aboutsummaryrefslogtreecommitdiff
path: root/radicale_infcloud/web/auth/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'radicale_infcloud/web/auth/plugins')
-rw-r--r--radicale_infcloud/web/auth/plugins/generic.inc58
-rw-r--r--radicale_infcloud/web/auth/plugins/generic_conf.inc12
-rw-r--r--radicale_infcloud/web/auth/plugins/ldap.inc37
-rw-r--r--radicale_infcloud/web/auth/plugins/ldap_conf.inc12
4 files changed, 119 insertions, 0 deletions
diff --git a/radicale_infcloud/web/auth/plugins/generic.inc b/radicale_infcloud/web/auth/plugins/generic.inc
new file mode 100644
index 0000000..8e6b14b
--- /dev/null
+++ b/radicale_infcloud/web/auth/plugins/generic.inc
@@ -0,0 +1,58 @@
+<?php
+ require_once(dirname(__FILE__).'/generic_conf.inc');
+
+ function generic_authenticate()
+ {
+ global $pluginconfig;
+ if($_SERVER['PHP_AUTH_USER']!='' && $_SERVER['PHP_AUTH_PW']!='')
+ {
+ preg_match('#(https?)://([^/:]+)((?::[0-9]+)?)#i', $pluginconfig['base_url'], $matches);
+ $hostname_clean=$matches[2];
+ if($matches[1]=='https')
+ $hostname='ssl://'.$matches[2];
+ else
+ $hostname=$matches[2];
+
+ if($matches[3]=='')
+ {
+ if($matches[1]=='http')
+ $port=80;
+ else if($matches[1]=='https')
+ $port=443;
+ }
+ else
+ $port=substr($matches[3],1);
+
+ $fp=fsockopen($hostname, $port, $errno, $errstr, $pluginconfig['timeout']);
+ if(!$fp)
+ {
+ echo "$errstr ($errno)<br />\n";
+ return -2;
+ }
+ else
+ {
+ $request="<?xml version=\"1.0\" encoding=\"utf-8\"?><A:propfind xmlns:A=\"DAV:\"><A:prop><A:current-user-principal/></A:prop></A:propfind>";
+
+ $out="PROPFIND ".$pluginconfig['request']." HTTP/1.1\r\n";
+ $out.="Host: $hostname_clean\r\n";
+ $out.="Authorization: Basic ".base64_encode($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'])."\r\n";
+ $out.="Depth: 0\r\n";
+ $out.="Content-Type: text/xml; charset=\"utf-8\"\r\n";
+ $out.="Content-Length:". strlen($request)."\r\n\r\n";
+ $out.=$request;
+ fwrite($fp, $out);
+
+ $result='';
+ if(!feof($fp))
+ $result.=fgets($fp);
+ fclose($fp);
+
+ if(strpos($result, 'HTTP/1.1 207')===0)
+ return 1; // auth successful
+ else
+ return -1; // auth unsuccessful
+ }
+ }
+ return 0; // empty username or password
+ }
+?> \ No newline at end of file
diff --git a/radicale_infcloud/web/auth/plugins/generic_conf.inc b/radicale_infcloud/web/auth/plugins/generic_conf.inc
new file mode 100644
index 0000000..01c2b32
--- /dev/null
+++ b/radicale_infcloud/web/auth/plugins/generic_conf.inc
@@ -0,0 +1,12 @@
+<?php
+ // Server base URL
+ $pluginconfig['base_url']=(empty($_SERVER['HTTPS']) ? 'http' : 'https').'://my.server.com:8080';
+
+ // Default values are usually OK
+ // for Davical:
+ $pluginconfig['request']='/caldav.php'; // change only if your Davical is not installed into server root directory
+ // for Lion server:
+ //$pluginconfig['request']='/principals/users';
+
+ $pluginconfig['timeout']=30;
+?> \ No newline at end of file
diff --git a/radicale_infcloud/web/auth/plugins/ldap.inc b/radicale_infcloud/web/auth/plugins/ldap.inc
new file mode 100644
index 0000000..f7012e5
--- /dev/null
+++ b/radicale_infcloud/web/auth/plugins/ldap.inc
@@ -0,0 +1,37 @@
+<?php
+ require_once(dirname(__FILE__).'/ldap_conf.inc');
+
+ function ldap_authenticate()
+ {
+ global $pluginconfig;
+ if($_SERVER['PHP_AUTH_USER']!="" && $_SERVER['PHP_AUTH_PW']!="")
+ {
+ $ds=ldap_connect($pluginconfig['host']);
+
+ // if binding is required for LDAP search
+ if(isset($pluginconfig['bind_dn']) && isset($pluginconfig['bind_passwd']))
+ {
+ @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
+ if(!($r=@ldap_bind($ds, $pluginconfig['bind_dn'], $pluginconfig['bind_passwd'])))
+ return -2; // auth unsuccessful (bind error)
+ }
+
+ // perform the search
+ if(($r=ldap_search($ds, $pluginconfig['basedn'], '(&('.$pluginconfig['user_attr'].'='.$_SERVER['PHP_AUTH_USER'].')'.(isset($pluginconfig['filter']) && $pluginconfig['filter']!='' ? '('.$pluginconfig['filter'].')' : '' ).')'))!==false)
+ {
+ $result=@ldap_get_entries($ds, $r);
+ if($result[0])
+ {
+ @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
+ if(@ldap_bind($ds, $result[0]['dn'], $_SERVER['PHP_AUTH_PW']))
+ {
+ @ldap_unbind($bi);
+ return 1; // auth successful
+ }
+ }
+ }
+ return -1; // auth unsuccessful
+ }
+ return 0; // empty username or password
+ }
+?> \ No newline at end of file
diff --git a/radicale_infcloud/web/auth/plugins/ldap_conf.inc b/radicale_infcloud/web/auth/plugins/ldap_conf.inc
new file mode 100644
index 0000000..c9242c7
--- /dev/null
+++ b/radicale_infcloud/web/auth/plugins/ldap_conf.inc
@@ -0,0 +1,12 @@
+<?php
+ // LDAP configuration parameters
+ $pluginconfig['host']='ldaps://ldap.server.com/';
+ $pluginconfig['basedn']='ou=People,dc=server,dc=com';
+ $pluginconfig['user_attr']='uid';
+ // if the server requires binding (if set to null then binding is not performed)
+ //$pluginconfig['bind_dn']=null;
+ //$pluginconfig['bind_passwd']=null;
+
+ // optional
+ $pluginconfig['filter']='accountStatus=active';
+?> \ No newline at end of file
bgstack15