You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

krb_authentication.php 2.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110
  1. <?php
  2. /**
  3. * Kerberos Authentication
  4. *
  5. * Make use of an existing Kerberos authentication and perform login
  6. * with the existing user credentials
  7. *
  8. * For other configuration options, see config.inc.php.dist!
  9. *
  10. * @version @package_version@
  11. * @license GNU GPLv3+
  12. * @author Jeroen van Meeuwen
  13. */
  14. class krb_authentication extends rcube_plugin
  15. {
  16. private $redirect_query;
  17. /**
  18. * Plugin initialization
  19. */
  20. function init()
  21. {
  22. $this->add_hook('startup', array($this, 'startup'));
  23. $this->add_hook('authenticate', array($this, 'authenticate'));
  24. $this->add_hook('login_after', array($this, 'login'));
  25. $this->add_hook('storage_connect', array($this, 'storage_connect'));
  26. }
  27. /**
  28. * Startup hook handler
  29. */
  30. function startup($args)
  31. {
  32. if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
  33. // handle login action
  34. if (empty($_SESSION['user_id'])) {
  35. $args['action'] = 'login';
  36. $this->redirect_query = $_SERVER['QUERY_STRING'];
  37. }
  38. else {
  39. $_SESSION['password'] = null;
  40. }
  41. }
  42. return $args;
  43. }
  44. /**
  45. * Authenticate hook handler
  46. */
  47. function authenticate($args)
  48. {
  49. if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
  50. // Load plugin's config file
  51. $this->load_config();
  52. $rcmail = rcmail::get_instance();
  53. $host = $rcmail->config->get('krb_authentication_host');
  54. if (is_string($host) && trim($host) !== '' && empty($args['host'])) {
  55. $args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
  56. }
  57. if (!empty($_SERVER['REMOTE_USER'])) {
  58. $args['user'] = $_SERVER['REMOTE_USER'];
  59. $args['pass'] = null;
  60. }
  61. $args['cookiecheck'] = false;
  62. $args['valid'] = true;
  63. }
  64. return $args;
  65. }
  66. /**
  67. * Storage_connect hook handler
  68. */
  69. function storage_connect($args)
  70. {
  71. if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
  72. // Load plugin's config file
  73. $this->load_config();
  74. $rcmail = rcmail::get_instance();
  75. $context = $rcmail->config->get('krb_authentication_context');
  76. $args['gssapi_context'] = $context ?: 'imap/kolab.example.org@EXAMPLE.ORG';
  77. $args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
  78. $args['auth_type'] = 'GSSAPI';
  79. }
  80. return $args;
  81. }
  82. /**
  83. * login_after hook handler
  84. */
  85. function login($args)
  86. {
  87. // Redirect to the previous QUERY_STRING
  88. if ($this->redirect_query) {
  89. header('Location: ./?' . $this->redirect_query);
  90. exit;
  91. }
  92. return $args;
  93. }
  94. }