inc/drivers_imap_pam.php

   1 <?php
   2 /**
   3 * Manages PAM repository connection with local imap server help
   4 *
   5 * @package   davical
   6 * @category Technical
   7 * @subpackage   ldap
   8 * @author    Oliver Schulze <oliver@samera.com.py>,
   9 *                Andrew McMillan <andrew@mcmillan.net.nz>
  10 * @copyright Based on Eric Seigne script drivers_squid_pam.php
  11 * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
  12 */
  13
  14 // The PHP interpreter will die quietly unless satisfied. This provides user feedback instead.
  15 if (!function_exists('imap_open')) {
  16   die("drivers_imap_pam: php5-imap required.");
  17 }
  18
  19 require_once("auth-functions.php");
  20
  21 class imapPamDrivers
  22 {
  23   /**#@+
  24   * @access private
  25   */
  26
  27   /**#@-*/
  28
  29
  30   /**
  31   * Constructor.
  32   * @param string $imap_url formated for imap_open()
  33   */
  34   function imapPamDrivers($imap_url){
  35       $this->__construct($imap_url);
  36   }
  37
  38
  39   /**
  40   * The constructor
  41   *
  42   * @param string $imap_url formated for imap_open()
  43   */
  44   function __construct($imap_url)
  45   {
  46       global $c;
  47       if (empty($imap_url)){
  48           $c->messages[] = sprintf(i18n('drivers_imap_pam : imap_url parameter not configured in /etc/davical/*-conf.php'));
  49           $this->valid=false;
  50           return ;
  51       }
  52   }
  53 }
  54
  55
  56 /**
  57 * Check the username / password against the PAM system
  58 */
  59 function IMAP_PAM_check($username, $password ){
  60   global $c;
  61
  62   $imap_username = $username;
  63   if ( function_exists('mb_convert_encoding') ) {
  64     $imap_username = mb_convert_encoding($imap_username, "UTF7-IMAP",mb_detect_encoding($imap_username));
  65   }
  66   else {
  67     $imap_username = imap_utf7_encode($imap_username);
  68   }
  69
  70   //$imap_url = '{localhost:143/imap/notls}';
  71   //$imap_url = '{localhost:993/imap/ssl/novalidate-cert}';
  72   $imap_url = $c->authenticate_hook['config']['imap_url'];
  73   $auth_result = "ERR";
  74
  75   $imap_stream = @imap_open($imap_url, $imap_username, $password, OP_HALFOPEN);
  76   //print_r(imap_errors());
  77   if ( $imap_stream ) {
  78     // disconnect
  79     imap_close($imap_stream);
  80     // login ok
  81     $auth_result = "OK";
  82   }
  83
  84   if ( $auth_result == "OK") {
  85     $principal = new Principal('username',$username);
  86     if ( ! $principal->Exists() ) {
  87       dbg_error_log( "PAM", "Principal '%s' doesn't exist in local DB, we need to create it",$username );
  88       $cmd = "getent passwd '$username'";
  89       $getent_res = exec($cmd);
  90       $getent_arr = explode(":", $getent_res);
  91       $fullname = $getent_arr[4];
  92       if(empty($fullname)) {
  93         $fullname = $username;
  94       }
  95
  96       $principal->Create( array(
  97                       'username' => $username,
  98                       'user_active' => true,
  99                       'email' => $username . "@" . $c->authenticate_hook['config']['email_base'],
 100                       'modified' => date('c'),
 101                       'fullname' => $fullname
 102               ));
 103       if ( ! $principal->Exists() ) {
 104         dbg_error_log( "PAM", "Unable to create local principal for '%s'", $username );
 105         return false;
 106       }
 107       CreateHomeCalendar($username);
 108     }
 109     return $principal;
 110   }
 111   else {
 112     dbg_error_log( "PAM", "User %s is not a valid username (or password was wrong)", $username );
 113     return false;
 114   }
 115
 116 }