From a9cb62198099548d9273d55eb8a0da48f353cd3e Mon Sep 17 00:00:00 2001 From: hickert Date: Wed, 15 Aug 2007 06:34:40 +0000 Subject: [PATCH] Fixed change_password(). Sometimes password change lost encryption method and password was stored in clear text. Keep users deactivated after changing passwords. git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@7060 594d385d-05f5-0310-b6e9-bd551577e9d8 --- include/class_password-methods.inc | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/include/class_password-methods.inc b/include/class_password-methods.inc index 4ebc87bb7..6ea694f20 100644 --- a/include/class_password-methods.inc +++ b/include/class_password-methods.inc @@ -106,8 +106,21 @@ function change_password ($dn, $password, $mode=0, $hash= "") $ldap->cat ($dn, array("shadowLastChange", "userPassword", "uid")); $attrs = $ldap->fetch (); + // Check if user account was deactivated, indicated by ! after } ... {crypt}!### + if(isset($attrs['userPassword'][0]) && preg_match("/^[^\}]*+\}!/",$attrs['userPassword'][0])){ + $deactivated = TRUE; + }else{ + $deactivated = FALSE; + } + + // Get current password hash method if available + if($hash == "" && isset($attrs['userPassword'][0]) && preg_match("/[\{\}]/",$attrs['userPassword'][0])){ + $hash = preg_replace("/^[^\{]*+\{([^\}]*).*$/","\\1",$attrs['userPassword'][0]); + $hash = strtolower($hash); + } + // Set encryption type to clear if required - if (isset($attrs['userPassword'][0]) && preg_match('/^[^{}]+$/', $attrs['userPassword'][0]) && $hash == ""){ + if (!isset($attrs['userPassword'][0]) || $hash == ""){ $hash= "clear"; } @@ -155,6 +168,11 @@ function change_password ($dn, $password, $mode=0, $hash= "") $attrs= generate_smb_nt_hash($password); } + /* Readd ! if user was deactivated */ + if($deactivated){ + $newpass = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$newpass); + } + $attrs['userPassword']= array(); $attrs['userPassword']= $newpass; -- 2.30.2