1<?php
2/**
3 * Copyright 1999-2017 Horde LLC (http://www.horde.org/)
4 *
5 * See the enclosed file COPYING for license information (LGPL). If you did
6 * not receive this file, see http://www.horde.org/licenses/lgpl21.
7 *
8 * @author   Jon Parise <jon@horde.org>
9 * @author   Marcus I. Ryan <marcus@riboflavin.net>
10 * @category Horde
11 * @license  http://www.horde.org/licenses/lgpl21 LGPL-2.1
12 * @package  Auth
13 * @todo     Add driver for smbclient extension https://github.com/eduardok/libsmbclient-php
14 */
15
16/**
17 * The Horde_Auth_Smbclient class provides an smbclient implementation of
18 * the Horde authentication system.
19 *
20 * @author    Jon Parise <jon@horde.org>
21 * @author    Marcus I. Ryan <marcus@riboflavin.net>
22 * @category  Horde
23 * @copyright 1999-2017 Horde LLC
24 * @license   http://www.horde.org/licenses/lgpl21 LGPL-2.1
25 * @package   Auth
26 */
27class Horde_Auth_Smbclient extends Horde_Auth_Base
28{
29    /**
30     * Constructor.
31     *
32     * @param array $params  Parameters:
33     * <pre>
34     * 'domain' - (string) [REQUIRED] The domain name to authenticate with.
35     * 'group' - Group name that the user must be a member of.
36     *           DEFAULT: none
37     * 'hostspec' - (string) [REQUIRED] IP, DNS Name, or NetBios name of the
38     *              SMB server to authenticate with.
39     * 'smbclient_path' - (string) [REQUIRED] The location of the smbclient
40     *                    utility.
41     * </pre>
42     *
43     * @throws InvalidArgumentException
44     */
45    public function __construct(array $params = array())
46    {
47        foreach (array('hostspec', 'domain', 'smbclient_path') as $val) {
48            if (empty($params[$val])) {
49                throw new InvalidArgumentException('Missing ' . $val . ' parameter.');
50            }
51        }
52
53        parent::__construct($params);
54    }
55
56    /**
57     * Find out if the given set of login credentials are valid.
58     *
59     * @param string $userId      The userId to check.
60     * @param array $credentials  An array of login credentials.
61     *
62     * @throws Horde_Auth_Exception
63     */
64    protected function _authenticate($userId, $credentials)
65    {
66        if (empty($credentials['password'])) {
67            throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
68        }
69
70        /* Authenticate. */
71        $cmdline = implode(' ', array(
72            $this->_params['smbclient_path'],
73            '-L',
74            $this->_params['hostspec'],
75            '-W',
76            $this->_params['domain'],
77            '-U',
78            $userId
79        ));
80
81        $sc = popen($cmdline, 'w');
82        if ($sc === false) {
83            throw new Horde_Auth_Exception('Unable to execute smbclient.');
84        }
85
86        fwrite($sc, $credentials['password']);
87        $rc = pclose($sc);
88
89        if (intval($rc & 0xff) != 0) {
90            throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
91        }
92    }
93
94}
95