![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2004 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
22 class passwordMethod
23 {
24 var $config = false;
26 // Konstructor
27 function passwordMethod($config)
28 {
29 }
31 // Loads Methods in annother way as get_available_methods do, (For setup ..)
32 // and loads them,.
33 function get_available_methods_if_not_loaded($path_to_load="../include")
34 {
35 $oh = opendir($path_to_load);
36 $i = 0;
37 $ret = false;
38 while ($file = readdir($oh)) {
39 $one = strtolower($file);
40 if((strstr($one,"class_password-methods-" ))&&($one[0]!=".")){
41 require_once($file);
42 }
43 }
44 return(passwordMethod::get_available_methods());
45 }
50 // Crypts a single string, with given Method
51 function crypt_single_str($string,$method)
52 {
53 $available = passwordMethod::get_available_methods();
54 if(!is_array($available))
55 {
56 $available = passwordMethod::get_available_methods_if_not_loaded();
57 }
59 $test = new $available[$method](false);
60 $newpass = $test->generate_hash($string);
61 return( $newpass);
62 }
65 // this function returns all loaded classes for password encryption
66 static function get_available_methods()
67 {
68 $ret =false;
69 $all = get_declared_classes();
70 $i = 0;
71 foreach($all as $one) {
72 if(preg_match('/passwordMethod/i', $one) && !preg_match("/^passwordMethod$/i", $one)){
73 $name = preg_replace ("/passwordMethod/i", "", $one);
74 $test = new $one(false);
75 if($test->is_available()) {
76 $plugname= strtolower(preg_replace ("/passwordMethod/i","",$one));
77 $ret['name'][$i]= $plugname;
78 $ret['class'][$i]=$one;
79 $ret[$i]['name']= $plugname;
80 $ret[$i]['class']= $one;
81 $ret[$plugname]=$one;
82 $i++;
83 }
84 }
85 }
86 return($ret);
87 }
89 }
91 // change_password, changes the Password, of the given dn
92 function change_password ($dn, $password, $mode=0, $hash= "")
93 {
95 global $config;
96 $newpass= "";
98 // Get all available encryption Methods
99 $available = passwordMethod::get_available_methods();
101 // read current password entry for $dn, to detect the encryption Method
102 $ldap = $config->get_ldap_link();
103 $ldap->cat ($dn);
104 $attrs = $ldap->fetch ();
106 // Set encryption type to clear if required
107 if (isset($attrs['userPassword'][0]) && preg_match('/^[^{}]+$/', $attrs['userPassword'][0]) && $hash == ""){
108 $hash= "clear";
109 }
111 // Detect the encryption Method
112 if ( (isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)) || $hash != ""){
114 /* Check for supported algorithm */
115 mt_srand((double) microtime()*1000000);
117 /* Extract used hash */
118 if ($hash == ""){
119 $hash= strtolower($matches[1]);
120 }
123 // Crypt with the detected Method
124 $test = new $available[$hash]($config);
125 $newpass = $test->generate_hash($password);
127 } else {
128 // Crypt it by default
129 $test = new $available['md5']($config);
130 $newpass = $test->generate_hash($password);
131 }
135 // Update shadow timestamp?
136 if (isset($attrs["shadowLastChange"][0])){
137 $shadow= (int)(date("U") / 86400);
138 } else {
139 $shadow= 0;
140 }
142 // Write back modified entry
143 $ldap->cd($dn);
144 $attrs= array();
146 // Not for groups
147 if ($mode == 0){
149 if ($shadow != 0){
150 $attrs['shadowLastChange']= $shadow;
151 }
153 // Create SMB Password
154 $attrs = generate_smb_nt_hash($password);
155 }
157 $attrs['userPassword']= array();
158 $attrs['userPassword']= $newpass;
161 $ldap->modify($attrs);
164 if ($ldap->error != 'Success')
165 {
166 print_red(sprintf(_("Setting the password failed. LDAP server says '%s'."),
167 $ldap->get_error()));
168 }
169 }
172 // Return something like array['sambaLMPassword']= "lalla..."
173 function generate_smb_nt_hash($password)
174 {
175 global $config;
176 $tmp= $config->data['MAIN']['SMBHASH']." ".escapeshellarg($password);
177 @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
179 exec($tmp, $ar);
180 flush();
181 reset($ar);
182 $hash= current($ar);
183 if ($hash == "")
184 {
185 print_red (_("Setting for SMBHASH in gosa.conf is incorrect! Can't change Samba password."));
186 }
187 else
188 {
189 list($lm,$nt)= split (":", trim($hash));
191 if ($config->current['SAMBAVERSION'] == 3)
192 {
193 $attrs['sambaLMPassword']= $lm;
194 $attrs['sambaNTPassword']= $nt;
195 $attrs['sambaPwdLastSet']= date('U');
196 $attrs['sambaBadPasswordCount']= "0";
197 $attrs['sambaBadPasswordTime']= "0";
198 } else {
199 $attrs['lmPassword']= $lm;
200 $attrs['ntPassword']= $nt;
201 $attrs['pwdLastSet']= date('U');
202 }
203 return($attrs);
204 }
205 }
207 function crypt_single($string,$enc_type )
208 {
209 if(!class_exists("passwordMethod")){
210 require_once("class_password-methods.inc");
211 }
212 return( passwordMethod::crypt_single_str($string,$enc_type));
213 }
215 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
216 ?>