Package: davical
Version: 0.9.9.4-1
Severity: wishlist
I have setup davical with authenticate_hook call=>PWAUTH_PAM_check,
optional=>true. My problem is that the hook takes several seconds to
fail for unknown users (the ones I set optional to true for, so that
they get authenticated against the postgresql DB), leading to delays
for *every* CalDAV query for these users.
That's easily solved by swapping the order of "call hook" and "check
authentication against DB". Patch attached. Also documentation of
authentication code flow.
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (500, 'stable'), (400, 'testing'), (300, 'unstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_LU.UTF-8, LC_CTYPE=fr_LU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- davical-0.9.9.4.orig/inc/HTTPAuthSession.php
+++ davical-0.9.9.4/inc/HTTPAuthSession.php
@@ -215,6 +215,14 @@
function CheckPassword( $username, $password ) {
global $c;
+ if ( $usr = getUserByName($username) &&
+ ( !isset($c->authenticate_hook || isset($c->authenticate_hook['optional']) && $c->authenticate_hook['optional'] )) ) {
+ dbg_error_log( "BasicAuth", ":CheckPassword: Name:%s, Pass:%s, File:%s, Active:%s", $username, $password, $usr->password, ($usr->active?'Yes':'No') );
+ if ( $usr->active && session_validate_password( $password, $usr->password ) ) {
+ return $usr;
+ }
+ }
+
if ( isset($c->authenticate_hook) && isset($c->authenticate_hook['call']) && function_exists($c->authenticate_hook['call']) ) {
/**
* The authenticate hook needs to:
@@ -239,12 +247,6 @@
}
}
- if ( $usr = getUserByName($username) ) {
- dbg_error_log( "BasicAuth", ":CheckPassword: Name:%s, Pass:%s, File:%s, Active:%s", $username, $password, $usr->password, ($usr->active?'Yes':'No') );
- if ( $usr->active && session_validate_password( $password, $usr->password ) ) {
- return $usr;
- }
- }
return false;
}
diff --git a/config/example-config.php b/config/example-config.php
index 22fb8e9..26bde5d 100644
--- a/config/example-config.php
+++ b/config/example-config.php
@@ -206,9 +206,9 @@ $c->schedule_private_key = 'PRIVATE-KEY-BASE-64-DATA';
* The login mecanism is made in 2 places:
* - for the web interface in: index.php that calls DAViCalSession.php that extends
* Session.php (from AWL libraries)
-* - for the caldav client in: caldav.php that calls BasicAuthSession.php
-* Both Session.php and BasicAuthSession.php check against the
-* authenticate_hook['call'], although for BasicAuthSession.php this will be for
+* - for the caldav client in: caldav.php that calls HTTPAuthSession.php
+* Both Session.php and HTTPAuthSession.php check against the
+* authenticate_hook['call'], although for HTTPAuthSession.php this will be for
* each page. For Session.php this will only occur during login.
*
* $c->authenticate_hook['config'] should be set up with any configuration data
