From 3fdbd17d3dcc7f850a19d6344e45e2b7b33f3a38 Mon Sep 17 00:00:00 2001
From: Andrew McMillan <andrew@morphoss.com>
Date: Sat, 26 Sep 2009 21:06:20 +1200
Subject: [PATCH] Patch to support Kerberos from Benedikt Elser.

---
 inc/drivers_ldap.php | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/inc/drivers_ldap.php b/inc/drivers_ldap.php
index 666eebec..8f0cef3b 100644
--- a/inc/drivers_ldap.php
+++ b/inc/drivers_ldap.php
@@ -152,7 +152,8 @@ class ldapDrivers
     * @param string $passwd password to check
     * @return array Contains selected attributes from all entries corresponding to the given filter
     */
-  function requestUser( $filter, $attributes=NULL, $passwd) {
+  function requestUser( $filter, $attributes=NULL, $username, $passwd) {
+    global $c;
 
     $entry=NULL;
     // We get the DN of the USER
@@ -175,11 +176,20 @@ class ldapDrivers
     }
 
     $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
-    if ( !@ldap_bind($this->connect, $dnUser, $passwd) ) {
-      dbg_error_log( "LDAP", "drivers_ldap : Failed to bind to user %s using password %s", $dnUser, $passwd );
-      return false;
+    
+    if ($c->authenticate_hook['config']['i_use_mode_kerberos'] == "i_know_what_i_am_doing") {
+    	dbg_error_log( "LOG", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REMOTE_USER"]);
+    	if ($username != $_SERVER["REMOTE_USER"]) {
+		return false;
+	 }
+    } else {
+      if ( !@ldap_bind($this->connect, $dnUser, $passwd) ) {
+        dbg_error_log( "LDAP", "drivers_ldap : Failed to bind to user %s using password %s", $dnUser, $passwd );
+        return false;
+      }
     }
 
+
     dbg_error_log( "LDAP", "drivers_ldap : Bound to user %s using password %s", $dnUser, $passwd );
 
     $i = ldap_first_entry($this->connect,$entry);
@@ -268,8 +278,7 @@ function LDAP_check($username, $password ){
   }
 
   $filter = "(&$filter_munge(".$mapping["username"]."=$username))";
-  dbg_error_log( "LDAP", "checking user %s for password %s against LDAP",$username,$password );
-  $valid = $ldapDriver->requestUser( $filter, $attributes, $password );
+  $valid = $ldapDriver->requestUser( $filter, $attributes, $username, $password );
 
   // is a valid user or not
   if ( !$valid ) {