WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

refactoring

This commit is contained in:
Roland Gruber 2020-02-01 17:13:35 +01:00
parent c8d1e5ab82
commit 3dc40d1f99
1 changed files with 0 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
lam/lib/modules/windowsUser.inc
View File

@ -3022,9 +3022,6 @@ class windowsUser extends baseModule implements passwordService {
* @param array $attributes LDAP attributes
*/
private function setSelfServicePassword(&$return, $attributes) {
if (!function_exists('ldap_modify_batch')) {
return $this->setSelfServicePasswordCMD($return, $attributes);
}
$newPasswordVal = self::pwdAttributeValue($_POST['windowsUser_unicodePwd']);
$oldPassword = lamDecrypt($_SESSION['selfService_clientPassword'], 'SelfService');
$oldPasswordVal = self::pwdAttributeValue($oldPassword);
@ -3058,80 +3055,6 @@ class windowsUser extends baseModule implements passwordService {
}
}
/**
* Sets the user password in self service.
* Since the change requires the old password we need to run ldapmodify for this task.
*
* Enter description here ...
* @param array $return return value for checkSelfServiceOptions() (used to add message if any)
* @param array $attributes LDAP attributes
*/
private function setSelfServicePasswordCMD(&$return, $attributes) {
$newPasswordVal = self::pwdAttributeValue($_POST['windowsUser_unicodePwd']);
$oldPassword = lamDecrypt($_SESSION['selfService_clientPassword'], 'SelfService');
$oldPasswordVal = self::pwdAttributeValue($oldPassword);
$dn = $attributes['dn'];
$ldif = "dn: " . $dn . "\n";
$ldif .= "changetype: modify\n";
$ldif .= "delete: unicodePwd\n";
$ldif .= "unicodePwd:: " . base64_encode($oldPasswordVal) . "\n";
$ldif .= "-\n";
$ldif .= "add: unicodePwd\n";
$ldif .= "unicodePwd:: " . base64_encode($newPasswordVal) . "\n";
$ldif .= "-\n";
$serverURL = $_SESSION['selfServiceProfile']->serverURL;
$tls = '';
if ($_SESSION['selfServiceProfile']->useTLS) {
$tls = ' -ZZ ';
}
$cmd = "/usr/bin/ldapmodify -H " . $serverURL . $tls . " -D " . escapeshellarg($dn) . " -x -w " . escapeshellarg($oldPassword);
$descriptorspec = array(
0 => array("pipe", "r"), // stdin
1 => array("pipe", "w"), // stout
2 => array("pipe", "w") // sterr
);
$process = proc_open($cmd, $descriptorspec, $pipes);
if (is_resource($process)) {
fwrite($pipes[0], $ldif);
}
else {
logNewMessage(LOG_ERR, 'Unable to change password of ' . $dn . '. Calling /usr/bin/ldapmodify failed.');
$return['messages'][] = array('ERROR', _('Unable to change password.'));
return;
}
fclose($pipes[0]);
$outputMessages = '';
while (!feof($pipes[1])) {
$output = fgets($pipes[1], 1024);
if ($output != '') {
$outputMessages .= $output;
}
}
while (!feof($pipes[2])) {
$output = fgets($pipes[2], 1024);
if ($output != '') {
$outputMessages .= $output;
}
}
fclose($pipes[1]);
$returnCode = proc_close($process);
if ($returnCode != 0) {
$outputMessages = htmlspecialchars($outputMessages);
// Active Directory message translations
if ((strpos($outputMessages, 'DSID-03190F80') !== false) && (strpos($outputMessages, 'unicodePwd') !== false)) {
$outputMessages = _('Your password does not meet the password strength qualifications. Please retry with another one.') . '<br><br>' . $outputMessages;
}
logNewMessage(LOG_ERR, 'Changing user password failed: ' . $outputMessages);
$return['messages'][] = array('ERROR', _('Unable to change password.'), $outputMessages);
}
else {
// update session password for next page load
$_SESSION['selfService_clientPasswordNew'] = $_POST['windowsUser_unicodePwd'];
}
}
/**
* This method specifies if a module manages password attributes. The module alias will
* then appear as option in the GUI.