Transparent authentication should set 'userId', 'credentials', or
'params' in $this->_credentials as needed - these values will be used
to set the credentials in the session.
Transparent authentication should normally never throw an error - false
should be returned.
| public transparent ( ) : boolean | ||
| 리턴 | boolean | Whether transparent login is supported. |
/**
* Authenticate to Horde
*
* @param string $username The username to authenticate as (as passed by
* the device).
* @param string $password The password
* @param string $domain The user domain (unused in this driver).
*
* @return mixed Boolean true on success, boolean false on credential
* failure or Horde_ActiveSync::AUTH_REASON_*
* constant on policy failure.
*/
public function authenticate($username, $password, $domain = null)
{
global $injector, $conf;
$this->_logger->info(sprintf('[%s] Horde_Core_ActiveSync_Driver::authenticate() attempt for %s', $this->_pid, $username));
// First try transparent/X509. Happens for authtype == 'cert' || 'basic_cert'
if ($conf['activesync']['auth']['type'] != 'basic') {
if (!$this->_auth->transparent()) {
$injector->getInstance('Horde_Log_Logger')->notice(sprintf('Login failed ActiveSync client certificate for user %s.', $username));
return false;
}
if ($username != $GLOBALS['registry']->getAuth()) {
$injector->getInstance('Horde_Log_Logger')->notice(sprintf('Access granted based on transparent authentication of user %s, but ActiveSync client is requesting access for %s.', $GLOBALS['registry']->getAuth(), $username));
$GLOBALS['registry']->clearAuth();
return false;
}
$this->_logger->info(sprintf('Access granted based on transparent authentication for %s. Client certificate name: %s', $GLOBALS['registry']->getAuth(), $username));
}
// Now check Basic. Happens for authtype == 'basic' || 'basic_cert'
if ($conf['activesync']['auth']['type'] != 'cert' && !$this->_auth->authenticate($username, array('password' => $password))) {
$injector->getInstance('Horde_Log_Logger')->notice(sprintf('Login failed from ActiveSync client for user %s.', $username));
return false;
}
// Get the username from the registry so we capture it after any
// hooks were run on it.
$username = $GLOBALS['registry']->getAuth();
$perms = $injector->getInstance('Horde_Perms');
if ($perms->exists('horde:activesync')) {
// Check permissions to ActiveSync
if (!$this->_getPolicyValue('activesync', $perms->getPermissions('horde:activesync', $username))) {
$this->_logger->info(sprintf("Access denied for user %s per policy settings.", $username));
return Horde_ActiveSync::AUTH_REASON_USER_DENIED;
}
}
return parent::authenticate($username, $password, $domain);
}
/**
* Automatic authentication.
*
* @return boolean Whether or not the client is allowed.
* @throws Horde_Auth_Exception
*/
public function transparent()
{
global $registry;
if (!($userId = $this->getCredential('userId'))) {
$userId = $registry->getAuth();
}
if (!($credentials = $this->getCredential('credentials'))) {
$credentials = $registry->getAuthCredential();
}
list($userId, $credentials) = $this->runHook($userId, $credentials, 'preauthenticate', 'transparent');
$this->setCredential('userId', $userId);
$this->setCredential('credentials', $credentials);
if ($this->_base) {
$result = $this->_base->transparent();
} elseif ($this->hasCapability('transparent')) {
$result = $registry->callAppMethod($this->_app, 'authTransparent', array('args' => array($this), 'noperms' => true));
} else {
/* If this application contains neither transparent nor
* authenticate capabilities, it does not require any
* authentication if already authenticated to Horde. */
$result = $registry->getAuth() && !$this->hasCapability('authenticate');
}
return $result && $this->_setAuth();
}
/**
*/
public function transparent()
{
return $this->_base->transparent();
}
