mirror of
https://gitlab.com/davical-project/davical.git
synced 2026-01-27 00:33:34 +00:00
20ee255898
This is a significant refactoring, replacing the old getUserBy*() functions with a new Principal class, and replacing the old CalDAVPrincipal class with a new DAVPrincipal class which extends the Principal class. At this point all regression tests pass (again) but there could well be issues for people who use alternative authenticators such as LDAP, although I have endeavoured to resolve those potential issues. Signed-off-by: Andrew McMillan <andrew@morphoss.com>
112 lines
3.0 KiB
PHP
112 lines
3.0 KiB
PHP
<?php
|
|
/**
|
|
* Manages PAM repository connection with local imap server help
|
|
*
|
|
* @package davical
|
|
* @category Technical
|
|
* @subpackage ldap
|
|
* @author Oliver Schulze <oliver@samera.com.py>,
|
|
* Andrew McMillan <andrew@mcmillan.net.nz>
|
|
* @copyright Based on Eric Seigne script drivers_squid_pam.php
|
|
* @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
|
|
*/
|
|
|
|
require_once("auth-functions.php");
|
|
|
|
class imapPamDrivers
|
|
{
|
|
/**#@+
|
|
* @access private
|
|
*/
|
|
|
|
/**#@-*/
|
|
|
|
|
|
/**
|
|
* Constructor.
|
|
* @param string $imap_url formated for imap_open()
|
|
*/
|
|
function imapPamDrivers($imap_url){
|
|
$this->__construct($imap_url);
|
|
}
|
|
|
|
|
|
/**
|
|
* The constructor
|
|
*
|
|
* @param string $imap_url formated for imap_open()
|
|
*/
|
|
function __construct($imap_url)
|
|
{
|
|
global $c;
|
|
if (empty($imap_url)){
|
|
$c->messages[] = sprintf(i18n('drivers_imap_pam : imap_url parameter not configured in /etc/davical/*-conf.php'));
|
|
$this->valid=false;
|
|
return ;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Check the username / password against the PAM system
|
|
*/
|
|
function IMAP_PAM_check($username, $password ){
|
|
global $c;
|
|
|
|
$imap_username = $username;
|
|
if ( function_exists('mb_convert_encoding') ) {
|
|
$imap_username = mb_convert_encoding($imap_username, "UTF7-IMAP",mb_detect_encoding($imap_username));
|
|
}
|
|
else {
|
|
$imap_username = imap_utf7_encode($imap_username);
|
|
}
|
|
|
|
//$imap_url = '{localhost:143/imap/notls}';
|
|
//$imap_url = '{localhost:993/imap/ssl/novalidate-cert}';
|
|
$imap_url = $c->authenticate_hook['config']['imap_url'];
|
|
$auth_result = "ERR";
|
|
|
|
$imap_stream = @imap_open($imap_url, $imap_username, $password, OP_HALFOPEN);
|
|
//print_r(imap_errors());
|
|
if ( $imap_stream ) {
|
|
// disconnect
|
|
imap_close($imap_stream);
|
|
// login ok
|
|
$auth_result = "OK";
|
|
}
|
|
|
|
if ( $auth_result == "OK") {
|
|
$principal = new Principal('username',$username);
|
|
if ( ! $principal->Exists() ) {
|
|
dbg_error_log( "PAM", "Principal '%s' doesn't exist in local DB, we need to create it",$username );
|
|
$cmd = "getent passwd '$username'";
|
|
$getent_res = exec($cmd);
|
|
$getent_arr = explode(":", $getent_res);
|
|
$fullname = $getent_arr[4];
|
|
if(empty($fullname)) {
|
|
$fullname = $username;
|
|
}
|
|
|
|
$principal->Create( array(
|
|
'username' => $username,
|
|
'user_active' => true,
|
|
'email' => $username . "@" . $c->authenticate_hook['config']['email_base'],
|
|
'modified' => date(),
|
|
'fullname' => $fullname
|
|
));
|
|
if ( ! $principal->Exists() ) {
|
|
dbg_error_log( "PAM", "Unable to create local principal for '%s'", $username );
|
|
return false;
|
|
}
|
|
CreateHomeCalendar($username);
|
|
}
|
|
return $principal;
|
|
}
|
|
else {
|
|
dbg_error_log( "PAM", "User %s is not a valid username (or password was wrong)", $username );
|
|
return false;
|
|
}
|
|
|
|
}
|