Re: NTLM authentication for MediaWiki

I think that the Auth plugin system still uses the user table because
of MediaWiki options, user references, etc. But you can set it up so
that a user is automagically added to the users table if they
authenticate. Try it, It's worth a shot.

On Wed, 30 Mar 2005 14:28:43 +1200, Alistair Johnson
<JohnsonA-UdX5+4pmwIaO6V2BHUzxHg@xxxxxxxxxxxxxxxx> wrote:
> Thanks Jamie. From quickly looking at it I *think* AuthPlugin is designed to
> operate through the normal logon process.  I'm bypassing that and
> transparently authenticating against NTLM (for Intranet users - Internet
> users will be prompted for a domain username and password).
> 
> If anyone's planning on using the code below I just found out that it breaks
> the preferences screen.  The way to fix that is to set cookies by adding:
>  //set cookies with this info to make life easier for us in the future
>  global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname;
>  $exp = time() + $wgCookieExpiration;
>  setcookie( $wgDBname.'UserID', $row['user_id'], $exp, $wgCookiePath,
> $wgCookieDomain );
>  setcookie( $wgDBname.'UserName', $row['user_name'], $exp, $wgCookiePath,
> $wgCookieDomain );
>  setcookie( $wgDBname.'Token', $row['user_token'], $exp, $wgCookiePath,
> $wgCookieDomain );
> 
> immediately underneath:
>  //set the variables we need to transparently authenticate
>  $sId                    = $row['user_id'];
>  $_SESSION['wsUserID']   = $row['user_id'];
>  $_SESSION['wsUserName'] = $row['user_name'];
>  $_SESSION['wsToken']    = $row['user_token'];
> 
> Cheers,
> 
> al.
> -----Original Message-----
> From: Jamie Bliss 
> [mailto:astronouth7303-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx]
> Sent: Wednesday, 30 March 2005 12:01 p.m.
> To: MediaWiki announcements and site admin list
> Subject: Re: [Mediawiki-l] NTLM authentication for MediaWiki
> 
> Check AuthPlugin.php, as that may let you do it.
> 
> On Wed, 30 Mar 2005 11:57:43 +1200, Alistair Johnson
> <JohnsonA-UdX5+4pmwIaO6V2BHUzxHg@xxxxxxxxxxxxxxxx> wrote:
> > Based on a post from David Cameron (19 Feb 2005) I've hacked up the
> > following modification to loadFromSession (in User.php) which allows
> > authentication against our NTLM database (based on the variable AUTH_USER
> > passed from IIS).
> >
> > I'm trying to avoid hacking the code for 1.4 so if you know a way to
> achieve
> > this without modifying User.php (or another core file) then feedback would
> > be most appreciated.
> >
> > Cheers,
> >
> > al.
> >
> >         /**
> >          * Read datas from session
> >          * @static
> >          */
> >         function loadFromSession() {
> >         global $wgMemc, $wgDBname;
> >
> >         if ( isset( $_SESSION['wsUserID'] ) ) {
> >                 if ( 0 != $_SESSION['wsUserID'] ) {
> >                         $sId = $_SESSION['wsUserID'];
> >                 } else {
> >                         return new User();
> >                 }
> >         } else if ( isset( $_COOKIE["{$wgDBname}UserID"] ) ) {
> >                 $sId = IntVal( $_COOKIE["{$wgDBname}UserID"] );
> >                 $_SESSION['wsUserID'] = $sId;
> >         } else if ( isset($_SERVER["AUTH_USER"])) {
> >                 //Rembrandt modification to allow logon via authentication
> > information
> >               //passed from IIS
> >               global $wgUser;
> >               global $wgDeferredUpdateList;
> >
> >               //get the username
> >               $temp = explode('DOMAINNAME', $_SERVER["AUTH_USER"]);
> //remove
> > the domain name from AUTH_USER
> >               $name = $temp[1];
> >
> >               //pull in the usernames and passwords we'll need for the
> > database lookup
> >               global $wgDBprefix;
> >               global $wgDBuser;
> >               global $wgDBpassword;
> >               global $wgDBserver;
> >               global $wgDBname;
> >
> >               //we'll use PHP's MYSQL module to access the mediawiki
> > database as it's Q&D
> >               mysql_connect($wgDBserver,$wgDBuser,$wgDBpassword);
> >               @mysql_select_db($wgDBname) or die( "Unable to select user
> > database for NTLM authentication");
> >               $query="SELECT * FROM " . $wgDBprefix . "user WHERE
> > LOWER(user_name) = '" . strtolower($name) . "'";
> >               $result = mysql_query($query);
> >               $row = mysql_fetch_array($result, MYSQL_ASSOC);
> >               mysql_close();
> >
> >               //set the variables we need to transparently authenticate
> >               $sId                    = $row['user_id'];
> >               $_SESSION['wsUserID']   = $row['user_id'];
> >                 $_SESSION['wsUserName'] = $row['user_name'];
> >                 $_SESSION['wsToken']    = $row['user_token'];
> >
> >     } else {
> >                 return new User();
> >                 }
> >                 if ( isset( $_SESSION['wsUserName'] ) ) {
> >                         $sName = $_SESSION['wsUserName'];
> >                 } else if ( isset( $_COOKIE["{$wgDBname}UserName"] ) ) {
> >                         $sName = $_COOKIE["{$wgDBname}UserName"];
> >                         $_SESSION['wsUserName'] = $sName;
> >                 } else {
> >                         return new User();
> >                 }
> >
> >                 $passwordCorrect = FALSE;
> >                 $user = $wgMemc->get( $key = "$wgDBname:user:id:$sId" );
> >                 if($makenew = !$user) {
> >                         wfDebug( "User::loadFromSession() unable to load
> > from memcached\n" );
> >                         $user = new User();
> >                         $user->mId = $sId;
> >                         $user->loadFromDatabase();
> >                 } else {
> >                         wfDebug( "User::loadFromSession() got from
> cache!\n"
> > );
> >                 }
> >
> >                 if ( isset( $_SESSION['wsToken'] ) ) {
> >                         $passwordCorrect = $_SESSION['wsToken'] ==
> > $user->mToken;
> >                 } else if ( isset( $_COOKIE["{$wgDBname}Token"] ) ) {
> >                         $passwordCorrect = $user->mToken ==
> > $_COOKIE["{$wgDBname}Token"];
> >                 } else {
> >                         return new User(); # Can't log in from session
> >                 }
> >
> >                 if ( ( strtolower($sName) == strtolower($user->mName) ) &&
> > $passwordCorrect ) { //modified to allow for case differences between
> > mediawiki and NTLM usernames
> >                         if($makenew) {
> >                                 if($wgMemc->set( $key, $user )) {
> >                                         wfDebug( "User::loadFromSession()
> > successfully saved user\n" );
> >                                 } else {
> >                                         wfDebug( "User::loadFromSession()
> > unable to save to memcached\n" );
> >                                 }
> >                         }
> >                         $user->spreadBlock();
> >                         return $user;
> >                 }
> >
> >                 return new User(); # Can't log in from session
> >         }
> > _______________________________________________
> > MediaWiki-l mailing list
> > MediaWiki-l-T31ubCBy5U6GglJvpFV4uA@xxxxxxxxxxxxxxxx
> > http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
> >
> 
> --
> -------------------------------------------------------------------
> http://endeavour.zapto.org/astro73/
> Thank you to JosephM for inviting me to Gmail!
> Has lots of invites.
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l-T31ubCBy5U6GglJvpFV4uA@xxxxxxxxxxxxxxxx
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l-T31ubCBy5U6GglJvpFV4uA@xxxxxxxxxxxxxxxx
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
> 


-- 
-------------------------------------------------------------------
http://endeavour.zapto.org/astro73/
Thank you to JosephM for inviting me to Gmail!
Has lots of invites.