Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

ldap_ppolicy.php 3.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
  1. <?php
  2. /**
  3. * ldap_ppolicy driver
  4. *
  5. * Driver that adds functionality to change the user password via
  6. * the 'change_ldap_pass.pl' command respecting password policy (history) in LDAP.
  7. *
  8. * @version 1.0
  9. * @author Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
  10. *
  11. */
  12. class rcube_ldap_ppolicy_password
  13. {
  14. public function save($currpass, $newpass)
  15. {
  16. $rcmail = rcmail::get_instance();
  17. $this->debug = $rcmail->config->get('ldap_debug');
  18. $cmd = $rcmail->config->get('password_ldap_ppolicy_cmd');
  19. $uri = $rcmail->config->get('password_ldap_ppolicy_uri');
  20. $baseDN = $rcmail->config->get('password_ldap_ppolicy_basedn');
  21. $filter = $rcmail->config->get('password_ldap_ppolicy_search_filter');
  22. $bindDN = $rcmail->config->get('password_ldap_ppolicy_searchDN');
  23. $bindPW = $rcmail->config->get('password_ldap_ppolicy_searchPW');
  24. $cafile = $rcmail->config->get('password_ldap_ppolicy_cafile');
  25. $log_dir = $rcmail->config->get('log_dir');
  26. if (empty($log_dir)) {
  27. $log_dir = RCUBE_INSTALL_PATH . 'logs';
  28. }
  29. // try to open specific log file for writing
  30. $logfile = $log_dir.'/password_ldap_ppolicy.err';
  31. $descriptorspec = array(
  32. 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
  33. 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
  34. 2 => array("file", $logfile, "a") // stderr is a file to write to
  35. );
  36. $cmd = 'plugins/password/helpers/'. $cmd;
  37. $this->_debug("parameters:\ncmd:$cmd\nuri:$uri\nbaseDN:$baseDN\nfilter:$filter");
  38. $process = proc_open($cmd, $descriptorspec, $pipes);
  39. if (is_resource($process)) {
  40. // $pipes now looks like this:
  41. // 0 => writeable handle connected to child stdin
  42. // 1 => readable handle connected to child stdout
  43. // Any error output will be appended to /tmp/error-output.txt
  44. fwrite($pipes[0], $uri."\n");
  45. fwrite($pipes[0], $baseDN."\n");
  46. fwrite($pipes[0], $filter."\n");
  47. fwrite($pipes[0], $bindDN."\n");
  48. fwrite($pipes[0], $bindPW."\n");
  49. fwrite($pipes[0], $_SESSION['username']."\n");
  50. fwrite($pipes[0], $currpass."\n");
  51. fwrite($pipes[0], $newpass."\n");
  52. fwrite($pipes[0], $cafile);
  53. fclose($pipes[0]);
  54. $result = stream_get_contents($pipes[1]);
  55. fclose($pipes[1]);
  56. $this->_debug('Result:'.$result);
  57. switch ($result) {
  58. case "OK":
  59. return PASSWORD_SUCCESS;
  60. case "Password is in history of old passwords":
  61. return PASSWORD_IN_HISTORY;
  62. case "Cannot connect to any server":
  63. return PASSWORD_CONNECT_ERROR;
  64. default:
  65. rcube::raise_error(array(
  66. 'code' => 600,
  67. 'type' => 'php',
  68. 'file' => __FILE__, 'line' => __LINE__,
  69. 'message' => $result
  70. ), true, false);
  71. }
  72. return PASSWORD_ERROR;
  73. }
  74. }
  75. private function _debug($str)
  76. {
  77. if ($this->debug) {
  78. rcube::write_log('password_ldap_ppolicy', $str);
  79. }
  80. }
  81. }