/usr/share/php/Horde/Auth/Ipbasic.php is in php-horde-auth 2.2.2-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 | <?php
/**
* Copyright 1999-2017 Horde LLC (http://www.horde.org/)
*
* See the enclosed file COPYING for license information (LGPL). If you did
* not receive this file, see http://www.horde.org/licenses/lgpl21.
*
* @author Chuck Hagenbuch <chuck@horde.org>
* @category Horde
* @license http://www.horde.org/licenses/lgpl21 LGPL-2.1
* @package Auth
*/
/**
* The Horde_Auth_Ipbasic class provides access control based on CIDR masks
* (client IP addresses).
*
* It is not meant for user-based systems, but for times when you want a block
* of IPs to be able to access a site, and that access is simply on/off - no
* preferences, etc.
*
* @author Chuck Hagenbuch <chuck@horde.org>
* @category Horde
* @copyright 1999-2017 Horde LLC
* @license http://www.horde.org/licenses/lgpl21 LGPL-2.1
* @package Auth
*/
class Horde_Auth_Ipbasic extends Horde_Auth_Base
{
/**
* An array of capabilities, so that the driver can report which
* operations it supports and which it doesn't.
*
* @var array
*/
protected $_capabilities = array(
'transparent' => true
);
/**
* Constructor.
*
* @param array $params Optional Parameters:
* <pre>
* 'blocks' - (array) CIDR masks which are allowed access.
* </pre>
*/
public function __construct(array $params = array())
{
if (empty($params['blocks'])) {
$params['blocks'] = array();
} elseif (!is_array($params['blocks'])) {
$params['blocks'] = array($params['blocks']);
}
parent::__construct($params);
}
/**
* Automatic authentication: Find out if the client matches an allowed IP
* block.
*
* @return boolean Whether or not the client is allowed.
*/
public function transparent()
{
if (!isset($_SERVER['REMOTE_ADDR'])) {
return false;
}
foreach ($this->_params['blocks'] as $cidr) {
if ($this->_addressWithinCIDR($_SERVER['REMOTE_ADDR'], $cidr)) {
$this->_credentials['userId'] = $cidr;
return true;
}
}
return false;
}
/**
* Not implemented
*
* @param string $userId The userID to check.
* @param array $credentials An array of login credentials.
*
* @throws Horde_Auth_Exception
*/
protected function _authenticate($userId, $credentials)
{
throw new Horde_Auth_Exception('Unsupported.');
}
/**
* Determine if an IP address is within a CIDR block.
*
* @param string $address The IP address to check.
* @param string $cidr The block (e.g. 192.168.0.0/16) to test against.
*
* @return boolean Whether or not the address matches the mask.
*/
protected function _addressWithinCIDR($address, $cidr)
{
$address = ip2long($address);
list($quad, $bits) = explode('/', $cidr);
$bits = intval($bits);
$quad = ip2long($quad);
return (($address >> (32 - $bits)) == ($quad >> (32 - $bits)));
}
}
|