Révision dd54aff9
Ajouté par Assos Assos il y a plus de 10 ans
htmltest/sites/all/modules/ldap/ldap_sso/ldap_sso.module | ||
---|---|---|
26 | 26 |
* Implements hook_user_logout(). |
27 | 27 |
* |
28 | 28 |
* The user just logged out. |
29 |
* |
|
30 | 29 |
*/ |
31 |
|
|
32 | 30 |
function ldap_sso_user_logout($account) { |
33 | 31 |
$auth_conf = ldap_authentication_get_valid_conf(); |
34 | 32 |
if ($auth_conf->seamlessLogin == 1) { |
35 | 33 |
$cookie_string = 'do not auto login'; |
36 |
$cookie_timeout = (int)$auth_conf->cookieExpire; |
|
34 |
$cookie_timeout = (int) $auth_conf->cookieExpire;
|
|
37 | 35 |
setcookie('seamless_login', $cookie_string, (($cookie_timeout == -1) ? 0 : $cookie_timeout + time()), base_path(), ""); |
38 | 36 |
ldap_servers_set_globals('_SESSION', 'seamless_login', $cookie_string); |
39 | 37 |
} |
... | ... | |
41 | 39 |
|
42 | 40 |
/** |
43 | 41 |
* Implements hook_boot(). |
44 |
* Perform setup tasks. This entry point is used because hook_user_load no |
|
45 |
* longer runs on anonymous users, and hook_boot is guaranteed to run, |
|
46 |
* regardless of cache |
|
42 |
* |
|
43 |
* Perform setup tasks. This entry point is used because hook_user_load no |
|
44 |
* longer runs on anonymous users, and hook_boot is guaranteed to run, |
|
45 |
* regardless of cache. |
|
47 | 46 |
*/ |
48 | 47 |
function ldap_sso_boot() { |
49 | 48 |
|
... | ... | |
55 | 54 |
module_load_include('module', 'ldap_servers'); |
56 | 55 |
|
57 | 56 |
if (!(isset($_COOKIE['seamless_login'])) || $_COOKIE['seamless_login'] == 'auto login') { |
58 |
if ((arg(0) == 'user' && !(is_numeric(arg(1)))) || arg(0) == 'logout' ) {
|
|
57 |
if ((arg(0) == 'user' && !(is_numeric(arg(1)))) || arg(0) == 'logout') { |
|
59 | 58 |
return; |
60 | 59 |
} |
61 | 60 |
else { |
62 |
if (isset($_COOKIE['seamless_login_attempted'])) |
|
61 |
if (isset($_COOKIE['seamless_login_attempted'])) {
|
|
63 | 62 |
$login_attempted = $_COOKIE['seamless_login_attempted']; |
63 |
} |
|
64 | 64 |
else { |
65 | 65 |
$login_attempted = FALSE; |
66 | 66 |
} |
67 | 67 |
|
68 |
require_once(DRUPAL_ROOT . '/includes/common.inc');
|
|
69 |
require_once(DRUPAL_ROOT . '/includes/path.inc');
|
|
68 |
require_once DRUPAL_ROOT . '/includes/common.inc';
|
|
69 |
require_once DRUPAL_ROOT . '/includes/path.inc';
|
|
70 | 70 |
$ldap_authentication_conf = variable_get('ldap_authentication_conf', array()); |
71 | 71 |
|
72 | 72 |
if (isset($ldap_authentication_conf['seamlessLogin']) && $ldap_authentication_conf['seamlessLogin'] == 1 && ($login_attempted != 'true')) { |
... | ... | |
74 | 74 |
setcookie("seamless_login_attempted", 'true', 0, base_path(), ""); |
75 | 75 |
} |
76 | 76 |
else { |
77 |
setcookie('seamless_login_attempted', 'true', time() + (int)$ldap_authentication_conf['cookieExpire'], base_path(), ""); |
|
77 |
setcookie('seamless_login_attempted', 'true', time() + (int) $ldap_authentication_conf['cookieExpire'], base_path(), "");
|
|
78 | 78 |
} |
79 | 79 |
ldap_servers_set_globals('_SESSION', 'seamless_login_attempted', $login_attempted); |
80 |
// removed with http://drupal.org/node/1485118 patch |
|
81 |
//$ldap_sso_q = (!isset($_GET['q']) || $_GET['q'] == '') ? 'user' : $_GET['q']; |
|
82 |
//drupal_goto('user/login/sso', array('query' => array('destination' => rawurlencode($ldap_sso_q)))); |
|
80 |
|
|
83 | 81 |
drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE); |
84 |
if (ldap_sso_path_excluded_from_sso()) { // seems redundant, but need to check this again after additional bootstrap |
|
82 |
// Seems redundant, but need to check this again after additional |
|
83 |
// bootstrap. |
|
84 |
if (ldap_sso_path_excluded_from_sso()) { |
|
85 | 85 |
return; |
86 | 86 |
} |
87 | 87 |
// Add the query key to the drupal_goto() options array only if there |
... | ... | |
89 | 89 |
$options = array(); |
90 | 90 |
$destination = drupal_get_destination(); |
91 | 91 |
if (!empty($destination['destination'])) { |
92 |
$options['query'] = $destination;
|
|
93 |
}
|
|
92 |
$options['query'] = $destination; |
|
93 |
} |
|
94 | 94 |
drupal_goto('user/login/sso', $options); |
95 | 95 |
} |
96 | 96 |
else { |
... | ... | |
101 | 101 |
} |
102 | 102 |
} |
103 | 103 |
|
104 |
/** |
|
105 |
* Default excluded paths. |
|
106 |
*/ |
|
104 | 107 |
function ldap_sso_default_excluded_paths() { |
105 | 108 |
return array( |
106 |
'admin/config/search/clean-urls/check' |
|
109 |
'admin/config/search/clean-urls/check',
|
|
107 | 110 |
); |
108 | 111 |
} |
112 |
|
|
113 |
/** |
|
114 |
* Paths excluded from SSO. |
|
115 |
*/ |
|
109 | 116 |
function ldap_sso_path_excluded_from_sso($path = FALSE) { |
110 | 117 |
module_load_include('module', 'ldap_servers'); |
111 | 118 |
$result = FALSE; |
112 | 119 |
if ($path) { |
113 |
// don't derive
|
|
120 |
// Don't derive.
|
|
114 | 121 |
} |
115 | 122 |
elseif (ldap_servers_get_globals('_SERVER', 'PHP_SELF') == '/index.php') { |
116 | 123 |
$path = $_GET['q']; |
117 | 124 |
} |
118 | 125 |
else { |
119 |
$path = ltrim(ldap_servers_get_globals('_SERVER', 'PHP_SELF'), '/'); // cron.php, etc. |
|
126 |
// Cron.php, etc. |
|
127 |
$path = ltrim(ldap_servers_get_globals('_SERVER', 'PHP_SELF'), '/'); |
|
120 | 128 |
} |
121 |
|
|
129 |
|
|
122 | 130 |
if (in_array($path, ldap_sso_default_excluded_paths())) { |
123 | 131 |
return TRUE; |
124 | 132 |
} |
125 |
|
|
133 |
|
|
126 | 134 |
$ldap_authentication_conf = variable_get('ldap_authentication_conf', array()); |
127 | 135 |
|
128 | 136 |
if (isset($ldap_authentication_conf['ssoExcludedHosts']) && is_array($ldap_authentication_conf['ssoExcludedHosts'])) { |
... | ... | |
133 | 141 |
} |
134 | 142 |
} |
135 | 143 |
} |
136 |
|
|
137 | 144 |
|
138 | 145 |
if (isset($ldap_authentication_conf['ssoExcludedPaths'])) { |
139 |
$patterns = join("\r\n", $ldap_authentication_conf['ssoExcludedPaths']);
|
|
146 |
$patterns = implode("\r\n", $ldap_authentication_conf['ssoExcludedPaths']);
|
|
140 | 147 |
if ($patterns) { |
141 | 148 |
if (function_exists('drupal_get_path_alias')) { |
142 | 149 |
$path = drupal_get_path_alias($path); |
... | ... | |
144 | 151 |
$path = (function_exists('drupal_strtolower')) ? drupal_strtolower($path) : strtolower($path); |
145 | 152 |
|
146 | 153 |
$to_replace = array( |
147 |
'/(\r\n?|\n)/', // newlines |
|
148 |
'/\\\\\*/', // asterisks |
|
149 |
'/(^|\|)\\\\<front\\\\>($|\|)/' // <front> |
|
154 |
// Newlines. |
|
155 |
'/(\r\n?|\n)/', |
|
156 |
// Asterisks. |
|
157 |
'/\\\\\*/', |
|
158 |
// <front>. |
|
159 |
'/(^|\|)\\\\<front\\\\>($|\|)/', |
|
150 | 160 |
); |
151 | 161 |
$replacements = array( |
152 | 162 |
'|', |
153 | 163 |
'.*', |
154 |
'\1' . preg_quote(variable_get('site_frontpage', 'node'), '/') . '\2' |
|
164 |
'\1' . preg_quote(variable_get('site_frontpage', 'node'), '/') . '\2',
|
|
155 | 165 |
); |
156 | 166 |
$patterns_quoted = preg_quote($patterns, '/'); |
157 | 167 |
$regex = '/^(' . preg_replace($to_replace, $replacements, $patterns_quoted) . ')$/'; |
158 |
$result = (bool)preg_match($regex, $path); |
|
168 |
$result = (bool) preg_match($regex, $path);
|
|
159 | 169 |
} |
160 | 170 |
} |
161 | 171 |
|
... | ... | |
165 | 175 |
|
166 | 176 |
|
167 | 177 |
/** |
168 |
* A proxy function for the actual authentication routine. This is in place |
|
169 |
* so various implementations of grabbing NTLM credentials can be used and |
|
170 |
* selected from an administration page. This is the real gatekeeper since |
|
171 |
* this assumes that any NTLM authentication from the underlying web server |
|
172 |
* is good enough, and only checks that there are values in place for the |
|
178 |
* A proxy function for the actual authentication routine. |
|
179 |
* |
|
180 |
* This is in place so various implementations of grabbing NTLM credentials can |
|
181 |
* be used and selected from an administration page. This is the real gatekeeper |
|
182 |
* since this assumes that any NTLM authentication from the underlying web |
|
183 |
* server is good enough, and only checks that there are values in place for the |
|
173 | 184 |
* user name, and anything else that is set for a particular implementation. In |
174 | 185 |
* the case that there are no credentials set by the underlying web server, the |
175 | 186 |
* user is redirected to the normal user login form. |
176 |
* |
|
177 |
* @return false |
|
178 | 187 |
*/ |
179 | 188 |
function ldap_sso_user_login_sso() { |
180 | 189 |
|
... | ... | |
188 | 197 |
'!server_remote_user' => @$_SERVER['REMOTE_USER'], |
189 | 198 |
'!server_redirect_remote_user' => @$_SERVER['REDIRECT_REMOTE_USER'], |
190 | 199 |
'!ssoRemoteUserStripDomainName' => $auth_conf->ssoRemoteUserStripDomainName, |
191 |
'!seamlessLogin' => $auth_conf->seamlessLogin |
|
200 |
'!seamlessLogin' => $auth_conf->seamlessLogin,
|
|
192 | 201 |
); |
193 | 202 |
|
194 | 203 |
watchdog( |
... | ... | |
199 | 208 |
); |
200 | 209 |
} |
201 | 210 |
|
202 |
/** |
|
203 |
* Step 1. Derive $remote_user, $realm, and $domain from $_SERVER variable |
|
204 |
*/ |
|
211 |
// Step 1. Derive $remote_user, $realm, and $domain from $_SERVER variable. |
|
205 | 212 |
$remote_user = NULL; |
206 | 213 |
$realm = NULL; |
207 | 214 |
$domain = NULL; |
208 | 215 |
|
209 | 216 |
switch ($auth_conf->ldapImplementation) { |
210 |
case 'mod_auth_sspi' :
|
|
217 |
case 'mod_auth_sspi': |
|
211 | 218 |
$remote_user = FALSE; |
212 | 219 |
if ($remote_user = ldap_servers_get_globals('_SERVER', 'REMOTE_USER')) { |
213 | 220 |
} |
... | ... | |
216 | 223 |
} |
217 | 224 |
break; |
218 | 225 |
|
219 |
case 'mod_auth_kerb' :
|
|
226 |
case 'mod_auth_kerb': |
|
220 | 227 |
if ($remote_user = ldap_servers_get_globals('_SERVER', 'REMOTE_USER')) { |
221 | 228 |
} |
222 | 229 |
else { |
... | ... | |
225 | 232 |
|
226 | 233 |
if ($remote_user && preg_match('/^([A-Za-z0-9_\-\.]+)@([A-Za-z0-9_\-.]+)$/', $remote_user, $matches)) { |
227 | 234 |
$remote_user = $matches[1]; |
228 |
$realm = $matches[2]; // This can be used later if realms is ever supported properly |
|
235 |
// This can be used later if realms is ever supported properly. |
|
236 |
$realm = $matches[2]; |
|
229 | 237 |
} |
230 | 238 |
break; |
231 | 239 |
} |
... | ... | |
237 | 245 |
$watchdog_tokens, WATCHDOG_DEBUG); |
238 | 246 |
} |
239 | 247 |
|
240 |
|
|
241 | 248 |
if ($remote_user) { |
242 | 249 |
if ($auth_conf->ssoRemoteUserStripDomainName) { |
243 |
// might be in form <remote_user>@<domain> or <domain>\<remote_user>
|
|
250 |
// Might be in form <remote_user>@<domain> or <domain>\<remote_user>.
|
|
244 | 251 |
$domain = NULL; |
245 | 252 |
$exploded = preg_split('/[\@\\\\]/', $remote_user); |
246 | 253 |
if (count($exploded) == 2) { |
... | ... | |
274 | 281 |
'sso_login' => TRUE, |
275 | 282 |
); |
276 | 283 |
|
277 |
// Make sure we're populating the global user object so that we can log this user in. |
|
284 |
// Make sure we're populating the global user object so that we can log this |
|
285 |
// user in. |
|
278 | 286 |
global $user; |
279 | 287 |
$user = ldap_authentication_user_login_authenticate_validate(array(), $fake_form_state, TRUE); |
280 | 288 |
|
... | ... | |
295 | 303 |
ldap_servers_set_globals('_SESSION', 'seamless_login', 'auto login'); |
296 | 304 |
setcookie("seamless_login_attempted", ''); |
297 | 305 |
ldap_servers_delete_globals('_SESSION', 'seamless_login_attempted'); |
298 |
// Make sure we tell Drupal to create the session cookie for this authenticated user.
|
|
299 |
|
|
306 |
// Make sure we tell Drupal to create the session cookie for this |
|
307 |
// authenticated user. |
|
300 | 308 |
} |
301 | 309 |
user_login_finalize(); |
302 | 310 |
if ($auth_conf->ssoNotifyAuthentication) { |
... | ... | |
316 | 324 |
setcookie("seamless_login", 'do not auto login', time() + $auth_conf->cookieExpire, base_path(), ""); |
317 | 325 |
ldap_servers_set_globals('_SESSION', 'seamless_login', 'do not auto login'); |
318 | 326 |
} |
319 |
drupal_set_message(theme('ldap_authentication_message_not_found', |
|
320 |
array('message' => t('Sorry, your LDAP credentials were not found, ' . |
|
321 |
'or the LDAP server is not available. You may log in ' . |
|
322 |
'with other credentials on the !user_login_form.', |
|
323 |
array('!user_login_form' => l(t('user login form'), 'user/login')))) |
|
327 |
drupal_set_message(theme('ldap_authentication_message_not_found', array( |
|
328 |
'message' => t('Sorry, your LDAP credentials were not found, or the LDAP server is not available. You may log in with other credentials on the !user_login_form.', |
|
329 |
array('!user_login_form' => l(t('user login form'), 'user/login')))) |
|
324 | 330 |
), 'error'); |
325 | 331 |
if ($detailed_watchdog_log) { |
326 | 332 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user.user_fail.drupal_goto user/logint', $watchdog_tokens, WATCHDOG_DEBUG); |
... | ... | |
329 | 335 |
} |
330 | 336 |
} |
331 | 337 |
else { |
332 |
watchdog('ldap_authentication', '$_SERVER[\'REMOTE_USER\'] not found', array(), WATCHDOG_DEBUG); |
|
338 |
if ($detailed_watchdog_log) { |
|
339 |
watchdog('ldap_authentication', '$_SERVER[\'REMOTE_USER\'] not found', array(), WATCHDOG_DEBUG); |
|
340 |
} |
|
333 | 341 |
if ($auth_conf->seamlessLogin == 1) { |
334 | 342 |
setcookie("seamless_login", 'do not auto login', time() + $auth_conf->cookieExpire, base_path(), ""); |
335 | 343 |
ldap_servers_set_globals('_SESSION', 'seamless_login', 'do not auto login'); |
... | ... | |
337 | 345 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.no_remote_user.seamlessLogin', $watchdog_tokens, WATCHDOG_DEBUG); |
338 | 346 |
} |
339 | 347 |
} |
340 |
drupal_set_message(theme('ldap_authentication_message_not_authenticated', |
|
341 |
array('message' => |
|
342 |
t('You were not authenticated by the server. |
|
343 |
You may log in with your credentials below.') |
|
344 |
) |
|
345 |
), 'error'); |
|
348 |
drupal_set_message(theme('ldap_authentication_message_not_authenticated', array( |
|
349 |
'message' => t('You were not authenticated by the server. You may log in with your credentials below.'), |
|
350 |
)), 'error'); |
|
346 | 351 |
if ($detailed_watchdog_log) { |
347 | 352 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.no_remote_user.drupal_goto user/login', $watchdog_tokens, WATCHDOG_DEBUG); |
348 | 353 |
} |
... | ... | |
352 | 357 |
|
353 | 358 |
|
354 | 359 |
/** |
355 |
* used to mock $_SERVER, $_SESSION, etc globals for simpletests |
|
356 |
* @param string $global_type = _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST |
|
357 |
* @param string $key such as 'SERVER_ADDR', 'SERVER_PROTOCAL', etc. |
|
358 |
* @param boolean $only_mock_values signifying, don't get actual values when mock values don't exist |
|
360 |
* Used to mock $_SERVER, $_SESSION, etc globals for simpletests. |
|
359 | 361 |
* |
360 |
* @return mixed value of ldap_simpletest_globals variable for global and key |
|
361 |
* or $_SERVER[][], $_ENV[][], etv value if not in a simpletes or mock variable not available |
|
362 |
* @param string $global_type |
|
363 |
* _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST. |
|
364 |
* @param string $key |
|
365 |
* Such as 'SERVER_ADDR', 'SERVER_PROTOCOL', etc. |
|
366 |
* @param bool $only_mock_values |
|
367 |
* Don't get actual values when mock values don't exist. |
|
362 | 368 |
* |
363 |
* */ |
|
364 |
|
|
369 |
* @return mixed |
|
370 |
* ldap_simpletest_globals variable for global and key or $_SERVER[][], |
|
371 |
* $_ENV[][], etv value if not in a simpletest or mock variable not available. |
|
372 |
*/ |
|
365 | 373 |
function ldap_servers_get_globals($global_type, $key, $only_mock_values = FALSE) { |
366 | 374 |
$simpletest_globals = variable_get('ldap_simpletest_globals', array()); |
367 | 375 |
$simpletest = variable_get('ldap_simpletest', FALSE); |
... | ... | |
369 | 377 |
if ($simpletest && (isset($simpletest_globals[$global_type][$key]) || $only_mock_values)) { |
370 | 378 |
return ($simpletest_globals[$global_type][$key]) ? $simpletest_globals[$global_type][$key] : NULL; |
371 | 379 |
} |
372 |
else {
|
|
380 |
else { |
|
373 | 381 |
return (isset($GLOBALS[$global_type][$key]) && !$only_mock_values) ? $GLOBALS[$global_type][$key] : NULL; |
374 | 382 |
} |
375 | 383 |
|
376 | 384 |
} |
377 | 385 |
|
386 |
/** |
|
387 |
* Set globals. |
|
388 |
* |
|
389 |
* @param string $global_type |
|
390 |
* _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST. |
|
391 |
* @param string $key |
|
392 |
* Such as 'SERVER_ADDR', 'SERVER_PROTOCOL', etc. |
|
393 |
* @param string $value |
|
394 |
* The value to be set. |
|
395 |
*/ |
|
378 | 396 |
function ldap_servers_set_globals($global_type, $key, $value) { |
379 | 397 |
$simpletest_globals = variable_get('ldap_simpletest_globals', array()); |
380 | 398 |
$simpletest = variable_get('ldap_simpletest', FALSE); |
... | ... | |
388 | 406 |
|
389 | 407 |
} |
390 | 408 |
|
409 |
/** |
|
410 |
* Delete globals. |
|
411 |
* |
|
412 |
* @param string $global_type |
|
413 |
* _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST. |
|
414 |
* @param string $key |
|
415 |
* Such as 'SERVER_ADDR', 'SERVER_PROTOCOL', etc. |
|
416 |
* @param bool $only_mock_values |
|
417 |
* Don't get actual values when mock values don't exist. |
|
418 |
*/ |
|
391 | 419 |
function ldap_servers_delete_globals($global_type, $key, $only_mock_values = FALSE) { |
392 | 420 |
$simpletest_globals = variable_get('ldap_simpletest_globals', array()); |
393 | 421 |
$simpletest = variable_get('ldap_simpletest', FALSE); |
... | ... | |
400 | 428 |
} |
401 | 429 |
|
402 | 430 |
} |
403 |
|
Formats disponibles : Unified diff
Weekly update of contrib modules