git.defcon.no Git - hermes/blob - api/lib/auth_base.php

   1 <?php
   2 require_once('config.php');
   3
   4 $config = get_config();
   5
   6 /*******************************
   7 * Load authentication plugin ..
   8 *******************************/
   9 if ( preg_match('/^\w+$/', $config['auth_backend']))
  10 {
  11         if ( !@include_once ( 'lib/auth_plugins/' . $config['auth_backend'] . ".php" ) )
  12         {  print json_encode( array( 'response' => 'error', 'cause' => 'auth-load' ) ); exit; }
  13 }
  14 else
  15 {  print json_encode( array( 'response' => 'error', 'cause' => 'config-error' ) ); exit; }
  16 /*******************************/
  17
  18 function apikey_verify( $key )
  19 {
  20         if ( $key == "6327c08b70f9" ) return 1;
  21         return false;
  22 }
  23
  24 function new_key( $hex = false )
  25 {
  26         // Basically this is at the moment a slightly modified
  27         // version of generate_password() from user_functiions.php
  28         // The behaviour/output of this function is expected to change
  29         // so using generate_password() directly does not make sense...
  30         $length = 16;
  31         $string = "";
  32          while ( strlen( $string ) < $length )
  33          {
  34                 if ( $hex )
  35                         $string .= substr(md5(rand().rand()), 0, $length);
  36                 else
  37                 {
  38                         $string .= crypt( substr(sha1(rand()), 0, $length) );
  39                         $string = preg_replace( '/\W/', '', $string);
  40                 }
  41          }
  42         return substr( $string, 0, $length );
  43 }
  44
  45 function simple_authfail()
  46 {
  47         print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Not authorized') );
  48         exit;
  49 }
  50
  51 function token_auth( )
  52 {
  53         global $_GET;
  54
  55         // TODO: Part of ping/pong requirement.
  56         // Run a function to clear all authkeys older than 5 minutes.
  57         expire_authkeys();
  58
  59         if ( array_key_exists('session', $_GET )
  60              && array_key_exists('auth_key', $_GET ) )
  61         {
  62                 if ( ! check_session($_GET['session'] ) ) simple_authfail();
  63                 if ( ! check_authkey($_GET['auth_key'] ) ) simple_authfail();
  64         }
  65         else simple_authfail();
  66 }
  67
  68 function get_cookie_path ()
  69 {
  70         $name = $_SERVER["SCRIPT_NAME"];
  71         $file = basename($name);
  72         $path = preg_replace("/".$file."/", "", $name);
  73         return $path;
  74
  75 }
  76
  77 function check_authkey ( $key )
  78 {
  79         // TODO: Make real, actual checks...
  80         if ( $key ) return true;
  81         return false;
  82 }
  83
  84 function expire_authkeys()
  85 {
  86         global $config;
  87
  88         // Force deletion of sessions that have expired keys.
  89         $query = sprintf("SELECT session, sessid FROM %s WHERE `last` < DATE_SUB( NOW(), INTERVAL %d MINUTE)",
  90                 $config['sessionkeys_table'],
  91                 $config['sessionkey_lifetime']);
  92         $result = sql_dbquery( $config['provision_db'], $query );
  93         while ( $row = @mysql_fetch_row( $result ) )
  94         {
  95                 remove_session( $row[0], $row[1] );
  96         }
  97
  98         $query = sprintf("DELETE FROM %s WHERE `last` < DATE_SUB( NOW(), INTERVAL %d MINUTE)",
  99                 $config['sessionkeys_table'],
 100                 $config['sessionkey_lifetime']);
 101
 102         sql_dbexec( $config['provision_db'], $query );
 103 }
 104
 105 function update_authkey ( $session, $authid )
 106 {
 107         global $config;
 108
 109         $key = substr(new_key(), 0, 8);
 110
 111         expire_authkeys();
 112
 113         // TODO: Refresh cookie
 114
 115         $remote = $_SERVER['REMOTE_ADDR'];
 116         $query = sprintf("INSERT INTO %s ( `sessid`, `session`, `authid`, `client`, `key`, `last` )
 117                                 VALUES ( '%s', '%s', '%s', '%s', '%s', NOW() )
 118                                 ON DUPLICATE KEY UPDATE `key` = '%s', `last` = NOW()",
 119                 $config['sessionkeys_table'],
 120                 session_id(),
 121                 session_name(),
 122                 sql_clean($authid),
 123                 sql_clean($remote),
 124                 sql_clean($key),
 125                 sql_clean($key));
 126         if ( ! sql_dbexec( $config['provision_db'], $query ) )
 127         {
 128                 mysql_error();
 129         }
 130         $_SESSION['kkey'] = $key;
 131         $_SESSION['when'] = time();
 132         return $key;
 133 }
 134
 135 function check_session ( $name )
 136 {
 137         session_name( $name );
 138         session_start();
 139         if ( ! $_SESSION['authid'] )
 140         {
 141                 return clear_credentials($name);
 142         }
 143         if ( ! $_COOKIE['client_key'] )
 144         {
 145                 return clear_credentials($name);
 146         }
 147
 148         $authid = $_SESSION['authid'];
 149         $type   = $_SESSION['type'];
 150         $client_key = $_COOKIE['client_key'];
 151
 152         $level = get_authorization( $type, $authid );
 153         if ( $level == false )
 154         {
 155                 return clear_credentials($name);
 156         }
 157
 158         $session_key = md5( $name . $authid );
 159         if ( $client_key != $session_key )
 160         {
 161                 return clear_credentials($name);
 162         }
 163
 164         // If we got this far, things are looking good.
 165         return true;
 166 }
 167
 168 function set_credentials( $authid, $type )
 169 {
 170         $name = new_key(true);
 171         session_name( $name );
 172         session_start();
 173         $_SESSION['authid'] = $authid;
 174         $_SESSION['type']   = $type;
 175
 176         $client_key  = md5( $name . $authid );
 177         setcookie('client_key', $client_key, time()+180*60, get_cookie_path() );
 178
 179         return $name;
 180 }
 181
 182 function clear_credentials($name)
 183 {
 184         global $config;
 185
 186         setcookie('client_key', '', 0, get_cookie_path() );
 187
 188         remove_session($name);
 189         $_SESSION = array();
 190
 191         $query = sprintf("DELETE FROM %s WHERE `session` = '%s'",
 192                 $config['sessionkeys_table'],
 193                 sql_clean($name));
 194         sql_dbexec( $config['provision_db'], $query );
 195
 196         return false;
 197 }
 198
 199 function remove_session ($name, $id = null )
 200 {
 201         if ( $id == null )
 202         {
 203                 session_destroy();
 204                 setcookie($name, '', 0, "/");
 205                 return;
 206         }
 207         $current_session = session_name( );
 208         $current_sessid = session_id( );
 209         session_commit();
 210
 211         session_id( $id );
 212         session_start();
 213         setcookie( $name, '', 0, "/");
 214         $_SESSION=array();
 215         session_destroy();
 216
 217         if ( $current_session != $name )
 218         {
 219                 session_id($current_sessid);
 220                 session_start();
 221         }
 222 }
 223
 224 function get_authorization()
 225 {
 226         return 1;
 227 }
 228 function can_write ( )
 229 {
 230         // Stub, to be called on any API nodes that write data in the DB.
 231         $authid = $_SESSION['authid'];
 232         $type   = $_SESSION['type'];
 233         $level = get_authorization( $type, $authid );
 234         return true;
 235 }
 236
 237 ?>