From b703e1861163ad8d3f45ca566edd67cf0cff0a2e Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Thu, 10 Apr 2008 21:30:08 +0200
Subject: [PATCH] avoid infinite loop in ldap auth backend FS#1365
darcs-hash:20080410193008-7ad00-bb87213baaf169756433fc91c13caff6d763bf5f.gz
---
inc/auth/ldap.class.php | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/inc/auth/ldap.class.php b/inc/auth/ldap.class.php
index a9f4f4e21..bd1322344 100644
--- a/inc/auth/ldap.class.php
+++ b/inc/auth/ldap.class.php
@@ -96,7 +96,7 @@ class auth_ldap extends auth_basic {
return true;
}else{
// See if we can find the user
- $info = $this->getUserData($user);
+ $info = $this->getUserData($user,true);
if(empty($info['dn'])) {
return false;
} else {
@@ -131,8 +131,9 @@ class auth_ldap extends auth_basic {
* This LDAP specific function returns the following
* addional fields:
*
- * dn string distinguished name (DN)
- * uid string Posix User ID
+ * dn string distinguished name (DN)
+ * uid string Posix User ID
+ * inbind bool for internal use - avoid loop in binding
*
* @author Andreas Gohr <andi@splitbrain.org>
* @author Trouble
@@ -141,7 +142,7 @@ class auth_ldap extends auth_basic {
* @author Stephane Chazelas <stephane.chazelas@emerson.com>
* @return array containing user data or false
*/
- function getUserData($user) {
+ function getUserData($user,$inbind=false) {
global $conf;
if(!$this->_openLDAP()) return false;
@@ -154,7 +155,7 @@ class auth_ldap extends auth_basic {
return false;
}
$this->bound = 2;
- }elseif($this->bound == 0) {
+ }elseif($this->bound == 0 && !$inbind) {
// in some cases getUserData is called outside the authentication workflow
// eg. for sending email notification on subscribed pages. This data might not
// be accessible anonymously, so we try to rebind the current user here
--
GitLab