modules/webserver_auth/webserver_auth.module

<?php
// $Id: webserver_auth.module,v 1.18 2007/04/24 01:17:45 weitzman Exp $

function webserver_auth_menu($may_cache) {
  if ($may_cache) {
    $items[] = array(
      'title' => t('Webserver authentication'),
      'path' => "admin/settings/webserver_auth",
      'callback' => "drupal_get_form",
      'callback arguments' => array('webserver_auth_settings'),
      'description' => t('Configure a domain for generating email addresses. Optional.'),
    );
  }
  return $items;

}

function webserver_auth_init() {
  global $user, $account;

  // two ways to get $name
  if ($name != $_SERVER["REMOTE_USER"]) {
    $name = $_SERVER["REDIRECT_REMOTE_USER"];
  }
  
  if (isset($user) && $user->id && $user->name === $name) {
    //do nothing because user is already logged into Drupal, and hasn't presented different credentials vis web server
  }
  else {
    if ($name) {
      // user is logged into webserver.
      $account->name = $name;
      //modules get to change the user bits before saving. use a global $account to do so.
      // only loaded modules will see this hook
      module_invoke_all("webserver_auth");
      // if we are in bootstrap, load user.module ourselves
      if (!module_exists('user')) {
       drupal_load('module', 'user');
      }

      // try to log into Drupal. if unsuccessful, register the user
      $test_user = user_external_load($account->name);
      if (!$test_user->uid) {
        if (variable_get("user_register", 1) == 1) {
          $user_default = array("name" => $account->name, "pass" => "cyan", "init" => db_escape_string($name), "authname_webserver_auth" => $account->name, "status" => 1, "roles" => array(DRUPAL_AUTHENTICATED_RID));
          // TODO - the hook_user('register') will fire but only for loaded modules. could be a problem for sites using page cache and that hook+operation
          $user = user_save("", array_merge($user_default, (array)$account));
          watchdog("user", "new user: $user->name (webserver_auth)", l(t("edit user"), "admin/user/edit/$user->uid"));
        }
      }
      else{
        $user = $test_user;
      }
    }
    else {
      // do nothing. user isn't logged into web server
    }
  }
}

// using a global to change your bits. module_invoke_all miffs me.
function webserver_auth_webserver_auth() {
  global $account;

  $account->name = trim($account->name);
  // pretties up the username for NTLM authentication (i.e. Windows)
  if ($_SERVER["AUTH_TYPE"] == "NTLM" || $_SERVER["AUTH_TYPE"] == 'Negotiate') {
    if (!(strpos($account->name, "\\") === false)) {
      $account->name = substr($account->name, strrpos($account->name, "\\")+1);
	}
    if (!(strpos($account->name, "@") === false)) {
      $account->name = substr($account->name, 0, strrpos($account->name, "@"));
	}
  }

  if ($domain = variable_get("webserver_auth_domain", "")) {
    if ($account->name) {
      $account->mail = $account->name. "@$domain";
    }
  }
}

function webserver_auth_settings() {
  $form["webserver_auth_domain"] = array(
    '#type' => 'textfield',
    '#title' => t("Email Domain"),
    '#default_value' => variable_get("webserver_auth_domain", ""),
    '#size' => 30,
    '#maxlength' => 55,
    '#description' => t("Append this domain name to each new user in order generate his email address. Currently only used for NTLM authentication."),
    );
  return system_settings_form($form);	
}

function webserver_auth_help($section) {
  $output ="";

  switch ($section) {
    case 'admin/help#webserver_auth':
      break;
    case 'admin/modules#description':
      $output .= t("Use web server authentication instead of Drupal");
      break;
  }

  return $output;
}
1	weitzman	1.1	<?php
2	weitzman	1.19	// $Id: webserver_auth.module,v 1.18 2007/04/24 01:17:45 weitzman Exp $
3
4			function webserver_auth_menu($may_cache) {
5			if ($may_cache) {
6			$items[] = array(
7			'title' => t('Webserver authentication'),
8			'path' => "admin/settings/webserver_auth",
9			'callback' => "drupal_get_form",
10			'callback arguments' => array('webserver_auth_settings'),
11			'description' => t('Configure a domain for generating email addresses. Optional.'),
12			);
13			}
14			return $items;
15
16			}
17	weitzman	1.1
18	weitzman	1.5	function webserver_auth_init() {
19			global $user, $account;
20	weitzman	1.10
21	weitzman	1.16	// two ways to get $name
22			if ($name != $_SERVER["REMOTE_USER"]) {
23			$name = $_SERVER["REDIRECT_REMOTE_USER"];
24			}
25
26			if (isset($user) && $user->id && $user->name === $name) {
27			//do nothing because user is already logged into Drupal, and hasn't presented different credentials vis web server
28	weitzman	1.1	}
29			else {
30	weitzman	1.16	if ($name) {
31	weitzman	1.10	// user is logged into webserver.
32	weitzman	1.5	$account->name = $name;
33			//modules get to change the user bits before saving. use a global $account to do so.
34	weitzman	1.12	// only loaded modules will see this hook
35	weitzman	1.5	module_invoke_all("webserver_auth");
36	weitzman	1.12	// if we are in bootstrap, load user.module ourselves
37	weitzman	1.19	if (!module_exists('user')) {
38	weitzman	1.12	drupal_load('module', 'user');
39			}
40	weitzman	1.10
41	weitzman	1.5	// try to log into Drupal. if unsuccessful, register the user
42	weitzman	1.18	$test_user = user_external_load($account->name);
43			if (!$test_user->uid) {
44	weitzman	1.1	if (variable_get("user_register", 1) == 1) {
45	weitzman	1.14	$user_default = array("name" => $account->name, "pass" => "cyan", "init" => db_escape_string($name), "authname_webserver_auth" => $account->name, "status" => 1, "roles" => array(DRUPAL_AUTHENTICATED_RID));
46	weitzman	1.16	// TODO - the hook_user('register') will fire but only for loaded modules. could be a problem for sites using page cache and that hook+operation
47	weitzman	1.13	$user = user_save("", array_merge($user_default, (array)$account));
48	weitzman	1.5	watchdog("user", "new user: $user->name (webserver_auth)", l(t("edit user"), "admin/user/edit/$user->uid"));
49	weitzman	1.1	}
50			}
51	weitzman	1.18	else{
52			$user = $test_user;
53			}
54	weitzman	1.1	}
55			else {
56			// do nothing. user isn't logged into web server
57			}
58			}
59			}
60
61	weitzman	1.5	// using a global to change your bits. module_invoke_all miffs me.
62			function webserver_auth_webserver_auth() {
63			global $account;
64	weitzman	1.10
65	weitzman	1.17	$account->name = trim($account->name);
66	weitzman	1.3	// pretties up the username for NTLM authentication (i.e. Windows)
67	weitzman	1.6	if ($_SERVER["AUTH_TYPE"] == "NTLM" \|\| $_SERVER["AUTH_TYPE"] == 'Negotiate') {
68	weitzman	1.17	if (!(strpos($account->name, "\\") === false)) {
69			$account->name = substr($account->name, strrpos($account->name, "\\")+1);
70			}
71			if (!(strpos($account->name, "@") === false)) {
72			$account->name = substr($account->name, 0, strrpos($account->name, "@"));
73			}
74	weitzman	1.5	}
75	weitzman	1.10
76	weitzman	1.5	if ($domain = variable_get("webserver_auth_domain", "")) {
77			if ($account->name) {
78			$account->mail = $account->name. "@$domain";
79			}
80	weitzman	1.3	}
81			}
82
83	weitzman	1.5	function webserver_auth_settings() {
84	weitzman	1.13	$form["webserver_auth_domain"] = array(
85			'#type' => 'textfield',
86			'#title' => t("Email Domain"),
87			'#default_value' => variable_get("webserver_auth_domain", ""),
88			'#size' => 30,
89			'#maxlength' => 55,
90	weitzman	1.19	'#description' => t("Append this domain name to each new user in order generate his email address. Currently only used for NTLM authentication."),
91	weitzman	1.13	);
92	weitzman	1.19	return system_settings_form($form);
93	weitzman	1.5	}
94
95	weitzman	1.3	function webserver_auth_help($section) {
96			$output ="";
97
98			switch ($section) {
99			case 'admin/help#webserver_auth':
100			break;
101	weitzman	1.8	case 'admin/modules#description':
102	weitzman	1.3	$output .= t("Use web server authentication instead of Drupal");
103			break;
104			}
105
106			return $output;
107			}