1: <?php
2: /**
3: * The Horde_Auth_Pam:: class provides a PAM-based implementation of the Horde
4: * authentication system.
5: *
6: * PAM (Pluggable Authentication Modules) is a flexible mechanism for
7: * authenticating users. It has become the standard authentication system for
8: * Linux, Solaris and FreeBSD.
9: *
10: * This driver relies on the PECL PAM package:
11: *
12: * http://pecl.php.net/package/PAM
13: *
14: * Copyright 2004-2012 Horde LLC (http://www.horde.org/)
15: *
16: * See the enclosed file COPYING for license information (LGPL). If you did
17: * not receive this file, http://www.horde.org/licenses/lgpl21
18: *
19: * @author Jon Parise <jon@horde.org>
20: * @category Horde
21: * @license http://www.horde.org/licenses/lgpl21 LGPL-2.1
22: * @package Auth
23: */
24: class Horde_Auth_Pam extends Horde_Auth_Base
25: {
26: /**
27: * Constructor.
28: *
29: * @param array $params Optional parameters:
30: * <pre>
31: * 'service' - (string) The name of the PAM service to use when
32: * authenticating.
33: * DEFAULT: php
34: * </pre>
35: *
36: * @throws Horde_Auth_Exception
37: */
38: public function __construct(array $params = array())
39: {
40: if (!Horde_Util::extensionExists('pam')) {
41: throw new Horde_Auth_Exception('PAM authentication is not available.');
42: }
43:
44: if (!empty($params['service'])) {
45: ini_set('pam.servicename', $params['service']);
46: }
47:
48: parent::__construct($params);
49: }
50:
51: /**
52: * Find out if a set of login credentials are valid.
53: *
54: * @param string $userId The userId to check.
55: * @param array $credentials An array of login credentials.
56: *
57: * @throws Horde_Auth_Exception
58: */
59: protected function _authenticate($userId, $credentials)
60: {
61: if (empty($credentials['password'])) {
62: throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
63: }
64:
65: $error = null;
66: if (!pam_auth($userId, $credentials['password'], &$error)) {
67: throw new Horde_Auth_Exception($error);
68: }
69: }
70:
71: }
72: