summaryrefslogtreecommitdiff
path: root/plugins/password/drivers
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/password/drivers')
-rw-r--r--plugins/password/drivers/directadmin.php12
-rw-r--r--plugins/password/drivers/ldap.php57
-rw-r--r--plugins/password/drivers/ldap_simple.php70
-rw-r--r--plugins/password/drivers/virtualmin.php43
-rw-r--r--plugins/password/drivers/xmail.php2
5 files changed, 136 insertions, 48 deletions
diff --git a/plugins/password/drivers/directadmin.php b/plugins/password/drivers/directadmin.php
index d11aae70a..6ca3264c5 100644
--- a/plugins/password/drivers/directadmin.php
+++ b/plugins/password/drivers/directadmin.php
@@ -316,8 +316,8 @@ class HTTPSocket {
}
}
-
- list($this->result_header,$this->result_body) = split("\r\n\r\n",$this->result,2);
+
+ list($this->result_header, $this->result_body) = explode("\r\n\r\n", $this->result, 2);
if ($this->bind_host)
{
@@ -378,7 +378,7 @@ class HTTPSocket {
{
if ($asArray)
{
- return split("\n",$this->fetch_body());
+ return explode("\n", $this->fetch_body());
}
return $this->fetch_body();
@@ -438,14 +438,14 @@ class HTTPSocket {
*/
function fetch_header( $header = '' )
{
- $array_headers = split("\r\n",$this->result_header);
-
+ $array_headers = explode("\r\n", $this->result_header);
+
$array_return = array( 0 => $array_headers[0] );
unset($array_headers[0]);
foreach ( $array_headers as $pair )
{
- list($key,$value) = split(": ",$pair,2);
+ list($key,$value) = explode(": ", $pair, 2);
$array_return[strtolower($key)] = $value;
}
diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
index e4d91fe1b..a18f349d7 100644
--- a/plugins/password/drivers/ldap.php
+++ b/plugins/password/drivers/ldap.php
@@ -62,43 +62,59 @@ function password_save($curpass, $passwd)
return PASSWORD_CONNECT_ERROR;
}
- // Crypting new password
- $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
- if (!$newCryptedPassword) {
+ $crypted_pass = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
+ $force = $rcmail->config->get('password_ldap_force_replace');
+ $pwattr = $rcmail->config->get('password_ldap_pwattr');
+ $lchattr = $rcmail->config->get('password_ldap_lchattr');
+ $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr');
+ $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr');
+ $samba = $rcmail->config->get('password_ldap_samba');
+
+ // Support password_ldap_samba option for backward compat.
+ if ($samba && !$smbpwattr) {
+ $smbpwattr = 'sambaNTPassword';
+ $smblchattr = 'sambaPwdLastSet';
+ }
+
+ // Crypt new password
+ if (!$crypted_pass) {
return PASSWORD_CRYPT_ERROR;
}
+ // Crypt new samba password
+ if ($smbpwattr && !($samba_pass = hashPassword($passwd, 'samba'))) {
+ return PASSWORD_CRYPT_ERROR;
+ }
+
// Writing new crypted password to LDAP
$userEntry = $ldap->getEntry($userDN);
if (Net_LDAP2::isError($userEntry)) {
return PASSWORD_CONNECT_ERROR;
}
- $pwattr = $rcmail->config->get('password_ldap_pwattr');
- $force = $rcmail->config->get('password_ldap_force_replace');
-
- if (!$userEntry->replace(array($pwattr => $newCryptedPassword), $force)) {
+ if (!$userEntry->replace(array($pwattr => $crypted_pass), $force)) {
return PASSWORD_CONNECT_ERROR;
}
// Updating PasswordLastChange Attribute if desired
- if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) {
+ if ($lchattr) {
$current_day = (int)(time() / 86400);
if (!$userEntry->replace(array($lchattr => $current_day), $force)) {
return PASSWORD_CONNECT_ERROR;
}
}
- if (Net_LDAP2::isError($userEntry->update())) {
- return PASSWORD_CONNECT_ERROR;
+ // Update Samba password and last change fields
+ if ($smbpwattr) {
+ $userEntry->replace(array($smbpwattr => $samba_pass), $force);
+ }
+ // Update Samba password last change field
+ if ($smblchattr) {
+ $userEntry->replace(array($smblchattr => time()), $force);
}
- // Update Samba password fields, ignore errors if attributes are not found
- if ($rcmail->config->get('password_ldap_samba')) {
- $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE'));
- $userEntry->replace(array('sambaNTPassword' => $sambaNTPassword), $force);
- $userEntry->replace(array('sambaPwdLastSet' => time()), $force);
- $userEntry->update();
+ if (Net_LDAP2::isError($userEntry->update())) {
+ return PASSWORD_CONNECT_ERROR;
}
// All done, no error
@@ -253,6 +269,15 @@ function hashPassword( $passwordClear, $encodageType )
}
break;
+ case 'samba':
+ if (function_exists('hash')) {
+ $cryptedPassword = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE'));
+ } else {
+ /* Your PHP install does not have the hash() function */
+ return false;
+ }
+ break;
+
case 'clear':
default:
$cryptedPassword = $passwordClear;
diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php
index 67f53d091..482b7e56f 100644
--- a/plugins/password/drivers/ldap_simple.php
+++ b/plugins/password/drivers/ldap_simple.php
@@ -14,19 +14,19 @@ function password_save($curpass, $passwd)
{
$rcmail = rcmail::get_instance();
- /* Connect */
+ // Connect
if (!$ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port'))) {
ldap_unbind($ds);
return PASSWORD_CONNECT_ERROR;
}
- /* Set protocol version */
+ // Set protocol version
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) {
ldap_unbind($ds);
return PASSWORD_CONNECT_ERROR;
}
- /* Start TLS */
+ // Start TLS
if ($rcmail->config->get('password_ldap_starttls')) {
if (!ldap_start_tls($ds)) {
ldap_unbind($ds);
@@ -34,7 +34,7 @@ function password_save($curpass, $passwd)
}
}
- /* Build user DN */
+ // Build user DN
if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) {
$user_dn = ldap_simple_substitute_vars($user_dn);
} else {
@@ -46,7 +46,7 @@ function password_save($curpass, $passwd)
return PASSWORD_CONNECT_ERROR;
}
- /* Connection method */
+ // Connection method
switch ($rcmail->config->get('password_ldap_method')) {
case 'admin':
$binddn = $rcmail->config->get('password_ldap_adminDN');
@@ -59,31 +59,51 @@ function password_save($curpass, $passwd)
break;
}
- /* Bind */
- if (!ldap_bind($ds, $binddn, $bindpw)) {
- ldap_unbind($ds);
- return PASSWORD_CONNECT_ERROR;
- }
- /* Crypting new password */
$crypted_pass = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
+ $lchattr = $rcmail->config->get('password_ldap_lchattr');
+ $pwattr = $rcmail->config->get('password_ldap_pwattr');
+ $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr');
+ $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr');
+ $samba = $rcmail->config->get('password_ldap_samba');
+
+ // Support password_ldap_samba option for backward compat.
+ if ($samba && !$smbpwattr) {
+ $smbpwattr = 'sambaNTPassword';
+ $smblchattr = 'sambaPwdLastSet';
+ }
+
+ // Crypt new password
if (!$crypted_pass) {
- ldap_unbind($ds);
return PASSWORD_CRYPT_ERROR;
}
- $entree[$rcmail->config->get('password_ldap_pwattr')] = $crypted_pass;
+ // Crypt new Samba password
+ if ($smbpwattr && !($samba_pass = ldap_simple_hash_password($passwd, 'samba'))) {
+ return PASSWORD_CRYPT_ERROR;
+ }
- /* Updating PasswordLastChange Attribute if desired */
- if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) {
+ // Bind
+ if (!ldap_bind($ds, $binddn, $bindpw)) {
+ ldap_unbind($ds);
+ return PASSWORD_CONNECT_ERROR;
+ }
+
+ $entree[$pwattr] = $crypted_pass;
+
+ // Update PasswordLastChange Attribute if desired
+ if ($lchattr) {
$entree[$lchattr] = (int)(time() / 86400);
}
- /* Update Samba password fields */
- if ($smbattr = $rcmail->config->get('password_ldap_samba')) {
- $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE'));
- $entree['sambaNTPassword'] = $sambaNTPassword;
- $entree['sambaPwdLastSet'] = time();
+ // Update Samba password
+ if ($smbpwattr) {
+ $entree[$smbpwattr] = $samba_pass;
+ }
+
+ // Update Samba password last change
+ if ($smblchattr) {
+ $entree[$smblchattr] = time();
}
if (!ldap_modify($ds, $user_dn, $entree)) {
@@ -91,7 +111,7 @@ function password_save($curpass, $passwd)
return PASSWORD_CONNECT_ERROR;
}
- /* All done, no error */
+ // All done, no error
ldap_unbind($ds);
return PASSWORD_SUCCESS;
}
@@ -215,6 +235,14 @@ function ldap_simple_hash_password($password_clear, $encodage_type)
return false;
}
break;
+ case 'samba':
+ if (function_exists('hash')) {
+ $crypted_password = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE'));
+ } else {
+ /* Your PHP install does not have the hash() function */
+ return false;
+ }
+ break;
case 'clear':
default:
$crypted_password = $password_clear;
diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php
index 96200d61c..78ef4e7c3 100644
--- a/plugins/password/drivers/virtualmin.php
+++ b/plugins/password/drivers/virtualmin.php
@@ -10,15 +10,50 @@
* It only works with virtualmin on the same host where Roundcube runs
* and requires shell access and gcc in order to compile the binary.
*
- * @version 1.0
+ * @version 2.0
* @author Martijn de Munnik
*/
function password_save($currpass, $newpass)
{
- $curdir = realpath(dirname(__FILE__));
- $username = escapeshellcmd($_SESSION['username']);
- $domain = substr(strrchr($username, "@"), 1);
+ $rcmail = rcmail::get_instance();
+
+ $format = $rcmail->config->get('password_virtualmin_format', 0);
+ $username = $_SESSION['username'];
+
+ switch ($format) {
+ case 1: // username%domain
+ $domain = substr(strrchr($username, "%"), 1);
+ break;
+ case 2: // username.domain (could be bogus)
+ $pieces = explode(".", $username);
+ $domain = $pieces[count($pieces)-2]. "." . end($pieces);
+ break;
+ case 3: // domain.username (could be bogus)
+ $pieces = explode(".", $username);
+ $domain = $pieces[0]. "." . $pieces[1];
+ break;
+ case 4: // username-domain
+ $domain = substr(strrchr($username, "-"), 1);
+ break;
+ case 5: // domain-username
+ $domain = str_replace(strrchr($username, "-"), "", $username);
+ break;
+ case 6: // username_domain
+ $domain = substr(strrchr($username, "_"), 1);
+ break;
+ case 7: // domain_username
+ $pieces = explode("_", $username);
+ $domain = $pieces[0];
+ break;
+ default: // username@domain
+ $domain = substr(strrchr($username, "@"), 1);
+ }
+
+ $username = escapeshellcmd($username);
+ $domain = escapeshellcmd($domain);
+ $newpass = escapeshellcmd($newpass);
+ $curdir = realpath(dirname(__FILE__));
exec("$curdir/chgvirtualminpasswd modify-user --domain $domain --user $username --pass $newpass", $output, $returnvalue);
diff --git a/plugins/password/drivers/xmail.php b/plugins/password/drivers/xmail.php
index 39d1e7186..c7f426158 100644
--- a/plugins/password/drivers/xmail.php
+++ b/plugins/password/drivers/xmail.php
@@ -20,7 +20,7 @@
function password_save($currpass, $newpass)
{
$rcmail = rcmail::get_instance();
- list($user,$domain) = split('@',$_SESSION['username']);
+ list($user,$domain) = explode('@', $_SESSION['username']);
$xmail = new XMail;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 22:33:54 +0000