Index: /trunk/plugins/password/config.inc.php.dist =================================================================== --- /trunk/plugins/password/config.inc.php.dist (revision 4528) +++ /trunk/plugins/password/config.inc.php.dist (revision 4529) @@ -196,6 +196,13 @@ $rcmail_config['password_ldap_lchattr'] = ''; -// Also try to update Samba password attributes: sambaNTPassword and sambaPwdLastSet -$rcmail_config['password_ldap_samba'] = false; +// LDAP Samba password attribute, e.g. sambaNTPassword +// Name of the LDAP's Samba attribute used for storing user password +$rcmail_config['password_ldap_samba_pwattr'] = ''; + +// LDAP Samba Password Last Change Date attribute, e.g. sambaPwdLastSet +// Some places use an attribute to store the date of the last password change +// The date is meassured in "seconds since epoch" (an integer value) +// Whenever the password is changed, the attribute will be updated if set +$rcmail_config['password_ldap_samba_lchattr'] = ''; Index: /trunk/plugins/password/drivers/ldap.php =================================================================== --- /trunk/plugins/password/drivers/ldap.php (revision 4528) +++ /trunk/plugins/password/drivers/ldap.php (revision 4529) @@ -63,8 +63,26 @@ } - // Crypting new password - $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); - if (!$newCryptedPassword) { + $crypted_pass = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); + $force = $rcmail->config->get('password_ldap_force_replace'); + $pwattr = $rcmail->config->get('password_ldap_pwattr'); + $lchattr = $rcmail->config->get('password_ldap_lchattr'); + $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); + $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); + $samba = $rcmail->config->get('password_ldap_samba'); + + // Support password_ldap_samba option for backward compat. + if ($samba && !$smbpwattr) { + $smbpwattr = 'sambaNTPassword'; + $smblchattr = 'sambaPwdLastSet'; + } + + // Crypt new password + if (!$crypted_pass) { return PASSWORD_CRYPT_ERROR; + } + + // Crypt new samba password + if ($smbpwattr && !($samba_pass = hashPassword($passwd, 'samba'))) { + return PASSWORD_CRYPT_ERROR; } @@ -75,13 +93,10 @@ } - $pwattr = $rcmail->config->get('password_ldap_pwattr'); - $force = $rcmail->config->get('password_ldap_force_replace'); - - if (!$userEntry->replace(array($pwattr => $newCryptedPassword), $force)) { + if (!$userEntry->replace(array($pwattr => $crypted_pass), $force)) { return PASSWORD_CONNECT_ERROR; } // Updating PasswordLastChange Attribute if desired - if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) { + if ($lchattr) { $current_day = (int)(time() / 86400); if (!$userEntry->replace(array($lchattr => $current_day), $force)) { @@ -90,14 +105,15 @@ } + // Update Samba password and last change fields + if ($smbpwattr) { + $userEntry->replace(array($smbpwattr => $samba_pass), $force); + } + // Update Samba password last change field + if ($smblchattr) { + $userEntry->replace(array($smblchattr => time()), $force); + } + if (Net_LDAP2::isError($userEntry->update())) { return PASSWORD_CONNECT_ERROR; - } - - // Update Samba password fields, ignore errors if attributes are not found - if ($rcmail->config->get('password_ldap_samba')) { - $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE')); - $userEntry->replace(array('sambaNTPassword' => $sambaNTPassword), $force); - $userEntry->replace(array('sambaPwdLastSet' => time()), $force); - $userEntry->update(); } @@ -254,4 +270,13 @@ break; + case 'samba': + if (function_exists('hash')) { + $cryptedPassword = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE')); + } else { + /* Your PHP install does not have the hash() function */ + return false; + } + break; + case 'clear': default: Index: /trunk/plugins/password/drivers/ldap_simple.php =================================================================== --- /trunk/plugins/password/drivers/ldap_simple.php (revision 4528) +++ /trunk/plugins/password/drivers/ldap_simple.php (revision 4529) @@ -15,5 +15,5 @@ $rcmail = rcmail::get_instance(); - /* Connect */ + // Connect if (!$ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port'))) { ldap_unbind($ds); @@ -21,5 +21,5 @@ } - /* Set protocol version */ + // Set protocol version if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) { ldap_unbind($ds); @@ -27,5 +27,5 @@ } - /* Start TLS */ + // Start TLS if ($rcmail->config->get('password_ldap_starttls')) { if (!ldap_start_tls($ds)) { @@ -35,5 +35,5 @@ } - /* Build user DN */ + // Build user DN if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) { $user_dn = ldap_simple_substitute_vars($user_dn); @@ -47,5 +47,5 @@ } - /* Connection method */ + // Connection method switch ($rcmail->config->get('password_ldap_method')) { case 'admin': @@ -60,5 +60,29 @@ } - /* Bind */ + + $crypted_pass = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage')); + $lchattr = $rcmail->config->get('password_ldap_lchattr'); + $pwattr = $rcmail->config->get('password_ldap_pwattr'); + $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); + $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); + $samba = $rcmail->config->get('password_ldap_samba'); + + // Support password_ldap_samba option for backward compat. + if ($samba && !$smbpwattr) { + $smbpwattr = 'sambaNTPassword'; + $smblchattr = 'sambaPwdLastSet'; + } + + // Crypt new password + if (!$crypted_pass) { + return PASSWORD_CRYPT_ERROR; + } + + // Crypt new Samba password + if ($smbpwattr && !($samba_pass = ldap_simple_hash_password($passwd, 'samba'))) { + return PASSWORD_CRYPT_ERROR; + } + + // Bind if (!ldap_bind($ds, $binddn, $bindpw)) { ldap_unbind($ds); @@ -66,23 +90,19 @@ } - /* Crypting new password */ - $crypted_pass = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage')); - if (!$crypted_pass) { - ldap_unbind($ds); - return PASSWORD_CRYPT_ERROR; - } - - $entree[$rcmail->config->get('password_ldap_pwattr')] = $crypted_pass; - - /* Updating PasswordLastChange Attribute if desired */ - if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) { + $entree[$pwattr] = $crypted_pass; + + // Update PasswordLastChange Attribute if desired + if ($lchattr) { $entree[$lchattr] = (int)(time() / 86400); } - /* Update Samba password fields */ - if ($smbattr = $rcmail->config->get('password_ldap_samba')) { - $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE')); - $entree['sambaNTPassword'] = $sambaNTPassword; - $entree['sambaPwdLastSet'] = time(); + // Update Samba password + if ($smbpwattr) { + $entree[$smbpwattr] = $samba_pass; + } + + // Update Samba password last change + if ($smblchattr) { + $entree[$smblchattr] = time(); } @@ -92,5 +112,5 @@ } - /* All done, no error */ + // All done, no error ldap_unbind($ds); return PASSWORD_SUCCESS; @@ -216,4 +236,12 @@ } break; + case 'samba': + if (function_exists('hash')) { + $crypted_password = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE')); + } else { + /* Your PHP install does not have the hash() function */ + return false; + } + break; case 'clear': default: Index: /trunk/plugins/password/package.xml =================================================================== --- /trunk/plugins/password/package.xml (revision 4528) +++ /trunk/plugins/password/package.xml (revision 4529) @@ -38,4 +38,6 @@ - Fix double request when clicking on Password tab in Firefox - Fix deprecated split() usage in xmail and directadmin drivers (#1487769) +- ldap/ldap_simple drivers: use password_ldap_samba_pwattr/password_ldap_samba_lchattr + instead of password_ldap_samba option