Overview

Packages

  • awl
    • caldav-client-v2
    • RRule
  • davical
    • authentication
      • drivers
    • caldav
    • DAViCalSession
    • DAVTicket
    • external-bind
    • feed
    • HTTPAuthSession
    • iSchedule
    • iSchedule-POST
    • logging
    • metrics
    • Principal
    • propfind
    • PublicSession
    • Request
    • Resource
    • tzservice
  • None
  • PHP

Classes

  • imapPamDriver
  • ldapDriver
  • pwauthPamDriver
  • rimapPamDriver
  • squidPamDriver

Functions

  • array_values_mapping
  • fix_unique_member
  • getStaticLdap
  • IMAP_PAM_check
  • LDAP_check
  • PWAUTH_PAM_check
  • RIMAP_check
  • SQUID_PAM_check
  • sync_LDAP
  • sync_LDAP_groups
  • sync_user_from_LDAP
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo
  1: <?php
  2: /**
  3: * Authentication against IMAP using the imap_open function
  4: *
  5: * @package   davical
  6: * @category  Technical
  7: * @subpackage authentication/drivers
  8: * @author    Oliver Schulze <oliver@samera.com.py>,
  9: *            Andrew McMillan <andrew@mcmillan.net.nz>
 10: * @copyright Based on Eric Seigne script drivers_squid_pam.php
 11: * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
 12: */
 13: 
 14: // The PHP interpreter will die quietly unless satisfied. This provides user feedback instead.
 15: if (!function_exists('imap_open')) {
 16:   die("drivers_imap_pam: php-imap required.");
 17: }
 18: 
 19: require_once("auth-functions.php");
 20: 
 21: /**
 22:  * Plugin to authenticate against IMAP
 23:  */
 24: class imapPamDriver
 25: {
 26:   /**#@+
 27:   * @access private
 28:   */
 29: 
 30:   /**#@-*/
 31: 
 32: 
 33:   /**
 34:   * The constructor
 35:   *
 36:   * @param string $imap_url formated for imap_open()
 37:   */
 38:   function __construct($imap_url)
 39:   {
 40:       global $c;
 41:       if (empty($imap_url)){
 42:           $c->messages[] = sprintf(i18n('drivers_imap_pam : imap_url parameter not configured in /etc/davical/*-conf.php'));
 43:           $this->valid=false;
 44:           return ;
 45:       }
 46:   }
 47: }
 48: 
 49: 
 50: /**
 51: * Check the username / password against the IMAP server, provision from GECOS
 52: */
 53: function IMAP_PAM_check($username, $password ){
 54:   global $c;
 55: 
 56:   $imap_username = $username;
 57:   if ( function_exists('mb_convert_encoding') ) {
 58:     $imap_username = mb_convert_encoding($imap_username, "UTF7-IMAP",mb_detect_encoding($imap_username));
 59:   }
 60:   else {
 61:     $imap_username = imap_utf7_encode($imap_username);
 62:   }
 63: 
 64:   //$imap_url = '{localhost:143/imap/notls}';
 65:   //$imap_url = '{localhost:993/imap/ssl/novalidate-cert}';
 66:   $imap_url = $c->authenticate_hook['config']['imap_url'];
 67:   $auth_result = "ERR";
 68: 
 69:   $imap_stream = @imap_open($imap_url, $imap_username, $password, OP_HALFOPEN);
 70:   //print_r(imap_errors());
 71:   if ( $imap_stream ) {
 72:     // disconnect
 73:     imap_close($imap_stream);
 74:     // login ok
 75:     $auth_result = "OK";
 76:   }
 77: 
 78:   if ( $auth_result == "OK") {
 79:     $principal = new Principal('username',$username);
 80:     if ( ! $principal->Exists() ) {
 81:       dbg_error_log( "PAM", "Principal '%s' doesn't exist in local DB, we need to create it",$username );
 82:       $cmd = "getent passwd '$username'";
 83:       $getent_res = exec($cmd);
 84:       $getent_arr = explode(":", $getent_res);
 85:       $fullname = $getent_arr[4];
 86:       if(empty($fullname)) {
 87:         $fullname = $username;
 88:       }
 89: 
 90:       // ensure email domain is not doubled in email field
 91:       @list($tmp_user, $tmp_domain) = explode('@', $username);
 92:       if( empty($tmp_domain) ) {
 93:         $email_address = $username . "@" . $c->authenticate_hook['config']['email_base'];
 94:       }
 95:       else {
 96:         $email_address = $username;
 97:       }
 98: 
 99:       $principal->Create( array(
100:                       'username' => $username,
101:                       'user_active' => true,
102:                       'email' => $email_address,
103:                       'modified' => date('c'),
104:                       'fullname' => $fullname
105:               ));
106:       if ( ! $principal->Exists() ) {
107:         dbg_error_log( "PAM", "Unable to create local principal for '%s'", $username );
108:         return false;
109:       }
110:       CreateHomeCollections($username, $c->default_timezone);
111:       CreateDefaultRelationships($username);
112:     }
113:     return $principal;
114:   }
115:   else {
116:     dbg_error_log( "PAM", "User %s is not a valid username (or password was wrong)", $username );
117:     return false;
118:   }
119: 
120: }
121: 
DAViCal API documentation generated by ApiGen 2.8.0