dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't reuse Kerberos ticket (#1389)

This commit is contained in:
Xavier Guimard 2018-03-13 15:04:19 +01:00
parent c833a18939
commit b24503b636
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TODO-2.0.md
View File

@ -1,3 +1,4 @@
* Minimal authn level system (choice only)
* (2ndF/OTP mail)
* Combination/Choice for password (using session data)

11
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
View File

@ -33,6 +33,13 @@ sub init {
sub extractFormInfo {
my ( $self, $req ) = @_;
if ( $req->datas->{_krbUser} ) {
$self->logger->debug( 'Kerberos ticket already validated for '
. $req->datas->{_krbUser} );
return PE_OK;
}
my $auth = $req->env->{HTTP_AUTHORIZATION};
unless ($auth) {
@ -138,7 +145,7 @@ sub extractFormInfo {
return PE_ERROR;
}
$self->userLogger->notice("$client_name authentified by Kerberos");
$req->{_krbUser} = $client_name;
$req->datas->{_krbUser} = $client_name;
if ( $self->conf->{krbRemoveDomain} ) {
$client_name =~ s/^(.*)@.*$/$1/;
}
@ -157,7 +164,7 @@ sub authLogout {
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{krbAuthnLevel};
$req->{sessionInfo}->{_krbUser} = $req->{_krbUser};
$req->{sessionInfo}->{_krbUser} = $req->datas->{_krbUser};
PE_OK;
}