From f6eddcb23da9d61dd989a99b8ea5862f03e122f6 Mon Sep 17 00:00:00 2001 From: hickert Date: Mon, 13 Sep 2010 08:22:08 +0000 Subject: [PATCH] Updated class password -Migrating password changes accidentally made in tags/2.6 instead of branch/2.6 failed. -Applied patch maunally git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19613 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../personal/password/class_password.inc | 298 +++++++++++------- 1 file changed, 180 insertions(+), 118 deletions(-) diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc index aa18925bc..e3df757b5 100644 --- a/gosa-core/plugins/personal/password/class_password.inc +++ b/gosa-core/plugins/personal/password/class_password.inc @@ -22,134 +22,196 @@ class password extends plugin { - /* Definitions */ - var $plHeadline = "Password"; - var $plDescription = "Change user password"; - - function password(&$config, $dn= NULL, $parent= NULL) - { - plugin::plugin($config, $dn, $parent); + /* Definitions */ + var $plHeadline = "Password"; + var $plDescription = "Change user password"; + + var $proposal = ""; + var $proposalEnabled = FALSE; + var $proposalSelected = FALSE; + + var $forcedHash = NULL; + + + function password(&$config, $dn= NULL, $parent= NULL) + { + plugin::plugin($config, $dn, $parent); + + // Try to generate a password proposal, if this is successfull + // then preselect the proposal usage. + $this->refreshProposal(); + if($this->proposal != ""){ + $this->proposalSelected = TRUE; + } + } + + function forceHash($hash) + { + $this->forcedHash = $hash; + } + + function refreshProposal() + { + $this->proposal = passwordMethod::getPasswordProposal($this->config); + $this->proposalEnabled = (!empty($this->proposal)); + } + + function execute() + { + plugin::execute(); + $smarty = get_smarty(); + $smarty->assign("usePrototype", "true"); + $ui = get_userinfo(); + + /* Get acls */ + $password_ACLS = $ui->get_permissions($ui->dn,"users/password"); + $smarty->assign("ChangeACL" , $password_ACLS); + $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS)); + + /* Display expiration template */ + $smarty->assign("passwordExpired", FALSE); + if ($this->config->get_cfg_value("handleExpiredAccounts") == "true"){ + $expired= ldap_expired_account($this->config, $ui->dn, $ui->username); + $smarty->assign("passwordExpired", $expired & POSIX_FORCE_PASSWORD_CHANGE); + if($expired == POSIX_DISALLOW_PASSWORD_CHANGE){ + return($smarty->fetch(get_template_path("nochange.tpl", TRUE))); + } } - function execute() - { - plugin::execute(); - $smarty = get_smarty(); - $ui = get_userinfo(); + // Refresh proposal if requested + if(isset($_POST['refreshProposal'])) $this->refreshProposal(); + if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1; + $smarty->assign("proposal" , $this->proposal); + $smarty->assign("proposalEnabled" , $this->proposalEnabled); + $smarty->assign("proposalSelected" , $this->proposalSelected); - /* Get acls */ - $password_ACLS = $ui->get_permissions($ui->dn,"users/password"); - $smarty->assign("ChangeACL" , $password_ACLS); - $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS)); + /* Pwd change requested */ + if (isset($_POST['password_finish'])){ - /* Display expiration template */ - if ($this->config->get_cfg_value("handleExpiredAccounts") == "true"){ - $expired= ldap_expired_account($this->config, $ui->dn, $ui->username); - if($expired == 4){ - return($smarty->fetch(get_template_path("nochange.tpl", TRUE))); - } - } - /* Pwd change requested */ - if (isset($_POST['password_finish'])){ - - /* Should we check different characters in new password */ - $check_differ = $this->config->get_cfg_value("passwordMinDiffer") != ""; - $differ = $this->config->get_cfg_value("passwordMinDiffer", 0); - - /* Enable length check ? */ - $check_length = $this->config->get_cfg_value("passwordMinLength") != ""; - $length = $this->config->get_cfg_value("passwordMinLength", 0); - - // Validate input - $message = array(); - if(!isset($_POST['current_password']) || empty($_POST['current_password'])){ - $message[] = _("You need to specify your current password in order to proceed."); - }elseif ($_POST['new_password'] != $_POST['repeated_password']){ - $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."); - } elseif ($_POST['new_password'] == ""){ - $message[] = _("The password you've entered as 'New password' is empty."); - }elseif($check_differ && (substr($_POST['current_password'], 0, $differ) == substr($_POST['new_password'], 0, $differ))){ - $message[] = _("The password used as new and current are too similar."); - }elseif($check_length && (strlen($_POST['new_password']) < $length)){ - $message[] = _("The password used as new is to short."); - } - - // No errors yet, so call the external password hook. - if(!count($message)){ - $check_hook = $this->config->get_cfg_value("passwordHook") != ""; - $hook = $this->config->get_cfg_value("passwordHook")." ". - $ui->username." ".$_POST['current_password']." ".$_POST['new_password']; - if($check_hook){ - exec($hook,$resarr); - $check_hook_output = ""; - if(count($resarr) > 0) { - $check_hook_output= join('\n', $resarr); - } - $check_hook_output= sprintf(_("External password changer reported a problem: %s."),$check_hook_output); - if(!empty($check_hook_output)) $message[] = $check_hook_output; - } - } - - if(count($message)){ - msg_dialog::displayChecks($message); - }else{ - - /* Try to connect via current password */ - $tldap = new LDAP( - $ui->dn, - $_POST['current_password'], - $this->config->current['SERVER'], - $this->config->get_cfg_value("ldapFollowReferrals") == "true", - $this->config->get_cfg_value("ldapTLS") == "true"); - - /* connection Successfull ? */ - if (!$tldap->success()){ - msg_dialog::display(_("Password change"), - _("The password you've entered as your current password doesn't match the real one."),WARNING_DIALOG); - }else{ - - /* Check GOsa permissions */ - if (!preg_match("/w/i",$password_ACLS)){ - msg_dialog::display(_("Password change"), - _("You have no permission to change your password."),WARNING_DIALOG); - }else{ - change_password ($ui->dn, $_POST['new_password']); - gosa_log ("User/password has been changed"); - $ui->password= $_POST['new_password']; - session::set('ui',$ui); - return($smarty->fetch(get_template_path("changed.tpl", TRUE))); - } - } - } + if($this->proposalSelected){ + $current_password = get_post('current_password'); + $new_password = $this->proposal; + $repeated_password = $this->proposal; + }else{ + $current_password = get_post('current_password'); + $new_password = get_post('new_password'); + $repeated_password = get_post('repeated_password'); } - return($smarty->fetch(get_template_path("password.tpl", TRUE))); - } - - function remove_from_parent() - { - $this->handle_post_events("remove"); - } - function save() - { - } - static function plInfo() - { - return (array( - "plDescription" => _("User password"), - "plSelfModify" => TRUE, - "plDepends" => array("user"), - "plPriority" => 10, - "plSection" => array("personal" => _("My account")), - "plCategory" => array("users"), - "plOptions" => array(), - - "plProvidedAcls" => array()) - ); + /* Should we check different characters in new password */ + $check_differ = $this->config->get_cfg_value("passwordMinDiffer") != ""; + $differ = $this->config->get_cfg_value("passwordMinDiffer", 0); + + /* Enable length check ? */ + $check_length = $this->config->get_cfg_value("passwordMinLength") != ""; + $length = $this->config->get_cfg_value("passwordMinLength", 0); + + // Perform GOsa password policy checks + $message = array(); + if(empty($current_password)){ + $message[] = _("You need to specify your current password in order to proceed."); + }elseif($new_password != $repeated_password){ + $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."); + }elseif($new_password == ""){ + $message[] = _("The password you've entered as 'New password' is empty."); + }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){ + $message[] = _("The password used as new and current are too similar."); + }elseif($check_length && (strlen($new_password) < $length)){ + $message[] = _("The password used as new is to short."); + }elseif(!passwordMethod::is_harmless($new_password)){ + $message[] = _("The password contains possibly problematic Unicode characters!"); + } + + /* Call external password quality hook ?*/ + if(!count($message)){ + $check_hook = $this->config->get_cfg_value("passwordHook") != ""; + $hook = $this->config->get_cfg_value("passwordHook")." ". + escapeshellarg($ui->username)." ".escapeshellarg($current_password)." ".escapeshellarg($new_password); + if($check_hook){ + exec($hook,$resarr); + $check_hook_output = ""; + if(count($resarr) > 0) { + $check_hook_output= join('\n', $resarr); + } + if(!empty($check_hook_output)){ + $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),$check_hook_output); + } + } + } + + // Some errors/warning occured, display them and abort password change. + if(count($message)){ + msg_dialog::displayChecks($message); + }else{ + + /* Try to connect via current password */ + $tldap = new LDAP( + $ui->dn, + $current_password, + $this->config->current['SERVER'], + $this->config->get_cfg_value("ldapFollowReferrals") == "true", + $this->config->get_cfg_value("ldapTLS") == "true"); + + /* connection Successfull ? */ + if (!$tldap->success()){ + msg_dialog::display(_("Password change"), + _("The password you've entered as your current password doesn't match the real one."),WARNING_DIALOG); + }else{ + + /* Check GOsa permissions */ + if (!preg_match("/w/i",$password_ACLS)){ + msg_dialog::display(_("Password change"), + _("You have no permission to change your password."),WARNING_DIALOG); + }else{ + $this->change_password($ui->dn, $new_password,$this->forcedHash); + gosa_log ("User/password has been changed"); + $ui->password= $new_password; + session::set('ui',$ui); +#$this->handle_post_events("modify",array("userPassword" => $new_password)); + return($smarty->fetch(get_template_path("changed.tpl", TRUE))); + } + } + } } + return($smarty->fetch(get_template_path("password.tpl", TRUE))); + } + + function change_password($dn, $pwd, $hash) + { + if(!$hash){ + change_password ($dn, $pwd); + }else{ + change_password ($dn, $pwd,0, $hash); + } + } + + + function remove_from_parent() + { + $this->handle_post_events("remove"); + } + + function save() + { + } + + static function plInfo() + { + return (array( + "plDescription" => _("User password"), + "plSelfModify" => TRUE, + "plDepends" => array("user"), + "plPriority" => 10, + "plSection" => array("personal" => _("My account")), + "plCategory" => array("users"), + "plOptions" => array(), + + "plProvidedAcls" => array()) + ); + } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: -- 2.30.2