1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 |
- <?php
- class Auth_Proxy extends Plugin implements IAuthModule {
- private $host;
- /* @var Auth_Base $base */
- private $base;
- function about() {
- return array(1.0,
- "Trust proxy X-Forwarded-User. May be dangerous, see doc",
- "boyska",
- true);
- }
- /* @var PluginHost $host */
- function init($host ) {
- $this->host = $host;
- $this->base = new Auth_Base();
- $host->add_hook($host::HOOK_AUTH_USER, $this);
- }
- /*
- * is_whitelisted check if an IP is whitelisted by defined values in config.php
- * it will check by-IP and by-NAME
- * currently, only exact IP is supported (no cidr, no wildcard); this is a TODO
- * check by
- */
- private function is_whitelisted($client_ip) {
- if(!defined('AUTHPROXY_WHITELIST_IP') && !defined('AUTHPROXY_WHITELIST_NAME')) {
- // TODO: send a warning: this is a misconfiguration!
- return false;
- }
- if(defined('AUTHPROXY_WHITELIST_IP')) {
- $whitelist = explode(' ', AUTHPROXY_WHITELIST_IP);
- foreach($whitelist as $w_ip) {
- if($client_ip === $w_ip) {
- return true;
- }
- }
- }
- if(defined('AUTHPROXY_WHITELIST_NAME')) {
- $whitelist = explode(' ', AUTHPROXY_WHITELIST_NAME);
- foreach($whitelist as $w_name) {
- foreach(gethostbynamel($w_name) as $w_ip) {
- if($client_ip === $w_ip) {
- return true;
- }
- }
- }
- }
- return false;
- }
- /**
- * @SuppressWarnings(PHPMD.UnusedFormalParameter)
- */
- function authenticate($login, $password) {
- $client_ip = $_SERVER['REMOTE_ADDR'];
- if($this->is_whitelisted($client_ip) === false) {
- return false;
- }
- if(!array_key_exists("HTTP_X_FORWARDED_USER", $_SERVER)) {
- return false;
- }
- $try_login = $_SERVER["HTTP_X_FORWARDED_USER"];
- if ($try_login) {
- $user_id = $this->base->auto_create_user($try_login, $password);
- if ($user_id) {
- $_SESSION["fake_login"] = $try_login;
- $_SESSION["fake_password"] = "******";
- $_SESSION["hide_hello"] = true;
- $_SESSION["hide_logout"] = true;
- return $user_id;
- }
- }
- return false;
- }
- function api_version() {
- return 2;
- }
- }
|