]> git.defcon.no Git - hermes/blob - api/lib/auth_base.php
dfecae7995e3626e33fcdb4249bfc887136c437a
[hermes] / api / lib / auth_base.php
1 <?php
2 require_once('config.php');
3
4 $config = get_config();
5
6 /*******************************
7 * Load authentication plugin ..
8 *******************************/
9 if ( preg_match('/^\w+$/', $config['auth_backend']))
10 {
11 if ( !@include_once ( 'lib/auth_plugins/' . $config['auth_backend'] . ".php" ) )
12 { print json_encode( array( 'response' => 'error', 'cause' => 'auth-load' ) ); exit; }
13 }
14 else
15 { print json_encode( array( 'response' => 'error', 'cause' => 'config-error' ) ); exit; }
16 /*******************************/
17
18 function apikey_verify( $key )
19 {
20 if ( $key == "6327c08b70f9" ) return 1;
21 return false;
22 }
23
24 function new_key( $hex = false )
25 {
26 // Basically this is at the moment a slightly modified
27 // version of generate_password() from user_functiions.php
28 // The behaviour/output of this function is expected to change
29 // so using generate_password() directly does not make sense...
30 $length = 16;
31 $string = "";
32 while ( strlen( $string ) < $length )
33 {
34 if ( $hex )
35 $string .= substr(md5(rand().rand()), 0, $length);
36 else
37 {
38 $string .= crypt( substr(sha1(rand()), 0, $length) );
39 $string = preg_replace( '/\W/', '', $string);
40 }
41 }
42 return substr( $string, 0, $length );
43 }
44
45 function simple_authfail()
46 {
47 print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Not authorized') );
48 exit;
49 }
50
51 function token_auth( )
52 {
53 global $_GET;
54
55 // TODO: Part of ping/pong requirement.
56 // Run a function to clear all authkeys older than 5 minutes.
57 // expire_authkeys();
58
59 if ( array_key_exists('session', $_GET )
60 && array_key_exists('auth_key', $_GET ) )
61 {
62 if ( ! check_session($_GET['session'] ) ) simple_authfail();
63 if ( ! check_authkey($_GET['auth_key'] ) ) simple_authfail();
64 }
65 else simple_authfail();
66 }
67
68 function get_cookie_path ()
69 {
70 $name = $_SERVER["SCRIPT_NAME"];
71 $file = basename($name);
72 $path = preg_replace("/".$file."/", "", $name);
73 return $path;
74
75 }
76
77 function check_authkey ( $key )
78 {
79 // TODO: Make real, actual checks...
80 if ( $key ) return true;
81 return false;
82 }
83
84 function update_authkey ( $session, $authid )
85 {
86 $key = substr(new_key(), 0, 8);
87 return $key;
88 }
89
90 function check_session ( $name )
91 {
92 session_name( $name );
93 session_start();
94 if ( ! $_SESSION['authid'] )
95 {
96 return clear_credentials($name);
97 }
98 if ( ! $_COOKIE['client_key'] )
99 {
100 return clear_credentials($name);
101 }
102
103 $authid = $_SESSION['authid'];
104 $type = $_SESSION['type'];
105 $client_key = $_COOKIE['client_key'];
106
107 $level = get_authorization( $type, $authid );
108 if ( $level == false )
109 {
110 return clear_credentials($name);
111 }
112
113 $session_key = md5( $name . $authid );
114 if ( $client_key != $session_key )
115 {
116 return clear_credentials($name);
117 }
118
119 // TODO: Database checks?
120
121 // TODO: Refresh cookie
122
123 // If we got this far, things are looking good.
124 return true;
125 }
126
127 function set_credentials( $authid, $type )
128 {
129 $name = new_key(true);
130 session_name( $name );
131 session_start();
132 $_SESSION['authid'] = $authid;
133 $_SESSION['type'] = $type;
134
135 $client_key = md5( $name . $authid );
136 setcookie('client_key', $client_key, time()+180*60, get_cookie_path() );
137
138 // TODO: Stuff data to database for further checks?
139 // TODO: Do magic with the KEY
140
141 return $name;
142 }
143
144 function clear_credentials($name)
145 {
146 setcookie('client_key', '', 0, get_cookie_path() );
147 setcookie($name, '', 0, "/");
148
149 $_SESSION = array();
150 session_destroy();
151 return false;
152 }
153 function get_authorization()
154 {
155 return 1;
156 }
157 function can_write ( )
158 {
159 // Stub, to be called on any API nodes that write data in the DB.
160 $authid = $_SESSION['authid'];
161 $type = $_SESSION['type'];
162 $level = get_authorization( $type, $authid );
163 return true;
164 }
165
166 ?>