1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152:
<?php
require_once("auth-functions.php");
class pwauthPamDriver
{
function __construct($config)
{
global $c;
if(!file_exists($config)) {
$c->messages[] = sprintf(i18n('drivers_pwauth_pam : Unable to find %s file'), $config);
$this->valid=false;
return ;
}
}
}
function PWAUTH_PAM_check($username, $password) {
global $c;
$program = $c->authenticate_hook['config']['path'];
$email_base = $c->authenticate_hook['config']['email_base'];
$pipe = popen(escapeshellarg($program), 'w');
$authinfo = sprintf("%s\n%s\n", $username, $password);
$written = fwrite($pipe, $authinfo);
dbg_error_log('PAM', 'Bytes written: %d of %d', $written, strlen($authinfo));
$return_status = pclose($pipe);
switch($return_status) {
case 0:
dbg_error_log('PAM', 'User %s successfully authenticated', $username);
$principal = new Principal('username',$username);
if ( !$principal->Exists() ) {
dbg_error_log('PAM', 'User %s does not exist in local db, creating', $username);
$pwent = posix_getpwnam($username);
$gecos = explode(',',$pwent['gecos']);
$fullname = $gecos[0];
$principal->Create( array(
'username' => $username,
'user_active' => 't',
'email' => sprintf('%s@%s', $username, $email_base),
'fullname' => $fullname
));
if ( ! $principal->Exists() ) {
dbg_error_log( "PAM", "Unable to create local principal for '%s'", $username );
return false;
}
CreateHomeCollections($username, $c->default_timezone);
CreateDefaultRelationships($username);
}
return $principal;
break;
case 1:
case 2:
dbg_error_log('PAM', 'Invalid username or password (username: %s)', $username);
break;
case 3:
dbg_error_log('PAM', 'UID for username %s is < pwauth MIN_UNIX_UID', $username);
break;
case 4:
dbg_error_log('PAM', 'The account for %s has expired', $username);
break;
case 5:
dbg_error_log('PAM', 'The account password for user %s has expired', $username);
break;
case 6:
dbg_error_log('PAM', 'Logins administratively disabled (%s)', $username);
break;
case 7:
dbg_error_log('PAM', 'Login rejected for %s, too many failures', $username);
break;
case 50:
dbg_error_log('PAM', 'config error: see pwauth man page (%s)', 'STATUS_INT_USER');
break;
case 51:
dbg_error_log('PAM', 'error: pwauth received no username/password');
break;
case 52:
dbg_error_log('PAM', 'error: see pwauth man page (%s)', 'STATUS_INT_ERR');
break;
case 53:
dbg_error_log('PAM', 'config error: cannot read password database (%s)', 'STATUS_INT_NOROOT');
break;
default:
dbg_error_log('PAM', 'An unknown error (%d) has occurred', $return_status);
}
return(FALSE);
}