[racktables] / inc / auth.php

<?php
/*

Authentication library for RackTables.

*/

// This function ensures that we don't continue without a legitimate
// username and password.
function authenticate ()
{
	if
	(
		!isset ($_SERVER['PHP_AUTH_USER']) or
		!isset ($_SERVER['PHP_AUTH_PW']) or
		!authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) or
		isset ($_REQUEST['logout'])
	)
	{
		header ('WWW-Authenticate: Basic realm="' . getConfigVar ('enterprise') . ' RackTables access"');
		header ('HTTP/1.0 401 Unauthorized');
		showError ('This system requires authentication. You should use a username and a password.');
		die();
	}
}

// Merge accumulated tags into a single chain, add location-specific
// autotags and try getting access clearance. Page and tab are mandatory,
// operation is optional.
function permitted ($p = NULL, $t = NULL, $o = NULL, $annex = array())
{
	global $pageno, $tabno, $op;
	global
		$user_tags,
		$auto_tags,
		$expl_tags,
		$impl_tags;

	if ($p === NULL)
		$p = $pageno;
	if ($t === NULL)
		$t = $tabno;
	$subject = array_merge
	(
		$user_tags,
		$auto_tags,
		$expl_tags,
		$impl_tags,
		$annex
	);
	$subject[] = array ('tag' => '$page_' . $p);
	$subject[] = array ('tag' => '$tab_' . $t);
	if ($o === NULL and isset ($op))
	{
		$subject[] = array ('tag' => '$op_' . $op);
		$subject[] = array ('tag' => '$any_op');
	}
	return gotClearanceForTagChain ($subject);
}

function accessibleSubpage ($p)
{
	global $user_tags;
	$subject = $user_tags;
	$subject[] = array ('tag' => '$page_' . $p);
	$subject[] = array ('tag' => '$tab_default');
	return gotClearanceForTagChain ($subject);
}

// This function returns TRUE, if username and password are valid.
function authenticated ($username, $password)
{
	global $accounts;
	if (!isset ($accounts[$username]) or $accounts[$username]['user_enabled'] != 'yes')
		return FALSE;
	// Always authenticate the administrator locally, thus giving him a chance
	// to fix broken installation.
	if ($accounts[$username]['user_id'] == 1)
		return authenticated_via_database ($username, $password);
	switch (getConfigVar ('USER_AUTH_SRC'))
	{
		case 'database':
			return authenticated_via_database ($username, $password);
			break;
		case 'ldap':
			return authenticated_via_ldap ($username, $password);
			break;
		default:
			showError ("Unknown user authentication source configured.", __FUNCTION__);
			return FALSE;
			break;
	}
	// and just to be sure...
	return FALSE;
}

function authenticated_via_ldap ($username, $password)
{
	global $ldap_server, $ldap_domain;
	if ($connect = @ldap_connect ($ldap_server))
		if ($bind = @ldap_bind ($connect, "${username}@${ldap_domain}", $password))
		{
			@ldap_close ($connect);
			return TRUE;
		}
	@ldap_close ($connect);
	return FALSE;
}

function authenticated_via_database ($username, $password)
{
	global $accounts;
	if (!defined ('HASH_HMAC'))
	{
		showError ('Fatal error: PHP hash extension is missing', __FUNCTION__);
		die();
	}
	if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
	{
		showError ('Password hash not supported, authentication impossible.', __FUNCTION__);
		die();
	}
	if (!isset ($accounts[$username]['user_password_hash']))
		return FALSE;
	if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH, $password))
		return TRUE;
	return FALSE;
}

// This function returns password hash for given user ID.
function getHashByID ($user_id = 0)
{
	if ($user_id <= 0)
	{
		showError ('Invalid user_id', __FUNCTION__);
		return NULL;
	}
	global $accounts;
	foreach ($accounts as $account)
		if ($account['user_id'] == $user_id)
			return $account['user_password_hash'];
	return NULL;
}

// Likewise.
function getUsernameByID ($user_id = 0)
{
	if ($user_id <= 0)
	{
		showError ('Invalid user_id', __FUNCTION__);
		return NULL;
	}
	global $accounts;
	foreach ($accounts as $account)
		if ($account['user_id'] == $user_id)
			return $account['user_name'];
	showError ("User with ID '${user_id}' not found!");
	return NULL;
}

?>
Commit	Line	Data
b325120a	1	<?php
e673ee24 DO	2	/*
	3
	4	Authentication library for RackTables.
	5
	6	*/
	7
	8	// This function ensures that we don't continue without a legitimate
	9	// username and password.
	10	function authenticate ()
	11	{
e673ee24 DO	12	if
	13	(
	14	!isset ($_SERVER['PHP_AUTH_USER']) or
	15	!isset ($_SERVER['PHP_AUTH_PW']) or
4eb5efb7 DO	16	!authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) or
4eb5efb7 DO	17	isset ($_REQUEST['logout'])
e673ee24 DO	18	)
e673ee24 DO	19	{
9c0b0016	20	header ('WWW-Authenticate: Basic realm="' . getConfigVar ('enterprise') . ' RackTables access"');
e673ee24 DO	21	header ('HTTP/1.0 401 Unauthorized');
	22	showError ('This system requires authentication. You should use a username and a password.');
	23	die();
	24	}
	25	}
	26
da958e52 DO	27	// Merge accumulated tags into a single chain, add location-specific
	28	// autotags and try getting access clearance. Page and tab are mandatory,
	29	// operation is optional.
46f92ff7	30	function permitted ($p = NULL, $t = NULL, $o = NULL, $annex = array())
e673ee24	31	{
da958e52 DO	32	global $pageno, $tabno, $op;
	33	global
	34	$user_tags,
	35	$auto_tags,
	36	$expl_tags,
	37	$impl_tags;
	38
	39	if ($p === NULL)
	40	$p = $pageno;
	41	if ($t === NULL)
	42	$t = $tabno;
	43	$subject = array_merge
	44	(
	45	$user_tags,
	46	$auto_tags,
	47	$expl_tags,
46f92ff7 DO	48	$impl_tags,
46f92ff7 DO	49	$annex
da958e52 DO	50	);
	51	$subject[] = array ('tag' => '$page_' . $p);
	52	$subject[] = array ('tag' => '$tab_' . $t);
	53	if ($o === NULL and isset ($op))
7a4fcf70	54	{
da958e52	55	$subject[] = array ('tag' => '$op_' . $op);
7a4fcf70 DO	56	$subject[] = array ('tag' => '$any_op');
7a4fcf70 DO	57	}
da958e52	58	return gotClearanceForTagChain ($subject);
e673ee24 DO	59	}
e673ee24 DO	60
810e3422	61	function accessibleSubpage ($p)
b9bd9897	62	{
da958e52 DO	63	global $user_tags;
	64	$subject = $user_tags;
	65	$subject[] = array ('tag' => '$page_' . $p);
810e3422	66	$subject[] = array ('tag' => '$tab_default');
da958e52	67	return gotClearanceForTagChain ($subject);
b9bd9897 DO	68	}
b9bd9897 DO	69
e673ee24 DO	70	// This function returns TRUE, if username and password are valid.
	71	function authenticated ($username, $password)
	72	{
	73	global $accounts;
b9bd9897	74	if (!isset ($accounts[$username]) or $accounts[$username]['user_enabled'] != 'yes')
e673ee24	75	return FALSE;
7dfd5e44 DO	76	// Always authenticate the administrator locally, thus giving him a chance
	77	// to fix broken installation.
	78	if ($accounts[$username]['user_id'] == 1)
	79	return authenticated_via_database ($username, $password);
	80	switch (getConfigVar ('USER_AUTH_SRC'))
	81	{
	82	case 'database':
	83	return authenticated_via_database ($username, $password);
	84	break;
	85	case 'ldap':
	86	return authenticated_via_ldap ($username, $password);
	87	break;
	88	default:
	89	showError ("Unknown user authentication source configured.", __FUNCTION__);
	90	return FALSE;
	91	break;
	92	}
	93	// and just to be sure...
	94	return FALSE;
	95	}
	96
	97	function authenticated_via_ldap ($username, $password)
	98	{
ae65938e DO	99	global $ldap_server, $ldap_domain;
	100	if ($connect = @ldap_connect ($ldap_server))
	101	if ($bind = @ldap_bind ($connect, "${username}@${ldap_domain}", $password))
	102	{
	103	@ldap_close ($connect);
	104	return TRUE;
	105	}
	106	@ldap_close ($connect);
7dfd5e44 DO	107	return FALSE;
	108	}
	109
	110	function authenticated_via_database ($username, $password)
	111	{
	112	global $accounts;
	113	if (!defined ('HASH_HMAC'))
	114	{
	115	showError ('Fatal error: PHP hash extension is missing', __FUNCTION__);
	116	die();
	117	}
	118	if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
	119	{
	120	showError ('Password hash not supported, authentication impossible.', __FUNCTION__);
	121	die();
	122	}
	123	if (!isset ($accounts[$username]['user_password_hash']))
	124	return FALSE;
e673ee24 DO	125	if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH, $password))
	126	return TRUE;
	127	return FALSE;
	128	}
	129
e673ee24 DO	130	// This function returns password hash for given user ID.
	131	function getHashByID ($user_id = 0)
	132	{
	133	if ($user_id <= 0)
	134	{
b09549b3	135	showError ('Invalid user_id', __FUNCTION__);
e673ee24 DO	136	return NULL;
	137	}
	138	global $accounts;
	139	foreach ($accounts as $account)
	140	if ($account['user_id'] == $user_id)
	141	return $account['user_password_hash'];
	142	return NULL;
	143	}
	144
b9bd9897 DO	145	// Likewise.
	146	function getUsernameByID ($user_id = 0)
	147	{
	148	if ($user_id <= 0)
	149	{
	150	showError ('Invalid user_id', __FUNCTION__);
	151	return NULL;
	152	}
	153	global $accounts;
	154	foreach ($accounts as $account)
	155	if ($account['user_id'] == $user_id)
	156	return $account['user_name'];
	157	showError ("User with ID '${user_id}' not found!");
	158	return NULL;
	159	}
	160
e673ee24	161	?>