ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Htpasswd.php
Go to the documentation of this file.
1<?php
2
10use WhiteHat101\Crypt\APR1_MD5;
11
12class sspmod_authcrypt_Auth_Source_Htpasswd extends sspmod_core_Auth_UserPassBase
13{
14
15
21 private $users;
22
28 private $attributes = array();
29
30
39 public function __construct($info, $config)
40 {
41 assert('is_array($info)');
42 assert('is_array($config)');
43
44 // Call the parent constructor first, as required by the interface
45 parent::__construct($info, $config);
46
47 $this->users = array();
48
49 if (!$htpasswd = file_get_contents($config['htpasswd_file'])) {
50 throw new Exception('Could not read '.$config['htpasswd_file']);
51 }
52
53 $this->users = explode("\n", trim($htpasswd));
54
55 try {
56 $this->attributes = SimpleSAML\Utils\Attributes::normalizeAttributesArray($config['static_attributes']);
57 } catch (Exception $e) {
58 throw new Exception('Invalid static_attributes in authentication source '.
59 $this->authId.': '.$e->getMessage());
60 }
61 }
62
63
80 protected function login($username, $password)
81 {
82 assert('is_string($username)');
83 assert('is_string($password)');
84
85 foreach ($this->users as $userpass) {
86 $matches = explode(':', $userpass, 2);
87 if ($matches[0] == $username) {
88 $crypted = $matches[1];
89
90 // This is about the only attribute we can add
91 $attributes = array_merge(array('uid' => array($username)), $this->attributes);
92
93 // Traditional crypt(3)
94 if (SimpleSAML\Utils\Crypto::secureCompare($crypted, crypt($password, $crypted))) {
95 SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
96 SimpleSAML\Logger::warning(
97 'CRYPT authentication is insecure. Please consider using something else.'
98 );
99 return $attributes;
100 }
101
102 // Apache's custom MD5
103 if (APR1_MD5::check($password, $crypted)) {
104 SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
105 return $attributes;
106 }
107
108 // SHA1 or plain-text
109 if (SimpleSAML\Utils\Crypto::pwValid($crypted, $password)) {
110 SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
111 SimpleSAML\Logger::warning(
112 'SHA1 and PLAIN TEXT authentication are insecure. Please consider using something else.'
113 );
114 return $attributes;
115 }
116 throw new SimpleSAML_Error_Error('WRONGUSERPASS');
117 }
118 }
119 throw new SimpleSAML_Error_Error('WRONGUSERPASS');
120 }
121}
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
SimpleSAML\Utils\Attributes\normalizeAttributesArray
static normalizeAttributesArray($attributes)
Validate and normalize an array with attributes.
Definition: Attributes.php:80
SimpleSAML_Error_Error
Definition: Error.php:11
WhiteHat101\Crypt\APR1_MD5
Definition: APR1_MD5.php:5
sspmod_authcrypt_Auth_Source_Htpasswd
Definition: Htpasswd.php:13
sspmod_authcrypt_Auth_Source_Htpasswd\$attributes
$attributes
Definition: Htpasswd.php:28
sspmod_authcrypt_Auth_Source_Htpasswd\__construct
__construct($info, $config)
Constructor for this authentication source.
Definition: Htpasswd.php:39
sspmod_authcrypt_Auth_Source_Htpasswd\$users
$users
Definition: Htpasswd.php:21
sspmod_authcrypt_Auth_Source_Htpasswd\login
login($username, $password)
Attempt to log in using the given username and password.
Definition: Htpasswd.php:80
sspmod_core_Auth_UserPassBase
Definition: UserPassBase.php:12
$info
$info
Definition: index.php:5
SimpleSAML
Attribute-related utility methods.
$password
$password
Definition: pwgen.php:17