Author: coudot
Date: 2010-08-17 18:20:03 +0200 (Tue, 17 Aug 2010)
New Revision: 131
Modified:
self-service-password/trunk/functions.inc.php
self-service-password/trunk/pages/change.php
Log:
Manage special case when password is changed as user on AD (references #274)
Modified: self-service-password/trunk/functions.inc.php
===================================================================
--- self-service-password/trunk/functions.inc.php 2010-08-16 17:12:09 UTC
(rev 130)
+++ self-service-password/trunk/functions.inc.php 2010-08-17 16:20:03 UTC
(rev 131)
@@ -73,6 +73,17 @@
return $hash;
}
+# Create AD password (Microsoft Active Directory password format)
+function make_ad_password($password) {
+ $password = "\"" . $password . "\"";
+ $len = strlen(utf8_decode($password));
+ $adpassword = "";
+ for ($i = 0; $i < $len; $i++){
+ $adpassword .= "{$password{$i}}\000";
+ }
+ return $adpassword;
+}
+
# Strip slashes added by PHP
# Only if magic_quote_gpc is not set to off in php.ini
function stripslashes_if_gpc_magic_quotes( $string ) {
@@ -170,7 +181,7 @@
# Change password
# @return result code
-function change_password( $ldap, $dn, $password, $ad_mode, $samba_mode, $hash
) {
+function change_password( $ldap, $dn, $password, $ad_mode, $samba_mode, $hash,
$who_change_password, $oldpassword ) {
$result = "";
@@ -182,13 +193,7 @@
# Transform password value
if ( $ad_mode ) {
- $password = "\"" . $password . "\"";
- $len = strlen(utf8_decode($password));
- $adpassword = "";
- for ($i = 0; $i < $len; $i++){
- $adpassword .= "{$password{$i}}\000";
- }
- $password = $adpassword;
+ $password = make_ad_password($password);
} else {
# Hash password if needed
if ( $hash == "SSHA" ) {
@@ -216,8 +221,31 @@
}
# Commit modification on directory
- $replace = ldap_mod_replace($ldap, $dn, $userdata);
+
+ # Special case: AD mode with password changed as user
+ # Need remove of old password value and add of new value
+ if ( $ad_mode and $who_change_password === "user" ) {
+ if (!$oldpassword) {
+ $result = "passworderror";
+ error_log("Cannot modify AD password as user without old
password");
+ return $result;
+ } else {
+ # Delete old password
+ $oldpassword = make_ad_password($oldpassword);
+ $userdata["unicodePwd"] = $oldpassword;
+ $delete = ldap_mod_del($ldap, $dn, $userdata);
+
+ # Add new password
+ $userdata["unicodePwd"] = $password;
+
+ $add = ldap_mod_add($ldap, $dn, $userdata);
+ }
+ # Else just replace with new password
+ } else {
+ $replace = ldap_mod_replace($ldap, $dn, $userdata);
+ }
+
$errno = ldap_errno($ldap);
if ( $errno ) {
$result = "passworderror";
Modified: self-service-password/trunk/pages/change.php
===================================================================
--- self-service-password/trunk/pages/change.php 2010-08-16 17:12:09 UTC
(rev 130)
+++ self-service-password/trunk/pages/change.php 2010-08-17 16:20:03 UTC
(rev 131)
@@ -124,7 +124,7 @@
# Change password
#==============================================================================
if ( $result === "" ) {
- $result = change_password($ldap, $userdn, $newpassword, $ad_mode,
$samba_mode, $hash);
+ $result = change_password($ldap, $userdn, $newpassword, $ad_mode,
$samba_mode, $hash, $who_change_password, $oldpassword);
}
#==============================================================================
_______________________________________________
ltb-changes mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-changes
