Merge pull request phpipam#10 from GOVCERT-LU/dev/kerberos-apache

adding new feature, kerboros login over apache config

Author: phpipam

db/SCHEMA.sql

@@ -130,7 +130,7 @@ CREATE TABLE `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(25) CHARACTER SET utf8 NOT NULL DEFAULT '',
  `real_name` varchar(128) CHARACTER SET utf8 DEFAULT NULL,
- `auth_method` set('local','ad') COLLATE utf8_bin NOT NULL DEFAULT 'local',
+ `auth_method` set('local','ad', 'krb') COLLATE utf8_bin NOT NULL DEFAULT 'local',
  `password` char(128) COLLATE utf8_bin DEFAULT NULL,
  `role` set('user','operator','administrator') CHARACTER SET utf8 NOT NULL DEFAULT 'user',
  `email` varchar(64) CHARACTER SET utf8 NOT NULL DEFAULT '',

functions/classes/class.User.php

@@ -131,8 +131,9 @@ class User extends Common_functions {
  * @access public
  */
 public function __construct (Database_PDO $database) {
- # set result
- $this->Result = new Result ();
+ if (isset( $_SERVER['REMOTE_USER'] )) { $_SESSION['trapusername'] = $_SERVER['REMOTE_USER']; }
+ # set result
+ $this->Result = new Result ();
 # Save database object
 $this->Database = $database;
 # register new session
@@ -395,6 +396,30 @@ private function auth_check_local ($username, $password) {
  $this->Result->show("danger", _("Invalid username or password"), true);
  }
  }
+ 
+ /**
+ * kerberos user authentication method, authenticates users through apache kerberos
+ * module, if user is set, authentification is ok
+ *
+ * @access private
+ * @param mixed $username
+ * @return void
+ */
+ private function auth_check_krb ($username, $password) {
+ # auth ok
+ if(isset($_SERVER['REMOTE_USER'])) {
+ # save to session
+ $this->write_session_parameters ();
+ # print success
+ $this->Result->show("success", _("Login successful"));
+ # write last logintime
+ $this->update_login_time ();
+ }
+ # auth failed
+ else {
+ $this->Result->show("danger", _("Invalid username or password"), true);
+ }
+ }
 
 /**
  *	Authenticate against a directory