From 0cbcc8efc11782858aa2e88ee70213d7c9016d3f Mon Sep 17 00:00:00 2001
From: martinlanghoff <martinlanghoff>
Date: Mon, 19 Nov 2007 02:43:48 +0000
Subject: [PATCH] user_login() was not converted to using get_cache_flags().
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

It was still using the 'old' get_config() interface, so the 'cookie'
set by ntlmsso_finish() wasn't retrieved at all, and the automatic
login always failed.

Signed-off-by: IÃ±aki Arenaza <iarenuno@eteo.mondragon.edu>


Author: IÃ±aki Arenaza <iarenuno@eteo.mondragon.edu>
Committer: Martin Langhoff <martin@catalyst.net.nz>
---
 auth/ldap/auth.php | 51 +++++++++++++++++++++-------------------------
 1 file changed, 23 insertions(+), 28 deletions(-)
diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index a153245675..f129734ad5 100644
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -95,42 +95,37 @@ class auth_plugin_ldap extends auth_plugin_base {
         //
         $key = sesskey();
         if (!empty($this->config->ntlmsso_enabled) && $key === $password) {
-            if ($cookie   = get_config('auth/ldap/ntlmsess', $key)) {
-                // These checks match the work done
-                if (preg_match('/^(\d+):(.+)$/',$cookie,$matches)) {
-                    // $matches[0] is the whole matched string...
-                    $time         = $matches[1];
-                    $sessusername = $matches[2];
-                    if (((time() - ((int)$time)) < AUTH_NTLMTIMEOUT)
-                        && $sessusername === $username) {
-
-                        unset($cookie);
-                        unset($time);
-                        unset($sessusername);
-
-                        // Check that the user is inside one of the configured LDAP contexts
-                        $validuser = false;
-                        $ldapconnection = $this->ldap_connect();
-                        if ($ldapconnection) {
-                            // if the user is not inside the configured contexts,
-                            // ldap_find_userdn returns false.
-                            if ($this->ldap_find_userdn($ldapconnection, $extusername)) {
-                                $validuser = true;
-                            }
-                            ldap_close($ldapconnection);
-                        }
+            $cf = get_cache_flags('auth/ldap/ntlmsess');
+            // We only get the cache flag if we retrieve it before
+            // it expires (AUTH_NTLMTIMEOUT seconds).
+            if (!isset($cf[$key]) || $cf[$key] === '') {
+                return false;
+            }
 
-                        // Shortcut here - SSO confirmed
-                        return $validuser;
+            $sessusername = $cf[$key];
+            if ($username === $sessusername) {
+                unset($sessusername);
+                unset($cf);
+
+                // Check that the user is inside one of the configured LDAP contexts
+                $validuser = false;
+                $ldapconnection = $this->ldap_connect();
+                if ($ldapconnection) {
+                    // if the user is not inside the configured contexts,
+                    // ldap_find_userdn returns false.
+                    if ($this->ldap_find_userdn($ldapconnection, $extusername)) {
+                        $validuser = true;
                     }
+                    ldap_close($ldapconnection);
                 }
+
+                // Shortcut here - SSO confirmed
+                return $validuser;
             }
         } // End SSO processing
         unset($key);
 
-
         $ldapconnection = $this->ldap_connect();
-
         if ($ldapconnection) {
             $ldap_user_dn = $this->ldap_find_userdn($ldapconnection, $extusername);
 
-- 
2.39.5

