diff options
Diffstat (limited to 'plugins/password')
-rw-r--r-- | plugins/password/README | 2 | ||||
-rw-r--r-- | plugins/password/config.inc.php.dist | 27 | ||||
-rw-r--r-- | plugins/password/drivers/directadmin.php | 12 | ||||
-rw-r--r-- | plugins/password/drivers/ldap.php | 57 | ||||
-rw-r--r-- | plugins/password/drivers/ldap_simple.php | 70 | ||||
-rw-r--r-- | plugins/password/drivers/virtualmin.php | 43 | ||||
-rw-r--r-- | plugins/password/drivers/xmail.php | 2 | ||||
-rw-r--r-- | plugins/password/localization/es_ES.inc | 22 | ||||
-rw-r--r-- | plugins/password/localization/ru_RU.inc | 2 | ||||
-rw-r--r-- | plugins/password/package.xml | 10 | ||||
-rw-r--r-- | plugins/password/password.js | 6 | ||||
-rw-r--r-- | plugins/password/password.php | 10 |
12 files changed, 193 insertions, 70 deletions
diff --git a/plugins/password/README b/plugins/password/README index a31a0e076..81e4f1ead 100644 --- a/plugins/password/README +++ b/plugins/password/README @@ -201,7 +201,7 @@ As in sasl driver this one allows to change password using shell utility called "virtualmin". See drivers/chgvirtualminpasswd.c for - installation instructions. + installation instructions. See also config.inc.php.dist file. 2.9. hMailServer (hmail) diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index 54e9e51c6..ddf881217 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -18,6 +18,9 @@ $rcmail_config['password_minimum_length'] = 0; // Change to false to remove this check. $rcmail_config['password_require_nonalpha'] = false; +// Enables logging of password changes into logs/password +$rcmail_config['password_log'] = false; + // SQL Driver options // ------------------ @@ -195,8 +198,15 @@ $rcmail_config['password_ldap_force_replace'] = true; // Whenever the password is changed, the attribute will be updated if set (e.g. shadowLastChange) $rcmail_config['password_ldap_lchattr'] = ''; -// Also try to update Samba password attributes: sambaNTPassword and sambaPwdLastSet -$rcmail_config['password_ldap_samba'] = false; +// LDAP Samba password attribute, e.g. sambaNTPassword +// Name of the LDAP's Samba attribute used for storing user password +$rcmail_config['password_ldap_samba_pwattr'] = ''; + +// LDAP Samba Password Last Change Date attribute, e.g. sambaPwdLastSet +// Some places use an attribute to store the date of the last password change +// The date is meassured in "seconds since epoch" (an integer value) +// Whenever the password is changed, the attribute will be updated if set +$rcmail_config['password_ldap_samba_lchattr'] = ''; // DirectAdmin Driver options @@ -275,3 +285,16 @@ $rcmail_config['hmailserver_server'] = array( 'Password' => 'password' // windows user password ); + +// Virtualmin Driver options +// ------------------------- +// Username format: +// 0: username@domain +// 1: username%domain +// 2: username.domain +// 3: domain.username +// 4: username-domain +// 5: domain-username +// 6: username_domain +// 7: domain_username +$rcmail_config['password_virtualmin_format'] = 0; diff --git a/plugins/password/drivers/directadmin.php b/plugins/password/drivers/directadmin.php index d11aae70a..6ca3264c5 100644 --- a/plugins/password/drivers/directadmin.php +++ b/plugins/password/drivers/directadmin.php @@ -316,8 +316,8 @@ class HTTPSocket { } } - - list($this->result_header,$this->result_body) = split("\r\n\r\n",$this->result,2); + + list($this->result_header, $this->result_body) = explode("\r\n\r\n", $this->result, 2); if ($this->bind_host) { @@ -378,7 +378,7 @@ class HTTPSocket { { if ($asArray) { - return split("\n",$this->fetch_body()); + return explode("\n", $this->fetch_body()); } return $this->fetch_body(); @@ -438,14 +438,14 @@ class HTTPSocket { */ function fetch_header( $header = '' ) { - $array_headers = split("\r\n",$this->result_header); - + $array_headers = explode("\r\n", $this->result_header); + $array_return = array( 0 => $array_headers[0] ); unset($array_headers[0]); foreach ( $array_headers as $pair ) { - list($key,$value) = split(": ",$pair,2); + list($key,$value) = explode(": ", $pair, 2); $array_return[strtolower($key)] = $value; } diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php index e4d91fe1b..a18f349d7 100644 --- a/plugins/password/drivers/ldap.php +++ b/plugins/password/drivers/ldap.php @@ -62,43 +62,59 @@ function password_save($curpass, $passwd) return PASSWORD_CONNECT_ERROR; } - // Crypting new password - $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); - if (!$newCryptedPassword) { + $crypted_pass = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); + $force = $rcmail->config->get('password_ldap_force_replace'); + $pwattr = $rcmail->config->get('password_ldap_pwattr'); + $lchattr = $rcmail->config->get('password_ldap_lchattr'); + $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); + $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); + $samba = $rcmail->config->get('password_ldap_samba'); + + // Support password_ldap_samba option for backward compat. + if ($samba && !$smbpwattr) { + $smbpwattr = 'sambaNTPassword'; + $smblchattr = 'sambaPwdLastSet'; + } + + // Crypt new password + if (!$crypted_pass) { return PASSWORD_CRYPT_ERROR; } + // Crypt new samba password + if ($smbpwattr && !($samba_pass = hashPassword($passwd, 'samba'))) { + return PASSWORD_CRYPT_ERROR; + } + // Writing new crypted password to LDAP $userEntry = $ldap->getEntry($userDN); if (Net_LDAP2::isError($userEntry)) { return PASSWORD_CONNECT_ERROR; } - $pwattr = $rcmail->config->get('password_ldap_pwattr'); - $force = $rcmail->config->get('password_ldap_force_replace'); - - if (!$userEntry->replace(array($pwattr => $newCryptedPassword), $force)) { + if (!$userEntry->replace(array($pwattr => $crypted_pass), $force)) { return PASSWORD_CONNECT_ERROR; } // Updating PasswordLastChange Attribute if desired - if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) { + if ($lchattr) { $current_day = (int)(time() / 86400); if (!$userEntry->replace(array($lchattr => $current_day), $force)) { return PASSWORD_CONNECT_ERROR; } } - if (Net_LDAP2::isError($userEntry->update())) { - return PASSWORD_CONNECT_ERROR; + // Update Samba password and last change fields + if ($smbpwattr) { + $userEntry->replace(array($smbpwattr => $samba_pass), $force); + } + // Update Samba password last change field + if ($smblchattr) { + $userEntry->replace(array($smblchattr => time()), $force); } - // Update Samba password fields, ignore errors if attributes are not found - if ($rcmail->config->get('password_ldap_samba')) { - $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE')); - $userEntry->replace(array('sambaNTPassword' => $sambaNTPassword), $force); - $userEntry->replace(array('sambaPwdLastSet' => time()), $force); - $userEntry->update(); + if (Net_LDAP2::isError($userEntry->update())) { + return PASSWORD_CONNECT_ERROR; } // All done, no error @@ -253,6 +269,15 @@ function hashPassword( $passwordClear, $encodageType ) } break; + case 'samba': + if (function_exists('hash')) { + $cryptedPassword = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE')); + } else { + /* Your PHP install does not have the hash() function */ + return false; + } + break; + case 'clear': default: $cryptedPassword = $passwordClear; diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php index 67f53d091..482b7e56f 100644 --- a/plugins/password/drivers/ldap_simple.php +++ b/plugins/password/drivers/ldap_simple.php @@ -14,19 +14,19 @@ function password_save($curpass, $passwd) { $rcmail = rcmail::get_instance(); - /* Connect */ + // Connect if (!$ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port'))) { ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } - /* Set protocol version */ + // Set protocol version if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) { ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } - /* Start TLS */ + // Start TLS if ($rcmail->config->get('password_ldap_starttls')) { if (!ldap_start_tls($ds)) { ldap_unbind($ds); @@ -34,7 +34,7 @@ function password_save($curpass, $passwd) } } - /* Build user DN */ + // Build user DN if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) { $user_dn = ldap_simple_substitute_vars($user_dn); } else { @@ -46,7 +46,7 @@ function password_save($curpass, $passwd) return PASSWORD_CONNECT_ERROR; } - /* Connection method */ + // Connection method switch ($rcmail->config->get('password_ldap_method')) { case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); @@ -59,31 +59,51 @@ function password_save($curpass, $passwd) break; } - /* Bind */ - if (!ldap_bind($ds, $binddn, $bindpw)) { - ldap_unbind($ds); - return PASSWORD_CONNECT_ERROR; - } - /* Crypting new password */ $crypted_pass = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage')); + $lchattr = $rcmail->config->get('password_ldap_lchattr'); + $pwattr = $rcmail->config->get('password_ldap_pwattr'); + $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); + $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); + $samba = $rcmail->config->get('password_ldap_samba'); + + // Support password_ldap_samba option for backward compat. + if ($samba && !$smbpwattr) { + $smbpwattr = 'sambaNTPassword'; + $smblchattr = 'sambaPwdLastSet'; + } + + // Crypt new password if (!$crypted_pass) { - ldap_unbind($ds); return PASSWORD_CRYPT_ERROR; } - $entree[$rcmail->config->get('password_ldap_pwattr')] = $crypted_pass; + // Crypt new Samba password + if ($smbpwattr && !($samba_pass = ldap_simple_hash_password($passwd, 'samba'))) { + return PASSWORD_CRYPT_ERROR; + } - /* Updating PasswordLastChange Attribute if desired */ - if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) { + // Bind + if (!ldap_bind($ds, $binddn, $bindpw)) { + ldap_unbind($ds); + return PASSWORD_CONNECT_ERROR; + } + + $entree[$pwattr] = $crypted_pass; + + // Update PasswordLastChange Attribute if desired + if ($lchattr) { $entree[$lchattr] = (int)(time() / 86400); } - /* Update Samba password fields */ - if ($smbattr = $rcmail->config->get('password_ldap_samba')) { - $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE')); - $entree['sambaNTPassword'] = $sambaNTPassword; - $entree['sambaPwdLastSet'] = time(); + // Update Samba password + if ($smbpwattr) { + $entree[$smbpwattr] = $samba_pass; + } + + // Update Samba password last change + if ($smblchattr) { + $entree[$smblchattr] = time(); } if (!ldap_modify($ds, $user_dn, $entree)) { @@ -91,7 +111,7 @@ function password_save($curpass, $passwd) return PASSWORD_CONNECT_ERROR; } - /* All done, no error */ + // All done, no error ldap_unbind($ds); return PASSWORD_SUCCESS; } @@ -215,6 +235,14 @@ function ldap_simple_hash_password($password_clear, $encodage_type) return false; } break; + case 'samba': + if (function_exists('hash')) { + $crypted_password = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE')); + } else { + /* Your PHP install does not have the hash() function */ + return false; + } + break; case 'clear': default: $crypted_password = $password_clear; diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php index 96200d61c..78ef4e7c3 100644 --- a/plugins/password/drivers/virtualmin.php +++ b/plugins/password/drivers/virtualmin.php @@ -10,15 +10,50 @@ * It only works with virtualmin on the same host where Roundcube runs * and requires shell access and gcc in order to compile the binary. * - * @version 1.0 + * @version 2.0 * @author Martijn de Munnik */ function password_save($currpass, $newpass) { - $curdir = realpath(dirname(__FILE__)); - $username = escapeshellcmd($_SESSION['username']); - $domain = substr(strrchr($username, "@"), 1); + $rcmail = rcmail::get_instance(); + + $format = $rcmail->config->get('password_virtualmin_format', 0); + $username = $_SESSION['username']; + + switch ($format) { + case 1: // username%domain + $domain = substr(strrchr($username, "%"), 1); + break; + case 2: // username.domain (could be bogus) + $pieces = explode(".", $username); + $domain = $pieces[count($pieces)-2]. "." . end($pieces); + break; + case 3: // domain.username (could be bogus) + $pieces = explode(".", $username); + $domain = $pieces[0]. "." . $pieces[1]; + break; + case 4: // username-domain + $domain = substr(strrchr($username, "-"), 1); + break; + case 5: // domain-username + $domain = str_replace(strrchr($username, "-"), "", $username); + break; + case 6: // username_domain + $domain = substr(strrchr($username, "_"), 1); + break; + case 7: // domain_username + $pieces = explode("_", $username); + $domain = $pieces[0]; + break; + default: // username@domain + $domain = substr(strrchr($username, "@"), 1); + } + + $username = escapeshellcmd($username); + $domain = escapeshellcmd($domain); + $newpass = escapeshellcmd($newpass); + $curdir = realpath(dirname(__FILE__)); exec("$curdir/chgvirtualminpasswd modify-user --domain $domain --user $username --pass $newpass", $output, $returnvalue); diff --git a/plugins/password/drivers/xmail.php b/plugins/password/drivers/xmail.php index 39d1e7186..c7f426158 100644 --- a/plugins/password/drivers/xmail.php +++ b/plugins/password/drivers/xmail.php @@ -20,7 +20,7 @@ function password_save($currpass, $newpass) { $rcmail = rcmail::get_instance(); - list($user,$domain) = split('@',$_SESSION['username']); + list($user,$domain) = explode('@', $_SESSION['username']); $xmail = new XMail; diff --git a/plugins/password/localization/es_ES.inc b/plugins/password/localization/es_ES.inc index b9a9c1626..32879b4aa 100644 --- a/plugins/password/localization/es_ES.inc +++ b/plugins/password/localization/es_ES.inc @@ -1,21 +1,21 @@ <?php $labels = array(); -$labels['changepasswd'] = 'Cambiar Contraseña'; -$labels['curpasswd'] = 'Contraseña Actual:'; -$labels['newpasswd'] = 'Contraseña Nueva:'; -$labels['confpasswd'] = 'Confirmar Contraseña:'; +$labels['changepasswd'] = 'Cambiar contraseña'; +$labels['curpasswd'] = 'Contraseña actual:'; +$labels['newpasswd'] = 'Contraseña nueva:'; +$labels['confpasswd'] = 'Confirmar contraseña:'; $messages = array(); -$messages['nopassword'] = 'Por favor introduce una nueva contraseña.'; -$messages['nocurpassword'] = 'Por favor introduce la contraseña actual.'; -$messages['passwordincorrect'] = 'Contraseña actual incorrecta.'; -$messages['passwordinconsistency'] = 'Las contraseñas no coinciden, por favor inténtalo de nuevo.'; +$messages['nopassword'] = 'Por favor introduzca una contraseña nueva.'; +$messages['nocurpassword'] = 'Por favor introduzca la contraseña actual.'; +$messages['passwordincorrect'] = 'La contraseña actual es incorrecta.'; +$messages['passwordinconsistency'] = 'Las contraseñas no coinciden. Por favor, inténtelo de nuevo.'; $messages['crypterror'] = 'No se pudo guardar la contraseña nueva. Falta la función de cifrado.'; $messages['connecterror'] = 'No se pudo guardar la contraseña nueva. Error de conexión'; $messages['internalerror'] = 'No se pudo guardar la contraseña nueva.'; -$messages['passwordshort'] = 'Tu contraseña debe tener una longitud mínima de $length.'; -$messages['passwordweak'] = 'Tu nueva contraseña debe incluir al menos un número y un signo de puntuación.'; -$messages['passwordforbidden'] = 'La contraseña contiene caracteres prohibidos.'; +$messages['passwordshort'] = 'La contraseña debe tener por lo menos $length caracteres.'; +$messages['passwordweak'] = 'La contraseña debe incluir al menos un número y un signo de puntuación.'; +$messages['passwordforbidden'] = 'La contraseña introducida contiene caracteres no permitidos.'; ?> diff --git a/plugins/password/localization/ru_RU.inc b/plugins/password/localization/ru_RU.inc index 5a108d660..3776b4598 100644 --- a/plugins/password/localization/ru_RU.inc +++ b/plugins/password/localization/ru_RU.inc @@ -5,7 +5,7 @@ | plugins/password/localization/ru_RU.inc | | | | Language file of the Roundcube help plugin | -| Copyright (C) 2005-2010, Roundcube Dev. - Switzerland | +| Copyright (C) 2005-2010, The Roundcube Dev Team | | Licensed under the GNU GPL | | | +-----------------------------------------------------------------------+ diff --git a/plugins/password/package.xml b/plugins/password/package.xml index 1d63142d9..a4827dfd0 100644 --- a/plugins/password/package.xml +++ b/plugins/password/package.xml @@ -15,8 +15,8 @@ <email>alec@alec.pl</email> <active>yes</active> </lead> - <date></date> - <time></time> + <date>2011-02-15</date> + <time>12:00</time> <version> <release>2.2</release> <api>1.6</api> @@ -34,6 +34,11 @@ - ldap_simple driver: fix parse error - ldap/ldap_simple drivers: support %dc variable in config - ldap/ldap_simple drivers: support Samba password change +- Fix extended error messages handling (#1487676) +- Fix double request when clicking on Password tab in Firefox +- Fix deprecated split() usage in xmail and directadmin drivers (#1487769) +- Added option (password_log) for logging password changes +- Virtualmin driver: Add option for setting username format (#1487781) </notes> <contents> <dir baseinstalldir="/" name="/"> @@ -61,6 +66,7 @@ <file name="localization/et_EE.inc" role="data"></file> <file name="localization/fi_FI.inc" role="data"></file> <file name="localization/fr_FR.inc" role="data"></file> + <file name="localization/gl_ES.inc" role="data"></file> <file name="localization/hu_HU.inc" role="data"></file> <file name="localization/it_IT.inc" role="data"></file> <file name="localization/lt_LT.inc" role="data"></file> diff --git a/plugins/password/password.js b/plugins/password/password.js index 17fe3f7bb..26376b36d 100644 --- a/plugins/password/password.js +++ b/plugins/password/password.js @@ -7,13 +7,11 @@ if (window.rcmail) { rcmail.addEventListener('init', function(evt) { // <span id="settingstabdefault" class="tablink"><roundcube:button command="preferences" type="link" label="preferences" title="editpreferences" /></span> var tab = $('<span>').attr('id', 'settingstabpluginpassword').addClass('tablink'); - - var button = $('<a>').attr('href', rcmail.env.comm_path+'&_action=plugin.password').html(rcmail.gettext('password')).appendTo(tab); - button.bind('click', function(e){ return rcmail.command('plugin.password', this) }); + var button = $('<a>').attr('href', rcmail.env.comm_path+'&_action=plugin.password') + .html(rcmail.gettext('password')).appendTo(tab); // add button and register commands rcmail.add_element(tab, 'tabs'); - rcmail.register_command('plugin.password', function() { rcmail.goto_url('plugin.password') }, true); rcmail.register_command('plugin.password-save', function() { var input_curpasswd = rcube_find_object('_curpasswd'); var input_newpasswd = rcube_find_object('_newpasswd'); diff --git a/plugins/password/password.php b/plugins/password/password.php index 6d3042b5f..8fc95ea86 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -128,7 +128,15 @@ class password extends rcube_plugin // try to save the password else if (!($res = $this->_save($curpwd, $newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); + + // Reset session password $_SESSION['password'] = $rcmail->encrypt($newpwd); + + // Log password change + if ($rcmail->config->get('password_log')) { + write_log('password', sprintf('Password changed for user %s (ID: %d) from %s', + $rcmail->user->get_username(), $rcmail->user->ID, rcmail_remote_ip())); + } } else { $rcmail->output->command('display_message', $res, 'error'); @@ -232,8 +240,8 @@ class password extends rcube_plugin $result = password_save($curpass, $passwd); if (is_array($result)) { - $result = $result['code']; $message = $result['message']; + $result = $result['code']; } switch ($result) { |