From: martinlanghoff <martinlanghoff>
Date: Wed, 14 Nov 2007 22:07:53 +0000 (+0000)
Subject: MDL-9399 auth/ldap: Introducing loginpage_hook(), ntlmsso_attempt(), ntlmsso_finish()
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=1e8713ea641d009d61c69674da0c896f1107b70c;p=moodle.git

MDL-9399 auth/ldap: Introducing loginpage_hook(), ntlmsso_attempt(), ntlmsso_finish()

A work in progress -- initial loginpage_hook() and headers for the
remaining functions. One thing to consider here is that this won't
work if there's a proxy in the middle.

Does NTLM auth thingy support proxies?
---

diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index 8dde37fa4d..215834c677 100644
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -1708,6 +1708,49 @@ class auth_plugin_ldap extends auth_plugin_base {
         }
     }
 
+    /**
+     * Will get called before the login page is shown, if NTLM SSO
+     * is enabled, and the user is in the right network, we'll redirect
+     * to the magic NTLM page for SSO...
+     *
+     */
+    function loginpage_hook() {
+        if (!empty($this->config->ntlmsso_enabled)  // SSO enabled
+            && !empty($this->config->ntlmsso_subnet)// have a subnet to test for
+            && empty($_GET['authldap_skipntlmsso']) // haven't failed it yet
+            && (isguestuser() || !isloggedin())     // guestuser or not-logged-in users
+            && address_in_subnet($_SERVER['REMOTE_ADDR'],$this->config->ntlmsso_subnet)) {
+            redirect("{$CFG->wwwroot}/auth/ldap/ntlmsso_attempt.php");
+        }
+    }
+
+    /**
+     * To be called from a page running under NTLM's
+     * "Integrated Windows Authentication". 
+     *
+     * If successful, it will set a special "cookie" (not an HTTP cookie!) 
+     * in config_plugin under the "auth/ldap/ntlmsess" "plugin" and redirect.
+     * The "cookie" will be picked up by ntlmsso_finish() to complete the
+     * process.
+     *
+     * On failure it will return false for the caller to display an appropriate
+     * error message.
+     *
+     * NOTE that this code will execute under the OS user credentials, 
+     * so we MUST avoid dealing with files -- such as session files.
+     *
+     */
+    function ntlmsso_attempt() {
+
+    }
+
+    /**
+     * 
+     */
+    function ntlmsso_finish() {
+
+    }    
+
     /**
      * Sync roles for this user
      *