aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authoricewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-04-10 08:32:16 +0000
committericewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-04-10 08:32:16 +0000
commitb0d3d96af7765ce1aff21a1a3ab19ffbb494363a (patch)
tree2cab87dba2eb687eec067a78468e2870b450c9c1 /engine
parent4943b4e05e41d270a8c1448bcf82780ef5103c06 (diff)
downloadelgg-b0d3d96af7765ce1aff21a1a3ab19ffbb494363a.tar.gz
elgg-b0d3d96af7765ce1aff21a1a3ab19ffbb494363a.tar.bz2
Marcus Povey <marcus@dushka.co.uk>
* Created PAM library * API moved to use new PAM functions git-svn-id: https://code.elgg.org/elgg/trunk@431 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/api.php69
-rw-r--r--engine/lib/pam.php64
2 files changed, 64 insertions, 69 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 4eb1905b5..dccb703f8 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -615,76 +615,11 @@
}
// PAM functions //////////////////////////////////////////////////////////////////////////
-
- $PAM_HANDLERS = array();
- $PAM_HANDLER_MSG = array(); // Messages
-
- /**
- * Register a method of authenticating an incoming API request.
- * This function registers a PAM handler which is a function that matches the desciption pam_handler_name()
- * and returns either 'true' if an incoming api request was authorised, false or throws an exception if not.
- *
- * The handlers are tried in turn until one of them successfully authenticates the session.
- *
- * This architecture lets an administrator choose what methods to accept for API authentication or
- *
- * @param unknown_type $handler
- */
- function register_api_pam_handler($handler)
- {
- global $PAM_HANDLERS;
-
- if (is_callable($handler))
- {
- $PAM_HANDLERS[$handler] = $handler;
- return true;
- }
-
- return false;
- }
-
- /**
- * Magically authenticate an API session using one of the registered methods.
- *
- * This function will return true if authentication was possible, otherwise it'll throw an exception.
- *
- * If $CONFIG->debug is set then additional debug information will be returned.
- */
- function api_pam_authenticate()
- {
- global $PAM_HANDLERS, $PAM_HANDLER_MSG;
- global $CONFIG;
-
- $dbg_msgs = array();
- foreach ($PAM_HANDLERS as $k => $v)
- {
- try {
- // Execute the handler
- if ($v())
- {
- // Explicitly returned true
- $PAM_HANDLER_MSG[$k] = "Authenticated!";
-
- return true;
- }
- else
- $PAM_HANDLER_MSG[$k] = "Not Authenticated.";
- }
- catch (Exception $e)
- {
- $PAM_HANDLER_MSG[$k] = "$e";
- }
- }
-
- // Got this far, so no methods could be found to authenticate the session
- throw new SecurityException("No authentication methods were found that could authenticate this request.");
- }
-
/**
* See if the user has a valid login sesson.
*/
- function pam_auth_session()
+ function pam_auth_session($credentials = NULL)
{
return isloggedin();
}
@@ -692,7 +627,7 @@
/**
* Secure authentication through headers and HMAC.
*/
- function pam_auth_hmac()
+ function pam_auth_hmac($credentials = NULL)
{
global $CONFIG;
diff --git a/engine/lib/pam.php b/engine/lib/pam.php
index 1986b5897..6bbfce79d 100644
--- a/engine/lib/pam.php
+++ b/engine/lib/pam.php
@@ -7,9 +7,69 @@
* @package Elgg
* @subpackage Core
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
+ * @author Marcus Povey
* @copyright Curverider Ltd 2008
* @link http://elgg.org/
*/
-
+
+ $_PAM_HANDLERS = array();
+ $_PAM_HANDLERS_MSG = array();
+
+
+ /**
+ * Register a PAM handler.
+ *
+ * @param string $handler The handler function in the format
+ * pam_handler($credentials = NULL);
+ */
+ function register_pam_handler($handler)
+ {
+ global $_PAM_HANDLERS;
+
+ if (is_callable($handler))
+ {
+ $_PAM_HANDLERS[$handler] = $handler;
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Attempt to authenticate.
+ * This function will go through all registered PAM handlers to see if a user can be authorised.
+ *
+ * If $credentials are provided the PAM handler should authenticate using the provided credentials, if
+ * not then credentials should be prompted for or otherwise retrieved (eg from the HTTP header or $_SESSION).
+ *
+ * @param mixed $credentials Mixed PAM handler specific credentials (eg username,password or hmac etc)
+ * @return bool true if authenticated, false if not.
+ */
+ function pam_authenticate($credentials = NULL)
+ {
+ global $_PAM_HANDLERS, $_PAM_HANDLERS_MSG;
+
+ foreach ($_PAM_HANDLERS as $k => $v)
+ {
+ try {
+ // Execute the handler
+ if ($v($credentials))
+ {
+ // Explicitly returned true
+ $_PAM_HANDLERS_MSG[$k] = "Authenticated!";
+
+ return true;
+ }
+ else
+ $_PAM_HANDLERS_MSG[$k] = "Not Authenticated.";
+ }
+ catch (Exception $e)
+ {
+ $_PAM_HANDLERS_MSG[$k] = "$e";
+ }
+ }
+
+ return false;
+ }
+
?> \ No newline at end of file