From 9829e4f478f2daed23376cf8e22bf3179dc0cece Mon Sep 17 00:00:00 2001 From: hickert Date: Wed, 13 Oct 2010 15:20:55 +0000 Subject: [PATCH] Updated class password-method -Do not write sambaHashes while samba hashing is disabled git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@20038 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../class_password-methods.inc | 51 ++++++++++++++----- 1 file changed, 37 insertions(+), 14 deletions(-) diff --git a/gosa-core/include/password-methods/class_password-methods.inc b/gosa-core/include/password-methods/class_password-methods.inc index 695f32e71..4e5f38f83 100644 --- a/gosa-core/include/password-methods/class_password-methods.inc +++ b/gosa-core/include/password-methods/class_password-methods.inc @@ -106,8 +106,13 @@ class passwordMethod /* Lock entry */ $userPassword = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$userPassword); - $sambaLMPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaLMPassword); - $sambaNTPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaNTPassword); + + // Only lock samba hashes if samba passwords are enabled + $smbPasswdEnabled = trim($config->get_cfg_value('core','sambaHashHook')) == ""; + if($smbPasswdEnabled){ + $sambaLMPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaLMPassword); + $sambaNTPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaNTPassword); + } // Call external lock hook $res = $ldap->cat($dn); @@ -122,12 +127,16 @@ class passwordMethod // Update the ldap entry $ldap->cd($dn); - $ldap->modify( - array( - "userPassword" => $userPassword, - "sambaLMPassword" => $sambaLMPassword, - "sambaNTPassword" => $sambaNTPassword)); + $attrs = array(); + $attrs['userPassword'] = $userPassword; + + // Updated samba hashes if samba hashing is enabled + if($smbPasswdEnabled){ + $attrs['sambaLMPassword'] = $sambaLMPassword; + $attrs['sambaNTPassword'] = $sambaNTPassword; + } + $ldap->modify($attrs); if($ldap->success()){ // Call the password post-lock hook, if defined. @@ -174,9 +183,15 @@ class passwordMethod } /* Lock entry */ + $userPassword = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$userPassword); - $sambaLMPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaLMPassword); - $sambaNTPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaNTPassword); + + // Update samba hashes only if its enabled. + $smbPasswdEnabled = trim($config->get_cfg_value('core','sambaHashHook')) == ""; + if($smbPasswdEnabled){ + $sambaLMPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaLMPassword); + $sambaNTPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaNTPassword); + } // Call external lock hook $res = $ldap->cat($dn); @@ -191,11 +206,19 @@ class passwordMethod // Lock the account by modifying the password hash. $ldap->cd($dn); - $ldap->modify( - array( - "userPassword" => $userPassword, - "sambaLMPassword" => $sambaLMPassword, - "sambaNTPassword" => $sambaNTPassword)); + + // Update the ldap entry + $attrs = array(); + $attrs['userPassword'] = $userPassword; + + // Updated samba hashes if samba hashing is enabled + if($smbPasswdEnabled){ + $attrs['sambaLMPassword'] = $sambaLMPassword; + $attrs['sambaNTPassword'] = $sambaNTPassword; + } + + $ldap->modify($attrs); + if($ldap->success()){ // Call the password post-lock hook, if defined. -- 2.30.2