1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
/**
* Copyright (C) 2015 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Auth;
use OPNsense\Core\Config;
/**
* Class Local user database connector (using legacy xml structure).
* @package OPNsense\Auth
*/
class Local implements IAuthConnector
{
/**
* type name in configuration
* @return string
*/
public static function getType()
{
return 'local';
}
/**
* set connector properties
* @param array $config connection properties
*/
public function setProperties($config)
{
// local authenticator doesn't use any additional settings.
}
/**
* unused
* @return array mixed named list of authentication properties
*/
public function getLastAuthProperties()
{
return array();
}
/**
* find user settings in local database
* @param string $username username to find
* @return SimpleXMLElement|null user settings (xml section)
*/
protected function getUser($username)
{
// search local user in database
$configObj = Config::getInstance()->object();
$userObject = null;
foreach ($configObj->system->children() as $key => $value) {
if ($key == 'user' && !empty($value->name) && (string)$value->name == $username) {
// user found, stop search
$userObject = $value;
break;
}
}
return $userObject;
}
/**
* authenticate user against local database (in config.xml)
* @param string|SimpleXMLElement $username username (or xml object) to authenticate
* @param string $password user password
* @return bool authentication status
*/
public function authenticate($username, $password)
{
if (is_a($username, 'SimpleXMLElement')) {
// user xml section provided
$userObject = $username;
} else {
// get xml section from config
$userObject = $this->getUser($username);
}
if ($userObject != null) {
if (isset($userObject->disabled)) {
// disabled user
return false;
}
if (!empty($userObject->expires)
&& strtotime("-1 day") > strtotime(date("m/d/Y", strtotime((string)$userObject->expires)))) {
// expired user
return false;
}
$passwd = crypt($password, (string)$userObject->password);
if ($passwd == (string)$userObject->password) {
// password ok, return successfully authentication
return true;
}
}
return false;
}
}