From 0360823f5d4aed4d2c1f2cb97e0c3b414f1f0720 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Thu, 27 Dec 2007 19:39:21 +0000
Subject: Adding LDAP backend glue.

Work sponsored-by: Centipede Networks <http://centipedenetworks.com/>
---
 etc/inc/auth.inc    | 38 ++++++++++++++++++++++++++++++++++++++
 etc/inc/authgui.inc | 21 ++++++++++++++-------
 2 files changed, 52 insertions(+), 7 deletions(-)

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index bdc6487..9f3dcb5 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -1,6 +1,9 @@
 <?php
 /* $Id$ */
 /*
+		Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
+		All rights reserved.
+
         Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
         All rights reserved.
 
@@ -563,6 +566,41 @@ function passwd_backed($username, $passwd) {
     return false;
 }
 
+function ldap_backed($username, $passwd) {
+	global $config;
+	
+	$ldapserver = $config['system']['webgui']['ldapserver'];
+	$ldapsearchbase = $config['system']['webgui']['ldapsearchbase'];
+
+	if(!$ldapsearchbase) 
+		log_error("WARNING!  LDAP backend search base not defined.");
+
+	if(!$ldapserver) {
+		log_error("ERROR!  LDAP backend selected with no LDAP authentication server defined.  Defaulting to built-in htpasswd_backed()");
+		$status = htpasswd_backed($username, $passwd);
+		return $status;
+	}
+	
+	if (!($ldap = ldap_connect($ldapserver))) {
+	    log_error("ERROR!  LDAP could not connect to server {$ldapserver}.  Defaulting to built-in htpasswd_backed()");
+		$status = htpasswd_backed($username, $passwd);
+		return $status;	
+	}
+	
+	if (!($res = @ldap_bind($ldap, $ldapsearchbase, $passwd))) {
+	    log_error("ERROR!  LDAP could not bind to {$ldapserver} - {$dn}.  Defaulting to built-in htpasswd_backed()");
+		$status = htpasswd_backed($username, $passwd);
+		return $status;
+	}
+	
+	/* Time to close LDAP connection */
+	ldap_close($ldap);
+	
+	/* At this point we are binded to LDAP so the user was auth'd okay. */
+	return true;
+	
+}
+
 function htpasswd_backed($username, $passwd) {
   $authfile = file("/var/run/htpasswd");
 
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index 99013af..92214f7 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -1,6 +1,9 @@
 <?php
 /* $Id$ */
 /*
+		Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
+		All rights reserved.
+
         Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
         All rights reserved.
 
@@ -34,20 +37,24 @@
 
 include_once("auth.inc");
 require_once("functions.inc");
-/* TODO: Needs testing... require_once("pages.inc"); */
 
-/* We only support htpasswd backed HTTP Basic auth right now
- * backing methods
+/* We only support htpasswd backed HTTP Basic auth and session
+ * based backing methods at the moment.
+ * 		session_auth - this will use session based authentication and timeout
+ *      htpasswd_backed - this uses the "standard" .htpasswd file
  *      passwd_backed - this will use the system passwd file in /etc
  *      radius_backed - this will allow you to use a radius server
- *      htpasswd_backed - this uses the "standard" .htpasswd file
  *      pam_backed - this uses the system's PAM facility .htpasswd file
  */
-//$auth_method="basic_auth";
 $auth_method="session_auth";
-$backing_method="htpasswd_backed";
 
-/* Authenticate user - exit if failed (we should have a callback for this maybe) */
+/* enable correct auth backend, default to htpasswd_backed */
+if($config['system']['webgui']['backend'] == "ldap")
+	$backing_method="ldap_backed";
+else
+	$backing_method="htpasswd_backed";
+
+/* Authenticate user - exit if failed */
 if (!$auth_method($backing_method)) { exit; }
 
 /* scriptname is set in headjs.php if the user did try to access a page other
-- 
cgit v1.1