forked from extern/egroupware
added password check to shares
This commit is contained in:
parent
cf9326391c
commit
3f50472828
@ -99,16 +99,7 @@ class egw_digest_auth
|
|||||||
(preg_match('/[^\x20-\x7F]/', $password) || strpos($password, '\\x') !== false) &&
|
(preg_match('/[^\x20-\x7F]/', $password) || strpos($password, '\\x') !== false) &&
|
||||||
!$GLOBALS['egw']->auth->authenticate($username, $password, 'text'))
|
!$GLOBALS['egw']->auth->authenticate($username, $password, 'text'))
|
||||||
{
|
{
|
||||||
// replace \x encoded non-ascii chars in password, as they are used eg. by Thunderbird for German umlauts
|
self::decode_password($password);
|
||||||
if (strpos($password, '\\x') !== false)
|
|
||||||
{
|
|
||||||
$password = preg_replace_callback('/\\\\x([0-9A-F]{2})/i', function($matches){
|
|
||||||
return chr(hexdec($matches[1]));
|
|
||||||
}, $password);
|
|
||||||
}
|
|
||||||
// try translating the password from iso-8859-1 to utf-8
|
|
||||||
$password = translation::convert($password, 'iso-8859-1');
|
|
||||||
//error_log(__METHOD__."() Fixed non-ascii password of user '$username' from '$_SERVER[PHP_AUTH_PW]' to '$password'");
|
|
||||||
}
|
}
|
||||||
// create session without session cookie (session->create(..., true), as we use pseudo sessionid from credentials
|
// create session without session cookie (session->create(..., true), as we use pseudo sessionid from credentials
|
||||||
if (!isset($username) || !($sessionid = $GLOBALS['egw']->session->create($username, $password, 'text', true)))
|
if (!isset($username) || !($sessionid = $GLOBALS['egw']->session->create($username, $password, 'text', true)))
|
||||||
@ -126,6 +117,32 @@ class egw_digest_auth
|
|||||||
return $sessionid;
|
return $sessionid;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Decode password containing non-ascii chars
|
||||||
|
*
|
||||||
|
* @param string &$password
|
||||||
|
* @return boolean true if conversation happend, false if there was no need for a conversation
|
||||||
|
*/
|
||||||
|
public static function decode_password(&$password)
|
||||||
|
{
|
||||||
|
// if given password contains non-ascii chars AND we can not authenticate with it
|
||||||
|
if (preg_match('/[^\x20-\x7F]/', $password) || strpos($password, '\\x') !== false)
|
||||||
|
{
|
||||||
|
// replace \x encoded non-ascii chars in password, as they are used eg. by Thunderbird for German umlauts
|
||||||
|
if (strpos($password, '\\x') !== false)
|
||||||
|
{
|
||||||
|
$password = preg_replace_callback('/\\\\x([0-9A-F]{2})/i', function($matches){
|
||||||
|
return chr(hexdec($matches[1]));
|
||||||
|
}, $password);
|
||||||
|
}
|
||||||
|
// try translating the password from iso-8859-1 to utf-8
|
||||||
|
$password = translation::convert($password, 'iso-8859-1');
|
||||||
|
//error_log(__METHOD__."() Fixed non-ascii password of user '$username' from '$_SERVER[PHP_AUTH_PW]' to '$password'");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if digest auth is available for a given realm (and user): do we use cleartext passwords
|
* Check if digest auth is available for a given realm (and user): do we use cleartext passwords
|
||||||
*
|
*
|
||||||
|
@ -16,7 +16,6 @@
|
|||||||
* Token generation uses openssl_random_pseudo_bytes, if available, otherwise
|
* Token generation uses openssl_random_pseudo_bytes, if available, otherwise
|
||||||
* mt_rand based auth::randomstring is used.
|
* mt_rand based auth::randomstring is used.
|
||||||
*
|
*
|
||||||
* @todo UI to create shares
|
|
||||||
* @todo handle existing user sessions eg. by mounting share under it's token into vfs and redirect to regular filemanager
|
* @todo handle existing user sessions eg. by mounting share under it's token into vfs and redirect to regular filemanager
|
||||||
* @todo handle mounts inside shared directory (they get currently lost)
|
* @todo handle mounts inside shared directory (they get currently lost)
|
||||||
* @todo handle absolute symlinks (wont work as we use share as root)
|
* @todo handle absolute symlinks (wont work as we use share as root)
|
||||||
@ -138,7 +137,19 @@ class egw_sharing
|
|||||||
echo "Requested resource '/".htmlspecialchars($token)."' does NOT exist!\n";
|
echo "Requested resource '/".htmlspecialchars($token)."' does NOT exist!\n";
|
||||||
common::egw_exit();
|
common::egw_exit();
|
||||||
}
|
}
|
||||||
// ToDo: password check, if required
|
|
||||||
|
// check password, if required
|
||||||
|
if ($share['share_passwd'] && (empty($_SERVER['PHP_AUTH_PW']) ||
|
||||||
|
!auth::compare_password($_SERVER['PHP_AUTH_PW'], $share['share_passwd'], 'crypt')))
|
||||||
|
{
|
||||||
|
$realm = 'EGroupware share '.$share['share_token'];
|
||||||
|
header('WWW-Authenticate: Basic realm="'.$realm.'"');
|
||||||
|
$status = '401 Unauthorized';
|
||||||
|
header("HTTP/1.1 $status");
|
||||||
|
header("X-WebDAV-Status: $status", true);
|
||||||
|
echo "<html>\n<head>\n<title>401 Unauthorized</title>\n<body>\nAuthorization failed.\n</body>\n</html>\n";
|
||||||
|
common::egw_exit();
|
||||||
|
}
|
||||||
|
|
||||||
// create session without checking auth: create(..., false, false)
|
// create session without checking auth: create(..., false, false)
|
||||||
if (!($sessionid = $GLOBALS['egw']->session->create('anonymous', '', 'text', false, false)))
|
if (!($sessionid = $GLOBALS['egw']->session->create('anonymous', '', 'text', false, false)))
|
||||||
|
Loading…
Reference in New Issue
Block a user