1<?php
2/**
3 * Copyright 2004-2017 Horde LLC (http://www.horde.org/)
4 *
5 * See the enclosed file COPYING for license information (GPL). If you
6 * did not receive this file, see http://www.horde.org/licenses/gpl.
7 *
8 * @category  Horde
9 * @copyright 2004-2017 Horde LLC
10 * @license   http://www.horde.org/licenses/gpl GPL
11 * @package   Passwd
12 */
13
14/**
15 * The ADSI class changes a user's password on any Windows Machine/NT-Domain
16 * using the ADSI COM Interface.
17 *
18 * NOTES:
19 *
20 * - If you plan to implement passwd over Active Direcory you must use the
21 *   LDAP driver and not this one! This driver is designed for standalone
22 *   machines or NT4 domains, only.
23 *
24 * - The host server must be Win32 with ADSI support.
25 *
26 * Sample backend configuration:
27 * <code>
28 * $backends['adsi'] = array(
29 *    'name' => 'Sample ADSI backend',
30 *    'preferred' => 'localhost',
31 *    'policy' => array(
32 *        'minLength' => 8,
33 *        'maxLength' => 14
34 *    ),
35 *    'driver' => 'adsi',
36 *    'params' => array(
37 *        'target' => 'YOUR_MACHINE/DOMAIN_NAME_HERE'
38 *    )
39 * )
40 * </code>
41 *
42 * Backend parameters:
43 * target = Target Windows machine/domain name (Required)
44 *
45 * @author    Luiz R Malheiros <malheiros@gmail.com>
46 * @category  Horde
47 * @copyright 2004-2017 Horde LLC
48 * @license   http://www.horde.org/licenses/gpl GPL
49 * @package   Passwd
50 */
51class Passwd_Driver_Adsi extends Passwd_Driver
52{
53    /**
54     */
55    protected function _changePassword($user, $oldpass, $newpass)
56    {
57        if (empty($this->_params['target'])) {
58            throw new Passwd_Exception(_("Password module is missing target parameter."));
59        }
60
61        $root = new COM('WinNT:');
62        $adsi = $root->OpenDSObject(
63            'WinNT://' . $this->_params['target'] . '/' . $user . ',user',
64            $this->_params['target'] . '\\' . $user,
65            $oldpass,
66            1
67        );
68
69        if (!$adsi) {
70            throw new Passwd_Exception(_("Access Denied."));
71        }
72        if ($result = $adsi->ChangePassword($oldpass, $newpass)) {
73            throw new Passwd_Exception(sprintf(_("ADSI error %s."), $result));
74        }
75    }
76
77}
78