![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc
index e3684e05e14b31f916fe61b16e313bf66eea7d2c..e73d414926f30c34bd4fb380462d6e827c27fef3 100644 (file)
var $plHeadline = "Password";
var $plDescription = "Change user password";
+ var $proposal = "";
+ var $proposalEnabled = FALSE;
+ var $proposalSelected = FALSE;
+ var $proposalInitialized = FALSE;
+
+ var $forcedHash = NULL;
+
+
function password(&$config, $dn= NULL, $parent= NULL)
{
- plugin::plugin($config, $dn, $parent);
+ plugin::plugin($config, $dn, $parent);
+
}
+ function forceHash($hash)
+ {
+ $this->forcedHash = $hash;
+ }
+
+ function refreshProposal()
+ {
+ $this->proposal = passwordMethod::getPasswordProposal($this->config);
+ $this->proposalEnabled = (!empty($this->proposal));
+ }
function execute()
{
+ // Try to generate a password proposal, if this is successfull
+ // then preselect the proposal usage.
+ if(!$this->proposalInitialized){
+ $this->refreshProposal();
+ if($this->proposal != ""){
+ $this->proposalSelected = TRUE;
+ }
+ $this->proposalInitialized = TRUE;
+ }
+
plugin::execute();
$smarty = get_smarty();
+ $smarty->assign("usePrototype", "true");
$ui = get_userinfo();
/* Get acls */
$smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS));
/* Display expiration template */
+ $smarty->assign("passwordExpired", FALSE);
if ($this->config->get_cfg_value("handleExpiredAccounts") == "true"){
$expired= ldap_expired_account($this->config, $ui->dn, $ui->username);
- if($expired == 4){
+ $smarty->assign("passwordExpired", $expired & POSIX_FORCE_PASSWORD_CHANGE);
+ if($expired == POSIX_DISALLOW_PASSWORD_CHANGE){
return($smarty->fetch(get_template_path("nochange.tpl", TRUE)));
}
}
+
+ // Refresh proposal if requested
+ if(isset($_POST['refreshProposal'])) $this->refreshProposal();
+ if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;
+ $smarty->assign("proposal" , $this->proposal);
+ $smarty->assign("proposalEnabled" , $this->proposalEnabled);
+ $smarty->assign("proposalSelected" , $this->proposalSelected);
+
/* Pwd change requested */
if (isset($_POST['password_finish'])){
+
+ if($this->proposalSelected){
+ $current_password = get_post('current_password');
+ $new_password = $this->proposal;
+ $repeated_password = $this->proposal;
+ }else{
+ $current_password = get_post('current_password');
+ $new_password = get_post('new_password');
+ $repeated_password = get_post('repeated_password');
+ }
+
+
/* Should we check different characters in new password */
$check_differ = $this->config->get_cfg_value("passwordMinDiffer") != "";
$differ = $this->config->get_cfg_value("passwordMinDiffer", 0);
$check_length = $this->config->get_cfg_value("passwordMinLength") != "";
$length = $this->config->get_cfg_value("passwordMinLength", 0);
+ // Perform GOsa password policy checks
+ $message = array();
+ if(empty($current_password)){
+ $message[] = _("You need to specify your current password in order to proceed.");
+ }elseif($new_password != $repeated_password){
+ $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
+ }elseif($new_password == ""){
+ $message[] = _("The password you've entered as 'New password' is empty.");
+ }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){
+ $message[] = _("The password used as new and current are too similar.");
+ }elseif($check_length && (strlen($new_password) < $length)){
+ $message[] = _("The password used as new is to short.");
+ #}elseif(!passwordMethod::is_harmless($new_password)){
+ # $message[] = _("The password contains possibly problematic Unicode characters!");
+ }
+
/* Call external password quality hook ?*/
- $check_hook = $this->config->get_cfg_value("passwordHook") != "";
- $hook = $this->config->get_cfg_value("passwordHook")." ".$ui->username." ".$_POST['current_password']." ".$_POST['new_password'];
- if($check_hook){
- exec($hook,$resarr);
- $check_hook_output = "";
- if(count($resarr) > 0) {
- $check_hook_output= join('\n', $resarr);
- }
+ if(!count($message)){
+ $check_hook = $this->config->get_cfg_value("passwordHook") != "";
+ $hook = $this->config->get_cfg_value("passwordHook")." ".
+ escapeshellarg($ui->username)." ".escapeshellarg($current_password)." ".escapeshellarg($new_password);
+ if($check_hook){
+ exec($hook,$resarr);
+ $check_hook_output = "";
+ if(count($resarr) > 0) {
+ $check_hook_output= join('\n', $resarr);
+ }
+ if(!empty($check_hook_output)){
+ $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),$check_hook_output);
+ }
+ }
}
- /* Check given values */
- if(!isset($_POST['current_password']) || empty($_POST['current_password'])){
- msg_dialog::display(_("Password change"),
- _("You need to specify your current password in order to proceed."),WARNING_DIALOG);
- }elseif ($_POST['new_password'] != $_POST['repeated_password']){
- msg_dialog::display(_("Password change"),
- _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."),WARNING_DIALOG);
- } elseif ($_POST['new_password'] == ""){
- msg_dialog::display(_("Password change"),
- _("The password you've entered as 'New password' is empty."),WARNING_DIALOG);
- }elseif($check_differ && (substr($_POST['current_password'], 0, $differ) == substr($_POST['new_password'], 0, $differ))){
- msg_dialog::display(_("Password change"),
- _("The password used as new and current are too similar."),WARNING_DIALOG);
- }elseif($check_length && (strlen($_POST['new_password']) < $length)){
- msg_dialog::display(_("Password change"),
- _("The password used as new is to short."),WARNING_DIALOG);
- }elseif($check_hook && $check_hook_output != ""){
- msg_dialog::display(_("Password change"),
- sprintf(_("External password changer reported a problem: %s."),$check_hook_output),WARNING_DIALOG);
+ // Some errors/warning occured, display them and abort password change.
+ if(count($message)){
+ msg_dialog::displayChecks($message);
}else{
/* Try to connect via current password */
$tldap = new LDAP(
$ui->dn,
- $_POST['current_password'],
+ $current_password,
$this->config->current['SERVER'],
- $this->config->get_cfg_value("recursive") == "true",
+ $this->config->get_cfg_value("ldapFollowReferrals") == "true",
$this->config->get_cfg_value("ldapTLS") == "true");
/* connection Successfull ? */
msg_dialog::display(_("Password change"),
_("You have no permission to change your password."),WARNING_DIALOG);
}else{
- change_password ($ui->dn, $_POST['new_password']);
+ $this->change_password($ui->dn, $new_password,$this->forcedHash);
gosa_log ("User/password has been changed");
- $ui->password= $_POST['new_password'];
+ $ui->password= $new_password;
session::set('ui',$ui);
-#$this->handle_post_events("modify",array("userPassword" => $_POST['new_password']));
+#$this->handle_post_events("modify",array("userPassword" => $new_password));
return($smarty->fetch(get_template_path("changed.tpl", TRUE)));
}
}
return($smarty->fetch(get_template_path("password.tpl", TRUE)));
}
+ function change_password($dn, $pwd, $hash)
+ {
+ if(!$hash){
+ change_password ($dn, $pwd);
+ }else{
+ change_password ($dn, $pwd,0, $hash);
+ }
+ }
+
+
function remove_from_parent()
{
$this->handle_post_events("remove");