Author: jfthomps
Date: Mon Apr 12 14:07:14 2010
New Revision: 933243

URL: http://svn.apache.org/viewvc?rev=933243&view=rev
Log:
VCL-250

After correcting this issue, I discovered that passing an affiliation not in 
the affiliation table would cause a query error.  testGeneralAffiliation in 
authentication.php had to be modified to correct this, resulting in getUserInfo 
and getAffilidAndLogin in utils.php needing to be modified, and anything that 
calls either of those functions.

shibauth.php: modified updateShibUser - check for return status of 
getAffilidAndLogin, if -1, return NULL

utils.php:
-modified checkAccess - uncommented check to see if $authtype is empty after 
trying to match the user's affiliation
-modified validateUserid - return 0 if return status of getAffilidAndLogin is -1
-modified getAffilidAndLogin - pass along return status of test function if it 
is non-zero
-modified addOwnedResourceGroups - return without modifying anything if 
getUserInfo returns NULL
-modified getUserInfo - return NULL if getAffilidAndLogin returns -1

privileges.php: modified checkUserHasPriv - return 0 if getUserInfo returns -1

authentication.php: modified testGeneralAffiliation - if getAffiliationID 
returns NULL, return -1

Modified:
    incubator/vcl/trunk/web/.ht-inc/authentication.php
    incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php
    incubator/vcl/trunk/web/.ht-inc/privileges.php
    incubator/vcl/trunk/web/.ht-inc/utils.php

Modified: incubator/vcl/trunk/web/.ht-inc/authentication.php
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/authentication.php?rev=933243&r1=933242&r2=933243&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/authentication.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/authentication.php Mon Apr 12 14:07:14 2010
@@ -654,7 +654,8 @@ function checkExpiredDemoUser($userid, $
 /// \param $login - (pass by ref) a login id with affiliation
 /// \param $affilid - (pass by ref) gets overwritten
 ///
-/// \return - 1 if successfully found affiliation id, 0 if failed 
+/// \return - 1 if successfully found known affiliation id in $login, 0 if
+/// failed, -1 if found an unknown affilation in $login
 ///
 /// \brief changes $login to be without affiliation and sticks the associated
 /// affiliation id in $affilid
@@ -664,6 +665,8 @@ function testGeneralAffiliation(&$login,
        if(preg_match('/^([...@]+)@([...@\.]*)$/', $login, $matches)) {
                $login = $matches[1];
                $affilid = getAffiliationID($matches[2]);
+               if(is_null($affilid))
+                       return -1;
                return 1;
        }
        return 0;

Modified: incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php?rev=933243&r1=933242&r2=933243&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php Mon Apr 12 
14:07:14 2010
@@ -40,7 +40,9 @@
 
////////////////////////////////////////////////////////////////////////////////
 function updateShibUser($userid) {
        global $mysql_link_vcl;
-       getAffilidAndLogin($userid, $affilid);
+       $rc = getAffilidAndLogin($userid, $affilid);
+       if($rc == -1)
+               return NULL;
 
        if(array_key_exists('displayName', $_SERVER) &&
           ! empty($_SERVER['displayName'])) {

Modified: incubator/vcl/trunk/web/.ht-inc/privileges.php
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/privileges.php?rev=933243&r1=933242&r2=933243&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/privileges.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/privileges.php Mon Apr 12 14:07:14 2010
@@ -2583,8 +2583,11 @@ function checkUserHasPriv($priv, $uid, $
        $key = getKey(array($priv, $uid, $node, $privs, $cascadePrivs));
        if(array_key_exists($key, $_SESSION['userhaspriv']))
                return $_SESSION['userhaspriv'][$key];
-       if($user["id"] != $uid)
+       if($user["id"] != $uid) {
                $_user = getUserInfo($uid);
+               if(is_null($user))
+                       return 0;
+       }
        else
                $_user = $user;
        $affilUserid = "{$_user['unityid']...@{$_user['affiliation']}";

Modified: incubator/vcl/trunk/web/.ht-inc/utils.php
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/utils.php?rev=933243&r1=933242&r2=933243&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/utils.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/utils.php Mon Apr 12 14:07:14 2010
@@ -364,11 +364,11 @@ function checkAccess() {
                                        break;
                                }
                        }
-                       /*if(empty($authtype)) {
+                       if(empty($authtype)) {
                                print "No authentication mechanism found for 
passed in X-User";
                                dbDisconnect();
                                exit;
-                       }*/
+                       }
                        if($authMechs[$authtype]['type'] == 'ldap') {
                                $ds = 
ldap_connect("ldaps://{$authMechs[$authtype]['server']}/");
                                if(! $ds) {
@@ -792,7 +792,9 @@ function validateUserid($loginid) {
        if(empty($loginid))
                return 0;
        
-       getAffilidAndLogin($loginid, $affilid);
+       $rc = getAffilidAndLogin($loginid, $affilid);
+       if($rc == -1)
+               return 0;
 
        if(empty($affilid))
                return 0;
@@ -826,7 +828,9 @@ function validateUserid($loginid) {
 /// \param $login - login for user, may include \...@affiliation
 /// \param $affilid - variable in which to stick the affiliation id
 ///
-/// \return 1 if $affilid set by a registered function, 0 if set to default
+/// \return 1 if $affilid set by a registered function, 0 if set to default,
+/// -1 if @affiliation was part of $login but did not contain a known
+/// affiliation
 ///
 /// \brief tries registered affiliation lookup functions to determine the
 /// affiliation id of the user; if it finds it, sticks the affiliationid in
@@ -836,8 +840,9 @@ function validateUserid($loginid) {
 function getAffilidAndLogin(&$login, &$affilid) {
        global $findAffilFuncs;
        foreach($findAffilFuncs as $func) {
-               if($func($login, $affilid))
-                       return 1;
+               $rc = $func($login, $affilid);
+               if($rc)
+                       return $rc;
        }
        $affilid = DEFAULT_AFFILID;
        return 0;
@@ -1672,7 +1677,8 @@ function addOwnedResources(&$resources, 
 ///
 
////////////////////////////////////////////////////////////////////////////////
 function addOwnedResourceGroups(&$resourcegroups, $userid) {
-       $user = getUserInfo($userid, 1);
+       if(! $user = getUserInfo($userid, 1))
+               return;
        $userid = $user["id"];
        $groupids = implode(',', array_keys($user["groups"]));
        if(empty($groupids))
@@ -2795,13 +2801,17 @@ function processInputData($data, $type, 
 ///
 /// \brief gets the user's information from the db and puts it into an array;
 /// if the user is not in the db, query ldap and add them; if the user changed
-/// their name and unity id; fix information in db based on numeric unity id
+/// their name and unity id; fix information in db based on numeric unity id;
+/// returns NULL if could not get information about the user
 ///
 
////////////////////////////////////////////////////////////////////////////////
 function getUserInfo($id, $noupdate=0) {
        $affilid = DEFAULT_AFFILID;
-       if(! is_numeric($id))
-               getAffilidAndLogin($id, $affilid);
+       if(! is_numeric($id)) {
+               $rc = getAffilidAndLogin($id, $affilid);
+               if($rc == -1)
+                       return NULL;
+       }
 
        $user = array();
        $query = "SELECT u.unityid AS unityid, "


Reply via email to