From 9ef078c5f49bd2be70f9601910d9b23521a6d3cb Mon Sep 17 00:00:00 2001 From: SJ Date: Wed, 17 Oct 2012 13:11:08 +0200 Subject: [PATCH] added single sign-on support --- webui/.htaccess | 11 ++++++++ webui/controller/login/sso.php | 35 +++++++++++++++++++++++++ webui/model/user/auth.php | 28 ++++++++++++++++++++ webui/sso.php | 47 ++++++++++++++++++++++++++++++++++ 4 files changed, 121 insertions(+) create mode 100644 webui/controller/login/sso.php create mode 100644 webui/sso.php diff --git a/webui/.htaccess b/webui/.htaccess index 7970eeef..934620c0 100644 --- a/webui/.htaccess +++ b/webui/.htaccess @@ -14,3 +14,14 @@ RewriteRule ^login.php /index.php?route=login/login [L] RewriteRule ^logout.php /index.php?route=login/logout [L] RewriteRule ^google.php /index.php?route=login/google [QSA,L] + + + AuthName "piler NTLM authentication" + NTLMAuth on + NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" + NTLMBasicAuthoritative on + AuthType NTLM + require valid-user + + + diff --git a/webui/controller/login/sso.php b/webui/controller/login/sso.php new file mode 100644 index 00000000..3ec1dba9 --- /dev/null +++ b/webui/controller/login/sso.php @@ -0,0 +1,35 @@ +id = "content"; + $this->template = "login/login.tpl"; + $this->layout = "common/layout"; + + + $request = Registry::get('request'); + + $db = Registry::get('db'); + + $this->load->model('user/auth'); + $this->load->model('user/user'); + $this->load->model('user/prefs'); + $this->load->model('folder/folder'); + + $this->document->title = $this->data['text_login']; + + if($this->model_user_auth->check_ntlm_auth() == 1) { + header("Location: " . SITE_URL . "search.php"); + exit; + } + + die("permission denied"); + } + +} + +?> diff --git a/webui/model/user/auth.php b/webui/model/user/auth.php index ead707c2..180fabe0 100644 --- a/webui/model/user/auth.php +++ b/webui/model/user/auth.php @@ -69,6 +69,34 @@ class ModelUserAuth extends Model { } + public function check_ntlm_auth() { + if(!isset($_SERVER['REMOTE_USER'])) { return 0; } + + $u = explode("\\", $_SERVER['REMOTE_USER']); + + if(!isset($u[1])) { return 0; } + + $query = $this->db->query("SELECT " . TABLE_USER . ".username, " . TABLE_USER . ".uid, " . TABLE_USER . ".realname, " . TABLE_USER . ".dn, " . TABLE_USER . ".isadmin, " . TABLE_USER . ".domain FROM " . TABLE_USER . " WHERE " . TABLE_USER . ".samaccountname=?", array($u[1])); + + if($query->num_rows == 1) { + $_SESSION['username'] = $query->row['username']; + $_SESSION['uid'] = $query->row['uid']; + $_SESSION['admin_user'] = $query->row['isadmin']; + $_SESSION['email'] = $username; + $_SESSION['domain'] = $query->row['domain']; + $_SESSION['realname'] = $query->row['realname']; + + $_SESSION['emails'] = $this->model_user_user->get_users_all_email_addresses($query->row['uid']); + $_SESSION['folders'] = $this->model_folder_folder->get_all_folder_ids($query->row['uid']); + $_SESSION['extra_folders'] = $this->model_folder_folder->get_all_extra_folder_ids($query->row['uid']); + + return 1; + } + + return 0; + } + + public function change_password($username = '', $password = '') { if($username == "" || $password == ""){ return 0; } diff --git a/webui/sso.php b/webui/sso.php new file mode 100644 index 00000000..71e16f87 --- /dev/null +++ b/webui/sso.php @@ -0,0 +1,47 @@ +dispatch($action, new Router('common/not_found')); + + +?>