1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15:
16:
17: require_once("auth-functions.php");
18:
19: 20: 21:
22: class pwauthPamDriver
23: {
24: 25: 26:
27:
28:
29:
30:
31: 32: 33: 34: 35:
36: function __construct($config)
37: {
38: global $c;
39: if(!file_exists($config)) {
40: $c->messages[] = sprintf(i18n('drivers_pwauth_pam : Unable to find %s file'), $config);
41: $this->valid=false;
42: return ;
43: }
44: }
45: }
46:
47:
48: 49: 50:
51: function PWAUTH_PAM_check($username, $password) {
52: global $c;
53: $program = $c->authenticate_hook['config']['path'];
54: $email_base = $c->authenticate_hook['config']['email_base'];
55:
56: $pipe = popen(escapeshellarg($program), 'w');
57: $authinfo = sprintf("%s\n%s\n", $username, $password);
58: $written = fwrite($pipe, $authinfo);
59: dbg_error_log('PAM', 'Bytes written: %d of %d', $written, strlen($authinfo));
60: $return_status = pclose($pipe);
61:
62: switch($return_status) {
63: case 0:
64:
65: dbg_error_log('PAM', 'User %s successfully authenticated', $username);
66: $principal = new Principal('username',$username);
67: if ( !$principal->Exists() ) {
68: dbg_error_log('PAM', 'User %s does not exist in local db, creating', $username);
69: $pwent = posix_getpwnam($username);
70: $gecos = explode(',',$pwent['gecos']);
71: $fullname = $gecos[0];
72: $principal->Create( array(
73: 'username' => $username,
74: 'user_active' => 't',
75: 'email' => sprintf('%s@%s', $username, $email_base),
76: 'fullname' => $fullname
77: ));
78: if ( ! $principal->Exists() ) {
79: dbg_error_log( "PAM", "Unable to create local principal for '%s'", $username );
80: return false;
81: }
82: CreateHomeCollections($username, $c->default_timezone);
83: CreateDefaultRelationships($username);
84: }
85: return $principal;
86: break;
87:
88: 89: 90: 91: 92:
93: case 1:
94: case 2:
95:
96:
97: dbg_error_log('PAM', 'Invalid username or password (username: %s)', $username);
98: break;
99:
100: case 3:
101:
102: dbg_error_log('PAM', 'UID for username %s is < pwauth MIN_UNIX_UID', $username);
103: break;
104:
105: case 4:
106:
107: dbg_error_log('PAM', 'The account for %s has expired', $username);
108: break;
109:
110: case 5:
111:
112: dbg_error_log('PAM', 'The account password for user %s has expired', $username);
113: break;
114:
115: case 6:
116:
117: dbg_error_log('PAM', 'Logins administratively disabled (%s)', $username);
118: break;
119:
120: case 7:
121:
122: dbg_error_log('PAM', 'Login rejected for %s, too many failures', $username);
123: break;
124:
125: case 50:
126:
127: dbg_error_log('PAM', 'config error: see pwauth man page (%s)', 'STATUS_INT_USER');
128: break;
129:
130: case 51:
131:
132: dbg_error_log('PAM', 'error: pwauth received no username/password');
133: break;
134:
135: case 52:
136:
137: dbg_error_log('PAM', 'error: see pwauth man page (%s)', 'STATUS_INT_ERR');
138: break;
139:
140: case 53:
141:
142: dbg_error_log('PAM', 'config error: cannot read password database (%s)', 'STATUS_INT_NOROOT');
143: break;
144:
145: default:
146:
147: dbg_error_log('PAM', 'An unknown error (%d) has occurred', $return_status);
148: }
149:
150: return(FALSE);
151: }
152: