From 8c72e0d03d1f7f1c1cebcc43e4f185ec1924c8c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.bernigaud@opensides.be>
Date: Wed, 2 Mar 2016 13:07:44 +0100
Subject: [PATCH] =?UTF-8?q?Fixes=20#4562=20Added=20support=20for=20HTTP?=
=?UTF-8?q?=C2=A0authentication?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
contrib/openldap/core-fd-conf.schema | 7 +++++
html/index.php | 45 +++++++++++++++++++++++++--
plugins/config/class_configInLdap.inc | 14 +++++++++
3 files changed, 64 insertions(+), 2 deletions(-)
diff --git a/contrib/openldap/core-fd-conf.schema b/contrib/openldap/core-fd-conf.schema
index 2b6939272..6e9ac07ee 100644
--- a/contrib/openldap/core-fd-conf.schema
+++ b/contrib/openldap/core-fd-conf.schema
@@ -295,6 +295,12 @@ attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
+attributetype ( 1.3.6.1.4.1.38414.8.15.6 NAME 'fdHttpAuthActivated'
+ DESC 'FusionDirectory - HTTP Auth activation'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
# Debugging
attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors'
@@ -569,6 +575,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
fdPrimaryGroupFilter $ fdListSummary $
fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $
fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $
+ fdHttpAuthActivated $
fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $
fdEnableSnapshots $ fdSnapshotBase $
fdTabHook $ fdShells $ fdDisplayHookOutput $
diff --git a/html/index.php b/html/index.php
index 041631070..e5db9d2c7 100644
--- a/html/index.php
+++ b/html/index.php
@@ -192,7 +192,7 @@ if (isset($_POST['server'])) {
}
$config->set_current($server);
-if ($config->get_cfg_value('casActivated') == 'TRUE') {
+if (($config->get_cfg_value('casActivated') == 'TRUE') || ($config->get_cfg_value('httpAuthActivated') == 'TRUE')) {
session::global_set('DEBUGLEVEL', 0);
}
@@ -351,6 +351,15 @@ class Index {
exit;
}
+ /* Return HTTP authentication header */
+ static function authenticateHeader($message = 'Authentication required')
+ {
+ header('WWW-Authenticate: Basic realm="FusionDirectory"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo "$message\n";
+ exit;
+ }
+
/* Run each step in $steps, stop on errors */
static function runSteps($steps)
{
@@ -393,6 +402,36 @@ class Index {
}
}
+ /* All login steps in the right order for HTTP auth login */
+ static function authLoginProcess()
+ {
+ global $config, $message, $ui;
+
+ self::init();
+
+ if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ self::authenticateHeader();
+ }
+
+ self::$username = $_SERVER['PHP_AUTH_USER'];
+ self::$password = $_SERVER['PHP_AUTH_PW'];
+
+ $success = self::runSteps(array(
+ 'validateUserInput',
+ 'ldapLoginUser',
+ 'loginAndCheckExpired',
+ 'runSchemaCheck',
+ 'checkForLockingBranch',
+ ));
+
+ if ($success) {
+ /* Everything went well, redirect to main.php */
+ self::redirect();
+ } else {
+ self::authenticateHeader($message);
+ }
+ }
+
/* All login steps in the right order for CAS login */
static function casLoginProcess()
{
@@ -466,7 +505,9 @@ class Index {
}
}
-if ($config->get_cfg_value('casActivated') == 'TRUE') {
+if ($config->get_cfg_value('httpAuthActivated') == 'TRUE') {
+ Index::authLoginProcess();
+} elseif ($config->get_cfg_value('casActivated') == 'TRUE') {
require_once('CAS.php');
/* Move CASĂ‚ autoload before FD autoload */
spl_autoload_unregister('CAS_autoload');
diff --git a/plugins/config/class_configInLdap.inc b/plugins/config/class_configInLdap.inc
index f46e1c880..c1c931b8b 100644
--- a/plugins/config/class_configInLdap.inc
+++ b/plugins/config/class_configInLdap.inc
@@ -208,6 +208,11 @@ class configInLdap extends simplePlugin
'fdSessionLifeTime', TRUE,
0 /*min*/, FALSE /*no max*/, 1800
),
+ new BooleanAttribute (
+ _('HTTP authentication'), _('Use HTTPĂ‚ authentication protocol instead of the login form.'),
+ 'fdHttpAuthActivated', FALSE,
+ FALSE
+ ),
)
),
'snapshots' => array(
@@ -475,6 +480,15 @@ class configInLdap extends simplePlugin
$this->fusionConfigMd5 = md5_file(CACHE_DIR."/".CLASS_CACHE);
+ $this->attributesAccess['fdHttpAuthActivated']->setManagedAttributes(
+ array(
+ 'erase' => array (
+ TRUE => array (
+ 'fdCasActivated',
+ )
+ )
+ )
+ );
$this->attributesAccess['fdEnableSnapshots']->setManagedAttributes(
array(
'disable' => array (
--
GitLab