1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
<?php
require_once 'Horde/Auth/imap.php';
require_once 'Horde/History.php';
/**
* Kolab implementation of the Horde authentication system. Derives from the
* Auth_imap IMAP authentication object, and simply provides parameters to it
* based on the global Kolab configuration.
*
* $Horde: framework/Auth/Auth/kolab.php,v 1.1.10.8 2006/03/03 23:00:28 chuck Exp $
*
* Copyright 2004-2006 Stuart Binge <s.binge@codefusion.co.za>
*
* See the enclosed file COPYING for license information (LGPL). If you
* did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
*
* @author Stuart Binge <s.binge@codefusion.co.za>
* @since Horde 1.3
* @package Horde_Auth
*/
class Auth_kolab extends Auth_imap {
/**
* Constructs a new Kolab authentication object.
*
* @param array $params A hash containing connection parameters.
*/
function Auth_kolab($params = array())
{
$params['hostspec'] = $GLOBALS['conf']['kolab']['imap']['server'];
$params['port'] = $GLOBALS['conf']['kolab']['imap']['port'];
$params['protocol'] = 'imap/notls/novalidate-cert';
parent::Auth_imap($params);
}
/**
* Find out if a set of login credentials are valid.
*
* @access private
*
* @param string $userId The userId to check.
* @param array $credentials An array of login credentials. For Kolab,
* this must contain a password entry.
*
* @return boolean Whether or not the credentials are valid.
*/
function _authenticate($userId, $credentials)
{
global $conf;
$login_ok = parent::_authenticate($userId, $credentials);
if ($conf['auth']['params']['login_block'] != 1) {
// Return if feature is disabled.
return $login_ok;
}
$history = &Horde_History::singleton();
$history_identifier = "$userId@logins.kolab";
$history_log = $history->getHistory($history_identifier);
$history_list = array();
// Extract history list from log.
if ($history_log && !is_a($history_log, 'PEAR_Error')) {
$data = $history_log->getData();
if (!empty($data)) {
$entry = array_shift($data);
$history_list = $entry['history_list'];
}
}
// Calculate the time range.
$start_time = (time() - $conf['auth']['params']['login_block_time'] * 60);
$new_history_list = array();
$count = 0;
// Copy and count all relevant timestamps.
foreach ($history_list as $entry) {
$timestamp = $entry[ 'timestamp' ];
if ($timestamp > $start_time) {
$new_history_list[] = $entry;
$count++;
}
}
$max_count = $conf['auth']['params']['login_block_count'];
if ($count > $max_count || !$login_ok) {
// Add entry for current failed login.
$entry = array();
$entry[ 'timestamp' ] = time();
$new_history_list[] = $entry;
// Write back history.
$history->log($history_identifier, array('action' => 'add', 'who' => $userId,
'history_list' => $new_history_list), true);
if ($count > $max_count) {
$this->_setAuthError(AUTH_REASON_MESSAGE, _("Too many invalid logins during the last minutes."));
} else {
$this->_setAuthError(AUTH_REASON_BADLOGIN);
}
return false;
}
return $login_ok;
}
}
|
