added single sign-on support

This commit is contained in:
SJ 2012-10-17 13:11:08 +02:00
parent 02f1dac543
commit 9ef078c5f4
4 changed files with 121 additions and 0 deletions

View File

@ -14,3 +14,14 @@ RewriteRule ^login.php /index.php?route=login/login [L]
RewriteRule ^logout.php /index.php?route=login/logout [L] RewriteRule ^logout.php /index.php?route=login/logout [L]
RewriteRule ^google.php /index.php?route=login/google [QSA,L] RewriteRule ^google.php /index.php?route=login/google [QSA,L]
<IfModule auth_ntlm_winbind_module>
<FilesMatch "sso\.php$">
AuthName "piler NTLM authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</FilesMatch>
</IfModule>

View File

@ -0,0 +1,35 @@
<?php
class ControllerLoginSSO extends Controller {
private $error = array();
public function index(){
$this->id = "content";
$this->template = "login/login.tpl";
$this->layout = "common/layout";
$request = Registry::get('request');
$db = Registry::get('db');
$this->load->model('user/auth');
$this->load->model('user/user');
$this->load->model('user/prefs');
$this->load->model('folder/folder');
$this->document->title = $this->data['text_login'];
if($this->model_user_auth->check_ntlm_auth() == 1) {
header("Location: " . SITE_URL . "search.php");
exit;
}
die("permission denied");
}
}
?>

View File

@ -69,6 +69,34 @@ class ModelUserAuth extends Model {
} }
public function check_ntlm_auth() {
if(!isset($_SERVER['REMOTE_USER'])) { return 0; }
$u = explode("\\", $_SERVER['REMOTE_USER']);
if(!isset($u[1])) { return 0; }
$query = $this->db->query("SELECT " . TABLE_USER . ".username, " . TABLE_USER . ".uid, " . TABLE_USER . ".realname, " . TABLE_USER . ".dn, " . TABLE_USER . ".isadmin, " . TABLE_USER . ".domain FROM " . TABLE_USER . " WHERE " . TABLE_USER . ".samaccountname=?", array($u[1]));
if($query->num_rows == 1) {
$_SESSION['username'] = $query->row['username'];
$_SESSION['uid'] = $query->row['uid'];
$_SESSION['admin_user'] = $query->row['isadmin'];
$_SESSION['email'] = $username;
$_SESSION['domain'] = $query->row['domain'];
$_SESSION['realname'] = $query->row['realname'];
$_SESSION['emails'] = $this->model_user_user->get_users_all_email_addresses($query->row['uid']);
$_SESSION['folders'] = $this->model_folder_folder->get_all_folder_ids($query->row['uid']);
$_SESSION['extra_folders'] = $this->model_folder_folder->get_all_extra_folder_ids($query->row['uid']);
return 1;
}
return 0;
}
public function change_password($username = '', $password = '') { public function change_password($username = '', $password = '') {
if($username == "" || $password == ""){ return 0; } if($username == "" || $password == ""){ return 0; }

47
webui/sso.php Normal file
View File

@ -0,0 +1,47 @@
<?php
function go_to_setup() {
Header("Location: setup/setup.php");
exit;
}
$stat = stat("config.php") or go_to_setup();
if($stat[7] < 15){ go_to_setup(); }
require_once("config.php");
require(DIR_SYSTEM . "/startup.php");
$request = new Request();
Registry::set("request", $request);
session_start();
Registry::set('document', new Document());
$loader = new Loader();
Registry::set('load', $loader);
$language = new Language();
Registry::set('language', $language);
$db = new DB(DB_DRIVER, DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE, DB_PREFIX);
Registry::set('DB_DATABASE', DB_DATABASE);
Registry::set('db', $db);
Registry::set('DB_DRIVER', DB_DRIVER);
$action = new Router('login/sso');
$controller = new Front();
$controller->dispatch($action, new Router('common/not_found'));
?>