![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b11ac47)
raw | patch | inline | side by side (parent: b11ac47)
| author | cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Fri, 21 Dec 2007 17:27:25 +0000 (17:27 +0000) | ||
| committer | cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Fri, 21 Dec 2007 17:27:25 +0000 (17:27 +0000) |
* Updated authentication methods
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8167 594d385d-05f5-0310-b6e9-bd551577e9d8
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8167 594d385d-05f5-0310-b6e9-bd551577e9d8
index 92116e6e4f4d30dc5ed80be9576e245fbe550ae6..39f8b74f4ed16911ee4294d50cb71c694f6f4953 100644 (file)
--- a/gosa-core/html/index.php
+++ b/gosa-core/html/index.php
$htaccess_authenticated= FALSE;
if (isset($config->data['MAIN']['HTACCESS_AUTH']) && preg_match('/^(yes|true)$/i', $config->data['MAIN']['HTACCESS_AUTH'])){
if (!isset($_SERVER['REMOTE_USER'])){
- echo "GOsa error: "._("There is a problem with the authentication setup. Please inform your system administrator.");
- exit;
+ print_red(_("There is a problem with the authentication setup. Please inform your system administrator."));
+ display_error_page();
}
$tmp= process_htaccess($_SERVER['REMOTE_USER'], isset($_SERVER['KRB5CCNAME']));
$username= $tmp['username'];
$server= $tmp['server'];
if ($username == ""){
- echo "GOsa error: "._("Cannot find a valid user for the current authentication setup.");
- exit;
+ print_red(_("Cannot find a valid user for the current authentication setup."));
+ display_error_page();
}
if ($server == ""){
- echo "GOsa error: "._("User information is not uniq accross the configured directories. Cannot authenticated.");
- exit;
+ print_red(_("User information is not uniq accross the configured directories. Cannot authenticated."));
+ display_error_page();
}
$htaccess_authenticated= TRUE;
@@ -303,8 +303,8 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces
if ($htaccess_authenticated){
$ui= ldap_login_user_htaccess($username);
if ($ui === NULL || !$ui){
- echo "GOsa error: "._("Authentication via htaccess not possible. Unable to retrieve user information.");
- exit;
+ print_red(_("Authentication via htaccess not possible. Unable to retrieve user information."));
+ display_error_page();
}
} else {
$ui= ldap_login_user($username, $_POST["password"]);
index b6d4b5531d8ee8e2e51a12d743077de670f73d2c..c06a7866e1f5530d07fe632cbea311242fbe4b16 100644 (file)
new log("security","logout","",array(),"User \"".$ui->username."\" logged out") ;
}
+/* Language setup */
+if ((!isset($config))||(empty($config->data['MAIN']['LANG']))){
+ $lang= get_browser_language();
+} else {
+ $lang= $config->data['MAIN']['LANG'];
+}
+
+$lang.=".UTF-8";
+putenv("LANGUAGE=");
+putenv("LANG=$lang");
+setlocale(LC_ALL, $lang);
+$GLOBALS['t_language']= $lang;
+$GLOBALS['t_gettext_message_dir'] = $BASE_DIR.'/locale/';
+
+/* Set the text domain as 'messages' */
+$domain = 'messages';
+bindtextdomain($domain, "$BASE_DIR/locale");
+textdomain($domain);
+
+/* Create smarty & Set template compile directory */
+$smarty= new smarty();
+if (isset ($config->data['MAIN']['COMPILE'])){
+ $smarty->compile_dir= $config->data['MAIN']['COMPILE'];
+} else {
+ $smarty->compile_dir= '/var/spool/gosa/';
+}
+
+
/* If GET request is posted, the logout was forced by pressing the link */
if (isset($_GET['request'])){
@session_unset ();
@session_destroy ();
- /* Go back to the base via header */
- header ("Location: index.php");
- exit();
-
-}else{ // The logout wasn't forced, so the session is invalid
-
- /* Language setup */
- if ((!isset($config))||(empty($config->data['MAIN']['LANG']))){
- $lang= get_browser_language();
- } else {
- $lang= $config->data['MAIN']['LANG'];
+ /* If we're not using htaccess authentication, just redirect... */
+ if (!isset($config->data['MAIN']['HTACCESS_AUTH']) && !isset($_SERVER['REMOTE_USER'])){
+ header ("Location: index.php");
+ exit();
}
- $lang.=".UTF-8";
- putenv("LANGUAGE=");
- putenv("LANG=$lang");
- setlocale(LC_ALL, $lang);
- $GLOBALS['t_language']= $lang;
- $GLOBALS['t_gettext_message_dir'] = $BASE_DIR.'/locale/';
+ /* Else notice that the user has to close the browser... */
+ $smarty->display (get_template_path('headers.tpl'));
+ $smarty->display (get_template_path('logout-close.tpl'));
+ exit;
- /* Set the text domain as 'messages' */
- $domain = 'messages';
- bindtextdomain($domain, "$BASE_DIR/locale");
- textdomain($domain);
-
- /* Create smarty & Set template compile directory */
- $smarty= new smarty();
- if (isset ($config->data['MAIN']['COMPILE'])){
- $smarty->compile_dir= $config->data['MAIN']['COMPILE'];
- } else {
- $smarty->compile_dir= '/var/spool/gosa/';
- }
+}else{ // The logout wasn't forced, so the session is invalid
+
$smarty->display (get_template_path('headers.tpl'));
$smarty->display (get_template_path('logout.tpl'));
exit;
diff --git a/gosa-core/ihtml/themes/default/logout-close.tpl b/gosa-core/ihtml/themes/default/logout-close.tpl
--- /dev/null
@@ -0,0 +1,13 @@
+<body style="background-color: white;background-image:none;">
+
+<form action='index.php' method='post' name='mainform'>
+<div style="margin-left:10%; margin-right:10%; margin-top:5%; border:2px solid red;padding-left:10px;padding-right:10px;padding-top:5px;padding-bottom:20px;">
+ <h1>{t}Your GOsa session has been closed!{/t}</h1>
+ <p>
+ {t}Please close this browser window and clean the authentication caches to avoid an automatic re-authentication by your browser.{/t}
+ </p>
+</div>
+</form>
+
+</body>
+</html>
index 27005eed636a3896d532cfb6b5292b86133af2ef..bf00c46ac5502b0b468c4c39032c4dc7154310c7 100644 (file)
-->
</script>
-
+</html>
index 92c87511716d8da745d968cd700fa5d413b3c131..9e37537908a55f50b88926496d340188a1009eb3 100644 (file)
if (is_null($this->ldap) || (is_int($this->ldap) && $this->ldap == 0)){
$smarty= get_smarty();
print_red (_("Can't bind to LDAP. Please contact the system administrator."));
- $smarty->display (get_template_path('headers.tpl'));
- echo '<body style="background-image:none">'.$_SESSION['errors'].'</body></html>';
- exit();
+ display_error_page();
}
if (!isset($_SESSION['size_limit'])){
if (count($this->data['SERVERS']['SAMBA']) == 0){
if (!isset($this->current["SID"]) || !isset($this->current["RIDBASE"])){
print_red(_("SID and/or RIDBASE missing in your configuration!"));
- echo $_SESSION['errors'];
- exit;
+ display_error_page();
} else {
$this->data['SERVERS']['SAMBA']['DEFAULT']= array(
"SID" => $this->current["SID"],
index 2d7a8fcee942b7cdbb69f29ba706acf9c9782ab8..763db832a0ccb88418a9d8f17d6beb3008a7d78b 100644 (file)
/* Bail out, if we've nothing to do... */
if ($ocname == ""){
print_red(sprintf(_("Autocreation of subtree failed. No objectClass found for attribute '%s'."), $type));
- echo $_SESSION['errors'];
- exit;
+ display_error_page();
}
/* Assemble_entry */
break;
default:
print_red(sprintf(_("Autocreation of type '%s' is currently not supported. Please report to the GOsa team."), $type));
- echo $_SESSION['errors'];
- exit;
+ display_error_page();
}
}
index 6fdf9b32026a722405bcfd5181d5bc09e70bd917..1337de824b7f8cb3659bd6a042f698916bf436b1 100644 (file)
/* Read information from class variable */
if (!isset($info['CLASS'])){
print_red(_("Your gosa.conf format has changed. Please re-run setup!"));
- echo $_SESSION['errors'];
- exit;
+ display_error_page();
}
$vars= get_class_vars($info['CLASS']);
$plHeadline= $vars['plHeadline'];
index 7d70459a5b5317c3eab06448c86596be2efc2342..7cd830f5021191dc1e7a3e8a61964a8b3e9fc1a8 100644 (file)
{
global $config;
- /* - Search for $username and optinal @REALM in all configured LDAP trees */
- /* - If uniq, fill username and server with the correct values and return */
- /* - Else return emtpy values where the error occurs */
+ /* Search for $username and optional @REALM in all configured LDAP trees */
+ foreach($config->data["LOCATIONS"] as $name => $data){
+
+ $config->set_current($name);
+ $mode= "kerberos";
+ if (isset($config->current['KRBSASL']) && preg_match('/^true$/i', $config->current['KRBSASL'])){
+ $mode= "sasl";
+ }
+
+ /* Look for entry or realm */
+ $ldap= $config->get_ldap_link();
+ if (!preg_match("/Success/i", $ldap->error)){
+ print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error()));
+ $smarty= get_smarty();
+ $smarty->display(get_template_path('headers.tpl'));
+ echo "<body>".get_global('errors')."</body></html>";
+ exit();
+ }
+ $ldap->search("(&(objectClass=gosaAccount)(|(uid=$username)(userPassword={$mode}$username)))", array("uid"));
+ /* Found a uniq match? Return it... */
+ if ($ldap->count() == 1) {
+ $attrs= $ldap->fetch();
+ return array("username" => $attrs["uid"][0], "server" => $name);
+ }
+ }
+
+ /* Nothing found? Return emtpy array */
return array("username" => "", "server" => "");
}
function ldap_login_user_htaccess ($username)
{
- /* Use the username to fill the userinfo class as in ldap_login_user and return */
- /* Load acl, etc.*/
- return NULL;
+ global $config;
+
+ /* Look for entry or realm */
+ $ldap= $config->get_ldap_link();
+ if (!preg_match("/Success/i", $ldap->error)){
+ print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error()));
+ $smarty= get_smarty();
+ $smarty->display(get_template_path('headers.tpl'));
+ echo "<body>".get_global('errors')."</body></html>";
+ exit();
+ }
+ $ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid"));
+ /* Found no uniq match? Strange, because we did above... */
+ if ($ldap->count() != 1) {
+ print_red(_("Username / UID is not unique. Please check your LDAP database."));
+ return (NULL);
+ }
+ $attrs= $ldap->fetch();
+
+ /* got user dn, fill acl's */
+ $ui= new userinfo($config, $ldap->getDN());
+ $ui->username= $attrs['uid'][0];
+
+ /* No password check needed - the webserver did it for us */
+ $ldap->disconnect();
+
+ /* Username is set, load subtreeACL's now */
+ $ui->loadACL();
+
+ /* TODO: check java script for htaccess authentication */
+ $_SESSION['js']= true;
+
+ return ($ui);
}
);
return(array("TIMEZONES" => $timezones, "DST_ZONES" => $dst_timezones));
}
+
+
+function display_error_page()
+{
+ $smarty= get_smarty();
+ $smarty->display(get_template_path('headers.tpl'));
+ echo "<body>".msg_dialog::get_dialogs()."</body></html>";
+ exit();
+}
+
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>