diff options
Diffstat (limited to 'plugins/password/drivers/ldap_simple.php')
| -rw-r--r-- | plugins/password/drivers/ldap_simple.php | 70 |
1 files changed, 49 insertions, 21 deletions
diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php index 67f53d091..482b7e56f 100644 --- a/plugins/password/drivers/ldap_simple.php +++ b/plugins/password/drivers/ldap_simple.php @@ -14,19 +14,19 @@ function password_save($curpass, $passwd) { $rcmail = rcmail::get_instance(); - /* Connect */ + // Connect if (!$ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port'))) { ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } - /* Set protocol version */ + // Set protocol version if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) { ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } - /* Start TLS */ + // Start TLS if ($rcmail->config->get('password_ldap_starttls')) { if (!ldap_start_tls($ds)) { ldap_unbind($ds); @@ -34,7 +34,7 @@ function password_save($curpass, $passwd) } } - /* Build user DN */ + // Build user DN if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) { $user_dn = ldap_simple_substitute_vars($user_dn); } else { @@ -46,7 +46,7 @@ function password_save($curpass, $passwd) return PASSWORD_CONNECT_ERROR; } - /* Connection method */ + // Connection method switch ($rcmail->config->get('password_ldap_method')) { case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); @@ -59,31 +59,51 @@ function password_save($curpass, $passwd) break; } - /* Bind */ - if (!ldap_bind($ds, $binddn, $bindpw)) { - ldap_unbind($ds); - return PASSWORD_CONNECT_ERROR; - } - /* Crypting new password */ $crypted_pass = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage')); + $lchattr = $rcmail->config->get('password_ldap_lchattr'); + $pwattr = $rcmail->config->get('password_ldap_pwattr'); + $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); + $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); + $samba = $rcmail->config->get('password_ldap_samba'); + + // Support password_ldap_samba option for backward compat. + if ($samba && !$smbpwattr) { + $smbpwattr = 'sambaNTPassword'; + $smblchattr = 'sambaPwdLastSet'; + } + + // Crypt new password if (!$crypted_pass) { - ldap_unbind($ds); return PASSWORD_CRYPT_ERROR; } - $entree[$rcmail->config->get('password_ldap_pwattr')] = $crypted_pass; + // Crypt new Samba password + if ($smbpwattr && !($samba_pass = ldap_simple_hash_password($passwd, 'samba'))) { + return PASSWORD_CRYPT_ERROR; + } - /* Updating PasswordLastChange Attribute if desired */ - if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) { + // Bind + if (!ldap_bind($ds, $binddn, $bindpw)) { + ldap_unbind($ds); + return PASSWORD_CONNECT_ERROR; + } + + $entree[$pwattr] = $crypted_pass; + + // Update PasswordLastChange Attribute if desired + if ($lchattr) { $entree[$lchattr] = (int)(time() / 86400); } - /* Update Samba password fields */ - if ($smbattr = $rcmail->config->get('password_ldap_samba')) { - $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE')); - $entree['sambaNTPassword'] = $sambaNTPassword; - $entree['sambaPwdLastSet'] = time(); + // Update Samba password + if ($smbpwattr) { + $entree[$smbpwattr] = $samba_pass; + } + + // Update Samba password last change + if ($smblchattr) { + $entree[$smblchattr] = time(); } if (!ldap_modify($ds, $user_dn, $entree)) { @@ -91,7 +111,7 @@ function password_save($curpass, $passwd) return PASSWORD_CONNECT_ERROR; } - /* All done, no error */ + // All done, no error ldap_unbind($ds); return PASSWORD_SUCCESS; } @@ -215,6 +235,14 @@ function ldap_simple_hash_password($password_clear, $encodage_type) return false; } break; + case 'samba': + if (function_exists('hash')) { + $crypted_password = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE')); + } else { + /* Your PHP install does not have the hash() function */ + return false; + } + break; case 'clear': default: $crypted_password = $password_clear; |