|
0
|
1 <?php
|
|
|
2
|
|
|
3 /**
|
|
|
4 * ldap_ppolicy driver
|
|
|
5 *
|
|
|
6 * Driver that adds functionality to change the user password via
|
|
|
7 * the 'change_ldap_pass.pl' command respecting password policy (history) in LDAP.
|
|
|
8 *
|
|
|
9 * @version 1.0
|
|
|
10 * @author Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
|
|
|
11 *
|
|
|
12 */
|
|
|
13
|
|
|
14 class rcube_ldap_ppolicy_password
|
|
|
15 {
|
|
|
16 public function save($currpass, $newpass)
|
|
|
17 {
|
|
|
18 $rcmail = rcmail::get_instance();
|
|
|
19 $this->debug = $rcmail->config->get('ldap_debug');
|
|
|
20
|
|
|
21 $cmd = $rcmail->config->get('password_ldap_ppolicy_cmd');
|
|
|
22 $uri = $rcmail->config->get('password_ldap_ppolicy_uri');
|
|
|
23 $baseDN = $rcmail->config->get('password_ldap_ppolicy_basedn');
|
|
|
24 $filter = $rcmail->config->get('password_ldap_ppolicy_search_filter');
|
|
|
25 $bindDN = $rcmail->config->get('password_ldap_ppolicy_searchDN');
|
|
|
26 $bindPW = $rcmail->config->get('password_ldap_ppolicy_searchPW');
|
|
|
27 $cafile = $rcmail->config->get('password_ldap_ppolicy_cafile');
|
|
|
28
|
|
|
29 $log_dir = $rcmail->config->get('log_dir');
|
|
|
30
|
|
|
31 if (empty($log_dir)) {
|
|
|
32 $log_dir = RCUBE_INSTALL_PATH . 'logs';
|
|
|
33 }
|
|
|
34
|
|
|
35 // try to open specific log file for writing
|
|
|
36 $logfile = $log_dir.'/password_ldap_ppolicy.err';
|
|
|
37
|
|
|
38 $descriptorspec = array(
|
|
|
39 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
|
|
|
40 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
|
|
|
41 2 => array("file", $logfile, "a") // stderr is a file to write to
|
|
|
42 );
|
|
|
43
|
|
|
44 $cmd = 'plugins/password/helpers/'. $cmd;
|
|
|
45 $this->_debug("parameters:\ncmd:$cmd\nuri:$uri\nbaseDN:$baseDN\nfilter:$filter");
|
|
|
46 $process = proc_open($cmd, $descriptorspec, $pipes);
|
|
|
47
|
|
|
48 if (is_resource($process)) {
|
|
|
49 // $pipes now looks like this:
|
|
|
50 // 0 => writeable handle connected to child stdin
|
|
|
51 // 1 => readable handle connected to child stdout
|
|
|
52 // Any error output will be appended to /tmp/error-output.txt
|
|
|
53
|
|
|
54 fwrite($pipes[0], $uri."\n");
|
|
|
55 fwrite($pipes[0], $baseDN."\n");
|
|
|
56 fwrite($pipes[0], $filter."\n");
|
|
|
57 fwrite($pipes[0], $bindDN."\n");
|
|
|
58 fwrite($pipes[0], $bindPW."\n");
|
|
|
59 fwrite($pipes[0], $_SESSION['username']."\n");
|
|
|
60 fwrite($pipes[0], $currpass."\n");
|
|
|
61 fwrite($pipes[0], $newpass."\n");
|
|
|
62 fwrite($pipes[0], $cafile);
|
|
|
63 fclose($pipes[0]);
|
|
|
64
|
|
|
65 $result = stream_get_contents($pipes[1]);
|
|
|
66 fclose($pipes[1]);
|
|
|
67
|
|
|
68 $this->_debug('Result:'.$result);
|
|
|
69
|
|
|
70 switch ($result) {
|
|
|
71 case "OK":
|
|
|
72 return PASSWORD_SUCCESS;
|
|
|
73 case "Password is in history of old passwords":
|
|
|
74 return PASSWORD_IN_HISTORY;
|
|
|
75 case "Cannot connect to any server":
|
|
|
76 return PASSWORD_CONNECT_ERROR;
|
|
|
77 default:
|
|
|
78 rcube::raise_error(array(
|
|
|
79 'code' => 600,
|
|
|
80 'type' => 'php',
|
|
|
81 'file' => __FILE__, 'line' => __LINE__,
|
|
|
82 'message' => $result
|
|
|
83 ), true, false);
|
|
|
84 }
|
|
|
85
|
|
|
86 return PASSWORD_ERROR;
|
|
|
87 }
|
|
|
88 }
|
|
|
89
|
|
|
90 private function _debug($str)
|
|
|
91 {
|
|
|
92 if ($this->debug) {
|
|
|
93 rcube::write_log('password_ldap_ppolicy', $str);
|
|
|
94 }
|
|
|
95 }
|
|
|
96 }
|
