![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f8cc54b)
raw | patch | inline | side by side (parent: f8cc54b)
| author | cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Thu, 20 Dec 2007 09:26:21 +0000 (09:26 +0000) | ||
| committer | cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Thu, 20 Dec 2007 09:26:21 +0000 (09:26 +0000) |
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8155 594d385d-05f5-0310-b6e9-bd551577e9d8
| gosa-core/html/index.php | patch | blob | history | |
| gosa-core/include/functions.inc | patch | blob | history |
index 67d3c08267dc230d6dda57a2c48c82c9bef30bc5..92116e6e4f4d30dc5ed80be9576e245fbe550ae6 100644 (file)
--- a/gosa-core/html/index.php
+++ b/gosa-core/html/index.php
} else {
$smarty->compile_dir= '/var/spool/gosa';
}
-$smarty->assign ('nextfield', 'username');
/* Check for compile directory */
if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))){
$domain = 'messages';
bindtextdomain($domain, "$BASE_DIR/locale");
textdomain($domain);
-
+$smarty->assign ('nextfield', 'username');
if ($_SERVER["REQUEST_METHOD"] != "POST"){
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $lang, "Setting language to");
exit;
}
+/* Do we have htaccess authentification enabled? */
+$htaccess_authenticated= FALSE;
+if (isset($config->data['MAIN']['HTACCESS_AUTH']) && preg_match('/^(yes|true)$/i', $config->data['MAIN']['HTACCESS_AUTH'])){
+ if (!isset($_SERVER['REMOTE_USER'])){
+ echo "GOsa error: "._("There is a problem with the authentication setup. Please inform your system administrator.");
+ exit;
+ }
+
+ $tmp= process_htaccess($_SERVER['REMOTE_USER'], isset($_SERVER['KRB5CCNAME']));
+ $username= $tmp['username'];
+ $server= $tmp['server'];
+ if ($username == ""){
+ echo "GOsa error: "._("Cannot find a valid user for the current authentication setup.");
+ exit;
+ }
+ if ($server == ""){
+ echo "GOsa error: "._("User information is not uniq accross the configured directories. Cannot authenticated.");
+ exit;
+ }
+
+ $htaccess_authenticated= TRUE;
+}
+
/* Got a formular answer, validate and try to log in */
-if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])){
+if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htaccess_authenticated){
/* Reset error messages */
$message= "";
$_SESSION['_LAST_PAGE_REQUEST'] = time();
}
- $server= validate($_POST["server"]);
+ if (!$htaccess_authenticated){
+ $server= validate($_POST["server"]);
+ }
$config->set_current($server);
/* Admin-logon and verify */
}
}
}
+
/* Check for locking area */
$ldap->cat($config->current['CONFIG'], array("dn"));
$attrs= $ldap->fetch();
}
/* Check for valid input */
- $username= $_POST["username"];
- if (!ereg("^[@A-Za-z0-9_.-]+$", $username)){
- $message= _("Please specify a valid username!");
- } elseif (mb_strlen($_POST["password"], 'UTF-8') == 0){
- $message= _("Please specify your password!");
- $smarty->assign ('nextfield', 'password');
- } else {
+ $ok= true;
+ if (!$htaccess_authenticated){
+ $username= $_POST["username"];
+ if (!ereg("^[@A-Za-z0-9_.-]+$", $username)){
+ $message= _("Please specify a valid username!");
+ $ok= false;
+ } elseif (mb_strlen($_POST["password"], 'UTF-8') == 0){
+ $message= _("Please specify your password!");
+ $smarty->assign ('nextfield', 'password');
+ $ok= false;
+ }
+ }
+
+ if ($ok) {
/* Login as user, initialize user ACL's */
- $ui= ldap_login_user($username, $_POST["password"]);
+ if ($htaccess_authenticated){
+ $ui= ldap_login_user_htaccess($username);
+ if ($ui === NULL || !$ui){
+ echo "GOsa error: "._("Authentication via htaccess not possible. Unable to retrieve user information.");
+ exit;
+ }
+ } else {
+ $ui= ldap_login_user($username, $_POST["password"]);
+ }
if ($ui === NULL || !$ui){
$message= _("Please check the username/password combination.");
$smarty->assign ('nextfield', 'password');
$config->make_idepartments();
$_SESSION['config']= $config;
- /* Take care about zend.ze1_compatiblity_mode */
- if (ini_get("zend.ze1_compatibility_mode") != 0){
- $_SESSION['PHP4COMPATIBLE']= TRUE;
- }
-
- /* Restore filter settings from cookie, if available
- */
+ /* Restore filter settings from cookie, if available */
if(isset($config->data['MAIN']['SAVE_FILTER']) && preg_match("/true/",$config->data['MAIN']['SAVE_FILTER'])){
if(isset($_COOKIE['GOsa_Filter_Settings']) || isset($HTTP_COOKIE_VARS['GOsa_Filter_Settings'])){
}
}
}
+
/* Not account expired or password forced change go to main page */
new log("security","login","",array(),"User \"$username\" logged in successfully") ;
$plist= new pluglist($config, $ui);
index 73368af1eb291ed1f3911d996e8dd595bb76f865..a47a11f80291e8675b515f35bb6d4d1981a828aa 100644 (file)
}
+function process_htaccess ($username, $kerberos= FALSE)
+{
+ global $config;
+
+ /* - Search for $username and optinal @REALM in all configured LDAP trees */
+ /* - If uniq, fill username and server with the correct values and return */
+ /* - Else return emtpy values where the error occurs */
+
+ return array("username" => "", "server" => "");
+}
+
+
+function ldap_login_user_htaccess ($username)
+{
+ /* Use the username to fill the userinfo class as in ldap_login_user and return */
+ /* Load acl, etc.*/
+ return NULL;
+}
+
+
function ldap_login_user ($username, $password)
{
global $config;