1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2004 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
22 class passwordMethod
23 {
24 var $config = false;
26 // Konstructor
27 function passwordMethod($config)
28 {
29 }
31 // Loads Methods in annother way as get_available_methods do, (For setup ..)
32 // and loads them,.
33 function get_available_methods_if_not_loaded($path_to_load="../include")
34 {
35 $oh = opendir($path_to_load);
36 $i = 0;
37 $ret = false;
38 while ($file = readdir($oh)) {
39 $one = strtolower($file);
40 if((strstr($one,"class_password-methods-" ))&&($one[0]!=".")){
41 require_once($file);
42 }
43 }
44 return(passwordMethod::get_available_methods());
45 }
50 // Crypts a single string, with given Method
51 function crypt_single_str($string,$method)
52 {
53 $available = passwordMethod::get_available_methods();
54 if(!is_array($available))
55 {
56 $available = passwordMethod::get_available_methods_if_not_loaded();
57 }
59 $test = new $available[$method](false);
60 $newpass = $test->generate_hash($string);
61 return( $newpass);
62 }
65 // this function returns all loaded classes for password encryption
66 function get_available_methods()
67 {
68 $ret =false;
69 $all = get_declared_classes();
70 $i = 0;
71 foreach($all as $one) {
72 if(preg_match('/passwordMethod/i', $one) && !preg_match("/^passwordMethod$/i", $one)){
73 $name = preg_replace ("/passwordMethod/i", "", $one);
74 $test = new $one(false);
75 if($test->is_available()) {
76 $plugname= strtolower(preg_replace ("/passwordMethod/i","",$one));
77 $ret['name'][$i]= $plugname;
78 $ret['class'][$i]=$one;
79 $ret[$i]['name']= $plugname;
80 $ret[$i]['class']= $one;
81 $ret[$plugname]=$one;
82 $i++;
83 }
84 }
85 }
86 return($ret);
87 }
89 }
91 // change_password, changes the Password, of the given dn
92 function change_password ($dn, $password, $mode=0, $hash= "")
93 {
94 global $config;
95 $newpass= "";
97 // Get all available encryption Methods
98 $available = passwordMethod::get_available_methods();
100 // read current password entry for $dn, to detect the encryption Method
101 $ldap = $config->get_ldap_link();
102 $ldap->cat ($dn);
103 $attrs = $ldap->fetch ();
105 // Set encryption type to clear if required
106 if (isset($attrs['userPassword'][0]) && preg_match('/^[^{}]+$/', $attrs['userPassword'][0]) && $hash == ""){
107 $hash= "clear";
108 }
110 // Detect the encryption Method
111 if ( (isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)) || $hash != ""){
113 /* Check for supported algorithm */
114 mt_srand((double) microtime()*1000000);
116 /* Extract used hash */
117 if ($hash == ""){
118 $hash= strtolower($matches[1]);
119 }
122 // Crypt with the detected Method
123 $test = new $available[$hash]($config);
124 $newpass = $test->generate_hash($password);
126 } else {
127 // Crypt it by default
128 $test = new $available['md5']($config);
129 $newpass = $test->generate_hash($password);
130 }
132 // Update shadow timestamp?
133 if (isset($attrs["shadowLastChange"][0])){
134 $shadow= (int)(date("U") / 86400);
135 } else {
136 $shadow= 0;
137 }
139 // Write back modified entry
140 $ldap->cd($dn);
141 $attrs= array();
143 // Not for groups
144 if ($mode == 0){
146 if ($shadow != 0){
147 $attrs['shadowLastChange']= $shadow;
148 }
150 // Create SMB Password
151 $attrs= generate_smb_nt_hash($password);
152 }
154 $attrs['userPassword']= array();
155 $attrs['userPassword']= $newpass;
158 $ldap->modify($attrs);
161 if ($ldap->error != 'Success') {
162 print_red(sprintf(_("Setting the password failed. LDAP server says '%s'."),
163 $ldap->get_error()));
164 } else {
166 /* Find postmodify entries for this class */
167 $command= search_config($config->data['MENU'], "password", "POSTMODIFY");
169 if ($command != ""){
170 /* Walk through attribute list */
171 $command= preg_replace("/%userPassword/", $password, $command);
172 $command= preg_replace("/%dn/", $dn, $command);
174 if (check_command($command)){
175 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
176 exec($command);
177 } else {
178 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, "password");
179 print_red ($message);
180 }
181 }
182 }
183 }
186 // Return something like array['sambaLMPassword']= "lalla..."
187 function generate_smb_nt_hash($password)
188 {
189 global $config;
190 $tmp= $config->data['MAIN']['SMBHASH']." ".escapeshellarg($password);
191 @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
193 exec($tmp, $ar);
194 flush();
195 reset($ar);
196 $hash= current($ar);
197 if ($hash == "")
198 {
199 print_red (_("Setting for SMBHASH in gosa.conf is incorrect! Can't change Samba password."));
200 }
201 else
202 {
203 list($lm,$nt)= split (":", trim($hash));
205 if ($config->current['SAMBAVERSION'] == 3)
206 {
207 $attrs['sambaLMPassword']= $lm;
208 $attrs['sambaNTPassword']= $nt;
209 $attrs['sambaPwdLastSet']= date('U');
210 $attrs['sambaBadPasswordCount']= "0";
211 $attrs['sambaBadPasswordTime']= "0";
212 } else {
213 $attrs['lmPassword']= $lm;
214 $attrs['ntPassword']= $nt;
215 $attrs['pwdLastSet']= date('U');
216 }
217 return($attrs);
218 }
219 }
221 function crypt_single($string,$enc_type )
222 {
223 if(!class_exists("passwordMethod")){
224 require_once("class_password-methods.inc");
225 }
226 return( passwordMethod::crypt_single_str($string,$enc_type));
227 }
229 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
230 ?>