Example #1
0
 private function auth($username, $password)
 {
     global $config;
     $login_ok = false;
     if (!empty($username) && !empty($password)) {
         $attributes = array();
         $authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
         if (authenticate_user($username, $password, $authcfg, $attributes) || authenticate_user($username, $password)) {
             $login_ok = true;
         }
     }
     if (!$login_ok) {
         log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr);
         require_once "XML/RPC2/Exception.php";
         throw new XML_RPC2_FaultException(gettext('Authentication failed: Invalid username or password'), -1);
     }
     $user_entry = getUserEntry($username);
     /*
      * admin (uid = 0) is allowed
      * or regular user with necessary privilege
      */
     if (isset($user_entry['uid']) && $user_entry['uid'] != '0' && !userHasPrivilege($user_entry, 'system-xmlrpc-ha-sync')) {
         log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr . " not enough privileges");
         require_once "XML/RPC2/Exception.php";
         throw new XML_RPC2_FaultException(gettext('Authentication failed: not enough privileges'), -2);
     }
     return;
 }
Example #2
0
             if (!empty($_POST['auth_user2'])) {
                 $user = $_POST['auth_user2'];
             } else {
                 $user = '******';
             }
         }
         captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR");
         portal_reply_page($redirurl, "error", $errormsg);
     }
 } else {
     if ($_POST['accept'] && $cpcfg['auth_method'] == "local") {
         if ($_POST['auth_user'] && $_POST['auth_pass']) {
             //check against local user manager
             $loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']);
             if ($loginok && isset($cpcfg['localauth_priv'])) {
                 $loginok = userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login");
             }
             if ($loginok) {
                 captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "LOGIN");
                 portal_allow($clientip, $clientmac, $_POST['auth_user']);
             } else {
                 captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "FAILURE");
                 portal_reply_page($redirurl, "error", $errormsg);
             }
         } else {
             portal_reply_page($redirurl, "error", $errormsg);
         }
     } else {
         if ($_POST['accept'] && $clientip && $cpcfg['auth_method'] == "none") {
             captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT");
             portal_allow($clientip, $clientmac, "unauthenticated");
Example #3
0
 *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 *    POSSIBILITY OF SUCH DAMAGE.
 *
 */
require_once "config.inc";
require_once "auth.inc";
openlog("squid", LOG_ODELAY, LOG_AUTH);
$f = fopen("php://stdin", "r");
while ($line = fgets($f)) {
    $fields = explode(' ', trim($line));
    $username = rawurldecode($fields[0]);
    $password = rawurldecode($fields[1]);
    if (authenticate_user($username, $password)) {
        $user = getUserEntry($username);
        if (is_array($user) && userHasPrivilege($user, "user-proxy-auth")) {
            syslog(LOG_NOTICE, "user '{$username}' authenticated\n");
            fwrite(STDOUT, "OK\n");
        } else {
            syslog(LOG_WARNING, "user '{$username}' cannot authenticate for squid because of missing user-proxy-auth role");
            fwrite(STDOUT, "ERR\n");
        }
    } else {
        syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n");
        fwrite(STDOUT, "ERR\n");
    }
}
closelog();
Example #4
0
    } else {
        closelog();
        exit(1);
    }
}
$attributes = array();
foreach ($authmodes as $authmode) {
    $authcfg = auth_get_authserver($authmode);
    if (!$authcfg && $authmode != "Local Database") {
        continue;
    }
    $authenticated = authenticate_user($username, $password, $authcfg, $attributes);
    if ($authenticated == true) {
        if ($authmode == "Local Database") {
            $user = getUserEntry($username);
            if (!is_array($user) || !userHasPrivilege($user, "user-ipsec-xauth-dialin")) {
                $authenticated = false;
                syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPsec since the required privileges are missing.\n");
                continue;
            }
        }
        break;
    }
}
if ($authenticated == false) {
    syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n");
    if (isset($_GET['username'])) {
        echo "FAILED";
        closelog();
        return;
    } else {
Example #5
0
                 if ($vip['mode'] == "ipalias") {
                     $found_other_alias = true;
                 }
             }
         }
     }
     if ($found_carp === true && $found_other_alias === false && $found_if === false) {
         $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}.";
     }
 }
 if (!$input_errors) {
     if (session_status() == PHP_SESSION_NONE) {
         session_start();
     }
     $user = getUserEntry($_SESSION['Username']);
     if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
         header("Location: firewall_virtual_ip.php");
         exit;
     }
     session_write_close();
     // Special case since every proxyarp vip is handled by the same daemon.
     if ($a_vip[$_GET['id']]['mode'] == "proxyarp") {
         $viface = $a_vip[$_GET['id']]['interface'];
         unset($a_vip[$_GET['id']]);
         interface_proxyarp_configure($viface);
     } else {
         interface_vip_bring_down($a_vip[$_GET['id']]);
         unset($a_vip[$_GET['id']]);
     }
     if (count($config['virtualip']['vip']) == 0) {
         unset($config['virtualip']['vip']);
/**
 * redirect user if config may not be saved.
 */
function redirectReadOnlyUser()
{
    if (session_status() == PHP_SESSION_NONE) {
        session_start();
    }
    $user = getUserEntry($_SESSION['Username']);
    if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
        header("Location: firewall_virtual_ip.php");
        exit;
    }
    session_write_close();
}