diff options
| -rw-r--r-- | .htaccess | 1 | ||||
| -rw-r--r-- | mod/cloud.php | 107 | ||||
| -rw-r--r-- | version.inc | 2 |
3 files changed, 109 insertions, 1 deletions
@@ -12,6 +12,7 @@ Deny from all # Protect repository directory from browsing RewriteRule "(^|/)\.git" - [F] + # Rewrite current-style URLs of the form 'index.php?q=x'. # Also place auth information into REMOTE_USER for sites running # in CGI mode. diff --git a/mod/cloud.php b/mod/cloud.php new file mode 100644 index 000000000..7725d5a2f --- /dev/null +++ b/mod/cloud.php @@ -0,0 +1,107 @@ +<?php + + // This module is currently !!!HIGHLY EXPERIMENTAL!!! + // You should think twice before running this on a production server + // as security mechanisms are not yet implemented and those that + // are implemented probably don't work. + + // DAV mounts will probably fail if you don't use SSL, because some platforms refuse to send + // basic auth over non-encrypted connections. + // One could use digest auth - but then one has to calculate the A1 digest and store it for + // all acounts. We aren't doing that. We have a stored password already. We don't need another + // one. The login unfortunately is the channel nickname (webbie) as we have no way of passing + // the destination channel to DAV. You should be able to login with your account credentials + // and be directed to your default channel. + + // This interface does not yet support Red stored files. Consider any content in your "store" + // directory to be throw-away until advised otherwise. + + if(! get_config('system','enable_cloud')) + killme(); + + + use Sabre\DAV; + + require_once('vendor/autoload.php'); + + + // workaround for HTTP-auth in CGI mode + if(x($_SERVER,'REDIRECT_REMOTE_USER')) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + if(x($_SERVER,'HTTP_AUTHORIZATION')) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + + +class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { + + protected function validateUserPass($username, $password) { + require_once('include/auth.php'); + $record = account_verify_password($email,$pass); + if($record && $record['account_default_channel']) { + $r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1", + intval($record['account_id']), + intval($record['account_default_channel']) + ); + if($r) { + $this->currentUser = $r[0]['channel_address']; + return true; + } + } + $r = q("select channel_account_id from channel where channel_address = '%s' limit 1", + dbesc($username) + ); + if($r) { + $x = q("select * from account where account_id = %d limit 1", + intval($r[0]['channel_account_id']) + ); + if($x) { + foreach($x as $record) { + if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED) + && (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) { + logger('(DAV) RedBasicAuth: password verified for ' . $username); + return true; + } + } + } + } + logger('(DAV) RedBasicAuth: password failed for ' . $username); + return false; + } +} + + +function cloud_init() { + + + $rootDirectory = new DAV\FS\Directory('store'); + $server = new DAV\Server($rootDirectory); + $lockBackend = new DAV\Locks\Backend\File('store/data/locks'); + $lockPlugin = new DAV\Locks\Plugin($lockBackend); + + $server->addPlugin($lockPlugin); + + $auth = new RedBasicAuth(); + + $auth->Authenticate($server,'Red Matrix'); + + + // All we need to do now, is to fire up the server + $server->exec(); + + exit; + +}
\ No newline at end of file diff --git a/version.inc b/version.inc index 5f3b9d095..97a5c28f4 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-10-21.473 +2013-10-22.474 |