X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=plugins%2Fpassword%2Fdrivers%2Fldap.php;h=e6450e5e12fc6378eb3a461a83ae14404d819f26;hb=76507f7c63a660742e76889ad6e3919f3dde3bb0;hp=e4d91fe1b61daaa47173ffea33a9ad20602c5403;hpb=4212156c5c79d2f58342feb0d3ed1893f177bcab;p=roundcube.git diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php index e4d91fe..e6450e5 100644 --- a/plugins/password/drivers/ldap.php +++ b/plugins/password/drivers/ldap.php @@ -62,43 +62,59 @@ function password_save($curpass, $passwd) return PASSWORD_CONNECT_ERROR; } - // Crypting new password - $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); - if (!$newCryptedPassword) { + $crypted_pass = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); + $force = $rcmail->config->get('password_ldap_force_replace'); + $pwattr = $rcmail->config->get('password_ldap_pwattr'); + $lchattr = $rcmail->config->get('password_ldap_lchattr'); + $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); + $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); + $samba = $rcmail->config->get('password_ldap_samba'); + + // Support password_ldap_samba option for backward compat. + if ($samba && !$smbpwattr) { + $smbpwattr = 'sambaNTPassword'; + $smblchattr = 'sambaPwdLastSet'; + } + + // Crypt new password + if (!$crypted_pass) { return PASSWORD_CRYPT_ERROR; } + // Crypt new samba password + if ($smbpwattr && !($samba_pass = hashPassword($passwd, 'samba'))) { + return PASSWORD_CRYPT_ERROR; + } + // Writing new crypted password to LDAP $userEntry = $ldap->getEntry($userDN); if (Net_LDAP2::isError($userEntry)) { return PASSWORD_CONNECT_ERROR; } - $pwattr = $rcmail->config->get('password_ldap_pwattr'); - $force = $rcmail->config->get('password_ldap_force_replace'); - - if (!$userEntry->replace(array($pwattr => $newCryptedPassword), $force)) { + if (!$userEntry->replace(array($pwattr => $crypted_pass), $force)) { return PASSWORD_CONNECT_ERROR; } // Updating PasswordLastChange Attribute if desired - if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) { + if ($lchattr) { $current_day = (int)(time() / 86400); if (!$userEntry->replace(array($lchattr => $current_day), $force)) { return PASSWORD_CONNECT_ERROR; } } - if (Net_LDAP2::isError($userEntry->update())) { - return PASSWORD_CONNECT_ERROR; + // Update Samba password and last change fields + if ($smbpwattr) { + $userEntry->replace(array($smbpwattr => $samba_pass), $force); + } + // Update Samba password last change field + if ($smblchattr) { + $userEntry->replace(array($smblchattr => time()), $force); } - // Update Samba password fields, ignore errors if attributes are not found - if ($rcmail->config->get('password_ldap_samba')) { - $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE')); - $userEntry->replace(array('sambaNTPassword' => $sambaNTPassword), $force); - $userEntry->replace(array('sambaPwdLastSet' => time()), $force); - $userEntry->update(); + if (Net_LDAP2::isError($userEntry->update())) { + return PASSWORD_CONNECT_ERROR; } // All done, no error @@ -184,7 +200,7 @@ function substitute_vars($str) * */ -function hashPassword( $passwordClear, $encodageType ) +function hashPassword( $passwordClear, $encodageType ) { $encodageType = strtolower( $encodageType ); switch( $encodageType ) { @@ -253,6 +269,16 @@ function hashPassword( $passwordClear, $encodageType ) } break; + case 'samba': + if (function_exists('hash')) { + $cryptedPassword = hash('md4', rcube_charset_convert($passwordClear, RCMAIL_CHARSET, 'UTF-16LE')); + $cryptedPassword = strtoupper($cryptedPassword); + } else { + /* Your PHP install does not have the hash() function */ + return false; + } + break; + case 'clear': default: $cryptedPassword = $passwordClear;