robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 Commits
2 Branches
Tree: ad3f0fe5b1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ad3f0fe5b1'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.3.6/plugins/password/drivers/ldap_ppolicy.php

ldap_ppolicy.php 3.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 
  1. <?php

  2. 

  3. /**

  4.  * ldap_ppolicy driver

  5.  *

  6.  * Driver that adds functionality to change the user password via

  7.  * the 'change_ldap_pass.pl' command respecting password policy (history) in LDAP.

  8.  *

  9.  * @version 1.0

  10.  * @author Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>

  11.  *

  12.  */

  13. 

  14. class rcube_ldap_ppolicy_password

  15. {

  16.     public function save($currpass, $newpass)

  17.     {

  18.         $rcmail = rcmail::get_instance();

  19.         $this->debug = $rcmail->config->get('ldap_debug');

  20. 

  21.         $cmd    = $rcmail->config->get('password_ldap_ppolicy_cmd');

  22.         $uri    = $rcmail->config->get('password_ldap_ppolicy_uri');

  23.         $baseDN = $rcmail->config->get('password_ldap_ppolicy_basedn');

  24.         $filter = $rcmail->config->get('password_ldap_ppolicy_search_filter');

  25.         $bindDN = $rcmail->config->get('password_ldap_ppolicy_searchDN');

  26.         $bindPW = $rcmail->config->get('password_ldap_ppolicy_searchPW');

  27.         $cafile = $rcmail->config->get('password_ldap_ppolicy_cafile');

  28. 

  29.         $log_dir = $rcmail->config->get('log_dir');

  30. 

  31.         if (empty($log_dir)) {

  32.             $log_dir = RCUBE_INSTALL_PATH . 'logs';

  33.         }

  34. 

  35.         // try to open specific log file for writing

  36.         $logfile = $log_dir.'/password_ldap_ppolicy.err';

  37. 

  38.         $descriptorspec = array(

  39.             0 => array("pipe", "r"),  // stdin is a pipe that the child will read from

  40.             1 => array("pipe", "w"),  // stdout is a pipe that the child will write to

  41.             2 => array("file", $logfile, "a") // stderr is a file to write to

  42.         );

  43. 

  44.         $cmd = 'plugins/password/helpers/'. $cmd;

  45.         $this->_debug("parameters:\ncmd:$cmd\nuri:$uri\nbaseDN:$baseDN\nfilter:$filter");

  46.         $process = proc_open($cmd, $descriptorspec, $pipes);

  47. 

  48.         if (is_resource($process)) {

  49.             // $pipes now looks like this:

  50.             // 0 => writeable handle connected to child stdin

  51.             // 1 => readable handle connected to child stdout

  52.             // Any error output will be appended to /tmp/error-output.txt

  53. 

  54.             fwrite($pipes[0], $uri."\n");

  55.             fwrite($pipes[0], $baseDN."\n");

  56.             fwrite($pipes[0], $filter."\n");

  57.             fwrite($pipes[0], $bindDN."\n");

  58.             fwrite($pipes[0], $bindPW."\n");

  59.             fwrite($pipes[0], $_SESSION['username']."\n");

  60.             fwrite($pipes[0], $currpass."\n");

  61.             fwrite($pipes[0], $newpass."\n");

  62.             fwrite($pipes[0], $cafile);

  63.             fclose($pipes[0]);

  64. 

  65.             $result = stream_get_contents($pipes[1]);

  66.             fclose($pipes[1]);

  67. 

  68.             $this->_debug('Result:'.$result);

  69. 

  70.             switch ($result) {

  71.             case "OK":

  72.                 return PASSWORD_SUCCESS;

  73.             case "Password is in history of old passwords":

  74.                 return  PASSWORD_IN_HISTORY;

  75.             case "Cannot connect to any server":

  76.                 return PASSWORD_CONNECT_ERROR;

  77.             default:

  78.                 rcube::raise_error(array(

  79.                         'code' => 600,

  80.                         'type' => 'php',

  81.                         'file' => __FILE__, 'line' => __LINE__,

  82.                         'message' => $result

  83.                     ), true, false);

  84.             }

  85. 

  86.             return PASSWORD_ERROR;

  87.         }

  88.     }

  89. 

  90.     private function _debug($str)

  91.     {

  92.         if ($this->debug) {

  93.             rcube::write_log('password_ldap_ppolicy', $str);

  94.         }

  95.     }

  96. }