|
|
@ -3022,9 +3022,6 @@ class windowsUser extends baseModule implements passwordService { |
|
|
|
* @param array $attributes LDAP attributes |
|
|
|
*/ |
|
|
|
private function setSelfServicePassword(&$return, $attributes) { |
|
|
|
if (!function_exists('ldap_modify_batch')) { |
|
|
|
return $this->setSelfServicePasswordCMD($return, $attributes); |
|
|
|
} |
|
|
|
$newPasswordVal = self::pwdAttributeValue($_POST['windowsUser_unicodePwd']); |
|
|
|
$oldPassword = lamDecrypt($_SESSION['selfService_clientPassword'], 'SelfService'); |
|
|
|
$oldPasswordVal = self::pwdAttributeValue($oldPassword); |
|
|
@ -3058,80 +3055,6 @@ class windowsUser extends baseModule implements passwordService { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* Sets the user password in self service. |
|
|
|
* Since the change requires the old password we need to run ldapmodify for this task. |
|
|
|
* |
|
|
|
* Enter description here ... |
|
|
|
* @param array $return return value for checkSelfServiceOptions() (used to add message if any) |
|
|
|
* @param array $attributes LDAP attributes |
|
|
|
*/ |
|
|
|
private function setSelfServicePasswordCMD(&$return, $attributes) { |
|
|
|
$newPasswordVal = self::pwdAttributeValue($_POST['windowsUser_unicodePwd']); |
|
|
|
$oldPassword = lamDecrypt($_SESSION['selfService_clientPassword'], 'SelfService'); |
|
|
|
$oldPasswordVal = self::pwdAttributeValue($oldPassword); |
|
|
|
$dn = $attributes['dn']; |
|
|
|
$ldif = "dn: " . $dn . "\n"; |
|
|
|
$ldif .= "changetype: modify\n"; |
|
|
|
$ldif .= "delete: unicodePwd\n"; |
|
|
|
$ldif .= "unicodePwd:: " . base64_encode($oldPasswordVal) . "\n"; |
|
|
|
$ldif .= "-\n"; |
|
|
|
$ldif .= "add: unicodePwd\n"; |
|
|
|
$ldif .= "unicodePwd:: " . base64_encode($newPasswordVal) . "\n"; |
|
|
|
$ldif .= "-\n"; |
|
|
|
|
|
|
|
$serverURL = $_SESSION['selfServiceProfile']->serverURL; |
|
|
|
$tls = ''; |
|
|
|
if ($_SESSION['selfServiceProfile']->useTLS) { |
|
|
|
$tls = ' -ZZ '; |
|
|
|
} |
|
|
|
$cmd = "/usr/bin/ldapmodify -H " . $serverURL . $tls . " -D " . escapeshellarg($dn) . " -x -w " . escapeshellarg($oldPassword); |
|
|
|
|
|
|
|
$descriptorspec = array( |
|
|
|
0 => array("pipe", "r"), // stdin |
|
|
|
1 => array("pipe", "w"), // stout |
|
|
|
2 => array("pipe", "w") // sterr |
|
|
|
); |
|
|
|
$process = proc_open($cmd, $descriptorspec, $pipes); |
|
|
|
if (is_resource($process)) { |
|
|
|
fwrite($pipes[0], $ldif); |
|
|
|
} |
|
|
|
else { |
|
|
|
logNewMessage(LOG_ERR, 'Unable to change password of ' . $dn . '. Calling /usr/bin/ldapmodify failed.'); |
|
|
|
$return['messages'][] = array('ERROR', _('Unable to change password.')); |
|
|
|
return; |
|
|
|
} |
|
|
|
fclose($pipes[0]); |
|
|
|
$outputMessages = ''; |
|
|
|
while (!feof($pipes[1])) { |
|
|
|
$output = fgets($pipes[1], 1024); |
|
|
|
if ($output != '') { |
|
|
|
$outputMessages .= $output; |
|
|
|
} |
|
|
|
} |
|
|
|
while (!feof($pipes[2])) { |
|
|
|
$output = fgets($pipes[2], 1024); |
|
|
|
if ($output != '') { |
|
|
|
$outputMessages .= $output; |
|
|
|
} |
|
|
|
} |
|
|
|
fclose($pipes[1]); |
|
|
|
$returnCode = proc_close($process); |
|
|
|
if ($returnCode != 0) { |
|
|
|
$outputMessages = htmlspecialchars($outputMessages); |
|
|
|
// Active Directory message translations |
|
|
|
if ((strpos($outputMessages, 'DSID-03190F80') !== false) && (strpos($outputMessages, 'unicodePwd') !== false)) { |
|
|
|
$outputMessages = _('Your password does not meet the password strength qualifications. Please retry with another one.') . '<br><br>' . $outputMessages; |
|
|
|
} |
|
|
|
logNewMessage(LOG_ERR, 'Changing user password failed: ' . $outputMessages); |
|
|
|
$return['messages'][] = array('ERROR', _('Unable to change password.'), $outputMessages); |
|
|
|
} |
|
|
|
else { |
|
|
|
// update session password for next page load |
|
|
|
$_SESSION['selfService_clientPasswordNew'] = $_POST['windowsUser_unicodePwd']; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* This method specifies if a module manages password attributes. The module alias will |
|
|
|
* then appear as option in the GUI. |
|
|
|