1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class password extends plugin
24 {
25 /* Definitions */
26 var $plHeadline = "Change password";
27 var $plDescription = "Change user password";
29 var $proposal = "";
30 var $proposalEnabled = FALSE;
31 var $proposalSelected = FALSE;
32 var $proposalInitialized = FALSE;
34 var $forcedHash = NULL;
36 function password(&$config, $dn= NULL, $parent= NULL)
37 {
38 plugin::plugin($config, $dn, $parent);
39 }
42 function forceHash($hash)
43 {
44 $this->forcedHash = $hash;
45 }
48 function refreshProposal()
49 {
50 $this->proposal = passwordMethod::getPasswordProposal($this->config);
51 $this->proposalEnabled = (!empty($this->proposal));
52 }
55 function execute()
56 {
57 plugin::execute();
58 $smarty = get_smarty();
59 $ui = get_userinfo();
62 // Try to generate a password proposal, if this is successfull
63 // then preselect the proposal usage.
64 if(!$this->proposalInitialized){
65 $this->refreshProposal();
66 if($this->proposal != ""){
67 $this->proposalSelected = TRUE;
68 }
69 $this->proposalInitialized = TRUE;
70 }
72 /* Get acls */
73 $password_ACLS = $ui->get_permissions($ui->dn,"users/password");
74 $smarty->assign("ChangeACL" , $password_ACLS);
75 $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS));
77 /* Display expiration template */
78 $smarty->assign("passwordExpired", FALSE);
79 if ($this->config->boolValueIsTrue("core","handleExpiredAccounts")){
80 $expired= ldap_expired_account($this->config, $ui->dn, $ui->username);
81 $smarty->assign("passwordExpired", $expired & POSIX_FORCE_PASSWORD_CHANGE);
82 if($expired == POSIX_DISALLOW_PASSWORD_CHANGE){
83 return($smarty->fetch(get_template_path("nochange.tpl", TRUE)));
84 }
85 }
87 // Refresh proposal if requested
88 if(isset($_POST['refreshProposal'])) $this->refreshProposal();
89 if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;
90 $smarty->assign("proposal" , set_post($this->proposal));
91 $smarty->assign("proposalEnabled" , $this->proposalEnabled);
92 $smarty->assign("proposalSelected" , $this->proposalSelected);
94 /* Pwd change requested */
95 if (isset($_POST['password_finish'])){
97 if($this->proposalSelected){
98 $current_password = get_post('current_password');
99 $new_password = $this->proposal;
100 $repeated_password = $this->proposal;
101 }else{
102 $current_password = get_post('current_password');
103 $new_password = get_post('new_password');
104 $repeated_password = get_post('repeated_password');
105 }
108 // Get configuration flags for further input checks.
109 $check_differ = $this->config->get_cfg_value("core","passwordMinDiffer") != "";
110 $differ = $this->config->get_cfg_value("core","passwordMinDiffer");
111 $check_length = $this->config->get_cfg_value("core","passwordMinLength") != "";
112 $length = $this->config->get_cfg_value("core","passwordMinLength");
114 // Once an error has occured it is stored here.
115 $message = array();
117 // Call the check hook
118 $attrs = array();
119 $attrs['current_password'] = ($current_password);
120 $attrs['new_password'] = ($new_password);
122 // Perform GOsa password policy checks
123 if(empty($current_password)){
124 $message[] = _("You need to specify your current password in order to proceed.");
125 }elseif($new_password != $repeated_password){
126 $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
127 }elseif($new_password == ""){
128 $message[] = _("The password you've entered as 'New password' is empty.");
129 }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){
130 $message[] = _("The password used as new and current are too similar.");
131 }elseif($check_length && (strlen($new_password) < $length)){
132 $message[] = _("The password used as new is to short.");
133 }elseif(!passwordMethod::is_harmless($new_password)){
134 $message[] = _("The password contains possibly problematic Unicode characters!");
135 }
137 // Call external check hook to validate the password change
138 if(!count($message)){
139 $checkRes = $this->callCheckHook($this->config,$this->dn,$attrs);
140 if(count($checkRes)){
141 $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),implode($checkRes));
142 }
143 }
145 // Some errors/warning occured, display them and abort password change.
146 if(count($message)){
147 msg_dialog::displayChecks($message);
148 }else{
150 /* Try to connect via current password */
151 $tldap = new LDAP(
152 $ui->dn,
153 $current_password,
154 $this->config->current['SERVER'],
155 $this->config->get_cfg_value("core","ldapFollowReferrals") == "true",
156 $this->config->get_cfg_value("core","ldapTLS") == "true");
158 /* connection Successfull ? */
159 if (!$tldap->success()){
160 msg_dialog::display(_("Password change"),
161 _("The password you've entered as your current password doesn't match the real one."),WARNING_DIALOG);
162 }elseif (!preg_match("/w/i",$password_ACLS)){
163 msg_dialog::display(_("Password change"),
164 _("You have no permission to change your password."),WARNING_DIALOG);
165 }elseif(!change_password($ui->dn, $new_password,FALSE, $this->forcedHash, $current_password, $message)){
166 msg_dialog::display(_("Password change"),
167 $message,WARNING_DIALOG);
168 }else{
169 $ui->password= $new_password;
170 session::set('ui',$ui);
171 return($smarty->fetch(get_template_path("changed.tpl", TRUE)));
172 }
173 }
174 }
175 return($smarty->fetch(get_template_path("password.tpl", TRUE)));
176 }
178 function remove_from_parent()
179 {
180 $this->handle_post_events("remove");
181 }
183 function save()
184 {
185 }
187 static function callCheckHook($config,$dn,$attrs = array())
188 {
189 $command = $config->configRegistry->getPropertyValue("password","check");
190 if (!empty($command)){
192 // Build up ldif to send to the check hook
193 $ldif= "dn: $dn\n";
194 foreach ($attrs as $name => $value){
195 $ldif.= "{$name}: {$value}\n";
196 }
197 $ldif.= "\n";
199 /* Feed "ldif" into hook and retrieve result*/
200 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
201 $fh= proc_open($command, $descriptorspec, $pipes);
202 if (is_resource($fh)) {
203 fwrite ($pipes[0], $ldif);
204 fclose($pipes[0]);
205 $arr= stream_get_contents($pipes[1]);
206 $err = stream_get_contents($pipes[2]);
207 fclose($pipes[1]);
208 fclose($pipes[2]);
209 $returnCode = proc_close($fh);
211 if($returnCode !== 0){
212 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execution failed code: ".$returnCode);
213 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Result: ".$err);
214 $message= msgPool::cmdexecfailed($err,$command, "password");
215 msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
216 }else{
217 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Result: ".$arr);
218 return(preg_split("/\n/", $arr,0,PREG_SPLIT_NO_EMPTY));
219 }
220 }
221 }
222 return(array());
223 }
225 static function plInfo()
226 {
227 return (array(
228 "plDescription" => _("User password"),
229 "plSelfModify" => TRUE,
230 "plDepends" => array("user"),
231 "plPriority" => 10,
232 "plSection" => array("personal" => _("My account")),
233 "plCategory" => array("users"),
234 "plOptions" => array(),
236 "plProperties" => array(
237 array(
238 "name" => "PRELOCK",
239 "type" => "command",
240 "default" => "",
241 "description" => _("Script to be called before a password gets locked."),
242 "check" => "gosaProperty::isCommand",
243 "migrate" => "",
244 "group" => "password",
245 "mandatory" => FALSE),
246 array(
247 "name" => "POSTLOCK",
248 "type" => "command",
249 "default" => "",
250 "description" => _("Script to be called after a password gets locked."),
251 "check" => "gosaProperty::isCommand",
252 "migrate" => "",
253 "group" => "password",
254 "mandatory" => FALSE),
255 array(
256 "name" => "PREUNLOCK",
257 "type" => "command",
258 "default" => "",
259 "description" => _("Script to be called before a password gets unlocked."),
260 "check" => "gosaProperty::isCommand",
261 "migrate" => "",
262 "group" => "password",
263 "mandatory" => FALSE),
264 array(
265 "name" => "POSTUNLOCK",
266 "type" => "command",
267 "default" => "",
268 "description" => _("Script to be called after a password gets unlocked."),
269 "check" => "gosaProperty::isCommand",
270 "migrate" => "",
271 "group" => "password",
272 "mandatory" => FALSE)
273 ),
274 "plProvidedAcls" => array())
275 );
276 }
278 }
279 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
280 ?>