Mercurial > hg > rc1
comparison plugins/krb_authentication/krb_authentication.php @ 0:1e000243b222
vanilla 1.3.3 distro, I hope
| author | Charlie Root |
|---|---|
| date | Thu, 04 Jan 2018 15:50:29 -0500 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1e000243b222 |
|---|---|
| 1 <?php | |
| 2 | |
| 3 /** | |
| 4 * Kerberos Authentication | |
| 5 * | |
| 6 * Make use of an existing Kerberos authentication and perform login | |
| 7 * with the existing user credentials | |
| 8 * | |
| 9 * For other configuration options, see config.inc.php.dist! | |
| 10 * | |
| 11 * @license GNU GPLv3+ | |
| 12 * @author Jeroen van Meeuwen | |
| 13 */ | |
| 14 class krb_authentication extends rcube_plugin | |
| 15 { | |
| 16 private $redirect_query; | |
| 17 | |
| 18 /** | |
| 19 * Plugin initialization | |
| 20 */ | |
| 21 function init() | |
| 22 { | |
| 23 $this->add_hook('startup', array($this, 'startup')); | |
| 24 $this->add_hook('authenticate', array($this, 'authenticate')); | |
| 25 $this->add_hook('login_after', array($this, 'login')); | |
| 26 $this->add_hook('storage_connect', array($this, 'storage_connect')); | |
| 27 } | |
| 28 | |
| 29 /** | |
| 30 * Startup hook handler | |
| 31 */ | |
| 32 function startup($args) | |
| 33 { | |
| 34 if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) { | |
| 35 // handle login action | |
| 36 if (empty($_SESSION['user_id'])) { | |
| 37 $args['action'] = 'login'; | |
| 38 $this->redirect_query = $_SERVER['QUERY_STRING']; | |
| 39 } | |
| 40 else { | |
| 41 $_SESSION['password'] = null; | |
| 42 } | |
| 43 } | |
| 44 | |
| 45 return $args; | |
| 46 } | |
| 47 | |
| 48 /** | |
| 49 * Authenticate hook handler | |
| 50 */ | |
| 51 function authenticate($args) | |
| 52 { | |
| 53 if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) { | |
| 54 // Load plugin's config file | |
| 55 $this->load_config(); | |
| 56 | |
| 57 $rcmail = rcmail::get_instance(); | |
| 58 $host = $rcmail->config->get('krb_authentication_host'); | |
| 59 | |
| 60 if (is_string($host) && trim($host) !== '' && empty($args['host'])) { | |
| 61 $args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host)); | |
| 62 } | |
| 63 | |
| 64 if (!empty($_SERVER['REMOTE_USER'])) { | |
| 65 $args['user'] = $_SERVER['REMOTE_USER']; | |
| 66 $args['pass'] = null; | |
| 67 } | |
| 68 | |
| 69 $args['cookiecheck'] = false; | |
| 70 $args['valid'] = true; | |
| 71 } | |
| 72 | |
| 73 return $args; | |
| 74 } | |
| 75 | |
| 76 /** | |
| 77 * Storage_connect hook handler | |
| 78 */ | |
| 79 function storage_connect($args) | |
| 80 { | |
| 81 if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) { | |
| 82 // Load plugin's config file | |
| 83 $this->load_config(); | |
| 84 | |
| 85 $rcmail = rcmail::get_instance(); | |
| 86 $context = $rcmail->config->get('krb_authentication_context'); | |
| 87 | |
| 88 $args['gssapi_context'] = $context ?: 'imap/kolab.example.org@EXAMPLE.ORG'; | |
| 89 $args['gssapi_cn'] = $_SERVER['KRB5CCNAME']; | |
| 90 $args['auth_type'] = 'GSSAPI'; | |
| 91 } | |
| 92 | |
| 93 return $args; | |
| 94 } | |
| 95 | |
| 96 /** | |
| 97 * login_after hook handler | |
| 98 */ | |
| 99 function login($args) | |
| 100 { | |
| 101 // Redirect to the previous QUERY_STRING | |
| 102 if ($this->redirect_query) { | |
| 103 header('Location: ./?' . $this->redirect_query); | |
| 104 exit; | |
| 105 } | |
| 106 | |
| 107 return $args; | |
| 108 } | |
| 109 } |