1<?php
2/**
3 * Copyright 2004-2017 Horde LLC (http://www.horde.org/)
4 *
5 * See the enclosed file COPYING for license information (LGPL). If you did
6 * not receive this file, see http://www.horde.org/licenses/lgpl21.
7 *
8 * @author   Jan Schneider <jan@horde.org>
9 * @category Horde
10 * @license  http://www.horde.org/licenses/lgpl21 LGPL-2.1
11 * @package  Auth
12 */
13
14/**
15 * The Horde_Auth_login:: class provides a system login implementation of
16 * the Horde authentication system.
17 *
18 * This Auth driver is useful if you have a shadow password system
19 * where the Horde_Auth_Passwd driver doesn't work.
20 *
21 * @author    Jan Schneider <jan@horde.org>
22 * @category  Horde
23 * @copyright 2004-2017 Horde LLC
24 * @license   http://www.horde.org/licenses/lgpl21 LGPL-2.1
25 * @package   Auth
26 */
27class Horde_Auth_Login extends Horde_Auth_Base
28{
29    /**
30     * List of users that should be excluded from being listed/handled
31     * in any way by this driver.
32     *
33     * @var array
34     */
35    protected $_exclude = array(
36        'root', 'daemon', 'bin', 'sys', 'sync', 'games', 'man', 'lp', 'mail',
37        'news', 'uucp', 'proxy', 'postgres', 'www-data', 'backup', 'operator',
38        'list', 'irc', 'gnats', 'nobody', 'identd', 'sshd', 'gdm', 'postfix',
39        'mysql', 'cyrus', 'ftp'
40    );
41
42    /**
43     * Constructs a new Login authentication object.
44     *
45     * @param array $params  Optional parameters:
46     * <pre>
47     * 'location' - (string) Location of the su binary.
48     *              DEFAULT: /bin/su
49     * </pre>
50     */
51    public function __construct(array $params = array())
52    {
53        if (empty($params['location'])) {
54            $params['location'] = '/bin/su';
55        }
56
57        parent::__construct($params);
58    }
59
60    /**
61     * Find out if a set of login credentials are valid.
62     *
63     * @param string $userId      The userId to check.
64     * @param array $credentials  An array of login credentials.
65     *
66     * @return boolean  Whether or not the credentials are valid.
67     */
68    protected function _authenticate($userId, $credentials)
69    {
70        if (empty($credentials['password'])) {
71            throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
72        }
73
74        $proc = @popen($this->_location . ' -c /bin/true ' . $userId, 'w');
75        if (!is_resource($proc)) {
76            throw new Horde_Auth_Exception('', Horde_Auth::REASON_FAILED);
77        }
78
79        fwrite($proc, $credentials['password']);
80        if (@pclose($proc) !== 0) {
81            throw new Horde_Auth_Exception('', Horde_Auth::REASON_FAILED);
82        }
83    }
84
85}
86