/etc/inc/auth.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/auth.inc @ 879811c6

1	6fdc0ab2	Bill Marquette	<?php
2			/* $Id$ */
3			/*
4	6944790a	Scott Ullrich	Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
5	6fdc0ab2	Bill Marquette	All rights reserved.
6
7			Redistribution and use in source and binary forms, with or without
8			modification, are permitted provided that the following conditions are met:
9
10			1. Redistributions of source code must retain the above copyright notice,
11			this list of conditions and the following disclaimer.
12
13			2. Redistributions in binary form must reproduce the above copyright
14			notice, this list of conditions and the following disclaimer in the
15			documentation and/or other materials provided with the distribution.
16
17			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
18			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
19			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
21			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26			POSSIBILITY OF SUCH DAMAGE.
27			*/
28
29			require_once("config.inc");
30			require_once("globals.inc");
31
32			/* We only support file backed HTTP Basic auth right now */
33	bf786a5d	Bill Marquette	$auth_method="htpasswd_backed_basic_auth";
34	6fdc0ab2	Bill Marquette
35			/* Authenticate user - exit if failed (we should have a callback for this maybe) */
36			if (!$auth_method())
37			exit;
38
39			function basic_auth_prompt(){
40	95263be2	Scott Ullrich	header("WWW-Authenticate: Basic realm=\".\"");
41	6fdc0ab2	Bill Marquette	header("HTTP/1.0 401 Unauthorized");
42			echo "You must enter valid credentials to access this resource.";
43			exit;
44			}
45
46	bf786a5d	Bill Marquette	function passwd_backed_basic_auth() {
47	6fdc0ab2	Bill Marquette	global $HTTP_SERVER_VARS;
48
49			$authfile = file("/etc/master.passwd");
50
51			/* Prompt three times and give up */
52			for($attempt = 0; $attempt <= 3; basic_auth_prompt()){
53			$attempt++;
54	bf786a5d	Bill Marquette	/* Check for AUTH_USER */
55	063f8745	Bill Marquette	if ($HTTP_SERVER_VARS['PHP_AUTH_USER'] <> "") {
56			$HTTP_SERVER_VARS['AUTH_USER'] = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
57			$HTTP_SERVER_VARS['AUTH_PW'] = $HTTP_SERVER_VARS['PHP_AUTH_PW'];
58			}
59	bf786a5d	Bill Marquette	if (!isset($HTTP_SERVER_VARS['AUTH_USER']))
60	6fdc0ab2	Bill Marquette	continue;
61
62			/* Check to see if user even exists */
63	bf786a5d	Bill Marquette	$username = $HTTP_SERVER_VARS['AUTH_USER'];
64	6944790a	Scott Ullrich	if(!($line = array_shift(preg_grep("/^$username:.*$/", $authfile))))
65	6d526f38	Scott Ullrich	continue;
66	6fdc0ab2	Bill Marquette
67			/* Get crypted password */
68	3e789a8b	Scott Ullrich	$matches = "";
69			preg_match("/^$username:((\\$1\\$[.\d\w_\/]{8}\\$)[.\d\w_\/]{22})$/", $line, $matches);
70	6fdc0ab2	Bill Marquette	$pass = $matches[1];
71			$salt = $matches[2];
72
73			/* Encrypt entered password with salt */
74	bf786a5d	Bill Marquette	$authpass = crypt($HTTP_SERVER_VARS['AUTH_PW'], $salt);
75	6fdc0ab2	Bill Marquette
76			/* And finally validate password */
77			if($authpass == $pass)
78			return true;
79			else
80			continue;
81			}
82
83			/* Should only get here if user fails login three times */
84			return false;
85			}
86
87	bf786a5d	Bill Marquette	function htpasswd_backed_basic_auth() {
88			global $HTTP_SERVER_VARS;
89
90			$authfile = file("/var/run/htpasswd");
91
92	6944790a	Scott Ullrich	/* sanity check to ensure that /usr/local/www/.htpasswd doesn't exist */
93			unlink_if_exists("/usr/local/www/.htpasswd");
94	5a9edd86	Bill Marquette
95	bf786a5d	Bill Marquette	/* Prompt three times and give up */
96			for($attempt = 0; $attempt <= 3; basic_auth_prompt()){
97			$attempt++;
98	6944790a	Scott Ullrich
99			/* Check for AUTH_USER */
100	063f8745	Bill Marquette	if ($HTTP_SERVER_VARS['PHP_AUTH_USER'] <> "") {
101			$HTTP_SERVER_VARS['AUTH_USER'] = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
102			$HTTP_SERVER_VARS['AUTH_PW'] = $HTTP_SERVER_VARS['PHP_AUTH_PW'];
103			}
104	bf786a5d	Bill Marquette	if (!isset($HTTP_SERVER_VARS['AUTH_USER']))
105			continue;
106
107	6d526f38	Scott Ullrich	/* Check to see if user even exists */
108			$username = $HTTP_SERVER_VARS['AUTH_USER'];
109			if(!($line = array_shift(preg_grep("/^$username:.*$/", $authfile))))
110			continue;
111	bf786a5d	Bill Marquette
112			/* Get crypted password */
113	3e789a8b	Scott Ullrich	$matches = "";
114	7b52f88d	Bill Marquette	preg_match("/^$username:((\\$1\\$[.\d\w_\/]{8}\\$)[.\d\w_\/]{22})$/", $line, $matches);
115	bf786a5d	Bill Marquette	$pass = $matches[1];
116			$salt = $matches[2];
117
118			/* Encrypt entered password with salt */
119			$authpass = crypt($HTTP_SERVER_VARS['AUTH_PW'], $salt);
120
121			/* And finally validate password */
122			if($authpass == $pass)
123			return true;
124			else
125			continue;
126			}
127
128			/* Should only get here if user fails login three times */
129			return false;
130			}
131
132	6d526f38	Scott Ullrich	?>

Project

General

Profile

pfSense