DAViCal
 All Classes Namespaces Functions Variables Pages
drivers_pwauth_pam.php
1 <?php
17 require_once("auth-functions.php");
18 
23 {
36  function __construct($config)
37  {
38  global $c;
39  if(!file_exists($config)) {
40  $c->messages[] = sprintf(i18n('drivers_pwauth_pam : Unable to find %s file'), $config);
41  $this->valid=false;
42  return ;
43  }
44  }
45 }
46 
47 
51 function PWAUTH_PAM_check($username, $password) {
52  global $c;
53  $program = $c->authenticate_hook['config']['path'];
54  $email_base = $c->authenticate_hook['config']['email_base'];
55 
56  $pipe = popen(escapeshellarg($program), 'w');
57  $authinfo = sprintf("%s\n%s\n", $username, $password);
58  $written = fwrite($pipe, $authinfo);
59  dbg_error_log('PAM', 'Bytes written: %d of %d', $written, strlen($authinfo));
60  $return_status = pclose($pipe);
61 
62  switch($return_status) {
63  case 0:
64  // STATUS_OK: Authentication succeeded.
65  dbg_error_log('PAM', 'User %s successfully authenticated', $username);
66  $principal = new Principal('username',$username);
67  if ( !$principal->Exists() ) {
68  dbg_error_log('PAM', 'User %s does not exist in local db, creating', $username);
69  $pwent = posix_getpwnam($username);
70  $gecos = explode(',',$pwent['gecos']);
71  $fullname = $gecos[0];
72  $principal->Create( array(
73  'username' => $username,
74  'user_active' => 't',
75  'email' => sprintf('%s@%s', $username, $email_base),
76  'fullname' => $fullname
77  ));
78  if ( ! $principal->Exists() ) {
79  dbg_error_log( "PAM", "Unable to create local principal for '%s'", $username );
80  return false;
81  }
82  CreateHomeCollections($username);
83  CreateDefaultRelationships($username);
84  }
85  return $principal;
86  break;
87 
88  /*
89  * Note that for system configurations using PAM instead of
90  * reading the password database directly, if PAM is unable to
91  * read the password database, pwauth will return status 1.
92  */
93  case 1:
94  case 2:
95  // (1) STATUS_UNKNOWN: Invalid username or password.
96  // (2) STATUS_INVALID: Invalid password.
97  dbg_error_log('PAM', 'Invalid username or password (username: %s)', $username);
98  break;
99 
100  case 3:
101  // STATUS_BLOCKED: UID for username is < pwauth's MIN_UNIX_UID
102  dbg_error_log('PAM', 'UID for username %s is < pwauth MIN_UNIX_UID', $username);
103  break;
104 
105  case 4:
106  // STATUS_EXPIRED: The user account has expired.
107  dbg_error_log('PAM', 'The account for %s has expired', $username);
108  break;
109 
110  case 5:
111  // STATUS_PW_EXPIRED: The user account's password has expired.
112  dbg_error_log('PAM', 'The account password for user %s has expired', $username);
113  break;
114 
115  case 6:
116  // STATUS_NOLOGIN: Logins to the system are administratively disabled.
117  dbg_error_log('PAM', 'Logins administratively disabled (%s)', $username);
118  break;
119 
120  case 7:
121  // STATUS_MANYFAILS: Too many login failures for user account.
122  dbg_error_log('PAM', 'Login rejected for %s, too many failures', $username);
123  break;
124 
125  case 50:
126  // STATUS_INT_USER: Configuration error, Web server cannot use pwauth
127  dbg_error_log('PAM', 'config error: see pwauth man page (%s)', 'STATUS_INT_USER');
128  break;
129 
130  case 51:
131  // STATUS_INT_ARGS: pwauth received no username/passwd to check
132  dbg_error_log('PAM', 'error: pwauth received no username/password');
133  break;
134 
135  case 52:
136  // STATUS_INT_ERR: unknown error
137  dbg_error_log('PAM', 'error: see pwauth man page (%s)', 'STATUS_INT_ERR');
138  break;
139 
140  case 53:
141  // STATUS_INT_NOROOT: pwauth could not read the password database
142  dbg_error_log('PAM', 'config error: cannot read password database (%s)', 'STATUS_INT_NOROOT');
143  break;
144 
145  default:
146  // Unknown error code.
147  dbg_error_log('PAM', 'An unknown error (%d) has occurred', $return_status);
148  }
149 
150  return(FALSE);
151 }