Fixed change_password().

Sometimes password change lost encryption method and password was stored in clear text.
Keep users deactivated after changing passwords.

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@7060 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/include/class_password-methods.inc b/include/class_password-methods.inc
index 4ebc87bb701e94479e436bd18de96dbcdf49e581..6ea694f20cd48cd4d07ca30c9da0e020dd608615 100644 (file)
--- a/include/class_password-methods.inc
+++ b/include/class_password-methods.inc
@@ -106,8 +106,21 @@ function change_password ($dn, $password, $mode=0, $hash= "")
   $ldap->cat ($dn, array("shadowLastChange", "userPassword", "uid"));
   $attrs      = $ldap->fetch ();
 
+  // Check if user account was deactivated, indicated by ! after } ... {crypt}!###
+  if(isset($attrs['userPassword'][0]) && preg_match("/^[^\}]*+\}!/",$attrs['userPassword'][0])){
+    $deactivated = TRUE;
+  }else{
+    $deactivated = FALSE;
+  }
+
+  // Get current password hash method if available 
+  if($hash == "" && isset($attrs['userPassword'][0]) && preg_match("/[\{\}]/",$attrs['userPassword'][0])){
+    $hash = preg_replace("/^[^\{]*+\{([^\}]*).*$/","\\1",$attrs['userPassword'][0]);
+    $hash = strtolower($hash);
+  }
+
   // Set encryption type to clear if required 
-  if (isset($attrs['userPassword'][0]) && preg_match('/^[^{}]+$/', $attrs['userPassword'][0]) && $hash == ""){
+  if (!isset($attrs['userPassword'][0]) || $hash == ""){
     $hash= "clear";
   }
 
@@ -155,6 +168,11 @@ function change_password ($dn, $password, $mode=0, $hash= "")
     $attrs= generate_smb_nt_hash($password);
   }
 
+  /* Readd ! if user was deactivated */
+  if($deactivated){
+    $newpass = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$newpass);
+  }
+
   $attrs['userPassword']= array();
   $attrs['userPassword']= $newpass;