Skip to content

O
OpnSense
Commit 9a9af1b6 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(legacy) spaces, curly braces etc in auth.inc

parent b83aa0d8
Show whitespace changes
Inline Side-by-side
Showing with 591 additions and 579 deletions
src/etc/inc/auth.inc
View file @ 9a9af1b6
<?php
/*
Copyright (C) 2014 Deciso B.V.
Copyright (C) 2014-2016 Deciso B.V.
Copyright (C) 2010 Ermal Luçi
Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
......@@ -50,10 +50,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
$found_host = false;
/* Either a IPv6 address with or without a alternate port */
if(strstr($_SERVER['HTTP_HOST'], "]")) {
if (strstr($_SERVER['HTTP_HOST'], "]")) {
$http_host_port = explode("]", $_SERVER['HTTP_HOST']);
/* v6 address has more parts, drop the last part */
if(count($http_host_port) > 1) {
if (count($http_host_port) > 1) {
array_pop($http_host_port);
$http_host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
} else {
......@@ -63,19 +63,23 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
$http_host = explode(":", $_SERVER['HTTP_HOST']);
$http_host = $http_host[0];
}
if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or
strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1")
if (is_ipaddr($http_host) || $_SERVER['SERVER_ADDR'] == "127.0.0.1" ||
strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1") {
$found_host = true;
if(strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 or
strcasecmp($http_host, $config['system']['hostname']) == 0)
}
if (strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
strcasecmp($http_host, $config['system']['hostname']) == 0) {
$found_host = true;
}
if (isset($config['dyndnses']['dyndns']) && !$found_host)
foreach($config['dyndnses']['dyndns'] as $dyndns)
if(strcasecmp($dyndns['host'], $http_host) == 0) {
if (isset($config['dyndnses']['dyndns']) && !$found_host) {
foreach($config['dyndnses']['dyndns'] as $dyndns) {
if (strcasecmp($dyndns['host'], $http_host) == 0) {
$found_host = true;
break;
}
}
}
if (isset($config['dnsupdates']['dnsupdate']) && !$found_host) {
foreach ($config['dnsupdates']['dnsupdate'] as $rfc2136) {
......@@ -96,8 +100,8 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
}
}
if($found_host == false) {
if(!security_checks_disabled()) {
if ($found_host == false) {
if (!security_checks_disabled()) {
display_error_form("501", sprintf(gettext("A potential %sDNS Rebind attack%s has been detected.%sTry to access the router by IP address instead of by hostname."),'<a href="http://en.wikipedia.org/wiki/DNS_rebinding">','</a>','<br />'));
exit;
}
......@@ -106,10 +110,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
}
// If the HTTP_REFERER is something other than ourselves then disallow.
if(function_exists("display_error_form") && !isset($config['system']['webgui']['nohttpreferercheck'])) {
if(isset($_SERVER['HTTP_REFERER'])) {
if(file_exists('/tmp/setupwizard_lastreferrer')) {
if($_SERVER['HTTP_REFERER'] == file_get_contents('/tmp/setupwizard_lastreferrer')) {
if (function_exists("display_error_form") && !isset($config['system']['webgui']['nohttpreferercheck'])) {
if (isset($_SERVER['HTTP_REFERER'])) {
if (file_exists('/tmp/setupwizard_lastreferrer')) {
if ($_SERVER['HTTP_REFERER'] == file_get_contents('/tmp/setupwizard_lastreferrer')) {
unlink('/tmp/setupwizard_lastreferrer');
header("Refresh: 1; url=index.php");
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
......@@ -120,15 +124,17 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
$found_host = false;
$referrer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
$referrer_host = str_replace(array("[", "]"), "", $referrer_host);
if($referrer_host) {
if(strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0
|| strcasecmp($referrer_host, $config['system']['hostname']) == 0)
if ($referrer_host) {
if (strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
strcasecmp($referrer_host, $config['system']['hostname']) == 0) {
$found_host = true;
}
if (!empty($config['system']['webgui']['althostnames']) && !$found_host) {
$althosts = explode(" ", $config['system']['webgui']['althostnames']);
foreach ($althosts as $ah) {
if(strcasecmp($referrer_host, $ah) == 0) {
if (strcasecmp($referrer_host, $ah) == 0) {
$found_host = true;
break;
}
......@@ -153,23 +159,24 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
}
}
if(!$found_host) {
if (!$found_host) {
$found_host = isAuthLocalIP($referrer_host);
if($referrer_host == "127.0.0.1" || $referrer_host == "localhost") {
if ($referrer_host == "127.0.0.1" || $referrer_host == "localhost") {
// allow SSH port forwarded connections and links from localhost
$found_host = true;
}
}
}
if($found_host == false) {
if(!security_checks_disabled()) {
if ($found_host == false) {
if (!security_checks_disabled()) {
display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . htmlspecialchars($_SERVER['HTTP_REFERER']) . "). You can disable this check if needed in System -> Advanced -> Admin.");
exit;
}
$security_passed = false;
}
} else
} else {
$security_passed = false;
}
}
if (function_exists("display_error_form") && $security_passed) {
......@@ -215,7 +222,6 @@ function index_groups()
global $config, $groupindex;
$groupindex = array();
if (isset($config['system']['group'])) {
$i = 0;
foreach($config['system']['group'] as $groupent) {
......@@ -242,7 +248,7 @@ function index_users()
}
return ($userindex);
}
}
function &getUserEntry($name)
{
......@@ -259,10 +265,13 @@ function &getUserEntryByUID($uid)
{
global $config;
if (is_array($config['system']['user']))
foreach ($config['system']['user'] as & $user)
if ($user['uid'] == $uid)
if (is_array($config['system']['user'])) {
foreach ($config['system']['user'] as & $user) {
if ($user['uid'] == $uid) {
return $user;
}
}
}
return false;
}
......@@ -307,23 +316,24 @@ function get_user_privileges(&$user)
$privs = array_merge($privs, $group['priv']);
}
}
return $privs;
}
function userHasPrivilege($userent, $privid = false) {
if (!$privid || !is_array($userent))
function userHasPrivilege($userent, $privid = false)
{
if (!$privid || !is_array($userent)) {
return false;
}
$privs = get_user_privileges($userent);
if (!is_array($privs))
if (!is_array($privs)) {
return false;
}
if (!in_array($privid, $privs))
if (!in_array($privid, $privs)) {
return false;
}
return true;
}
......@@ -512,7 +522,6 @@ function local_user_get_groups($user, $all = false)
sort($groups);
return $groups;
}
function local_user_set_groups($user, $new_groups = null)
......@@ -618,7 +627,6 @@ function local_group_del($group)
function ldap_setup_caenv($authcfg)
{
unset($caref);
if (empty($authcfg['ldap_caref']) || !strstr($authcfg['ldap_urltype'], "SSL")) {
......@@ -645,25 +653,30 @@ function ldap_setup_caenv($authcfg)
}
function is_account_expired($username) {
function is_account_expired($username)
{
$user = getUserEntry($username);
if (isset($user['expires']) && !empty($user['expires'])) {
if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($user['expires']))))
if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($user['expires'])))) {
return true;
}
}
return false;
}
function is_account_disabled($username) {
function is_account_disabled($username)
{
$user = getUserEntry($username);
if (isset($user['disabled']))
if (isset($user['disabled'])) {
return true;
}
return false;
}
function auth_get_authserver($name) {
function auth_get_authserver($name)
{
global $config;
if ($name == "Local Database") {
......@@ -674,7 +687,6 @@ function auth_get_authserver($name) {
);
}
if (isset($config['system']['authserver']) && is_array($config['system']['authserver'])) {
foreach ($config['system']['authserver'] as $authcfg) {
if ($authcfg['name'] == $name) {
......@@ -696,7 +708,6 @@ function auth_get_authserver($name) {
if (empty($authcfg['ldap_bindpw'])) {
$authcfg['ldap_bindpw'] = null;
}
}
return $authcfg;
}
......@@ -704,7 +715,8 @@ function auth_get_authserver($name) {
}
}
function auth_get_authserver_list() {
function auth_get_authserver_list()
{
global $config;
$list = array();
......@@ -720,8 +732,8 @@ function auth_get_authserver_list() {
return $list;
}
function authenticate_user($username, $password, $authcfg = NULL) {
function authenticate_user($username, $password, $authcfg = NULL)
{
if (empty($authcfg)) {
$authName = 'Local Database';
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023