/**
* Attempt to log in using the given username and password.
*
* On a successful login, this function should return the username as 'uid' attribute,
* and merged attributes from the configuration file.
* On failure, it should throw an exception. A SimpleSAML_Error_Error('WRONGUSERPASS')
* should be thrown in case of a wrong username OR a wrong password, to prevent the
* enumeration of usernames.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @return array Associative array with the users attributes.
*/
protected function login($username, $password)
{
assert('is_string($username)');
assert('is_string($password)');
foreach ($this->users as $userpass) {
$matches = explode(':', $userpass, 2);
if ($matches[0] == $username) {
$crypted = $matches[1];
// This is about the only attribute we can add
$attributes = array_merge(array('uid' => array($username)), $this->attributes);
// Traditional crypt(3)
if (crypt($password, $crypted) == $crypted) {
SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully');
return $attributes;
}
// Apache's custom MD5
if (SimpleSAML_Utils_Crypto::apr1Md5Valid($crypted, $password)) {
SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully');
return $attributes;
}
// SHA1 or plain-text
if (SimpleSAML_Utils_Crypto::pwValid($crypted, $password)) {
SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully');
return $attributes;
}
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
}
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
/**
* Attempt to log in using the given username and password.
*
* On a successful login, this function should return the users attributes. On failure,
* it should throw an exception. If the error was caused by the user entering the wrong
* username OR password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.
*
* The username is UTF-8 encoded, and the hash is base64 encoded.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @return array Associative array with the users attributes.
*/
protected function login($username, $password)
{
assert('is_string($username)');
assert('is_string($password)');
foreach ($this->users as $userpass => $attrs) {
$matches = explode(':', $userpass, 2);
if ($matches[0] === $username) {
if (SimpleSAML_Utils_Crypto::pwValid($matches[1], $password)) {
return $this->users[$userpass];
} else {
SimpleSAML_Logger::debug('Incorrect password "' . $password . '" for user ' . $username);
}
}
}
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
/**
* Attempt to log in using the given username and password.
*
* On a successful login, this function should return the users attributes. On failure,
* it should throw an exception. If the error was caused by the user entering the wrong
* username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.
*
* Note that both the username and the password are UTF-8 encoded.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @return array Associative array with the users attributes.
*/
protected function login($username, $password)
{
assert('is_string($username)');
assert('is_string($password)');
$config = SimpleSAML_Configuration::getInstance();
$adminPassword = $config->getString('auth.adminpassword', '123');
if ($adminPassword === '123') {
/* We require that the user changes the password. */
throw new SimpleSAML_Error_Error('NOTSET');
}
if ($username !== "admin") {
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
if (!SimpleSAML_Utils_Crypto::pwValid($adminPassword, $password)) {
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
return array('user' => array('admin'));
}
$attributes = array();
$username = null;
/* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
$correctpassword = $config->getString('auth.adminpassword', '123');
if (empty($correctpassword) or $correctpassword === '123') {
throw new SimpleSAML_Error_Error('NOTSET');
}
if (isset($_POST['password'])) {
/* Validate and sanitize form data. */
if (SimpleSAML_Utils_Crypto::pwValid($correctpassword, $_POST['password'])) {
$username = '******';
$password = $_POST['password'];
$attributes = array('user' => array('admin'));
$session->doLogin('login-admin');
$session->setAttributes($attributes);
$session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
SimpleSAML_Logger::info('AUTH - admin: ' . $username . ' successfully authenticated');
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes)) {
SimpleSAML_Logger::stats('AUTH-login-admin OK ' . $attributes[$authlogattr][0]);
} else {
/* This is the base directory of the simpleSAMLphp installation. */
$baseDir = dirname(dirname(__FILE__));
/* Add library autoloader. */
require_once $baseDir . '/lib/_autoload.php';
echo "Enter password: "******"Need at least one character for a password\n";
exit(1);
}
$table = '';
foreach (array_chunk(hash_algos(), 6) as $chunk) {
foreach ($chunk as $algo) {
$table .= sprintf('%-13s', $algo);
}
$table .= "\n";
}
echo "The following hashing algorithms are available:\n" . $table . "\n";
echo "Which one do you want? [sha256] ";
$algo = trim(fgets(STDIN));
if (empty($algo)) {
$algo = 'sha256';
}
if (!in_array(strtolower($algo), hash_algos())) {
echo "Hashing algorithm '{$algo}' is not supported\n";
exit(1);
}
echo "Do you want to use a salt? (yes/no) [yes] ";
$s = trim(fgets(STDIN)) == 'no' ? '' : 'S';
echo "\n " . SimpleSAML_Utils_Crypto::pwHash($password, strtoupper($s . $algo)) . "\n\n";
