roundcubemail/plugins/password/drivers/ldap_ppolicy.php

<?php

/**
 * ldap_ppolicy driver
 *
 * Driver that adds functionality to change the user password via
 * the 'change_ldap_pass.pl' command respecting password policy (history) in LDAP.
 *
 * @version 1.0
 * @author Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
 *
 */

class rcube_ldap_ppolicy_password
{
    public function save($currpass, $newpass)
    {
        $rcmail = rcmail::get_instance();
        $this->debug = $rcmail->config->get('ldap_debug');

        $cmd    = $rcmail->config->get('password_ldap_ppolicy_cmd');
        $uri    = $rcmail->config->get('password_ldap_ppolicy_uri');
        $baseDN = $rcmail->config->get('password_ldap_ppolicy_basedn');
        $filter = $rcmail->config->get('password_ldap_ppolicy_search_filter');
        $bindDN = $rcmail->config->get('password_ldap_ppolicy_searchDN');
        $bindPW = $rcmail->config->get('password_ldap_ppolicy_searchPW');
        $cafile = $rcmail->config->get('password_ldap_ppolicy_cafile');

        $log_dir = $rcmail->config->get('log_dir');

        if (empty($log_dir)) {
            $log_dir = RCUBE_INSTALL_PATH . 'logs';
        }

        // try to open specific log file for writing
        $logfile = $log_dir.'/password_ldap_ppolicy.err';

        $descriptorspec = array(
            0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
            1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
            2 => array("file", $logfile, "a") // stderr is a file to write to
        );

        $cmd = 'plugins/password/helpers/'. $cmd;
        $this->_debug("parameters:\ncmd:$cmd\nuri:$uri\nbaseDN:$baseDN\nfilter:$filter");
        $process = proc_open($cmd, $descriptorspec, $pipes);

        if (is_resource($process)) {
            // $pipes now looks like this:
            // 0 => writeable handle connected to child stdin
            // 1 => readable handle connected to child stdout
            // Any error output will be appended to /tmp/error-output.txt

            fwrite($pipes[0], $uri."\n");
            fwrite($pipes[0], $baseDN."\n");
            fwrite($pipes[0], $filter."\n");
            fwrite($pipes[0], $bindDN."\n");
            fwrite($pipes[0], $bindPW."\n");
            fwrite($pipes[0], $_SESSION['username']."\n");
            fwrite($pipes[0], $currpass."\n");
            fwrite($pipes[0], $newpass."\n");
            fwrite($pipes[0], $cafile);
            fclose($pipes[0]);

            $result = stream_get_contents($pipes[1]);
            fclose($pipes[1]);

            $this->_debug('Result:'.$result);

            switch ($result) {
            case "OK":
                return PASSWORD_SUCCESS;
            case "Password is in history of old passwords":
                return  PASSWORD_IN_HISTORY;
            case "Cannot connect to any server":
                return PASSWORD_CONNECT_ERROR;
            default:
                rcube::raise_error(array(
                        'code' => 600,
                        'type' => 'php',
                        'file' => __FILE__, 'line' => __LINE__,
                        'message' => $result
                    ), true, false);
            }

            return PASSWORD_ERROR;
        }
    }

    private function _debug($str)
    {
        if ($this->debug) {
            rcube::write_log('password_ldap_ppolicy', $str);
        }
    }
}
LDAP password policy driver files 9 years ago			`<?php`

			`/**`
			`* ldap_ppolicy driver`
			`*`
			`* Driver that adds functionality to change the user password via`
			`* the 'change_ldap_pass.pl' command respecting password policy (history) in LDAP.`
			`*`
			`* @version 1.0`
			`* @author Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>`
			`*`
			`*/`

			`class rcube_ldap_ppolicy_password`
			`{`
			`public function save($currpass, $newpass)`
			`{`
CS fixes, updated changelog 8 years ago			`$rcmail = rcmail::get_instance();`
			`$this->debug = $rcmail->config->get('ldap_debug');`

			`$cmd = $rcmail->config->get('password_ldap_ppolicy_cmd');`
Change parameters names to the standard. 8 years ago			`$uri = $rcmail->config->get('password_ldap_ppolicy_uri');`
CS fixes, updated changelog 8 years ago			`$baseDN = $rcmail->config->get('password_ldap_ppolicy_basedn');`
Change parameters names to the standard. 8 years ago			`$filter = $rcmail->config->get('password_ldap_ppolicy_search_filter');`
			`$bindDN = $rcmail->config->get('password_ldap_ppolicy_searchDN');`
			`$bindPW = $rcmail->config->get('password_ldap_ppolicy_searchPW');`
			`$cafile = $rcmail->config->get('password_ldap_ppolicy_cafile');`
LDAP password policy driver files 9 years ago
CS fixes, updated changelog 8 years ago			`$log_dir = $rcmail->config->get('log_dir');`

			`if (empty($log_dir)) {`
			`$log_dir = RCUBE_INSTALL_PATH . 'logs';`
			`}`

			`// try to open specific log file for writing`
			`$logfile = $log_dir.'/password_ldap_ppolicy.err';`

LDAP password policy driver files 9 years ago			`$descriptorspec = array(`
CS fixes, updated changelog 8 years ago			`0 => array("pipe", "r"), // stdin is a pipe that the child will read from`
			`1 => array("pipe", "w"), // stdout is a pipe that the child will write to`
			`2 => array("file", $logfile, "a") // stderr is a file to write to`
LDAP password policy driver files 9 years ago			`);`
CS fixes, updated changelog 8 years ago
The correction of the script path and log_dir from the rc config. 8 years ago			`$cmd = 'plugins/password/helpers/'. $cmd;`
LDAP password policy driver files 9 years ago			`$this->_debug("parameters:\ncmd:$cmd\nuri:$uri\nbaseDN:$baseDN\nfilter:$filter");`
			`$process = proc_open($cmd, $descriptorspec, $pipes);`
CS fixes, updated changelog 8 years ago
LDAP password policy driver files 9 years ago			`if (is_resource($process)) {`
CS fixes, updated changelog 8 years ago			`// $pipes now looks like this:`
			`// 0 => writeable handle connected to child stdin`
			`// 1 => readable handle connected to child stdout`
			`// Any error output will be appended to /tmp/error-output.txt`

			`fwrite($pipes[0], $uri."\n");`
			`fwrite($pipes[0], $baseDN."\n");`
			`fwrite($pipes[0], $filter."\n");`
			`fwrite($pipes[0], $bindDN."\n");`
			`fwrite($pipes[0], $bindPW."\n");`
			`fwrite($pipes[0], $_SESSION['username']."\n");`
			`fwrite($pipes[0], $currpass."\n");`
			`fwrite($pipes[0], $newpass."\n");`
			`fwrite($pipes[0], $cafile);`
			`fclose($pipes[0]);`

			`$result = stream_get_contents($pipes[1]);`
			`fclose($pipes[1]);`

			`$this->_debug('Result:'.$result);`

			`switch ($result) {`
			`case "OK":`
			`return PASSWORD_SUCCESS;`
			`case "Password is in history of old passwords":`
			`return PASSWORD_IN_HISTORY;`
			`case "Cannot connect to any server":`
			`return PASSWORD_CONNECT_ERROR;`
			`default:`
			`rcube::raise_error(array(`
			`'code' => 600,`
			`'type' => 'php',`
			`'file' => __FILE__, 'line' => __LINE__,`
			`'message' => $result`
			`), true, false);`
			`}`

			`return PASSWORD_ERROR;`
			`}`
LDAP password policy driver files 9 years ago			`}`
CS fixes, updated changelog 8 years ago
LDAP password policy driver files 9 years ago			`private function _debug($str)`
			`{`
CS fixes, updated changelog 8 years ago			`if ($this->debug) {`
			`rcube::write_log('password_ldap_ppolicy', $str);`
			`}`
LDAP password policy driver files 9 years ago			`}`
			`}`