1<?php 2/** 3 * Copyright 2004-2017 Horde LLC (http://www.horde.org/) 4 * 5 * See the enclosed file COPYING for license information (LGPL). If you did 6 * not receive this file, see http://www.horde.org/licenses/lgpl21. 7 * 8 * @author Jan Schneider <jan@horde.org> 9 * @category Horde 10 * @license http://www.horde.org/licenses/lgpl21 LGPL-2.1 11 * @package Auth 12 */ 13 14/** 15 * The Horde_Auth_login:: class provides a system login implementation of 16 * the Horde authentication system. 17 * 18 * This Auth driver is useful if you have a shadow password system 19 * where the Horde_Auth_Passwd driver doesn't work. 20 * 21 * @author Jan Schneider <jan@horde.org> 22 * @category Horde 23 * @copyright 2004-2017 Horde LLC 24 * @license http://www.horde.org/licenses/lgpl21 LGPL-2.1 25 * @package Auth 26 */ 27class Horde_Auth_Login extends Horde_Auth_Base 28{ 29 /** 30 * List of users that should be excluded from being listed/handled 31 * in any way by this driver. 32 * 33 * @var array 34 */ 35 protected $_exclude = array( 36 'root', 'daemon', 'bin', 'sys', 'sync', 'games', 'man', 'lp', 'mail', 37 'news', 'uucp', 'proxy', 'postgres', 'www-data', 'backup', 'operator', 38 'list', 'irc', 'gnats', 'nobody', 'identd', 'sshd', 'gdm', 'postfix', 39 'mysql', 'cyrus', 'ftp' 40 ); 41 42 /** 43 * Constructs a new Login authentication object. 44 * 45 * @param array $params Optional parameters: 46 * <pre> 47 * 'location' - (string) Location of the su binary. 48 * DEFAULT: /bin/su 49 * </pre> 50 */ 51 public function __construct(array $params = array()) 52 { 53 if (empty($params['location'])) { 54 $params['location'] = '/bin/su'; 55 } 56 57 parent::__construct($params); 58 } 59 60 /** 61 * Find out if a set of login credentials are valid. 62 * 63 * @param string $userId The userId to check. 64 * @param array $credentials An array of login credentials. 65 * 66 * @return boolean Whether or not the credentials are valid. 67 */ 68 protected function _authenticate($userId, $credentials) 69 { 70 if (empty($credentials['password'])) { 71 throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); 72 } 73 74 $proc = @popen($this->_location . ' -c /bin/true ' . $userId, 'w'); 75 if (!is_resource($proc)) { 76 throw new Horde_Auth_Exception('', Horde_Auth::REASON_FAILED); 77 } 78 79 fwrite($proc, $credentials['password']); 80 if (@pclose($proc) !== 0) { 81 throw new Horde_Auth_Exception('', Horde_Auth::REASON_FAILED); 82 } 83 } 84 85} 86