diff options
| author | Freya Murphy <freya@freyacat.org> | 2024-05-27 00:29:36 -0400 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2024-05-27 00:29:36 -0400 |
| commit | cb9d1193c37b7567dcad5497330169d43ab1e8a2 (patch) | |
| tree | 41fea58928d5d4cf87306458114f5465b6620711 /src/web/helpers | |
| download | ldap_forwardauth-cb9d1193c37b7567dcad5497330169d43ab1e8a2.tar.gz ldap_forwardauth-cb9d1193c37b7567dcad5497330169d43ab1e8a2.tar.bz2 ldap_forwardauth-cb9d1193c37b7567dcad5497330169d43ab1e8a2.zip | |
initial
Diffstat (limited to 'src/web/helpers')
| -rw-r--r-- | src/web/helpers/auth.php | 59 | ||||
| -rw-r--r-- | src/web/helpers/ldap.php | 41 |
2 files changed, 100 insertions, 0 deletions
diff --git a/src/web/helpers/auth.php b/src/web/helpers/auth.php new file mode 100644 index 0000000..7aa4aff --- /dev/null +++ b/src/web/helpers/auth.php @@ -0,0 +1,59 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +$keys = array(); + +function load_key($key) { + $file = "/tmp/$key"; + if (!file_exists($file)) + return FALSE; + $content = explode("\n", file_get_contents($file)); + return array( + 'user' => $content[0], + 'time' => $content[1] + ); +} + +function store_key($key, $user) { + $file = "/tmp/$key"; + $now = (string)time(); + $content = "$user\n{$now}"; + file_put_contents($file, $content, LOCK_EX); +} + +function get_random($n) +{ + $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + $randomString = ''; + + for ($i = 0; $i < $n; $i++) { + $index = rand(0, strlen($characters) - 1); + $randomString .= $characters[$index]; + } + + return $randomString; +} + +function key_auth() { + if (!isset($_SESSION['auth'])) { + return FALSE; + } + $key = $_SESSION['auth']; + $data = load_key($key); + if ($data === FALSE) { + return FALSE; + } + $user = $data['user']; + $time = $data['time']; + $now = time(); + if ($time > $now || $now - $time > 60 * 60 * 24) { + return FALSE; + } + store_key($key, $user); + return $user; +} + +function key_new($user) { + $key = get_random(128); + store_key($key, $user); + $_SESSION['auth'] = $key; +} diff --git a/src/web/helpers/ldap.php b/src/web/helpers/ldap.php new file mode 100644 index 0000000..f3697cc --- /dev/null +++ b/src/web/helpers/ldap.php @@ -0,0 +1,41 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +function ldap_auth($auth_username, $auth_password) { + $url = getenv("LDAP_URL"); + $bind = getenv("LDAP_BIND_DN"); + $password = getenv("LDAP_BIND_PASSWORD"); + $bound = getenv("LDAP_BASE_DN"); + $filter = getenv("LDAP_FILTER"); + $uid = getenv("LDAP_UID"); + + $conn = @ldap_connect($url); + if (!$conn) { + return NULL; + } + ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); + + $bind_conn = @ldap_bind($conn, $bind, $password); + if (!$bind_conn) { + return NULL; + } + + $search = @ldap_search($conn, $bound, $filter); + + $info = @ldap_get_entries($conn, $search); + $user = NULL; + for ($i=0; $i<$info['count']; $i++) { + $user = $info[$i]; + if (!array_key_exists($uid, $user)) + continue; + if ($user[$uid][0] == $auth_username) + break; + } + + if ($user == NULL) { + return FALSE; + } + + $succ = @ldap_bind($conn, $user['dn'], $auth_password); + return !!$succ; +} + |