Overview

Packages

  • awl
    • caldav-client-v2
    • RRule
  • davical
    • authentication
      • drivers
    • caldav
    • DAViCalSession
    • DAVTicket
    • external-bind
    • feed
    • HTTPAuthSession
    • iSchedule
    • iSchedule-POST
    • logging
    • metrics
    • Principal
    • propfind
    • PublicSession
    • Request
    • Resource
    • tzservice
  • None
  • PHP

Classes

  • imapPamDriver
  • ldapDriver
  • pwauthPamDriver
  • rimapPamDriver
  • squidPamDriver

Functions

  • array_values_mapping
  • fix_unique_member
  • getStaticLdap
  • IMAP_PAM_check
  • LDAP_check
  • PWAUTH_PAM_check
  • RIMAP_check
  • SQUID_PAM_check
  • sync_LDAP
  • sync_LDAP_groups
  • sync_user_from_LDAP
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo
 1: <?php
 2: /**
 3: * Authentication against PAM with Squid
 4: *
 5: * @package   davical
 6: * @category  Technical
 7: * @subpackage authentication/drivers
 8: * @author    Eric Seigne <eric.seigne@ryxeo.com>,
 9: *            Andrew McMillan <andrew@mcmillan.net.nz>
10: * @copyright Eric Seigne
11: * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
12: */
13: 
14: require_once("auth-functions.php");
15: 
16: /**
17:  * Plugin to authenticate with the help of Squid
18:  */
19: class squidPamDriver
20: {
21:   /**#@+
22:   * @access private
23:   */
24: 
25:   /**#@-*/
26: 
27: 
28:   /**
29:   * The constructor
30:   *
31:   * @param string $config path where /usr/lib/squid/pam_auth is
32:   */
33:   function __construct($config) {
34:       global $c;
35:       if (! file_exists($config)){
36:           $c->messages[] = sprintf(i18n( 'drivers_squid_pam : Unable to find %s file'), $config );
37:           $this->valid=false;
38:           return ;
39:       }
40:   }
41: }
42: 
43: 
44: /**
45: * Check the username / password against PAM using the Squid helper script
46: */
47: function SQUID_PAM_check($username, $password ){
48:   global $c;
49: 
50:   $script = $c->authenticate_hook['config']['script'];
51:   if ( empty($script) ) $script = $c->authenticate_hook['config']['path'];
52:   $cmd = sprintf( 'echo %s %s | %s -n common-auth', escapeshellarg($username), escapeshellarg($password),
53:                                  $script);
54:   $auth_result = exec($cmd);
55:   if ( $auth_result == "OK") {
56:     dbg_error_log('PAM', 'User %s successfully authenticated', $username);
57:     $principal = new Principal('username',$username);
58:     if ( !$principal->Exists() ) {
59:       dbg_error_log('PAM', 'User %s does not exist in local db, creating', $username);
60:       $pwent = posix_getpwnam($username);
61:       $gecos = explode(',',$pwent['gecos']);
62:       $fullname = $gecos[0];
63:       $principal->Create( array(
64:                             'username' => $username,
65:                             'user_active' => 't',
66:                             'email' => sprintf('%s@%s', $username, $email_base),
67:                             'fullname' => $fullname
68:                         ));
69:       if ( ! $principal->Exists() ) {
70:         dbg_error_log( "PAM", "Unable to create local principal for '%s'", $username );
71:         return false;
72:       }
73:       CreateHomeCollections($username, $c->default_timezone);
74:       CreateDefaultRelationships($username);
75:     }
76:     return $principal;
77:   }
78:   else {
79:     dbg_error_log( "PAM", "User %s is not a valid username (or password was wrong)", $username );
80:     return false;
81:   }
82: 
83: }
84: 
DAViCal API documentation generated by ApiGen 2.8.0