1 <?php

2 namespace TYPO3\CMS\Sv;

3 

22 class AuthenticationService extends \TYPO3\CMS\Sv\AbstractAuthenticationService {

23 

32  public function processLoginData(array &$loginData, $passwordTransmissionStrategy) {

33  $isProcessed = TRUE;

34  // Processing data according to the state it was submitted in.

35  switch ($passwordTransmissionStrategy) {

36  case 'normal':

37  $loginData['uident_text'] = $loginData['uident'];

38  break;

39  case 'challenged':

40  $loginData['uident_text'] = '';

41  $loginData['uident_challenged'] = $loginData['uident'];

42  $loginData['uident_superchallenged'] = '';

43  break;

44  case 'superchallenged':

45  $loginData['uident_text'] = '';

46  $loginData['uident_challenged'] = '';

47  $loginData['uident_superchallenged'] = $loginData['uident'];

48  break;

49  default:

50  $isProcessed = FALSE;

51  }

52  if (!empty($loginData['uident_text'])) {

53  $loginData['uident_challenged'] = (string) md5(($loginData['uname'] . ':' . $loginData['uident_text'] . ':' . $loginData['chalvalue']));

54  $loginData['uident_superchallenged'] = (string) md5(($loginData['uname'] . ':' . md5($loginData['uident_text']) . ':' . $loginData['chalvalue']));

55  $isProcessed = TRUE;

56  }

57  return $isProcessed;

58  }

59 

66  public function getUser() {

67  $user = FALSE;

68  if ($this->login['status'] == 'login') {

69  if ($this->login['uident']) {

70  $user = $this->fetchUserRecord($this->login['uname']);

71  if (!is_array($user)) {

72  // Failed login attempt (no username found)

73  $this->writelog(255, 3, 3, 2, 'Login-attempt from %s (%s), username \'%s\' not found!!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));

74  // Logout written to log

75  \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\' not found!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);

76  } else {

77  if ($this->writeDevLog) {

78  \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('User found: ' . \TYPO3\CMS\Core\Utility\GeneralUtility::arrayToLogString($user, array($this->db_user['userid_column'], $this->db_user['username_column'])), 'TYPO3\\CMS\\Sv\\AuthenticationService');

79  }

80  }

81  } else {

82  // Failed Login attempt (no password given)

83  $this->writelog(255, 3, 3, 2, 'Login-attempt from %s (%s) for username \'%s\' with an empty password!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));

84  \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), for username \'%s\' with an empty password!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);

85  }

86  }

87  return $user;

88  }

89 

104  public function authUser(array $user) {

105  $OK = 100;

106  // This authentication service can only work correctly, if a non empty username along with a non empty password is provided.

107  // Otherwise a different service is allowed to check for other login credentials

108  if ((string)$this->login['uident'] !== '' && (string)$this->login['uname'] !== '') {

109  // Checking password match for user:

110  $OK = $this->compareUident($user, $this->login);

111  if (!$OK) {

112  // Failed login attempt (wrong password) - write that to the log!

113  if ($this->writeAttemptLog) {

114  $this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', password not accepted!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));

115  \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', password not accepted!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);

116  }

117  if ($this->writeDevLog) {

118  \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Password not accepted: ' . $this->login['uident'], 'TYPO3\\CMS\\Sv\\AuthenticationService', 2);

119  }

120  }

121  // Checking the domain (lockToDomain)

122  if ($OK && $user['lockToDomain'] && $user['lockToDomain'] != $this->authInfo['HTTP_HOST']) {

123  // Lock domain didn't match, so error:

124  if ($this->writeAttemptLog) {

125  $this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']));

126  \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);

127  }

128  $OK = 0;

129  }

130  }

131  return $OK;

132  }

133 

142  public function getGroups($user, $knownGroups) {

143  global $TYPO3_CONF_VARS;

144  $groupDataArr = array();

145  if ($this->mode == 'getGroupsFE') {

146  $groups = array();

147  if (is_array($user) && $user[$this->db_user['usergroup_column']]) {

148  $groupList = $user[$this->db_user['usergroup_column']];

149  $groups = array();

150  $this->getSubGroups($groupList, '', $groups);

151  }

152  // ADD group-numbers if the IPmask matches.

153  if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) {

154  foreach ($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) {

155  if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) {

156  $groups[] = (int)$IPel[1];

157  }

158  }

159  }

160  $groups = array_unique($groups);

161  if (count($groups)) {

162  $list = implode(',', $groups);

163  if ($this->writeDevLog) {

164  \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Get usergroups with id: ' . $list, 'TYPO3\\CMS\\Sv\\AuthenticationService');

165  }

166  $lockToDomain_SQL =

167  ' AND ('

168  . 'lockToDomain=\'\''

169  . ' OR lockToDomain IS NULL'

170  . ' OR lockToDomain=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->authInfo['HTTP_HOST'], $this->db_groups['table'])

171  . ')';

172  if (!$this->authInfo['showHiddenRecords']) {

173  $hiddenP = 'AND hidden=0 ';

174  }

175  $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $list . ')' . $lockToDomain_SQL);

176  while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {

177  $groupDataArr[$row['uid']] = $row;

178  }

179  if ($res) {

180  $GLOBALS['TYPO3_DB']->sql_free_result($res);

181  }

182  } else {

183  if ($this->writeDevLog) {

184  \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('No usergroups found.', 'TYPO3\\CMS\\Sv\\AuthenticationService', 2);

185  }

186  }

187  } elseif ($this->mode == 'getGroupsBE') {

188 

189  }

190  return $groupDataArr;

191  }

192 

205  public function getSubGroups($grList, $idList = '', &$groups) {

206  // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):

207  $lockToDomain_SQL =

208  ' AND ('

209  . 'lockToDomain=\'\''

210  . ' OR lockToDomain IS NULL'

211  . ' OR lockToDomain=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->authInfo['HTTP_HOST'], 'fe_groups')

212  . ')';

213  if (!$this->authInfo['showHiddenRecords']) {

214  $hiddenP = 'AND hidden=0 ';

215  }

216  $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $grList . ')' . $lockToDomain_SQL);

217  // Internal group record storage

218  $groupRows = array();

219  // The groups array is filled

220  while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {

221  if (!in_array($row['uid'], $groups)) {

222  $groups[] = $row['uid'];

223  }

224  $groupRows[$row['uid']] = $row;

225  }

226  // Traversing records in the correct order

227  $include_staticArr = \TYPO3\CMS\Core\Utility\GeneralUtility::intExplode(',', $grList);

228  // traversing list

229  foreach ($include_staticArr as $uid) {

230  // Get row:

231  $row = $groupRows[$uid];

232  // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist

233  if (is_array($row) && !\TYPO3\CMS\Core\Utility\GeneralUtility::inList($idList, $uid)) {

234  // Include sub groups

235  if (trim($row['subgroup'])) {

236  // Make integer list

237  $theList = implode(',', \TYPO3\CMS\Core\Utility\GeneralUtility::intExplode(',', $row['subgroup']));

238  // Call recursively, pass along list of already processed groups so they are not recursed again.

239  $this->getSubGroups($theList, $idList . ',' . $uid, $groups);

240  }

241  }

242  }

243  }

244 

245 }