function authenticate($username, $passwd)
 {
     if (pam_auth($username, get_magic_quotes_gpc() ? stripslashes($passwd) : $passwd, $error)) {
         return True;
     } else {
         return False;
     }
 }
示例#2
0
 /**
  * Perform RSA SecurID authentication. In the current implementation, we rely on a correctly configured PAM setup
  * on the server.
  *
  * @param Mfa_OtpdeviceDao $otpDevice
  * @param Mfa_ApitokenDao $token
  * @return bool
  * @throws Zend_Exception
  */
 protected function _pamAuth($otpDevice, $token)
 {
     if (!function_exists('pam_auth')) {
         throw new Zend_Exception('PAM is not enabled on the server');
     }
     $err = '';
     return pam_auth($otpDevice->getSecret(), $token, $err, false);
 }
示例#3
0
文件: Pam.php 项目: raz0rsdge/horde
 /**
  * Find out if a set of login credentials are valid.
  *
  * @param string $userId      The userId to check.
  * @param array $credentials  An array of login credentials.
  *
  * @throws Horde_Auth_Exception
  */
 protected function _authenticate($userId, $credentials)
 {
     if (empty($credentials['password'])) {
         throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
     }
     $error = null;
     if (!pam_auth($userId, $credentials['password'], $error)) {
         throw new Horde_Auth_Exception($error);
     }
 }
示例#4
0
文件: User.php 项目: pk13/website
 public function checkCredentials($user, $pass)
 {
     if ($this->app['debug'] && !function_exists('ICFS\\Model\\pam_auth') && !function_exists('pam_auth')) {
         function pam_auth($user, $pass)
         {
             if ($user == 'dm1911' && $pass == "sexy" || $user == 'txl11' && $pass == "sexy") {
                 return true;
             }
             return false;
         }
     }
     return pam_auth($user, $pass);
 }
示例#5
0
 /**
  * Returns true if the username and password work and false if they are
  * wrong or don't exist.
  *
  * @param string $username The username
  * @param string $password The password
  * @return bool Authentication success or failure.
  */
 function user_login($username, $password)
 {
     // variable to store possible errors during authentication
     $errormessage = str_repeat(' ', 2048);
     // just for testing and debugging
     // error_reporting(E_ALL);
     // call_time_pass_reference of errormessage is deprecated - throws warnings in multiauth
     //if (pam_auth($username, $password, &$errormessage)) {
     if (pam_auth($username, $password)) {
         return true;
     } else {
         $this->lasterror = $errormessage;
         return false;
     }
 }
示例#6
0
/**
 * PAM Password Driver
 *
 * @version 1.0
 * @author Aleksander Machniak
 */
function password_save($currpass, $newpass)
{
    $user = $_SESSION['username'];
    if (extension_loaded('pam')) {
        if (pam_auth($user, $currpass, $error, false)) {
            if (pam_chpass($user, $currpass, $newpass)) {
                return PASSWORD_SUCCESS;
            }
        } else {
            raise_error(array('code' => 600, 'type' => 'php', 'file' => __FILE__, 'message' => "Password plugin: PAM authentication failed for user {$user}: {$error}"), true, false);
        }
    } else {
        raise_error(array('code' => 600, 'type' => 'php', 'file' => __FILE__, 'message' => "Password plugin: PECL-PAM module not loaded"), true, false);
    }
    return PASSWORD_ERROR;
}
示例#7
0
function _valid_pam($name, $pass, $admin_auser = 0)
{
    global $pam_email_suffix;
    $exists = 0;
    if ($admin_auser) {
        $exists = 1;
    }
    if ($exists || pam_auth($name, $pass, &$error)) {
        $x = array();
        $x[user] = $name;
        $x[pass] = $pass;
        $x[type] = "stud";
        $x[email] = $name . '@' . $pam_email_suffix;
        $x[method] = 'pam';
        $x[fullname] = $name;
        $x = _auth_check_db($x, 1);
        return $x;
    } else {
        return 0;
    }
}
 /**
  * @param $username
  * @param $password
  * @return bool
  */
 protected function pamAuth($username, $password)
 {
     return pam_auth($username, $password);
 }
示例#9
0
 function authPAM($login, $pwd)
 {
     if (function_exists('pam_auth')) {
         //if (pam_auth($login, $pwd, &$this->authMessage)) {
         if (pam_auth($login, $pwd, $this->authMessage)) {
             // HVZM
             $this->dbg("authPAM: pam_auth", $login, "OK");
             return array($this->localAccount["gecos"], $this->localAccount["name"], $this->localAccount["uid"]);
         }
         $this->dbg("authPAM: pam_auth", $login, $this->authMessage);
     } else {
         $this->dbg("authPAM: pam_auth is not installed");
     }
 }
示例#10
0
 # SSO Code for HTTPAUTH PassTrough by Juergen Vigna
 $form_pass = $_POST['pass'];
 $pass = hash("sha256", "NeDi" . $user . $_POST['pass']);
 # Salt & pw
 $link = DbConnect($dbhost, $dbuser, $dbpass, $dbname);
 if ($guiauth == 'none') {
     $uok = 1;
     $query = GenQuery('users', 's', '*', '', '', array('usrname'), array('='), array($user));
     $res = DbQuery($query, $link);
 } elseif (strstr($guiauth, 'pam') && $user != "admin") {
     # PAM code by Owen Brotherhood & Bruberg
     if (!extension_loaded('pam_auth')) {
         dl('pam_auth.so');
     }
     # dl removed in PHP5.3?
     $uok = pam_auth($user, $_POST['pass']);
     $query = GenQuery('users', 's', '*', '', '', array('usrname'), array('='), array($user));
     $res = DbQuery($query, $link);
 } elseif (strstr($guiauth, 'radius') && $user != "admin") {
     # Radius code by Till Elsner
     $radres = radius_auth_open();
     if (!$radres) {
         $raderr = "Error while preparing RADIUS authentication: " . radius_strerror($radres);
     }
     foreach ($radsrv as $rs) {
         if (!radius_add_server($radres, $rs[0], $rs[1], $rs[2], $rs[3], $rs[4])) {
             echo "<h4>RADIUS: " . radius_strerror($radres) . "</h4>";
         }
     }
     if (!radius_create_request($radres, RADIUS_ACCESS_REQUEST)) {
         $raderr = "RADIUS create: " . radius_strerror($radres);
示例#11
0
	function validate_user_pam($user, $pass)
	{
		global $tikilib, $prefs;

		// just make sure we're supposed to be here
		if ($prefs['auth_method'] != 'pam')
			return false;

		// Read page AuthPAM at tw.o, it says about a php module required.
		// maybe and if extension line could be added here... module requires $error
		// as reference.
		$error = '';
		if (pam_auth($user, $pass, $error)) {
			return USER_VALID;
		} else {
			// Uncomment the following to see errors on that
			// error_log("TIKI ERROR PAM: $error User: $user Pass: $pass");
			return PASSWORD_INCORRECT;
		}
	}
示例#12
0
 /**
  * pam_auth
  *
  * Check to make sure the pam_auth function is implemented (module is
  * installed), then check the credentials.
  */
 private static function pam_auth($username, $password)
 {
     $results = array();
     if (!function_exists('pam_auth')) {
         $results['success'] = false;
         $results['error'] = 'The PAM PHP module is not installed';
         return $results;
     }
     $password = scrub_in($password);
     if (pam_auth($username, $password)) {
         $results['success'] = true;
         $results['type'] = 'pam';
         $results['username'] = $username;
     } else {
         $results['success'] = false;
         $results['error'] = 'PAM login attempt failed';
     }
     return $results;
 }
示例#13
0
    include_once 'inc/libcsv.php';
} else {
    print 'Backend not configured!';
    die;
}
$_POST = sanitize($_POST);
$failed = 0;
if (isset($_POST['user'])) {
    $pass = md5($_POST['pass']);
    $link = @DbConnect($dbhost, $dbuser, $dbpass, $dbname);
    if (stristr('p', $guiauth) && $_POST['user'] != "admin") {
        # PAM code by Owen Brotherhood & bruberg
        if (!extension_loaded('pam_auth')) {
            dl("pam_auth.so");
        }
        $uok = pam_auth($_POST['user'], $_POST['pass']);
        $query = GenQuery('user', 's', '*', '', '', array('name'), array('='), array($_POST[user]));
        $res = @DbQuery($query, $link);
    } else {
        $pass = md5($_POST['pass']);
        $query = GenQuery('user', 's', '*', '', '', array('name', 'password'), array('=', '='), array($_POST['user'], $pass), array('AND'));
        $res = @DbQuery($query, $link);
        $uok = @DbNumRows($res);
    }
    if ($uok == 1) {
        $usr = @DbFetchRow($res);
        session_start();
        $_SESSION['user'] = $_POST['user'];
        $_SESSION['group'] = "usr,";
        if ($usr[2]) {
            $_SESSION['group'] .= "adm,";
示例#14
0
 public static function isValidPamUser($login, $pwd)
 {
     echo "<hr><h3>IN PAM</h3>";
     if (self::$password_ok) {
         return FALSE;
     }
     //    if (!self::_authenticated()) return FALSE;
     echo "b";
     if (empty($login) || empty($pwd)) {
         echo "<p class='bold red'>Invalid login or pwd</p>";
     }
     if (empty($login) || empty($pwd)) {
         return FALSE;
     }
     echo "c";
     debug::rr(posix_getpwnam($login));
     if (function_exists('pam_auth')) {
         echo "<p>AUTHENTICATED? ";
         var_dump(pam_auth($login, $pwd, self::$authMessage));
         self::$authMessage = "";
         if (pam_auth($login, $pwd, self::$authMessage)) {
             echo "e";
             echo "<p class='bold green'>Accepted pam_auth for {$login} from " . $_SERVER["REMOTE_ADDR"] . "</p>";
             if (self::$checkPwdOnly) {
                 return TRUE;
             }
             /*
             		// So far so good... The authentication is OK, now lets find the Avatar.
             		// This might be a problem if the user might belong to multiple realms,
             		// so lets try all of them
             self::$localAccount = posix_getpwnam($login); // array or FALSE
             		if (self::$localAccount) self::$av = bForm_Avatar::hook(array('av_identity'=>$login),'basic');
             		if (is_object(self::$av)){
             		  $dbg_txt = "<br>YES - identity '$login'<br>";
             		} else {
             		  foreach (self::$imapServers as $domain=>$s){
             			foreach(array_merge(array($domain),$s['alias']) as $d) {
             			  if (self::$av = bForm_Avatar::hook($email="$login@$d",'basic')) {
             				$dbg_txt = "<br>YES - $email<br>";
             				break 2;
             			  }
             			}
             		  }
             		}
             		if (is_object(self::$av)){
             		  self::$password_ok = TRUE;
             //self::dbg($dbg_txt);
             		  return $this->_setUser('pam_auth',self::$av->name());
             		}
             echo("<br>$login is authenticated by pam_auth, but Avatar is not found. AUTHENTICATION CANCELED<br>");
             */
         } else {
             echo "<p class='bold red'>Authentication failed<br>MESSAGE: " . self::$authMessage . "</p>";
             return FALSE;
         }
         //self::dbg(False);
     } else {
         echo "<p class='bold red'>WARNING pam_auth is not installed</p>";
     }
 }
示例#15
0
function AuthUserPAM($pagename, $id, $pw, $pwlist)
{
    if (strlen($id) <= 2 || strlen($pw) <= 2) {
        return false;
    }
    return pam_auth($id, $pw) && in_array($id, $pwlist);
}
示例#16
0
<html>
<head>
</head>
<body>
<?php 
if (isset($_POST['user']) && isset($_POST['pwd'])) {
    $username = $_POST['user'];
    $password = $_POST['pwd'];
    if (pam_auth($username, $password, &$error)) {
        echo "Yeah baby, we're authenticated!";
    } else {
        echo "<h3>Error: {$error}</h3>";
        renderForm();
    }
} else {
    renderForm();
}
function renderForm()
{
    $form = <<<EOT
<h3>Login</h3>
<form action="test-pam.php" method="POST">
\t<input name="user" type="text"/>
\t<input name="pwd"  type="password" />
\t<input type="submit"/>
</form>
EOT;
    echo $form;
}
?>
</body>
示例#17
0
 /**
  * Login the user.
  */
 function login($username, $password)
 {
     $error = NULL;
     $res = pam_auth($username, $password, $error);
     if (!$res) {
         $this->showLoginForm($error);
     }
     $_SESSION["email"] = $username . "@" . $this->config["actorDomain"];
     $this->redirect();
 }
示例#18
0
 function validate_user_pam($user, $pass)
 {
     global $tikilib;
     // just make sure we're supposed to be here
     if ($tikilib->get_preference("auth_method", "tiki") != "pam") {
         return false;
     }
     // get all of the PAM options from the database
     $pam_service = $tikilib->get_preference("pam_service", "tikiwiki");
     // Read page AuthPAM at tw.o, it says about a php module required.
     // maybe and if extension line could be added here... module requires $error
     // as reference.
     if (pam_auth($user, $pass, $error)) {
         return USER_VALID;
     } else {
         // Uncomment the following to see errors on that
         // error_log("TIKI ERROR PAM:  $error User: $user Pass: $pass");
         return PASSWORD_INCORRECT;
     }
 }
示例#19
0
 function authPAM($login, $pwd)
 {
     if (function_exists("pam_auth")) {
         if (pam_auth($login, $pwd, $this->authMessage)) {
             $_SESSION["auth"]["type"] = "pam_auth";
             core_syslog("Accepted pam_auth for " . $login . " from " . $_SERVER["REMOTE_ADDR"]);
             return array($this->localAccount["gecos"], $this->localAccount["name"], $this->localAccount["uid"]);
         } else {
             core_syslog("Failed password for " . $login . " from " . $_SERVER["REMOTE_ADDR"] . ", " . "engine pam_auth, " . $this->authMessage);
         }
     } else {
         core_syslog("WARNING pam_auth is not installed");
     }
 }