private function auth($username, $password) { global $config; $login_ok = false; if (!empty($username) && !empty($password)) { $attributes = array(); $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); if (authenticate_user($username, $password, $authcfg, $attributes) || authenticate_user($username, $password)) { $login_ok = true; } } if (!$login_ok) { log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr); require_once "XML/RPC2/Exception.php"; throw new XML_RPC2_FaultException(gettext('Authentication failed: Invalid username or password'), -1); } $user_entry = getUserEntry($username); /* * admin (uid = 0) is allowed * or regular user with necessary privilege */ if (isset($user_entry['uid']) && $user_entry['uid'] != '0' && !userHasPrivilege($user_entry, 'system-xmlrpc-ha-sync')) { log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr . " not enough privileges"); require_once "XML/RPC2/Exception.php"; throw new XML_RPC2_FaultException(gettext('Authentication failed: not enough privileges'), -2); } return; }
if (!empty($_POST['auth_user2'])) { $user = $_POST['auth_user2']; } else { $user = '******'; } } captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR"); portal_reply_page($redirurl, "error", $errormsg); } } else { if ($_POST['accept'] && $cpcfg['auth_method'] == "local") { if ($_POST['auth_user'] && $_POST['auth_pass']) { //check against local user manager $loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']); if ($loginok && isset($cpcfg['localauth_priv'])) { $loginok = userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login"); } if ($loginok) { captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "LOGIN"); portal_allow($clientip, $clientmac, $_POST['auth_user']); } else { captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "FAILURE"); portal_reply_page($redirurl, "error", $errormsg); } } else { portal_reply_page($redirurl, "error", $errormsg); } } else { if ($_POST['accept'] && $clientip && $cpcfg['auth_method'] == "none") { captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT"); portal_allow($clientip, $clientmac, "unauthenticated");
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * */ require_once "config.inc"; require_once "auth.inc"; openlog("squid", LOG_ODELAY, LOG_AUTH); $f = fopen("php://stdin", "r"); while ($line = fgets($f)) { $fields = explode(' ', trim($line)); $username = rawurldecode($fields[0]); $password = rawurldecode($fields[1]); if (authenticate_user($username, $password)) { $user = getUserEntry($username); if (is_array($user) && userHasPrivilege($user, "user-proxy-auth")) { syslog(LOG_NOTICE, "user '{$username}' authenticated\n"); fwrite(STDOUT, "OK\n"); } else { syslog(LOG_WARNING, "user '{$username}' cannot authenticate for squid because of missing user-proxy-auth role"); fwrite(STDOUT, "ERR\n"); } } else { syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n"); fwrite(STDOUT, "ERR\n"); } } closelog();
} else { closelog(); exit(1); } } $attributes = array(); foreach ($authmodes as $authmode) { $authcfg = auth_get_authserver($authmode); if (!$authcfg && $authmode != "Local Database") { continue; } $authenticated = authenticate_user($username, $password, $authcfg, $attributes); if ($authenticated == true) { if ($authmode == "Local Database") { $user = getUserEntry($username); if (!is_array($user) || !userHasPrivilege($user, "user-ipsec-xauth-dialin")) { $authenticated = false; syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPsec since the required privileges are missing.\n"); continue; } } break; } } if ($authenticated == false) { syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n"); if (isset($_GET['username'])) { echo "FAILED"; closelog(); return; } else {
if ($vip['mode'] == "ipalias") { $found_other_alias = true; } } } } if ($found_carp === true && $found_other_alias === false && $found_if === false) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}."; } } if (!$input_errors) { if (session_status() == PHP_SESSION_NONE) { session_start(); } $user = getUserEntry($_SESSION['Username']); if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) { header("Location: firewall_virtual_ip.php"); exit; } session_write_close(); // Special case since every proxyarp vip is handled by the same daemon. if ($a_vip[$_GET['id']]['mode'] == "proxyarp") { $viface = $a_vip[$_GET['id']]['interface']; unset($a_vip[$_GET['id']]); interface_proxyarp_configure($viface); } else { interface_vip_bring_down($a_vip[$_GET['id']]); unset($a_vip[$_GET['id']]); } if (count($config['virtualip']['vip']) == 0) { unset($config['virtualip']['vip']);
/** * redirect user if config may not be saved. */ function redirectReadOnlyUser() { if (session_status() == PHP_SESSION_NONE) { session_start(); } $user = getUserEntry($_SESSION['Username']); if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) { header("Location: firewall_virtual_ip.php"); exit; } session_write_close(); }