Transparent authentication should set 'userId', 'credentials', or
'params' in $this->_credentials as needed - these values will be used
to set the credentials in the session.
Transparent authentication should normally never throw an error - false
should be returned.
public transparent ( ) : boolean | ||
리턴 | boolean | Whether transparent login is supported. |
/** * Authenticate to Horde * * @param string $username The username to authenticate as (as passed by * the device). * @param string $password The password * @param string $domain The user domain (unused in this driver). * * @return mixed Boolean true on success, boolean false on credential * failure or Horde_ActiveSync::AUTH_REASON_* * constant on policy failure. */ public function authenticate($username, $password, $domain = null) { global $injector, $conf; $this->_logger->info(sprintf('[%s] Horde_Core_ActiveSync_Driver::authenticate() attempt for %s', $this->_pid, $username)); // First try transparent/X509. Happens for authtype == 'cert' || 'basic_cert' if ($conf['activesync']['auth']['type'] != 'basic') { if (!$this->_auth->transparent()) { $injector->getInstance('Horde_Log_Logger')->notice(sprintf('Login failed ActiveSync client certificate for user %s.', $username)); return false; } if ($username != $GLOBALS['registry']->getAuth()) { $injector->getInstance('Horde_Log_Logger')->notice(sprintf('Access granted based on transparent authentication of user %s, but ActiveSync client is requesting access for %s.', $GLOBALS['registry']->getAuth(), $username)); $GLOBALS['registry']->clearAuth(); return false; } $this->_logger->info(sprintf('Access granted based on transparent authentication for %s. Client certificate name: %s', $GLOBALS['registry']->getAuth(), $username)); } // Now check Basic. Happens for authtype == 'basic' || 'basic_cert' if ($conf['activesync']['auth']['type'] != 'cert' && !$this->_auth->authenticate($username, array('password' => $password))) { $injector->getInstance('Horde_Log_Logger')->notice(sprintf('Login failed from ActiveSync client for user %s.', $username)); return false; } // Get the username from the registry so we capture it after any // hooks were run on it. $username = $GLOBALS['registry']->getAuth(); $perms = $injector->getInstance('Horde_Perms'); if ($perms->exists('horde:activesync')) { // Check permissions to ActiveSync if (!$this->_getPolicyValue('activesync', $perms->getPermissions('horde:activesync', $username))) { $this->_logger->info(sprintf("Access denied for user %s per policy settings.", $username)); return Horde_ActiveSync::AUTH_REASON_USER_DENIED; } } return parent::authenticate($username, $password, $domain); }
/** * Automatic authentication. * * @return boolean Whether or not the client is allowed. * @throws Horde_Auth_Exception */ public function transparent() { global $registry; if (!($userId = $this->getCredential('userId'))) { $userId = $registry->getAuth(); } if (!($credentials = $this->getCredential('credentials'))) { $credentials = $registry->getAuthCredential(); } list($userId, $credentials) = $this->runHook($userId, $credentials, 'preauthenticate', 'transparent'); $this->setCredential('userId', $userId); $this->setCredential('credentials', $credentials); if ($this->_base) { $result = $this->_base->transparent(); } elseif ($this->hasCapability('transparent')) { $result = $registry->callAppMethod($this->_app, 'authTransparent', array('args' => array($this), 'noperms' => true)); } else { /* If this application contains neither transparent nor * authenticate capabilities, it does not require any * authentication if already authenticated to Horde. */ $result = $registry->getAuth() && !$this->hasCapability('authenticate'); } return $result && $this->_setAuth(); }
/** */ public function transparent() { return $this->_base->transparent(); }