]>
git.defcon.no Git - hermes/blob - api/lib/auth_base.php
2 require_once('config.php');
4 $config = get_config();
6 /*******************************
7 * Load authentication plugin ..
8 *******************************/
9 if ( preg_match('/^\w+$/', $config['auth_backend']))
11 if ( !@include_once
( 'lib/auth_plugins/' . $config['auth_backend'] . ".php" ) )
12 { print json_encode( array( 'response' => 'error', 'cause' => 'auth-load' ) ); exit; }
15 { print json_encode( array( 'response' => 'error', 'cause' => 'config-error' ) ); exit; }
16 /*******************************/
18 function apikey_verify( $key )
20 if ( $key == "6327c08b70f9" ) return 1;
24 function new_key( $hex = false )
26 // Basically this is at the moment a slightly modified
27 // version of generate_password() from user_functiions.php
28 // The behaviour/output of this function is expected to change
29 // so using generate_password() directly does not make sense...
32 while ( strlen( $string ) < $length )
35 $string .= substr(md5(rand().rand()), 0, $length);
38 $string .= crypt( substr(sha1(rand()), 0, $length) );
39 $string = preg_replace( '/\W/', '', $string);
42 return substr( $string, 0, $length );
45 function simple_authfail()
47 print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Not authorized') );
51 function token_auth( )
55 // TODO: Part of ping/pong requirement.
56 // Run a function to clear all authkeys older than 5 minutes.
59 if ( array_key_exists('session', $_GET )
60 && array_key_exists('auth_key', $_GET ) )
62 if ( ! check_session($_GET['session'] ) ) simple_authfail();
63 if ( ! check_authkey($_GET['auth_key'] ) ) simple_authfail();
65 else simple_authfail();
68 function get_cookie_path ()
70 $name = $_SERVER["SCRIPT_NAME"];
71 $file = basename($name);
72 $path = preg_replace("/".$file."/", "", $name);
77 function check_authkey ( $key )
79 // TODO: Make real, actual checks...
80 if ( $key ) return true;
84 function expire_authkeys()
88 // Force deletion of sessions that have expired keys.
89 $query = sprintf("SELECT session, sessid FROM %s WHERE `last` < DATE_SUB( NOW(), INTERVAL %d MINUTE)",
90 $config['sessionkeys_table'],
91 $config['sessionkey_lifetime']);
92 $result = sql_dbquery( $config['provision_db'], $query );
93 while ( $row = @mysql_fetch_row
( $result ) )
95 remove_session( $row[0], $row[1] );
98 $query = sprintf("DELETE FROM %s WHERE `last` < DATE_SUB( NOW(), INTERVAL %d MINUTE)",
99 $config['sessionkeys_table'],
100 $config['sessionkey_lifetime']);
102 sql_dbexec( $config['provision_db'], $query );
105 function update_authkey ( $session, $authid )
109 $key = substr(new_key(), 0, 8);
113 // TODO: Refresh cookie
115 $remote = $_SERVER['REMOTE_ADDR'];
116 $query = sprintf("INSERT INTO %s ( `sessid`, `session`, `authid`, `client`, `key`, `last` )
117 VALUES ( '%s', '%s', '%s', '%s', '%s', NOW() )
118 ON DUPLICATE KEY UPDATE `key` = '%s', `last` = NOW()",
119 $config['sessionkeys_table'],
126 if ( ! sql_dbexec( $config['provision_db'], $query ) )
130 $_SESSION['kkey'] = $key;
131 $_SESSION['when'] = time();
135 function check_session ( $name )
137 session_name( $name );
139 if ( ! $_SESSION['authid'] )
141 return clear_credentials($name);
143 if ( ! $_COOKIE['client_key'] )
145 return clear_credentials($name);
148 $authid = $_SESSION['authid'];
149 $type = $_SESSION['type'];
150 $client_key = $_COOKIE['client_key'];
152 $level = get_authorization( $type, $authid );
153 if ( $level == false )
155 return clear_credentials($name);
158 $session_key = md5( $name . $authid );
159 if ( $client_key != $session_key )
161 return clear_credentials($name);
164 // If we got this far, things are looking good.
168 function set_credentials( $authid, $type )
170 $name = new_key(true);
171 session_name( $name );
173 $_SESSION['authid'] = $authid;
174 $_SESSION['type'] = $type;
176 $client_key = md5( $name . $authid );
177 setcookie('client_key', $client_key, time()+
180*60, get_cookie_path() );
182 function clear_credentials($name)
186 setcookie('client_key', '', 0, get_cookie_path() );
188 remove_session($name);
191 $query = sprintf("DELETE FROM %s WHERE `session` = '%s'",
192 $config['sessionkeys_table'],
194 sql_dbexec( $config['provision_db'], $query );
199 function remove_session ($name, $id = null )
204 setcookie($name, '', 0, "/");
207 $current_session = session_name( );
208 $current_sessid = session_id( );
213 setcookie( $name, '', 0, "/");
217 if ( $current_session != $name )
219 session_id($current_sessid);
224 function get_authorization()
228 function can_write ( )
230 // Stub, to be called on any API nodes that write data in the DB.
231 $authid = $_SESSION['authid'];
232 $type = $_SESSION['type'];
233 $level = get_authorization( $type, $authid );