From 0451840fa34dfcffd86a00be8dbda9e4abd3f4d3 Mon Sep 17 00:00:00 2001 From: Paul Arthur Date: Mon, 28 Jan 2013 18:12:09 -0500 Subject: Add 'external' auth method Based on merge request #11 --- lib/class/auth.class.php | 55 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) (limited to 'lib/class') diff --git a/lib/class/auth.class.php b/lib/class/auth.class.php index a59e2ad4..dacf15d5 100644 --- a/lib/class/auth.class.php +++ b/lib/class/auth.class.php @@ -184,7 +184,60 @@ class Auth { } return $results; - } // local_auth + } + + /** + * external_auth + * + * Calls an external program compatible with mod_authnz_external + * such as pwauth. + */ + private static function external_auth($username, $password) { + $authenticator = Config::get('external_authenticator'); + if (!$authenticator) { + return array( + 'success' => false, + 'error' => 'No external authenticator configured' + ); + } + + //FIXME: should we do input sanitization? + $proc = proc_open($authenticator, + array( + 0 => array('pipe', 'r'), + 1 => array('pipe', 'w'), + 2 => array('pipe', 'w') + ), $pipes); + + if (is_resource($proc)) { + fwrite($pipes[0], $username."\n".$password."\n"); + fclose($pipes[0]); + fclose($pipes[1]); + if ($stderr = fread($pipes[2], 8192)) { + debug_event('external_auth', $stderr, 5); + } + fclose($pipes[2]); + } + else { + return array( + 'success' => false, + 'error' => 'Failed to run external authenticator' + ); + } + + if (proc_close($proc) == 0) { + return array( + 'success' => true, + 'type' => 'external', + 'username' => $username + ); + } + + return array( + 'success' => false, + 'error' => 'The external authenticator did not accept the login' + ); + } /** * ldap_auth -- cgit