From 3357a506bd976ec9d1870b9b57cabd55813dd96f Mon Sep 17 00:00:00 2001
From: martinlanghoff <martinlanghoff>
Date: Wed, 14 Nov 2007 22:08:55 +0000
Subject: [PATCH] MDL-9399 auth/ldap: NTLM SSO - Resolve Moodle cookies issue,
 tighten config.php require()s

Use $nomoodlecookie global to avoid session troubles. Also

 * Ensure we load the appropriate config.php, even if we are executing
   under a strange environment (ie: with a user's credentials!)

 * Test we have a spacer gif to open before we open it
---
 auth/ldap/auth.php            |  1 +
 auth/ldap/ntlmsso_attempt.php |  2 +-
 auth/ldap/ntlmsso_finish.php  |  2 +-
 auth/ldap/ntlmsso_magic.php   | 18 ++++++++++++------
 4 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index e8f42b396b..f14f9e3988 100644
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -1765,6 +1765,7 @@ class auth_plugin_ldap extends auth_plugin_base {
      *
      * NOTE that this code will execute under the OS user credentials, 
      * so we MUST avoid dealing with files -- such as session files.
+     * (The caller should set $nomoodlecookie before including config.php)
      *
      */
     function ntlmsso_magic($sesskey) {
diff --git a/auth/ldap/ntlmsso_attempt.php b/auth/ldap/ntlmsso_attempt.php
index 1c05eb73b1..4f400b1151 100644
--- a/auth/ldap/ntlmsso_attempt.php
+++ b/auth/ldap/ntlmsso_attempt.php
@@ -1,6 +1,6 @@
 <?php
 
-require_once("../../config.php");
+require_once(dirname(dirname(dirname(__FILE__)))."/config.php");
 
 //HTTPS is potentially required in this page
 httpsrequired();
diff --git a/auth/ldap/ntlmsso_finish.php b/auth/ldap/ntlmsso_finish.php
index e029c350e1..effaeb1f37 100644
--- a/auth/ldap/ntlmsso_finish.php
+++ b/auth/ldap/ntlmsso_finish.php
@@ -1,6 +1,6 @@
 <?php
 
-require_once("../../config.php");
+require_once(dirname(dirname(dirname(__FILE__)))."/config.php");
 
 //HTTPS is potentially required in this page
 httpsrequired();
diff --git a/auth/ldap/ntlmsso_magic.php b/auth/ldap/ntlmsso_magic.php
index 624b6d8ce6..79077ef2b3 100644
--- a/auth/ldap/ntlmsso_magic.php
+++ b/auth/ldap/ntlmsso_magic.php
@@ -1,8 +1,12 @@
 <?php
 
-// Disable session handling here?
-require_once("../../config.php");
-session_write_close();
+// Don't let lib/setup.php set any cookies
+// as we will be executing under the OS security
+// context of the user we are trying to login, rather than
+// of the webserver.
+$nomoodlecookie=true;
+
+require_once(dirname(dirname(dirname(__FILE__)))."/config.php");
 
 //HTTPS is potentially required in this page
 httpsrequired();
@@ -18,10 +22,12 @@ if (empty($authplugin->config->ntlmsso_enabled)) {
 }
 
 $sesskey = required_param('sesskey', PARAM_RAW);
-if ($authplugin->ntlmsso_magic($sesskey)) {
+$file = $CFG->dirroot . '/pix/spacer.gif';
+
+if ($authplugin->ntlmsso_magic($sesskey) 
+    && file_exists($file)) {
+
     // Serve GIF
-    $file = $CFG->dirroot . '/pix/spacer.gif';
-    
     // Type
     header('Content-Type: image/gif');
     header('Content-Length: '.filesize($file));
-- 
2.39.5