2005-03-25 10:59:48 +01:00
|
|
|
<?php
|
2010-01-28 05:22:37 +01:00
|
|
|
/**
|
|
|
|
* eGroupWare API - Auth from PAM
|
|
|
|
*
|
|
|
|
* @link http://www.egroupware.org
|
|
|
|
* @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License
|
|
|
|
* @package api
|
|
|
|
* @subpackage authentication
|
|
|
|
* @version $Id$
|
|
|
|
*/
|
2005-03-25 10:59:48 +01:00
|
|
|
|
2016-03-06 21:47:10 +01:00
|
|
|
namespace EGroupware\Api\Auth;
|
|
|
|
|
2016-04-02 11:16:53 +02:00
|
|
|
use EGroupware\Api;
|
|
|
|
|
2010-01-28 05:22:37 +01:00
|
|
|
/**
|
|
|
|
* Auth from PAM
|
2011-03-18 14:36:19 +01:00
|
|
|
*
|
|
|
|
* Requires PHP PAM extension: pecl install pam
|
|
|
|
*
|
|
|
|
* To read full name from password file PHP's posix extension is needed (sometimes in package php_process)
|
2010-01-28 05:22:37 +01:00
|
|
|
*/
|
2016-03-06 21:47:10 +01:00
|
|
|
class Pam implements Backend
|
2010-01-28 05:22:37 +01:00
|
|
|
{
|
|
|
|
/**
|
|
|
|
* password authentication
|
|
|
|
*
|
|
|
|
* @param string $username username of account to authenticate
|
|
|
|
* @param string $passwd corresponding password
|
2016-03-06 21:47:10 +01:00
|
|
|
* @param string $passwd_type ='text' 'text' for cleartext passwords (default)
|
2010-01-28 05:22:37 +01:00
|
|
|
* @return boolean true if successful authenticated, false otherwise
|
|
|
|
*/
|
|
|
|
function authenticate($username, $passwd, $passwd_type='text')
|
2005-03-25 10:59:48 +01:00
|
|
|
{
|
2016-03-06 21:47:10 +01:00
|
|
|
unset($passwd_type); // not used but required by interface
|
|
|
|
|
2011-03-23 15:14:57 +01:00
|
|
|
if (pam_auth($username, get_magic_quotes_gpc() ? stripslashes($passwd) : $passwd))
|
2005-03-25 10:59:48 +01:00
|
|
|
{
|
2011-03-18 14:36:19 +01:00
|
|
|
// for new accounts read full name from password file and pass it to EGroupware
|
|
|
|
if (!$GLOBALS['egw']->accounts->name2id($username) &&
|
|
|
|
function_exists('posix_getpwnam') && ($data = posix_getpwnam($username)))
|
|
|
|
{
|
|
|
|
list($fullname) = explode(',',$data['gecos']);
|
|
|
|
$parts = explode(' ',$fullname);
|
|
|
|
if (count($parts) > 1)
|
|
|
|
{
|
|
|
|
$lastname = array_pop($parts);
|
|
|
|
$firstname = implode(' ',$parts);
|
2016-03-28 20:51:38 +02:00
|
|
|
$email = Api\Accounts::email($firstname, $lastname, $username);
|
2011-03-18 14:36:19 +01:00
|
|
|
|
|
|
|
$GLOBALS['auto_create_acct'] = array(
|
|
|
|
'firstname' => $firstname,
|
|
|
|
'lastname' => $lastname,
|
|
|
|
'email' => $email,
|
|
|
|
'account_id' => $data['uid'],
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
2010-01-28 05:22:37 +01:00
|
|
|
return True;
|
2005-03-25 10:59:48 +01:00
|
|
|
}
|
2010-01-28 05:22:37 +01:00
|
|
|
return False;
|
|
|
|
}
|
2005-03-25 10:59:48 +01:00
|
|
|
|
2010-01-28 05:22:37 +01:00
|
|
|
/**
|
|
|
|
* changes password
|
|
|
|
*
|
|
|
|
* @param string $old_passwd must be cleartext or empty to not to be checked
|
|
|
|
* @param string $new_passwd must be cleartext
|
2016-03-06 21:47:10 +01:00
|
|
|
* @param int $account_id =0 account id of user whose passwd should be changed
|
2010-01-28 05:22:37 +01:00
|
|
|
* @return boolean true if password successful changed, false otherwise
|
|
|
|
*/
|
|
|
|
function change_password($old_passwd, $new_passwd, $account_id=0)
|
|
|
|
{
|
2016-03-06 21:47:10 +01:00
|
|
|
unset($old_passwd, $new_passwd, $account_id); // not used but required by interface
|
|
|
|
|
2010-01-28 05:22:37 +01:00
|
|
|
// deny password changes.
|
|
|
|
return False;
|
2005-03-25 10:59:48 +01:00
|
|
|
}
|
2010-01-28 05:22:37 +01:00
|
|
|
}
|