mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-9399 auth/ldap: NTLM SSO - lots of fixes from Iñaki

Browse Source 
Lots of typos and minor errors fixed by Iñaki. Thanks!
This commit is contained in:
martinlanghoff 2007-11-14 22:09:15 +00:00
parent 3357a506bd
commit 02c7f3d98a
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
auth/ldap/auth.php
View File

@ -84,27 +84,28 @@ class auth_plugin_ldap extends auth_plugin_base {
// //
// Before we connect to LDAP, check if this is an AD SSO login // Before we connect to LDAP, check if this is an AD SSO login
// //
if (!empty($this->ntlmsso_enabled)) { if (!empty($this->config->ntlmsso_enabled)) {
$key = $_SERVER['REMOTE_ADDR']; $key = $_SERVER['REMOTE_ADDR'];
if ($cookie = get_config('auth/ldap/ntlmsess', $key)) { if ($cookie = get_config('auth/ldap/ntlmsess', $key)) {
// These checks match the work done // These checks match the work done
if (preg_match('/^(\d+):.{10}:(.+)$/',$cookie,$matches)) { if (preg_match('/^(\d+):(.{10}):(.+)$/',$cookie,$matches)) {
// $matches[0] is the whole matched string... // $matches[0] is the whole matched string...
$time = $matches[1]; $time = $matches[1];
$sesskey = $matches[2]; $sesskey = $matches[2];
$sessusername = $matches[3]; $sessusername = $matches[3];
if (((int)$time < now() - 6) // timewindow for the process, in secs... if (((time() - ((int)$time)) < 6) // timewindow for the process, in secs...
&& $sesskey === sesskey() && $sesskey === sesskey()
&& $sesskey === $password && $sesskey === $password
&& $sessusername === $username) { && $sessusername === $username) {
unset($cookie);
unset($key);
unset($time);
unset($sessusername);
return true; return true;
} }
} }
} }
unset($cookie);
unset($key);
unset($time);
unset($sessusername);
} }
@ -1742,6 +1743,8 @@ class auth_plugin_ldap extends auth_plugin_base {
* *
*/ */
function loginpage_hook() { function loginpage_hook() {
global $CFG;
if (!empty($this->config->ntlmsso_enabled) // SSO enabled if (!empty($this->config->ntlmsso_enabled) // SSO enabled
&& !empty($this->config->ntlmsso_subnet)// have a subnet to test for && !empty($this->config->ntlmsso_subnet)// have a subnet to test for
&& empty($_GET['authldap_skipntlmsso']) // haven't failed it yet && empty($_GET['authldap_skipntlmsso']) // haven't failed it yet
@ -1774,7 +1777,7 @@ class auth_plugin_ldap extends auth_plugin_base {
$username = substr(strrchr($username, '\\'), 1); //strip domain info $username = substr(strrchr($username, '\\'), 1); //strip domain info
$username = strtolower($username); //compatibility hack $username = strtolower($username); //compatibility hack
$key = $_SERVER['REMOTE_ADDR']; // add sesskey? $key = $_SERVER['REMOTE_ADDR']; // add sesskey?
$value = now() . ':' . $sesskey . ':' . $username; $value = time() . ':' . $sesskey . ':' . $username;
return set_config($key, $value, 'auth/ldap/ntlmsess'); return set_config($key, $value, 'auth/ldap/ntlmsess');
} }
return false; return false;
@ -1791,14 +1794,16 @@ class auth_plugin_ldap extends auth_plugin_base {
* *
*/ */
function ntlmsso_finish() { function ntlmsso_finish() {
global $CFG;
$key = $_SERVER['REMOTE_ADDR']; // add sesskey? $key = $_SERVER['REMOTE_ADDR']; // add sesskey?
if ($cookie = get_config('auth/ldap/ntlmsess', $key)) { if ($cookie = get_config('auth/ldap/ntlmsess', $key)) {
if (preg_match('/^(\d+):.{10}:(.+)$/',$cookie,$matches)) { if (preg_match('/^(\d+):(.{10}):(.+)$/',$cookie,$matches)) {
// $matches[0] is the whole matched string... // $matches[0] is the whole matched string...
$time = $matches[1]; $time = $matches[1];
$sesskey = $matches[2]; $sesskey = $matches[2];
$username = $matches[3]; $username = $matches[3];
if (((int)$time < now() - 6) // timewindow for the process, in secs... if (((time() - ((int)$time)) < 6) // timewindow for the process, in secs...
&& $sesskey === sesskey()) { && $sesskey === sesskey()) {
// Here we want to trigger the whole authentication machinery // Here we want to trigger the whole authentication machinery
// to make sure no step is bypassed... // to make sure no step is bypassed...