Commit 425010f0 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

Fixes #4562 Added support for HTTP authentication

parent 18c2e90b
......@@ -295,6 +295,12 @@ attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.38414.8.15.6 NAME 'fdHttpAuthActivated'
DESC 'FusionDirectory - HTTP Auth activation'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# Debugging
attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors'
......@@ -569,6 +575,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
fdPrimaryGroupFilter $ fdListSummary $
fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $
fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $
fdHttpAuthActivated $
fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $
fdEnableSnapshots $ fdSnapshotBase $
fdTabHook $ fdShells $ fdDisplayHookOutput $
......
......@@ -192,7 +192,7 @@ if (isset($_POST['server'])) {
}
$config->set_current($server);
if ($config->get_cfg_value('casActivated') == 'TRUE') {
if (($config->get_cfg_value('casActivated') == 'TRUE') || ($config->get_cfg_value('httpAuthActivated') == 'TRUE')) {
session::global_set('DEBUGLEVEL', 0);
}
......@@ -351,6 +351,15 @@ class Index {
exit;
}
/* Return HTTP authentication header */
static function authenticateHeader($message = 'Authentication required')
{
header('WWW-Authenticate: Basic realm="FusionDirectory"');
header('HTTP/1.0 401 Unauthorized');
echo "$message\n";
exit;
}
/* Run each step in $steps, stop on errors */
static function runSteps($steps)
{
......@@ -393,6 +402,36 @@ class Index {
}
}
/* All login steps in the right order for HTTP auth login */
static function authLoginProcess()
{
global $config, $message, $ui;
self::init();
if (!isset($_SERVER['PHP_AUTH_USER'])) {
self::authenticateHeader();
}
self::$username = $_SERVER['PHP_AUTH_USER'];
self::$password = $_SERVER['PHP_AUTH_PW'];
$success = self::runSteps(array(
'validateUserInput',
'ldapLoginUser',
'loginAndCheckExpired',
'runSchemaCheck',
'checkForLockingBranch',
));
if ($success) {
/* Everything went well, redirect to main.php */
self::redirect();
} else {
self::authenticateHeader($message);
}
}
/* All login steps in the right order for CAS login */
static function casLoginProcess()
{
......@@ -466,7 +505,9 @@ class Index {
}
}
if ($config->get_cfg_value('casActivated') == 'TRUE') {
if ($config->get_cfg_value('httpAuthActivated') == 'TRUE') {
Index::authLoginProcess();
} elseif ($config->get_cfg_value('casActivated') == 'TRUE') {
require_once('CAS.php');
/* Move CAS autoload before FD autoload */
spl_autoload_unregister('CAS_autoload');
......
......@@ -208,6 +208,11 @@ class configInLdap extends simplePlugin
'fdSessionLifeTime', TRUE,
0 /*min*/, FALSE /*no max*/, 1800
),
new BooleanAttribute (
_('HTTP authentication'), _('Use HTTP authentication protocol instead of the login form.'),
'fdHttpAuthActivated', FALSE,
FALSE
),
)
),
'snapshots' => array(
......@@ -475,6 +480,15 @@ class configInLdap extends simplePlugin
$this->fusionConfigMd5 = md5_file(CACHE_DIR."/".CLASS_CACHE);
$this->attributesAccess['fdHttpAuthActivated']->setManagedAttributes(
array(
'erase' => array (
TRUE => array (
'fdCasActivated',
)
)
)
);
$this->attributesAccess['fdEnableSnapshots']->setManagedAttributes(
array(
'disable' => array (
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment