lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 19:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

move local auth functions to abstract base, add groupAllowed(). requirement for https://github.com/opnsense/core/issues/1377

Browse Source
This commit is contained in:
Ad Schellevis 2017-02-07 19:34:42 +01:00
parent 324bd7555d
commit 0d104a9d79
6 changed files with 114 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/opnsense/mvc/app/library/OPNsense/Auth/API.php
View File

@ -35,7 +35,7 @@ use OPNsense\Core\Config;
* Class API key/secret database connector (connect to legacy xml structure).
* @package OPNsense\Auth
*/
class API implements IAuthConnector
class API extends Base implements IAuthConnector
{
/**
* @var array internal list of authentication properties

98
src/opnsense/mvc/app/library/OPNsense/Auth/Base.php Normal file
View File

@ -0,0 +1,98 @@
<?php
/**
* Copyright (C) 2017 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Auth;
use OPNsense\Core\Config;
/**
* Authenticator stub, implements local methods
* @package OPNsense\Auth
*/
abstract class Base
{
/**
* return group memberships
* @param string $username username to find
* @return array
*/
private function groups($username)
{
$groups = array();
$user = $this->getUser($username);
if ($user != null) {
$uid = (string)$user->uid;
$cnf = Config::getInstance()->object();
if (isset($cnf->system->group)) {
foreach ($cnf->system->group as $group) {
if (isset($group->member)) {
foreach ($group->member as $member) {
if ((string)$uid == (string)$member) {
$groups[] = (string)$group->gid;
break;
}
}
}
}
}
}
return $groups;
}
/**
* user allowed in local group
* @param string $username username to check
* @param string $gid group id
* @return boolean
*/
public function groupAllowed($username, $gid)
{
return in_array($gid, $this->groups($username));
}
/**
* find user settings in local database
* @param string $username username to find
* @return SimpleXMLElement|null user settings (xml section)
*/
protected function getUser($username)
{
// search local user in database
$configObj = Config::getInstance()->object();
$userObject = null;
foreach ($configObj->system->children() as $key => $value) {
if ($key == 'user' && !empty($value->name) && (string)$value->name == $username) {
// user found, stop search
$userObject = $value;
break;
}
}
return $userObject;
}
}

2
src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
View File

@ -33,7 +33,7 @@ namespace OPNsense\Auth;
* Class LDAP connector
* @package OPNsense\Auth
*/
class LDAP implements IAuthConnector
class LDAP extends Base implements IAuthConnector
{
/**
* @var int ldap version to use

22
src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
View File

@ -35,7 +35,7 @@ use OPNsense\Core\Config;
* Class Local user database connector (using legacy xml structure).
* @package OPNsense\Auth
*/
class Local implements IAuthConnector
class Local extends Base implements IAuthConnector
{
/**
* type name in configuration
@ -64,26 +64,6 @@ class Local implements IAuthConnector
return array();
}
/**
* find user settings in local database
* @param string $username username to find
* @return SimpleXMLElement|null user settings (xml section)
*/
protected function getUser($username)
{
// search local user in database
$configObj = Config::getInstance()->object();
$userObject = null;
foreach ($configObj->system->children() as $key => $value) {
if ($key == 'user' && !empty($value->name) && (string)$value->name == $username) {
// user found, stop search
$userObject = $value;
break;
}
}
return $userObject;
}
/**
* authenticate user against local database (in config.xml)
* @param string|SimpleXMLElement $username username (or xml object) to authenticate

2
src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
View File

@ -34,7 +34,7 @@ namespace OPNsense\Auth;
* Class Radius connector
* @package OPNsense\Auth
*/
class Radius implements IAuthConnector
class Radius extends Base implements IAuthConnector
{
/**
* @var null radius hostname / ip

13
src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
View File

@ -36,7 +36,7 @@ use OPNsense\Core\Config;
* Class Voucher user database connector
* @package OPNsense\Auth
*/
class Voucher implements IAuthConnector
class Voucher extends Base implements IAuthConnector
{
/**
* @var null reference id
@ -451,4 +451,15 @@ class Voucher implements IAuthConnector
return $fields;
}
/**
* groups not supported
* @param string $username username to check
* @param string $gid group id
* @return boolean
*/
public function groupAllowed($username, $gid)
{
return false;
}
}