summaryrefslogtreecommitdiffstats
path: root/etc/inc/auth.inc
diff options
context:
space:
mode:
authorBill Marquette <billm@pfsense.org>2005-04-08 00:30:11 +0000
committerBill Marquette <billm@pfsense.org>2005-04-08 00:30:11 +0000
commit6fdc0ab2f536d79e8ba2604bf7ecacad34c3897f (patch)
treee123f93a362a19df49c0703f735860d6dee15529 /etc/inc/auth.inc
parent186359bf13385bedb49ec2df0e742e790e60c77e (diff)
downloadpfsense-6fdc0ab2f536d79e8ba2604bf7ecacad34c3897f.zip
pfsense-6fdc0ab2f536d79e8ba2604bf7ecacad34c3897f.tar.gz
Initial commit of PHP side authentication code for pfSense
Diffstat (limited to 'etc/inc/auth.inc')
-rw-r--r--etc/inc/auth.inc82
1 files changed, 82 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
new file mode 100644
index 0000000..7083b86
--- /dev/null
+++ b/etc/inc/auth.inc
@@ -0,0 +1,82 @@
+<?php
+/* $Id$ */
+/*
+ Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("config.inc");
+require_once("globals.inc");
+
+/* We only support file backed HTTP Basic auth right now */
+$auth_method="file_backed_basic_auth";
+
+/* Authenticate user - exit if failed (we should have a callback for this maybe) */
+if (!$auth_method())
+ exit;
+
+function basic_auth_prompt(){
+ header("WWW-Authenticate: Basic realm=\"pfSense\"");
+ header("HTTP/1.0 401 Unauthorized");
+ echo "You must enter valid credentials to access this resource.";
+ exit;
+}
+
+function file_backed_basic_auth() {
+ global $HTTP_SERVER_VARS;
+
+ $authfile = file("/etc/master.passwd");
+
+ /* Prompt three times and give up */
+ for($attempt = 0; $attempt <= 3; basic_auth_prompt()){
+ $attempt++;
+ /* Check for PHP_AUTH_USER */
+ if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']))
+ continue;
+
+ /* Check to see if user even exists */
+ $username = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
+ if(!($line = array_shift(preg_grep("/$username:.*$/", $authfile))))
+ continue;
+
+ /* Get crypted password */
+ preg_match("/$username:((...[0-9A-Za-z_]{8}.)[0-9A-Za-z_]{22})/", $line, $matches);
+ $pass = $matches[1];
+ $salt = $matches[2];
+
+ /* Encrypt entered password with salt */
+ $authpass = crypt($HTTP_SERVER_VARS['PHP_AUTH_PW'], $salt);
+
+ /* And finally validate password */
+ if($authpass == $pass)
+ return true;
+ else
+ continue;
+ }
+
+ /* Should only get here if user fails login three times */
+ return false;
+}
+
+?>
OpenPOWER on IntegriCloud