Commit 4e16a075 authored by Franco Fichtner's avatar Franco Fichtner

auth: parse for "\0", allow empty password for #998

parent 803af492
#!/usr/local/bin/php #!/usr/local/bin/php
<?php <?php
/** /**
* Copyright (C) 2016 Deciso B.V. * Copyright (C) 2016 Deciso B.V.
* *
...@@ -28,28 +29,34 @@ ...@@ -28,28 +29,34 @@
* *
*/ */
require_once("config.inc"); require_once("config.inc");
require_once("auth.inc"); require_once("auth.inc");
// parse received auth data (key=value combinations) // parse received auth data (key=value combinations separated by "\0")
// user=<name> // user=<name>
// password=<password> // password=<password>
// service=<pam service> (to be implemented) // service=<pam service> (to be implemented)
$fp = fopen('php://stdin', 'r'); $fp = fopen('php://stdin', 'r');
$auth_data = array(); $auth_data = array();
while (!empty($line=trim(fgets($fp)))) { $line = '';
$parts = explode("=", $line);
if (count($parts) >= 2) { while (($char = fgetc($fp)) !== false) {
// key value pair if ($char !== "\0") {
$propname = array_shift($parts); $line .= $char;
$propvalue = implode("=", $parts); } elseif (strlen($line)) {
$auth_data[$propname] = $propvalue; $parts = explode('=', $line, 2);
if (count($parts) == 2) {
$auth_data[$parts[0]] = $parts[1];
}
$line = '';
} else {
break;
} }
} }
$exit_status = -1; $exit_status = -1;
if (!empty($auth_data['user']) && !empty($auth_data['password'])) { if (!empty($auth_data['user']) && isset($auth_data['password'])) {
$authcfg = auth_get_authserver("Local Database"); $authcfg = auth_get_authserver("Local Database");
$authcfg_fallback = auth_get_authserver("Local Database"); $authcfg_fallback = auth_get_authserver("Local Database");
...@@ -82,4 +89,5 @@ if (!empty($auth_data['user']) && !empty($auth_data['password'])) { ...@@ -82,4 +89,5 @@ if (!empty($auth_data['user']) && !empty($auth_data['password'])) {
// failed auth, return exit status -1 // failed auth, return exit status -1
closelog(); closelog();
exit($exit_status); exit($exit_status);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment