1<?php
2/**
3 * Copyright 2004-2017 Horde LLC (http://www.horde.org/)
4 *
5 * See the enclosed file COPYING for license information (LGPL). If you did
6 * not receive this file, see http://www.horde.org/licenses/lgpl21.
7 *
8 * @author   Jon Parise <jon@horde.org>
9 * @category Horde
10 * @license  http://www.horde.org/licenses/lgpl21 LGPL-2.1
11 * @package  Auth
12 */
13
14/**
15 * The Horde_Auth_Pam:: class provides a PAM-based implementation of the Horde
16 * authentication system.
17 *
18 * PAM (Pluggable Authentication Modules) is a flexible mechanism for
19 * authenticating users. It has become the standard authentication system for
20 * Linux, Solaris and FreeBSD.
21 *
22 * This driver relies on the PECL PAM package:
23 *
24 *      http://pecl.php.net/package/PAM
25 *
26 * @author    Jon Parise <jon@horde.org>
27 * @category  Horde
28 * @copyright 2004-2017 Horde LLC
29 * @license   http://www.horde.org/licenses/lgpl21 LGPL-2.1
30 * @package   Auth
31 */
32class Horde_Auth_Pam extends Horde_Auth_Base
33{
34    /**
35     * Constructor.
36     *
37     * @param array $params  Optional parameters:
38     * <pre>
39     * 'service' - (string) The name of the PAM service to use when
40     *             authenticating.
41     *             DEFAULT: php
42     * </pre>
43     *
44     * @throws Horde_Auth_Exception
45     */
46    public function __construct(array $params = array())
47    {
48        if (!Horde_Util::extensionExists('pam')) {
49            throw new Horde_Auth_Exception('PAM authentication is not available.');
50        }
51
52        if (!empty($params['service'])) {
53            ini_set('pam.servicename', $params['service']);
54        }
55
56        parent::__construct($params);
57    }
58
59    /**
60     * Find out if a set of login credentials are valid.
61     *
62     * @param string $userId      The userId to check.
63     * @param array $credentials  An array of login credentials.
64     *
65     * @throws Horde_Auth_Exception
66     */
67    protected function _authenticate($userId, $credentials)
68    {
69        if (empty($credentials['password'])) {
70            throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
71        }
72
73        $error = null;
74        if (!pam_auth($userId, $credentials['password'], $error)) {
75            throw new Horde_Auth_Exception($error);
76        }
77    }
78
79}
80