[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [11103] api: custom sso
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [11103] api: custom sso |
Date: |
Sun, 12 May 2013 11:49:52 +0000 |
Revision: 11103
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=11103
Author: sigurdne
Date: 2013-05-12 11:49:51 +0000 (Sun, 12 May 2013)
Log Message:
-----------
api: custom sso
Modified Paths:
--------------
trunk/phpgwapi/inc/class.login.inc.php
trunk/phpgwapi/inc/class.ofphpgwapi.inc.php
Added Paths:
-----------
trunk/phpgwapi/inc/auth/class.auth_customsso.inc.php
Added: trunk/phpgwapi/inc/auth/class.auth_customsso.inc.php
===================================================================
--- trunk/phpgwapi/inc/auth/class.auth_customsso.inc.php
(rev 0)
+++ trunk/phpgwapi/inc/auth/class.auth_customsso.inc.php 2013-05-12
11:49:51 UTC (rev 11103)
@@ -0,0 +1,183 @@
+<?php
+ /**
+ * Authentication based on SQL table
+ * @author Dan Kuykendall <address@hidden>
+ * @author Joseph Engo <address@hidden>
+ * @author Sigurd Nes <address@hidden>
+ * @copyright Copyright (C) 2013 Free Software Foundation, Inc.
http://www.fsf.org/
+ * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
+ * @package phpgwapi
+ * @subpackage accounts
+ * @version $Id: class.auth_sql.inc.php 10166 2012-10-09 07:54:03Z
sigurdne $
+ */
+
+ /*
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
published by
+ the Free Software Foundation, either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+ /**
+ * Authentication based on SQL table
+ *
+ * @package phpgwapi
+ * @subpackage accounts
+ */
+ class phpgwapi_auth_customsso extends phpgwapi_auth_
+ {
+
+ /**
+ * Constructor
+ */
+ public function __construct()
+ {
+ parent::__construct();
+ }
+
+ /**
+ * Authenticate a user
+ *
+ * @param string $username the login to authenticate
+ * @param string $passwd the password supplied by the user
+ * @return bool did the user sucessfully authenticate
+ */
+ public function authenticate($username, $passwd)
+ {
+ $username =
$GLOBALS['phpgw']->db->db_addslashes($username);
+
+ $sql = 'SELECT account_pwd FROM phpgw_accounts'
+ . " WHERE account_lid = '{$username}'"
+ . " AND account_status = 'A'";
+
+ $GLOBALS['phpgw']->db->query($sql, __LINE__, __FILE__);
+ return !!$GLOBALS['phpgw']->db->next_record();
+
+ }
+
+ /* php ping function
+ */
+ private function ping($host)
+ {
+ exec(sprintf('ping -c 1 -W 5 %s', escapeshellarg($host)), $res,
$rval);
+ return $rval === 0;
+ }
+
+
+ public function get_username()
+ {
+ $config = CreateObject('phpgwapi.config','rental');
+ $config->read();
+
+ if(! $config->config_data['external_db_host'] ||
!$this->ping($config->config_data['external_db_host']))
+ {
+ $message ="Database server
{$config->config_data['external_db_host']} is not accessible";
+ phpgwapi_cache::message_set($message, 'error');
+ return false;
+ }
+
+ $db = createObject('phpgwapi.db', null, null, true);
+
+ $db->debug =
!!$config->config_data['external_db_debug'];
+ $db->Host = $config->config_data['external_db_host'];
+ $db->Port = $config->config_data['external_db_port'];
+ $db->Type = $config->config_data['external_db_type'];
+ $db->Database =
$config->config_data['external_db_name'];
+ $db->User = $config->config_data['external_db_user'];
+ $db->Password =
$config->config_data['external_db_password'];
+
+ try
+ {
+ $db->connect();
+ }
+ catch(Exception $e)
+ {
+ $message =
lang('unable_to_connect_to_database');
+ phpgwapi_cache::message_set($message, 'error');
+ return false;
+ }
+
+ $headers = getallheaders();
+
+// $headers['Osso-User-Dn'] =
'cn=02035701829,cn=users,dc=usrv,dc=ubergenkom,dc=no';// test
+
+ $header_regular_expression = '/^cn=(.*),cn=users.*$/';
+ $header_key = 'Osso-User-Dn';
+ $matches = array();
+
preg_match_all($header_regular_expression,$headers[$header_key], $matches);
+ $fodsels_nr = $matches[1][0];
+
+ $sql = "SELECT BRUKERNAVN FROM V_IDM_KOBLINGER WHERE
FODSELSNR ='{$fodsels_nr}'";
+ $db->query($sql,__LINE__,__FILE__);
+ $db->next_record();
+ return $db->f('BRUKERNAVN',true);
+ }
+
+ /**
+ * Set the user's password to a new value
+ *
+ * @param string $old_passwd the user's old password
+ * @param string $new_passwd the user's new password
+ * @param int $account_id the account to change the password for
- defaults to current user
+ * @return string the new encrypted hash, or an empty string on
failure
+ */
+ public function change_password($old_passwd, $new_passwd,
$account_id = 0)
+ {
+ $account_id = (int) $account_id;
+ // Don't allow passwords changes for other accounts
when using XML-RPC
+ if ( !$account_id )
+ {
+ $account_id =
$GLOBALS['phpgw_info']['user']['account_id'];
+ }
+
+ if ( $GLOBALS['phpgw_info']['flags']['currentapp'] ==
'login')
+ {
+ if (
!$this->authenticate($GLOBALS['phpgw']->accounts->id2lid($account_id),
$old_passwd) )
+ {
+ return '';
+ }
+ }
+
+ $hash = $this->create_hash($new_passwd);
+ $hash_safe =
$GLOBALS['phpgw']->db->db_addslashes($hash); // just to be safe :)
+ $now = time();
+
+ $sql = 'UPDATE phpgw_accounts'
+ . " SET account_pwd = '{$hash_safe}',
account_lastpwd_change = {$now}"
+ . " WHERE account_id = {$account_id}";
+
+ if ( !!$GLOBALS['phpgw']->db->query($sql, __LINE__,
__FILE__) )
+ {
+ return $hash;
+ }
+ return '';
+ }
+
+ /**
+ * Update when the user last logged in
+ *
+ * @param int $account_id the user's account id
+ * @param string $ip the source IP adddress for the request
+ */
+ public function update_lastlogin($account_id, $ip)
+ {
+ $ip = $GLOBALS['phpgw']->db->db_addslashes($ip);
+ $account_id = (int) $account_id;
+ $now = time();
+
+ $sql = 'UPDATE phpgw_accounts'
+ . " SET account_lastloginfrom = '{$ip}',"
+ . " account_lastlogin = {$now}"
+ . " WHERE account_id = {$account_id}";
+
+ $GLOBALS['phpgw']->db->query($sql, __LINE__, __FILE__);
+ }
+ }
Modified: trunk/phpgwapi/inc/class.login.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.login.inc.php 2013-05-10 13:55:35 UTC (rev
11102)
+++ trunk/phpgwapi/inc/class.login.inc.php 2013-05-12 11:49:51 UTC (rev
11103)
@@ -204,7 +204,7 @@
unset($sslattributes);
}
- if ($GLOBALS['phpgw_info']['server']['auth_type'] ==
'custom_sso' && !isset($_GET['cd']))
+ if ($GLOBALS['phpgw_info']['server']['auth_type'] ==
'customsso' && !isset($_GET['cd']))
{
//Reset auth object
Modified: trunk/phpgwapi/inc/class.ofphpgwapi.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.ofphpgwapi.inc.php 2013-05-10 13:55:35 UTC (rev
11102)
+++ trunk/phpgwapi/inc/class.ofphpgwapi.inc.php 2013-05-12 11:49:51 UTC (rev
11103)
@@ -109,7 +109,7 @@
case 'ldap':
case 'mail':
// case 'nis': - doesn't currently work AFAIK -
skwashd may08
- case 'custom_sso':
+ case 'customsso':
case 'ntlm':
case 'remoteuser':
case 'sql':
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [11103] api: custom sso,
Sigurd Nes <=