mail)) {
99. +        form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array('%name' => $name)));
100. +        return;
101. +      }
102. +
103. +      // Generate a random drupal password. LDAP password will be used anyways.
104. +      $pass_new = (LDAPAUTH_LOGIN_PROCESS == LDAPAUTH_AUTH_EXCLUSIVED || !LDAPAUTH_SYNC_PASSWORDS) ? user_password(20) : $pass;
105. +
106.        $userinfo = array('name' => $name, 'pass' => $pass_new, 'mail' => $mail, 'init' => $init, 'status' => 1, 'authname_ldapauth' => $name, 'ldap_authentified' => TRUE, 'ldap_dn' => $ldap_user['dn'], 'ldap_config' => $_ldapauth_ldap->getOption('sid'));
107.        $user = user_save('', $userinfo);
108.        watchdog('ldapauth', 'New external user %name created from the LDAP server %server.', array('%name' => $name, '%server' => $_ldapauth_ldap->getOption('name')), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit'));
109.      }
110.    }
111. -  else if ($account->status == 0) {
112. -    // User is blocked.
113. -    return;
114. -  }
115.    else {
116.      // Login existing user.
117.      $data = array(