<?php
require_once('config.php');
+require_once('lib/auth_base.php');
require_once('lib/user_functions.php');
require_once('lib/number_functions.php');
require_once('lib/common_functions.php');
exit;
}
+token_auth();
+
//*************************************************************************************
switch ( $_SERVER['PATH_INFO'] )
{
--- /dev/null
+<?php
+require_once('config.php');
+require_once('lib/auth_base.php');
+require_once('lib/common_functions.php');
+require_once('lib/db_functions.php');
+require_once('lib/domain_functions.php');
+
+$config = get_config();
+
+$config['sql_link'] = @mysql_connect(
+ $config['sql_server'],
+ $config['sql_username'],
+ $config['sql_password']
+);
+if ( !$config['sql_link'] )
+{
+ print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database connection failed.'));
+ exit;
+}
+
+//*************************************************************************************
+ switch ( $_SERVER['PATH_INFO'] )
+ {
+ case "/list_users":
+ // List valid API user-acounts.
+ // Fail with notauthorized if current authentication
+ // does not have write access.
+ case "/authorize_user":
+ // Add or update a valid back-end user in authorization
+ // if the current authentication has write access.
+ // Since the user exists in backend, the only
+ // needed parameters should be username and access level
+ // If the authorization does not exist, add it.
+ // If the user is already authorized, replace access level.
+ case "/add_user":
+ // Add user to backend if backend is read-write and
+ // the current authentication has write access.
+ case "/update_user":
+ // Update the given user in the backend, if the backend
+ // is read-write, and the current authentication has
+ // write access.
+ case "/remove_user":
+ // Delete user from backend if backend is read-write
+ // and the current authentication has write access.
+ case "/list_apikeys":
+ // List valid API keys.
+ // Fail is current authorization does not have write access.
+ case "/new_apikey":
+ // If the current authorization has write access, create
+ // a new API key with requested access (ro/rw).
+ case "/remove_apikey":
+ // If the current authorization has write access,
+ // remove the given API key.
+ print json_encode ( array( 'response' => 'notimplemented') );
+ break;
+ default:
+ print json_encode ( array( 'response' => 'invalid') );
+ }
+//*************************************************************************************
+mysql_close( $config['sql_link'] );
+?>
<?php
-require_once('lib/auth.php');
function get_config()
{
return array(
<?php
require_once('config.php');
+require_once('lib/auth_base.php');
require_once('lib/common_functions.php');
require_once('lib/db_functions.php');
require_once('lib/domain_functions.php');
exit;
}
+token_auth();
+
//*************************************************************************************
switch ( $_SERVER['PATH_INFO'] )
{
+++ /dev/null
-<?php
-
-function token_auth( )
-{
- return true;
-}
-
-if (! token_auth() )
-{
- print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Not authorized') );
- exit;
-}
-?>
--- /dev/null
+<?php
+require_once('config.php');
+
+$config = get_config();
+
+/*******************************
+* Load authentication plugin ..
+*******************************/
+if ( preg_match('/^\w+$/', $config['auth_backend']))
+{
+ if ( !@include_once ( 'lib/auth_plugins/' . $config['auth_backend'] . ".php" ) )
+ { print json_encode( array( 'response' => 'error', 'cause' => 'auth-load' ) ); exit; }
+}
+else
+{ print json_encode( array( 'response' => 'error', 'cause' => 'config-error' ) ); exit; }
+/*******************************/
+
+function check_authkey ( $key )
+{
+ global $config;
+ if ( $key == "6327c08b70f9" ) return true;
+ return false;
+
+}
+
+function new_key( )
+{
+ // Basically this is at the moment a slightly modified
+ // version of generate_password() from user_functiions.php
+ // The behaviour/output of this function is expected to change
+ // so using generate_password() directly does not make sense...
+ $length = 16;
+ $string = "";
+ while ( strlen( $string ) < $length )
+ {
+ $string .= crypt( substr(sha1(rand()), 0, $length) );
+ $string = preg_replace( '/\W/', '', $string);
+ }
+ return substr( $string, 0, $length );
+}
+
+function simple_authfail()
+{
+ print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Not authorized') );
+ exit;
+}
+
+function token_auth( )
+{
+ global $_GET;
+
+ if ( array_key_exists('auth_key', $_GET ) )
+ { if ( ! check_authkey($_GET['auth_key'] ) ) simple_authfail(); }
+ else simple_authfail();
+}
+
+function can_write ( )
+{
+ // Stub, to be called on any API nodes taht write data in the DB.
+ return true;
+}
+
+?>
--- /dev/null
+<?php
+/*
+ permitall.php is a sample authentication plugin
+ that responds with 'accept' regardless of what
+ usernames and passwords are passed to it.
+
+ This plugin should serve as a sample plugin:
+ all authentication plugins must implement
+ all functions defined here.
+
+ NOTE that the auth-plugins are for authentication
+ only, and is not doing any kind of authorization.
+
+ NOTE that the auth-plugins handle user
+ authentication for API functions....
+
+*/
+
+// Is the backend readonly?
+function authmethod_readonly ()
+{
+ // Each auth-plugin must specify if users can
+ // be modified in the backend by responding to
+ // the authmethod_readonly with a true/false.
+ //
+ // By returning false to a readonly-poll, the
+ // plugin should be able to add users to the
+ // backend, and also must be able to change
+ // user data and passwords.
+ return true;
+}
+
+// Fetch user geckos (basic display info)
+function authuser_getinfo ( $username )
+{
+ $user['name'] = "Default User";
+ $user['email'] = "example@example.com";
+ return $user;
+}
+
+// Update geckos-info for user in backend
+function authuser_setinfo ( $username, $name, $email )
+{
+ // RW plugins should return false on failure,
+ // and true on success updating user information
+ // RO plugins should always return false
+ return false;
+}
+
+// Change a user-password in the backend
+function authuser_password ( $username, $password )
+{
+ // RW plugins should return false on failure,
+ // and true on success updating user information
+ // RO plugins should always return false
+ return false;
+}
+
+// Add a user to the backend
+function authuser_add ( $username, $name, $email, $password )
+{
+ // RW plugins should return false on failure,
+ // and true on success updating user information
+ // RO plugins should always return false
+ return false;
+}
+
+// Remove a user from the backend.
+function authuser_delete ( $username )
+{
+ // RW plugins should return false on failure,
+ // and true on success updating user information
+ // RO plugins should always return false
+ return false;
+}
+
+// Username+password verification. Basically "login"
+function authuser_verify ( $username, $password )
+{
+ // This plugin will always accept.
+ // A real plugin should naturally perform strong user
+ // verification.
+ //
+ // Valid return values from this function:
+ // * -1 -> Failure (e.g. backend not available)
+ // * 0 -> username/password rejected
+ // * 1 -> username/password accepted
+
+ return 1;
+}
+
+?>
$config = get_config();
+// Default length 24 characters to provide a long password
+// that still is short enough that Cisco SPA phones can use it
function generate_password( $length = 24 )
{
$string = "";
while ( strlen( $string ) < $length )
- $string .= substr(md5(rand().rand()), 0, $length);
+ {
+ $string .= crypt(substr(md5(rand().rand()), 0, $length));
+ $string = preg_replace( '/\W/', '', $string);
+ }
return substr( $string, 0, $length );
}
<?php
require_once('config.php');
-//require_once('lib/user_functions.php');
+require_once('lib/auth_base.php');
require_once('lib/common_functions.php');
require_once('lib/db_functions.php');
require_once('lib/number_functions.php');
exit;
}
+token_auth();
+
//*************************************************************************************
switch ( $_SERVER['PATH_INFO'] )
{
<?php
require_once('config.php');
+require_once('lib/auth_base.php');
require_once('lib/user_functions.php');
require_once('lib/common_functions.php');
require_once('lib/db_functions.php');
print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database connection failed.'));
exit;
}
+token_auth();
//*************************************************************************************
switch ( $_SERVER['PATH_INFO'] )
<?php
require_once('config.php');
+require_once('lib/auth_base.php');
require_once('lib/user_functions.php');
require_once('lib/common_functions.php');
require_once('lib/db_functions.php');
print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database connection failed.'));
exit;
}
+token_auth();
//*************************************************************************************
switch ( $_SERVER['PATH_INFO'] )
git.defcon.no / hermes / commitdiff