253 lines
6.9 KiB
PHP
253 lines
6.9 KiB
PHP
<?php
|
|
/**
|
|
* Zend Framework
|
|
*
|
|
* LICENSE
|
|
*
|
|
* This source file is subject to the new BSD license that is bundled
|
|
* with this package in the file LICENSE.txt.
|
|
* It is also available through the world-wide-web at this URL:
|
|
* http://framework.zend.com/license/new-bsd
|
|
* If you did not receive a copy of the license and are unable to
|
|
* obtain it through the world-wide-web, please send an email
|
|
* to license@zend.com so we can send you a copy immediately.
|
|
*
|
|
* @category Zend
|
|
* @package Zend_Auth
|
|
* @subpackage Adapter
|
|
* @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
|
|
* @license http://framework.zend.com/license/new-bsd New BSD License
|
|
* @version $Id: Digest.php 24594 2012-01-05 21:27:01Z matthew $
|
|
*/
|
|
|
|
|
|
/**
|
|
* @see Zend_Auth_Adapter_Interface
|
|
*/
|
|
require_once 'Zend/Auth/Adapter/Interface.php';
|
|
|
|
|
|
/**
|
|
* @category Zend
|
|
* @package Zend_Auth
|
|
* @subpackage Adapter
|
|
* @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
|
|
* @license http://framework.zend.com/license/new-bsd New BSD License
|
|
*/
|
|
class Zend_Auth_Adapter_Digest implements Zend_Auth_Adapter_Interface
|
|
{
|
|
/**
|
|
* Filename against which authentication queries are performed
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $_filename;
|
|
|
|
/**
|
|
* Digest authentication realm
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $_realm;
|
|
|
|
/**
|
|
* Digest authentication user
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $_username;
|
|
|
|
/**
|
|
* Password for the user of the realm
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $_password;
|
|
|
|
/**
|
|
* Sets adapter options
|
|
*
|
|
* @param mixed $filename
|
|
* @param mixed $realm
|
|
* @param mixed $username
|
|
* @param mixed $password
|
|
* @return void
|
|
*/
|
|
public function __construct($filename = null, $realm = null, $username = null, $password = null)
|
|
{
|
|
$options = array('filename', 'realm', 'username', 'password');
|
|
foreach ($options as $option) {
|
|
if (null !== $$option) {
|
|
$methodName = 'set' . ucfirst($option);
|
|
$this->$methodName($$option);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the filename option value or null if it has not yet been set
|
|
*
|
|
* @return string|null
|
|
*/
|
|
public function getFilename()
|
|
{
|
|
return $this->_filename;
|
|
}
|
|
|
|
/**
|
|
* Sets the filename option value
|
|
*
|
|
* @param mixed $filename
|
|
* @return Zend_Auth_Adapter_Digest Provides a fluent interface
|
|
*/
|
|
public function setFilename($filename)
|
|
{
|
|
$this->_filename = (string) $filename;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Returns the realm option value or null if it has not yet been set
|
|
*
|
|
* @return string|null
|
|
*/
|
|
public function getRealm()
|
|
{
|
|
return $this->_realm;
|
|
}
|
|
|
|
/**
|
|
* Sets the realm option value
|
|
*
|
|
* @param mixed $realm
|
|
* @return Zend_Auth_Adapter_Digest Provides a fluent interface
|
|
*/
|
|
public function setRealm($realm)
|
|
{
|
|
$this->_realm = (string) $realm;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Returns the username option value or null if it has not yet been set
|
|
*
|
|
* @return string|null
|
|
*/
|
|
public function getUsername()
|
|
{
|
|
return $this->_username;
|
|
}
|
|
|
|
/**
|
|
* Sets the username option value
|
|
*
|
|
* @param mixed $username
|
|
* @return Zend_Auth_Adapter_Digest Provides a fluent interface
|
|
*/
|
|
public function setUsername($username)
|
|
{
|
|
$this->_username = (string) $username;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Returns the password option value or null if it has not yet been set
|
|
*
|
|
* @return string|null
|
|
*/
|
|
public function getPassword()
|
|
{
|
|
return $this->_password;
|
|
}
|
|
|
|
/**
|
|
* Sets the password option value
|
|
*
|
|
* @param mixed $password
|
|
* @return Zend_Auth_Adapter_Digest Provides a fluent interface
|
|
*/
|
|
public function setPassword($password)
|
|
{
|
|
$this->_password = (string) $password;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Defined by Zend_Auth_Adapter_Interface
|
|
*
|
|
* @throws Zend_Auth_Adapter_Exception
|
|
* @return Zend_Auth_Result
|
|
*/
|
|
public function authenticate()
|
|
{
|
|
$optionsRequired = array('filename', 'realm', 'username', 'password');
|
|
foreach ($optionsRequired as $optionRequired) {
|
|
if (null === $this->{"_$optionRequired"}) {
|
|
/**
|
|
* @see Zend_Auth_Adapter_Exception
|
|
*/
|
|
require_once 'Zend/Auth/Adapter/Exception.php';
|
|
throw new Zend_Auth_Adapter_Exception("Option '$optionRequired' must be set before authentication");
|
|
}
|
|
}
|
|
|
|
if (false === ($fileHandle = @fopen($this->_filename, 'r'))) {
|
|
/**
|
|
* @see Zend_Auth_Adapter_Exception
|
|
*/
|
|
require_once 'Zend/Auth/Adapter/Exception.php';
|
|
throw new Zend_Auth_Adapter_Exception("Cannot open '$this->_filename' for reading");
|
|
}
|
|
|
|
$id = "$this->_username:$this->_realm";
|
|
$idLength = strlen($id);
|
|
|
|
$result = array(
|
|
'code' => Zend_Auth_Result::FAILURE,
|
|
'identity' => array(
|
|
'realm' => $this->_realm,
|
|
'username' => $this->_username,
|
|
),
|
|
'messages' => array()
|
|
);
|
|
|
|
while ($line = trim(fgets($fileHandle))) {
|
|
if (substr($line, 0, $idLength) === $id) {
|
|
if ($this->_secureStringCompare(substr($line, -32), md5("$this->_username:$this->_realm:$this->_password"))) {
|
|
$result['code'] = Zend_Auth_Result::SUCCESS;
|
|
} else {
|
|
$result['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
|
|
$result['messages'][] = 'Password incorrect';
|
|
}
|
|
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
|
|
}
|
|
}
|
|
|
|
$result['code'] = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
|
|
$result['messages'][] = "Username '$this->_username' and realm '$this->_realm' combination not found";
|
|
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
|
|
}
|
|
|
|
/**
|
|
* Securely compare two strings for equality while avoided C level memcmp()
|
|
* optimisations capable of leaking timing information useful to an attacker
|
|
* attempting to iteratively guess the unknown string (e.g. password) being
|
|
* compared against.
|
|
*
|
|
* @param string $a
|
|
* @param string $b
|
|
* @return bool
|
|
*/
|
|
protected function _secureStringCompare($a, $b)
|
|
{
|
|
if (strlen($a) !== strlen($b)) {
|
|
return false;
|
|
}
|
|
$result = 0;
|
|
for ($i = 0; $i < strlen($a); $i++) {
|
|
$result |= ord($a[$i]) ^ ord($b[$i]);
|
|
}
|
|
return $result == 0;
|
|
}
|
|
}
|