Overview

Packages

  • awl
    • caldav-client-v2
    • RRule
  • davical
    • authentication
      • drivers
    • caldav
    • DAViCalSession
    • DAVTicket
    • external-bind
    • feed
    • HTTPAuthSession
    • iSchedule
    • iSchedule-POST
    • logging
    • metrics
    • Principal
    • propfind
    • PublicSession
    • Request
    • Resource
    • tzservice
  • None
  • PHP

Classes

  • imapPamDriver
  • ldapDriver
  • pwauthPamDriver
  • rimapPamDriver
  • squidPamDriver

Functions

  • array_values_mapping
  • fix_unique_member
  • getStaticLdap
  • IMAP_PAM_check
  • LDAP_check
  • PWAUTH_PAM_check
  • RIMAP_check
  • SQUID_PAM_check
  • sync_LDAP
  • sync_LDAP_groups
  • sync_user_from_LDAP
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo
  1: <?php
  2: /**
  3:  * Authentication against PAM with pwauth
  4:  *
  5:  * @package   davical
  6:  * @category  Technical
  7:  * @subpackage authentication/drivers
  8:  * @author    Eric Seigne <eric.seigne@ryxeo.com>,
  9:  *            Michael B. Trausch <mike@trausch.us>,
 10:  *            Andrew McMillan <andrew@mcmillan.net.nz>
 11:  * @copyright Eric Seigne
 12:  * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
 13:  *
 14:  * Based on drivers_squid_pam.php
 15:  */
 16: 
 17: require_once("auth-functions.php");
 18: 
 19: /**
 20:  * Plugin to authenticate against PAM with pwauth
 21:  */
 22: class pwauthPamDriver
 23: {
 24:   /**#@+
 25:    * @access private
 26:    */
 27: 
 28:   /**#@-*/
 29: 
 30: 
 31:   /**
 32:    * The constructor
 33:    *
 34:    * @param string $config path where pwauth is
 35:    */
 36:   function __construct($config)
 37:   {
 38:     global $c;
 39:     if(!file_exists($config)) {
 40:       $c->messages[] = sprintf(i18n('drivers_pwauth_pam : Unable to find %s file'), $config);
 41:       $this->valid=false;
 42:       return ;
 43:     }
 44:   }
 45: }
 46: 
 47: 
 48: /**
 49:  * Check the username / password against the PAM system
 50:  */
 51: function PWAUTH_PAM_check($username, $password) {
 52:   global $c;
 53:   $program = $c->authenticate_hook['config']['path'];
 54:   $email_base = $c->authenticate_hook['config']['email_base'];
 55: 
 56:   $pipe = popen(escapeshellarg($program), 'w');
 57:   $authinfo = sprintf("%s\n%s\n", $username, $password);
 58:   $written = fwrite($pipe, $authinfo);
 59:   dbg_error_log('PAM', 'Bytes written: %d of %d', $written, strlen($authinfo));
 60:   $return_status = pclose($pipe);
 61: 
 62:   switch($return_status) {
 63:     case 0:
 64:       // STATUS_OK: Authentication succeeded.
 65:       dbg_error_log('PAM', 'User %s successfully authenticated', $username);
 66:       $principal = new Principal('username',$username);
 67:       if ( !$principal->Exists() ) {
 68:         dbg_error_log('PAM', 'User %s does not exist in local db, creating', $username);
 69:         $pwent = posix_getpwnam($username);
 70:         $gecos = explode(',',$pwent['gecos']);
 71:         $fullname = $gecos[0];
 72:         $principal->Create( array(
 73:                               'username' => $username,
 74:                               'user_active' => 't',
 75:                               'email' => sprintf('%s@%s', $username, $email_base),
 76:                               'fullname' => $fullname
 77:                           ));
 78:         if ( ! $principal->Exists() ) {
 79:           dbg_error_log( "PAM", "Unable to create local principal for '%s'", $username );
 80:           return false;
 81:         }
 82:         CreateHomeCollections($username, $c->default_timezone);
 83:     CreateDefaultRelationships($username);
 84:       }
 85:       return $principal;
 86:       break;
 87: 
 88:     /*
 89:      * Note that for system configurations using PAM instead of
 90:      * reading the password database directly, if PAM is unable to
 91:      * read the password database, pwauth will return status 1.
 92:      */
 93:     case 1:
 94:     case 2:
 95:       // (1) STATUS_UNKNOWN: Invalid username or password.
 96:       // (2) STATUS_INVALID: Invalid password.
 97:       dbg_error_log('PAM', 'Invalid username or password (username: %s)', $username);
 98:       break;
 99: 
100:     case 3:
101:       // STATUS_BLOCKED: UID for username is < pwauth's MIN_UNIX_UID
102:       dbg_error_log('PAM', 'UID for username %s is < pwauth MIN_UNIX_UID', $username);
103:       break;
104: 
105:     case 4:
106:       // STATUS_EXPIRED: The user account has expired.
107:       dbg_error_log('PAM', 'The account for %s has expired', $username);
108:       break;
109: 
110:     case 5:
111:       // STATUS_PW_EXPIRED: The user account's password has expired.
112:       dbg_error_log('PAM', 'The account password for user %s has expired', $username);
113:       break;
114: 
115:     case 6:
116:       // STATUS_NOLOGIN: Logins to the system are administratively disabled.
117:       dbg_error_log('PAM', 'Logins administratively disabled (%s)', $username);
118:       break;
119: 
120:     case 7:
121:       // STATUS_MANYFAILS: Too many login failures for user account.
122:       dbg_error_log('PAM', 'Login rejected for %s, too many failures', $username);
123:       break;
124: 
125:     case 50:
126:       // STATUS_INT_USER: Configuration error, Web server cannot use pwauth
127:       dbg_error_log('PAM', 'config error: see pwauth man page (%s)', 'STATUS_INT_USER');
128:       break;
129: 
130:     case 51:
131:       // STATUS_INT_ARGS: pwauth received no username/passwd to check
132:       dbg_error_log('PAM', 'error: pwauth received no username/password');
133:       break;
134: 
135:     case 52:
136:       // STATUS_INT_ERR: unknown error
137:       dbg_error_log('PAM', 'error: see pwauth man page (%s)', 'STATUS_INT_ERR');
138:       break;
139: 
140:     case 53:
141:       // STATUS_INT_NOROOT: pwauth could not read the password database
142:       dbg_error_log('PAM', 'config error: cannot read password database (%s)', 'STATUS_INT_NOROOT');
143:       break;
144: 
145:     default:
146:       // Unknown error code.
147:       dbg_error_log('PAM', 'An unknown error (%d) has occurred', $return_status);
148:   }
149: 
150:   return(FALSE);
151: }
152: 
DAViCal API documentation generated by ApiGen 2.8.0