diff options
author | Matthew Marlowe <mattm@gentoo.org> | 2013-01-18 18:52:08 +0000 |
---|---|---|
committer | Matthew Marlowe <mattm@gentoo.org> | 2013-01-18 18:52:08 +0000 |
commit | 2520b1455adc1f72c896f9b03a5e323959c97fa0 (patch) | |
tree | 331538b5fe12c935676ceee0c12c349950ba3848 /net-analyzer/zabbix/files | |
parent | initial import (diff) | |
download | historical-2520b1455adc1f72c896f9b03a5e323959c97fa0.tar.gz historical-2520b1455adc1f72c896f9b03a5e323959c97fa0.tar.bz2 historical-2520b1455adc1f72c896f9b03a5e323959c97fa0.zip |
Fix for CVE-2013-1364, and upstream bug #ZBX-6097. Bumps 1.8.16 and 2.0.4-r1.
Package-Manager: portage-2.1.11.31/cvs/Linux x86_64
Manifest-Sign-Key: 0x786037A7
Diffstat (limited to 'net-analyzer/zabbix/files')
-rw-r--r-- | net-analyzer/zabbix/files/2.0/patches/zbx6097.patch | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/net-analyzer/zabbix/files/2.0/patches/zbx6097.patch b/net-analyzer/zabbix/files/2.0/patches/zbx6097.patch new file mode 100644 index 000000000000..65d92a873f8e --- /dev/null +++ b/net-analyzer/zabbix/files/2.0/patches/zbx6097.patch @@ -0,0 +1,66 @@ +Index: frontends/php/authentication.php +=================================================================== +--- frontends/php/authentication.php (revision 32376) ++++ frontends/php/authentication.php (revision 32393) +@@ -101,12 +101,11 @@ + $config['authentication_type'] = $_REQUEST['config']; + + // check login/password +- $login = API::User()->ldapLogin(array( +- 'user' => get_request('user', $USER_DETAILS['alias']), +- 'password' => get_request('user_password', ''), +- 'cnf' => $ldap_cnf +- )); ++ $ldap = new CLdap($ldap_cnf); ++ $ldap->connect(); ++ $login = $ldap->checkPass(get_request('user', $USER_DETAILS['alias']), get_request('user_password', '')); + if (!$login) { ++ error(_('Login name or password is incorrect')); + throw new Exception(); + } + +@@ -129,12 +128,13 @@ + } + elseif (isset($_REQUEST['test'])) { + // check login/password +- $result = API::User()->ldapLogin(array( +- 'user' => get_request('user', $USER_DETAILS['alias']), +- 'password' => get_request('user_password', ''), +- 'cnf' => $ldap_cnf +- )); ++ $ldap = new CLdap($ldap_cnf); ++ $ldap->connect(); ++ $result = $ldap->checkPass(get_request('user', $USER_DETAILS['alias']), get_request('user_password', '')); + ++ if (!$result) ++ error(_('Login name or password is incorrect'));{ ++ } + show_messages($result, _('LDAP login successful'), _('LDAP login was not successful')); + } + } +Index: frontends/php/api/classes/CUser.php +=================================================================== +--- frontends/php/api/classes/CUser.php (revision 32376) ++++ frontends/php/api/classes/CUser.php (revision 32393) +@@ -822,15 +822,12 @@ + // ****************************************************************************** + // LOGIN Methods + // ****************************************************************************** +- public function ldapLogin($user) { +- $cnf = isset($user['cnf']) ? $user['cnf'] : null; +- +- if (is_null($cnf)) { +- $config = select_config(); +- foreach ($config as $id => $value) { +- if (zbx_strpos($id, 'ldap_') !== false) { +- $cnf[str_replace('ldap_', '', $id)] = $config[$id]; +- } ++ protected function ldapLogin($user) { ++ $config = select_config(); ++ $cnf = array(); ++ foreach ($config as $id => $value) { ++ if (zbx_strpos($id, 'ldap_') !== false) { ++ $cnf[str_replace('ldap_', '', $id)] = $config[$id]; + } + } + |