blob: 1faa0014eaf36edd5d92e35aa57dba8ad27b681d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
<?php
/**
* Elgg PAM library
* Contains functions for managing authentication using various arbitrary methods
*
* @package Elgg
* @subpackage Core
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Marcus Povey
* @copyright Curverider Ltd 2008
* @link http://elgg.org/
*/
$_PAM_HANDLERS = array();
$_PAM_HANDLERS_MSG = array();
/**
* Register a PAM handler.
*
* @param string $handler The handler function in the format
* pam_handler($credentials = NULL);
* @param string $importance The importance - "sufficient" or "required"
*/
function register_pam_handler($handler, $importance = "sufficient")
{
global $_PAM_HANDLERS;
if (is_callable($handler))
{
$_PAM_HANDLERS[$handler] = new stdClass;
$_PAM_HANDLERS[$handler]->handler = $handler;
$_PAM_HANDLERS[$handler]->importance = strtolower($importance);
return true;
}
return false;
}
/**
* Attempt to authenticate.
* This function will go through all registered PAM handlers to see if a user can be authorised.
*
* If $credentials are provided the PAM handler should authenticate using the provided credentials, if
* not then credentials should be prompted for or otherwise retrieved (eg from the HTTP header or $_SESSION).
*
* @param mixed $credentials Mixed PAM handler specific credentials (eg username,password or hmac etc)
* @return bool true if authenticated, false if not.
*/
function pam_authenticate($credentials = NULL)
{
global $_PAM_HANDLERS, $_PAM_HANDLERS_MSG;
$authenticated = false;
foreach ($_PAM_HANDLERS as $k => $v)
{
$handler = $v->handler;
$importance = $v->importance;
try {
// Execute the handler
if ($handler($credentials))
{
// Explicitly returned true
$_PAM_HANDLERS_MSG[$k] = "Authenticated!";
$authenticated = true;
}
else
{
$_PAM_HANDLERS_MSG[$k] = "Not Authenticated.";
// If this is required then abort.
if ($importance == 'required')
return false;
}
}
catch (Exception $e)
{
$_PAM_HANDLERS_MSG[$k] = "$e";
}
}
return $authenticated;
}
?>
|
