From 20e8c2d999fa95530dce1c566f95ffed44c0ea4c Mon Sep 17 00:00:00 2001 From: Michael M Slusarz Date: Tue, 8 Dec 2009 01:37:15 -0700 Subject: [PATCH] Fix transparent auth for several drivers. A driver should never call Horde_Auth::setAuth() itself - setAuth is automatically called with the proper parameters if _transparent() returns true. Addtionally, should return false if transparent login not available, not an exception. --- framework/Auth/lib/Horde/Auth/Base.php | 5 +---- framework/Auth/lib/Horde/Auth/Http.php | 14 +++++++++----- framework/Auth/lib/Horde/Auth/Ipbasic.php | 11 +++++------ framework/Auth/lib/Horde/Auth/Shibboleth.php | 24 ++++++++++++++---------- 4 files changed, 29 insertions(+), 25 deletions(-) diff --git a/framework/Auth/lib/Horde/Auth/Base.php b/framework/Auth/lib/Horde/Auth/Base.php index e53dbd3ed..df7e52dc3 100644 --- a/framework/Auth/lib/Horde/Auth/Base.php +++ b/framework/Auth/lib/Horde/Auth/Base.php @@ -236,10 +236,7 @@ abstract class Horde_Auth_Base * to set the credentials in the session. * * Transparent authentication should normally never throw an error - false - * should normally be returned. However, it is also possible that a - * transparent authentication is the only available auth method; if so, - * attempting to login via a login page may cause an endless loop. In this - * case, an Exception should be thrown which will act as a fatal error. + * should be returned. * * @return boolean Whether transparent login is supported. * @throws Horde_Auth_Exception diff --git a/framework/Auth/lib/Horde/Auth/Http.php b/framework/Auth/lib/Horde/Auth/Http.php index 62dbe7fde..f08f09275 100644 --- a/framework/Auth/lib/Horde/Auth/Http.php +++ b/framework/Auth/lib/Horde/Auth/Http.php @@ -106,16 +106,20 @@ class Horde_Auth_Http extends Horde_Auth_Base * authentication info present. * * @return boolean Whether or not the client is allowed. - * @throws Horde_Auth_Exception */ protected function _transparent() { - if (!empty($_SERVER['PHP_AUTH_USER']) && - !empty($_SERVER['PHP_AUTH_PW'])) { - return Horde_Auth::setAuth(Horde_Util::dispelMagicQuotes($_SERVER['PHP_AUTH_USER']), array('password' => Horde_Util::dispelMagicQuotes($_SERVER['PHP_AUTH_PW']), 'transparent' => 1)); + if (empty($_SERVER['PHP_AUTH_USER']) || + empty($_SERVER['PHP_AUTH_PW'])) { + return false; } - throw new Horde_Auth_Exception(_("HTTP Authentication not found.")); + $this->_credentials['userId'] = $_SERVER['PHP_AUTH_USER']; + $this->_credentials['credentials'] = array( + 'password' => Horde_Util::dispelMagicQuotes($_SERVER['PHP_AUTH_PW']) + ); + + return true; } } diff --git a/framework/Auth/lib/Horde/Auth/Ipbasic.php b/framework/Auth/lib/Horde/Auth/Ipbasic.php index db3ba812a..f58c92ef6 100644 --- a/framework/Auth/lib/Horde/Auth/Ipbasic.php +++ b/framework/Auth/lib/Horde/Auth/Ipbasic.php @@ -51,22 +51,21 @@ class Horde_Auth_Ipbasic extends Horde_Auth_Base * block. * * @return boolean Whether or not the client is allowed. - * @throws Horde_Auth_Exception */ protected function _transparent() { if (!isset($_SERVER['REMOTE_ADDR'])) { - throw new Horde_Auth_Exception(_("IP address not available.")); + return false; } - $client = $_SERVER['REMOTE_ADDR']; foreach ($this->_params['blocks'] as $cidr) { - if ($this->_addressWithinCIDR($client, $cidr)) { - return Horde_Auth::setAuth($cidr, array('transparent' => 1)); + if ($this->_addressWithinCIDR($_SERVER['REMOTE_ADDR'], $cidr)) { + $this->_credentials['userId'] = $cidr; + return true; } } - throw new Horde_Auth_Exception(_("IP address not within allowed CIDR block.")); + return false; } /** diff --git a/framework/Auth/lib/Horde/Auth/Shibboleth.php b/framework/Auth/lib/Horde/Auth/Shibboleth.php index 106494f16..e2cfea27f 100644 --- a/framework/Auth/lib/Horde/Auth/Shibboleth.php +++ b/framework/Auth/lib/Horde/Auth/Shibboleth.php @@ -76,16 +76,15 @@ class Horde_Auth_Shibboleth extends Horde_Auth_Base } /** - * Automatic authentication: Check if the username is set in the + * Automatic authentication: check if the username is set in the * configured header. * * @return boolean Whether or not the client is allowed. - * @throws Horde_Auth_Exception */ protected function _transparent() { if (empty($_SERVER[$this->_params['username_header']])) { - throw new Horde_Auth_Exception(_("Shibboleth authentication not available.")); + return false; } $username = $_SERVER[$this->_params['username_header']]; @@ -96,15 +95,20 @@ class Horde_Auth_Shibboleth extends Horde_Auth_Base $username = substr($username, 0, $pos); } - if (!Horde_Auth::setAuth($username, array('transparent' => 1))) { - return false; - } + $this->_credentials['userId'] = $username; // Set password for hordeauth login. - if ($this->_params['password_holder'] == 'header') { - Horde_Auth::setCredential('password', $_SERVER[$this->_params['password_header']]); - } elseif ($this->_params['password_holder'] == 'preferences') { - Horde_Auth::setCredential('password', $GLOBALS['prefs']->getValue($this->_params['password_preference'])); + switch ($this->_params['password_holder']) { + case 'header': + $this->_credentials['credentials'] = array( + 'password' => $_SERVER[$this->_params['password_header']] + ); + break; + + case 'preferences': + $this->_credentials['credentials'] = array( + 'password' => $_SERVER[$this->_params['password_preference']] + ); } return true; -- 2.11.0