diff options
author | Bill Marquette <billm@pfsense.org> | 2005-05-16 03:11:48 +0000 |
---|---|---|
committer | Bill Marquette <billm@pfsense.org> | 2005-05-16 03:11:48 +0000 |
commit | bf786a5dff870bffaa916b5526f39599a8ca65e7 (patch) | |
tree | c5320891519352b7ac3bf518a627e6808bd76180 /etc/inc | |
parent | 25540c7cec9407eeb6db8d7d4540d96af6747ca0 (diff) | |
download | pfsense-bf786a5dff870bffaa916b5526f39599a8ca65e7.zip pfsense-bf786a5dff870bffaa916b5526f39599a8ca65e7.tar.gz |
split out auth types (system passwd vs htpasswd)
PHP_AUTH_* no longer exists, change code to use AUTH_* (I think this will be changing back as I believe we're using the wrong mini_httpd patches now)
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/auth.inc | 48 |
1 files changed, 42 insertions, 6 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 7083b86..4eba572 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -30,7 +30,7 @@ require_once("config.inc"); require_once("globals.inc"); /* We only support file backed HTTP Basic auth right now */ -$auth_method="file_backed_basic_auth"; +$auth_method="htpasswd_backed_basic_auth"; /* Authenticate user - exit if failed (we should have a callback for this maybe) */ if (!$auth_method()) @@ -43,7 +43,7 @@ function basic_auth_prompt(){ exit; } -function file_backed_basic_auth() { +function passwd_backed_basic_auth() { global $HTTP_SERVER_VARS; $authfile = file("/etc/master.passwd"); @@ -51,12 +51,12 @@ function file_backed_basic_auth() { /* Prompt three times and give up */ for($attempt = 0; $attempt <= 3; basic_auth_prompt()){ $attempt++; - /* Check for PHP_AUTH_USER */ - if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER'])) + /* Check for AUTH_USER */ + if (!isset($HTTP_SERVER_VARS['AUTH_USER'])) continue; /* Check to see if user even exists */ - $username = $HTTP_SERVER_VARS['PHP_AUTH_USER']; + $username = $HTTP_SERVER_VARS['AUTH_USER']; if(!($line = array_shift(preg_grep("/$username:.*$/", $authfile)))) continue; @@ -66,7 +66,7 @@ function file_backed_basic_auth() { $salt = $matches[2]; /* Encrypt entered password with salt */ - $authpass = crypt($HTTP_SERVER_VARS['PHP_AUTH_PW'], $salt); + $authpass = crypt($HTTP_SERVER_VARS['AUTH_PW'], $salt); /* And finally validate password */ if($authpass == $pass) @@ -79,4 +79,40 @@ function file_backed_basic_auth() { return false; } +function htpasswd_backed_basic_auth() { + global $HTTP_SERVER_VARS; + + $authfile = file("/var/run/htpasswd"); + + /* Prompt three times and give up */ + for($attempt = 0; $attempt <= 3; basic_auth_prompt()){ + $attempt++; + /* Check for AUTH_USER */ + if (!isset($HTTP_SERVER_VARS['AUTH_USER'])) + continue; + + /* Check to see if user even exists */ + $username = $HTTP_SERVER_VARS['AUTH_USER']; + if(!($line = array_shift(preg_grep("/$username:.*$/", $authfile)))) + continue; + + /* Get crypted password */ + preg_match("/$username:((...[0-9A-Za-z_]{8}.)[0-9A-Za-z_]{22})/", $line, $matches); + $pass = $matches[1]; + $salt = $matches[2]; + + /* Encrypt entered password with salt */ + $authpass = crypt($HTTP_SERVER_VARS['AUTH_PW'], $salt); + + /* And finally validate password */ + if($authpass == $pass) + return true; + else + continue; + } + + /* Should only get here if user fails login three times */ + return false; +} + ?> |