From: Marcin Haba Date: Thu, 18 Jun 2020 18:18:11 +0000 (+0200) Subject: baculum: Add local user authentication method support X-Git-Tag: Release-9.6.6~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d85db663a0d4710ce9d06d754bacf0062633dc27;p=thirdparty%2Fbacula.git baculum: Add local user authentication method support --- diff --git a/gui/baculum/protected/Common/Class/Apr1Md5.php b/gui/baculum/protected/Common/Class/Apr1Md5.php index c12106bed..4f2982815 100644 --- a/gui/baculum/protected/Common/Class/Apr1Md5.php +++ b/gui/baculum/protected/Common/Class/Apr1Md5.php @@ -31,6 +31,12 @@ Prado::using('Application.Common.Class.CommonModule'); */ class Apr1Md5 extends CommonModule { + // APR-MD5 hash prefix + const HASH_PREFIX = '$apr1'; + + // Salt length + const DEF_SALT_LEN = 8; + /** * Get hashed password using APR1-MD5 algorithm. * This function is based on common sample using PHP implementation APR1-MD5. @@ -38,10 +44,13 @@ class Apr1Md5 extends CommonModule { * @see https://stackoverflow.com/questions/1038791/how-to-programmatically-build-an-apr1-md5-using-php * * @param string $password plain text password + * @param string $salt cryptographic salt * @return string hashed password */ - public function crypt($password) { - $salt = $this->getModule('crypto')->getRandomString(8); + public function crypt($password, $salt = null) { + if (is_null($salt)) { + $salt = $this->getModule('crypto')->getRandomString(self::DEF_SALT_LEN); + } $len = strlen($password); $text = sprintf('%s$apr1$%s', $password, $salt); $bin = pack('H32', md5($password . $salt . $password)); @@ -79,7 +88,25 @@ class Apr1Md5 extends CommonModule { 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/', './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' ); - return sprintf('$apr1$%s$%s', $salt, $tmp); + return sprintf('%s$%s$%s', self::HASH_PREFIX, $salt, $tmp); + } + + /** + * Verify if for given hash given password is valid. + * + * @param string $password password to check + * @param string $hash hash to check + * @return boolean true if password and hash are match, otherwise false + */ + public function verify($password, $hash) { + $valid = false; + $parts = explode('$', $hash, 4); + if (count($parts) === 4) { + $salt = $parts[2]; + $hash2 = $this->crypt($password, $salt); + $valid = ($hash === $hash2); + } + return $valid; } } ?> diff --git a/gui/baculum/protected/Common/Class/BCrypt.php b/gui/baculum/protected/Common/Class/BCrypt.php index 2a7d6b806..ca5f347ee 100644 --- a/gui/baculum/protected/Common/Class/BCrypt.php +++ b/gui/baculum/protected/Common/Class/BCrypt.php @@ -32,6 +32,12 @@ Prado::using('Application.Common.Class.CommonModule'); */ class BCrypt extends CommonModule { + // BCrypt hash prefix + const HASH_PREFIX = '$2y'; + + // Salt length + const DEF_SALT_LEN = 22; + // bcrypt uses not standard base64 alphabet const BCRYPT_BASE64_CODE = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; @@ -42,21 +48,43 @@ class BCrypt extends CommonModule { * Get hashed password using BCrypt algorithm and salt. * * @param string $password plain text password + * @param string $salt cryptographic salt * @return string hashed password */ - public function crypt($password) { - // Suffle string - $rand_string = str_shuffle(self::BCRYPT_BASE64_CODE); + public function crypt($password, $salt = null) { + if (is_null($salt)) { + // Suffle string + $rand_string = str_shuffle(self::BCRYPT_BASE64_CODE); - // BCrypt salt - 22 characters - $salt_str = substr($rand_string, 0, 22); + // BCrypt salt + $salt = substr($rand_string, 0, self::DEF_SALT_LEN); + } - $salt = sprintf( - '$2y$%d$%s$', + $salt_val = sprintf( + '%s$%d$%s$', + self::HASH_PREFIX, self::BCRYPT_COST, - $salt_str + $salt ); - return crypt($password, $salt); + return crypt($password, $salt_val); + } + + /** + * Verify if for given hash given password is valid. + * + * @param string $password password to check + * @param string $hash hash to check + * @return boolean true if password and hash are match, otherwise false + */ + public function verify($password, $hash) { + $valid = false; + $parts = explode('$', $hash, 4); + if (count($parts) === 4) { + $salt = substr($parts[3], 0, self::DEF_SALT_LEN); + $hash2 = $this->crypt($password, $salt); + $valid = ($hash === $hash2); + } + return $valid; } } ?> diff --git a/gui/baculum/protected/Common/Class/BasicUserConfig.php b/gui/baculum/protected/Common/Class/BasicUserConfig.php index ba9119c6f..68c340e09 100644 --- a/gui/baculum/protected/Common/Class/BasicUserConfig.php +++ b/gui/baculum/protected/Common/Class/BasicUserConfig.php @@ -129,6 +129,24 @@ class BasicUserConfig extends CommonModule { return $all_users; } + /** + * Get user and password hash from config. + * + * @param string $user username + * @return array username and password hash or empty array if user not found + */ + public function getUserCfg($username) { + $user = []; + $u = $this->getUsers($username); + if (count($u) == 1) { + $user = [ + 'username' => $username, + 'pwd_hash' => $u[$username] + ]; + } + return $user; + } + /** * Save HTTP Basic users file. * Given parameter is associative array with usernames as keys diff --git a/gui/baculum/protected/Common/Class/Crypto.php b/gui/baculum/protected/Common/Class/Crypto.php index e1bc9516c..14d511897 100644 --- a/gui/baculum/protected/Common/Class/Crypto.php +++ b/gui/baculum/protected/Common/Class/Crypto.php @@ -60,15 +60,12 @@ class Crypto extends CommonModule { } /** - * Get hashed password to use in web server auth. - * If no hash algorithm given, use APR1-MD5. + * Get hash algorithm module instance by hash algorithm name. * - * @access public - * @param string $password plain text password - * @param string $hash_alg hash algorithm (apr1-md5|sha1) - * @return string hashed password + * @param string $hash_alg hash algorithm + * @return object hash algorithm module instance */ - public function getHashedPassword($password, $hash_alg = null) { + private function getModuleByHashAlg($hash_alg) { $mod = ''; switch ($hash_alg) { case self::HASH_ALG_BCRYPT: { @@ -99,7 +96,59 @@ class Crypto extends CommonModule { $mod = 'apr1md5'; } } - return $this->getModule($mod)->crypt($password); + return $this->getModule($mod); + } + + /** + * Get hashed password to use in web server auth. + * If no hash algorithm given, use APR1-MD5. + * + * @access public + * @param string $password plain text password + * @param string $hash_alg hash algorithm + * @return string hashed password + */ + public function getHashedPassword($password, $hash_alg = null) { + if (is_null($hash_alg)) { + $hash_alg = self::HASH_ALG_APR1_MD5; + } + return $this->getModuleByHashAlg($hash_alg)->crypt($password); + } + + /* + * Get all supported hash algorithms. + * It bases on HASH_ALG_ constants definition. + * + * @return array supported hash algorithms + */ + private function getSupportedHashAlgs() { + $hash_algs = []; + $ocls = new ReflectionClass(__CLASS__); + foreach ($ocls->getConstants() as $const => $hash_alg) { + if (strpos($const, 'HASH_ALG_') !== 0) { + continue; + } + $hash_algs[$const] = $hash_alg; + } + return $hash_algs; + } + + /** + * Get module corresponding a hash string. + * + * @param string $hash hash string to check + * @return object|null module object on true, false if hash algorithm not recognized + */ + public function getModuleByHash($hash) { + $module = null; + foreach ($this->getSupportedHashAlgs() as $const => $hash_alg) { + $mod = $this->getModuleByHashAlg($hash_alg); + if (strpos($hash, $mod::HASH_PREFIX) === 0) { + $module = $mod; + break; + } + } + return $module; } } ?> diff --git a/gui/baculum/protected/Common/Class/Sha1.php b/gui/baculum/protected/Common/Class/Sha1.php index 1ce829ef2..b14ed7d93 100644 --- a/gui/baculum/protected/Common/Class/Sha1.php +++ b/gui/baculum/protected/Common/Class/Sha1.php @@ -32,6 +32,9 @@ Prado::using('Application.Common.Class.CommonModule'); */ class Sha1 extends CommonModule { + // SHA-1 hash prefix + const HASH_PREFIX = '{SHA}'; + /** * Get hashed password using SHA-1 algorithm. * @@ -41,9 +44,20 @@ class Sha1 extends CommonModule { public function crypt($password) { $hash = sha1($password, true); $bh = base64_encode($hash); - $ret = '{SHA}' . $bh; + $ret = self::HASH_PREFIX . $bh; return $ret; } + /** + * Verify if for given hash given password is valid. + * + * @param string $password password to check + * @param string $hash hash to check + * @return boolean true if password and hash are match, otherwise false + */ + public function verify($password, $hash) { + $hash2 = $this->crypt($password); + return ($hash === $hash2); + } } ?> diff --git a/gui/baculum/protected/Common/Class/Sha256.php b/gui/baculum/protected/Common/Class/Sha256.php index 631040558..9177cc3f3 100644 --- a/gui/baculum/protected/Common/Class/Sha256.php +++ b/gui/baculum/protected/Common/Class/Sha256.php @@ -32,24 +32,52 @@ Prado::using('Application.Common.Class.CommonModule'); */ class Sha256 extends CommonModule { + // SHA-256 hash prefix + const HASH_PREFIX = '$5'; + + // Salt length + const DEF_SALT_LEN = 16; + const SHA256_ROUNDS = 10000; /** * Get hashed password using SHA-256 algorithm and salt. * * @param string $password plain text password + * @param string $salt cryptographic salt * @return string hashed password */ - public function crypt($password) { - // Salt string - 16 characters for SHA-256 - $salt_str = $this->getModule('crypto')->getRandomString(16); + public function crypt($password, $salt = null) { + if (is_null($salt)) { + // Salt string - 16 characters for SHA-256 + $salt = $this->getModule('crypto')->getRandomString(self::DEF_SALT_LEN); + } - $salt = sprintf( - '$5$rounds=%d$%s$', + $salt_val = sprintf( + '%s$rounds=%d$%s$', + self::HASH_PREFIX, self::SHA256_ROUNDS, - $salt_str + $salt ); - return crypt($password, $salt); + return crypt($password, $salt_val); + } + + /** + * Verify if for given hash given password is valid. + * + * @param string $password password to check + * @param string $hash hash to check + * @return boolean true if password and hash are match, otherwise false + */ + public function verify($password, $hash) { + $valid = false; + $parts = explode('$', $hash, 5); + if (count($parts) === 5) { + $salt = $parts[3]; + $hash2 = $this->crypt($password, $salt); + $valid = ($hash === $hash2); + } + return $valid; } } ?> diff --git a/gui/baculum/protected/Common/Class/Sha512.php b/gui/baculum/protected/Common/Class/Sha512.php index 85fcfeca8..b010d5bc4 100644 --- a/gui/baculum/protected/Common/Class/Sha512.php +++ b/gui/baculum/protected/Common/Class/Sha512.php @@ -32,24 +32,52 @@ Prado::using('Application.Common.Class.CommonModule'); */ class Sha512 extends CommonModule { + // SHA-512 hash prefix + const HASH_PREFIX = '$6'; + + // Salt length + const DEF_SALT_LEN = 16; + const SHA512_ROUNDS = 10000; /** * Get hashed password using SHA-512 algorithm and salt. * * @param string $password plain text password + * @param string $salt cryptographic salt * @return string hashed password */ - public function crypt($password) { - // Salt string - 16 characters for SHA-512 - $salt_str = $this->getModule('crypto')->getRandomString(16); + public function crypt($password, $salt = null) { + if (is_null($salt)) { + // Salt string - 16 characters for SHA-512 + $salt = $this->getModule('crypto')->getRandomString(self::DEF_SALT_LEN); + } - $salt = sprintf( - '$6$rounds=%d$%s$', + $salt_val = sprintf( + '%s$rounds=%d$%s$', + self::HASH_PREFIX, self::SHA512_ROUNDS, - $salt_str + $salt ); - return crypt($password, $salt); + return crypt($password, $salt_val); + } + + /** + * Verify if for given hash given password is valid. + * + * @param string $password password to check + * @param string $hash hash to check + * @return boolean true if password and hash are match, otherwise false + */ + public function verify($password, $hash) { + $valid = false; + $parts = explode('$', $hash, 5); + if (count($parts) === 5) { + $salt = $parts[3]; + $hash2 = $this->crypt($password, $salt); + $valid = ($hash === $hash2); + } + return $valid; } } ?> diff --git a/gui/baculum/protected/Common/Class/Ssha1.php b/gui/baculum/protected/Common/Class/Ssha1.php index 3b617f9ba..9ded33b6e 100644 --- a/gui/baculum/protected/Common/Class/Ssha1.php +++ b/gui/baculum/protected/Common/Class/Ssha1.php @@ -33,6 +33,12 @@ Prado::using('Application.Common.Class.CommonModule'); */ class Ssha1 extends CommonModule { + // Salted SHA-1 hash prefix + const HASH_PREFIX = '{SSHA}'; + + // Salt length + const DEF_SALT_LEN = 4; + /** * Get hashed password using SHA-1 algorithm and salt. * @@ -40,15 +46,30 @@ class Ssha1 extends CommonModule { * @param string $salt cryptographic salt * @return string hashed password */ - public function crypt($password) { - // Salt string - 16 characters for SHA-256 - $salt = $this->getModule('crypto')->getRandomString(4); - + public function crypt($password, $salt = null) { + if (is_null($salt)) { + $salt = $this->getModule('crypto')->getRandomString(self::DEF_SALT_LEN); + } $hash = sha1($password . $salt, true); $bh = base64_encode($hash . $salt); - $ret = '{SSHA}' . $bh; + $ret = self::HASH_PREFIX . $bh; return $ret; } + /** + * Verify if for given hash given password is valid. + * + * @param string $password password to check + * @param string $hash hash to check + * @return boolean true if password and hash are match, otherwise false + */ + public function verify($password, $hash) { + $pos = strlen(self::HASH_PREFIX) - 1; + $bh = substr($hash, $pos); + $h = base64_decode($bh); + $salt = substr($h, -(self::DEF_SALT_LEN)); + $hash2 = $this->crypt($password, $salt); + return ($hash === $hash2); + } } ?> diff --git a/gui/baculum/protected/Web/Class/WebBasicUserManager.php b/gui/baculum/protected/Web/Class/WebBasicUserManager.php index ea3a6db06..52de92537 100644 --- a/gui/baculum/protected/Web/Class/WebBasicUserManager.php +++ b/gui/baculum/protected/Web/Class/WebBasicUserManager.php @@ -31,9 +31,22 @@ Prado::using('Application.Web.Class.WebModule'); */ class WebBasicUserManager extends WebModule implements UserManager { + /** + * Module initialization. + * + * @param TXmlElement $config module configuration + */ public function init($config) { } + /** + * Validate username and password. + * Used during logging in process. + * + * @param string $username username + * @param string $password password + * @return boolean true if user and password valid, otherwise false + */ public function validateUser($username, $password) { /** * Basic auth is realized by web server, so validating diff --git a/gui/baculum/protected/Web/Class/WebConfig.php b/gui/baculum/protected/Web/Class/WebConfig.php index 27f75b5d4..faaf5b547 100644 --- a/gui/baculum/protected/Web/Class/WebConfig.php +++ b/gui/baculum/protected/Web/Class/WebConfig.php @@ -72,6 +72,7 @@ class WebConfig extends ConfigFileModule { /** * Supported authentication methods. */ + const AUTH_METHOD_LOCAL = 'local'; const AUTH_METHOD_BASIC = 'basic'; const AUTH_METHOD_LDAP = 'ldap'; @@ -264,6 +265,15 @@ class WebConfig extends ConfigFileModule { return ($this->getAuthMethod() === self::AUTH_METHOD_LDAP); } + /** + * Check if current authentication method is set to Local. + * + * @return boolean true if is set local auth, otherwise false + */ + public function isAuthMethodLocal() { + return ($this->getAuthMethod() === self::AUTH_METHOD_LOCAL); + } + /** * Check if current default access method for not existing users * in configuration file is set to no access. diff --git a/gui/baculum/protected/Web/Class/WebLdapUserManager.php b/gui/baculum/protected/Web/Class/WebLdapUserManager.php index 3f939de53..4e6d4c9a3 100644 --- a/gui/baculum/protected/Web/Class/WebLdapUserManager.php +++ b/gui/baculum/protected/Web/Class/WebLdapUserManager.php @@ -31,8 +31,16 @@ Prado::using('Application.Web.Class.WebModule'); */ class WebLdapUserManager extends WebModule implements UserManager { + /** + * LDAP module object. + */ private $ldap = null; + /** + * Module initialization. + * + * @param TXmlElement $config module configuration + */ public function init($config) { parent::init($config); $web_config = $this->getModule('web_config')->getConfig(); @@ -42,6 +50,14 @@ class WebLdapUserManager extends WebModule implements UserManager { } } + /** + * Validate username and password. + * Used during logging in process. + * + * @param string $username username + * @param string $password password + * @return boolean true if user and password valid, otherwise false + */ public function validateUser($username, $password) { return $this->ldap->login($username, $password); } diff --git a/gui/baculum/protected/Web/Class/WebLocalUserManager.php b/gui/baculum/protected/Web/Class/WebLocalUserManager.php new file mode 100644 index 000000000..a69a4fb2c --- /dev/null +++ b/gui/baculum/protected/Web/Class/WebLocalUserManager.php @@ -0,0 +1,64 @@ + + * @category Module + * @package Baculum Web + */ +class WebLocalUserManager extends WebModule implements UserManager { + + /** + * Module initialization. + * + * @param TXmlElement $config module configuration + */ + public function init($config) { + } + + /** + * Validate username and password. + * Used during logging in process. + * + * @param string $username username + * @param string $password password + * @return boolean true if user and password valid, otherwise false + */ + public function validateUser($username, $password) { + $valid = false; + $user = $this->getModule('basic_webuser')->getUserCfg($username); + if (count($user) == 2) { + if (!empty($user['pwd_hash'])) { + $mod = $this->getModule('crypto')->getModuleByHash($user['pwd_hash']); + if (is_object($mod)) { + $valid = $mod->verify($password, $user['pwd_hash']); + } + } + } + return $valid; + } +} +?> diff --git a/gui/baculum/protected/Web/Class/WebUserManager.php b/gui/baculum/protected/Web/Class/WebUserManager.php index dc2416b1c..6a9d341b5 100644 --- a/gui/baculum/protected/Web/Class/WebUserManager.php +++ b/gui/baculum/protected/Web/Class/WebUserManager.php @@ -202,6 +202,9 @@ class WebUserManager extends WebModule implements IUserManager { $auth_method = $this->getModule('web_config')->getAuthMethod(); switch ($auth_method) { + case WebConfig::AUTH_METHOD_LOCAL: + $cls = 'Application.Web.Class.WebLocalUserManager'; + break; case WebConfig::AUTH_METHOD_BASIC: $cls = 'Application.Web.Class.WebBasicUserManager'; break; diff --git a/gui/baculum/protected/Web/Lang/en/messages.mo b/gui/baculum/protected/Web/Lang/en/messages.mo index 48cc6850d..773d5dadd 100644 Binary files a/gui/baculum/protected/Web/Lang/en/messages.mo and b/gui/baculum/protected/Web/Lang/en/messages.mo differ diff --git a/gui/baculum/protected/Web/Lang/en/messages.po b/gui/baculum/protected/Web/Lang/en/messages.po index 198e5ca1b..f107c6667 100644 --- a/gui/baculum/protected/Web/Lang/en/messages.po +++ b/gui/baculum/protected/Web/Lang/en/messages.po @@ -2983,3 +2983,12 @@ msgstr "24-hours format time 17:22:41" msgid "12-hours format time 5:22:41 PM" msgstr "12-hours format time 5:22:41 PM" + +msgid "Local user authentication method" +msgstr "Local user authentication method" + +msgid "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." +msgstr "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." + +msgid "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." +msgstr "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." diff --git a/gui/baculum/protected/Web/Lang/ja/messages.mo b/gui/baculum/protected/Web/Lang/ja/messages.mo index b0a264462..022e92237 100644 Binary files a/gui/baculum/protected/Web/Lang/ja/messages.mo and b/gui/baculum/protected/Web/Lang/ja/messages.mo differ diff --git a/gui/baculum/protected/Web/Lang/ja/messages.po b/gui/baculum/protected/Web/Lang/ja/messages.po index 8a3576888..3a1e57cb1 100644 --- a/gui/baculum/protected/Web/Lang/ja/messages.po +++ b/gui/baculum/protected/Web/Lang/ja/messages.po @@ -3069,3 +3069,12 @@ msgstr "24-hours format time 17:22:41" msgid "12-hours format time 5:22:41 PM" msgstr "12-hours format time 5:22:41 PM" + +msgid "Local user authentication method" +msgstr "Local user authentication method" + +msgid "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." +msgstr "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." + +msgid "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." +msgstr "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." diff --git a/gui/baculum/protected/Web/Lang/pl/messages.mo b/gui/baculum/protected/Web/Lang/pl/messages.mo index fba5b67f2..e53b8301f 100644 Binary files a/gui/baculum/protected/Web/Lang/pl/messages.mo and b/gui/baculum/protected/Web/Lang/pl/messages.mo differ diff --git a/gui/baculum/protected/Web/Lang/pl/messages.po b/gui/baculum/protected/Web/Lang/pl/messages.po index c342e7490..9b6fa8a40 100644 --- a/gui/baculum/protected/Web/Lang/pl/messages.po +++ b/gui/baculum/protected/Web/Lang/pl/messages.po @@ -2991,3 +2991,12 @@ msgstr "24-godzinny format czasu 17:22:41" msgid "12-hours format time 5:22:41 PM" msgstr "12-godzinny format czasu 5:22:41 PM" + +msgid "Local user authentication method" +msgstr "Metoda uwierzytelniania lokalnych użytkowników" + +msgid "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." +msgstr "Ten typ uwierzytelniania jest w pełni realizowany Baculum Web. Do uwierzytelniania używa formularza logowania Baculum Web. Uwierzytelnianie basic serwera WWW może być wyłączone w tej metodzie." + +msgid "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." +msgstr "Ten typ uwierzytelniania jest realizowany przez zewnętrzną usługę katalogową. Do uwierzytelniania używa formularza logowania Baculum Web. Uwierzytelnianie basic serwera WWW może być wyłączone w tej metodzie." diff --git a/gui/baculum/protected/Web/Lang/pt/messages.mo b/gui/baculum/protected/Web/Lang/pt/messages.mo index 1ef06b3b9..11adf6603 100644 Binary files a/gui/baculum/protected/Web/Lang/pt/messages.mo and b/gui/baculum/protected/Web/Lang/pt/messages.mo differ diff --git a/gui/baculum/protected/Web/Lang/pt/messages.po b/gui/baculum/protected/Web/Lang/pt/messages.po index b1b8bdb37..f04cde065 100644 --- a/gui/baculum/protected/Web/Lang/pt/messages.po +++ b/gui/baculum/protected/Web/Lang/pt/messages.po @@ -2991,3 +2991,12 @@ msgstr "24-hours format time 17:22:41" msgid "12-hours format time 5:22:41 PM" msgstr "12-hours format time 5:22:41 PM" + +msgid "Local user authentication method" +msgstr "Local user authentication method" + +msgid "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." +msgstr "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." + +msgid "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." +msgstr "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method." diff --git a/gui/baculum/protected/Web/Pages/LoginPage.page b/gui/baculum/protected/Web/Pages/LoginPage.page index e0298215b..ed1d8bf3d 100644 --- a/gui/baculum/protected/Web/Pages/LoginPage.page +++ b/gui/baculum/protected/Web/Pages/LoginPage.page @@ -25,8 +25,8 @@ OnClick="logout" > - if (!window.chrome || window.navigator.webdriver) { - window.location.href = main_side_bar_reload_url; + if (login_form_reload_url && (!window.chrome || window.navigator.webdriver)) { + window.location.href = login_form_reload_url; } else if (window.chrome) { // For chrome this reload is required to show login Basic auth prompt window.location.reload(); diff --git a/gui/baculum/protected/Web/Pages/LoginPage.php b/gui/baculum/protected/Web/Pages/LoginPage.php index 2515f291d..12ea78e06 100644 --- a/gui/baculum/protected/Web/Pages/LoginPage.php +++ b/gui/baculum/protected/Web/Pages/LoginPage.php @@ -72,8 +72,8 @@ class LoginPage extends BaculumWebPage { $this->LoginForm->Display = 'None'; $this->AuthorizationError->Display = 'Dynamic'; } - } else if ($web_config->isAuthMethodLdap() && !$authorized) { - // Ldap - user authenticated but not authorized + } else if (($web_config->isAuthMethodLdap() || $web_config->isAuthMethodLocal()) && !$authorized) { + // Ldap and Local - user authenticated but not authorized $this->LoginForm->Display = 'None'; $this->AuthorizationError->Display = 'Dynamic'; } diff --git a/gui/baculum/protected/Web/Pages/Security.page b/gui/baculum/protected/Web/Pages/Security.page index bdd68755e..5764db1df 100644 --- a/gui/baculum/protected/Web/Pages/Security.page +++ b/gui/baculum/protected/Web/Pages/Security.page @@ -69,6 +69,20 @@

<%[ Authentication method ]%>

+
+
+ +
+ +
+
<%[ LDAP authentication ]%>