|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* eGroupWare API - Auth from PAM |
|
4
|
|
|
* |
|
5
|
|
|
* @link http://www.egroupware.org |
|
6
|
|
|
* @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License |
|
7
|
|
|
* @package api |
|
8
|
|
|
* @subpackage authentication |
|
9
|
|
|
* @version $Id$ |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace EGroupware\Api\Auth; |
|
13
|
|
|
|
|
14
|
|
|
use EGroupware\Api; |
|
15
|
|
|
|
|
16
|
|
|
/** |
|
17
|
|
|
* Auth from PAM |
|
18
|
|
|
* |
|
19
|
|
|
* Requires PHP PAM extension: pecl install pam |
|
20
|
|
|
* |
|
21
|
|
|
* To read full name from password file PHP's posix extension is needed (sometimes in package php_process) |
|
22
|
|
|
*/ |
|
23
|
|
|
class Pam implements Backend |
|
24
|
|
|
{ |
|
25
|
|
|
/** |
|
26
|
|
|
* password authentication |
|
27
|
|
|
* |
|
28
|
|
|
* @param string $username username of account to authenticate |
|
29
|
|
|
* @param string $passwd corresponding password |
|
30
|
|
|
* @param string $passwd_type ='text' 'text' for cleartext passwords (default) |
|
31
|
|
|
* @return boolean true if successful authenticated, false otherwise |
|
32
|
|
|
*/ |
|
33
|
|
|
function authenticate($username, $passwd, $passwd_type='text') |
|
34
|
|
|
{ |
|
35
|
|
|
unset($passwd_type); // not used but required by interface |
|
36
|
|
|
|
|
37
|
|
|
if (pam_auth($username, get_magic_quotes_gpc() ? stripslashes($passwd) : $passwd)) |
|
|
|
|
|
|
38
|
|
|
{ |
|
39
|
|
|
// for new accounts read full name from password file and pass it to EGroupware |
|
40
|
|
|
if (!$GLOBALS['egw']->accounts->name2id($username) && |
|
41
|
|
|
function_exists('posix_getpwnam') && ($data = posix_getpwnam($username))) |
|
42
|
|
|
{ |
|
43
|
|
|
list($fullname) = explode(',',$data['gecos']); |
|
44
|
|
|
$parts = explode(' ',$fullname); |
|
45
|
|
|
if (count($parts) > 1) |
|
46
|
|
|
{ |
|
47
|
|
|
$lastname = array_pop($parts); |
|
48
|
|
|
$firstname = implode(' ',$parts); |
|
49
|
|
|
$email = Api\Accounts::email($firstname, $lastname, $username); |
|
50
|
|
|
|
|
51
|
|
|
$GLOBALS['auto_create_acct'] = array( |
|
52
|
|
|
'firstname' => $firstname, |
|
53
|
|
|
'lastname' => $lastname, |
|
54
|
|
|
'email' => $email, |
|
55
|
|
|
'account_id' => $data['uid'], |
|
56
|
|
|
); |
|
57
|
|
|
} |
|
58
|
|
|
} |
|
59
|
|
|
return True; |
|
60
|
|
|
} |
|
61
|
|
|
return False; |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
/** |
|
65
|
|
|
* changes password |
|
66
|
|
|
* |
|
67
|
|
|
* @param string $old_passwd must be cleartext or empty to not to be checked |
|
68
|
|
|
* @param string $new_passwd must be cleartext |
|
69
|
|
|
* @param int $account_id =0 account id of user whose passwd should be changed |
|
70
|
|
|
* @return boolean true if password successful changed, false otherwise |
|
71
|
|
|
*/ |
|
72
|
|
|
function change_password($old_passwd, $new_passwd, $account_id=0) |
|
73
|
|
|
{ |
|
74
|
|
|
unset($old_passwd, $new_passwd, $account_id); // not used but required by interface |
|
75
|
|
|
|
|
76
|
|
|
// deny password changes. |
|
77
|
|
|
return False; |
|
78
|
|
|
} |
|
79
|
|
|
} |
|
80
|
|
|
|
EGroupware /
egroupware
Loading history...