diff options
Diffstat (limited to 'engine/lib/pam.php')
-rw-r--r-- | engine/lib/pam.php | 44 |
1 files changed, 28 insertions, 16 deletions
diff --git a/engine/lib/pam.php b/engine/lib/pam.php index 17b10b5cc..590ef9fde 100644 --- a/engine/lib/pam.php +++ b/engine/lib/pam.php @@ -3,12 +3,13 @@ * Elgg Simple PAM library * Contains functions for managing authentication. * This is not a full implementation of PAM. It supports a single facility - * (authentication) and only allows one policy at a time. There are two control - * flags possible for each module: sufficient or required. The entire chain for - * a policy is processed (or until a required module fails). A module fails by - * returning false or throwing an exception. The order that modules are - * processed is determined by the order they are registered. For an example of - * a PAM, see pam_auth_userpass() in sessions.php. + * (authentication) and allows multiple policies (user authentication is the + * default). There are two control flags possible for each module: sufficient + * or required. The entire chain for a policy is processed (or until a + * required module fails). A module fails by returning false or throwing an + * exception. The order that modules are processed is determined by the order + * they are registered. For an example of a PAM, see pam_auth_userpass() in + * sessions.php. * * For more information on PAMs see: * http://www.freebsd.org/doc/en/articles/pam/index.html @@ -27,16 +28,23 @@ $_PAM_HANDLERS_MSG = array(); * * @param string $handler The handler function in the format * pam_handler($credentials = NULL); - * @param string $importance The importance - "sufficient" or "required" + * @param string $importance The importance - "sufficient" (default) or "required" + * @param string $policy - the policy type, default is "user" + * @return boolean */ -function register_pam_handler($handler, $importance = "sufficient") { +function register_pam_handler($handler, $importance = "sufficient", $policy = "user") { global $_PAM_HANDLERS; + // setup array for this type of pam if not already set + if (!isset($_PAM_HANDLERS[$policy])) { + $_PAM_HANDLERS[$policy] = array(); + } + if (is_callable($handler)) { - $_PAM_HANDLERS[$handler] = new stdClass; + $_PAM_HANDLERS[$policy][$handler] = new stdClass; - $_PAM_HANDLERS[$handler]->handler = $handler; - $_PAM_HANDLERS[$handler]->importance = strtolower($importance); + $_PAM_HANDLERS[$policy][$handler]->handler = $handler; + $_PAM_HANDLERS[$policy][$handler]->importance = strtolower($importance); return true; } @@ -48,18 +56,19 @@ function register_pam_handler($handler, $importance = "sufficient") { * Unregisters a PAM handler. * * @param string $handler The PAM handler function name + * @param string $policy - the policy type, default is "user" */ -function unregister_pam_handler($handler) { +function unregister_pam_handler($handler, $policy = "user") { global $_PAM_HANDLERS; - unset($_PAM_HANDLERS[$handler]); + unset($_PAM_HANDLERS[$policy][$handler]); } /** * Attempt to authenticate. * This function will process all registered PAM handlers or stop when the first * handler fails. A handler fails by either returning false or throwing an - * exception. The advatange of throwing an exception is that it returns a message + * exception. The advantage of throwing an exception is that it returns a message * through the global $_PAM_HANDLERS_MSG which can be used in communication with * a user. The order that handlers are processed is determined by the order that * they were registered. @@ -69,14 +78,17 @@ function unregister_pam_handler($handler) { * otherwise retrieved (eg from the HTTP header or $_SESSION). * * @param mixed $credentials Mixed PAM handler specific credentials (e.g. username, password) + * @param string $policy - the policy type, default is "user" * @return bool true if authenticated, false if not. */ -function pam_authenticate($credentials = NULL) { +function pam_authenticate($credentials = NULL, $policy = "user") { global $_PAM_HANDLERS, $_PAM_HANDLERS_MSG; + $_PAM_HANDLERS_MSG = array(); + $authenticated = false; - foreach ($_PAM_HANDLERS as $k => $v) { + foreach ($_PAM_HANDLERS[$policy] as $k => $v) { $handler = $v->handler; $importance = $v->importance; |