|
@@ -20,11 +20,47 @@ class Auth_Proxy extends Plugin implements IAuthModule {
|
|
|
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
|
|
}
|
|
|
|
|
|
+ /*
|
|
|
+ * is_whitelisted check if an IP is whitelisted by defined values in config.php
|
|
|
+ * it will check by-IP and by-NAME
|
|
|
+ * currently, only exact IP is supported (no cidr, no wildcard); this is a TODO
|
|
|
+ * check by
|
|
|
+ */
|
|
|
+ private function is_whitelisted($client_ip) {
|
|
|
+ if(!defined('AUTHPROXY_WHITELIST_IP') && !defined('AUTHPROXY_WHITELIST_NAME')) {
|
|
|
+ // TODO: send a warning: this is a misconfiguration!
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ if(defined('AUTHPROXY_WHITELIST_IP')) {
|
|
|
+ $whitelist = explode(' ', AUTHPROXY_WHITELIST_IP);
|
|
|
+ foreach($whitelist as $w_ip) {
|
|
|
+ if($client_ip === $w_ip) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if(defined('AUTHPROXY_WHITELIST_NAME')) {
|
|
|
+ $whitelist = explode(' ', AUTHPROXY_WHITELIST_NAME);
|
|
|
+ foreach($whitelist as $w_name) {
|
|
|
+ foreach(gethostbynamel($w_name) as $w_ip) {
|
|
|
+ if($client_ip === $w_ip) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
/**
|
|
|
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
|
|
|
*/
|
|
|
function authenticate($login, $password) {
|
|
|
- // TODO: check source ip!
|
|
|
+ $client_ip = $_SERVER['REMOTE_ADDR'];
|
|
|
+ if($this->is_whitelisted($client_ip) === false) {
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
if(!array_key_exists("HTTP_X_FORWARDED_USER", $_SERVER)) {
|
|
|
return false;
|
|
|
}
|