Added isCaseSensitive() to auth backends FS#1657

Ignore-this: 3591e5a36126c72bd9b931e4aa832da8 darcs-hash:20091115141725-7ad00-7c2fc662d1999731660673d05299c4f357b797b3.gz
timroes · Nov 15, 2009 · e259aa7 · e259aa7
1 parent 7917b6f
commit e259aa7
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 8 deletions.
diff --git a/inc/auth.php b/inc/auth.php
@@ -357,15 +357,25 @@ function auth_ismanager($user=null,$groups=null,$adminonly=false){
     // prepare an array containing only true values for array_map call
     $alltrue = array_fill(0, count($superusers), true);
     $superusers = array_map('auth_nameencode', $superusers, $alltrue);
+
+    // case insensitive?
+    if(!$auth->isCaseSensitive()){
+        $superusers = array_map('utf8_strtolower',$superusers);
+        $user       = utf8_strtolower($user);
+    }
+
+    // check user match
     if(in_array($user, $superusers)) return true;
 
+    // check managers
     if(!$adminonly){
         $managers = explode(',', $conf['manager']);
         $managers = array_unique($managers);
         $managers = array_map('trim', $managers);
         // prepare an array containing only true values for array_map call
         $alltrue = array_fill(0, count($managers), true);
         $managers = array_map('auth_nameencode', $managers, $alltrue);
+        if(!$auth->isCaseSensitive()) $managers = array_map('utf8_strtolower',$managers);
         if(in_array($user, $managers)) return true;
     }
 
@@ -376,6 +386,9 @@ function auth_ismanager($user=null,$groups=null,$adminonly=false){
         $cnt = count($groups);
         for($i=0; $i<$cnt; $i++){
             $groups[$i] = '@'.auth_nameencode($groups[$i]);
+            if(!$auth->isCaseSensitive()){
+                $groups[$i] = utf8_strtolower($groups[$i]);
+            }
         }
 
         // check groups against superuser and manager
@@ -447,6 +460,8 @@ function auth_aclcheck($id,$user,$groups){
     //if user is superuser or in superusergroup return 255 (acl_admin)
     if(auth_isadmin($user,$groups)) { return AUTH_ADMIN; }
 
+    $ci = '';
+    if(!$auth->isCaseSensitive()) $ci = 'ui';
 
     $user = $auth->cleanUser($user);
     $groups = array_map(array($auth,'cleanGroup'),(array)$groups);
@@ -473,7 +488,7 @@ function auth_aclcheck($id,$user,$groups){
     }
 
     //check exact match first
-    $matches = preg_grep('/^'.preg_quote($id,'/').'\s+('.$regexp.')\s+/',$AUTH_ACL);
+    $matches = preg_grep('/^'.preg_quote($id,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL);
     if(count($matches)){
         foreach($matches as $match){
             $match = preg_replace('/#.*$/','',$match); //ignore comments
@@ -497,7 +512,7 @@ function auth_aclcheck($id,$user,$groups){
     }
 
     do{
-        $matches = preg_grep('/^'.$path.'\s+('.$regexp.')\s+/',$AUTH_ACL);
+        $matches = preg_grep('/^'.$path.'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL);
         if(count($matches)){
             foreach($matches as $match){
                 $match = preg_replace('/#.*$/','',$match); //ignore comments

diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php
@@ -177,6 +177,13 @@ function cleanUser($name) {
         return $this->cleanGroup($name);
     }
 
+    /**
+     * Most values in LDAP are case-insensitive
+     */
+    function isCaseSensitive(){
+        return false;
+    }
+
     /**
      * Initialize the AdLDAP library and connect to the server
      */

diff --git a/inc/auth/basic.class.php b/inc/auth/basic.class.php
@@ -322,16 +322,24 @@ function retrieveGroups($start=0,$limit=0) {
     return array();
   }
 
+  /**
+   * Return case sensitivity of the backend [OPTIONAL]
+   *
+   * When your backend is caseinsensitive (eg. you can login with USER and
+   * user) then you need to overwrite this method and return false
+   */
+  function isCaseSensitive(){
+    return true;
+  }
+
   /**
    * Sanitize a given username [OPTIONAL]
    *
    * This function is applied to any user name that is given to
    * the backend and should also be applied to any user name within
    * the backend before returning it somewhere.
    *
-   * This should be used to enforce username restrictions. Eg. when
-   * the backend is case insensitive all usernames should be lowercased
-   * here.
+   * This should be used to enforce username restrictions.
    *
    * @author Andreas Gohr <andi@splitbrain.org>
    * @param string $user - username
@@ -348,9 +356,7 @@ function cleanUser($user){
    * the backend and should also be applied to any groupname within
    * the backend before returning it somewhere.
    *
-   * This should be used to enforce groupname restrictions. Eg. when
-   * the backend is case insensitive all groupames should be lowercased
-   * here.
+   * This should be used to enforce groupname restrictions.
    *
    * Groupnames are to be passed without a leading '@' here.
    *

diff --git a/inc/auth/ldap.class.php b/inc/auth/ldap.class.php
@@ -247,6 +247,13 @@ function getUserData($user,$inbind=false) {
         return $info;
     }
 
+    /**
+     * Most values in LDAP are case-insensitive
+     */
+    function isCaseSensitive(){
+        return false;
+    }
+
     /**
      * Make LDAP filter strings.
      *

diff --git a/inc/auth/mysql.class.php b/inc/auth/mysql.class.php
@@ -400,6 +400,13 @@ function leaveGroup($user, $group) {
       return $rc;
     }
 
+    /**
+     * MySQL is case-insensitive
+     */
+    function isCaseSensitive(){
+        return false;
+    }
+
     /**
      * Adds a user to a group.
      *