Subversion-Projekte lars-tiefland.php_share

<?php

/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */

/**

 * File::Passwd::Unix

 *

 * PHP versions 4 and 5

 *

 * LICENSE: This source file is subject to version 3.0 of the PHP license

 * that is available through the world-wide-web at the following URI:

 * http://www.php.net/license/3_0.txt.  If you did not receive a copy of

 * the PHP License and are unable to obtain it through the web, please

 * send a note to license@php.net so we can mail you a copy immediately.

 *

 * @category   FileFormats

 * @package    File_Passwd

 * @author     Michael Wallner <mike@php.net>

 * @copyright  2003-2005 Michael Wallner

 * @license    http://www.php.net/license/3_0.txt  PHP License 3.0

 * @version    CVS: $Id: Unix.php,v 1.17 2005/03/30 18:33:33 mike Exp $

 * @link       http://pear.php.net/package/File_Passwd

 */

/**

* Requires File::Passwd::Common

*/

require_once 'File/Passwd/Common.php';

/**

* Manipulate standard Unix passwd files.

*

* <kbd><u>Usage Example:</u></kbd>

* <code>

*   $passwd = &File_Passwd::factory('Unix');

*   $passwd->setFile('/my/passwd/file');

*   $passwd->load();

*   $passwd->addUser('mike', 'secret');

*   $passwd->save();

* </code>

*

*

* <kbd><u>Output of listUser()</u></kbd>

* # using the 'name map':

* <pre>

*      array

*       + user  => array

*                   + pass  => crypted_passwd or 'x' if shadowed

*                   + uid   => user id

*                   + gid   => group id

*                   + gecos => comments

*                   + home  => home directory

*                   + shell => standard shell

* </pre>

* # without 'name map':

* <pre>

*      array

*       + user  => array

*                   + 0  => crypted_passwd

*                   + 1  => ...

*                   + 2  => ...

* </pre>

*

* @author   Michael Wallner <mike@php.net>

* @package  File_Passwd

* @version  $Revision: 1.17 $

* @access   public

*/

class File_Passwd_Unix extends File_Passwd_Common

{

    /**

    * A 'name map' wich refer to the extra properties

    *

    * @var array

    * @access private

    */

    var $_map = array('uid', 'gid', 'gecos', 'home', 'shell');

    /**

    * Whether to use the 'name map' or not

    *

    * @var boolean

    * @access private

    */

    var $_usemap = true;

    /**

    * Whether the passwords of this passwd file are shadowed in another file

    *

    * @var boolean

    * @access private

    */

    var $_shadowed = false;

    /**

    * Encryption mode, either md5 or des

    *

    * @var string

    * @access private

    */

    var $_mode = 'des';

    /**

    * Supported encryption modes

    *

    * @var array

    * @access private

    */

    var $_modes = array('md5' => 'md5', 'des' => 'des');

    /**

    * Constructor

    *

    * @access public

    * @param  string    $file   path to passwd file

    */

    function File_Passwd_Unix($file = 'passwd')

    {

        parent::__construct($file);

    }

    /**

    * Fast authentication of a certain user

    *

    * Returns a PEAR_Error if:

    *   o file doesn't exist

    *   o file couldn't be opened in read mode

    *   o file couldn't be locked exclusively

    *   o file couldn't be unlocked (only if auth fails)

    *   o file couldn't be closed (only if auth fails)

    *   o invalid encryption mode <var>$mode</var> was provided

    *

    * @static   call this method statically for a reasonable fast authentication

    * @access   public

    * @return   mixed   true if authenticated, false if not or PEAR_Error

    * @param    string  $file   path to passwd file

    * @param    string  $user   user to authenticate

    * @param    string  $pass   plaintext password

    * @param    string  $mode   encryption mode to use (des or md5)

    */

    function staticAuth($file, $user, $pass, $mode)

    {

        $line = File_Passwd_Common::_auth($file, $user);

        if (!$line || PEAR::isError($line)) {

            return $line;

        }

        list(,$real)= explode(':', $line);

        $crypted    = File_Passwd_Unix::_genPass($pass, $real, $mode);

        if (PEAR::isError($crypted)) {

            return $crypted;

        }

        return ($crypted === $real);

    }

    /**

    * Apply changes an rewrite passwd file

    *

    * Returns a PEAR_Error if:

    *   o directory in which the file should reside couldn't be created

    *   o file couldn't be opened in write mode

    *   o file couldn't be locked exclusively

    *   o file couldn't be unlocked

    *   o file couldn't be closed

    *

    * @throws PEAR_Error

    * @access public

    * @return mixed true on success or PEAR_Error

    */

    function save()

    {

        $content = '';

        foreach ($this->_users as $user => $array){

            $pass   = array_shift($array);

            $extra  = implode(':', $array);

            $content .= $user . ':' . $pass;

            if (!empty($extra)) {

                $content .= ':' . $extra;

            }

            $content .= "\n";

        }

        return $this->_save($content);

    }

    /**

    * Parse the Unix password file

    *

    * Returns a PEAR_Error if passwd file has invalid format.

    *

    * @throws PEAR_Error

    * @access public

    * @return mixed true on success or PEAR_Error

    */

    function parse()

    {

        $this->_users = array();

        foreach ($this->_contents as $line){

            $parts = explode(':', $line);

            if (count($parts) < 2) {

                return PEAR::raiseError(

                    FILE_PASSWD_E_INVALID_FORMAT_STR,

                    FILE_PASSWD_E_INVALID_FORMAT

                );

            }

            $user = array_shift($parts);

            $pass = array_shift($parts);

            if ($pass == 'x') {

                $this->_shadowed = true;

            }

            $values = array();

            if ($this->_usemap) {

                $values['pass'] = $pass;

                foreach ($parts as $i => $value){

                    if (isset($this->_map[$i])) {

                        $values[$this->_map[$i]] = $value;

                    } else {

                        $values[$i+1] = $value;

                    }

                }

            } else {

                $values = array_merge(array($pass), $parts);

            }

            $this->_users[$user] = $values;

        }

        $this->_contents = array();

        return true;

    }

    /**

    * Set the encryption mode

    *

    * Supported encryption modes are des and md5.

    *

    * Returns a PEAR_Error if supplied encryption mode is not supported.

    *

    * @see      setMode()

    * @see      listModes()

    *

    * @throws   PEAR_Error

    * @access   public

    * @return   mixed   true on succes or PEAR_Error

    * @param    string  $mode   encryption mode to use; either md5 or des

    */

    function setMode($mode)

    {

        $mode = strToLower($mode);

        if (!isset($this->_modes[$mode])) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_INVALID_ENC_MODE_STR, $mode),

                FILE_PASSWD_E_INVALID_ENC_MODE

            );

        }

        $this->_mode = $mode;

        return true;

    }

    /**

    * Get supported encryption modes

    *

    * <pre>

    *   array

    *    + md5

    *    + des

    * </pre>

    *

    * @see      setMode()

    * @see      getMode()

    *

    * @access   public

    * @return   array

    */

    function listModes()

    {

        return $this->_modes;

    }

    /**

    * Get actual encryption mode

    *

    * @see      listModes()

    * @see      setMode()

    *

    * @access   public

    * @return   string

    */

    function getMode()

    {

        return $this->_mode;

    }

    /**

    * Whether to use the 'name map' of the extra properties or not

    *

    * Default Unix passwd files look like:

    * <pre>

    * user:password:user_id:group_id:gecos:home_dir:shell

    * </pre>

    *

    * The default 'name map' for properties except user and password looks like:

    *   o uid

    *   o gid

    *   o gecos

    *   o home

    *   o shell

    *

    * If you want to change the naming of the standard map use

    * File_Passwd_Unix::setMap(array()).

    *

    * @see      setMap()

    * @see      getMap()

    *

    * @access   public

    * @return   boolean always true if you set a value (true/false) OR

    *                   the actual value if called without param

    *

    * @param    boolean $bool   whether to use the 'name map' or not

    */

    function useMap($bool = null)

    {

        if (is_null($bool)) {

            return $this->_usemap;

        }

        $this->_usemap = (bool) $bool;

        return true;

    }

    /**

    * Set the 'name map' to use with the extra properties of the user

    *

    * This map is used for naming the associative array of the extra properties.

    *

    * Returns a PEAR_Error if <var>$map</var> was not of type array.

    *

    * @see      getMap()

    * @see      useMap()

    *

    * @throws   PEAR_Error

    * @access   public

    * @return   mixed       true on success or PEAR_Error

    */

    function setMap($map = array())

    {

        if (!is_array($map)) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_PARAM_MUST_BE_ARRAY_STR, '$map'),

                FILE_PASSWD_E_PARAM_MUST_BE_ARRAY

            );

        }

        $this->_map = $map;

        return true;

    }

    /**

    * Get the 'name map' which is used for the extra properties of the user

    *

    * @see      setMap()

    * @see      useMap()

    *

    * @access public

    * @return array

    */

    function getMap()

    {

        return $this->_map;

    }

    /**

    * If the passwords of this passwd file are shadowed in another file.

    *

    * @access public

    * @return boolean

    */

    function isShadowed()

    {

        return $this->_shadowed;

    }

    /**

    * Add an user

    *

    * The username must start with an alphabetical character and must NOT

    * contain any other characters than alphanumerics, the underline and dash.

    *

    * If you use the 'name map' you should also use these naming in

    * the supplied extra array, because your values would get mixed up

    * if they are in the wrong order, which is always true if you

    * DON'T use the 'name map'!

    *

    * So be warned and USE the 'name map'!

    *

    * If the passwd file is shadowed, the user will be added though, but

    * with an 'x' as password, and a PEAR_Error will be returned, too.

    *

    * Returns a PEAR_Error if:

    *   o user already exists

    *   o user contains illegal characters

    *   o encryption mode is not supported

    *   o passwords are shadowed in another file

    *   o any element of the <var>$extra</var> array contains a colon (':')

    *

    * @throws PEAR_Error

    * @access public

    * @return mixed true on success or PEAR_Error

    * @param  string    $user   the name of the user to add

    * @param  string    $pass   the password of the user to add

    * @param  array     $extra  extra properties of user to add

    */

    function addUser($user, $pass, $extra = array())

    {

        if ($this->userExists($user)) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_EXISTS_ALREADY_STR, 'User ', $user),

                FILE_PASSWD_E_EXISTS_ALREADY

            );

        }

        if (!preg_match($this->_pcre, $user)) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_INVALID_CHARS_STR, 'User ', $user),

                FILE_PASSWD_E_INVALID_CHARS

            );

        }

        if (!is_array($extra)) {

            setType($extra, 'array');

        }

        foreach ($extra as $e){

            if (strstr($e, ':')) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_INVALID_CHARS_STR, 'Property ', $e),

                FILE_PASSWD_E_INVALID_CHARS

            );

            }

        }

        /**

        * If passwords of the passwd file are shadowed,

        * the password of the user will be set to 'x'.

        */

        if ($this->_shadowed) {

            $pass = 'x';

        } else {

            $pass = $this->_genPass($pass);

            if (PEAR::isError($pass)) {

                return $pass;

            }

        }

        /**

        * If you don't use the 'name map' the user array will be numeric.

        */

        if (!$this->_usemap) {

            array_unshift($extra, $pass);

            $this->_users[$user] = $extra;

        } else {

            $map = $this->_map;

            array_unshift($map, 'pass');

            $extra['pass'] = $pass;

            foreach ($map as $key){

                $this->_users[$user][$key] = @$extra[$key];

            }

        }

        /**

        * Raise a PEAR_Error if passwords are shadowed.

        */

        if ($this->_shadowed) {

            return PEAR::raiseError(

                'Password has been set to \'x\' because they are '.

                'shadowed in another file.', 0

            );

        }

        return true;

    }

    /**

    * Modify properties of a certain user

    *

    * # DON'T MODIFY THE PASSWORD WITH THIS METHOD!

    *

    * You should use this method only if the 'name map' is used, too.

    *

    * Returns a PEAR_Error if:

    *   o user doesn't exist

    *   o any property contains a colon (':')

    *

    * @see      changePasswd()

    *

    * @throws   PEAR_Error

    * @access   public

    * @return   mixed       true on success or PEAR_Error

    * @param    string      $user           the user to modify

    * @param    array       $properties     an associative array of

    *                                       properties to modify

    */

    function modUser($user, $properties = array())

    {

        if (!$this->userExists($user)) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_EXISTS_NOT_STR, 'User ', $user),

                FILE_PASSWD_E_EXISTS_NOT

            );

        }

        if (!is_array($properties)) {

            setType($properties, 'array');

        }

        foreach ($properties as $key => $value){

            if (strstr($value, ':')) {

                return PEAR::raiseError(

                    sprintf(FILE_PASSWD_E_INVALID_CHARS_STR, 'User ', $user),

                    FILE_PASSWD_E_INVALID_CHARS

                );

            }

            $this->_users[$user][$key] = $value;

        }

        return true;

    }

    /**

    * Change the password of a certain user

    *

    * Returns a PEAR_Error if:

    *   o user doesn't exists

    *   o passwords are shadowed in another file

    *   o encryption mode is not supported

    *

    * @throws PEAR_Error

    * @access public

    * @return mixed true on success or PEAR_Error

    * @param string $user   the user whose password should be changed

    * @param string $pass   the new plaintext password

    */

    function changePasswd($user, $pass)

    {

        if ($this->_shadowed) {

            return PEAR::raiseError(

                'Passwords of this passwd file are shadowed.',

            );

        }

        if (!$this->userExists($user)) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_EXISTS_NOT_STR, 'User ', $user),

                FILE_PASSWD_E_EXISTS_NOT

            );

        }

        $pass = $this->_genPass($pass);

        if (PEAR::isError($pass)) {

            return $pass;

        }

        if ($this->_usemap) {

            $this->_users[$user]['pass'] = $pass;

        } else {

            $this->_users[$user][0] = $pass;

        }

        return true;

    }

    /**

    * Verify the password of a certain user

    *

    * Returns a PEAR_Error if:

    *   o user doesn't exist

    *   o encryption mode is not supported

    *

    * @throws PEAR_Error

    * @access public

    * @return mixed true if passwors equal, false if they don't or PEAR_Error

    * @param  string    $user   the user whose password should be verified

    * @param  string    $pass   the password to verify

    */

    function verifyPasswd($user, $pass)

    {

        if (!$this->userExists($user)) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_EXISTS_NOT_STR, 'User ', $user),

                FILE_PASSWD_E_EXISTS_NOT

            );

        }

        $real =

            $this->_usemap ?

            $this->_users[$user]['pass'] :

            $this->_users[$user][0]

        ;

        return ($real === $this->_genPass($pass, $real));

    }

    /**

    * Generate crypted password from the plaintext password

    *

    * Returns a PEAR_Error if actual encryption mode is not supported.

    *

    * @throws PEAR_Error

    * @access private

    * @return mixed     the crypted password or PEAR_Error

    * @param  string    $pass   the plaintext password

    * @param  string    $salt   the crypted password from which to gain the salt

    * @param  string    $mode   the encryption mode to use; don't set, because

    *                           it's usually taken from File_Passwd_Unix::_mode

    */

    function _genPass($pass, $salt = null, $mode = null)

    {

        static $crypters;

        if (!isset($crypters)) {

            $crypters = get_class_methods('File_Passwd');

        }

        $mode = !isset($mode) ? strToLower($this->_mode) : strToLower($mode);

        $func = 'crypt_' . $mode;

        if (!in_array($func, $crypters)) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_INVALID_ENC_MODE_STR, $mode),

                FILE_PASSWD_E_INVALID_ENC_MODE

            );

        }

        return call_user_func(array('File_Passwd', $func), $pass, $salt);

    }

    /**

    * Generate Password

    *

    * Returns PEAR_Error FILE_PASSD_E_INVALID_ENC_MODE if the supplied

    * encryption mode is not supported.

    *

    * @see File_Passwd

    * @static

    * @access   public

    * @return   mixed   The crypted password on success or PEAR_Error on failure.

    * @param    string  $pass The plaintext password.

    * @param    string  $mode The encryption mode to use.

    * @param    string  $salt The salt to use.

    */

    function generatePasswd($pass, $mode = FILE_PASSWD_MD5, $salt = null)

    {

        if (!isset($mode)) {

            return PEAR::raiseError(

                sprintf(FILE_PASSWD_E_INVALID_ENC_MODE_STR, '<NULL>'),

                FILE_PASSWD_E_INVALID_ENC_MODE

            );

        }

        return File_Passwd_Unix::_genPass($pass, $salt, $mode);

    }

    /**

     * @ignore

     * @deprecated

     */

    function generatePassword($pass, $mode = FILE_PASSWD_MD5, $salt = null)

    {

        return File_Passwd_Unix::generatePasswd($pass, $mode, $salt);

    }

}

?>