lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 00:54:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

(auth) add authentication factory including basic interface for retrieval of connector objects

Browse Source
This commit is contained in:
Ad Schellevis 2015-09-24 20:40:36 +02:00
parent 5df05e9e97
commit 7a9b57ca18
2 changed files with 167 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
src/opnsense/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php Normal file
View File

@ -0,0 +1,116 @@
<?php
/**
* Copyright (C) 2015 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Auth;
use OPNsense\Core\Config;
/**
* Class AuthenticationFactory
* @package OPNsense\Auth
*/
class AuthenticationFactory
{
/**
* search already known local userDN's into simple mapping if auth method is current standard method
*/
private function fetchUserDNs($authserver = null)
{
$result = array();
$configObj = Config::getInstance()->object();
if ($authserver == null || (isset($configObj->system->webgui->authmode) &&
(string)$configObj->system->webgui->authmode == $authserver)) {
foreach ($configObj->system->children() as $key => $value) {
if ($key == 'user' && !empty($value->user_dn)) {
$result[(string)$value->name] = (string)$value->user_dn;
}
}
}
return $result;
}
/**
* request list of configured servers, the factory needs to be aware of it's options and settings to
* be able to instantiate useful connectors.
* @return array list of configured servers
*/
public function listServers()
{
$servers = array();
$servers['Local Database'] = array("name" => "Local Database", "type" => "local");
$configObj = Config::getInstance()->object();
foreach ($configObj->system->children() as $key => $value) {
if ($key == 'authserver' && !empty($value->type) && !empty($value->name)) {
$authServerSettings = array();
foreach ($value as $itemKey => $itemValue) {
$authServerSettings[$itemKey] = (string)$itemValue;
}
$servers[$authServerSettings['name']] = $authServerSettings;
}
}
return $servers;
}
/**
* get new authenticator
* @param $authserver authentication server name
* @return IAuthConnector|null
*/
public function get($authserver)
{
$localUserMap = array();
$servers = $this->listServers();
// create a new auth connector
if (isset($servers[$authserver]['type'])) {
switch ($servers[$authserver]['type']) {
case 'local':
$authObject = new Local();
break;
case 'ldap':
$authObject = new LDAP();
$localUserMap = $this->fetchUserDNs();
break;
default:
$authObject = null;
}
if ($authObject != null) {
$props = $servers[$authserver];
// when a local user exist and has a different (distinguished) name on the authenticator we already
// know of, we send the mapping to the authenticator as property "local_users".
$props['local_users'] = $localUserMap;
$authObject->setProperties($props);
return $authObject;
}
}
return null;
}
}

51
src/opnsense/mvc/app/library/OPNsense/Auth/IAuthConnector.php Normal file
View File

@ -0,0 +1,51 @@
<?php
/**
* Copyright (C) 2015 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Auth;
/**
* Interface IAuthConnector for authenticator connectors
* @package OPNsense\Auth
*/
interface IAuthConnector
{
/**
* set connector properties
* @param array $config set configuration for this connector to use
*/
public function setProperties($config);
/**
* authenticate user
* @param $username username to authenticate
* @param $password user password
* @return bool
*/
public function authenticate($username, $password);
}