Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F174657
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
6 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/plugins/password/drivers/ldap_exop.php b/plugins/password/drivers/ldap_exop.php
index 796bef85b..e74805d91 100644
--- a/plugins/password/drivers/ldap_exop.php
+++ b/plugins/password/drivers/ldap_exop.php
@@ -1,76 +1,74 @@
<?php
/**
* LDAP - Password Modify Extended Operation Driver
*
* Driver for passwords stored in LDAP
* This driver is based on Simple LDAP Password Driver, but uses
* Password Modify Extended Operation
* PHP >= 7.2 required
*
* @version 1.0
* @author Peter Kubica <peter@kubica.ch>
*
* Copyright (C) The Roundcube Dev Team
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see http://www.gnu.org/licenses/.
*/
require_once __DIR__ . '/ldap_simple.php';
class rcube_ldap_exop_password extends rcube_ldap_simple_password
{
- private $debug = false;
-
function save($curpass, $passwd)
{
if (!function_exists('ldap_exop_passwd')) {
rcube::raise_error(array(
'code' => 100, 'type' => 'ldap',
'file' => __FILE__, 'line' => __LINE__,
'message' => "ldap_exop_passwd not supported"
),
true);
return PASSWORD_ERROR;
}
// Connect and bind
$ret = $this->connect($curpass);
if ($ret !== true) {
return $ret;
}
if (!ldap_exop_passwd($this->conn, $this->user, $curpass, $passwd)) {
$this->_debug("S: ".ldap_error($this->conn));
$errno = ldap_errno($this->conn);
ldap_unbind($this->conn);
if ($errno == 0x13) {
return PASSWORD_CONSTRAINT_VIOLATION;
}
return PASSWORD_CONNECT_ERROR;
}
$this->_debug("S: OK");
// All done, no error
ldap_unbind($this->conn);
return PASSWORD_SUCCESS;
}
}
diff --git a/plugins/password/drivers/ldap_ppolicy.php b/plugins/password/drivers/ldap_ppolicy.php
index 84c2c2874..ddbf53535 100644
--- a/plugins/password/drivers/ldap_ppolicy.php
+++ b/plugins/password/drivers/ldap_ppolicy.php
@@ -1,95 +1,97 @@
<?php
/**
* ldap_ppolicy driver
*
* Driver that adds functionality to change the user password via
* the 'change_ldap_pass.pl' command respecting password policy (history) in LDAP.
*
* @version 1.0
* @author Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
*/
class rcube_ldap_ppolicy_password
{
+ protected $debug = false;
+
public function save($currpass, $newpass, $username)
{
$rcmail = rcmail::get_instance();
$this->debug = $rcmail->config->get('ldap_debug');
$cmd = $rcmail->config->get('password_ldap_ppolicy_cmd');
$uri = $rcmail->config->get('password_ldap_ppolicy_uri');
$baseDN = $rcmail->config->get('password_ldap_ppolicy_basedn');
$filter = $rcmail->config->get('password_ldap_ppolicy_search_filter');
$bindDN = $rcmail->config->get('password_ldap_ppolicy_searchDN');
$bindPW = $rcmail->config->get('password_ldap_ppolicy_searchPW');
$cafile = $rcmail->config->get('password_ldap_ppolicy_cafile');
$log_dir = $rcmail->config->get('log_dir');
if (empty($log_dir)) {
$log_dir = RCUBE_INSTALL_PATH . 'logs';
}
// try to open specific log file for writing
$logfile = $log_dir.'/password_ldap_ppolicy.err';
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("file", $logfile, "a") // stderr is a file to write to
);
$cmd = 'plugins/password/helpers/'. $cmd;
$this->_debug("parameters:\ncmd:$cmd\nuri:$uri\nbaseDN:$baseDN\nfilter:$filter");
$process = proc_open($cmd, $descriptorspec, $pipes);
if (is_resource($process)) {
// $pipes now looks like this:
// 0 => writeable handle connected to child stdin
// 1 => readable handle connected to child stdout
// Any error output will be appended to /tmp/error-output.txt
fwrite($pipes[0], $uri."\n");
fwrite($pipes[0], $baseDN."\n");
fwrite($pipes[0], $filter."\n");
fwrite($pipes[0], $bindDN."\n");
fwrite($pipes[0], $bindPW."\n");
fwrite($pipes[0], $username."\n");
fwrite($pipes[0], $currpass."\n");
fwrite($pipes[0], $newpass."\n");
fwrite($pipes[0], $cafile);
fclose($pipes[0]);
$result = stream_get_contents($pipes[1]);
fclose($pipes[1]);
$this->_debug('Result:'.$result);
switch ($result) {
case "OK":
return PASSWORD_SUCCESS;
case "Password is in history of old passwords":
return PASSWORD_IN_HISTORY;
case "Cannot connect to any server":
return PASSWORD_CONNECT_ERROR;
default:
rcube::raise_error(array(
'code' => 600,
'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
'message' => $result
), true, false);
}
return PASSWORD_ERROR;
}
}
private function _debug($str)
{
if ($this->debug) {
rcube::write_log('password_ldap_ppolicy', $str);
}
}
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Jan 18, 9:29 PM (10 h, 19 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
120013
Default Alt Text
(6 KB)
Attached To
Mode
R3 roundcubemail
Attached
Detach File
Event Timeline
Log In to Comment