File: pam.php

package info (click to toggle)
horde3 3.1.3-4etch7
  • links: PTS
  • area: main
  • in suites: etch
  • size: 22,876 kB
  • ctags: 18,071
  • sloc: php: 75,151; xml: 2,979; sql: 1,069; makefile: 79; sh: 64
file content (89 lines) | stat: -rw-r--r-- 2,771 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
<?php
/**
 * The Auth_pam:: class provides a PAM-based implementation of the Horde
 * authentication system.
 *
 * PAM (Pluggable Authentication Modules) is a flexible mechanism for
 * authenticating users.  It has become the standard authentication system for
 * Linux, Solaris and FreeBSD.
 *
 * This implementation requires Chad Cunningham's pam_auth extension:
 *
 *      http://www.math.ohio-state.edu/~ccunning/pam_auth/
 *
 * Optional parameters:<pre>
 *   'service'  The name of the PAM service to use when authenticating.
 *              DEFAULT: php</pre>
 *
 *
 * $Horde: framework/Auth/Auth/pam.php,v 1.3.10.11 2006/01/01 21:28:07 jan Exp $
 *
 * Copyright 2004-2006 Jon Parise <jon@horde.org>
 *
 * See the enclosed file COPYING for license information (LGPL). If you
 * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
 *
 * @author  Jan Parise <jon@horde.org>
 * @since   Horde 3.0
 * @package Horde_Auth
 */
class Auth_pam extends Auth {

    /**
     * An array of capabilities, so that the driver can report which
     * operations it supports and which it doesn't.
     *
     * @var array
     */
    var $capabilities = array('add'           => false,
                              'update'        => false,
                              'resetpassword' => false,
                              'remove'        => false,
                              'list'          => false,
                              'transparent'   => false);

    /**
     * Constructs a new PAM authentication object.
     *
     * @param array $params  A hash containing connection parameters.
     */
    function Auth_pam($params = array())
    {
        $this->_params = $params;
        if (!empty($params['service'])) {
            ini_set('pam_auth.servicename', $params['service']);
        }

        if (!extension_loaded('pam_auth')) {
            dl('pam_auth.so');
        }
    }

    /**
     * Find out if a set of login credentials are valid.
     *
     * @access private
     *
     * @param string $userId      The userId to check.
     * @param array $credentials  An array of login credentials.
     *
     * @return boolean  Whether or not the credentials are valid.
     */
    function _authenticate($userId, $credentials)
    {
        if (empty($credentials['password'])) {
            Horde::fatal(_("No password provided for Login authentication."), __FILE__, __LINE__);
        }

        if (!extension_loaded('pam_auth')) {
            Horde::fatal(_("PAM authentication is not available."), __FILE__, __LINE__);
        }

        if (!pam_auth($userId, $credentials['password'], &$error)) {
            $this->_setAuthError(AUTH_REASON_MESSAGE, $error);
            return false;
        }

        return true;
    }
}