Commit 0d104a9d authored by Ad Schellevis's avatar Ad Schellevis

move local auth functions to abstract base, add groupAllowed(). requirement...

move local auth functions to abstract base, add groupAllowed(). requirement for https://github.com/opnsense/core/issues/1377
parent 324bd755
...@@ -35,7 +35,7 @@ use OPNsense\Core\Config; ...@@ -35,7 +35,7 @@ use OPNsense\Core\Config;
* Class API key/secret database connector (connect to legacy xml structure). * Class API key/secret database connector (connect to legacy xml structure).
* @package OPNsense\Auth * @package OPNsense\Auth
*/ */
class API implements IAuthConnector class API extends Base implements IAuthConnector
{ {
/** /**
* @var array internal list of authentication properties * @var array internal list of authentication properties
......
<?php
/**
* Copyright (C) 2017 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Auth;
use OPNsense\Core\Config;
/**
* Authenticator stub, implements local methods
* @package OPNsense\Auth
*/
abstract class Base
{
/**
* return group memberships
* @param string $username username to find
* @return array
*/
private function groups($username)
{
$groups = array();
$user = $this->getUser($username);
if ($user != null) {
$uid = (string)$user->uid;
$cnf = Config::getInstance()->object();
if (isset($cnf->system->group)) {
foreach ($cnf->system->group as $group) {
if (isset($group->member)) {
foreach ($group->member as $member) {
if ((string)$uid == (string)$member) {
$groups[] = (string)$group->gid;
break;
}
}
}
}
}
}
return $groups;
}
/**
* user allowed in local group
* @param string $username username to check
* @param string $gid group id
* @return boolean
*/
public function groupAllowed($username, $gid)
{
return in_array($gid, $this->groups($username));
}
/**
* find user settings in local database
* @param string $username username to find
* @return SimpleXMLElement|null user settings (xml section)
*/
protected function getUser($username)
{
// search local user in database
$configObj = Config::getInstance()->object();
$userObject = null;
foreach ($configObj->system->children() as $key => $value) {
if ($key == 'user' && !empty($value->name) && (string)$value->name == $username) {
// user found, stop search
$userObject = $value;
break;
}
}
return $userObject;
}
}
...@@ -33,7 +33,7 @@ namespace OPNsense\Auth; ...@@ -33,7 +33,7 @@ namespace OPNsense\Auth;
* Class LDAP connector * Class LDAP connector
* @package OPNsense\Auth * @package OPNsense\Auth
*/ */
class LDAP implements IAuthConnector class LDAP extends Base implements IAuthConnector
{ {
/** /**
* @var int ldap version to use * @var int ldap version to use
......
...@@ -35,7 +35,7 @@ use OPNsense\Core\Config; ...@@ -35,7 +35,7 @@ use OPNsense\Core\Config;
* Class Local user database connector (using legacy xml structure). * Class Local user database connector (using legacy xml structure).
* @package OPNsense\Auth * @package OPNsense\Auth
*/ */
class Local implements IAuthConnector class Local extends Base implements IAuthConnector
{ {
/** /**
* type name in configuration * type name in configuration
...@@ -64,26 +64,6 @@ class Local implements IAuthConnector ...@@ -64,26 +64,6 @@ class Local implements IAuthConnector
return array(); return array();
} }
/**
* find user settings in local database
* @param string $username username to find
* @return SimpleXMLElement|null user settings (xml section)
*/
protected function getUser($username)
{
// search local user in database
$configObj = Config::getInstance()->object();
$userObject = null;
foreach ($configObj->system->children() as $key => $value) {
if ($key == 'user' && !empty($value->name) && (string)$value->name == $username) {
// user found, stop search
$userObject = $value;
break;
}
}
return $userObject;
}
/** /**
* authenticate user against local database (in config.xml) * authenticate user against local database (in config.xml)
* @param string|SimpleXMLElement $username username (or xml object) to authenticate * @param string|SimpleXMLElement $username username (or xml object) to authenticate
......
...@@ -34,7 +34,7 @@ namespace OPNsense\Auth; ...@@ -34,7 +34,7 @@ namespace OPNsense\Auth;
* Class Radius connector * Class Radius connector
* @package OPNsense\Auth * @package OPNsense\Auth
*/ */
class Radius implements IAuthConnector class Radius extends Base implements IAuthConnector
{ {
/** /**
* @var null radius hostname / ip * @var null radius hostname / ip
......
...@@ -36,7 +36,7 @@ use OPNsense\Core\Config; ...@@ -36,7 +36,7 @@ use OPNsense\Core\Config;
* Class Voucher user database connector * Class Voucher user database connector
* @package OPNsense\Auth * @package OPNsense\Auth
*/ */
class Voucher implements IAuthConnector class Voucher extends Base implements IAuthConnector
{ {
/** /**
* @var null reference id * @var null reference id
...@@ -451,4 +451,15 @@ class Voucher implements IAuthConnector ...@@ -451,4 +451,15 @@ class Voucher implements IAuthConnector
return $fields; return $fields;
} }
/**
* groups not supported
* @param string $username username to check
* @param string $gid group id
* @return boolean
*/
public function groupAllowed($username, $gid)
{
return false;
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment