phpPoA2
[ class tree: phpPoA2 ] [ index: phpPoA2 ] [ all elements ]

Source for file SourceIPAddrAuthzEngine.php

Documentation is available at SourceIPAddrAuthzEngine.php

  1. <?php
  2. /**
  3.  * @copyright Copyright 2005-2010 RedIRIS, http://www.rediris.es/
  4.  *
  5.  *  This file is part of phpPoA2.
  6.  *
  7.  *  phpPoA2 is free software: you can redistribute it and/or modify
  8.  *  it under the terms of the GNU General Public License as published by
  9.  *  the Free Software Foundation, either version 3 of the License, or
  10.  *  (at your option) any later version.
  11.  *
  12.  *  phpPoA2 is distributed in the hope that it will be useful,
  13.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15.  *  GNU General Public License for more details.
  16.  *
  17.  *  You should have received a copy of the GNU General Public License
  18.  *  along with phpPoA2. If not, see <http://www.gnu.org/licenses/>.
  19.  *
  20.  * @license http://www.gnu.org/licenses/gpl.html GNU General Public License
  21.  * @version 2.0
  22.  * @author Jaime Perez <jaime.perez@rediris.es>
  23.  * @filesource
  24.  */
  25.  
  26. /**
  27.  * This hook is executed right after retrieving source address and
  28.  * the arrays of allowed and denied patterns that will be checked inmediately.
  29.  * It can be used to alter the source address, and also to configure the filters on runtime.
  30.  * The hook receives the source IP address, the allowed and the denied patterns.
  31.  * Functions for this hook must be defined like this:
  32.  *
  33.  * function ipBeforeFilterHook(&$ipaddr, &$allowed, &$denied);
  34.  *
  35.  * Please bear in mind that hooks must return TRUE or they'll keep other hooks from executing.
  36.  */
  37. define("SOURCEADDR_BEFORE_FILTERS""SOURCEADDR_BEFORE_FILTERS");
  38.  
  39. /**
  40.  * Authorization engine that works by checking the source IP address of the request.
  41.  * @package phpPoA2
  42.  * @subpackage SourceIPAddrAuthorizationEngine
  43.  */
  44.  
  45.     protected $valid_hooks = array(SOURCEADDR_BEFORE_FILTERS);
  46.  
  47.     public function isAuthorized($user$attrs{
  48.         // setup filtering criteria
  49.         $search array("/\./",
  50.                         "/\.0/",
  51.                         "/(:0){1,7}/",
  52.                         // IPv6 support
  53.                         "/^::/",
  54.                         "/::$/");
  55.         $replace array("\.",
  56.                          ".\d{1,3}",
  57.                          // IPv6 support
  58.                          "::",
  59.                          "(([0-9a-fA-F]{1,4})){1,7}\:",
  60.                          "(\:([0-9a-fA-F]{1,4})){1,7}");
  61.         // proxy support
  62.         $src_addr (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) $_SERVER['HTTP_X_FORWARDED_FOR'$_SERVER['REMOTE_ADDR'];
  63.  
  64.         // check if there are IP filters
  65.         $allowed $this->cfg->getAllowed();
  66.         $denied $this->cfg->getDenied();
  67.  
  68.         // run hook before checking patterns
  69.         $args array($src_addr$allowed$denied);
  70.         $this->runHooks(SOURCEADDR_BEFORE_FILTERS$args);
  71.         $src_addr $args[0];
  72.         $allowed $args[1];
  73.         $denied $args[2];
  74.  
  75.         // evaluate allowance filters
  76.         if (!empty($allowed)) {
  77.             if (is_array($allowed)) {
  78.                 foreach ($allowed as $mask{
  79.                     $mask preg_replace($search$replace$mask);
  80.                     if (preg_match("/".$mask."/i"$src_addr)) {
  81.                         trigger_error(msg('source-ip-allowed'array($src_addr$mask))E_USER_WARNING);
  82.                         return true;
  83.                     }
  84.                 }
  85.             else {
  86.                 $mask str_replace($search$replace$allowed);
  87.                 if (preg_match("/".$mask."/"$src_addr)) {
  88.                     trigger_error(msg('source-ip-allowed'array($src_addr$mask))E_USER_WARNING);
  89.                     return true;
  90.                 }
  91.             }
  92.         }
  93.  
  94.         if (!empty($denied)) {
  95.             // denied IPs
  96.             if (is_array($denied)) {
  97.                 foreach ($denied as $mask{
  98.                     $mask str_replace($search$replace$mask);
  99.                     if (preg_match("/".$mask."/"$src_addr)) {
  100.                         trigger_error(msg('source-ip-denied'array($src_addr$mask))E_USER_WARNING);
  101.                         return false;
  102.                     }
  103.                 }
  104.             else {
  105.                 $mask str_replace($search$replace$denied);
  106.                 if (preg_match("/".$mask."/"$src_addr)) {
  107.                     trigger_error(msg('source-ip-denied'array($src_addr$mask))E_USER_WARNING);
  108.                     return false;
  109.                 }
  110.             }
  111.         }
  112.  
  113.     // default response
  114.     trigger_error(msg('authz-default-fallback')E_USER_NOTICE);
  115.         return $this->cfg->getDefaultBehaviour();
  116.     }
  117.  
  118.  
  119.  
  120.     public function getAuthorizedList({
  121.         $this->registerHandler();
  122.         $list $this->cfg->getAllowed();
  123.         $this->clean();
  124.         return $list;
  125.     }
  126.  
  127.     public function authorize($user$attrs$ref$expires 0{
  128.         return false;
  129.     }
  130.  
  131.     public function revoke($mail{
  132.         return false;
  133.     }
  134.  
  135. }
  136.  
  137. ?>

Documentation generated on Wed, 13 Oct 2010 15:06:26 +0200 by phpDocumentor 1.4.3