Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/adapter/PhutilLDAPAuthAdapter.php
Context not available. | |||||
public function readLDAPRecordAccountID(array $record) { | public function readLDAPRecordAccountID(array $record) { | ||||
$key = $this->usernameAttribute; | $key = $this->usernameAttribute; | ||||
if (!strlen($key)) { | if (!@strlen($key)) { | ||||
$key = head($this->searchAttributes); | $key = head($this->searchAttributes); | ||||
} | } | ||||
return $this->readLDAPData($record, $key); | return $this->readLDAPData($record, $key); | ||||
Context not available. | |||||
// | // | ||||
// However, in at least the case of 'dn', the property is a bare string. | // However, in at least the case of 'dn', the property is a bare string. | ||||
if (is_scalar($list) && strlen($list)) { | if (is_scalar($list) && @strlen($list)) { | ||||
return $list; | return $list; | ||||
} else if (is_array($list)) { | } else if (is_array($list)) { | ||||
return $list[0]; | return $list[0]; | ||||
Context not available. | |||||
// If the attribute contains the literal token "${login}", treat it as a | // If the attribute contains the literal token "${login}", treat it as a | ||||
// query and substitute the user's login name for the token. | // query and substitute the user's login name for the token. | ||||
if (strpos($attribute, '${login}') !== false) { | if (@strpos($attribute, '${login}') !== false) { | ||||
$escaped_user = ldap_sprintf('%S', $login_user); | $escaped_user = ldap_sprintf('%S', $login_user); | ||||
$attribute = str_replace('${login}', $escaped_user, $attribute); | $attribute = str_replace('${login}', $escaped_user, $attribute); | ||||
return $attribute; | return $attribute; | ||||
Context not available. | |||||
// NOTE: ldap_bind() dumps cleartext passwords into logs by default. Keep | // NOTE: ldap_bind() dumps cleartext passwords into logs by default. Keep | ||||
// it quiet. | // it quiet. | ||||
if (strlen($user)) { | if (@strlen($user)) { | ||||
$ok = @ldap_bind($conn, $user, $pass->openEnvelope()); | $ok = @ldap_bind($conn, $user, $pass->openEnvelope()); | ||||
} else { | } else { | ||||
$ok = @ldap_bind($conn); | $ok = @ldap_bind($conn); | ||||
Context not available. | |||||
$profiler->endServiceCall($call_id, array()); | $profiler->endServiceCall($call_id, array()); | ||||
if (!$ok) { | if (!$ok) { | ||||
if (strlen($user)) { | if (@strlen($user)) { | ||||
$this->raiseConnectionException( | $this->raiseConnectionException( | ||||
$conn, | $conn, | ||||
pht('Failed to bind to LDAP server (as user "%s").', $user)); | pht('Failed to bind to LDAP server (as user "%s").', $user)); | ||||
Context not available. | |||||
* @return bool True if the adapter should perform binds without identity. | * @return bool True if the adapter should perform binds without identity. | ||||
*/ | */ | ||||
private function shouldBindWithoutIdentity() { | private function shouldBindWithoutIdentity() { | ||||
return $this->alwaysSearch || strlen($this->anonymousUsername); | return $this->alwaysSearch || @strlen($this->anonymousUsername); | ||||
} | } | ||||
} | } | ||||
Context not available. |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0