check password history
This commit is contained in:
Roland Gruber
parent
bdae11ff4a
commit
8879f2cfd2
|
|
@ -2388,6 +2388,7 @@ class sambaSamAccount extends baseModule implements passwordService {
|
||||||
if (!in_array(get_class($this), $modules)) {
|
if (!in_array(get_class($this), $modules)) {
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
$errors = array();
|
||||||
if (isset($this->moduleSettings['sambaSamAccount_lmHash'][0]) && ($this->moduleSettings['sambaSamAccount_lmHash'][0] == 'no')) {
|
if (isset($this->moduleSettings['sambaSamAccount_lmHash'][0]) && ($this->moduleSettings['sambaSamAccount_lmHash'][0] == 'no')) {
|
||||||
$this->attributes['sambaLMPassword'][0] = lmPassword($password);
|
$this->attributes['sambaLMPassword'][0] = lmPassword($password);
|
||||||
}
|
}
|
||||||
|
|
@ -2397,27 +2398,16 @@ class sambaSamAccount extends baseModule implements passwordService {
|
||||||
$this->attributes['sambaPwdLastSet'][0] = '0';
|
$this->attributes['sambaPwdLastSet'][0] = '0';
|
||||||
}
|
}
|
||||||
// password history entry
|
// password history entry
|
||||||
$sambaDomains = $this->getDomains();
|
$sambaDomain = $this->getUserDomain();
|
||||||
if (sizeof($sambaDomains) > 0) {
|
if ($sambaDomain != null) {
|
||||||
if (isset($this->attributes['sambaSID'][0]) && $this->attributes['sambaSID'][0] != '') {
|
// password history check
|
||||||
$domainSID = substr($this->attributes['sambaSID'][0], 0, strrpos($this->attributes['sambaSID'][0], "-"));
|
$oldPasswordUsed = $this->oldPasswordUsed($password);
|
||||||
|
if ($oldPasswordUsed) {
|
||||||
|
$errors[] = array('ERROR', _('You are reusing an old password. Please choose a different password.'));
|
||||||
}
|
}
|
||||||
$historyLength = 0;
|
// set new history entry
|
||||||
for ($i = 0; $i < count($sambaDomains); $i++) {
|
$historyLength = $sambaDomain->pwdHistoryLength;
|
||||||
if (!empty($domainSID)) {
|
if (!$oldPasswordUsed && !empty($historyLength) && is_numeric($historyLength) && ($historyLength > 0)) {
|
||||||
if (($domainSID == $sambaDomains[$i]->SID) && !empty($sambaDomains[$i]->pwdHistoryLength)) {
|
|
||||||
$historyLength = $sambaDomains[$i]->pwdHistoryLength;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
elseif (isset($this->attributes['sambaDomainName'][0]) && ($this->attributes['sambaDomainName'][0]!='')) {
|
|
||||||
if (($this->attributes['sambaDomainName'][0] == $sambaDomains[$i]->name) && !empty($sambaDomains[$i]->pwdHistoryLength)) {
|
|
||||||
$historyLength = $sambaDomains[$i]->pwdHistoryLength;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (!empty($historyLength) && is_numeric($historyLength) && ($historyLength > 0)) {
|
|
||||||
if (!empty($this->orig['sambaPasswordHistory'][0])) {
|
if (!empty($this->orig['sambaPasswordHistory'][0])) {
|
||||||
$this->attributes['sambaPasswordHistory'] = $this->orig['sambaPasswordHistory'];
|
$this->attributes['sambaPasswordHistory'] = $this->orig['sambaPasswordHistory'];
|
||||||
}
|
}
|
||||||
|
|
@ -2431,7 +2421,54 @@ class sambaSamAccount extends baseModule implements passwordService {
|
||||||
$this->attributes['sambaPasswordHistory'] = array_values($this->attributes['sambaPasswordHistory']);
|
$this->attributes['sambaPasswordHistory'] = array_values($this->attributes['sambaPasswordHistory']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return array();
|
return $errors;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns if an old password is used.
|
||||||
|
*
|
||||||
|
* @param String $password new password
|
||||||
|
*/
|
||||||
|
private function oldPasswordUsed($password) {
|
||||||
|
$sambaDomain = $this->getUserDomain();
|
||||||
|
if (empty($this->orig['sambaPasswordHistory'][0]) || ($sambaDomain == null)
|
||||||
|
|| !is_numeric($sambaDomain->pwdHistoryLength) || ($sambaDomain->pwdHistoryLength < 1)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
foreach ($this->orig['sambaPasswordHistory'] as $historyEntry) {
|
||||||
|
if (sambaSamAccount::validateHistoryEntry($password, $historyEntry)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the domain object of the user's domain.
|
||||||
|
*
|
||||||
|
* @return samba3domain domain
|
||||||
|
*/
|
||||||
|
private function getUserDomain() {
|
||||||
|
$sambaDomains = $this->getDomains();
|
||||||
|
if (sizeof($sambaDomains) > 0) {
|
||||||
|
$domainSID = null;
|
||||||
|
if (isset($this->attributes['sambaSID'][0]) && $this->attributes['sambaSID'][0] != '') {
|
||||||
|
$domainSID = substr($this->attributes['sambaSID'][0], 0, strrpos($this->attributes['sambaSID'][0], "-"));
|
||||||
|
}
|
||||||
|
for ($i = 0; $i < count($sambaDomains); $i++) {
|
||||||
|
if (!empty($domainSID)) {
|
||||||
|
if (($domainSID == $sambaDomains[$i]->SID) && !empty($sambaDomains[$i]->pwdHistoryLength)) {
|
||||||
|
return $sambaDomains[$i];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (isset($this->attributes['sambaDomainName'][0]) && ($this->attributes['sambaDomainName'][0]!='')) {
|
||||||
|
if (($this->attributes['sambaDomainName'][0] == $sambaDomains[$i]->name) && !empty($sambaDomains[$i]->pwdHistoryLength)) {
|
||||||
|
return $sambaDomains[$i];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue