| 1 |
<?php |
<?php |
| 2 |
// $Id: webserver_auth.module,v 1.19 2008/03/10 21:43:42 weitzman Exp $ |
// $Id$ |
| 3 |
|
|
| 4 |
function webserver_auth_menu($may_cache) { |
function webserver_auth_menu() { |
| 5 |
if ($may_cache) { |
$items = array(); |
| 6 |
$items[] = array( |
$items['admin/settings/webserver_auth'] = array( |
| 7 |
'title' => t('Webserver authentication'), |
'title' => t('Webserver authentication'), |
| 8 |
'path' => "admin/settings/webserver_auth", |
'description' => t('Configure a domain for generating email addresses. Optional.'), |
| 9 |
'callback' => "drupal_get_form", |
'page callback' => 'drupal_get_form', |
| 10 |
'callback arguments' => array('webserver_auth_settings'), |
'page arguments' => array('webserver_auth_settings'), |
| 11 |
'description' => t('Configure a domain for generating email addresses. Optional.'), |
'access arguments' => array('administer site configuration'), |
| 12 |
); |
); |
|
} |
|
| 13 |
return $items; |
return $items; |
|
|
|
| 14 |
} |
} |
| 15 |
|
|
| 16 |
function webserver_auth_init() { |
function webserver_auth_init() { |
| 17 |
global $user, $account; |
global $user; |
| 18 |
|
|
| 19 |
$remote_user = ""; |
$authname = ''; |
| 20 |
|
|
| 21 |
//lets make sure we get the remote user whichever way it is available |
// Make sure we get the remote user whichever way it is available. |
| 22 |
if (isset($_SERVER["REDIRECT_REMOTE_USER"])) { |
if (isset($_SERVER['REDIRECT_REMOTE_USER'])) { |
| 23 |
$remote_user = $_SERVER["REDIRECT_REMOTE_USER"]; |
$authname = $_SERVER['REDIRECT_REMOTE_USER']; |
| 24 |
} elseif (isset($_SERVER["REMOTE_USER"])) { |
} |
| 25 |
$remote_user = $_SERVER["REMOTE_USER"]; |
elseif (isset($_SERVER['REMOTE_USER'])) { |
| 26 |
} |
$authname = $_SERVER['REMOTE_USER']; |
|
|
|
|
// two ways to get $name |
|
|
if ($name != $remote_user) { |
|
|
//this might be something to add as an admin panel function later |
|
|
//$name = strtolower($remote_user); |
|
|
$name = $remote_user; |
|
|
} |
|
|
|
|
|
if (isset($user) && $user->id && $user->name === $name) { |
|
|
//do nothing because user is already logged into Drupal, and hasn't presented different credentials vis web server |
|
| 27 |
} |
} |
|
else { |
|
|
if ($name) { |
|
|
// user is logged into webserver. |
|
|
$account->name = $name; |
|
|
//modules get to change the user bits before saving. use a global $account to do so. |
|
|
// only loaded modules will see this hook |
|
|
module_invoke_all("webserver_auth"); |
|
|
// if we are in bootstrap, load user.module ourselves |
|
|
if (!module_exists('user')) { |
|
|
drupal_load('module', 'user'); |
|
|
} |
|
| 28 |
|
|
| 29 |
// try to log into Drupal. if unsuccessful, register the user |
// Perform some cleanup so plaintext passwords aren't available under |
| 30 |
$test_user = user_external_load($account->name); |
// mod_auth_kerb. |
| 31 |
if (!$test_user->uid) { |
unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); |
| 32 |
if (variable_get("user_register", 1) == 1) { |
|
| 33 |
$user_default = array("name" => $account->name, "pass" => "cyan", "init" => db_escape_string($name), "authname_webserver_auth" => $account->name, "status" => 1, "roles" => array(DRUPAL_AUTHENTICATED_RID)); |
// Retrieve user credentials |
| 34 |
// TODO - the hook_user('register') will fire but only for loaded modules. could be a problem for sites using page cache and that hook+operation |
$result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s' AND module = 'webserver_auth'", $authname); |
| 35 |
$user = user_save("", array_merge($user_default, (array)$account)); |
$expected = db_fetch_array($result); |
| 36 |
watchdog("user", "new user: $user->name (webserver_auth)", l(t("edit user"), "admin/user/edit/$user->uid")); |
|
| 37 |
} |
if (isset($user) && $user->uid === $expected['uid']) { |
| 38 |
} |
// Do nothing: user is already logged into Drupal with session data matching |
| 39 |
else{ |
// HTTP authentication. |
| 40 |
$user = $test_user; |
} |
| 41 |
|
else { |
| 42 |
|
if (!empty($authname)) { |
| 43 |
|
// User is logged into webserver via HTTP authentication. |
| 44 |
|
// Try to log into Drupal. |
| 45 |
|
$user = user_external_load($authname); |
| 46 |
|
|
| 47 |
|
if (!$user) { |
| 48 |
|
// If unsuccessful, register the user. This will trigger |
| 49 |
|
// webserver_auth_user() and any other _user() hooks. |
| 50 |
|
user_external_login_register($authname, 'webserver_auth'); |
| 51 |
} |
} |
| 52 |
} |
} |
|
else { |
|
|
// do nothing. user isn't logged into web server |
|
|
} |
|
| 53 |
} |
} |
| 54 |
} |
} |
| 55 |
|
|
| 56 |
// using a global to change your bits. module_invoke_all miffs me. |
/** |
| 57 |
function webserver_auth_webserver_auth() { |
* Implementation of hook_user(). |
| 58 |
global $account; |
*/ |
| 59 |
|
function webserver_auth_user($op, &$edit, &$account, $category = NULL) { |
| 60 |
$account->name = trim($account->name); |
if ($op == 'insert' && $category = 'account') { |
| 61 |
// pretties up the username for NTLM authentication (i.e. Windows) |
$account->name = trim($account->name); |
| 62 |
if ($_SERVER["AUTH_TYPE"] == "NTLM" || $_SERVER["AUTH_TYPE"] == 'Negotiate') { |
// Pretty up the username for NTLM authentication (i.e. Windows) |
| 63 |
if (!(strpos($account->name, "\\") === false)) { |
if (variable_get('webserver_auth_strip_prefix', TRUE)) { |
| 64 |
$account->name = substr($account->name, strrpos($account->name, "\\")+1); |
// Get 'bar' from 'foo1\foo2\bar' |
| 65 |
} |
$account->name = array_pop(explode("\\", $account->name)); |
|
if (!(strpos($account->name, "@") === false)) { |
|
|
$account->name = substr($account->name, 0, strrpos($account->name, "@")); |
|
|
} |
|
|
} |
|
|
|
|
|
if ($domain = variable_get("webserver_auth_domain", "")) { |
|
|
if ($account->name) { |
|
|
$account->mail = $account->name. "@$domain"; |
|
| 66 |
} |
} |
| 67 |
|
if (variable_get('webserver_auth_strip_domain', TRUE)) { |
| 68 |
|
// Get 'foo' from 'foo@bar' |
| 69 |
|
$account->name = array_shift(explode('@', $account->name)); |
| 70 |
|
} |
| 71 |
|
|
| 72 |
|
// Generate an e-mail address automagically |
| 73 |
|
if ($domain = variable_get('webserver_auth_email_domain', '')) { |
| 74 |
|
if ($account->name) { |
| 75 |
|
$account->mail = $account->name. '@'. $domain; |
| 76 |
|
} |
| 77 |
|
} |
| 78 |
|
// run some custom code to modify the user object at creation time |
| 79 |
|
if ($code = variable_get('webserver_auth_insert', '')) { |
| 80 |
|
eval('?>'. $code); |
| 81 |
|
} |
| 82 |
|
} |
| 83 |
|
elseif ($op == 'logout') { |
| 84 |
|
global $base_url; |
| 85 |
|
// kick user out of a secure session so they aren't automatically logged back in |
| 86 |
|
$base_url = str_replace('https://', 'http://', $base_url); |
| 87 |
} |
} |
| 88 |
} |
} |
| 89 |
|
|
| 90 |
function webserver_auth_settings() { |
function webserver_auth_settings() { |
| 91 |
$form["webserver_auth_domain"] = array( |
$form['webserver_auth_email_domain'] = array( |
| 92 |
'#type' => 'textfield', |
'#type' => 'textfield', |
| 93 |
'#title' => t("Email Domain"), |
'#title' => t('Email domain'), |
| 94 |
'#default_value' => variable_get("webserver_auth_domain", ""), |
'#default_value' => variable_get('webserver_auth_email_domain', ''), |
| 95 |
'#size' => 30, |
'#size' => 30, |
| 96 |
'#maxlength' => 55, |
'#maxlength' => 55, |
| 97 |
'#description' => t("Append this domain name to each new user in order generate his email address. Currently only used for NTLM authentication."), |
'#description' => t('Append this domain name to each new user in order generate his email address.'), |
| 98 |
); |
); |
| 99 |
return system_settings_form($form); |
$form['advanced'] = array( |
| 100 |
} |
'#type' => 'fieldset', |
| 101 |
|
'#title' => t('Advanced settings'), |
| 102 |
function webserver_auth_help($section) { |
'#collapsible' => TRUE, |
| 103 |
$output =""; |
'#collapsed' => TRUE, |
| 104 |
|
'webserver_auth_strip_prefix' => array( |
| 105 |
switch ($section) { |
'#type' => 'checkbox', |
| 106 |
case 'admin/help#webserver_auth': |
'#title' => t('Strip prefix'), |
| 107 |
break; |
'#default_value' => variable_get('webserver_auth_strip_prefix', TRUE), |
| 108 |
case 'admin/modules#description': |
'#description' => t("Strip NTLM-style prefixes (e.g. 'foo1\foo2') from the login name ('foo1\foo2\bar') to generate the username ('bar')."), |
| 109 |
$output .= t("Use web server authentication instead of Drupal"); |
), |
| 110 |
break; |
'webserver_auth_strip_domain' => array( |
| 111 |
} |
'#type' => 'checkbox', |
| 112 |
|
'#title' => t('Strip domain'), |
| 113 |
return $output; |
'#default_value' => variable_get('webserver_auth_strip_domain', TRUE), |
| 114 |
|
'#description' => t("Strip a domain name (e.g. '@EXAMPLE.COM') from the login name ('newuser@EXAMPLE.COM') to generate the username ('newuser')."), |
| 115 |
|
), |
| 116 |
|
'webserver_auth_insert' => array( |
| 117 |
|
'#type' => 'textarea', |
| 118 |
|
'#title' => 'User account modification', |
| 119 |
|
'#default_value' => variable_get('webserver_auth_insert', ''), |
| 120 |
|
'#description' => t("Modify user accounts at the time of creation. Use PHP code (enclosed in <code><?php</code> and <code>?></code>). The variable <code>\$account</code> is available as in <a href=\"http://api.drupal.org/api/function/hook_user/6\">hook_user('insert',...)</a>. Changes to the user object must be explicitly saved to the database to be made permanent."), |
| 121 |
|
), |
| 122 |
|
); |
| 123 |
|
return system_settings_form($form); |
| 124 |
} |
} |
Parent Directory
| 
Revision Log
| 
Revision Graph
| 
Patch