Ajout du support de liste blanche de groupes
This commit is contained in:
parent
74d999647f
commit
1591c16e95
|
@ -7,12 +7,11 @@ my $ldapbase = esmith::util::ldapBase ($DomainName);
|
|||
my $tbpref = ((${'mozilla-mcd'}{'TBEnforce'} || 'disabled') =~ m/^enabled|on|1|yes$/) ? "lockPref":"defaultPref";
|
||||
my $ffpref = ((${'mozilla-mcd'}{'FFEnforce'} || 'disabled') =~ m/^enabled|on|1|yes$/) ? "lockPref":"defaultPref";
|
||||
my $url = ${'mozilla-mcd'}{'HomeURL'} || 'https://auth.' . "$DomainName";
|
||||
my $noenforcegroups = ${'mozilla-mcd'}{'NoEnforceGroups'} || '';
|
||||
# Format as a PHP array
|
||||
$noenforcegroups =~ s/^,+|,+$//g;
|
||||
$noenforcegroups =~ s/^/'/g;
|
||||
$noenforcegroups =~ s/$/'/g;
|
||||
$noenforcegroups =~ s/[;,]/','/g;
|
||||
my @noenforcegroups = split( /[;,]/, (${'mozilla-mcd'}{'NoEnforceGroups'} || '') );
|
||||
my @wlgroups = split( /[;,]/, (${'mozilla-mcd'}{'WhiteListGroups'} || '') );
|
||||
|
||||
my $noenforcegroups = join (',', @noenforcegroups);
|
||||
my $wlgroups = join (',', @wlgroups);
|
||||
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
|
@ -27,6 +26,7 @@ define('TB_PREF', '$tbpref');
|
|||
define('FF_PREF', '$ffpref');
|
||||
define('HOME_URL', '$url');
|
||||
\$NOENFORCEGROUPS = array($noenforcegroups);
|
||||
\$WHITELISTGROUPS = array($wlgroups);
|
||||
|
||||
EOF
|
||||
|
||||
|
|
|
@ -41,6 +41,20 @@ if(isset($_SERVER['QUERY_STRING']) && preg_match('/^.+@' . DOMAIN . '$/', $_SERV
|
|||
break;
|
||||
}
|
||||
}
|
||||
// Stop here if the user is not part of the whitelist groups
|
||||
if (count($WHITELISTGROUPS) > 0){
|
||||
$conf = 0;
|
||||
foreach ($user[0]['posixmemberof'] as $group){
|
||||
if (in_array($group, $WHITELISTGROUPS)){
|
||||
$conf = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if ($conf != 1){
|
||||
header("HTTP/1.1 403 Forbidden");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
// We've not received a valid email address
|
||||
|
|
Loading…
Reference in New Issue