/**
* Authenticate to Horde
*
* @param string $username The username to authenticate as (as passed by
* the device).
* @param string $password The password
* @param string $domain The user domain (unused in this driver).
*
* @return mixed Boolean true on success, boolean false on credential
* failure or Horde_ActiveSync::AUTH_REASON_*
* constant on policy failure.
*/
public function authenticate($username, $password, $domain = null)
{
global $injector, $conf;
$this->_logger->info(sprintf('[%s] Horde_Core_ActiveSync_Driver::authenticate() attempt for %s', $this->_pid, $username));
// First try transparent/X509. Happens for authtype == 'cert' || 'basic_cert'
if ($conf['activesync']['auth']['type'] != 'basic') {
if (!$this->_auth->transparent()) {
$injector->getInstance('Horde_Log_Logger')->notice(sprintf('Login failed ActiveSync client certificate for user %s.', $username));
return false;
}
if ($username != $GLOBALS['registry']->getAuth()) {
$injector->getInstance('Horde_Log_Logger')->notice(sprintf('Access granted based on transparent authentication of user %s, but ActiveSync client is requesting access for %s.', $GLOBALS['registry']->getAuth(), $username));
$GLOBALS['registry']->clearAuth();
return false;
}
$this->_logger->info(sprintf('Access granted based on transparent authentication for %s. Client certificate name: %s', $GLOBALS['registry']->getAuth(), $username));
}
// Now check Basic. Happens for authtype == 'basic' || 'basic_cert'
if ($conf['activesync']['auth']['type'] != 'cert' && !$this->_auth->authenticate($username, array('password' => $password))) {
$injector->getInstance('Horde_Log_Logger')->notice(sprintf('Login failed from ActiveSync client for user %s.', $username));
return false;
}
// Get the username from the registry so we capture it after any
// hooks were run on it.
$username = $GLOBALS['registry']->getAuth();
$perms = $injector->getInstance('Horde_Perms');
if ($perms->exists('horde:activesync')) {
// Check permissions to ActiveSync
if (!$this->_getPolicyValue('activesync', $perms->getPermissions('horde:activesync', $username))) {
$this->_logger->info(sprintf("Access denied for user %s per policy settings.", $username));
return Horde_ActiveSync::AUTH_REASON_USER_DENIED;
}
}
return parent::authenticate($username, $password, $domain);
}