Skip to content

Commit

Permalink
2.1.27
Browse files Browse the repository at this point in the history 
Fix for #2564, #2563, #2560, #2536, #2505, #2503, #2439
  • Loading branch information
nilsteampassnet authored and nilsteampassnet committed Mar 17, 2019
1 parent 8bd47d4 commit b88f933
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 20 deletions.
1 change: 1 addition & 0 deletions changelog.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
2.1.27
35/
#2564 Permissions problem
#2563 Unable to add item via API
#2560 Fix an issue for one time password changes if current user is not root
#2536 low 40bit RC4 - pdf export?
Expand Down
11 changes: 9 additions & 2 deletions sources/identify.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -628,7 +628,7 @@ function identifyUser(
$ldapconn,
$SETTINGS['ldap_search_base'],
$filter,
array('dn', 'mail', 'givenname', 'sn', 'samaccountname', 'shadowexpire')
array('dn', 'mail', 'givenname', 'sn', 'samaccountname', 'shadowexpire', 'useraccountcontrol')
);
if ($debugLdap == 1) {
fputs(
Expand Down Expand Up @@ -830,6 +830,13 @@ function identifyUser(
exit();
}

// Is user disabled?
$user_info_from_ad = $adldap->user()->info($auth_username, array("useraccountcontrol"));
if ((($user_info[0]['useraccountcontrol'][0] & 2) == 0) === false) {
echo '[{"value" : "user_disabled'.$auth_username.'", "text":""}]';
exit();
}

// Update user's password
if ($ldapConnection === true) {
$data['pw'] = $pwdlib->createPasswordHash($passwordClear);
Expand Down Expand Up @@ -930,7 +937,7 @@ function identifyUser(
//Because we didn't use adLDAP, we need to set the user info from the ldap_get_entries result
$user_info_from_ad = $result;
} else {
$user_info_from_ad = $adldap->user()->info($auth_username, array("mail", "givenname", "sn"));
$user_info_from_ad = $adldap->user()->info($auth_username, array("mail", "givenname", "sn", "useraccountcontrol"));
}

DB::insert(
Expand Down
36 changes: 18 additions & 18 deletions sources/items.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2601,29 +2601,29 @@
$accessLevel = 2;
$arrTmp = [];
foreach (explode(';', $_SESSION['fonction_id']) as $role) {
$access = DB::queryFirstRow(
"SELECT type FROM ".prefix_table("roles_values")." WHERE role_id = %i AND folder_id = %i",
$role,
$post_id
);
if ($access['type'] === "R") {
array_push($arrTmp, 1);
} elseif ($access['type'] === "W") {
array_push($arrTmp, 0);
} elseif ($access['type'] === "ND") {
array_push($arrTmp, 2);
} else {
// Ensure to give access Right if allowed folder
if (in_array($post_id, $_SESSION['groupes_visibles']) === true) {
if (empty($role) === false) {
$access = DB::queryFirstRow(
"SELECT type FROM ".prefix_table("roles_values")." WHERE role_id = %i AND folder_id = %i",
$role,
$post_id
);
if ($access['type'] === "R") {
array_push($arrTmp, 1);
} elseif ($access['type'] === "W") {
array_push($arrTmp, 0);
} elseif ($access['type'] === "ND") {
array_push($arrTmp, 2);
} else {
array_push($arrTmp, 3);
// Ensure to give access Right if allowed folder
if (in_array($post_id, $_SESSION['groupes_visibles']) === true) {
array_push($arrTmp, 0);
} else {
array_push($arrTmp, 3);
}
}
}
}
$accessLevel = min($arrTmp);
$uniqueLoadData['accessLevel'] = $accessLevel;


// check if this folder is a PF. If yes check if saltket is set
if ((!isset($_SESSION['user_settings']['encrypted_psk']) || empty($_SESSION['user_settings']['encrypted_psk'])) && $folderIsPf === true) {
$showError = "is_pf_but_no_saltkey";
Expand Down

0 comments on commit b88f933

Please sign in to comment.