From b0d3d96af7765ce1aff21a1a3ab19ffbb494363a Mon Sep 17 00:00:00 2001 From: icewing Date: Thu, 10 Apr 2008 08:32:16 +0000 Subject: Marcus Povey * Created PAM library * API moved to use new PAM functions git-svn-id: https://code.elgg.org/elgg/trunk@431 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/api.php | 69 ++---------------------------------------------------- engine/lib/pam.php | 64 ++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 64 insertions(+), 69 deletions(-) (limited to 'engine') diff --git a/engine/lib/api.php b/engine/lib/api.php index 4eb1905b5..dccb703f8 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -615,76 +615,11 @@ } // PAM functions ////////////////////////////////////////////////////////////////////////// - - $PAM_HANDLERS = array(); - $PAM_HANDLER_MSG = array(); // Messages - - /** - * Register a method of authenticating an incoming API request. - * This function registers a PAM handler which is a function that matches the desciption pam_handler_name() - * and returns either 'true' if an incoming api request was authorised, false or throws an exception if not. - * - * The handlers are tried in turn until one of them successfully authenticates the session. - * - * This architecture lets an administrator choose what methods to accept for API authentication or - * - * @param unknown_type $handler - */ - function register_api_pam_handler($handler) - { - global $PAM_HANDLERS; - - if (is_callable($handler)) - { - $PAM_HANDLERS[$handler] = $handler; - return true; - } - - return false; - } - - /** - * Magically authenticate an API session using one of the registered methods. - * - * This function will return true if authentication was possible, otherwise it'll throw an exception. - * - * If $CONFIG->debug is set then additional debug information will be returned. - */ - function api_pam_authenticate() - { - global $PAM_HANDLERS, $PAM_HANDLER_MSG; - global $CONFIG; - - $dbg_msgs = array(); - foreach ($PAM_HANDLERS as $k => $v) - { - try { - // Execute the handler - if ($v()) - { - // Explicitly returned true - $PAM_HANDLER_MSG[$k] = "Authenticated!"; - - return true; - } - else - $PAM_HANDLER_MSG[$k] = "Not Authenticated."; - } - catch (Exception $e) - { - $PAM_HANDLER_MSG[$k] = "$e"; - } - } - - // Got this far, so no methods could be found to authenticate the session - throw new SecurityException("No authentication methods were found that could authenticate this request."); - } - /** * See if the user has a valid login sesson. */ - function pam_auth_session() + function pam_auth_session($credentials = NULL) { return isloggedin(); } @@ -692,7 +627,7 @@ /** * Secure authentication through headers and HMAC. */ - function pam_auth_hmac() + function pam_auth_hmac($credentials = NULL) { global $CONFIG; diff --git a/engine/lib/pam.php b/engine/lib/pam.php index 1986b5897..6bbfce79d 100644 --- a/engine/lib/pam.php +++ b/engine/lib/pam.php @@ -7,9 +7,69 @@ * @package Elgg * @subpackage Core * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd + * @author Marcus Povey * @copyright Curverider Ltd 2008 * @link http://elgg.org/ */ - + + $_PAM_HANDLERS = array(); + $_PAM_HANDLERS_MSG = array(); + + + /** + * Register a PAM handler. + * + * @param string $handler The handler function in the format + * pam_handler($credentials = NULL); + */ + function register_pam_handler($handler) + { + global $_PAM_HANDLERS; + + if (is_callable($handler)) + { + $_PAM_HANDLERS[$handler] = $handler; + return true; + } + + return false; + } + + /** + * Attempt to authenticate. + * This function will go through all registered PAM handlers to see if a user can be authorised. + * + * If $credentials are provided the PAM handler should authenticate using the provided credentials, if + * not then credentials should be prompted for or otherwise retrieved (eg from the HTTP header or $_SESSION). + * + * @param mixed $credentials Mixed PAM handler specific credentials (eg username,password or hmac etc) + * @return bool true if authenticated, false if not. + */ + function pam_authenticate($credentials = NULL) + { + global $_PAM_HANDLERS, $_PAM_HANDLERS_MSG; + + foreach ($_PAM_HANDLERS as $k => $v) + { + try { + // Execute the handler + if ($v($credentials)) + { + // Explicitly returned true + $_PAM_HANDLERS_MSG[$k] = "Authenticated!"; + + return true; + } + else + $_PAM_HANDLERS_MSG[$k] = "Not Authenticated."; + } + catch (Exception $e) + { + $_PAM_HANDLERS_MSG[$k] = "$e"; + } + } + + return false; + } + ?> \ No newline at end of file -- cgit v1.2.3