From 6cbfb538b0c92b1a65ccb497d8ecbd55ab5cf2de Mon Sep 17 00:00:00 2001 From: hickert Date: Thu, 9 Sep 2010 08:31:39 +0000 Subject: [PATCH] Updated password handling. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@19577 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/html/password.php | 11 +++-- gosa-core/include/class_multi_plug.inc | 7 +++- gosa-core/include/functions.inc | 40 +++++++++---------- .../admin/users/class_userManagement.inc | 6 ++- 4 files changed, 34 insertions(+), 30 deletions(-) diff --git a/gosa-core/html/password.php b/gosa-core/html/password.php index 9315fe63a..10ff4be06 100644 --- a/gosa-core/html/password.php +++ b/gosa-core/html/password.php @@ -307,13 +307,12 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['apply'])) { ); msg_dialog::displayChecks($message); } else { - if ($method != "") { - change_password($ui->dn, $_POST['new_password'], 0, $method); - } else { - change_password($ui->dn, $_POST['new_password']); + if(!change_password($ui->dn, $_POST['new_password'], FALSE, $method,get_post('current_password'),$msg)){ + msg_dialog::displayChecks(array($msg)); + }else{ + gosa_log("User/password has been changed"); + $smarty->assign("changed", true); } - gosa_log("User/password has been changed"); - $smarty->assign("changed", true); } } diff --git a/gosa-core/include/class_multi_plug.inc b/gosa-core/include/class_multi_plug.inc index 532adb157..ff1e8b6c5 100644 --- a/gosa-core/include/class_multi_plug.inc +++ b/gosa-core/include/class_multi_plug.inc @@ -388,8 +388,11 @@ class multi_plug { foreach($this->a_handles as $i_id => $o_handle){ if($o_handle->password_change_needed() && isset($o_handle->by_object['user'])){ - new msg_dialog(_("Reset password"),_("The user password has been reset. Please set a new password!"),WARNING_DIALOG); - change_password ($o_handle->dn, "",0, $o_handle->by_object['user']->pw_storage); + if(!change_password ($o_handle->dn, "",FALSE, $o_handle->by_object['user']->pw_storage,'',$message)){ + msg_dialog::displayChecks(array($message)); + }else{ + new msg_dialog(_("Reset password"),_("The user password has been reset. Please set a new password!"),WARNING_DIALOG); + } } } return(FALSE); diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index b830351f6..f423f80d4 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -3072,11 +3072,11 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password $attrs['userPassword']= $newpass; // Prepare prevent hook call - $attrsPre = $attrs; - $attrsPre['current_password'] = $old_password; - $attrsPre['new_password'] = $password; + $attrsEvent = $attrs; + $attrsEvent['current_password'] = escapeshellarg($old_password); + $attrsEvent['new_password'] = escapeshellarg($password); $passwordPlugin = new password($config,$dn); - plugin::callHook($passwordPlugin, 'PREMODIFY', $attrs, $output,$retCode,$error, $directlyPrintError = FALSE); + plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); if($retCode === 0 && count($output)){ $message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output)); return(FALSE); @@ -3091,7 +3091,7 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password $test->lock_account($config,$dn); } - // Check if everythin went fine and then call the post event hooks. + // Check if everything went fine and then call the post event hooks. // If an error occures, then try to rollback the complete actions done. $preRollback = FALSE; $ldapRollback = FALSE; @@ -3113,14 +3113,10 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password }else{ // Execute the password hook - plugin::callHook($passwordPlugin, 'POSTMODIFY', $attrs, $output,$retCode,$error, $directlyPrintError = FALSE); + plugin::callHook($passwordPlugin, 'POSTMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); if($retCode === 0){ if(count($output)){ new log("modify","users/passwordMethod",$dn,array(),"Password change - Post mdoify hook reported! - FAILED!"); - $attrs = array(); - $attrs['userPassword'] = escapeshellarg($password); - $attrs['current_password'] = escapeshellarg($password); - $attrs['old_password'] = escapeshellarg($old_password); $message = sprintf(_("Post-event hook reported a problem: %s. Password change canceled!"),implode($output)); $ldapRollback = TRUE; $preRollback = TRUE; @@ -3143,18 +3139,22 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password } // Setting password in the ldap database or further operation failed, we should now execute - // the plugins post-event hook, using switched passwords new/old password. + // the plugins pre-event hook, using switched passwords new/old password. // This ensures that passwords which were set outside of GOsa, will be reset to its // starting value. - if($preRollback && !empty($old_password)){ - new log("modify","users/passwordMethod",$dn,array(),"Rolling back postmodify hook!"); - $attrs = array(); - $attrs['current_password'] = escapeshellarg($password); - $attrs['new_password'] = escapeshellarg($old_password); - plugin::callHook($passwordPlugin, 'POSTMODIFY', $attrs, $output,$retCode,$error, $directlyPrintError = FALSE); + if($preRollback){ + new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook!"); + $oldpass= $test->generate_hash($old_password); + $attrsEvent['current_password'] = escapeshellarg($password); + $attrsEvent['new_password'] = escapeshellarg($old_password); + foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){ + if(isset($initialAttrs[$attr][0])) $attrsEvent[$attr] = $initialAttrs[$attr][0]; + } + + plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); if($retCode === 0 && count($output)){ - $message = sprintf(_("Post-event hook reported a problem: %s. Password change canceled!"),implode($output)); - new log("modify","users/passwordMethod",$dn,array(),"Rolling back postmodify hook! - FAILED!"); + $message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output)); + new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook! - FAILED!"); } } @@ -3164,7 +3164,7 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password new log("modify","users/passwordMethod",$dn,array(),"Rolling back ldap modifications!"); $attrs = array(); foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){ - $attrs[$attr] = $initialAttrs[$attr][0]; + if(isset($initialAttrs[$attr][0])) $attrs[$attr] = $initialAttrs[$attr][0]; } $ldap->cd($dn); $ldap->modify($attrs); diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc index af2658688..0e97d648a 100644 --- a/gosa-core/plugins/admin/users/class_userManagement.inc +++ b/gosa-core/plugins/admin/users/class_userManagement.inc @@ -343,11 +343,13 @@ class userManagement extends management // Change cassword if(isset($this->force_hash_type[$this->dn])){ - if(!change_password ($this->dn, $new_password,0,$this->force_hash_type[$this->dn])){ + if(!change_password ($this->dn, $new_password,0,$this->force_hash_type[$this->dn],'', $message)){ + msg_dialog::displayChecks(array($message)); return($smarty->fetch(get_template_path('password.tpl', TRUE))); } }else{ - if(!change_password ($this->dn, $new_password)){ + if(!change_password ($this->dn, $new_password,0,'','',$message)){ + msg_dialog::displayChecks(array($message)); return($smarty->fetch(get_template_path('password.tpl', TRUE))); } } -- 2.30.2