From 55c9cdcbd4973ddf4a836880cbf60c2820e98e31 Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Wed, 10 Mar 2010 19:49:04 +0100
Subject: [PATCH] LSauthCAS : Added CAS authentification support.

---
 public_html/conf/LSauth/config.LSauthCAS.php  |  59 ++++++++
 .../includes/class/class.LSauthCAS.php        | 143 ++++++++++++++++++
 2 files changed, 202 insertions(+)
 create mode 100644 public_html/conf/LSauth/config.LSauthCAS.php
 create mode 100644 public_html/includes/class/class.LSauthCAS.php

diff --git a/public_html/conf/LSauth/config.LSauthCAS.php b/public_html/conf/LSauth/config.LSauthCAS.php
new file mode 100644
index 00000000..6e4af98e
--- /dev/null
+++ b/public_html/conf/LSauth/config.LSauthCAS.php
@@ -0,0 +1,59 @@
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+******************************************************************************/
+
+/*
+ *****************************************************
+ * Configuration of the CAS authentification support *
+ *****************************************************
+ */
+
+// phpCAS Path (http://www.ja-sig.org/wiki/display/CASC/phpCAS)
+define('PHP_CAS_PATH','/usr/share/php/CAS.php');
+
+// phpCAS Debug File
+// define('PHP_CAS_DEBUG_FILE','/tmp/phpCAS.log');
+
+// Disable logout
+define('LSAUTH_CAS_DISABLE_LOGOUT',false);
+
+// CAS Server version (used constant name know by phpCAS : CAS_VERSION_1_0 or CAS_VERSION_2_0)
+define('LSAUTH_CAS_VERSION','CAS_VERSION_2_0');
+
+// CAS Server hostname
+define('LSAUTH_CAS_SERVER_HOSTNAME','cas.univ.fr');
+
+// CAS Server port
+define('LSAUTH_CAS_SERVER_PORT',443);
+
+// CAS Server URI (empty by default)
+// define('LSAUTH_CAS_SERVER_URI','cas/');
+
+// No SSL validation for the CAS server
+define('LSAUTH_CAS_SERVER_NO_SSL_VALIDATION',false);
+
+// CAS server SSL Certificate path
+//define('LSAUTH_CAS_SERVER_SSL_CERT','');
+
+// CAS server SSL CA Certificate path
+//define('LSAUTH_CAS_SERVER_SSL_CACERT','');
+
+?>
diff --git a/public_html/includes/class/class.LSauthCAS.php b/public_html/includes/class/class.LSauthCAS.php
new file mode 100644
index 00000000..8c25b4a9
--- /dev/null
+++ b/public_html/includes/class/class.LSauthCAS.php
@@ -0,0 +1,143 @@
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA	02111-1307, USA.
+
+******************************************************************************/
+
+/**
+ * Gestion de l'authentification d'un utilisateur via une authentification 
+ * CAS
+ *
+ * @author Benjamin Renard <brenard@easter-eggs.com>
+ */
+class LSauthCAS extends LSauth {
+	
+	var $params = array (
+		'displayLoginForm' => false,
+		'displayLogoutBtn' => true
+	);
+
+ /**
+  * Constructor
+	*/
+	public function LSauthCAS() {
+		if (LSsession :: includeFile(PHP_CAS_PATH)) {
+			if (defined('PHP_CAS_DEBUG_FILE')) {
+				phpCAS::setDebug(PHP_CAS_DEBUG_FILE);
+			}
+			phpCAS::client(constant(LSAUTH_CAS_VERSION),LSAUTH_CAS_SERVER_HOSTNAME,LSAUTH_CAS_SERVER_PORT,LSAUTH_CAS_SERVER_URI,false);
+			if (LSAUTH_CAS_SERVER_NO_SSL_VALIDATION) {
+				phpCAS::setNoCasServerValidation();
+			}
+
+			if (defined(LSAUTH_CAS_SERVER_SSL_CERT)) {
+				phpCAS::setCasServerCert(LSAUTH_CAS_SERVER_SSL_CERT);
+			}
+
+			if (defined(LSAUTH_CAS_SERVER_SSL_CACERT)) {
+				phpCAS::setCasServerCACert(LSAUTH_CAS_SERVER_SSL_CACERT);
+			}
+
+			if (LSAUTH_CAS_DISABLE_LOGOUT) {
+				$this -> params['displayLogoutBtn'] = false;
+			}
+
+			return true;
+		}
+		else {
+			LSerror :: addErrorCode('LSauthCAS_01');
+		}
+		return false;
+	}
+
+	/**
+	 * Check Post Data
+	 * 
+	 * @retval array|False Array of post data if exist or False
+	 **/
+	public function getPostData() {
+		if (class_exists('phpCAS')) {
+			// Launch Auth
+			phpCAS::forceAuthentication();
+
+			$this -> authData = array(
+				'username' => phpCAS::getUser(),
+				'password' => '',
+				'ldapserver' => $_REQUEST['LSsession_ldapserver'],
+				'topDn' => $_REQUEST['LSsession_topDn']
+			);
+			return true;
+		}
+		return;
+	}
+	
+	/**
+	 * Check user login
+	 *
+	 * @param[in] $username The username
+	 * @param[in] $password The password
+	 *
+	 * @retval LSldapObject|false The LSldapObject of the user authificated or false 
+	 */
+	public function authenticate() {
+		if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
+			$authobject = new LSsession :: $ldapServer['authObjectType']();
+			$result = $authobject -> searchObject(
+				$this ->	authData['username'],
+				LSsession :: getTopDn(),
+				LSsession :: $ldapServer['authObjectFilter']
+			);
+			$nbresult=count($result);
+			
+			if ($nbresult==0) {
+				// identifiant incorrect
+				LSdebug('identifiant incorrect');
+				LSerror :: addErrorCode('LSauth_01');
+			}
+			else if ($nbresult>1) {
+				// duplication d'authentité
+				LSerror :: addErrorCode('LSauth_02');
+			}
+			else {
+				// Authentication succeeded
+				return $result[0];
+			}
+		}
+		else {
+			LSerror :: addErrorCode('LSauth_03');
+		}
+		return;
+	}
+
+	public function logout() {
+		if(class_exists('phpCAS')) {
+			if ($this -> params['displayLogoutBtn']) {
+				phpCAS :: forceAuthentication();
+				phpCAS :: logout();
+			}
+		}
+	}
+}
+/*
+ * Error Codes
+ */
+LSerror :: defineError('LSauthCAS_01',
+_("LSauthCAS : Failed to load phpCAS.")
+);
+?>