aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-07-23 16:27:48 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-07-23 16:27:48 +0000
commit23f908c3e95b121f83f8c14450a9d06c4c8d41ad (patch)
treed4de55be3ce8ab34560205556d5c4320c64bb0b3
parent1589b1e0fc06979063d3a07bf34eca5c0ea22492 (diff)
downloadelgg-23f908c3e95b121f83f8c14450a9d06c4c8d41ad.tar.gz
elgg-23f908c3e95b121f83f8c14450a9d06c4c8d41ad.tar.bz2
PAM now supports 'required' and 'sufficient'
git-svn-id: https://code.elgg.org/elgg/trunk@1504 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/pam.php28
1 files changed, 22 insertions, 6 deletions
diff --git a/engine/lib/pam.php b/engine/lib/pam.php
index 6bbfce79d..1faa0014e 100644
--- a/engine/lib/pam.php
+++ b/engine/lib/pam.php
@@ -21,14 +21,19 @@
*
* @param string $handler The handler function in the format
* pam_handler($credentials = NULL);
+ * @param string $importance The importance - "sufficient" or "required"
*/
- function register_pam_handler($handler)
+ function register_pam_handler($handler, $importance = "sufficient")
{
global $_PAM_HANDLERS;
if (is_callable($handler))
{
- $_PAM_HANDLERS[$handler] = $handler;
+ $_PAM_HANDLERS[$handler] = new stdClass;
+
+ $_PAM_HANDLERS[$handler]->handler = $handler;
+ $_PAM_HANDLERS[$handler]->importance = strtolower($importance);
+
return true;
}
@@ -49,27 +54,38 @@
{
global $_PAM_HANDLERS, $_PAM_HANDLERS_MSG;
+ $authenticated = false;
+
foreach ($_PAM_HANDLERS as $k => $v)
{
+ $handler = $v->handler;
+ $importance = $v->importance;
+
try {
// Execute the handler
- if ($v($credentials))
+ if ($handler($credentials))
{
// Explicitly returned true
$_PAM_HANDLERS_MSG[$k] = "Authenticated!";
- return true;
+ $authenticated = true;
}
else
+ {
$_PAM_HANDLERS_MSG[$k] = "Not Authenticated.";
+
+ // If this is required then abort.
+ if ($importance == 'required')
+ return false;
+ }
}
catch (Exception $e)
{
$_PAM_HANDLERS_MSG[$k] = "$e";
}
}
-
- return false;
+
+ return $authenticated;
}
?> \ No newline at end of file