Enabled HTTP auth
This commit is contained in:
parent
899f83aa17
commit
4eed1d8982
@ -42,7 +42,7 @@ function includeHTML(component, html) {
|
|||||||
// callback function
|
// callback function
|
||||||
function alertHttpRequest() {
|
function alertHttpRequest() {
|
||||||
if (http_request && (http_request.readyState == 4)) {
|
if (http_request && (http_request.readyState == 4)) {
|
||||||
if (http_request.status == 200) {
|
if (http_request.status == 200 || http_request.status == 401) {
|
||||||
response = http_request.responseText;
|
response = http_request.responseText;
|
||||||
http_request = null;
|
http_request = null;
|
||||||
//alert(response);
|
//alert(response);
|
||||||
|
@ -29,44 +29,68 @@ if (! isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) != 'on') {
|
|||||||
}
|
}
|
||||||
echo '<br />';
|
echo '<br />';
|
||||||
|
|
||||||
# Login form.
|
# HTTP Basic Auth Form.
|
||||||
echo '<form action="cmd.php" method="post" name="login_form">';
|
if ($app['server']->getAuthType() == 'http') {
|
||||||
echo '<input type="hidden" name="cmd" value="login" />';
|
ob_end_clean();
|
||||||
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
|
|
||||||
|
|
||||||
if (get_request('redirect','GET',false,false))
|
# When we pop up the basic athentication, we come back to this script, so try the login again.
|
||||||
printf('<input type="hidden" name="redirect" value="%s" />',rawurlencode(get_request('redirect','GET')));
|
if ($app['server']->isLoggedIn('user')) {
|
||||||
|
system_message(array(
|
||||||
|
'title'=>_('Authenticate to server'),
|
||||||
|
'body'=>_('Successfully logged into server.'),
|
||||||
|
'type'=>'info'),
|
||||||
|
sprintf('cmd.php?server_id=%s&refresh=SID_%s',$app['server']->getIndex(),$app['server']->getIndex()));
|
||||||
|
|
||||||
echo '<center>';
|
die();
|
||||||
echo '<table class="forminput">';
|
}
|
||||||
|
|
||||||
printf('<tr><td><b>%s:</b></td></tr>',
|
header(sprintf('WWW-Authenticate: Basic realm="%s %s"',app_name(),_('login')));
|
||||||
$app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :
|
|
||||||
($app['server']->getValue('login','attr') == 'dn' ? _('Login DN') : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
|
|
||||||
|
|
||||||
printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>',
|
if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')
|
||||||
$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');
|
header('HTTP/1.0 401 Unauthorized'); // http 1.0 method
|
||||||
|
else
|
||||||
|
header('Status: 401 Unauthorized'); // http 1.1 method
|
||||||
|
|
||||||
echo '<tr><td colspan=2> </td></tr>';
|
return;
|
||||||
printf('<tr><td><b>%s:</b></td></tr>',_('Password'));
|
# HTML Login Form
|
||||||
echo '<tr><td><input type="password" id="password" size="40" value="" name="login_pass" /></td></tr>';
|
} else {
|
||||||
echo '<tr><td colspan=2> </td></tr>';
|
echo '<form action="cmd.php" method="post" name="login_form">';
|
||||||
|
echo '<input type="hidden" name="cmd" value="login" />';
|
||||||
|
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
|
||||||
|
|
||||||
# If Anon bind allowed, then disable the form if the user choose to bind anonymously.
|
if (get_request('redirect','GET',false,false))
|
||||||
if ($app['server']->isAnonBindAllowed())
|
printf('<input type="hidden" name="redirect" value="%s" />',rawurlencode(get_request('redirect','GET')));
|
||||||
printf('<tr><td colspan="2"><small><b>%s</b></small> <input type="checkbox" name="anonymous_bind" onclick="toggle_disable_login_fields(this)" id="anonymous_bind_checkbox" /></td></tr>',
|
|
||||||
_('Anonymous'));
|
|
||||||
|
|
||||||
printf('<tr><td colspan="2"><center><input type="submit" name="submit" value="%s" /></center></td></tr>',
|
echo '<center>';
|
||||||
_('Authenticate'));
|
echo '<table class="forminput">';
|
||||||
|
|
||||||
echo '</table>';
|
printf('<tr><td><b>%s:</b></td></tr>',
|
||||||
echo '</center>';
|
$app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :
|
||||||
echo '</form>';
|
($app['server']->getValue('login','attr') == 'dn' ? _('Login DN') : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
|
||||||
|
|
||||||
echo '<script type="text/javascript" language="javascript">document.getElementById(\'login\').focus()</script>';
|
printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>',
|
||||||
|
$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');
|
||||||
|
|
||||||
if ($app['server']->isAnonBindAllowed() ) {
|
echo '<tr><td colspan=2> </td></tr>';
|
||||||
|
printf('<tr><td><b>%s:</b></td></tr>',_('Password'));
|
||||||
|
echo '<tr><td><input type="password" id="password" size="40" value="" name="login_pass" /></td></tr>';
|
||||||
|
echo '<tr><td colspan=2> </td></tr>';
|
||||||
|
|
||||||
|
# If Anon bind allowed, then disable the form if the user choose to bind anonymously.
|
||||||
|
if ($app['server']->isAnonBindAllowed())
|
||||||
|
printf('<tr><td colspan="2"><small><b>%s</b></small> <input type="checkbox" name="anonymous_bind" onclick="toggle_disable_login_fields(this)" id="anonymous_bind_checkbox" /></td></tr>',
|
||||||
|
_('Anonymous'));
|
||||||
|
|
||||||
|
printf('<tr><td colspan="2"><center><input type="submit" name="submit" value="%s" /></center></td></tr>',
|
||||||
|
_('Authenticate'));
|
||||||
|
|
||||||
|
echo '</table>';
|
||||||
|
echo '</center>';
|
||||||
|
echo '</form>';
|
||||||
|
|
||||||
|
echo '<script type="text/javascript" language="javascript">document.getElementById(\'login\').focus()</script>';
|
||||||
|
|
||||||
|
if ($app['server']->isAnonBindAllowed() ) {
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" language="javascript">
|
<script type="text/javascript" language="javascript">
|
||||||
function toggle_disable_login_fields(anon_checkbox) {
|
function toggle_disable_login_fields(anon_checkbox) {
|
||||||
@ -81,5 +105,6 @@ function toggle_disable_login_fields(anon_checkbox) {
|
|||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
<?php
|
<?php
|
||||||
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -121,8 +121,16 @@ class HTMLTree extends Tree {
|
|||||||
|
|
||||||
# We are not logged in, draw a login... link.
|
# We are not logged in, draw a login... link.
|
||||||
} else {
|
} else {
|
||||||
if ($server->getAuthType() != 'config')
|
switch ($server->getAuthType()) {
|
||||||
$this->draw_login_link();
|
|
||||||
|
case 'http':
|
||||||
|
case 'session':
|
||||||
|
$this->draw_login_link();
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
die(sprintf('Error: %s hasnt been configured for auth_type %s',__METHOD__,$server->getAuthType()));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Tree Footer.
|
# Tree Footer.
|
||||||
|
70
lib/ds.php
70
lib/ds.php
@ -127,6 +127,7 @@ abstract class DS {
|
|||||||
public function getAuthType() {
|
public function getAuthType() {
|
||||||
switch ($this->getValue('login','auth_type')) {
|
switch ($this->getValue('login','auth_type')) {
|
||||||
case 'config':
|
case 'config':
|
||||||
|
case 'http':
|
||||||
case 'session':
|
case 'session':
|
||||||
return $this->getValue('login','auth_type');
|
return $this->getValue('login','auth_type');
|
||||||
|
|
||||||
@ -154,6 +155,7 @@ abstract class DS {
|
|||||||
else
|
else
|
||||||
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['name']);
|
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['name']);
|
||||||
|
|
||||||
|
case 'http':
|
||||||
case 'session':
|
case 'session':
|
||||||
if (! isset($_SESSION['USER'][$this->index][$method]['name']))
|
if (! isset($_SESSION['USER'][$this->index][$method]['name']))
|
||||||
return null;
|
return null;
|
||||||
@ -173,6 +175,7 @@ abstract class DS {
|
|||||||
|
|
||||||
switch ($this->getAuthType()) {
|
switch ($this->getAuthType()) {
|
||||||
case 'config':
|
case 'config':
|
||||||
|
case 'http':
|
||||||
case 'session':
|
case 'session':
|
||||||
$_SESSION['USER'][$this->index][$method]['name'] = blowfish_encrypt($user);
|
$_SESSION['USER'][$this->index][$method]['name'] = blowfish_encrypt($user);
|
||||||
$_SESSION['USER'][$this->index][$method]['pass'] = blowfish_encrypt($pass);
|
$_SESSION['USER'][$this->index][$method]['pass'] = blowfish_encrypt($pass);
|
||||||
@ -200,6 +203,7 @@ abstract class DS {
|
|||||||
else
|
else
|
||||||
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['pass']);
|
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['pass']);
|
||||||
|
|
||||||
|
case 'http':
|
||||||
case 'session':
|
case 'session':
|
||||||
if (! isset($_SESSION['USER'][$this->index][$method]['pass']))
|
if (! isset($_SESSION['USER'][$this->index][$method]['pass']))
|
||||||
return null;
|
return null;
|
||||||
@ -215,9 +219,56 @@ abstract class DS {
|
|||||||
* Return if this datastore's connection method has been logged into
|
* Return if this datastore's connection method has been logged into
|
||||||
*/
|
*/
|
||||||
public function isLoggedIn($method=null) {
|
public function isLoggedIn($method=null) {
|
||||||
|
static $CACHE = null;
|
||||||
|
|
||||||
$method = $this->getMethod($method);
|
$method = $this->getMethod($method);
|
||||||
|
|
||||||
return is_null($this->getLogin($method)) ? false : true;
|
if (! is_null($CACHE))
|
||||||
|
return $CACHE;
|
||||||
|
|
||||||
|
# For some authentication types, we need to do the login here
|
||||||
|
switch ($this->getAuthType()) {
|
||||||
|
case 'http':
|
||||||
|
# If our auth vars are not set, throw up a login box.
|
||||||
|
if (! isset($_SERVER['PHP_AUTH_USER'])) {
|
||||||
|
header(sprintf('WWW-Authenticate: Basic realm="%s %s"',app_name(),_('login')));
|
||||||
|
|
||||||
|
if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')
|
||||||
|
header('HTTP/1.0 401 Unauthorized'); // http 1.0 method
|
||||||
|
else
|
||||||
|
header('Status: 401 Unauthorized'); // http 1.1 method
|
||||||
|
|
||||||
|
# If we still dont have login details...
|
||||||
|
if (! isset($_SERVER['PHP_AUTH_USER'])) {
|
||||||
|
system_message(array(
|
||||||
|
'title'=>_('Unable to login.'),
|
||||||
|
'body'=>_('Your configuration file has authentication set to HTTP based authentication, however, there was none presented'),
|
||||||
|
'type'=>'error'));
|
||||||
|
|
||||||
|
$CACHE = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check our auth vars are valid.
|
||||||
|
} else {
|
||||||
|
if (! $this->login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'],$method)) {
|
||||||
|
system_message(array(
|
||||||
|
'title'=>_('Unable to login.'),
|
||||||
|
'body'=>_('Your HTTP based authentication is not accepted by the LDAP server'),
|
||||||
|
'type'=>'error'));
|
||||||
|
|
||||||
|
$CACHE = false;
|
||||||
|
|
||||||
|
} else
|
||||||
|
$CACHE = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
$CACHE = is_null($this->getLogin($method)) ? false : true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $CACHE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -233,6 +284,9 @@ abstract class DS {
|
|||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
case 'http':
|
||||||
|
return true;
|
||||||
|
|
||||||
case 'session':
|
case 'session':
|
||||||
if (isset($_SESSION['USER'][$this->index][$method]))
|
if (isset($_SESSION['USER'][$this->index][$method]))
|
||||||
unset($_SESSION['USER'][$this->index][$method]);
|
unset($_SESSION['USER'][$this->index][$method]);
|
||||||
@ -272,14 +326,22 @@ abstract class DS {
|
|||||||
* @return string Connection Method
|
* @return string Connection Method
|
||||||
*/
|
*/
|
||||||
protected function getMethod($method=null) {
|
protected function getMethod($method=null) {
|
||||||
|
static $CACHE = null;
|
||||||
|
|
||||||
# Immediately return if method is set.
|
# Immediately return if method is set.
|
||||||
if (! is_null($method))
|
if (! is_null($method))
|
||||||
return $method;
|
return $method;
|
||||||
|
|
||||||
|
# If we have been here already, then return our result
|
||||||
|
if (! is_null($CACHE))
|
||||||
|
return $CACHE;
|
||||||
|
|
||||||
|
$CACHE = 'anon';
|
||||||
|
|
||||||
if ($this->isLoggedIn('user'))
|
if ($this->isLoggedIn('user'))
|
||||||
return 'user';
|
$CACHE = 'user';
|
||||||
else
|
|
||||||
return 'anon';
|
return $CACHE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -137,8 +137,8 @@ class ldap extends DS {
|
|||||||
return $CACHE[$this->index][$method];
|
return $CACHE[$this->index][$method];
|
||||||
|
|
||||||
# Check if we have logged in and therefore need to use those details as our bind.
|
# Check if we have logged in and therefore need to use those details as our bind.
|
||||||
$bind['id'] = is_null($this->getLogin($method)) ? $this->getLogin('user') : $this->getLogin($method);
|
$bind['id'] = is_null($this->getLogin($method)) && $method != 'anon' ? $this->getLogin('user') : $this->getLogin($method);
|
||||||
$bind['pass'] = is_null($this->getPassword($method)) ? $this->getPassword('user') : $this->getPassword($method);
|
$bind['pass'] = is_null($this->getPassword($method)) && $method != 'anon' ? $this->getPassword('user') : $this->getPassword($method);
|
||||||
|
|
||||||
# If our bind id is still null, we are not logged in.
|
# If our bind id is still null, we are not logged in.
|
||||||
if (is_null($bind['id']))
|
if (is_null($bind['id']))
|
||||||
|
@ -404,7 +404,7 @@ class ldap_pla extends ldap {
|
|||||||
* this function will return null.
|
* this function will return null.
|
||||||
*/
|
*/
|
||||||
public function inactivityTime() {
|
public function inactivityTime() {
|
||||||
if ($this->isLoggedIn() && ! in_array($this->getAuthType(),array('config','httpd')))
|
if ($this->isLoggedIn() && ! in_array($this->getAuthType(),array('config','http')))
|
||||||
return time()+($this->getValue('login','timeout')*60);
|
return time()+($this->getValue('login','timeout')*60);
|
||||||
else
|
else
|
||||||
return null;
|
return null;
|
||||||
|
Loading…
Reference in New Issue
Block a user