r2108 + introduce $any_op autotag
[racktables] / inc / auth.php
1 <?php
2 /*
3
4 Authentication library for RackTables.
5
6 */
7
8 // This function ensures that we don't continue without a legitimate
9 // username and password.
10 function authenticate ()
11 {
12 if
13 (
14 !isset ($_SERVER['PHP_AUTH_USER']) or
15 !isset ($_SERVER['PHP_AUTH_PW']) or
16 !authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) or
17 isset ($_REQUEST['logout'])
18 )
19 {
20 header ('WWW-Authenticate: Basic realm="' . getConfigVar ('enterprise') . ' RackTables access"');
21 header ('HTTP/1.0 401 Unauthorized');
22 showError ('This system requires authentication. You should use a username and a password.');
23 die();
24 }
25 }
26
27 // Merge accumulated tags into a single chain, add location-specific
28 // autotags and try getting access clearance. Page and tab are mandatory,
29 // operation is optional.
30 function permitted ($p = NULL, $t = NULL, $o = NULL, $annex = array())
31 {
32 global $pageno, $tabno, $op;
33 global
34 $user_tags,
35 $auto_tags,
36 $expl_tags,
37 $impl_tags;
38
39 if ($p === NULL)
40 $p = $pageno;
41 if ($t === NULL)
42 $t = $tabno;
43 $subject = array_merge
44 (
45 $user_tags,
46 $auto_tags,
47 $expl_tags,
48 $impl_tags,
49 $annex
50 );
51 $subject[] = array ('tag' => '$page_' . $p);
52 $subject[] = array ('tag' => '$tab_' . $t);
53 if ($o === NULL and isset ($op))
54 {
55 $subject[] = array ('tag' => '$op_' . $op);
56 $subject[] = array ('tag' => '$any_op');
57 }
58 return gotClearanceForTagChain ($subject);
59 }
60
61 function accessibleSubpage ($p)
62 {
63 global $user_tags;
64 $subject = $user_tags;
65 $subject[] = array ('tag' => '$page_' . $p);
66 $subject[] = array ('tag' => '$tab_default');
67 return gotClearanceForTagChain ($subject);
68 }
69
70 // This function returns TRUE, if username and password are valid.
71 function authenticated ($username, $password)
72 {
73 global $accounts;
74 if (!isset ($accounts[$username]) or $accounts[$username]['user_enabled'] != 'yes')
75 return FALSE;
76 // Always authenticate the administrator locally, thus giving him a chance
77 // to fix broken installation.
78 if ($accounts[$username]['user_id'] == 1)
79 return authenticated_via_database ($username, $password);
80 switch (getConfigVar ('USER_AUTH_SRC'))
81 {
82 case 'database':
83 return authenticated_via_database ($username, $password);
84 break;
85 case 'ldap':
86 return authenticated_via_ldap ($username, $password);
87 break;
88 default:
89 showError ("Unknown user authentication source configured.", __FUNCTION__);
90 return FALSE;
91 break;
92 }
93 // and just to be sure...
94 return FALSE;
95 }
96
97 function authenticated_via_ldap ($username, $password)
98 {
99 global $ldap_server, $ldap_domain;
100 if ($connect = @ldap_connect ($ldap_server))
101 if ($bind = @ldap_bind ($connect, "${username}@${ldap_domain}", $password))
102 {
103 @ldap_close ($connect);
104 return TRUE;
105 }
106 @ldap_close ($connect);
107 return FALSE;
108 }
109
110 function authenticated_via_database ($username, $password)
111 {
112 global $accounts;
113 if (!defined ('HASH_HMAC'))
114 {
115 showError ('Fatal error: PHP hash extension is missing', __FUNCTION__);
116 die();
117 }
118 if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
119 {
120 showError ('Password hash not supported, authentication impossible.', __FUNCTION__);
121 die();
122 }
123 if (!isset ($accounts[$username]['user_password_hash']))
124 return FALSE;
125 if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH, $password))
126 return TRUE;
127 return FALSE;
128 }
129
130 // This function returns password hash for given user ID.
131 function getHashByID ($user_id = 0)
132 {
133 if ($user_id <= 0)
134 {
135 showError ('Invalid user_id', __FUNCTION__);
136 return NULL;
137 }
138 global $accounts;
139 foreach ($accounts as $account)
140 if ($account['user_id'] == $user_id)
141 return $account['user_password_hash'];
142 return NULL;
143 }
144
145 // Likewise.
146 function getUsernameByID ($user_id = 0)
147 {
148 if ($user_id <= 0)
149 {
150 showError ('Invalid user_id', __FUNCTION__);
151 return NULL;
152 }
153 global $accounts;
154 foreach ($accounts as $account)
155 if ($account['user_id'] == $user_id)
156 return $account['user_name'];
157 showError ("User with ID '${user_id}' not found!");
158 return NULL;
159 }
160
161 ?>