1<?php 2/** 3 * Copyright 2004-2017 Horde LLC (http://www.horde.org/) 4 * 5 * See the enclosed file COPYING for license information (LGPL). If you did 6 * not receive this file, see http://www.horde.org/licenses/lgpl21. 7 * 8 * @author Jon Parise <jon@horde.org> 9 * @category Horde 10 * @license http://www.horde.org/licenses/lgpl21 LGPL-2.1 11 * @package Auth 12 */ 13 14/** 15 * The Horde_Auth_Pam:: class provides a PAM-based implementation of the Horde 16 * authentication system. 17 * 18 * PAM (Pluggable Authentication Modules) is a flexible mechanism for 19 * authenticating users. It has become the standard authentication system for 20 * Linux, Solaris and FreeBSD. 21 * 22 * This driver relies on the PECL PAM package: 23 * 24 * http://pecl.php.net/package/PAM 25 * 26 * @author Jon Parise <jon@horde.org> 27 * @category Horde 28 * @copyright 2004-2017 Horde LLC 29 * @license http://www.horde.org/licenses/lgpl21 LGPL-2.1 30 * @package Auth 31 */ 32class Horde_Auth_Pam extends Horde_Auth_Base 33{ 34 /** 35 * Constructor. 36 * 37 * @param array $params Optional parameters: 38 * <pre> 39 * 'service' - (string) The name of the PAM service to use when 40 * authenticating. 41 * DEFAULT: php 42 * </pre> 43 * 44 * @throws Horde_Auth_Exception 45 */ 46 public function __construct(array $params = array()) 47 { 48 if (!Horde_Util::extensionExists('pam')) { 49 throw new Horde_Auth_Exception('PAM authentication is not available.'); 50 } 51 52 if (!empty($params['service'])) { 53 ini_set('pam.servicename', $params['service']); 54 } 55 56 parent::__construct($params); 57 } 58 59 /** 60 * Find out if a set of login credentials are valid. 61 * 62 * @param string $userId The userId to check. 63 * @param array $credentials An array of login credentials. 64 * 65 * @throws Horde_Auth_Exception 66 */ 67 protected function _authenticate($userId, $credentials) 68 { 69 if (empty($credentials['password'])) { 70 throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); 71 } 72 73 $error = null; 74 if (!pam_auth($userId, $credentials['password'], $error)) { 75 throw new Horde_Auth_Exception($error); 76 } 77 } 78 79} 80