|
0
|
1 <?php
|
|
|
2
|
|
|
3 /**
|
|
|
4 * Kerberos Authentication
|
|
|
5 *
|
|
|
6 * Make use of an existing Kerberos authentication and perform login
|
|
|
7 * with the existing user credentials
|
|
|
8 *
|
|
|
9 * For other configuration options, see config.inc.php.dist!
|
|
|
10 *
|
|
|
11 * @license GNU GPLv3+
|
|
|
12 * @author Jeroen van Meeuwen
|
|
|
13 */
|
|
|
14 class krb_authentication extends rcube_plugin
|
|
|
15 {
|
|
|
16 private $redirect_query;
|
|
|
17
|
|
|
18 /**
|
|
|
19 * Plugin initialization
|
|
|
20 */
|
|
|
21 function init()
|
|
|
22 {
|
|
|
23 $this->add_hook('startup', array($this, 'startup'));
|
|
|
24 $this->add_hook('authenticate', array($this, 'authenticate'));
|
|
|
25 $this->add_hook('login_after', array($this, 'login'));
|
|
|
26 $this->add_hook('storage_connect', array($this, 'storage_connect'));
|
|
|
27 }
|
|
|
28
|
|
|
29 /**
|
|
|
30 * Startup hook handler
|
|
|
31 */
|
|
|
32 function startup($args)
|
|
|
33 {
|
|
|
34 if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
|
|
|
35 // handle login action
|
|
|
36 if (empty($_SESSION['user_id'])) {
|
|
|
37 $args['action'] = 'login';
|
|
|
38 $this->redirect_query = $_SERVER['QUERY_STRING'];
|
|
|
39 }
|
|
|
40 else {
|
|
|
41 $_SESSION['password'] = null;
|
|
|
42 }
|
|
|
43 }
|
|
|
44
|
|
|
45 return $args;
|
|
|
46 }
|
|
|
47
|
|
|
48 /**
|
|
|
49 * Authenticate hook handler
|
|
|
50 */
|
|
|
51 function authenticate($args)
|
|
|
52 {
|
|
|
53 if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
|
|
|
54 // Load plugin's config file
|
|
|
55 $this->load_config();
|
|
|
56
|
|
|
57 $rcmail = rcmail::get_instance();
|
|
|
58 $host = $rcmail->config->get('krb_authentication_host');
|
|
|
59
|
|
|
60 if (is_string($host) && trim($host) !== '' && empty($args['host'])) {
|
|
|
61 $args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
|
|
|
62 }
|
|
|
63
|
|
|
64 if (!empty($_SERVER['REMOTE_USER'])) {
|
|
|
65 $args['user'] = $_SERVER['REMOTE_USER'];
|
|
|
66 $args['pass'] = null;
|
|
|
67 }
|
|
|
68
|
|
|
69 $args['cookiecheck'] = false;
|
|
|
70 $args['valid'] = true;
|
|
|
71 }
|
|
|
72
|
|
|
73 return $args;
|
|
|
74 }
|
|
|
75
|
|
|
76 /**
|
|
|
77 * Storage_connect hook handler
|
|
|
78 */
|
|
|
79 function storage_connect($args)
|
|
|
80 {
|
|
|
81 if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
|
|
|
82 // Load plugin's config file
|
|
|
83 $this->load_config();
|
|
|
84
|
|
|
85 $rcmail = rcmail::get_instance();
|
|
|
86 $context = $rcmail->config->get('krb_authentication_context');
|
|
|
87
|
|
|
88 $args['gssapi_context'] = $context ?: 'imap/kolab.example.org@EXAMPLE.ORG';
|
|
|
89 $args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
|
|
|
90 $args['auth_type'] = 'GSSAPI';
|
|
|
91 }
|
|
|
92
|
|
|
93 return $args;
|
|
|
94 }
|
|
|
95
|
|
|
96 /**
|
|
|
97 * login_after hook handler
|
|
|
98 */
|
|
|
99 function login($args)
|
|
|
100 {
|
|
|
101 // Redirect to the previous QUERY_STRING
|
|
|
102 if ($this->redirect_query) {
|
|
|
103 header('Location: ./?' . $this->redirect_query);
|
|
|
104 exit;
|
|
|
105 }
|
|
|
106
|
|
|
107 return $args;
|
|
|
108 }
|
|
|
109 }
|
