From 207cc0b9b3cfdfb29e4f02e83014320fd12eeb68 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Wed, 16 Feb 2011 10:48:11 +0000
Subject: - Applied plugin changes since 0.5-stable release

---
 plugins/password/README                  |  2 +-
 plugins/password/config.inc.php.dist     | 27 +++++++++++-
 plugins/password/drivers/directadmin.php | 12 +++---
 plugins/password/drivers/ldap.php        | 57 ++++++++++++++++++--------
 plugins/password/drivers/ldap_simple.php | 70 ++++++++++++++++++++++----------
 plugins/password/drivers/virtualmin.php  | 43 ++++++++++++++++++--
 plugins/password/drivers/xmail.php       |  2 +-
 plugins/password/localization/es_ES.inc  | 22 +++++-----
 plugins/password/localization/ru_RU.inc  |  2 +-
 plugins/password/package.xml             | 10 ++++-
 plugins/password/password.js             |  6 +--
 plugins/password/password.php            | 10 ++++-
 12 files changed, 193 insertions(+), 70 deletions(-)

(limited to 'plugins/password')

diff --git a/plugins/password/README b/plugins/password/README
index a31a0e076..81e4f1ead 100644
--- a/plugins/password/README
+++ b/plugins/password/README
@@ -201,7 +201,7 @@
 
  As in sasl driver this one allows to change password using shell
  utility called "virtualmin". See drivers/chgvirtualminpasswd.c for
- installation instructions.
+ installation instructions. See also config.inc.php.dist file.
 
 
  2.9. hMailServer (hmail)
diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist
index 54e9e51c6..ddf881217 100644
--- a/plugins/password/config.inc.php.dist
+++ b/plugins/password/config.inc.php.dist
@@ -18,6 +18,9 @@ $rcmail_config['password_minimum_length'] = 0;
 // Change to false to remove this check.
 $rcmail_config['password_require_nonalpha'] = false;
 
+// Enables logging of password changes into logs/password
+$rcmail_config['password_log'] = false;
+
 
 // SQL Driver options
 // ------------------
@@ -195,8 +198,15 @@ $rcmail_config['password_ldap_force_replace'] = true;
 // Whenever the password is changed, the attribute will be updated if set (e.g. shadowLastChange)
 $rcmail_config['password_ldap_lchattr'] = '';
 
-// Also try to update Samba password attributes: sambaNTPassword and sambaPwdLastSet
-$rcmail_config['password_ldap_samba'] = false;
+// LDAP Samba password attribute, e.g. sambaNTPassword
+// Name of the LDAP's Samba attribute used for storing user password
+$rcmail_config['password_ldap_samba_pwattr'] = '';
+ 
+// LDAP Samba Password Last Change Date attribute, e.g. sambaPwdLastSet
+// Some places use an attribute to store the date of the last password change
+// The date is meassured in "seconds since epoch" (an integer value)
+// Whenever the password is changed, the attribute will be updated if set
+$rcmail_config['password_ldap_samba_lchattr'] = '';
 
 
 // DirectAdmin Driver options
@@ -275,3 +285,16 @@ $rcmail_config['hmailserver_server'] = array(
     'Password' => 'password' // windows user password
 );
 
+
+// Virtualmin Driver options
+// -------------------------
+// Username format:
+// 0: username@domain
+// 1: username%domain
+// 2: username.domain
+// 3: domain.username
+// 4: username-domain
+// 5: domain-username
+// 6: username_domain
+// 7: domain_username
+$rcmail_config['password_virtualmin_format'] = 0;
diff --git a/plugins/password/drivers/directadmin.php b/plugins/password/drivers/directadmin.php
index d11aae70a..6ca3264c5 100644
--- a/plugins/password/drivers/directadmin.php
+++ b/plugins/password/drivers/directadmin.php
@@ -316,8 +316,8 @@ class HTTPSocket {
             }
 
         }
-        
-        list($this->result_header,$this->result_body) = split("\r\n\r\n",$this->result,2);
+
+        list($this->result_header, $this->result_body) = explode("\r\n\r\n", $this->result, 2);
 
         if ($this->bind_host)
         {
@@ -378,7 +378,7 @@ class HTTPSocket {
         {
             if ($asArray)
             {
-                return split("\n",$this->fetch_body());
+                return explode("\n", $this->fetch_body());
             }
 
             return $this->fetch_body();
@@ -438,14 +438,14 @@ class HTTPSocket {
      */
     function fetch_header( $header = '' )
     {
-        $array_headers = split("\r\n",$this->result_header);
-        
+        $array_headers = explode("\r\n", $this->result_header);
+
         $array_return = array( 0 => $array_headers[0] );
         unset($array_headers[0]);
 
         foreach ( $array_headers as $pair )
         {
-            list($key,$value) = split(": ",$pair,2);
+            list($key,$value) = explode(": ", $pair, 2);
             $array_return[strtolower($key)] = $value;
         }
 
diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
index e4d91fe1b..a18f349d7 100644
--- a/plugins/password/drivers/ldap.php
+++ b/plugins/password/drivers/ldap.php
@@ -62,43 +62,59 @@ function password_save($curpass, $passwd)
         return PASSWORD_CONNECT_ERROR;
     }
 
-    // Crypting new password
-    $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
-    if (!$newCryptedPassword) {
+    $crypted_pass = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
+    $force        = $rcmail->config->get('password_ldap_force_replace');
+    $pwattr       = $rcmail->config->get('password_ldap_pwattr');
+    $lchattr      = $rcmail->config->get('password_ldap_lchattr');
+    $smbpwattr    = $rcmail->config->get('password_ldap_samba_pwattr');
+    $smblchattr   = $rcmail->config->get('password_ldap_samba_lchattr');
+    $samba        = $rcmail->config->get('password_ldap_samba');
+
+    // Support password_ldap_samba option for backward compat.
+    if ($samba && !$smbpwattr) {
+        $smbpwattr  = 'sambaNTPassword';
+        $smblchattr = 'sambaPwdLastSet';
+    }
+
+    // Crypt new password
+    if (!$crypted_pass) {
         return PASSWORD_CRYPT_ERROR;
     }
 
+    // Crypt new samba password
+    if ($smbpwattr && !($samba_pass = hashPassword($passwd, 'samba'))) {
+	    return PASSWORD_CRYPT_ERROR;
+    }
+
     // Writing new crypted password to LDAP
     $userEntry = $ldap->getEntry($userDN);
     if (Net_LDAP2::isError($userEntry)) {
         return PASSWORD_CONNECT_ERROR;
     }
 
-    $pwattr = $rcmail->config->get('password_ldap_pwattr');
-    $force = $rcmail->config->get('password_ldap_force_replace');
-
-    if (!$userEntry->replace(array($pwattr => $newCryptedPassword), $force)) {
+    if (!$userEntry->replace(array($pwattr => $crypted_pass), $force)) {
         return PASSWORD_CONNECT_ERROR;
     }
 
     // Updating PasswordLastChange Attribute if desired
-    if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) {
+    if ($lchattr) {
        $current_day = (int)(time() / 86400);
        if (!$userEntry->replace(array($lchattr => $current_day), $force)) {
            return PASSWORD_CONNECT_ERROR;
        }
     }
 
-    if (Net_LDAP2::isError($userEntry->update())) {
-        return PASSWORD_CONNECT_ERROR;
+    // Update Samba password and last change fields
+    if ($smbpwattr) {
+        $userEntry->replace(array($smbpwattr => $samba_pass), $force);
+    }
+    // Update Samba password last change field
+    if ($smblchattr) {
+        $userEntry->replace(array($smblchattr => time()), $force);
     }
 
-    // Update Samba password fields, ignore errors if attributes are not found
-    if ($rcmail->config->get('password_ldap_samba')) {
-        $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE'));
-        $userEntry->replace(array('sambaNTPassword' => $sambaNTPassword), $force);
-        $userEntry->replace(array('sambaPwdLastSet' => time()), $force);
-        $userEntry->update();
+    if (Net_LDAP2::isError($userEntry->update())) {
+        return PASSWORD_CONNECT_ERROR;
     }
 
     // All done, no error
@@ -253,6 +269,15 @@ function hashPassword( $passwordClear, $encodageType )
             }
             break;
 
+        case 'samba':
+            if (function_exists('hash')) {
+                $cryptedPassword = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE'));
+            } else {
+				/* Your PHP install does not have the hash() function */
+				return false;
+            }
+            break;
+
         case 'clear':
         default:
             $cryptedPassword = $passwordClear;
diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php
index 67f53d091..482b7e56f 100644
--- a/plugins/password/drivers/ldap_simple.php
+++ b/plugins/password/drivers/ldap_simple.php
@@ -14,19 +14,19 @@ function password_save($curpass, $passwd)
 {
 	$rcmail = rcmail::get_instance();
 
-	/* Connect */
+	// Connect
 	if (!$ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port'))) {
 		ldap_unbind($ds);
 		return PASSWORD_CONNECT_ERROR;
 	}
 
-	/* Set protocol version */
+	// Set protocol version
 	if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) {
 		ldap_unbind($ds);
 		return PASSWORD_CONNECT_ERROR;
 	}
 
-	/* Start TLS */
+	// Start TLS
 	if ($rcmail->config->get('password_ldap_starttls')) {
 		if (!ldap_start_tls($ds)) {
 			ldap_unbind($ds);
@@ -34,7 +34,7 @@ function password_save($curpass, $passwd)
 		}
 	}
 
-	/* Build user DN */
+	// Build user DN
 	if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) {
 		$user_dn = ldap_simple_substitute_vars($user_dn);
 	} else {
@@ -46,7 +46,7 @@ function password_save($curpass, $passwd)
 		return PASSWORD_CONNECT_ERROR;
 	}
 
-	/* Connection method */
+	// Connection method
 	switch ($rcmail->config->get('password_ldap_method')) {
 		case 'admin':
 			$binddn = $rcmail->config->get('password_ldap_adminDN');
@@ -59,31 +59,51 @@ function password_save($curpass, $passwd)
 			break;
 	}
 
-	/* Bind */
-	if (!ldap_bind($ds, $binddn, $bindpw)) {
-		ldap_unbind($ds);
-		return PASSWORD_CONNECT_ERROR;
-	}
 
-	/* Crypting new password */
 	$crypted_pass = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
+	$lchattr      = $rcmail->config->get('password_ldap_lchattr');
+	$pwattr       = $rcmail->config->get('password_ldap_pwattr');
+    $smbpwattr    = $rcmail->config->get('password_ldap_samba_pwattr');
+    $smblchattr   = $rcmail->config->get('password_ldap_samba_lchattr');
+    $samba        = $rcmail->config->get('password_ldap_samba');
+
+    // Support password_ldap_samba option for backward compat.
+    if ($samba && !$smbpwattr) {
+        $smbpwattr  = 'sambaNTPassword';
+        $smblchattr = 'sambaPwdLastSet';
+    }
+
+	// Crypt new password
 	if (!$crypted_pass) {
-		ldap_unbind($ds);
 		return PASSWORD_CRYPT_ERROR;
 	}
 
-	$entree[$rcmail->config->get('password_ldap_pwattr')] = $crypted_pass;
+    // Crypt new Samba password
+    if ($smbpwattr && !($samba_pass = ldap_simple_hash_password($passwd, 'samba'))) {
+	    return PASSWORD_CRYPT_ERROR;
+    }
 
-	/* Updating PasswordLastChange Attribute if desired */
-	if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) {
+	// Bind
+	if (!ldap_bind($ds, $binddn, $bindpw)) {
+		ldap_unbind($ds);
+		return PASSWORD_CONNECT_ERROR;
+	}
+
+	$entree[$pwattr] = $crypted_pass;
+
+	// Update PasswordLastChange Attribute if desired
+	if ($lchattr) {
 		$entree[$lchattr] = (int)(time() / 86400);
 	}
 
-    /* Update Samba password fields */
-    if ($smbattr = $rcmail->config->get('password_ldap_samba')) {
-        $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE'));
-        $entree['sambaNTPassword'] = $sambaNTPassword;
-        $entree['sambaPwdLastSet'] = time();
+    // Update Samba password
+    if ($smbpwattr) {
+        $entree[$smbpwattr] = $samba_pass;
+    }
+
+    // Update Samba password last change
+    if ($smblchattr) {
+        $entree[$smblchattr] = time();
     }
 
 	if (!ldap_modify($ds, $user_dn, $entree)) {
@@ -91,7 +111,7 @@ function password_save($curpass, $passwd)
 		return PASSWORD_CONNECT_ERROR;
 	}
 
-	/* All done, no error */
+	// All done, no error
 	ldap_unbind($ds);
 	return PASSWORD_SUCCESS;
 }
@@ -215,6 +235,14 @@ function ldap_simple_hash_password($password_clear, $encodage_type)
 				return false;
 			}
 			break;
+        case 'samba':
+            if (function_exists('hash')) {
+                $crypted_password = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE'));
+            } else {
+				/* Your PHP install does not have the hash() function */
+				return false;
+            }
+            break;
 		case 'clear':
 		default:
 			$crypted_password = $password_clear;
diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php
index 96200d61c..78ef4e7c3 100644
--- a/plugins/password/drivers/virtualmin.php
+++ b/plugins/password/drivers/virtualmin.php
@@ -10,15 +10,50 @@
  * It only works with virtualmin on the same host where Roundcube runs
  * and requires shell access and gcc in order to compile the binary.
  *
- * @version 1.0
+ * @version 2.0
  * @author Martijn de Munnik
  */
 
 function password_save($currpass, $newpass)
 {
-    $curdir = realpath(dirname(__FILE__));
-    $username = escapeshellcmd($_SESSION['username']);
-    $domain = substr(strrchr($username, "@"), 1);
+    $rcmail = rcmail::get_instance();
+
+    $format   = $rcmail->config->get('password_virtualmin_format', 0);
+    $username = $_SESSION['username'];
+
+    switch ($format) {
+        case 1: // username%domain
+            $domain = substr(strrchr($username, "%"), 1);
+            break;
+        case 2: // username.domain (could be bogus)
+            $pieces = explode(".", $username);
+            $domain = $pieces[count($pieces)-2]. "." . end($pieces);
+            break;
+        case 3: // domain.username (could be bogus)
+            $pieces = explode(".", $username);
+            $domain = $pieces[0]. "." . $pieces[1];
+            break;
+        case 4: // username-domain
+            $domain = substr(strrchr($username, "-"), 1);
+            break;
+        case 5: // domain-username
+            $domain = str_replace(strrchr($username, "-"), "", $username);
+            break;
+        case 6: // username_domain
+            $domain = substr(strrchr($username, "_"), 1);
+            break;
+        case 7: // domain_username
+            $pieces = explode("_", $username);
+            $domain = $pieces[0];
+            break;
+        default: // username@domain
+            $domain = substr(strrchr($username, "@"), 1);
+    }
+                                                                                                                                                                                                                                                                                                            
+    $username = escapeshellcmd($username);
+    $domain   = escapeshellcmd($domain);
+    $newpass  = escapeshellcmd($newpass);
+    $curdir   = realpath(dirname(__FILE__));
 
     exec("$curdir/chgvirtualminpasswd modify-user --domain $domain --user $username --pass $newpass", $output, $returnvalue);
 
diff --git a/plugins/password/drivers/xmail.php b/plugins/password/drivers/xmail.php
index 39d1e7186..c7f426158 100644
--- a/plugins/password/drivers/xmail.php
+++ b/plugins/password/drivers/xmail.php
@@ -20,7 +20,7 @@
 function password_save($currpass, $newpass)
 {
     $rcmail = rcmail::get_instance();
-    list($user,$domain) = split('@',$_SESSION['username']);
+    list($user,$domain) = explode('@', $_SESSION['username']);
 
     $xmail = new XMail;
 
diff --git a/plugins/password/localization/es_ES.inc b/plugins/password/localization/es_ES.inc
index b9a9c1626..32879b4aa 100644
--- a/plugins/password/localization/es_ES.inc
+++ b/plugins/password/localization/es_ES.inc
@@ -1,21 +1,21 @@
 <?php
 
 $labels = array();
-$labels['changepasswd']  = 'Cambiar Contraseña';
-$labels['curpasswd']  = 'Contraseña Actual:';
-$labels['newpasswd']  = 'Contraseña Nueva:';
-$labels['confpasswd']  = 'Confirmar Contraseña:';
+$labels['changepasswd']  = 'Cambiar contraseña';
+$labels['curpasswd']  = 'Contraseña actual:';
+$labels['newpasswd']  = 'Contraseña nueva:';
+$labels['confpasswd']  = 'Confirmar contraseña:';
 
 $messages = array();
-$messages['nopassword'] = 'Por favor introduce una nueva contraseña.';
-$messages['nocurpassword'] = 'Por favor introduce la contraseña actual.';
-$messages['passwordincorrect'] = 'Contraseña actual incorrecta.';
-$messages['passwordinconsistency'] = 'Las contraseñas no coinciden, por favor inténtalo de nuevo.';
+$messages['nopassword'] = 'Por favor introduzca una contraseña nueva.';
+$messages['nocurpassword'] = 'Por favor introduzca la contraseña actual.';
+$messages['passwordincorrect'] = 'La contraseña actual es incorrecta.';
+$messages['passwordinconsistency'] = 'Las contraseñas no coinciden. Por favor, inténtelo de nuevo.';
 $messages['crypterror'] = 'No se pudo guardar la contraseña nueva. Falta la función de cifrado.';
 $messages['connecterror'] = 'No se pudo guardar la contraseña nueva. Error de conexión';
 $messages['internalerror'] = 'No se pudo guardar la contraseña nueva.';
-$messages['passwordshort'] = 'Tu contraseña debe tener una longitud mínima de $length.';
-$messages['passwordweak'] = 'Tu nueva contraseña debe incluir al menos un número y un signo de puntuación.';
-$messages['passwordforbidden'] = 'La contraseña contiene caracteres prohibidos.';
+$messages['passwordshort'] = 'La contraseña debe tener por lo menos $length caracteres.';
+$messages['passwordweak'] = 'La contraseña debe incluir al menos un número y un signo de puntuación.';
+$messages['passwordforbidden'] = 'La contraseña introducida contiene caracteres no permitidos.';
 
 ?>
diff --git a/plugins/password/localization/ru_RU.inc b/plugins/password/localization/ru_RU.inc
index 5a108d660..3776b4598 100644
--- a/plugins/password/localization/ru_RU.inc
+++ b/plugins/password/localization/ru_RU.inc
@@ -5,7 +5,7 @@
 | plugins/password/localization/ru_RU.inc                               |
 |                                                                       |
 | Language file of the Roundcube help plugin                            |
-| Copyright (C) 2005-2010, Roundcube Dev. - Switzerland                 |
+| Copyright (C) 2005-2010, The Roundcube Dev Team                       |
 | Licensed under the GNU GPL                                            |
 |                                                                       |
 +-----------------------------------------------------------------------+
diff --git a/plugins/password/package.xml b/plugins/password/package.xml
index 1d63142d9..a4827dfd0 100644
--- a/plugins/password/package.xml
+++ b/plugins/password/package.xml
@@ -15,8 +15,8 @@
 		<email>alec@alec.pl</email>
 		<active>yes</active>
 	</lead>
-	<date></date>
-	<time></time>
+	<date>2011-02-15</date>
+	<time>12:00</time>
 	<version>
 		<release>2.2</release>
 		<api>1.6</api>
@@ -34,6 +34,11 @@
 - ldap_simple driver: fix parse error
 - ldap/ldap_simple drivers: support %dc variable in config
 - ldap/ldap_simple drivers: support Samba password change
+- Fix extended error messages handling (#1487676)
+- Fix double request when clicking on Password tab in Firefox
+- Fix deprecated split() usage in xmail and directadmin drivers (#1487769)
+- Added option (password_log) for logging password changes
+- Virtualmin driver: Add option for setting username format (#1487781)
     </notes>
 	<contents>
 		<dir baseinstalldir="/" name="/">
@@ -61,6 +66,7 @@
 			<file name="localization/et_EE.inc" role="data"></file>
 			<file name="localization/fi_FI.inc" role="data"></file>
 			<file name="localization/fr_FR.inc" role="data"></file>
+			<file name="localization/gl_ES.inc" role="data"></file>
 			<file name="localization/hu_HU.inc" role="data"></file>
 			<file name="localization/it_IT.inc" role="data"></file>
 			<file name="localization/lt_LT.inc" role="data"></file>
diff --git a/plugins/password/password.js b/plugins/password/password.js
index 17fe3f7bb..26376b36d 100644
--- a/plugins/password/password.js
+++ b/plugins/password/password.js
@@ -7,13 +7,11 @@ if (window.rcmail) {
   rcmail.addEventListener('init', function(evt) {
     // <span id="settingstabdefault" class="tablink"><roundcube:button command="preferences" type="link" label="preferences" title="editpreferences" /></span>
     var tab = $('<span>').attr('id', 'settingstabpluginpassword').addClass('tablink');
-    
-    var button = $('<a>').attr('href', rcmail.env.comm_path+'&_action=plugin.password').html(rcmail.gettext('password')).appendTo(tab);
-    button.bind('click', function(e){ return rcmail.command('plugin.password', this) });
+    var button = $('<a>').attr('href', rcmail.env.comm_path+'&_action=plugin.password')
+      .html(rcmail.gettext('password')).appendTo(tab);
 
     // add button and register commands
     rcmail.add_element(tab, 'tabs');
-    rcmail.register_command('plugin.password', function() { rcmail.goto_url('plugin.password') }, true);
     rcmail.register_command('plugin.password-save', function() { 
       var input_curpasswd = rcube_find_object('_curpasswd');
       var input_newpasswd = rcube_find_object('_newpasswd');
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 6d3042b5f..8fc95ea86 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -128,7 +128,15 @@ class password extends rcube_plugin
             // try to save the password
             else if (!($res = $this->_save($curpwd, $newpwd))) {
                 $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
+
+                // Reset session password
                 $_SESSION['password'] = $rcmail->encrypt($newpwd);
+
+                // Log password change
+                if ($rcmail->config->get('password_log')) {
+                    write_log('password', sprintf('Password changed for user %s (ID: %d) from %s',
+                        $rcmail->user->get_username(), $rcmail->user->ID, rcmail_remote_ip()));
+                }
             }
             else {
                 $rcmail->output->command('display_message', $res, 'error');
@@ -232,8 +240,8 @@ class password extends rcube_plugin
         $result = password_save($curpass, $passwd);
 
         if (is_array($result)) {
-            $result  = $result['code'];
             $message = $result['message'];
+            $result  = $result['code'];
         }
 
         switch ($result) {
-- 
cgit v1.2.3