diff --git a/inc/drivers_imap_pam.php b/inc/drivers_imap_pam.php index 0bddec5e..970c782c 100644 --- a/inc/drivers_imap_pam.php +++ b/inc/drivers_imap_pam.php @@ -1,10 +1,10 @@ , * Andrew McMillan * @copyright Based on Eric Seigne script drivers_squid_pam.php @@ -18,7 +18,10 @@ if (!function_exists('imap_open')) { require_once("auth-functions.php"); -class imapPamDrivers +/** + * Plugin to authenticate against IMAP + */ +class imapPamDriver { /**#@+ * @access private @@ -45,7 +48,7 @@ class imapPamDrivers /** -* Check the username / password against the PAM system +* Check the username / password against the IMAP server, provision from GECOS */ function IMAP_PAM_check($username, $password ){ global $c; diff --git a/inc/drivers_ldap.php b/inc/drivers_ldap.php index bf0a548d..93798ed0 100644 --- a/inc/drivers_ldap.php +++ b/inc/drivers_ldap.php @@ -3,8 +3,8 @@ * Manages LDAP repository connection * * @package davical -* @category Technical -* @subpackage ldap +* @category Technical +* @subpackage authentication/drivers * @author Maxime Delorme , * Andrew McMillan * @copyright Maxime Delorme @@ -13,7 +13,10 @@ require_once("auth-functions.php"); -class ldapDrivers +/** + * Plugin to authenticate and sync with LDAP + */ +class ldapDriver { /**#@+ * @access private @@ -314,7 +317,7 @@ function sync_user_from_LDAP( Principal &$principal, $mapping, $ldap_values ) { } } -/* +/** * explode the multipart mapping */ function array_values_mapping($mapping){ @@ -421,6 +424,9 @@ function LDAP_check($username, $password ){ } +/** +* turn a list of uniqueMember into member strings +*/ function fix_unique_member($list) { $fixed_list = array(); foreach ( $list as $member ){ diff --git a/inc/drivers_pwauth_pam.php b/inc/drivers_pwauth_pam.php index 3f94d68a..ed5ef089 100644 --- a/inc/drivers_pwauth_pam.php +++ b/inc/drivers_pwauth_pam.php @@ -1,10 +1,10 @@ , * Michael B. Trausch , * Andrew McMillan @@ -16,7 +16,10 @@ require_once("auth-functions.php"); -class pwauthPamDrivers +/** + * Plugin to authenticate against PAM with pwauth + */ +class pwauthPamDriver { /**#@+ * @access private @@ -53,16 +56,16 @@ function PWAUTH_PAM_check($username, $password) { $pipe = popen(escapeshellarg($program), 'w'); $authinfo = sprintf("%s\n%s\n", $username, $password); $written = fwrite($pipe, $authinfo); - dbg_error_log('pwauth', 'Bytes written: %d of %d', $written, strlen($authinfo)); + dbg_error_log('PAM', 'Bytes written: %d of %d', $written, strlen($authinfo)); $return_status = pclose($pipe); switch($return_status) { case 0: // STATUS_OK: Authentication succeeded. - dbg_error_log('pwauth', 'User %s successfully authenticated', $username); + dbg_error_log('PAM', 'User %s successfully authenticated', $username); $principal = new Principal('username',$username); if ( !$principal->Exists() ) { - dbg_error_log('pwauth', 'User %s does not exist in local db, creating', $username); + dbg_error_log('PAM', 'User %s does not exist in local db, creating', $username); $pwent = posix_getpwnam($username); $gecos = explode(',',$pwent['gecos']); $fullname = $gecos[0]; @@ -90,57 +93,57 @@ function PWAUTH_PAM_check($username, $password) { case 2: // (1) STATUS_UNKNOWN: Invalid username or password. // (2) STATUS_INVALID: Invalid password. - dbg_error_log('pwauth', 'Invalid username or password (username: %s)', $username); + dbg_error_log('PAM', 'Invalid username or password (username: %s)', $username); break; case 3: // STATUS_BLOCKED: UID for username is < pwauth's MIN_UNIX_UID - dbg_error_log('pwauth', 'UID for username %s is < pwauth MIN_UNIX_UID', $username); + dbg_error_log('PAM', 'UID for username %s is < pwauth MIN_UNIX_UID', $username); break; case 4: // STATUS_EXPIRED: The user account has expired. - dbg_error_log('pwauth', 'The account for %s has expired', $username); + dbg_error_log('PAM', 'The account for %s has expired', $username); break; case 5: // STATUS_PW_EXPIRED: The user account's password has expired. - dbg_error_log('pwauth', 'The account password for user %s has expired', $username); + dbg_error_log('PAM', 'The account password for user %s has expired', $username); break; case 6: // STATUS_NOLOGIN: Logins to the system are administratively disabled. - dbg_error_log('pwauth', 'Logins administratively disabled (%s)', $username); + dbg_error_log('PAM', 'Logins administratively disabled (%s)', $username); break; case 7: // STATUS_MANYFAILS: Too many login failures for user account. - dbg_error_log('pwauth', 'Login rejected for %s, too many failures', $username); + dbg_error_log('PAM', 'Login rejected for %s, too many failures', $username); break; case 50: // STATUS_INT_USER: Configuration error, Web server cannot use pwauth - dbg_error_log('pwauth', 'config error: see pwauth man page (%s)', 'STATUS_INT_USER'); + dbg_error_log('PAM', 'config error: see pwauth man page (%s)', 'STATUS_INT_USER'); break; case 51: // STATUS_INT_ARGS: pwauth received no username/passwd to check - dbg_error_log('pwauth', 'error: pwauth received no username/password'); + dbg_error_log('PAM', 'error: pwauth received no username/password'); break; case 52: // STATUS_INT_ERR: unknown error - dbg_error_log('pwauth', 'error: see pwauth man page (%s)', 'STATUS_INT_ERR'); + dbg_error_log('PAM', 'error: see pwauth man page (%s)', 'STATUS_INT_ERR'); break; case 53: // STATUS_INT_NOROOT: pwauth could not read the password database - dbg_error_log('pwauth', 'config error: cannot read password database (%s)', 'STATUS_INT_NOROOT'); + dbg_error_log('PAM', 'config error: cannot read password database (%s)', 'STATUS_INT_NOROOT'); break; default: // Unknown error code. - dbg_error_log('pwauth', 'An unknown error (%d) has occurred', $return_status); + dbg_error_log('PAM', 'An unknown error (%d) has occurred', $return_status); } return(FALSE); diff --git a/inc/drivers_rimap.php b/inc/drivers_rimap.php index 83616c61..762254ed 100644 --- a/inc/drivers_rimap.php +++ b/inc/drivers_rimap.php @@ -1,10 +1,10 @@ , * Andrew McMillan * @copyright Based on Eric Seigne script drivers_squid_pam.php @@ -18,7 +18,10 @@ if (!function_exists('imap_open')) { require_once("auth-functions.php"); -class rimapPamDrivers +/** + * Plugin to authenticate against IMAP + */ +class rimapPamDriver { /**#@+ * @access private @@ -45,7 +48,7 @@ class rimapPamDrivers /** -* Check the username / password against the IMAP server +* Check the username / password against the IMAP server, provision from username and email_base */ function RIMAP_check($username, $password ){ global $c; diff --git a/inc/drivers_squid_pam.php b/inc/drivers_squid_pam.php index e1f033e6..9892308e 100644 --- a/inc/drivers_squid_pam.php +++ b/inc/drivers_squid_pam.php @@ -1,10 +1,10 @@ , * Andrew McMillan * @copyright Eric Seigne @@ -13,7 +13,10 @@ require_once("auth-functions.php"); -class squidPamDrivers +/** + * Plugin to authenticate with the help of Squid + */ +class squidPamDriver { /**#@+ * @access private @@ -39,7 +42,7 @@ class squidPamDrivers /** -* Check the username / password against the PAM system +* Check the username / password against PAM using the Squid helper script */ function SQUID_PAM_check($username, $password ){ global $c; @@ -50,10 +53,10 @@ function SQUID_PAM_check($username, $password ){ $script); $auth_result = exec($cmd); if ( $auth_result == "OK") { - dbg_error_log('pwauth', 'User %s successfully authenticated', $username); + dbg_error_log('PAM', 'User %s successfully authenticated', $username); $principal = new Principal('username',$username); if ( !$principal->Exists() ) { - dbg_error_log('pwauth', 'User %s does not exist in local db, creating', $username); + dbg_error_log('PAM', 'User %s does not exist in local db, creating', $username); $pwent = posix_getpwnam($username); $gecos = explode(',',$pwent['gecos']); $fullname = $gecos[0];