mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: Fixed http-auth not honouring http_auth_guest (#6699)

Browse Source 
* fix: Fixed http-auth not honouring http_auth_guest

* Always fall back to http_auth_guest.
Make sure $username is set, otherwise, we won't try to authenticate.

* reverted elseif to default to http-auth-guest

* Update authenticate.inc.php

simplify logic
This commit is contained in:
Neil Lathwood
2017-05-23 08:40:57 +01:00
committed by GitHub
parent 1570ea95c0
commit 14a143a6a7
2 changed files with 24 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
html/includes/authenticate.inc.php
View File

@@ -56,9 +56,9 @@ try {
$username = clean($_REQUEST['username']); $username = clean($_REQUEST['username']);
$password = $_REQUEST['password']; $password = $_REQUEST['password'];
} elseif (isset($_SERVER['REMOTE_USER'])) { } elseif (isset($_SERVER['REMOTE_USER'])) {
$username = $_SERVER['REMOTE_USER']; $username = clean($_SERVER['REMOTE_USER']);
} elseif (isset($_SERVER['PHP_AUTH_USER']) && $config['auth_mechanism'] === 'http-auth') { } elseif (isset($_SERVER['PHP_AUTH_USER']) && $config['auth_mechanism'] === 'http-auth') {
$username = $_SERVER['PHP_AUTH_USER']; $username = clean($_SERVER['PHP_AUTH_USER']);
} }
// form authentication // form authentication

44
html/includes/authentication/http-auth.inc.php
View File

@@ -3,27 +3,13 @@
use LibreNMS\Exceptions\AuthenticationException; use LibreNMS\Exceptions\AuthenticationException;
use Phpass\PasswordHash; use Phpass\PasswordHash;
if (!isset($_SESSION['username'])) {
$_SESSION['username'] = '';
}
function authenticate($username, $password) function authenticate($username, $password)
{ {
global $config; if (user_exists($username)) {
return true;
if (isset($_SERVER['REMOTE_USER']) || isset($_SERVER['PHP_AUTH_USER'])) {
$_SESSION['username'] = mres($_SERVER['REMOTE_USER']) ?: mres($_SERVER['PHP_AUTH_USER']);
$row = @dbFetchRow('SELECT username FROM `users` WHERE `username`=?', array($_SESSION['username']));
if (isset($row['username']) && $row['username'] == $_SESSION['username']) {
return true;
} else {
$_SESSION['username'] = $config['http_auth_guest'];
return true;
}
} }
throw new AuthenticationException();
throw new AuthenticationException('No matching user found and http_auth_guest is not set');
} }
@@ -73,20 +59,34 @@ function adduser($username, $password, $level, $email = '', $realname = '', $can
function user_exists($username) function user_exists($username)
{ {
// FIXME this doesn't seem right? (adama) global $config;
return dbFetchCell('SELECT * FROM `users` WHERE `username` = ?', array($username));
return dbFetchCell(
'SELECT COUNT(*) FROM `users` WHERE `username`=? OR `username`=?',
array($username, $config['http_auth_guest'])
) > 0;
} }
function get_userlevel($username) function get_userlevel($username)
{ {
return dbFetchCell('SELECT `level` FROM `users` WHERE `username`= ?', array($username)); global $config;
return dbFetchCell(
'SELECT `level` FROM `users` WHERE `username`=? OR `username`=?',
array($username, $config['http_auth_guest'])
);
} }
function get_userid($username) function get_userid($username)
{ {
return dbFetchCell('SELECT `user_id` FROM `users` WHERE `username`= ?', array($username)); global $config;
return dbFetchCell(
'SELECT `user_id` FROM `users` WHERE `username`=? OR `username`=?',
array($username, $config['http_auth_guest'])
);
} }