// the same strategy here (although we need a username to work with) // // the client side is (jquery) generates the actual download file. $username = $a_user[$id]['name']; $authFactory = new \OPNsense\Auth\AuthenticationFactory(); $authenticator = $authFactory->get("Local API"); $keyData = $authenticator->createKey($username); if ($keyData != null) { echo json_encode($keyData); } exit; } elseif ($act == 'delApiKey' && isset($id)) { $username = $a_user[$id]['name']; if (!empty($pconfig['api_delete'])) { $authFactory = new \OPNsense\Auth\AuthenticationFactory(); $authenticator = $authFactory->get("Local API"); $authenticator->dropKey($username, $pconfig['api_delete']); $savemsg = gettext("API key") . " {$pconfig['api_delete']} " . gettext("removed."); } else { $savemsg = gettext('No API key found'); } // redirect header("Location: system_usermanager.php?savemsg=" . $savemsg . "&act=edit&userid=" . $id); exit; } elseif (isset($pconfig['save'])) { // save user /* input validation */ if (isset($id)) { $reqdfields = explode(" ", "usernamefld"); $reqdfieldsn = array(gettext("Username")); } else {
* POSSIBILITY OF SUCH DAMAGE. * */ require_once "config.inc"; require_once "auth.inc"; openlog("squid", LOG_ODELAY, LOG_AUTH); $authFactory = new \OPNsense\Auth\AuthenticationFactory(); $f = fopen("php://stdin", "r"); while ($line = fgets($f)) { $fields = explode(' ', trim($line)); $username = rawurldecode($fields[0]); $password = rawurldecode($fields[1]); $isAuthenticated = false; if (isset($config['OPNsense']['proxy']['forward']['authentication']['method'])) { foreach (explode(',', $config['OPNsense']['proxy']['forward']['authentication']['method']) as $authServerName) { $authServer = $authFactory->get(trim($authServerName)); if ($authServer == null) { // authenticator not found, use local $authServer = $authFactory->get('Local Database'); } $isAuthenticated = $authServer->authenticate($username, $password); if ($isAuthenticated) { if (get_class($authServer) == "OPNsense\\Auth\\Local") { // todo: user priv check needs a reload of squid, maybe it's better to move the token check to // the auth object. // // when using local authentication, check if user has role user-proxy-auth $user = getUserEntry($username); if (is_array($user) && userHasPrivilege($user, "user-proxy-auth")) { break; } else {