Enabled HTTP auth

This commit is contained in:
Deon George 2009-07-11 10:18:48 +10:00
parent 899f83aa17
commit 4eed1d8982
6 changed files with 133 additions and 38 deletions

View File

@ -42,7 +42,7 @@ function includeHTML(component, html) {
// callback function // callback function
function alertHttpRequest() { function alertHttpRequest() {
if (http_request && (http_request.readyState == 4)) { if (http_request && (http_request.readyState == 4)) {
if (http_request.status == 200) { if (http_request.status == 200 || http_request.status == 401) {
response = http_request.responseText; response = http_request.responseText;
http_request = null; http_request = null;
//alert(response); //alert(response);

View File

@ -29,44 +29,68 @@ if (! isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) != 'on') {
} }
echo '<br />'; echo '<br />';
# Login form. # HTTP Basic Auth Form.
echo '<form action="cmd.php" method="post" name="login_form">'; if ($app['server']->getAuthType() == 'http') {
echo '<input type="hidden" name="cmd" value="login" />'; ob_end_clean();
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
if (get_request('redirect','GET',false,false)) # When we pop up the basic athentication, we come back to this script, so try the login again.
printf('<input type="hidden" name="redirect" value="%s" />',rawurlencode(get_request('redirect','GET'))); if ($app['server']->isLoggedIn('user')) {
system_message(array(
'title'=>_('Authenticate to server'),
'body'=>_('Successfully logged into server.'),
'type'=>'info'),
sprintf('cmd.php?server_id=%s&refresh=SID_%s',$app['server']->getIndex(),$app['server']->getIndex()));
echo '<center>'; die();
echo '<table class="forminput">'; }
printf('<tr><td><b>%s:</b></td></tr>', header(sprintf('WWW-Authenticate: Basic realm="%s %s"',app_name(),_('login')));
$app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :
($app['server']->getValue('login','attr') == 'dn' ? _('Login DN') : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>', if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')
$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : ''); header('HTTP/1.0 401 Unauthorized'); // http 1.0 method
else
header('Status: 401 Unauthorized'); // http 1.1 method
echo '<tr><td colspan=2>&nbsp;</td></tr>'; return;
printf('<tr><td><b>%s:</b></td></tr>',_('Password')); # HTML Login Form
echo '<tr><td><input type="password" id="password" size="40" value="" name="login_pass" /></td></tr>'; } else {
echo '<tr><td colspan=2>&nbsp;</td></tr>'; echo '<form action="cmd.php" method="post" name="login_form">';
echo '<input type="hidden" name="cmd" value="login" />';
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
# If Anon bind allowed, then disable the form if the user choose to bind anonymously. if (get_request('redirect','GET',false,false))
if ($app['server']->isAnonBindAllowed()) printf('<input type="hidden" name="redirect" value="%s" />',rawurlencode(get_request('redirect','GET')));
printf('<tr><td colspan="2"><small><b>%s</b></small> <input type="checkbox" name="anonymous_bind" onclick="toggle_disable_login_fields(this)" id="anonymous_bind_checkbox" /></td></tr>',
_('Anonymous'));
printf('<tr><td colspan="2"><center><input type="submit" name="submit" value="%s" /></center></td></tr>', echo '<center>';
_('Authenticate')); echo '<table class="forminput">';
echo '</table>'; printf('<tr><td><b>%s:</b></td></tr>',
echo '</center>'; $app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :
echo '</form>'; ($app['server']->getValue('login','attr') == 'dn' ? _('Login DN') : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
echo '<script type="text/javascript" language="javascript">document.getElementById(\'login\').focus()</script>'; printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>',
$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');
if ($app['server']->isAnonBindAllowed() ) { echo '<tr><td colspan=2>&nbsp;</td></tr>';
printf('<tr><td><b>%s:</b></td></tr>',_('Password'));
echo '<tr><td><input type="password" id="password" size="40" value="" name="login_pass" /></td></tr>';
echo '<tr><td colspan=2>&nbsp;</td></tr>';
# If Anon bind allowed, then disable the form if the user choose to bind anonymously.
if ($app['server']->isAnonBindAllowed())
printf('<tr><td colspan="2"><small><b>%s</b></small> <input type="checkbox" name="anonymous_bind" onclick="toggle_disable_login_fields(this)" id="anonymous_bind_checkbox" /></td></tr>',
_('Anonymous'));
printf('<tr><td colspan="2"><center><input type="submit" name="submit" value="%s" /></center></td></tr>',
_('Authenticate'));
echo '</table>';
echo '</center>';
echo '</form>';
echo '<script type="text/javascript" language="javascript">document.getElementById(\'login\').focus()</script>';
if ($app['server']->isAnonBindAllowed() ) {
?> ?>
<script type="text/javascript" language="javascript"> <script type="text/javascript" language="javascript">
function toggle_disable_login_fields(anon_checkbox) { function toggle_disable_login_fields(anon_checkbox) {
@ -81,5 +105,6 @@ function toggle_disable_login_fields(anon_checkbox) {
} }
</script> </script>
<?php <?php
}
} }
?> ?>

View File

@ -121,8 +121,16 @@ class HTMLTree extends Tree {
# We are not logged in, draw a login... link. # We are not logged in, draw a login... link.
} else { } else {
if ($server->getAuthType() != 'config') switch ($server->getAuthType()) {
$this->draw_login_link();
case 'http':
case 'session':
$this->draw_login_link();
break;
default:
die(sprintf('Error: %s hasnt been configured for auth_type %s',__METHOD__,$server->getAuthType()));
}
} }
# Tree Footer. # Tree Footer.

View File

@ -127,6 +127,7 @@ abstract class DS {
public function getAuthType() { public function getAuthType() {
switch ($this->getValue('login','auth_type')) { switch ($this->getValue('login','auth_type')) {
case 'config': case 'config':
case 'http':
case 'session': case 'session':
return $this->getValue('login','auth_type'); return $this->getValue('login','auth_type');
@ -154,6 +155,7 @@ abstract class DS {
else else
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['name']); return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['name']);
case 'http':
case 'session': case 'session':
if (! isset($_SESSION['USER'][$this->index][$method]['name'])) if (! isset($_SESSION['USER'][$this->index][$method]['name']))
return null; return null;
@ -173,6 +175,7 @@ abstract class DS {
switch ($this->getAuthType()) { switch ($this->getAuthType()) {
case 'config': case 'config':
case 'http':
case 'session': case 'session':
$_SESSION['USER'][$this->index][$method]['name'] = blowfish_encrypt($user); $_SESSION['USER'][$this->index][$method]['name'] = blowfish_encrypt($user);
$_SESSION['USER'][$this->index][$method]['pass'] = blowfish_encrypt($pass); $_SESSION['USER'][$this->index][$method]['pass'] = blowfish_encrypt($pass);
@ -200,6 +203,7 @@ abstract class DS {
else else
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['pass']); return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['pass']);
case 'http':
case 'session': case 'session':
if (! isset($_SESSION['USER'][$this->index][$method]['pass'])) if (! isset($_SESSION['USER'][$this->index][$method]['pass']))
return null; return null;
@ -215,9 +219,56 @@ abstract class DS {
* Return if this datastore's connection method has been logged into * Return if this datastore's connection method has been logged into
*/ */
public function isLoggedIn($method=null) { public function isLoggedIn($method=null) {
static $CACHE = null;
$method = $this->getMethod($method); $method = $this->getMethod($method);
return is_null($this->getLogin($method)) ? false : true; if (! is_null($CACHE))
return $CACHE;
# For some authentication types, we need to do the login here
switch ($this->getAuthType()) {
case 'http':
# If our auth vars are not set, throw up a login box.
if (! isset($_SERVER['PHP_AUTH_USER'])) {
header(sprintf('WWW-Authenticate: Basic realm="%s %s"',app_name(),_('login')));
if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')
header('HTTP/1.0 401 Unauthorized'); // http 1.0 method
else
header('Status: 401 Unauthorized'); // http 1.1 method
# If we still dont have login details...
if (! isset($_SERVER['PHP_AUTH_USER'])) {
system_message(array(
'title'=>_('Unable to login.'),
'body'=>_('Your configuration file has authentication set to HTTP based authentication, however, there was none presented'),
'type'=>'error'));
$CACHE = false;
}
# Check our auth vars are valid.
} else {
if (! $this->login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'],$method)) {
system_message(array(
'title'=>_('Unable to login.'),
'body'=>_('Your HTTP based authentication is not accepted by the LDAP server'),
'type'=>'error'));
$CACHE = false;
} else
$CACHE = true;
}
break;
default:
$CACHE = is_null($this->getLogin($method)) ? false : true;
}
return $CACHE;
} }
/** /**
@ -233,6 +284,9 @@ abstract class DS {
return true; return true;
case 'http':
return true;
case 'session': case 'session':
if (isset($_SESSION['USER'][$this->index][$method])) if (isset($_SESSION['USER'][$this->index][$method]))
unset($_SESSION['USER'][$this->index][$method]); unset($_SESSION['USER'][$this->index][$method]);
@ -272,14 +326,22 @@ abstract class DS {
* @return string Connection Method * @return string Connection Method
*/ */
protected function getMethod($method=null) { protected function getMethod($method=null) {
static $CACHE = null;
# Immediately return if method is set. # Immediately return if method is set.
if (! is_null($method)) if (! is_null($method))
return $method; return $method;
# If we have been here already, then return our result
if (! is_null($CACHE))
return $CACHE;
$CACHE = 'anon';
if ($this->isLoggedIn('user')) if ($this->isLoggedIn('user'))
return 'user'; $CACHE = 'user';
else
return 'anon'; return $CACHE;
} }
} }

View File

@ -137,8 +137,8 @@ class ldap extends DS {
return $CACHE[$this->index][$method]; return $CACHE[$this->index][$method];
# Check if we have logged in and therefore need to use those details as our bind. # Check if we have logged in and therefore need to use those details as our bind.
$bind['id'] = is_null($this->getLogin($method)) ? $this->getLogin('user') : $this->getLogin($method); $bind['id'] = is_null($this->getLogin($method)) && $method != 'anon' ? $this->getLogin('user') : $this->getLogin($method);
$bind['pass'] = is_null($this->getPassword($method)) ? $this->getPassword('user') : $this->getPassword($method); $bind['pass'] = is_null($this->getPassword($method)) && $method != 'anon' ? $this->getPassword('user') : $this->getPassword($method);
# If our bind id is still null, we are not logged in. # If our bind id is still null, we are not logged in.
if (is_null($bind['id'])) if (is_null($bind['id']))

View File

@ -404,7 +404,7 @@ class ldap_pla extends ldap {
* this function will return null. * this function will return null.
*/ */
public function inactivityTime() { public function inactivityTime() {
if ($this->isLoggedIn() && ! in_array($this->getAuthType(),array('config','httpd'))) if ($this->isLoggedIn() && ! in_array($this->getAuthType(),array('config','http')))
return time()+($this->getValue('login','timeout')*60); return time()+($this->getValue('login','timeout')*60);
else else
return null; return null;