ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Htpasswd.php
Go to the documentation of this file.
1 <?php
2 
10 use WhiteHat101\Crypt\APR1_MD5;
11 
12 class sspmod_authcrypt_Auth_Source_Htpasswd extends sspmod_core_Auth_UserPassBase
13 {
14 
15 
21  private $users;
22 
28  private $attributes = array();
29 
30 
39  public function __construct($info, $config)
40  {
41  assert('is_array($info)');
42  assert('is_array($config)');
43 
44  // Call the parent constructor first, as required by the interface
45  parent::__construct($info, $config);
46 
47  $this->users = array();
48 
49  if (!$htpasswd = file_get_contents($config['htpasswd_file'])) {
50  throw new Exception('Could not read '.$config['htpasswd_file']);
51  }
52 
53  $this->users = explode("\n", trim($htpasswd));
54 
55  try {
56  $this->attributes = SimpleSAML\Utils\Attributes::normalizeAttributesArray($config['static_attributes']);
57  } catch (Exception $e) {
58  throw new Exception('Invalid static_attributes in authentication source '.
59  $this->authId.': '.$e->getMessage());
60  }
61  }
62 
63 
80  protected function login($username, $password)
81  {
82  assert('is_string($username)');
83  assert('is_string($password)');
84 
85  foreach ($this->users as $userpass) {
86  $matches = explode(':', $userpass, 2);
87  if ($matches[0] == $username) {
88  $crypted = $matches[1];
89 
90  // This is about the only attribute we can add
91  $attributes = array_merge(array('uid' => array($username)), $this->attributes);
92 
93  // Traditional crypt(3)
94  if (SimpleSAML\Utils\Crypto::secureCompare($crypted, crypt($password, $crypted))) {
95  SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
96  SimpleSAML\Logger::warning(
97  'CRYPT authentication is insecure. Please consider using something else.'
98  );
99  return $attributes;
100  }
101 
102  // Apache's custom MD5
103  if (APR1_MD5::check($password, $crypted)) {
104  SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
105  return $attributes;
106  }
107 
108  // SHA1 or plain-text
109  if (SimpleSAML\Utils\Crypto::pwValid($crypted, $password)) {
110  SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
111  SimpleSAML\Logger::warning(
112  'SHA1 and PLAIN TEXT authentication are insecure. Please consider using something else.'
113  );
114  return $attributes;
115  }
116  throw new SimpleSAML_Error_Error('WRONGUSERPASS');
117  }
118  }
119  throw new SimpleSAML_Error_Error('WRONGUSERPASS');
120  }
121 }
SimpleSAML\Utils\Attributes\normalizeAttributesArray
static normalizeAttributesArray($attributes)
Validate and normalize an array with attributes.
Definition: Attributes.php:80
sspmod_authcrypt_Auth_Source_Htpasswd\$attributes
$attributes
Definition: Htpasswd.php:28
sspmod_authcrypt_Auth_Source_Htpasswd\__construct
__construct($info, $config)
Constructor for this authentication source.
Definition: Htpasswd.php:39
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
sspmod_core_Auth_UserPassBase
Definition: UserPassBase.php:12
$password
$password
Definition: pwgen.php:17
SimpleSAML
Attribute-related utility methods.
sspmod_authcrypt_Auth_Source_Htpasswd\$users
$users
Definition: Htpasswd.php:21
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
SimpleSAML_Error_Error
Definition: Error.php:10
sspmod_authcrypt_Auth_Source_Htpasswd\login
login($username, $password)
Attempt to log in using the given username and password.
Definition: Htpasswd.php:80
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
APR1_MD5
$info
$info
Definition: index.php:5
sspmod_authcrypt_Auth_Source_Htpasswd
Definition: Htpasswd.php:12