From c1c5c3042315997b52e8caf518347fe2d990ce46 Mon Sep 17 00:00:00 2001
From: Janos SUTO <sj@acts.hu>
Date: Mon, 1 Jan 2018 10:39:22 +0100
Subject: [PATCH] gui: added check for user@domain sso format

Signed-off-by: Janos SUTO <sj@acts.hu>
---
 webui/model/user/auth.php | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/webui/model/user/auth.php b/webui/model/user/auth.php
index 9096a99f..b054e363 100644
--- a/webui/model/user/auth.php
+++ b/webui/model/user/auth.php
@@ -427,18 +427,30 @@ class ModelUserAuth extends Model {
    }
 
 
+   public function get_sso_user() {
+      if(!isset($_SERVER['REMOTE_USER']) || $_SERVER['REMOTE_USER'] == '') { return ''; }
+
+      // check if REMOTE_USER format is DOMAIN\user
+      $u = explode("\\", $_SERVER['REMOTE_USER']);
+      if(isset($u[1])) { return $u[1]; }
+
+      // or REMOTE_USER might be in the form of user@domain
+      $u = explode("@", $_SERVER['REMOTE_USER']);
+      if(isset($u[0])) { return $u[0]; }
+
+      return $_SERVER['REMOTE_USER'];
+   }
+
+
    public function check_ntlm_auth() {
       $ldap_auditor_member_dn = LDAP_AUDITOR_MEMBER_DN;
       $ldap_admin_member_dn = LDAP_ADMIN_MEMBER_DN;
 
       $role = 0;
 
-      if(!isset($_SERVER['REMOTE_USER']) || $_SERVER['REMOTE_USER'] == '') { return 0; }
+      $sso_user = $this->get_sso_user();
+      if($sso_user == '') { return 0; }
 
-      $u = explode("\\", $_SERVER['REMOTE_USER']);
-
-      if(isset($u[1])) { $sso_user = $u[1]; }
-      else { $sso_user = $_SERVER['REMOTE_USER']; }
 
       if(LOG_LEVEL >= NORMAL) { syslog(LOG_INFO, "sso login: $sso_user"); }