Skip to content

O
OpnSense
Commit a167200a authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner
Browse files
Options

(legacy) spaces, curly braces etc in auth.inc 

(cherry picked from commit 9a9af1b6)
parent 09e02e59
Show whitespace changes
Inline Side-by-side
Showing with 591 additions and 579 deletions
src/etc/inc/auth.inc
View file @ a167200a
<?php <?php
/* /*
Copyright (C) 2014 Deciso B.V. Copyright (C) 2014-2016 Deciso B.V.
Copyright (C) 2010 Ermal Luçi Copyright (C) 2010 Ermal Luçi
Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com> Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
...@@ -50,10 +50,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ ...@@ -50,10 +50,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
$found_host = false; $found_host = false;
/* Either a IPv6 address with or without a alternate port */ /* Either a IPv6 address with or without a alternate port */
if(strstr($_SERVER['HTTP_HOST'], "]")) { if (strstr($_SERVER['HTTP_HOST'], "]")) {
$http_host_port = explode("]", $_SERVER['HTTP_HOST']); $http_host_port = explode("]", $_SERVER['HTTP_HOST']);
/* v6 address has more parts, drop the last part */ /* v6 address has more parts, drop the last part */
if(count($http_host_port) > 1) { if (count($http_host_port) > 1) {
array_pop($http_host_port); array_pop($http_host_port);
$http_host = str_replace(array("[", "]"), "", implode(":", $http_host_port)); $http_host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
} else { } else {
...@@ -63,19 +63,23 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ ...@@ -63,19 +63,23 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
$http_host = explode(":", $_SERVER['HTTP_HOST']); $http_host = explode(":", $_SERVER['HTTP_HOST']);
$http_host = $http_host[0]; $http_host = $http_host[0];
} }
if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or if (is_ipaddr($http_host) || $_SERVER['SERVER_ADDR'] == "127.0.0.1" ||
strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1") strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1") {
$found_host = true; $found_host = true;
if(strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 or }
strcasecmp($http_host, $config['system']['hostname']) == 0) if (strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
strcasecmp($http_host, $config['system']['hostname']) == 0) {
$found_host = true; $found_host = true;
}
if (isset($config['dyndnses']['dyndns']) && !$found_host) if (isset($config['dyndnses']['dyndns']) && !$found_host) {
foreach($config['dyndnses']['dyndns'] as $dyndns) foreach($config['dyndnses']['dyndns'] as $dyndns) {
if(strcasecmp($dyndns['host'], $http_host) == 0) { if (strcasecmp($dyndns['host'], $http_host) == 0) {
$found_host = true; $found_host = true;
break; break;
} }
}
}
if (isset($config['dnsupdates']['dnsupdate']) && !$found_host) { if (isset($config['dnsupdates']['dnsupdate']) && !$found_host) {
foreach ($config['dnsupdates']['dnsupdate'] as $rfc2136) { foreach ($config['dnsupdates']['dnsupdate'] as $rfc2136) {
...@@ -96,8 +100,8 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ ...@@ -96,8 +100,8 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
} }
} }
if($found_host == false) { if ($found_host == false) {
if(!security_checks_disabled()) { if (!security_checks_disabled()) {
display_error_form("501", sprintf(gettext("A potential %sDNS Rebind attack%s has been detected.%sTry to access the router by IP address instead of by hostname."),'<a href="http://en.wikipedia.org/wiki/DNS_rebinding">','</a>','<br />')); display_error_form("501", sprintf(gettext("A potential %sDNS Rebind attack%s has been detected.%sTry to access the router by IP address instead of by hostname."),'<a href="http://en.wikipedia.org/wiki/DNS_rebinding">','</a>','<br />'));
exit; exit;
} }
...@@ -106,10 +110,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ ...@@ -106,10 +110,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
} }
// If the HTTP_REFERER is something other than ourselves then disallow. // If the HTTP_REFERER is something other than ourselves then disallow.
if(function_exists("display_error_form") && !isset($config['system']['webgui']['nohttpreferercheck'])) { if (function_exists("display_error_form") && !isset($config['system']['webgui']['nohttpreferercheck'])) {
if(isset($_SERVER['HTTP_REFERER'])) { if (isset($_SERVER['HTTP_REFERER'])) {
if(file_exists('/tmp/setupwizard_lastreferrer')) { if (file_exists('/tmp/setupwizard_lastreferrer')) {
if($_SERVER['HTTP_REFERER'] == file_get_contents('/tmp/setupwizard_lastreferrer')) { if ($_SERVER['HTTP_REFERER'] == file_get_contents('/tmp/setupwizard_lastreferrer')) {
unlink('/tmp/setupwizard_lastreferrer'); unlink('/tmp/setupwizard_lastreferrer');
header("Refresh: 1; url=index.php"); header("Refresh: 1; url=index.php");
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">"; echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
...@@ -120,15 +124,17 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' ...@@ -120,15 +124,17 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
$found_host = false; $found_host = false;
$referrer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST); $referrer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
$referrer_host = str_replace(array("[", "]"), "", $referrer_host); $referrer_host = str_replace(array("[", "]"), "", $referrer_host);
if($referrer_host) { if ($referrer_host) {
if(strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 if (strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
|| strcasecmp($referrer_host, $config['system']['hostname']) == 0) strcasecmp($referrer_host, $config['system']['hostname']) == 0) {
$found_host = true; $found_host = true;
}
if (!empty($config['system']['webgui']['althostnames']) && !$found_host) { if (!empty($config['system']['webgui']['althostnames']) && !$found_host) {
$althosts = explode(" ", $config['system']['webgui']['althostnames']); $althosts = explode(" ", $config['system']['webgui']['althostnames']);
foreach ($althosts as $ah) { foreach ($althosts as $ah) {
if(strcasecmp($referrer_host, $ah) == 0) { if (strcasecmp($referrer_host, $ah) == 0) {
$found_host = true; $found_host = true;
break; break;
} }
...@@ -153,23 +159,24 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' ...@@ -153,23 +159,24 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
} }
} }
if(!$found_host) { if (!$found_host) {
$found_host = isAuthLocalIP($referrer_host); $found_host = isAuthLocalIP($referrer_host);
if($referrer_host == "127.0.0.1" || $referrer_host == "localhost") { if ($referrer_host == "127.0.0.1" || $referrer_host == "localhost") {
// allow SSH port forwarded connections and links from localhost // allow SSH port forwarded connections and links from localhost
$found_host = true; $found_host = true;
} }
} }
} }
if($found_host == false) { if ($found_host == false) {
if(!security_checks_disabled()) { if (!security_checks_disabled()) {
display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . htmlspecialchars($_SERVER['HTTP_REFERER']) . "). You can disable this check if needed in System -> Advanced -> Admin."); display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . htmlspecialchars($_SERVER['HTTP_REFERER']) . "). You can disable this check if needed in System -> Advanced -> Admin.");
exit; exit;
} }
$security_passed = false; $security_passed = false;
} }
} else } else {
$security_passed = false; $security_passed = false;
}
} }
if (function_exists("display_error_form") && $security_passed) { if (function_exists("display_error_form") && $security_passed) {
...@@ -215,7 +222,6 @@ function index_groups() ...@@ -215,7 +222,6 @@ function index_groups()
global $config, $groupindex; global $config, $groupindex;
$groupindex = array(); $groupindex = array();
if (isset($config['system']['group'])) { if (isset($config['system']['group'])) {
$i = 0; $i = 0;
foreach($config['system']['group'] as $groupent) { foreach($config['system']['group'] as $groupent) {
...@@ -242,7 +248,7 @@ function index_users() ...@@ -242,7 +248,7 @@ function index_users()
} }
return ($userindex); return ($userindex);
} }
function &getUserEntry($name) function &getUserEntry($name)
{ {
...@@ -259,10 +265,13 @@ function &getUserEntryByUID($uid) ...@@ -259,10 +265,13 @@ function &getUserEntryByUID($uid)
{ {
global $config; global $config;
if (is_array($config['system']['user'])) if (is_array($config['system']['user'])) {
foreach ($config['system']['user'] as & $user) foreach ($config['system']['user'] as & $user) {
if ($user['uid'] == $uid) if ($user['uid'] == $uid) {
return $user; return $user;
}
}
}
return false; return false;
} }
...@@ -307,23 +316,24 @@ function get_user_privileges(&$user) ...@@ -307,23 +316,24 @@ function get_user_privileges(&$user)
$privs = array_merge($privs, $group['priv']); $privs = array_merge($privs, $group['priv']);
} }
} }
return $privs; return $privs;
} }
function userHasPrivilege($userent, $privid = false) { function userHasPrivilege($userent, $privid = false)
{
if (!$privid || !is_array($userent)) if (!$privid || !is_array($userent)) {
return false; return false;
}
$privs = get_user_privileges($userent); $privs = get_user_privileges($userent);
if (!is_array($privs)) if (!is_array($privs)) {
return false; return false;
}
if (!in_array($privid, $privs)) if (!in_array($privid, $privs)) {
return false; return false;
}
return true; return true;
} }
...@@ -512,7 +522,6 @@ function local_user_get_groups($user, $all = false) ...@@ -512,7 +522,6 @@ function local_user_get_groups($user, $all = false)
sort($groups); sort($groups);
return $groups; return $groups;
} }
function local_user_set_groups($user, $new_groups = null) function local_user_set_groups($user, $new_groups = null)
...@@ -618,7 +627,6 @@ function local_group_del($group) ...@@ -618,7 +627,6 @@ function local_group_del($group)
function ldap_setup_caenv($authcfg) function ldap_setup_caenv($authcfg)
{ {
unset($caref); unset($caref);
if (empty($authcfg['ldap_caref']) || !strstr($authcfg['ldap_urltype'], "SSL")) { if (empty($authcfg['ldap_caref']) || !strstr($authcfg['ldap_urltype'], "SSL")) {
...@@ -645,25 +653,30 @@ function ldap_setup_caenv($authcfg) ...@@ -645,25 +653,30 @@ function ldap_setup_caenv($authcfg)
} }
function is_account_expired($username) { function is_account_expired($username)
{
$user = getUserEntry($username); $user = getUserEntry($username);
if (isset($user['expires']) && !empty($user['expires'])) { if (isset($user['expires']) && !empty($user['expires'])) {
if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($user['expires'])))) if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($user['expires'])))) {
return true; return true;
} }
}
return false; return false;
} }
function is_account_disabled($username) { function is_account_disabled($username)
{
$user = getUserEntry($username); $user = getUserEntry($username);
if (isset($user['disabled'])) if (isset($user['disabled'])) {
return true; return true;
}
return false; return false;
} }
function auth_get_authserver($name) { function auth_get_authserver($name)
{
global $config; global $config;
if ($name == "Local Database") { if ($name == "Local Database") {
...@@ -674,7 +687,6 @@ function auth_get_authserver($name) { ...@@ -674,7 +687,6 @@ function auth_get_authserver($name) {
); );
} }
if (isset($config['system']['authserver']) && is_array($config['system']['authserver'])) { if (isset($config['system']['authserver']) && is_array($config['system']['authserver'])) {
foreach ($config['system']['authserver'] as $authcfg) { foreach ($config['system']['authserver'] as $authcfg) {
if ($authcfg['name'] == $name) { if ($authcfg['name'] == $name) {
...@@ -696,7 +708,6 @@ function auth_get_authserver($name) { ...@@ -696,7 +708,6 @@ function auth_get_authserver($name) {
if (empty($authcfg['ldap_bindpw'])) { if (empty($authcfg['ldap_bindpw'])) {
$authcfg['ldap_bindpw'] = null; $authcfg['ldap_bindpw'] = null;
} }
} }
return $authcfg; return $authcfg;
} }
...@@ -704,7 +715,8 @@ function auth_get_authserver($name) { ...@@ -704,7 +715,8 @@ function auth_get_authserver($name) {
} }
} }
function auth_get_authserver_list() { function auth_get_authserver_list()
{
global $config; global $config;
$list = array(); $list = array();
...@@ -720,8 +732,8 @@ function auth_get_authserver_list() { ...@@ -720,8 +732,8 @@ function auth_get_authserver_list() {
return $list; return $list;
} }
function authenticate_user($username, $password, $authcfg = NULL) { function authenticate_user($username, $password, $authcfg = NULL)
{
if (empty($authcfg)) { if (empty($authcfg)) {
$authName = 'Local Database'; $authName = 'Local Database';
} else { } else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023