current/SOURCES/zabbix-2.0.4-CVE-2013-1364.diff

Index: frontends/php/authentication.php
===================================================================
--- frontends/php/authentication.php    (revision 32376)
+++ frontends/php/authentication.php    (revision 32393)
@@ -101,12 +101,11 @@
                        $config['authentication_type'] = $_REQUEST['config'];
 
                        // check login/password
-                       $login = API::User()->ldapLogin(array(
-                               'user' => get_request('user', $USER_DETAILS['alias']),
-                               'password' => get_request('user_password', ''),
-                               'cnf' => $ldap_cnf
-                       ));
+                       $ldap = new CLdap($ldap_cnf);
+                       $ldap->connect();
+                       $login = $ldap->checkPass(get_request('user', $USER_DETAILS['alias']), get_request('user_password', ''));
                        if (!$login) {
+                               error(_('Login name or password is incorrect'));
                                throw new Exception();
                        }
 
@@ -129,12 +128,13 @@
        }
        elseif (isset($_REQUEST['test'])) {
                // check login/password
-               $result = API::User()->ldapLogin(array(
-                       'user' => get_request('user', $USER_DETAILS['alias']),
-                       'password' => get_request('user_password', ''),
-                       'cnf' => $ldap_cnf
-               ));
+               $ldap = new CLdap($ldap_cnf);
+               $ldap->connect();
+               $result = $ldap->checkPass(get_request('user', $USER_DETAILS['alias']), get_request('user_password', ''));
 
+               if (!$result)
+                       error(_('Login name or password is incorrect'));{
+               }
                show_messages($result, _('LDAP login successful'), _('LDAP login was not successful'));
        }
 }
Index: frontends/php/api/classes/CUser.php
===================================================================
--- frontends/php/api/classes/CUser.php (revision 32376)
+++ frontends/php/api/classes/CUser.php (revision 32393)
@@ -822,15 +822,12 @@
        // ******************************************************************************
        // LOGIN Methods
        // ******************************************************************************
-       public function ldapLogin($user) {
-               $cnf = isset($user['cnf']) ? $user['cnf'] : null;
-
-               if (is_null($cnf)) {
-                       $config = select_config();
-                       foreach ($config as $id => $value) {
-                               if (zbx_strpos($id, 'ldap_') !== false) {
-                                       $cnf[str_replace('ldap_', '', $id)] = $config[$id];
-                               }
+       protected function ldapLogin($user) {
+               $config = select_config();
+               $cnf = array();
+               foreach ($config as $id => $value) {
+                       if (zbx_strpos($id, 'ldap_') !== false) {
+                               $cnf[str_replace('ldap_', '', $id)] = $config[$id];
                        }
                }
 
1	Index: frontends/php/authentication.php
2	===================================================================
3	--- frontends/php/authentication.php (revision 32376)
4	+++ frontends/php/authentication.php (revision 32393)
5	@@ -101,12 +101,11 @@
6	$config['authentication_type'] = $_REQUEST['config'];
7
8	// check login/password
9	- $login = API::User()->ldapLogin(array(
10	- 'user' => get_request('user', $USER_DETAILS['alias']),
11	- 'password' => get_request('user_password', ''),
12	- 'cnf' => $ldap_cnf
13	- ));
14	+ $ldap = new CLdap($ldap_cnf);
15	+ $ldap->connect();
16	+ $login = $ldap->checkPass(get_request('user', $USER_DETAILS['alias']), get_request('user_password', ''));
17	if (!$login) {
18	+ error(_('Login name or password is incorrect'));
19	throw new Exception();
20	}
21
22	@@ -129,12 +128,13 @@
23	}
24	elseif (isset($_REQUEST['test'])) {
25	// check login/password
26	- $result = API::User()->ldapLogin(array(
27	- 'user' => get_request('user', $USER_DETAILS['alias']),
28	- 'password' => get_request('user_password', ''),
29	- 'cnf' => $ldap_cnf
30	- ));
31	+ $ldap = new CLdap($ldap_cnf);
32	+ $ldap->connect();
33	+ $result = $ldap->checkPass(get_request('user', $USER_DETAILS['alias']), get_request('user_password', ''));
34
35	+ if (!$result)
36	+ error(_('Login name or password is incorrect'));{
37	+ }
38	show_messages($result, _('LDAP login successful'), _('LDAP login was not successful'));
39	}
40	}
41	Index: frontends/php/api/classes/CUser.php
42	===================================================================
43	--- frontends/php/api/classes/CUser.php (revision 32376)
44	+++ frontends/php/api/classes/CUser.php (revision 32393)
45	@@ -822,15 +822,12 @@
46	// ******************************************************************************
47	// LOGIN Methods
48	// ******************************************************************************
49	- public function ldapLogin($user) {
50	- $cnf = isset($user['cnf']) ? $user['cnf'] : null;
51	-
52	- if (is_null($cnf)) {
53	- $config = select_config();
54	- foreach ($config as $id => $value) {
55	- if (zbx_strpos($id, 'ldap_') !== false) {
56	- $cnf[str_replace('ldap_', '', $id)] = $config[$id];
57	- }
58	+ protected function ldapLogin($user) {
59	+ $config = select_config();
60	+ $cnf = array();
61	+ foreach ($config as $id => $value) {
62	+ if (zbx_strpos($id, 'ldap_') !== false) {
63	+ $cnf[str_replace('ldap_', '', $id)] = $config[$id];
64	}
65	}
66