commit 31173b8003f4faa0234eab4cd80c4cb2ad4894f8
parent 41aab8b665ddec89f94aca092f9538014dee3dfa
Author: dankert <devnull@localhost>
Date: Mon, 23 Apr 2007 23:48:01 +0200
Authentisierung gegen einen externen Server mit HTTP-Basic-Auth erm?glichen.
Diffstat:
3 files changed, 123 insertions(+), 2 deletions(-)
diff --git a/config/security.ini.php b/config/security.ini.php
@@ -31,7 +31,7 @@ type=form
; 'database' uses the internal database table as password store.
; 'authdb' uses an external database table as password store, see section [authdb] which has to exist.
; 'ldap' uses an external LDAP directory for password checking.
-; 'http' uses an HTTP-Auth Server for password checking (TODO)
+; 'http' uses an HTTP-Auth Server for password checking
type=database
; per-user setting of the LDAP DN.
@@ -52,6 +52,15 @@ min_length=5
+; this section is needed if the setting "auth/type" is 'http'.
+; passwords are checked against another HTTP-Server with Basic Authorization.
+[http]
+
+; The URL where an HTTP basic authorization ist required.
+url = "http://example.net/restricted-area"
+
+
+
; this section is needed if the setting "auth/type" is 'authdb'.
; passwords are stored against an external database table.
; This is quite useful, if you have another software running (f.e. a forum system)
diff --git a/objectClasses/User.class.php b/objectClasses/User.class.php
@@ -20,6 +20,9 @@
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
// ---------------------------------------------------------------------------
// $Log$
+// Revision 1.23 2007-04-23 21:48:01 dankert
+// Authentisierung gegen einen externen Server mit HTTP-Basic-Auth erm?glichen.
+//
// Revision 1.22 2007-04-21 11:52:24 dankert
// Default-Style ist konfigurierbar.
//
@@ -566,7 +569,7 @@ SQL
$res_user = $db->query( $sql->query );
$check = false;
- $authType = $conf['security']['auth']['type']; // Entweder 'ldap', 'authdb' oder 'database'
+ $authType = $conf['security']['auth']['type']; // Entweder 'ldap', 'authdb', 'http', oder 'database'
if ( $res_user->numRows() == 1 )
{
@@ -589,6 +592,11 @@ SQL
$check = true;
$autoAdd = true;
}
+ elseif( $res_user->numRows() == 0 && $authType == 'http' && $conf['security']['http']['add'] )
+ {
+ $check = true;
+ $autoAdd = true;
+ }
if ( $check )
{
@@ -684,6 +692,16 @@ SQL
return $ok;
}
+ elseif( $authType == 'http' )
+ {
+ $http = new Http( $conf['security']['http']['url'] );
+ $http->method = 'HEAD';
+ $http->setBasicAuthentication( $this->name, $password );
+
+ $ok = $http->request();
+
+ return $ok;
+ }
else
{
die( 'unknown auth-type: '.$authType );
diff --git a/serviceClasses/Http.class.php b/serviceClasses/Http.class.php
@@ -9,6 +9,100 @@
*/
class Http
{
+ var $url = array();
+ var $header = array();
+ var $method = 'GET';
+ var $error = '';
+ var $status = '';
+ var $body = '';
+
+
+
+ function Http( $url = '' )
+ {
+ $this->url = parse_url($url);
+
+ if ( !isset($this->url['port']))
+ $this->url['port'] = 80; // Standard-Port 80.
+
+ $this->header[] = 'User-Agent: Mozilla/5.0 (OpenRat HTTP-Client)';
+ $this->header[] = 'Connection: close';
+ }
+
+
+
+ function setBasicAuthentication( $user, $password )
+ {
+ $this->header[] = 'Authorization: Basic '.base64_encode($user.':'.$password);
+ }
+
+
+
+ function request()
+ {
+ $this->body = '';
+ $this->error = '';
+ $this->status = '';
+
+ $errno = 0;
+ $errstr = '';
+
+ $fp = @fsockopen ($this->url['host'],$this->url['port'], $errno, $errstr, 30);
+
+ if ( !$fp )
+ {
+ // Keine Verbindung zum Host moeglich.
+ $this->error = "Connection refused: '".$this->url['host'].':'.$this->url['host']." - $errstr ($errno)";
+ return false;
+ }
+ else
+ {
+ $lb = "\r\n";
+ $http_get = $this->url['path'];
+ if ( !empty($this->url['query']) )
+ $http_get .= '?'.$this->url['query'];
+
+ $request_header = array( $this->method.' '.$http_get.' HTTP/1.0',
+ 'Host: '.$this->url['host']) + $this->header;
+ $http_request = implode($lb,$request_header).$lb.$lb;
+
+ fputs($fp, $http_request);
+
+ $inhalt = array();
+ while (!feof($fp)) {
+ $inhalt[] = fgets($fp,128);
+ }
+ fclose($fp);
+
+ $this->body = implode('',$inhalt); // HTTP-Antwort
+
+
+ // RFC 1945 (Section 6.1) schreibt als Statuszeile folgendes Format vor
+ // "HTTP/" 1*DIGIT "." 1*DIGIT SP 3DIGIT SP
+
+ $this->status = substr($this->body,9,3);
+
+ // RFC 1945 (Section 6.1.1) schreibt
+ // "[...] However, applications must understand the class of any status code, as
+ // indicated by the first digit"
+ // Daher interessiert uns nur die erste Stelle des 3-stelligen HTTP-Status.
+
+ // RFC 1945 (Section 6.1.1) schreibt
+ // "2xx: Success - The action was successfully received, understood, and accepted."
+ if ( substr($this->status,0,1) == '2' )
+ {
+ return true;
+ }
+ else
+ {
+ $this->error = 'Received no 2XX-Status from host: '.$this->status;
+ return false;
+ }
+ }
+
+ }
+
+
/**
* Aus dem HTTP-Header werden die vom Browser angeforderten Sprachen
* gelesen.
