[Sommaire] [Imprimer]

   1  <?php
   2  /**
   3   * The Auth_login:: class provides a system login implementation of
   4   * the Horde authentication system.
   5   * This Auth driver is useful if you have a shadow password system
   6   * where the Auth_passwd driver doesn't work.
   7   *
   8   * Optional parameters:<pre>
   9   *   'location'  Location of the su binary.
  10   *               DEFAULT: /bin/su</pre>
  11   *
  12   *
  13   * $Horde: framework/Auth/Auth/login.php,v 1.3.10.9 2006/01/01 21:28:07 jan Exp $
  14   *
  15   * Copyright 2004-2006 Jan Schneider <jan@horde.org>
  16   *
  17   * See the enclosed file COPYING for license information (LGPL). If you
  18   * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
  19   *
  20   * @author  Jan Schneider <jan@horde.org>
  21   * @since   Horde 3.0
  22   * @package Horde_Auth
  23   */
  24  class Auth_login extends Auth {
  25  
  26      /**
  27       * An array of capabilities, so that the driver can report which
  28       * operations it supports and which it doesn't.
  29       *
  30       * @var array
  31       */
  32      var $capabilities = array('add'           => false,
  33                                'update'        => false,
  34                                'resetpassword' => false,
  35                                'remove'        => false,
  36                                'list'          => false,
  37                                'transparent'   => false);
  38  
  39      /**
  40       * su binary.
  41       *
  42       * @var string
  43       */
  44      var $_location = '/bin/su';
  45  
  46      /**
  47       * List of users that should be excluded from being listed/handled
  48       * in any way by this driver.
  49       *
  50       * @var array
  51       */
  52      var $_exclude = array('root', 'daemon', 'bin', 'sys', 'sync', 'games',
  53                            'man', 'lp', 'mail', 'news', 'uucp', 'proxy',
  54                            'postgres', 'www-data', 'backup', 'operator',
  55                            'list', 'irc', 'gnats', 'nobody', 'identd',
  56                            'sshd', 'gdm', 'postfix', 'mysql', 'cyrus', 'ftp');
  57  
  58      /**
  59       * Constructs a new Login authentication object.
  60       *
  61       * @param array $params  A hash containing connection parameters.
  62       */
  63      function Auth_login($params = array())
  64      {
  65          $this->_params = $params;
  66          if (!empty($params['location'])) {
  67              $this->_location = $params['location'];
  68          }
  69      }
  70  
  71      /**
  72       * Find out if a set of login credentials are valid.
  73       *
  74       * @access private
  75       *
  76       * @param string $userId      The userId to check.
  77       * @param array $credentials  An array of login credentials.
  78       *
  79       * @return boolean  Whether or not the credentials are valid.
  80       */
  81      function _authenticate($userId, $credentials)
  82      {
  83          if (empty($credentials['password'])) {
  84              Horde::fatal(_("No password provided for Login authentication."), __FILE__, __LINE__);
  85          }
  86  
  87          $proc = popen($this->_location . ' -c /bin/true ' . $userId, 'w');
  88          if (!is_resource($proc)) {
  89              return false;
  90          }
  91          fwrite($proc, $credentials['password']);
  92  
  93          return pclose($proc) === 0;
  94      }
  95  
  96  }