banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CS fixes, updated changelog

Browse Source
pull/5468/head
Aleksander Machniak 8 years ago
parent 7f4ab8c14a
commit affec47eab
3 changed files with 121 additions and 126 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail CHANGELOG Roundcube Webmail
=========================== ===========================
- Password: Added LDAP PPolicy driver (#5364)
- Implement separate action to mark all messages in a folder as \Seen (#5006) - Implement separate action to mark all messages in a folder as \Seen (#5006)
- Implement marking as \Seen in all folders or in a folder and its subfolders (#5076) - Implement marking as \Seen in all folders or in a folder and its subfolders (#5076)
- Archive: Don't reload messages list when it's not needed (#5225) - Archive: Don't reload messages list when it's not needed (#5225)

128
plugins/password/drivers/ldap_ppolicy.php
Unescape Escape View File

@ -6,95 +6,91 @@
* Driver that adds functionality to change the user password via * Driver that adds functionality to change the user password via
* the 'change_ldap_pass.pl' command respecting password policy (history) in LDAP. * the 'change_ldap_pass.pl' command respecting password policy (history) in LDAP.
* *
*
* @version 1.0 * @version 1.0
* @author Zbigniew Szmyd <zbigniew.szmyd@linseco.pl> * @author Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
* *
*/ */
class rcube_ldap_ppolicy_password class rcube_ldap_ppolicy_password
{ {
public function save($currpass, $newpass) public function save($currpass, $newpass)
{ {
$rcmail = rcmail::get_instance(); $rcmail = rcmail::get_instance();
$this->debug = $rcmail->config->get('ldap_debug'); $this->debug = $rcmail->config->get('ldap_debug');
$cmd = $rcmail->config->get('password_ldap_ppolicy_cmd'); $cmd = $rcmail->config->get('password_ldap_ppolicy_cmd');
$uri = $rcmail->config->get('password_ldap_ppolicy_uri'); $uri = $rcmail->config->get('password_ldap_ppolicy_uri');
$baseDN = $rcmail->config->get('password_ldap_ppolicy_basedn'); $baseDN = $rcmail->config->get('password_ldap_ppolicy_basedn');
$filter = $rcmail->config->get('password_ldap_ppolicy_search_filter'); $filter = $rcmail->config->get('password_ldap_ppolicy_search_filter');
$bindDN = $rcmail->config->get('password_ldap_ppolicy_searchDN'); $bindDN = $rcmail->config->get('password_ldap_ppolicy_searchDN');
$bindPW = $rcmail->config->get('password_ldap_ppolicy_searchPW'); $bindPW = $rcmail->config->get('password_ldap_ppolicy_searchPW');
$cafile = $rcmail->config->get('password_ldap_ppolicy_cafile'); $cafile = $rcmail->config->get('password_ldap_ppolicy_cafile');
$log_dir = $rcmail->config->get('log_dir'); $log_dir = $rcmail->config->get('log_dir');
if (empty($log_dir)) { if (empty($log_dir)) {
$log_dir = RCUBE_INSTALL_PATH . 'logs'; $log_dir = RCUBE_INSTALL_PATH . 'logs';
} }
// try to open specific log file for writing // try to open specific log file for writing
$logfile = $log_dir.'/password_ldap_ppolicy.err'; $logfile = $log_dir.'/password_ldap_ppolicy.err';
$descriptorspec = array( $descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("file", $logfile, "a") // stderr is a file to write to 2 => array("file", $logfile, "a") // stderr is a file to write to
); );
$cmd = 'plugins/password/helpers/'. $cmd; $cmd = 'plugins/password/helpers/'. $cmd;
$this->_debug("parameters:\ncmd:$cmd\nuri:$uri\nbaseDN:$baseDN\nfilter:$filter"); $this->_debug("parameters:\ncmd:$cmd\nuri:$uri\nbaseDN:$baseDN\nfilter:$filter");
$process = proc_open($cmd, $descriptorspec, $pipes); $process = proc_open($cmd, $descriptorspec, $pipes);
if (is_resource($process)) { if (is_resource($process)) {
// $pipes now looks like this: // $pipes now looks like this:
// 0 => writeable handle connected to child stdin // 0 => writeable handle connected to child stdin
// 1 => readable handle connected to child stdout // 1 => readable handle connected to child stdout
// Any error output will be appended to /tmp/error-output.txt // Any error output will be appended to /tmp/error-output.txt
fwrite($pipes[0], $uri."\n"); fwrite($pipes[0], $uri."\n");
fwrite($pipes[0], $baseDN."\n"); fwrite($pipes[0], $baseDN."\n");
fwrite($pipes[0], $filter."\n"); fwrite($pipes[0], $filter."\n");
fwrite($pipes[0], $bindDN."\n"); fwrite($pipes[0], $bindDN."\n");
fwrite($pipes[0], $bindPW."\n"); fwrite($pipes[0], $bindPW."\n");
fwrite($pipes[0], $_SESSION['username']."\n"); fwrite($pipes[0], $_SESSION['username']."\n");
fwrite($pipes[0], $currpass."\n"); fwrite($pipes[0], $currpass."\n");
fwrite($pipes[0], $newpass."\n"); fwrite($pipes[0], $newpass."\n");
fwrite($pipes[0], $cafile); fwrite($pipes[0], $cafile);
fclose($pipes[0]); fclose($pipes[0]);
$result = stream_get_contents($pipes[1]); $result = stream_get_contents($pipes[1]);
fclose($pipes[1]); fclose($pipes[1]);
$this->_debug('Result:'.$result); $this->_debug('Result:'.$result);
switch ($result) { switch ($result) {
case "OK": case "OK":
return PASSWORD_SUCCESS; return PASSWORD_SUCCESS;
case "Password is in history of old passwords": case "Password is in history of old passwords":
return PASSWORD_IN_HISTORY; return PASSWORD_IN_HISTORY;
case "Cannot connect to any server":
case "Cannot connect to any server": return PASSWORD_CONNECT_ERROR;
return PASSWORD_CONNECT_ERROR; default:
default: rcube::raise_error(array(
rcube::raise_error(array( 'code' => 600,
'code' => 600, 'type' => 'php',
'type' => 'php', 'file' => __FILE__, 'line' => __LINE__,
'file' => __FILE__, 'line' => __LINE__, 'message' => $result
'message' => $result ), true, false);
), true, false); }
}
return PASSWORD_ERROR;
return PASSWORD_ERROR; }
}
} }
private function _debug($str) private function _debug($str)
{ {
if ($this->debug) { if ($this->debug) {
rcube::write_log('password_ldap_ppolicy', $str); rcube::write_log('password_ldap_ppolicy', $str);
} }
} }
} }

118
plugins/password/helpers/change_ldap_pass.pl
Unescape Escape View File

@ -14,76 +14,74 @@ binmode(STDOUT, ':utf8');
my %PAR = (); my %PAR = ();
if (my $param = shift @ARGV){ if (my $param = shift @ARGV){
print "Password change in LDAP\n\n"; print "Password change in LDAP\n\n";
print "Run script without any parameter and pass the following data:\n"; print "Run script without any parameter and pass the following data:\n";
print "URI\nbaseDN\nFilter\nbindDN\nbindPW\nLogin\nuserPass\nnewPass\nCAfile\n"; print "URI\nbaseDN\nFilter\nbindDN\nbindPW\nLogin\nuserPass\nnewPass\nCAfile\n";
exit; exit;
} }
foreach my $param ('uri','base','filter','binddn','bindpw','user','pass','new_pass','ca'){ foreach my $param ('uri','base','filter','binddn','bindpw','user','pass','new_pass','ca'){
$PAR{$param} = <>; $PAR{$param} = <>;
$PAR{$param} =~ s/\r|\n//g; $PAR{$param} =~ s/\r|\n//g;
} }
my @servers = split (/\s+/, $PAR{'uri'}); my @servers = split (/\s+/, $PAR{'uri'});
my $active_server = 0; my $active_server = 0;
my $ldap; my $ldap;
while ((my $serwer = shift @servers) && !($active_server)){ while ((my $serwer = shift @servers) && !($active_server)) {
my $ldap_uri = URI->new($serwer); my $ldap_uri = URI->new($serwer);
if ($ldap_uri->secure){ if ($ldap_uri->secure) {
$ldap = Net::LDAP->new($ldap_uri->as_string, $ldap = Net::LDAP->new($ldap_uri->as_string,
version => 3, version => 3,
verify => 'require', verify => 'require',
sslversion => 'tlsv1', sslversion => 'tlsv1',
cafile => $PAR{'ca'}); cafile => $PAR{'ca'});
} else { } else {
$ldap = Net::LDAP->new($ldap_uri->as_string, version => 3); $ldap = Net::LDAP->new($ldap_uri->as_string, version => 3);
} }
$active_server = 1 if ($ldap); $active_server = 1 if ($ldap);
} }
if ($active_server){ if ($active_server) {
my $mesg = $ldap->bind( $PAR{'binddn'}, password => $PAR{'bindpw'} ); my $mesg = $ldap->bind($PAR{'binddn'}, password => $PAR{'bindpw'});
if ($mesg->code != 0){ if ($mesg->code != 0) {
print "Cannot login: ". $mesg->error; print "Cannot login: ". $mesg->error;
} else { } else {
# Wyszukanie usera wg filtra # Wyszukanie usera wg filtra
$PAR{'filter'} =~ s/\%login/$PAR{'user'}/; $PAR{'filter'} =~ s/\%login/$PAR{'user'}/;
my @search_args = (base => $PAR{'base'}, my @search_args = (
scope => 'sub', base => $PAR{'base'},
filter => $PAR{'filter'}, scope => 'sub',
attrs => ['1.1'], filter => $PAR{'filter'},
); attrs => ['1.1'],
my $result = $ldap->search( @search_args ); );
if ($result->code){ my $result = $ldap->search(@search_args);
print $result->error; if ($result->code) {
} else { print $result->error;
my $count = $result->count; } else {
if ($count == 1){ my $count = $result->count;
my @users = $result->entries; if ($count == 1) {
my $dn = $users[0]->dn(); my @users = $result->entries;
$result = $ldap->bind($dn, password => $PAR{'pass'}); my $dn = $users[0]->dn();
if ($result->code){ $result = $ldap->bind($dn, password => $PAR{'pass'});
print $result->error; if ($result->code){
} else { print $result->error;
$result = $ldap->set_password( } else {
newpasswd => $PAR{'new_pass'}, $result = $ldap->set_password(newpasswd => $PAR{'new_pass'});
); if ($result->code) {
if ($result->code){ print $result->error;
print $result->error; } else {
} else { print "OK";
print "OK"; }
} }
} } else {
} else { print "User not found in LDAP\n" if $count == 0;
print "User not found in LDAP\n" if $count == 0; print "Found $count users\n";
print "Found $count users\n"; }
} }
}
} $ldap->unbind();
}
$ldap->unbind();
} else { } else {
print "Cannot connect to any server"; print "Cannot connect to any server";
} }

Write Preview
Loading…
Cancel
Save