extended password policy

lam/lib/account.inc

@@ -311,7 +311,7 @@ function generateRandomPassword() {
 			$rand = getRandomNumber() % 65;
 			$password .= $list[$rand];
 		}
-		if (checkPasswordStrength($password) === true) {
+		if (checkPasswordStrength($password, null, null) === true) {
 			break;
 		}
 	}

lam/lib/modules.inc

@@ -1125,7 +1125,7 @@ class accountContainer {
 				$return['errorsOccured'] = 'true';
 			}
 			// check passsword stregth
-			$pwdPolicyResult = checkPasswordStrength($password1);
+			$pwdPolicyResult = checkPasswordStrength($password1, null, null);
 			if ($pwdPolicyResult !== true) {
 				$return['messages'] .= StatusMessage('ERROR', $pwdPolicyResult, '', array(), true);
 				$return['errorsOccured'] = 'true';

lam/lib/modules/inetOrgPerson.inc

@@ -3243,6 +3243,20 @@ class inetOrgPerson extends baseModule implements passwordService {
 		if (!in_array(get_class($this), $modules)) {
 			return array();
 		}
+		// check password strength
+		$user = empty($this->attributes['uid'][0]) ? null : $this->attributes['uid'][0];
+		$additionalAttrs = array();
+		if (!empty($this->attributes['sn'][0])) {
+			$additionalAttrs[] = $this->attributes['sn'][0];
+		}
+		if (!empty($this->attributes['givenName'][0])) {
+			$additionalAttrs[] = $this->attributes['givenName'][0];
+		}
+		$checkResult = checkPasswordStrength($password, $user, $additionalAttrs);
+		if ($checkResult !== true) {
+			return array(array('ERROR', $checkResult));
+		}
+		// set new password
 		$this->clearTextPassword = $password;
 		$this->attributes['userPassword'][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
 		return array();

lam/lib/modules/posixAccount.inc

@@ -2562,7 +2562,15 @@ class posixAccount extends baseModule implements passwordService {
 						$return['messages'][] = $this->messages['userPassword'][1];
 					}
 					else {
-						$pwdPolicyResult = checkPasswordStrength($_POST['posixAccount_password']);
+						$userName = empty($attributes['uid'][0]) ? null : $attributes['uid'][0];
+						$additionalAttrs = array();
+						if (!empty($attributes['sn'][0])) {
+							$additionalAttrs[] = $attributes['sn'][0];
+						}
+						if (!empty($attributes['givenName'][0])) {
+							$additionalAttrs[] = $attributes['givenName'][0];
+						}
+						$pwdPolicyResult = checkPasswordStrength($_POST['posixAccount_password'], $userName, $additionalAttrs);
 						if ($pwdPolicyResult === true) {
 							$return['mod'][$this->getPasswordAttrName()][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]);
 							$return['info']['userPasswordClearText'][0] = $_POST['posixAccount_password'];
@@ -2638,6 +2646,23 @@ class posixAccount extends baseModule implements passwordService {
 		if (!in_array(get_class($this), $modules)) {
 			return array();
 		}
+		// check password strength
+		$user = empty($this->attributes['uid'][0]) ? null : $this->attributes['uid'][0];
+		$additionalAttrs = array();
+		if ($this->getAccountContainer()->getAccountModule('inetOrgPerson') != null) {
+			$attrs = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes();
+			if (!empty($attrs['sn'][0])) {
+				$additionalAttrs[] = $attrs['sn'][0];
+			}
+			if (!empty($attrs['givenName'][0])) {
+				$additionalAttrs[] = $attrs['givenName'][0];
+			}
+		}
+		$checkResult = checkPasswordStrength($password, $user, $additionalAttrs);
+		if ($checkResult !== true) {
+			return array(array('ERROR', $checkResult));
+		}
+		// set new password
 		$this->clearTextPassword = $password;
 		$this->attributes[$this->getPasswordAttrName()][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
 		return array();

lam/lib/modules/sambaSamAccount.inc

@@ -2359,7 +2359,15 @@ class sambaSamAccount extends baseModule implements passwordService {
 						$return['messages'][] = $this->messages['sambaLMPassword'][1];
 					}
 					else {
-						$pwdPolicyResult = checkPasswordStrength($_POST['sambaSamAccount_password']);
+						$userName = empty($attributes['uid'][0]) ? null : $attributes['uid'][0];
+						$additionalAttrs = array();
+						if (!empty($attributes['sn'][0])) {
+							$additionalAttrs[] = $attributes['sn'][0];
+						}
+						if (!empty($attributes['givenName'][0])) {
+							$additionalAttrs[] = $attributes['givenName'][0];
+						}
+						$pwdPolicyResult = checkPasswordStrength($_POST['sambaSamAccount_password'], $userName, $additionalAttrs);
 						if ($pwdPolicyResult === true) {
 							$return['mod']['sambaNTPassword'][0] = ntPassword($_POST['sambaSamAccount_password']);
 							if (array_key_exists('sambaLMPassword', $attributes)) {

lam/lib/modules/windowsUser.inc

@@ -1800,7 +1800,15 @@ class windowsUser extends baseModule implements passwordService {
 						$return['messages'][] = $this->messages['unicodePwd'][1];
 					}
 					else {
-						$pwdPolicyResult = checkPasswordStrength($_POST['windowsUser_unicodePwd']);
+						$userName = empty($attributes['userPrincipalName'][0]) ? null : $attributes['userPrincipalName'][0];
+						$additionalAttrs = array();
+						if (!empty($attributes['sn'][0])) {
+							$additionalAttrs[] = $attributes['sn'][0];
+						}
+						if (!empty($attributes['givenName'][0])) {
+							$additionalAttrs[] = $attributes['givenName'][0];
+						}
+						$pwdPolicyResult = checkPasswordStrength($_POST['windowsUser_unicodePwd'], $userName, $additionalAttrs);
 						if ($pwdPolicyResult === true) {
 							$this->setSelfServicePassword($return, $attributes);
 							$return['info']['userPasswordClearText'][0] = $_POST['windowsUser_unicodePwd'];
@@ -1939,6 +1947,20 @@ class windowsUser extends baseModule implements passwordService {
 		if (!in_array(get_class($this), $modules)) {
 			return array();
 		}
+		// check password strength
+		$user = empty($this->attributes['userPrincipalName'][0]) ? null : $this->attributes['userPrincipalName'][0];
+		$additionalAttrs = array();
+		if (!empty($this->attributes['sn'][0])) {
+			$additionalAttrs[] = $this->attributes['sn'][0];
+		}
+		if (!empty($this->attributes['givenName'][0])) {
+			$additionalAttrs[] = $this->attributes['givenName'][0];
+		}
+		$checkResult = checkPasswordStrength($password, $user, $additionalAttrs);
+		if ($checkResult !== true) {
+			return array(array('ERROR', $checkResult));
+		}
+		// set new password
 		$pwdBin = self::pwdAttributeValue($password);
 		$this->orig['unicodePwd'][0] = 'unknown';
 		$this->attributes['unicodePwd'][0] = $pwdBin;