diff options
Diffstat (limited to 'radicale_infcloud/web/auth/plugins')
-rw-r--r-- | radicale_infcloud/web/auth/plugins/generic.inc | 58 | ||||
-rw-r--r-- | radicale_infcloud/web/auth/plugins/generic_conf.inc | 12 | ||||
-rw-r--r-- | radicale_infcloud/web/auth/plugins/ldap.inc | 37 | ||||
-rw-r--r-- | radicale_infcloud/web/auth/plugins/ldap_conf.inc | 12 |
4 files changed, 119 insertions, 0 deletions
diff --git a/radicale_infcloud/web/auth/plugins/generic.inc b/radicale_infcloud/web/auth/plugins/generic.inc new file mode 100644 index 0000000..8e6b14b --- /dev/null +++ b/radicale_infcloud/web/auth/plugins/generic.inc @@ -0,0 +1,58 @@ +<?php + require_once(dirname(__FILE__).'/generic_conf.inc'); + + function generic_authenticate() + { + global $pluginconfig; + if($_SERVER['PHP_AUTH_USER']!='' && $_SERVER['PHP_AUTH_PW']!='') + { + preg_match('#(https?)://([^/:]+)((?::[0-9]+)?)#i', $pluginconfig['base_url'], $matches); + $hostname_clean=$matches[2]; + if($matches[1]=='https') + $hostname='ssl://'.$matches[2]; + else + $hostname=$matches[2]; + + if($matches[3]=='') + { + if($matches[1]=='http') + $port=80; + else if($matches[1]=='https') + $port=443; + } + else + $port=substr($matches[3],1); + + $fp=fsockopen($hostname, $port, $errno, $errstr, $pluginconfig['timeout']); + if(!$fp) + { + echo "$errstr ($errno)<br />\n"; + return -2; + } + else + { + $request="<?xml version=\"1.0\" encoding=\"utf-8\"?><A:propfind xmlns:A=\"DAV:\"><A:prop><A:current-user-principal/></A:prop></A:propfind>"; + + $out="PROPFIND ".$pluginconfig['request']." HTTP/1.1\r\n"; + $out.="Host: $hostname_clean\r\n"; + $out.="Authorization: Basic ".base64_encode($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'])."\r\n"; + $out.="Depth: 0\r\n"; + $out.="Content-Type: text/xml; charset=\"utf-8\"\r\n"; + $out.="Content-Length:". strlen($request)."\r\n\r\n"; + $out.=$request; + fwrite($fp, $out); + + $result=''; + if(!feof($fp)) + $result.=fgets($fp); + fclose($fp); + + if(strpos($result, 'HTTP/1.1 207')===0) + return 1; // auth successful + else + return -1; // auth unsuccessful + } + } + return 0; // empty username or password + } +?>
\ No newline at end of file diff --git a/radicale_infcloud/web/auth/plugins/generic_conf.inc b/radicale_infcloud/web/auth/plugins/generic_conf.inc new file mode 100644 index 0000000..01c2b32 --- /dev/null +++ b/radicale_infcloud/web/auth/plugins/generic_conf.inc @@ -0,0 +1,12 @@ +<?php + // Server base URL + $pluginconfig['base_url']=(empty($_SERVER['HTTPS']) ? 'http' : 'https').'://my.server.com:8080'; + + // Default values are usually OK + // for Davical: + $pluginconfig['request']='/caldav.php'; // change only if your Davical is not installed into server root directory + // for Lion server: + //$pluginconfig['request']='/principals/users'; + + $pluginconfig['timeout']=30; +?>
\ No newline at end of file diff --git a/radicale_infcloud/web/auth/plugins/ldap.inc b/radicale_infcloud/web/auth/plugins/ldap.inc new file mode 100644 index 0000000..f7012e5 --- /dev/null +++ b/radicale_infcloud/web/auth/plugins/ldap.inc @@ -0,0 +1,37 @@ +<?php + require_once(dirname(__FILE__).'/ldap_conf.inc'); + + function ldap_authenticate() + { + global $pluginconfig; + if($_SERVER['PHP_AUTH_USER']!="" && $_SERVER['PHP_AUTH_PW']!="") + { + $ds=ldap_connect($pluginconfig['host']); + + // if binding is required for LDAP search + if(isset($pluginconfig['bind_dn']) && isset($pluginconfig['bind_passwd'])) + { + @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + if(!($r=@ldap_bind($ds, $pluginconfig['bind_dn'], $pluginconfig['bind_passwd']))) + return -2; // auth unsuccessful (bind error) + } + + // perform the search + if(($r=ldap_search($ds, $pluginconfig['basedn'], '(&('.$pluginconfig['user_attr'].'='.$_SERVER['PHP_AUTH_USER'].')'.(isset($pluginconfig['filter']) && $pluginconfig['filter']!='' ? '('.$pluginconfig['filter'].')' : '' ).')'))!==false) + { + $result=@ldap_get_entries($ds, $r); + if($result[0]) + { + @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + if(@ldap_bind($ds, $result[0]['dn'], $_SERVER['PHP_AUTH_PW'])) + { + @ldap_unbind($bi); + return 1; // auth successful + } + } + } + return -1; // auth unsuccessful + } + return 0; // empty username or password + } +?>
\ No newline at end of file diff --git a/radicale_infcloud/web/auth/plugins/ldap_conf.inc b/radicale_infcloud/web/auth/plugins/ldap_conf.inc new file mode 100644 index 0000000..c9242c7 --- /dev/null +++ b/radicale_infcloud/web/auth/plugins/ldap_conf.inc @@ -0,0 +1,12 @@ +<?php + // LDAP configuration parameters + $pluginconfig['host']='ldaps://ldap.server.com/'; + $pluginconfig['basedn']='ou=People,dc=server,dc=com'; + $pluginconfig['user_attr']='uid'; + // if the server requires binding (if set to null then binding is not performed) + //$pluginconfig['bind_dn']=null; + //$pluginconfig['bind_passwd']=null; + + // optional + $pluginconfig['filter']='accountStatus=active'; +?>
\ No newline at end of file |