From 6319e57981296ad9d922c921f59a701569a89057 Mon Sep 17 00:00:00 2001
From: "jan@unixpapa.com"
 <jan@unixpapa.com@8c465660-3f02-11de-a81c-fde7d73ceb89>
Date: Fri, 7 Dec 2012 16:41:25 +0000
Subject: [PATCH] Added test/test.pipe.php

---
 mod_authnz_external/AUTHENTICATORS     |  9 ++++--
 mod_authnz_external/CHANGES            |  5 ++++
 mod_authnz_external/test/README        | 13 ++++++---
 mod_authnz_external/test/test.pipe.php | 40 ++++++++++++++++++++++++++
 4 files changed, 61 insertions(+), 6 deletions(-)
 create mode 100755 mod_authnz_external/test/test.pipe.php

diff --git a/mod_authnz_external/AUTHENTICATORS b/mod_authnz_external/AUTHENTICATORS
index 734fb53..0050627 100644
--- a/mod_authnz_external/AUTHENTICATORS
+++ b/mod_authnz_external/AUTHENTICATORS
@@ -5,7 +5,7 @@
 LANGUAGES
 
  External authenticators can be written in almost any language.  The sample
- authenticators in the 'test' directory are in Perl.  The 'pwauth'
+ authenticators in the 'test' directory are in Perl and PHP.  The 'pwauth'
  authenticator is in ANSI C.  The example code fragments in this document
  are in C.
 
@@ -40,6 +40,9 @@ SECURITY
     rlim.rlim_cur = rlim.rlim_max = 0;
     (void)setrlimit(RLIMIT_CORE, &rlim);
 
+   Actually, core dumps seem to be mostly a thing of the past. Most modern
+   Unixes don't seem to generate them.
+
  It may not hurt to spend a little time looking at the features of the pwauth
  authenticator, which is the most secure external authenticator that I have
  written.
@@ -114,7 +117,9 @@ PASSWORD AUTHENTICATORS
   USER and PASS environment variables respectively.
   
   Note that the environment method has fundamental security weaknesses,
-  and should probably not be used.  Use the pipe method instead.
+  and should probably not be used unless you have cause to believe it is
+  safe on your system. I wouldn't be surprised if it is marginally faster
+  than the pipe method. Most applications should use the pipe method instead.
 
   A typical chunk of C code to authenticate with the environment method
   might be like:
diff --git a/mod_authnz_external/CHANGES b/mod_authnz_external/CHANGES
index edc8e27..7493377 100644
--- a/mod_authnz_external/CHANGES
+++ b/mod_authnz_external/CHANGES
@@ -1,3 +1,8 @@
+v3.3.2   (Jan Wolter - NOT YET RELEASED)
+----------------------------------------------
+ * Added test/test.pipe.php, a PHP version of test/test.pipe contributed
+   by Claus Andersen.
+
 v3.3.1   (Jan Wolter - Oct 12, 2011)
 ----------------------------------------------
  * Deleted most of the sample authenticators from the distribution. They
diff --git a/mod_authnz_external/test/README b/mod_authnz_external/test/README
index e2a8f07..c2eea9e 100644
--- a/mod_authnz_external/test/README
+++ b/mod_authnz_external/test/README
@@ -1,9 +1,11 @@
 These are dummy external authenticator programs used for testing
 mod_auth_external or mod_authnz_external.
 
-They are all Perl scripts.  Before using them, make sure that the
-#!/usr/bin/perl directives in the first lines give the correct pathname
-for the Perl interpretor on your system.
+They are mostly Perl scripts, and one PHP script.  Before using them, make
+sure that the directives on the first lines of each file:
+    #!/usr/bin/perl
+    #!/usr/bin/php
+give the correct pathname for the Perl and/or PHP interpretors on your system.
 
 The files are:
 
@@ -12,6 +14,8 @@ The files are:
    testgroup.pipe   Dummy group check program using pipe method
    testgroup.env    Dummy group check program using environment method
 
+   test.pipe.php    PHP version of test.pipe
+
 The user authentication programs will accept a login if the user name
 matches the password, and will reject all others.
 
@@ -25,4 +29,5 @@ see what happens when you try an authentication.
 (Obviously you wouldn't want to log plain-text passwords in a real
 authentication program).
 
-Author & Maintainer:  Jan Wolter   http://www.unixpapa.com
+Author & Maintainer for Perl Versions:  Jan Wolter   http://www.unixpapa.com
+Author of PHP Version: Claus Andersen
diff --git a/mod_authnz_external/test/test.pipe.php b/mod_authnz_external/test/test.pipe.php
new file mode 100755
index 0000000..7d19c24
--- /dev/null
+++ b/mod_authnz_external/test/test.pipe.php
@@ -0,0 +1,40 @@
+#!/usr/bin/php
+<?php
+
+// Test authenticator using pipe method.  Logins will be accepted if the
+// login and the password are identical, and will be rejected otherwise.
+//
+// This authenticator does copious logging by writing all sorts of stuff to
+// STDERR.  A production authenticator would not normally do this, and it
+// *especially* would not write the plain text password out to the log file.
+
+// Get the name of this program
+$prog = $argv[0];
+
+// Get the user name
+$user = trim(fgets(STDIN));
+
+// Get the password
+$pass = trim(fgets(STDIN));
+
+// Print them to the error_log file
+fwrite(STDERR, $prog . ": user='" . $user . "' pass='" . $pass . "'\n");
+
+foreach ($_ENV as $k => $v)
+{
+	fwrite(STDERR, $prog . ': ' . $k . '=' . $v . "\n");
+}
+
+// Accept the login if the user name matchs the password
+if ($user == $pass)
+{
+	fwrite(STDERR, $prog . ": login matches password - Accepted\n");
+	exit(0);
+}
+else
+{
+	fwrite(STDERR, $prog . ": login doesn't match password - Rejected\n");
+	exit(1);
+}
+
+?>
-- 
2.40.0