1: <?php
2: /**
3: * The Horde_Auth_login:: class provides a system login implementation of
4: * the Horde authentication system.
5: *
6: * This Auth driver is useful if you have a shadow password system
7: * where the Horde_Auth_Passwd driver doesn't work.
8: *
9: * Copyright 2004-2012 Horde LLC (http://www.horde.org/)
10: *
11: * See the enclosed file COPYING for license information (LGPL). If you did
12: * not receive this file, http://www.horde.org/licenses/lgpl21
13: *
14: * @author Jan Schneider <jan@horde.org>
15: * @category Horde
16: * @license http://www.horde.org/licenses/lgpl21 LGPL-2.1
17: * @package Auth
18: */
19: class Horde_Auth_Login extends Horde_Auth_Base
20: {
21: /**
22: * List of users that should be excluded from being listed/handled
23: * in any way by this driver.
24: *
25: * @var array
26: */
27: protected $_exclude = array(
28: 'root', 'daemon', 'bin', 'sys', 'sync', 'games', 'man', 'lp', 'mail',
29: 'news', 'uucp', 'proxy', 'postgres', 'www-data', 'backup', 'operator',
30: 'list', 'irc', 'gnats', 'nobody', 'identd', 'sshd', 'gdm', 'postfix',
31: 'mysql', 'cyrus', 'ftp'
32: );
33:
34: /**
35: * Constructs a new Login authentication object.
36: *
37: * @param array $params Optional parameters:
38: * <pre>
39: * 'location' - (string) Location of the su binary.
40: * DEFAULT: /bin/su
41: * </pre>
42: */
43: public function __construct(array $params = array())
44: {
45: if (empty($params['location'])) {
46: $params['location'] = '/bin/su';
47: }
48:
49: parent::__construct($params);
50: }
51:
52: /**
53: * Find out if a set of login credentials are valid.
54: *
55: * @param string $userId The userId to check.
56: * @param array $credentials An array of login credentials.
57: *
58: * @return boolean Whether or not the credentials are valid.
59: */
60: protected function _authenticate($userId, $credentials)
61: {
62: if (empty($credentials['password'])) {
63: throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
64: }
65:
66: $proc = @popen($this->_location . ' -c /bin/true ' . $userId, 'w');
67: if (!is_resource($proc)) {
68: throw new Horde_Auth_Exception('', Horde_Auth::REASON_FAILED);
69: }
70:
71: fwrite($proc, $credentials['password']);
72: if (@pclose($proc) !== 0) {
73: throw new Horde_Auth_Exception('', Horde_Auth::REASON_FAILED);
74: }
75: }
76:
77: }
78: