From 28fdac3bddcec100327750d906e052c7f0f09c5a Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 27 Aug 2010 11:35:45 +0000
Subject: [PATCH] Fixed passwordHook handling -Added placeholders like
 %password isntead of appending the password strings directly -added
 escapgeshellargs for security reasons

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@19467 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-core/html/password.php                   | 12 +++++-----
 gosa-core/include/functions.inc               |  4 +++-
 .../admin/users/class_userManagement.inc      | 22 +++++++++++++------
 .../personal/password/class_password.inc      | 10 ++++++---
 4 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/gosa-core/html/password.php b/gosa-core/html/password.php
index 954231dfe..9315fe63a 100644
--- a/gosa-core/html/password.php
+++ b/gosa-core/html/password.php
@@ -289,11 +289,13 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['apply'])) {
         /* Passed quality check, just try to change the password now */
         $output= "";
         if ($config->get_cfg_value("core","passwordHook") != "") {
-            exec(
-                $config->get_cfg_value("core","passwordHook")." ".$ui->username." ".
-                $_POST['current_password']." ".$_POST['new_password'],
-                $resarr
-            );
+
+            $cmd = $config->get_cfg_value("core","passwordHook");
+            $cmd = preg_replace("/%current_password/",escapeshellarg(get_post('current_password')), $cmd);
+            $cmd = preg_replace("/%new_password/",escapeshellarg(get_post('new_password')), $cmd);
+            $cmd = preg_replace("/%uid/",escapeshellarg($ui->username), $cmd);
+            $cmd = preg_replace("/%dn/",escapeshellarg($ui->dn), $cmd);
+            exec($cmd, $resarr);
             if (count($resarr) > 0) {
                 $output= join('\n', $resarr);
             }
diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
index f592449fd..33ef64f6d 100644
--- a/gosa-core/include/functions.inc
+++ b/gosa-core/include/functions.inc
@@ -3154,7 +3154,9 @@ function generate_smb_nt_hash($password)
       return ("");
     }
   } else {
-	  $tmp= $config->get_cfg_value("core",'sambaHashHook')." ".escapeshellarg($password);
+	  $tmp = $config->get_cfg_value("core",'sambaHashHook');
+      $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp);
+      $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp);
 	  @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
 
 	  exec($tmp, $ar);
diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index b4bb70beb..af2658688 100644
--- a/gosa-core/plugins/admin/users/class_userManagement.inc
+++ b/gosa-core/plugins/admin/users/class_userManagement.inc
@@ -320,6 +320,21 @@ class userManagement extends management
                     }
                 }
 
+                // Check password via check hook
+                if ($this->config->get_cfg_value("core","passwordHook") != ""){
+                    $ldap = $this->config->get_ldap_link();
+                    $ldap->cd($this->config->current['BASE']);
+                    $ldap->cat($this->dn,array('uid'));
+                    $attrs = $ldap->fetch();
+                    $cmd = $this->config->get_cfg_value("core","passwordHook");
+                    $cmd = preg_replace("/%current_password/",'',$cmd);
+                    $cmd = preg_replace("/%new_password/",escapeshellarg($new_password), $cmd);
+                    $cmd = preg_replace("/%uid/",escapeshellarg($attrs['uid'][0]), $cmd);
+                    $cmd = preg_replace("/%dn/",escapeshellarg($attrs['dn']), $cmd);
+                    exec($cmd,$resarr);
+                    $message = array_merge($message, $resarr);
+                }
+
                 // Display errors
                 if (count($message) != 0){
                     msg_dialog::displayChecks($message);
@@ -336,13 +351,6 @@ class userManagement extends management
                         return($smarty->fetch(get_template_path('password.tpl', TRUE)));
                     }
                 }
-                if ($this->config->get_cfg_value("core","passwordHook") != ""){
-                    $ldap = $this->config->get_ldap_link();
-                    $ldap->cd($this->config->current['BASE']);
-                    $ldap->cat($this->dn,array('uid'));
-                    $attrs = $ldap->fetch();
-                    exec($this->config->get_cfg_value("core","passwordHook")." ".$attrs['uid'][0]." ".$new_password, $resarr);
-                }
         
                 // The user has to change his password on next login
                 // - We are going to update samba and posix attributes here, to enforce
diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc
index d293183a9..d7d323c49 100644
--- a/gosa-core/plugins/personal/password/class_password.inc
+++ b/gosa-core/plugins/personal/password/class_password.inc
@@ -110,11 +110,15 @@ class password extends plugin
 
             /* Call external password quality hook ?*/
             $check_hook   = $this->config->get_cfg_value("core","passwordHook") != "";
-            $hook         = $this->config->get_cfg_value("core","passwordHook")." ".
-                        $ui->username." ".$current_password." ".$new_password;
 
+            /* Prepare password hook */
+            $cmd = $this->config->get_cfg_value("core","passwordHook");
+            $cmd = preg_replace("/%current_password/",escapeshellarg(get_post('current_password')), $cmd);
+            $cmd = preg_replace("/%new_password/",escapeshellarg(get_post('new_password')), $cmd);
+            $cmd = preg_replace("/%uid/",escapeshellarg($ui->username), $cmd);
+            $cmd = preg_replace("/%dn/",escapeshellarg($ui->dn), $cmd);
             if($check_hook){
-                exec($hook,$resarr);
+                exec($cmd,$resarr);
                 $check_hook_output = "";
                 if(count($resarr) > 0) {
                     $check_hook_output= join('\n', $resarr);
-- 
2.30.2