inc/drivers_squid_pam.php

   1 <?php
   2 /**
   3 * Manages PAM repository connection with SQUID help
   4 *
   5 * @package   davical
   6 * @category Technical
   7 * @subpackage   ldap
   8 * @author    Eric Seigne <eric.seigne@ryxeo.com>,
   9 *            Andrew McMillan <andrew@mcmillan.net.nz>
  10 * @copyright Eric Seigne
  11 * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
  12 */
  13
  14 require_once("auth-functions.php");
  15
  16 class squidPamDrivers
  17 {
  18   /**#@+
  19   * @access private
  20   */
  21
  22   /**#@-*/
  23
  24
  25   /**
  26   * The constructor
  27   *
  28   * @param string $config path where /usr/lib/squid/pam_auth is
  29   */
  30   function __construct($config) {
  31       global $c;
  32       if (! file_exists($config)){
  33           $c->messages[] = sprintf(i18n( 'drivers_squid_pam : Unable to find %s file'), $config );
  34           $this->valid=false;
  35           return ;
  36       }
  37   }
  38 }
  39
  40
  41 /**
  42 * Check the username / password against the PAM system
  43 */
  44 function SQUID_PAM_check($username, $password ){
  45   global $c;
  46
  47   $script = $c->authenticate_hook['config']['script'];
  48   if ( empty($script) ) $script = $c->authenticate_hook['config']['path'];
  49   $cmd = sprintf( 'echo %s %s | %s -n common-auth', escapeshellarg($username), escapeshellarg($password),
  50                                  $script);
  51   $auth_result = exec($cmd);
  52   if ( $auth_result == "OK") {
  53     dbg_error_log('pwauth', 'User %s successfully authenticated', $username);
  54     $principal = new Principal('username',$username);
  55     if ( !$principal->Exists() ) {
  56       dbg_error_log('pwauth', 'User %s does not exist in local db, creating', $username);
  57       $pwent = posix_getpwnam($username);
  58       $gecos = explode(',',$pwent['gecos']);
  59       $fullname = $gecos[0];
  60       $principal->Create( array(
  61                             'username' => $username,
  62                             'user_active' => 't',
  63                             'email' => sprintf('%s@%s', $username, $email_base),
  64                             'fullname' => $fullname
  65                         ));
  66       if ( ! $principal->Exists() ) {
  67         dbg_error_log( "PAM", "Unable to create local principal for '%s'", $username );
  68         return false;
  69       }
  70       CreateHomeCalendar($username);
  71     }
  72     return $principal;
  73   }
  74   else {
  75     dbg_error_log( "PAM", "User %s is not a valid username (or password was wrong)", $username );
  76     return false;
  77   }
  78
  79 }