1<?php
2/**
3 * Copyright 1999-2017 Horde LLC (http://www.horde.org/)
4 *
5 * See the enclosed file COPYING for license information (LGPL). If you did
6 * not receive this file, see http://www.horde.org/licenses/lgpl21.
7 *
8 * @author   Jon Parise <jon@horde.org>
9 * @author   Marcus I. Ryan <marcus@riboflavin.net>
10 * @category Horde
11 * @license  http://www.horde.org/licenses/lgpl21 LGPL-2.1
12 * @package  Auth
13 * @todo     Add driver for other smbclient extensions https://github.com/eduardok/libsmbclient-php http://pecl.php.net/package/smbclient
14 */
15
16/**
17 * The Horde_Auth_Smb class provides a SMB implementation of the Horde
18 * authentication system.
19 *
20 * This module requires the smbauth extension for PHP:
21 *   http://tekrat.com/wp/smbauth/
22 *
23 * At the time of this writing, the extension, and thus this module, only
24 * supported authentication against a domain, and pdc and bdc must be non-null
25 * and not equal to each other. In other words, to use this module you must
26 * have a domain with at least one PDC and one BDC.
27 *
28 * @author    Jon Parise <jon@horde.org>
29 * @author    Marcus I. Ryan <marcus@riboflavin.net>
30 * @category  Horde
31 * @copyright 1999-2017 Horde LLC
32 * @license   http://www.horde.org/licenses/lgpl21 LGPL-2.1
33 * @package   Auth
34 */
35class Horde_Auth_Smb extends Horde_Auth_Base
36{
37    /**
38     * Constructor.
39     *
40     * @param array $params  Parameters:
41     * <pre>
42     * 'domain' - (string) [REQUIRED] The domain name to authenticate with.
43     * 'group' - Group name that the user must be a member of.
44     *           DEFAULT: none
45     * 'hostspec' - (string) [REQUIRED] IP, DNS Name, or NetBios name of the
46     *              SMB server to authenticate with.
47     * </pre>
48     *
49     * @throws Horde_Auth_Exception
50     * @throws InvalidArgumentException
51     */
52    public function __construct(array $params = array())
53    {
54        if (!Horde_Util::extensionExists('smbauth')) {
55            throw new Horde_Auth_Exception(__CLASS__ . ': Required smbauth extension not found.');
56        }
57
58        foreach (array('domain', 'hostspec') as $val) {
59            if (empty($params[$val])) {
60                throw new InvalidArgumentException('Missing ' . $val . ' parameter.');
61            }
62        }
63
64        $params = array_merge(array(
65            'group' => null
66        ), $params);
67
68        parent::__construct($params);
69    }
70
71    /**
72     * Find out if the given set of login credentials are valid.
73     *
74     * @param string $userId      The userId to check.
75     * @param array $credentials  An array of login credentials.
76     *
77     * @throws Horde_Auth_Exception
78     */
79    public function _authenticate($userId, $credentials)
80    {
81        if (empty($credentials['password'])) {
82            throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
83        }
84
85        /* Authenticate. */
86        $rval = validate($this->_params['hostspec'],
87                         $this->_params['domain'],
88                         empty($this->_params['group']) ? '' : $this->_params['group'],
89                         $userId,
90                         $credentials['password']);
91
92        if ($rval === 1) {
93            throw new Horde_Auth_Exception('Failed to connect to SMB server.');
94        } elseif ($rval !== 0) {
95            throw new Horde_Auth_Exception(err2str());
96        }
97    }
98
99}
100