diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-27 19:39:21 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-27 19:39:21 +0000 |
commit | 0360823f5d4aed4d2c1f2cb97e0c3b414f1f0720 (patch) | |
tree | 140d3c98c2ff38a554834aa916be1d7d799dfc33 /etc/inc | |
parent | 8c7f51fbe7e0f55e463dd28bf27133a8a7d2da07 (diff) | |
download | pfsense-0360823f5d4aed4d2c1f2cb97e0c3b414f1f0720.zip pfsense-0360823f5d4aed4d2c1f2cb97e0c3b414f1f0720.tar.gz |
Adding LDAP backend glue.
Work sponsored-by: Centipede Networks <http://centipedenetworks.com/>
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/auth.inc | 38 | ||||
-rw-r--r-- | etc/inc/authgui.inc | 21 |
2 files changed, 52 insertions, 7 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index bdc6487..9f3dcb5 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1,6 +1,9 @@ <?php /* $Id$ */ /* + Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com> + All rights reserved. + Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com> All rights reserved. @@ -563,6 +566,41 @@ function passwd_backed($username, $passwd) { return false; } +function ldap_backed($username, $passwd) { + global $config; + + $ldapserver = $config['system']['webgui']['ldapserver']; + $ldapsearchbase = $config['system']['webgui']['ldapsearchbase']; + + if(!$ldapsearchbase) + log_error("WARNING! LDAP backend search base not defined."); + + if(!$ldapserver) { + log_error("ERROR! LDAP backend selected with no LDAP authentication server defined. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + if (!($ldap = ldap_connect($ldapserver))) { + log_error("ERROR! LDAP could not connect to server {$ldapserver}. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + if (!($res = @ldap_bind($ldap, $ldapsearchbase, $passwd))) { + log_error("ERROR! LDAP could not bind to {$ldapserver} - {$dn}. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + /* Time to close LDAP connection */ + ldap_close($ldap); + + /* At this point we are binded to LDAP so the user was auth'd okay. */ + return true; + +} + function htpasswd_backed($username, $passwd) { $authfile = file("/var/run/htpasswd"); diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 99013af..92214f7 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -1,6 +1,9 @@ <?php /* $Id$ */ /* + Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com> + All rights reserved. + Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com> All rights reserved. @@ -34,20 +37,24 @@ include_once("auth.inc"); require_once("functions.inc"); -/* TODO: Needs testing... require_once("pages.inc"); */ -/* We only support htpasswd backed HTTP Basic auth right now - * backing methods +/* We only support htpasswd backed HTTP Basic auth and session + * based backing methods at the moment. + * session_auth - this will use session based authentication and timeout + * htpasswd_backed - this uses the "standard" .htpasswd file * passwd_backed - this will use the system passwd file in /etc * radius_backed - this will allow you to use a radius server - * htpasswd_backed - this uses the "standard" .htpasswd file * pam_backed - this uses the system's PAM facility .htpasswd file */ -//$auth_method="basic_auth"; $auth_method="session_auth"; -$backing_method="htpasswd_backed"; -/* Authenticate user - exit if failed (we should have a callback for this maybe) */ +/* enable correct auth backend, default to htpasswd_backed */ +if($config['system']['webgui']['backend'] == "ldap") + $backing_method="ldap_backed"; +else + $backing_method="htpasswd_backed"; + +/* Authenticate user - exit if failed */ if (!$auth_method($backing_method)) { exit; } /* scriptname is set in headjs.php if the user did try to access a page other |