Mercurial > hg > rc1
comparison plugins/password/drivers/ldap_ppolicy.php @ 0:1e000243b222
vanilla 1.3.3 distro, I hope
| author | Charlie Root |
|---|---|
| date | Thu, 04 Jan 2018 15:50:29 -0500 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1e000243b222 |
|---|---|
| 1 <?php | |
| 2 | |
| 3 /** | |
| 4 * ldap_ppolicy driver | |
| 5 * | |
| 6 * Driver that adds functionality to change the user password via | |
| 7 * the 'change_ldap_pass.pl' command respecting password policy (history) in LDAP. | |
| 8 * | |
| 9 * @version 1.0 | |
| 10 * @author Zbigniew Szmyd <zbigniew.szmyd@linseco.pl> | |
| 11 * | |
| 12 */ | |
| 13 | |
| 14 class rcube_ldap_ppolicy_password | |
| 15 { | |
| 16 public function save($currpass, $newpass) | |
| 17 { | |
| 18 $rcmail = rcmail::get_instance(); | |
| 19 $this->debug = $rcmail->config->get('ldap_debug'); | |
| 20 | |
| 21 $cmd = $rcmail->config->get('password_ldap_ppolicy_cmd'); | |
| 22 $uri = $rcmail->config->get('password_ldap_ppolicy_uri'); | |
| 23 $baseDN = $rcmail->config->get('password_ldap_ppolicy_basedn'); | |
| 24 $filter = $rcmail->config->get('password_ldap_ppolicy_search_filter'); | |
| 25 $bindDN = $rcmail->config->get('password_ldap_ppolicy_searchDN'); | |
| 26 $bindPW = $rcmail->config->get('password_ldap_ppolicy_searchPW'); | |
| 27 $cafile = $rcmail->config->get('password_ldap_ppolicy_cafile'); | |
| 28 | |
| 29 $log_dir = $rcmail->config->get('log_dir'); | |
| 30 | |
| 31 if (empty($log_dir)) { | |
| 32 $log_dir = RCUBE_INSTALL_PATH . 'logs'; | |
| 33 } | |
| 34 | |
| 35 // try to open specific log file for writing | |
| 36 $logfile = $log_dir.'/password_ldap_ppolicy.err'; | |
| 37 | |
| 38 $descriptorspec = array( | |
| 39 0 => array("pipe", "r"), // stdin is a pipe that the child will read from | |
| 40 1 => array("pipe", "w"), // stdout is a pipe that the child will write to | |
| 41 2 => array("file", $logfile, "a") // stderr is a file to write to | |
| 42 ); | |
| 43 | |
| 44 $cmd = 'plugins/password/helpers/'. $cmd; | |
| 45 $this->_debug("parameters:\ncmd:$cmd\nuri:$uri\nbaseDN:$baseDN\nfilter:$filter"); | |
| 46 $process = proc_open($cmd, $descriptorspec, $pipes); | |
| 47 | |
| 48 if (is_resource($process)) { | |
| 49 // $pipes now looks like this: | |
| 50 // 0 => writeable handle connected to child stdin | |
| 51 // 1 => readable handle connected to child stdout | |
| 52 // Any error output will be appended to /tmp/error-output.txt | |
| 53 | |
| 54 fwrite($pipes[0], $uri."\n"); | |
| 55 fwrite($pipes[0], $baseDN."\n"); | |
| 56 fwrite($pipes[0], $filter."\n"); | |
| 57 fwrite($pipes[0], $bindDN."\n"); | |
| 58 fwrite($pipes[0], $bindPW."\n"); | |
| 59 fwrite($pipes[0], $_SESSION['username']."\n"); | |
| 60 fwrite($pipes[0], $currpass."\n"); | |
| 61 fwrite($pipes[0], $newpass."\n"); | |
| 62 fwrite($pipes[0], $cafile); | |
| 63 fclose($pipes[0]); | |
| 64 | |
| 65 $result = stream_get_contents($pipes[1]); | |
| 66 fclose($pipes[1]); | |
| 67 | |
| 68 $this->_debug('Result:'.$result); | |
| 69 | |
| 70 switch ($result) { | |
| 71 case "OK": | |
| 72 return PASSWORD_SUCCESS; | |
| 73 case "Password is in history of old passwords": | |
| 74 return PASSWORD_IN_HISTORY; | |
| 75 case "Cannot connect to any server": | |
| 76 return PASSWORD_CONNECT_ERROR; | |
| 77 default: | |
| 78 rcube::raise_error(array( | |
| 79 'code' => 600, | |
| 80 'type' => 'php', | |
| 81 'file' => __FILE__, 'line' => __LINE__, | |
| 82 'message' => $result | |
| 83 ), true, false); | |
| 84 } | |
| 85 | |
| 86 return PASSWORD_ERROR; | |
| 87 } | |
| 88 } | |
| 89 | |
| 90 private function _debug($str) | |
| 91 { | |
| 92 if ($this->debug) { | |
| 93 rcube::write_log('password_ldap_ppolicy', $str); | |
| 94 } | |
| 95 } | |
| 96 } |