xmlrpc: support authentication using API keys

authenticate_user() is not being called by anyone else so move it to xmlrpc.php and extend it to allow for API keys to work. Since the authentication in this page is always bound to local credentials it makes sense to extend the user-based access with the API key-based access as they don't get in the way of each other. PR: https://github.com/travisghansen/hass-opnsense/discussions/6
2026-03-16 09:34:39 +00:00 · 2021-11-18 08:45:25 +01:00 · 2021-11-18 08:45:25 +01:00 · a425eed175
commit a425eed175
parent f83a74d496
2 changed files with 24 additions and 15 deletions
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@ -815,14 +815,3 @@ function get_authenticator($authcfg = null)
    $authFactory = new OPNsense\Auth\AuthenticationFactory();
    return $authFactory->get($authName);
 }
-
-function authenticate_user($username, $password, $authcfg = null)
-{
-    $authenticator = get_authenticator($authcfg);
-    if ($authenticator != null) {
-        return $authenticator->authenticate($username, $password);
-    } else {
-        log_error('Unable to retrieve authenticator for ' . $username);
-        return false;
-    }
-}
--- a/src/www/xmlrpc.php
+++ b/src/www/xmlrpc.php
@ -1,7 +1,7 @@
 <?php

 /*
- * Copyright (C) 2015 Deciso B.V.
+ * Copyright (C) 2015-2021 Deciso B.V.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@ -41,17 +41,37 @@ function http_basic_auth($http_auth_header)
    if (count($tags) >= 2) {
        $userinfo= explode(':', base64_decode($tags[1]), 2);
        if (count($userinfo) == 2) {
-            if (authenticate_user($userinfo[0], $userinfo[1])) {
+            $username = authenticate_user($userinfo[0], $userinfo[1]);
+            if ($username !== false) {
                $aclObj = new \OPNsense\Core\ACL();
-                return $aclObj->isPageAccessible($userinfo[0], '/xmlrpc.php');
+                return $aclObj->isPageAccessible($username, '/xmlrpc.php');
            }
        }
    }

-    // not authenticated
+    /* not authenticated */
    return false;
 }

+function authenticate_user($username, $password)
+{
+    $authFactory = new OPNsense\Auth\AuthenticationFactory();
+
+    foreach(['Local Database', 'Local API'] as $authName) {
+        $authenticator = $authFactory->get($authName);
+        if ($authenticator != null && $authenticator->authenticate($username, $password)) {
+            $authResult = $authenticator->getLastAuthProperties();
+            if (array_key_exists('username', $authResult)) {
+	        $username = $authResult['username'];
+	    }
+            return $username;
+        }
+    }
+
+    log_error('Unable to retrieve authenticator for ' . $username);
+
+    return false;
+}

 /**
 *   Simple XML-RPC server using IXR_Library