modules/webserver_auth/webserver_auth.module

<?php
// $Id: webserver_auth.module,v 1.19 2008/03/10 21:43:42 weitzman Exp $

function webserver_auth_menu($may_cache) {
  if ($may_cache) {
    $items[] = array(
      'title' => t('Webserver authentication'),
      'path' => "admin/settings/webserver_auth",
      'callback' => "drupal_get_form",
      'callback arguments' => array('webserver_auth_settings'),
      'description' => t('Configure a domain for generating email addresses. Optional.'),
    );
  }
  return $items;

}

function webserver_auth_init() {
  global $user, $account;

  $remote_user = "";

  //lets make sure we get the remote user whichever way it is available
  if (isset($_SERVER["REDIRECT_REMOTE_USER"])) {
     $remote_user = $_SERVER["REDIRECT_REMOTE_USER"];
  } elseif (isset($_SERVER["REMOTE_USER"])) {
     $remote_user = $_SERVER["REMOTE_USER"];
  }

  // two ways to get $name 
  if ($name != $remote_user) {
    //this might be something to add as an admin panel function later
    //$name = strtolower($remote_user);
    $name = $remote_user;
  }
  
  if (isset($user) && $user->id && $user->name === $name) {
    //do nothing because user is already logged into Drupal, and hasn't presented different credentials vis web server
  }
  else {
    if ($name) {
      // user is logged into webserver.
      $account->name = $name;
      //modules get to change the user bits before saving. use a global $account to do so.
      // only loaded modules will see this hook
      module_invoke_all("webserver_auth");
      // if we are in bootstrap, load user.module ourselves
      if (!module_exists('user')) {
       drupal_load('module', 'user');
      }

      // try to log into Drupal. if unsuccessful, register the user
      $test_user = user_external_load($account->name);
      if (!$test_user->uid) {
        if (variable_get("user_register", 1) == 1) {
          $user_default = array("name" => $account->name, "pass" => "cyan", "init" => db_escape_string($name), "authname_webserver_auth" => $account->name, "status" => 1, "roles" => array(DRUPAL_AUTHENTICATED_RID));
          // TODO - the hook_user('register') will fire but only for loaded modules. could be a problem for sites using page cache and that hook+operation
          $user = user_save("", array_merge($user_default, (array)$account));
          watchdog("user", "new user: $user->name (webserver_auth)", l(t("edit user"), "admin/user/edit/$user->uid"));
        }
      }
      else{
        $user = $test_user;
      }
    }
    else {
      // do nothing. user isn't logged into web server
    }
  }
}

// using a global to change your bits. module_invoke_all miffs me.
function webserver_auth_webserver_auth() {
  global $account;

  $account->name = trim($account->name);
  // pretties up the username for NTLM authentication (i.e. Windows)
  if ($_SERVER["AUTH_TYPE"] == "NTLM" || $_SERVER["AUTH_TYPE"] == 'Negotiate') {
    if (!(strpos($account->name, "\\") === false)) {
      $account->name = substr($account->name, strrpos($account->name, "\\")+1);
	}
    if (!(strpos($account->name, "@") === false)) {
      $account->name = substr($account->name, 0, strrpos($account->name, "@"));
	}
  }

  if ($domain = variable_get("webserver_auth_domain", "")) {
    if ($account->name) {
      $account->mail = $account->name. "@$domain";
    }
  }
}

function webserver_auth_settings() {
  $form["webserver_auth_domain"] = array(
    '#type' => 'textfield',
    '#title' => t("Email Domain"),
    '#default_value' => variable_get("webserver_auth_domain", ""),
    '#size' => 30,
    '#maxlength' => 55,
    '#description' => t("Append this domain name to each new user in order generate his email address. Currently only used for NTLM authentication."),
    );
  return system_settings_form($form);	
}

function webserver_auth_help($section) {
  $output ="";

  switch ($section) {
    case 'admin/help#webserver_auth':
      break;
    case 'admin/modules#description':
      $output .= t("Use web server authentication instead of Drupal");
      break;
  }

  return $output;
}
1	<?php
2	// $Id: webserver_auth.module,v 1.19 2008/03/10 21:43:42 weitzman Exp $
3
4	function webserver_auth_menu($may_cache) {
5	if ($may_cache) {
6	$items[] = array(
7	'title' => t('Webserver authentication'),
8	'path' => "admin/settings/webserver_auth",
9	'callback' => "drupal_get_form",
10	'callback arguments' => array('webserver_auth_settings'),
11	'description' => t('Configure a domain for generating email addresses. Optional.'),
12	);
13	}
14	return $items;
15
16	}
17
18	function webserver_auth_init() {
19	global $user, $account;
20
21	$remote_user = "";
22
23	//lets make sure we get the remote user whichever way it is available
24	if (isset($_SERVER["REDIRECT_REMOTE_USER"])) {
25	$remote_user = $_SERVER["REDIRECT_REMOTE_USER"];
26	} elseif (isset($_SERVER["REMOTE_USER"])) {
27	$remote_user = $_SERVER["REMOTE_USER"];
28	}
29
30	// two ways to get $name
31	if ($name != $remote_user) {
32	//this might be something to add as an admin panel function later
33	//$name = strtolower($remote_user);
34	$name = $remote_user;
35	}
36
37	if (isset($user) && $user->id && $user->name === $name) {
38	//do nothing because user is already logged into Drupal, and hasn't presented different credentials vis web server
39	}
40	else {
41	if ($name) {
42	// user is logged into webserver.
43	$account->name = $name;
44	//modules get to change the user bits before saving. use a global $account to do so.
45	// only loaded modules will see this hook
46	module_invoke_all("webserver_auth");
47	// if we are in bootstrap, load user.module ourselves
48	if (!module_exists('user')) {
49	drupal_load('module', 'user');
50	}
51
52	// try to log into Drupal. if unsuccessful, register the user
53	$test_user = user_external_load($account->name);
54	if (!$test_user->uid) {
55	if (variable_get("user_register", 1) == 1) {
56	$user_default = array("name" => $account->name, "pass" => "cyan", "init" => db_escape_string($name), "authname_webserver_auth" => $account->name, "status" => 1, "roles" => array(DRUPAL_AUTHENTICATED_RID));
57	// TODO - the hook_user('register') will fire but only for loaded modules. could be a problem for sites using page cache and that hook+operation
58	$user = user_save("", array_merge($user_default, (array)$account));
59	watchdog("user", "new user: $user->name (webserver_auth)", l(t("edit user"), "admin/user/edit/$user->uid"));
60	}
61	}
62	else{
63	$user = $test_user;
64	}
65	}
66	else {
67	// do nothing. user isn't logged into web server
68	}
69	}
70	}
71
72	// using a global to change your bits. module_invoke_all miffs me.
73	function webserver_auth_webserver_auth() {
74	global $account;
75
76	$account->name = trim($account->name);
77	// pretties up the username for NTLM authentication (i.e. Windows)
78	if ($_SERVER["AUTH_TYPE"] == "NTLM" \|\| $_SERVER["AUTH_TYPE"] == 'Negotiate') {
79	if (!(strpos($account->name, "\\") === false)) {
80	$account->name = substr($account->name, strrpos($account->name, "\\")+1);
81	}
82	if (!(strpos($account->name, "@") === false)) {
83	$account->name = substr($account->name, 0, strrpos($account->name, "@"));
84	}
85	}
86
87	if ($domain = variable_get("webserver_auth_domain", "")) {
88	if ($account->name) {
89	$account->mail = $account->name. "@$domain";
90	}
91	}
92	}
93
94	function webserver_auth_settings() {
95	$form["webserver_auth_domain"] = array(
96	'#type' => 'textfield',
97	'#title' => t("Email Domain"),
98	'#default_value' => variable_get("webserver_auth_domain", ""),
99	'#size' => 30,
100	'#maxlength' => 55,
101	'#description' => t("Append this domain name to each new user in order generate his email address. Currently only used for NTLM authentication."),
102	);
103	return system_settings_form($form);
104	}
105
106	function webserver_auth_help($section) {
107	$output ="";
108
109	switch ($section) {
110	case 'admin/help#webserver_auth':
111	break;
112	case 'admin/modules#description':
113	$output .= t("Use web server authentication instead of Drupal");
114	break;
115	}
116
117	return $output;
118	}