diff options
author | thomascube <thomas@roundcube.net> | 2010-12-17 15:07:04 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2010-12-17 15:07:04 +0000 |
commit | db1a87cd6c506f2afbd1a37c64cb56ae11120b49 (patch) | |
tree | 07e1d350a06e0529db08316621b9c629bfb90b58 /plugins/password | |
parent | acd5200b2110498793e04fb016cbbc69ea5fe9f3 (diff) |
Update branch for 0.5-rc releasev0.5-rc@4349
Diffstat (limited to 'plugins/password')
-rw-r--r-- | plugins/password/config.inc.php.dist | 2 | ||||
-rw-r--r-- | plugins/password/drivers/chpasswd.php | 2 | ||||
-rw-r--r-- | plugins/password/drivers/ldap.php | 38 | ||||
-rw-r--r-- | plugins/password/drivers/ldap_simple.php | 35 | ||||
-rw-r--r-- | plugins/password/drivers/sql.php | 8 | ||||
-rw-r--r-- | plugins/password/package.xml | 4 |
6 files changed, 53 insertions, 36 deletions
diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index b412663ba..10a659d32 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -127,6 +127,7 @@ $rcmail_config['password_ldap_adminPW'] = null; // '%login' will be replaced by the current roundcube user's login // '%name' will be replaced by the current roundcube user's name part // '%domain' will be replaced by the current roundcube user's domain part +// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" // Exemple: 'uid=%login,ou=people,dc=exemple,dc=com' $rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com'; @@ -164,6 +165,7 @@ $rcmail_config['password_ldap_search_base'] = 'ou=people,dc=example,dc=com'; // '%login' will be replaced by the current roundcube user's login // '%name' will be replaced by the current roundcube user's name part // '%domain' will be replaced by the current roundcube user's domain part +// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" // Example: '(uid=%login)' // Example: '(&(objectClass=posixAccount)(uid=%login))' $rcmail_config['password_ldap_search_filter'] = '(uid=%login)'; diff --git a/plugins/password/drivers/chpasswd.php b/plugins/password/drivers/chpasswd.php index 8450af154..28c3e5d7a 100644 --- a/plugins/password/drivers/chpasswd.php +++ b/plugins/password/drivers/chpasswd.php @@ -18,7 +18,7 @@ function password_save($currpass, $newpass) $username = $_SESSION['username']; $handle = popen($cmd, "w"); - fwrite($handle, "$username:$newpass"); + fwrite($handle, "$username:$newpass\n"); if (pclose($handle) == 0) { return PASSWORD_SUCCESS; diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php index c5cb2328a..98b6636be 100644 --- a/plugins/password/drivers/ldap.php +++ b/plugins/password/drivers/ldap.php @@ -18,18 +18,18 @@ function password_save($curpass, $passwd) { $rcmail = rcmail::get_instance(); require_once ('Net/LDAP2.php'); - + // Building user DN if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) { $userDN = substitute_vars($userDN); } else { $userDN = search_userdn($rcmail); } - + if (empty($userDN)) { return PASSWORD_CONNECT_ERROR; } - + // Connection Method switch($rcmail->config->get('password_ldap_method')) { case 'admin': @@ -42,7 +42,7 @@ function password_save($curpass, $passwd) $bindpw = $curpass; break; } - + // Configuration array $ldapConfig = array ( 'binddn' => $binddn, @@ -53,27 +53,27 @@ function password_save($curpass, $passwd) 'starttls' => $rcmail->config->get('password_ldap_starttls'), 'version' => $rcmail->config->get('password_ldap_version'), ); - + // Connecting using the configuration array $ldap = Net_LDAP2::connect($ldapConfig); - + // Checking for connection error if (PEAR::isError($ldap)) { return PASSWORD_CONNECT_ERROR; } - + // Crypting new password $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); if (!$newCryptedPassword) { return PASSWORD_CRYPT_ERROR; } - + // Writing new crypted password to LDAP $userEntry = $ldap->getEntry($userDN); if (Net_LDAP2::isError($userEntry)) { return PASSWORD_CONNECT_ERROR; } - + $pwattr = $rcmail->config->get('password_ldap_pwattr'); $force = $rcmail->config->get('password_ldap_force_replace'); @@ -132,25 +132,30 @@ function search_userdn($rcmail) if (PEAR::isError($result) || ($result->count() != 1)) { return ''; } - + return $result->current()->dn(); } /** - * Substitute %login, %name and %domain in $str. + * Substitute %login, %name, %domain, %dc in $str. * See plugin config for details. */ function substitute_vars($str) { $rcmail = rcmail::get_instance(); + $domain = $rcmail->user->get_username('domain'); + $dc = 'dc='.strtr($domain, array('.' => ',dc=')); // hierarchal domain string + $str = str_replace(array( '%login', '%name', '%domain', + '%dc', ), array( $_SESSION['username'], $rcmail->user->get_username('local'), - $rcmail->user->get_username('domain'), + $domain, + $dc, ), $str ); @@ -178,7 +183,7 @@ function hashPassword( $passwordClear, $encodageType ) case 'crypt': $cryptedPassword = '{CRYPT}' . crypt($passwordClear,randomSalt(2)); break; - + case 'ext_des': // extended des crypt. see OpenBSD crypt man page. if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) { @@ -263,8 +268,7 @@ function hashPassword( $passwordClear, $encodageType ) * @param int $length The length of the salt string to generate. * @return string The generated salt string. */ - -function randomSalt( $length ) +function randomSalt( $length ) { $possible = '0123456789'. 'abcdefghijklmnopqrstuvwxyz'. @@ -273,8 +277,8 @@ function randomSalt( $length ) $str = ''; // mt_srand((double)microtime() * 1000000); - while( strlen( $str ) < $length ) - $str .= substr( $possible, ( rand() % strlen( $possible ) ), 1 ); + while (strlen($str) < $length) + $str .= substr($possible, (rand() % strlen($possible)), 1); return $str; } diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php index 541afa96b..38db9f129 100644 --- a/plugins/password/drivers/ldap_simple.php +++ b/plugins/password/drivers/ldap_simple.php @@ -20,7 +20,7 @@ function password_save($curpass, $passwd) return PASSWORD_CONNECT_ERROR; } - /* Set protocol version */ + /* Set protocol version */ if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) { ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; @@ -40,12 +40,12 @@ function password_save($curpass, $passwd) } else { $user_dn = ldap_simple_search_userdn($rcmail, $ds); } - + if (empty($user_dn)) { ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } - + /* Connection method */ switch ($rcmail->config->get('password_ldap_method')) { case 'admin': @@ -64,27 +64,27 @@ function password_save($curpass, $passwd) ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } - + /* Crypting new password */ $passwd = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage')); if (!$passwd) { ldap_unbind($ds); return PASSWORD_CRYPT_ERROR; } - + $entree[$rcmail->config->get('password_ldap_pwattr')] = $passwd; /* Updating PasswordLastChange Attribute if desired */ if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) { - $entree[$lchattr] = (int)(time() / 86400) + $entree[$lchattr] = (int)(time() / 86400); } - + if (!ldap_modify($ds, $user_dn, $entree)) { ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } - + /* All done, no error */ ldap_unbind($ds); return PASSWORD_SUCCESS; @@ -101,34 +101,37 @@ function ldap_simple_search_userdn($rcmail, $ds) if (!ldap_bind($ds, $rcmail->config->get('password_ldap_searchDN'), $rcmail->config->get('password_ldap_searchPW'))) { return false; } - + /* Search for the DN */ if (!$sr = ldap_search($ds, $rcmail->config->get('password_ldap_search_base'), ldap_simple_substitute_vars($rcmail->config->get('password_ldap_search_filter')))) { return false; } - + /* If no or more entries were found, return false */ if (ldap_count_entries($ds, $sr) != 1) { return false; } - + return ldap_get_dn($ds, ldap_first_entry($ds, $sr)); } /** - * Substitute %login, %name and %domain in $str + * Substitute %login, %name, %domain, %dc in $str * See plugin config for details */ function ldap_simple_substitute_vars($str) { $str = str_replace('%login', $_SESSION['username'], $str); $str = str_replace('%l', $_SESSION['username'], $str); - + $parts = explode('@', $_SESSION['username']); + if (count($parts) == 2) { + $dc = 'dc='.strtr($parts[1], array('.' => ',dc=')); // hierarchal domain string + $str = str_replace('%name', $parts[0], $str); - $str = str_replace('%n', $parts[0], $str); - + $str = str_replace('%n', $parts[0], $str); + $str = str_replace('%dc', $dc, $str); $str = str_replace('%domain', $parts[1], $str); $str = str_replace('%d', $parts[1], $str); } @@ -228,6 +231,6 @@ function ldap_simple_random_salt($length) while (strlen($str) < $length) { $str .= substr($possible, (rand() % strlen($possible)), 1); } - + return $str; } diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php index 70e564396..33469ec62 100644 --- a/plugins/password/drivers/sql.php +++ b/plugins/password/drivers/sql.php @@ -33,7 +33,7 @@ function password_save($curpass, $passwd) if ($err = $db->is_error()) return PASSWORD_ERROR; - + // crypted password if (strpos($sql, '%c') !== FALSE) { $salt = ''; @@ -56,7 +56,11 @@ function password_save($curpass, $passwd) $dovecotpw = 'dovecotpw'; if (!($method = $rcmail->config->get('password_dovecotpw_method'))) $method = 'CRAM-MD5'; - $tmpfile = tempnam('/tmp', 'roundcube-'); + + // use common temp dir + $tmp_dir = $rcmail->config->get('temp_dir'); + $tmpfile = tempnam($tmp_dir, 'roundcube-'); + $pipe = popen("'$dovecotpw' -s '$method' > '$tmpfile'", "w"); if (!$pipe) { unlink($tmpfile); diff --git a/plugins/password/package.xml b/plugins/password/package.xml index 1fe49fb74..381783b97 100644 --- a/plugins/password/package.xml +++ b/plugins/password/package.xml @@ -29,6 +29,10 @@ <notes> - hMail driver: add username_domain detection (#1487100) - hMail driver: HTML tags in logged messages should be stripped off (#1487099) +- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141) +- Fix usage of configured temp_dir instead of /tmp (#1487447) +- ldap_simple driver: fix parse error +- ldap/ldap_simple drivers: support %dc variable in config </notes> <contents> <dir baseinstalldir="/" name="/"> |