source: contrib/davical/inc/drivers_squid_pam.php @ 3733

Revision 3733, 2.5 KB checked in by gabriel.malheiros, 13 years ago (diff)

Ticket #1541 - <Davical customizado para o Expresso.Utiliza Caldav e CardDav?>

Line 
1<?php
2/**
3* Manages PAM repository connection with SQUID help
4*
5* @package   davical
6* @category Technical
7* @subpackage   ldap
8* @author    Eric Seigne <eric.seigne@ryxeo.com>
9* @copyright Eric Seigne
10* @license   http://gnu.org/copyleft/gpl.html GNU GPL v2
11*/
12
13require_once("auth-functions.php");
14
15class squidPamDrivers
16{
17  /**#@+
18  * @access private
19  */
20
21  /**#@-*/
22
23
24  /**
25  * Constructor.
26  * @param string $config path where /usr/lib/squid/pam_auth is
27  */
28  function squidPamDrivers($config){
29      $this->__construct($config);
30  }
31
32
33  /**
34  * The constructor
35  *
36  * @param string $config path where /usr/lib/squid/pam_auth is
37  */
38  function __construct($config)
39  {
40      global $c;
41      if (! file_exists($config)){
42          $c->messages[] = sprintf(i18n( 'drivers_squid_pam : Unable to find %s file'), $config );
43          $this->valid=false;
44          return ;
45      }
46  }
47}
48
49
50/**
51* Check the username / password against the PAM system
52*/
53function SQUID_PAM_check($username, $password ){
54  global $c;
55
56  /**
57  * @todo Think of the children!  This is a horribly insecure use of unvalidated user input!  Probably it should be done with a popen or something, and it seems remarkably dodgy to expect that naively quoted strings will work in any way reliably.
58  * Meanwhile, I've quickly hacked something basic in place to improve the situation.  No quotes/backslashes in passwords for YOU!
59  */
60  $username = str_replace("'","",str_replace('"',"",str_replace('\\',"",$username)));
61  $password = str_replace("'","",str_replace('"',"",str_replace('\\',"",$password)));
62  $cmd = "echo '" . $username . "' '" . $password . "' | " . $c->authenticate_hook['config']['script'] . " -n common-auth";
63  $auth_result = exec($cmd);
64  if ( $auth_result == "OK") {
65    if ( $usr = getUserByName($username) ) {
66      return $usr;
67    }
68    else {
69      dbg_error_log( "PAM", "user %s doesn't exist in local DB, we need to create it",$username );
70      $fullname = exec('getent passwd "'.$username.'"' );
71      $fullname = preg_replace( '{^[^:]+:[^:]+:\d+:\d+:([^:,]+)(,?[^:]*):.*$}', '$1', $fullname );
72      $usr = (object) array(
73              'user_no' => 0,
74              'username' => $username,
75              'active' => 't',
76              'email' => $username . "@" . $c->authenticate_hook['config']['email_base'],
77              'updated' => date(),
78              'fullname' => $fullname
79      );
80
81      UpdateUserFromExternal( $usr );
82      return $usr;
83    }
84  }
85  else {
86    dbg_error_log( "PAM", "User %s is not a valid username (or password was wrong)", $username );
87    return false;
88  }
89
90}
Note: See TracBrowser for help on using the repository browser.