/** * Attempt to log in using the given username and password. * * On a successful login, this function should return the username as 'uid' attribute, * and merged attributes from the configuration file. * On failure, it should throw an exception. A SimpleSAML_Error_Error('WRONGUSERPASS') * should be thrown in case of a wrong username OR a wrong password, to prevent the * enumeration of usernames. * * @param string $username The username the user wrote. * @param string $password The password the user wrote. * @return array Associative array with the users attributes. */ protected function login($username, $password) { assert('is_string($username)'); assert('is_string($password)'); foreach ($this->users as $userpass) { $matches = explode(':', $userpass, 2); if ($matches[0] == $username) { $crypted = $matches[1]; // This is about the only attribute we can add $attributes = array_merge(array('uid' => array($username)), $this->attributes); // Traditional crypt(3) if (crypt($password, $crypted) == $crypted) { SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully'); return $attributes; } // Apache's custom MD5 if (SimpleSAML_Utils_Crypto::apr1Md5Valid($crypted, $password)) { SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully'); return $attributes; } // SHA1 or plain-text if (SimpleSAML_Utils_Crypto::pwValid($crypted, $password)) { SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully'); return $attributes; } throw new SimpleSAML_Error_Error('WRONGUSERPASS'); } } throw new SimpleSAML_Error_Error('WRONGUSERPASS'); }