ona  18.1.1
About: OpenNetAdmin provides a database managed inventory of your IP network (with Web and CLI interface).
  Fossies Dox: ona-18.1.1.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

functions_auth.inc.php
Go to the documentation of this file.
1 <?php
2 
3 $auth = '';
4 
5 
17 function load_auth_class($authtype='') {
18  global $base, $conf;
19  // define a variable having the path to our auth classes
20  define('ONA_AUTH', $base.'/include/auth');
21 
22  // use the system configured authtype if one was not passed in
23  if (!$authtype) $authtype = $conf['authtype'];
24 
25  // If we STILL dont have an auth type set, use the local one as default
26  if (!$authtype) $authtype = 'local';
27 
28  // clear out the auth variable
29  unset($auth);
30 
31  // load the the backend auth functions and instantiate the auth object
32  if (@file_exists(ONA_AUTH.'/'.$authtype.'.class.php')) {
33  require_once(ONA_AUTH.'/local.class.php');
34  require_once(ONA_AUTH.'/'.$authtype.'.class.php');
35 
36 //FIXME: add some error logging in the web gui if we get failures here
37  $auth_class = "auth_".$authtype;
38  if (class_exists($auth_class)) {
39  $auth = new $auth_class();
40  if ($auth->success == false) {
41  // degrade to unauthenticated user
42  unset($auth);
43  unset($_SESSION['ona']['auth']);
44  printmsg("ERROR => Failure loading auth module: {$conf['authtype']}.", 0);
45  }
46  } else {
47  printmsg("ERROR => Unable to find auth class: {$auth_class}.", 0);
48  }
49  } else {
50  printmsg("ERROR => Auth module {$authtype} not in path: ".ONA_AUTH, 0);
51  }
52  return($auth);
53 }
54 
55 
65 function get_authentication($login_name='', $login_password='') {
66  global $base, $conf, $self, $onadb, $auth;
67 
68  $js = "el('loginmsg').innerHTML = '<span style=\"color: green;\">Success!</span>'; setTimeout('removeElement(\'tt_loginform\')',1000);";
69 
70  // Validate the userid was passed and is "clean"
71  if (!preg_match('/^[A-Za-z0-9.\-_]+$/', $login_name)) {
72  $js = "el('loginmsg').innerHTML = 'Bad username format';";
73  printmsg("ERROR => Login failure for {$login_name}: Bad username format", 0);
74  return(array(1, $js));
75  }
76 
77 
78  // Force guest logins to only use local auth module
79  if ($login_name == 'guest') {
80  printmsg("DEBUG => Guest user login, forcing local auth.",1);
81  // create new authentication class
82  $auth = load_auth_class('local');
83  $conf['authtype']='local';
84  } else {
85  // create new authentication class
87  }
88 
89  // Check user/pass authentication
90  $authresult = $auth->checkPass($login_name,$login_password);
91 
92  // If we do not find a valid user, fall back to local auth
93  if ($auth->founduser === false) {
94  // Fall back to local database to see if we have something there
95  if ($conf['authtype'] != 'local') {
96  printmsg("DEBUG => Unable to find user via auth_{$conf['authtype']}, falling back to local auth_local.",1);
97  $auth = load_auth_class('local');
98  $authresult = $auth->checkPass($login_name,$login_password);
99  if ($auth->founduser === false) {
100  $js = "el('loginmsg').innerHTML = 'Unknown user';";
101  printmsg("ERROR => Login failure for {$login_name}: Unknown user", 0);
102  return(array(1, $js));
103  }
104  // override the system configured authtype for now
105  $conf['authtype']='local';
106  }
107  }
108 
109  // If we do not get a positive authentication of user/pass then fail
110  if ($authresult === false) {
111  $js = "el('loginmsg').innerHTML = 'Password incorrect';";
112  printmsg("ERROR => Login failure for {$login_name} using authtype {$conf['authtype']}: Password incorrect", 0);
113  return(array(1, $js));
114  }
115 
116  // If the password is good.. return success.
117  printmsg("INFO => Authentication Successful for {$login_name} using authtype: {$conf['authtype']}", 1);
118  return(array(0, $js));
119 }
120 
121 
122 
132 function get_perms($login_name='') {
133  global $conf, $self, $onadb, $auth;
134 
135  // We'll be populating these arrays
136  $user = array();
137  $groups = array();
138  $permissions = array();
139 
140  printmsg("INFO => Authorization Starting for {$login_name}", 1);
141 
142  // get user information and groups from the previously populated auth class
143  $userinfo = $auth->getUserData($login_name);
144  if ($userinfo === false) printmsg("INFO => Failed to get user information for user: {$login_name}", 0);
145 
146  // If this is the local auth type, check local user permissions
147  // MP: This code should not be here but there is really not a better spot.
148  //if ($conf['authtype'] == 'local') {
149  // Load the users permissions based on their user_id.
150  // this is specific permissions for user, outside of group permissions
151  list($status, $rows, $records) = db_get_records($onadb, 'permission_assignments', array('user_id' => $userinfo['id']));
152  foreach ($records as $record) {
153  list($status, $rows, $perm) = db_get_record($onadb, 'permissions', array('id' => $record['perm_id']));
154  $permissions[$perm['name']] = $perm['id'];
155  }
156  //}
157 
158 
159  // Load the users permissions based on their group ids
160  foreach ((array)$userinfo['grps'] as $group => $grpid) {
161  // Look up the group id stored in local tables using the name
162  list($status, $rows, $grp) = db_get_record($onadb, 'groups', array('name' => $group));
163  // get permission assignments per group id
164  list($status, $rows, $records) = db_get_records($onadb, 'permission_assignments', array('group_id' => $grp['id']));
165  foreach ($records as $record) {
166  list($status, $rows, $perm) = db_get_record($onadb, 'permissions', array('id' => $record['perm_id']));
167  $permissions[$perm['name']] = $perm['id'];
168  }
169  }
170 
171  // Save stuff in the session
172  unset($_SESSION['ona']['auth']);
173  $_SESSION['ona']['auth']['user'] = $userinfo;
174  $_SESSION['ona']['auth']['perms'] = $permissions;
175 
176  // Log that the user logged in
177  printmsg("INFO => Loaded permissions for " . $login_name, 2);
178  return true;
179 
180 }
181 
182 
183 
205 function auth_cryptPassword($clear,$method='',$salt=null){
206  global $conf;
207  if(empty($method)) $method = $conf['passcrypt'];
208 
209  //prepare a salt
210  if(is_null($salt)) $salt = md5(uniqid(rand(), true));
211 
212  switch(strtolower($method)){
213  case 'smd5':
214  if(defined('CRYPT_MD5') && CRYPT_MD5) return crypt($clear,'$1$'.substr($salt,0,8).'$');
215  // when crypt can't handle SMD5, falls through to pure PHP implementation
216  $magic = '1';
217  case 'apr1':
218  //from http://de.php.net/manual/en/function.crypt.php#73619 comment by <mikey_nich at hotmail dot com>
219  if(!$magic) $magic = 'apr1';
220  $salt = substr($salt,0,8);
221  $len = strlen($clear);
222  $text = $clear.'$'.$magic.'$'.$salt;
223  $bin = pack("H32", md5($clear.$salt.$clear));
224  for($i = $len; $i > 0; $i -= 16) {
225  $text .= substr($bin, 0, min(16, $i));
226  }
227  for($i = $len; $i > 0; $i >>= 1) {
228  $text .= ($i & 1) ? chr(0) : $clear{0};
229  }
230  $bin = pack("H32", md5($text));
231  for($i = 0; $i < 1000; $i++) {
232  $new = ($i & 1) ? $clear : $bin;
233  if ($i % 3) $new .= $salt;
234  if ($i % 7) $new .= $clear;
235  $new .= ($i & 1) ? $bin : $clear;
236  $bin = pack("H32", md5($new));
237  }
238  $tmp = '';
239  for ($i = 0; $i < 5; $i++) {
240  $k = $i + 6;
241  $j = $i + 12;
242  if ($j == 16) $j = 5;
243  $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
244  }
245  $tmp = chr(0).chr(0).$bin[11].$tmp;
246  $tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
247  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
248  "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
249  return '$'.$magic.'$'.$salt.'$'.$tmp;
250  case 'md5':
251  return md5($clear);
252  case 'none':
253  return $clear;
254  case 'sha1':
255  return sha1($clear);
256  case 'ssha':
257  $salt=substr($salt,0,4);
258  return '{SSHA}'.base64_encode(pack("H*", sha1($clear.$salt)).$salt);
259  case 'crypt':
260  return crypt($clear,substr($salt,0,2));
261  case 'mysql':
262  //from http://www.php.net/mysql comment by <soren at byu dot edu>
263  $nr=0x50305735;
264  $nr2=0x12345671;
265  $add=7;
266  $charArr = preg_split("//", $clear);
267  foreach ($charArr as $char) {
268  if (($char == '') || ($char == ' ') || ($char == '\t')) continue;
269  $charVal = ord($char);
270  $nr ^= ((($nr & 63) + $add) * $charVal) + ($nr << 8);
271  $nr2 += ($nr2 << 8) ^ $nr;
272  $add += $charVal;
273  }
274  return sprintf("%08x%08x", ($nr & 0x7fffffff), ($nr2 & 0x7fffffff));
275  case 'my411':
276  return '*'.sha1(pack("H*", sha1($clear)));
277  case 'kmd5':
278  $key = substr($salt, 16, 2);
279  $hash1 = strtolower(md5($key . md5($clear)));
280  $hash2 = substr($hash1, 0, 16) . $key . substr($hash1, 16);
281  return $hash2;
282  default:
283  printmsg("Unsupported crypt method $method",0);
284  }
285 }
286 
287 
288 
299 function auth_verifyPassword($clear,$crypt){
300  $method='';
301  $salt='';
302 
303  //determine the used method and salt
304  $len = strlen($crypt);
305  if(preg_match('/^\$1\$([^\$]{0,8})\$/',$crypt,$m)){
306  $method = 'smd5';
307  $salt = $m[1];
308  }elseif(preg_match('/^\$apr1\$([^\$]{0,8})\$/',$crypt,$m)){
309  $method = 'apr1';
310  $salt = $m[1];
311  }elseif(substr($crypt,0,6) == '{SSHA}'){
312  $method = 'ssha';
313  $salt = substr(base64_decode(substr($crypt, 6)),20);
314  }elseif($len == 32){
315  $method = 'md5';
316  }elseif($len == 40){
317  $method = 'sha1';
318  }elseif($len == 16){
319  $method = 'mysql';
320  }elseif($len == 41 && $crypt[0] == '*'){
321  $method = 'my411';
322  }elseif($len == 34){
323  $method = 'kmd5';
324  $salt = $crypt;
325  }else{
326  $method = 'crypt';
327  $salt = substr($crypt,0,2);
328  }
329 
330  //crypt and compare
331  if(auth_cryptPassword($clear,$method,$salt) === $crypt){
332  return true;
333  }
334  return false;
335 }
336 
337 
338 
339 
340 ?>
$record
$record['display_name']
Definition: app_advanced_search.inc.php:12
auth_verifyPassword
auth_verifyPassword($clear, $crypt)
Definition: functions_auth.inc.php:299
db_get_records
db_get_records($dbh=0, $table="", $where="", $order="", $rows=-1, $offset=-1)
Definition: functions_db.inc.php:891
$status
$status
Definition: install.php:12
$onadb
global $onadb
Definition: 2-to-3.php:15
get_perms
get_perms($login_name='')
Definition: functions_auth.inc.php:132
$permissions
$permissions
Definition: app_user_info.inc.php:24
printmsg
if(6<=$conf['debug']) printmsg($msg="", $debugLevel=0)
Definition: functions_general.inc.php:48
load_auth_class
load_auth_class($authtype='')
Definition: functions_auth.inc.php:17
$_SESSION
$_SESSION['ona']['auth']
Definition: login.php:14
$conf
global $conf
Definition: 2-to-3.php:15
$auth
$auth
Definition: functions_auth.inc.php:3
$groups
$groups
Definition: app_user_info.inc.php:22
auth_cryptPassword
auth_cryptPassword($clear, $method='', $salt=null)
Definition: functions_auth.inc.php:205
$text
$text
Definition: install.php:11
$self
global $self
Definition: 2-to-3.php:15
db_get_record
db_get_record($dbh=0, $table="", $where="", $order="")
Definition: functions_db.inc.php:708
$base
$base
Definition: 2-to-3.php:8
get_authentication
get_authentication($login_name='', $login_password='')
Definition: functions_auth.inc.php:65