mirror of
https://github.com/moodle/moodle.git
synced 2025-06-02 06:05:31 +02:00
decd80163d
Flesh out the functions that get the job done. These will be triggered by PHP files sitting under auth/ldap/ ... ntlmsso_magic() - here is where the magic happens. Call it serving something harmless, like a space GIF, from a URL that is blessed with Integrated Windows Authentication. If the IWA is successful, it will set a special session cookie in config_plugins table. It won't complete the job because when we are under IWA magic we cannot change (even read!) the session data, as the execution happens under the OS privileges of the actual user acct being logged in (!!!) ntlmsso_finish() - if it finds the session set by ntlmsso_magic() and it hasn't expired, it will finish the job of logging in the user, by calling authenticate_user_login() and exercising the whole auth machinery. user_login() - when called by authenticate_user_login() it will check to see if there's a session setup by ntlmsso_magic() and OK the login without really asking the AD backend to proof a password we don't have anyway.