source: contrib/davical/inc/drivers_pwauth_pam.php @ 3733

Revision 3733, 4.3 KB checked in by gabriel.malheiros, 13 years ago (diff)

Ticket #1541 - <Davical customizado para o Expresso.Utiliza Caldav e CardDav?>
Line 
1<?php
2/**
3 * Manages PAM repository connection with pwauth
4 *
5 * @package   davical
6 * @category Technical
7 * @subpackage   pwauth
8 * @author    Eric Seigne <eric.seigne@ryxeo.com>,
9 *   Michael B. Trausch <mike@trausch.us>
10 * @copyright Eric Seigne
11 * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2
12 *
13 * Based on drivers_squid_pam.php
14 */
15
16require_once("auth-functions.php");
17
18class pwauthPamDrivers
19{
20  /**#@+
21   * @access private
22   */
23
24  /**#@-*/
25
26
27  /**
28   * Constructor.
29   * @param string $config path where pwauth is
30   */
31  function pwauthPamDrivers($config){
32    $this->__construct($config);
33  }
34
35
36  /**
37   * The constructor
38   *
39   * @param string $config path where pwauth is
40   */
41  function __construct($config)
42  {
43    global $c;
44    if(!file_exists($config)) {
45      $c->messages[] =
46        sprintf(i18n('drivers_pwauth_pam : Unable to find %s file'), $config);
47      $this->valid=false;
48      return ;
49    }
50  }
51}
52
53
54/**
55 * Check the username / password against the PAM system
56 */
57function PWAUTH_PAM_check($username, $password) {
58  global $c;
59  $program = $c->authenticate_hook['config']['path'];
60  $email_base = $c->authenticate_hook['config']['email_base'];
61
62  $pipe = popen(escapeshellarg($program), 'w');
63  $authinfo = sprintf("%s\n%s\n", $username, $password);
64  $written = fwrite($pipe, $authinfo);
65  dbg_error_log('pwauth', 'Bytes written: %d of %d', $written,
66                strlen($authinfo));
67  $return_status = pclose($pipe);
68
69  switch($return_status) {
70  case 0:
71    // STATUS_OK: Authentication succeeded.
72    dbg_error_log('pwauth', 'User %s successfully authenticated', $username);
73    if($user = getUserByName($username)) {
74      return($user);
75    } else {
76      dbg_error_log('pwauth', 'User %s does not exist in local db, creating',
77                    $username);
78      $fullname = exec(sprintf('getent passwd %s', escapeshellarg($username)));
79      $fullname = preg_replace('{^[^:]+:[^:]+:\d+:\d+:([^:,]+)(,[^:]*):.*$}',
80                               '$1', $fullname);
81      $user = (object) array('user_no' => 0,
82                             'username' => $username,
83                             'active' => 't',
84                             'email' => sprintf('%s@%s', $username,
85                                                $email_base),
86                             'updated' => date('%r'),
87                             'fullname' => $fullname);
88
89      UpdateUserFromExternal($user);
90      return($user);
91    }
92    break;
93
94    /*
95     * Note that for system configurations using PAM instead of
96     * reading the password database directly, if PAM is unable to
97     * read the password database, pwauth will return status 1.
98     */
99  case 1:
100  case 2:
101    // (1) STATUS_UNKNOWN: Invalid username or password.
102    // (2) STATUS_INVALID: Invalid password.
103    dbg_error_log('pwauth', 'Invalid username or password (username: %s)',
104                  $username);
105    break;
106
107  case 3:
108    // STATUS_BLOCKED: UID for username is < pwauth's MIN_UNIX_UID
109    dbg_error_log('pwauth', 'UID for username %s is < pwauth MIN_UNIX_UID',
110                  $username);
111    break;
112
113  case 4:
114    // STATUS_EXPIRED: The user account has expired.
115    dbg_error_log('pwauth', 'The account for %s has expired', $username);
116    break;
117
118  case 5:
119    // STATUS_PW_EXPIRED: The user account's password has expired.
120    dbg_error_log('pwauth', 'The account password for user %s has expired',
121                  $username);
122    break;
123
124  case 6:
125    // STATUS_NOLOGIN: Logins to the system are administratively disabled.
126    dbg_error_log('pwauth', 'Logins administratively disabled (%s)', $username);
127    break;
128
129  case 7:
130    // STATUS_MANYFAILS: Too many login failures for user account.
131    dbg_error_log('pwauth', 'Login rejected for %s, too many failures',
132                  $username);
133    break;
134
135  case 50:
136    // STATUS_INT_USER: Configuration error, Web server cannot use pwauth
137    dbg_error_log('pwauth', 'config error: see pwauth man page (%s)',
138                  'STATUS_INT_USER');
139    break;
140
141  case 51:
142    // STATUS_INT_ARGS: pwauth received no username/passwd to check
143    dbg_error_log('pwauth', 'error: pwauth received no username/password');
144    break;
145
146  case 52:
147    // STATUS_INT_ERR: unknown error
148    dbg_error_log('pwauth', 'error: see pwauth man page (%s)',
149                  'STATUS_INT_ERR');
150    break;
151
152  case 53:
153    // STATUS_INT_NOROOT: pwauth could not read the password database
154    dbg_error_log('pwauth', 'config error: cannot read password database (%s)',
155                  'STATUS_INT_NOROOT');
156
157  default:
158    // Unknown error code.
159    dbg_error_log('pwauth', 'An unknown error (%d) has occurred',
160                  $return_status);
161  }
162
163  return(FALSE);
164}
Note: See TracBrowser for help on using the repository browser.