Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
b90babbf
Commit
b90babbf
authored
Sep 12, 2016
by
Ad Schellevis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add opnsense-auth helper for pam support,
https://github.com/opnsense/core/issues/998
parent
7b59e10c
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
85 additions
and
0 deletions
+85
-0
opnsense-auth
src/sbin/opnsense-auth
+85
-0
No files found.
src/sbin/opnsense-auth
0 → 100755
View file @
b90babbf
#!/usr/local/bin/php
<?php
/**
* Copyright (C) 2016 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
require_once
(
"config.inc"
);
require_once
(
"auth.inc"
);
// parse received auth data (key=value combinations)
// user=<name>
// password=<password>
// service=<pam service> (to be implemented)
$fp
=
fopen
(
'php://stdin'
,
'r'
);
$auth_data
=
array
();
while
(
!
empty
(
$line
=
trim
(
fgets
(
$fp
))))
{
$parts
=
explode
(
"="
,
$line
);
if
(
count
(
$parts
)
>=
2
)
{
// key value pair
$propname
=
array_shift
(
$parts
);
$propvalue
=
implode
(
"="
,
$parts
);
$auth_data
[
$propname
]
=
$propvalue
;
}
}
$exit_status
=
-
1
;
if
(
!
empty
(
$auth_data
[
'user'
])
&&
!
empty
(
$auth_data
[
'password'
]))
{
$authcfg
=
auth_get_authserver
(
"Local Database"
);
$authcfg_fallback
=
auth_get_authserver
(
"Local Database"
);
if
(
isset
(
$config
[
'system'
][
'webgui'
][
'authmode'
]))
{
$authcfg
=
auth_get_authserver
(
$config
[
'system'
][
'webgui'
][
'authmode'
]);
}
if
(
!
empty
(
$config
[
'system'
][
'webgui'
][
'authmode_fallback'
]))
{
if
(
$config
[
'system'
][
'webgui'
][
'authmode_fallback'
]
==
"__NO_FALLBACK__"
)
{
// no fallback
$authcfg_fallback
=
false
;
}
else
{
$authcfg_fallback
=
auth_get_authserver
(
$config
[
'system'
][
'webgui'
][
'authmode_fallback'
]);
}
}
if
(
authenticate_user
(
$auth_data
[
'user'
],
$auth_data
[
'password'
],
$authcfg
))
{
// auth OK
syslog
(
LOG_NOTICE
,
"user '"
.
$auth_data
[
'user'
]
.
"' authenticated successfully
\n
"
);
$exit_status
=
0
;
}
elseif
(
$authcfg
!=
$authcfg_fallback
&&
$authcfg_fallback
!==
false
&&
authenticate_user
(
$auth_data
[
'user'
],
$auth_data
[
'password'
],
$authcfg_fallback
))
{
// auth OK, using fallback
syslog
(
LOG_NOTICE
,
"user '"
.
$auth_data
[
'user'
]
.
"' authenticated successfully (using fallback)
\n
"
);
$exit_status
=
0
;
}
else
{
syslog
(
LOG_WARNING
,
"user '"
.
$auth_data
[
'user'
]
.
"' could not authenticate.
\n
"
);
}
}
// failed auth, return exit status -1
closelog
();
exit
(
$exit_status
);
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment