Apply patch on new trunk LDAP code (#1011)
This commit is contained in:
parent
3bce0abda4
commit
6e1dc4b20b
|
@ -28,7 +28,11 @@ sub authenticate {
|
||||||
|
|
||||||
# Remember password if password reset needed
|
# Remember password if password reset needed
|
||||||
$req->datas->{oldpassword} = $self->{password}
|
$req->datas->{oldpassword} = $self->{password}
|
||||||
if ( $res == PE_PP_CHANGE_AFTER_RESET );
|
if (
|
||||||
|
$res == PE_PP_CHANGE_AFTER_RESET
|
||||||
|
or ( $res == PE_PP_PASSWORD_EXPIRED
|
||||||
|
and $self->conf->{ldapAllowResetExpiredPassword} )
|
||||||
|
);
|
||||||
|
|
||||||
return $res;
|
return $res;
|
||||||
|
|
||||||
|
|
|
@ -393,12 +393,42 @@ sub userModifyPassword {
|
||||||
|
|
||||||
# Bind as user if oldpassword and ldapChangePasswordAsUser
|
# Bind as user if oldpassword and ldapChangePasswordAsUser
|
||||||
if ( $oldpassword and $asUser ) {
|
if ( $oldpassword and $asUser ) {
|
||||||
$mesg = $self->bind( $dn, password => $oldpassword );
|
|
||||||
|
$mesg = $self->bind(
|
||||||
|
$dn,
|
||||||
|
password => $oldpassword,
|
||||||
|
control => [$pp]
|
||||||
|
);
|
||||||
|
my ($bind_resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
|
||||||
|
|
||||||
|
unless ( defined $bind_resp ) {
|
||||||
if ( $mesg->code != 0 ) {
|
if ( $mesg->code != 0 ) {
|
||||||
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
||||||
return PE_BADOLDPASSWORD;
|
return PE_BADOLDPASSWORD;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
|
||||||
|
# Check if password is expired
|
||||||
|
my $pp_error = $bind_resp->pp_error;
|
||||||
|
if ( defined $pp_error
|
||||||
|
and $pp_error == 0
|
||||||
|
and $self->{conf}->{ldapAllowResetExpiredPassword} )
|
||||||
|
{
|
||||||
|
$self->{portal}->lmLog(
|
||||||
|
"Password is expired but user is allowed to change it",
|
||||||
|
'debug'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if ( $mesg->code != 0 ) {
|
||||||
|
$self->{portal}
|
||||||
|
->lmLog( "Bad old password", 'debug' );
|
||||||
|
return PE_BADOLDPASSWORD;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# Use SetPassword extended operation
|
# Use SetPassword extended operation
|
||||||
# Warning: need a patch on Perl-LDAP
|
# Warning: need a patch on Perl-LDAP
|
||||||
|
@ -428,11 +458,40 @@ sub userModifyPassword {
|
||||||
if ($oldpassword) {
|
if ($oldpassword) {
|
||||||
|
|
||||||
# Check old password with a bind
|
# Check old password with a bind
|
||||||
$mesg = $self->bind( $dn, password => $oldpassword );
|
$mesg = $self->bind(
|
||||||
|
$dn,
|
||||||
|
password => $oldpassword,
|
||||||
|
control => [$pp]
|
||||||
|
);
|
||||||
|
my ($bind_resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
|
||||||
|
|
||||||
|
unless ( defined $bind_resp ) {
|
||||||
if ( $mesg->code != 0 ) {
|
if ( $mesg->code != 0 ) {
|
||||||
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
||||||
return PE_BADOLDPASSWORD;
|
return PE_BADOLDPASSWORD;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
|
||||||
|
# Check if password is expired
|
||||||
|
my $pp_error = $bind_resp->pp_error;
|
||||||
|
if ( defined $pp_error
|
||||||
|
and $pp_error == 0
|
||||||
|
and $self->{conf}->{ldapAllowResetExpiredPassword} )
|
||||||
|
{
|
||||||
|
$self->{portal}->lmLog(
|
||||||
|
"Password is expired but user is allowed to change it",
|
||||||
|
'debug'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if ( $mesg->code != 0 ) {
|
||||||
|
$self->{portal}
|
||||||
|
->lmLog( "Bad old password", 'debug' );
|
||||||
|
return PE_BADOLDPASSWORD;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# Rebind as Manager only if user is not granted to change its password
|
# Rebind as Manager only if user is not granted to change its password
|
||||||
$self->bind()
|
$self->bind()
|
||||||
|
|
|
@ -207,6 +207,8 @@ sub display {
|
||||||
or $req->{error} == PE_PASSWORD_MISMATCH
|
or $req->{error} == PE_PASSWORD_MISMATCH
|
||||||
or $req->{error} == PE_BADOLDPASSWORD
|
or $req->{error} == PE_BADOLDPASSWORD
|
||||||
or $req->{error} == PE_PASSWORDFORMEMPTY
|
or $req->{error} == PE_PASSWORDFORMEMPTY
|
||||||
|
or ( $req->{error} == PE_PP_PASSWORD_EXPIRED
|
||||||
|
and $self->conf->{ldapAllowResetExpiredPassword} )
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
%templateParams = (
|
%templateParams = (
|
||||||
|
@ -221,8 +223,8 @@ sub display {
|
||||||
AUTH_LOOP => [],
|
AUTH_LOOP => [],
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->{_authChoice},
|
CHOICE_VALUE => $req->{_authChoice},
|
||||||
OLDPASSWORD =>
|
OLDPASSWORD => $self->checkXSSAttack( 'oldpassword',
|
||||||
$self->checkXSSAttack( 'oldpassword', $req->datas->{oldpassword} )
|
$req->datas->{oldpassword} )
|
||||||
? ""
|
? ""
|
||||||
: $req->datas->{oldpassword},
|
: $req->datas->{oldpassword},
|
||||||
HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
|
HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
|
||||||
|
|
Loading…
Reference in New Issue
Block a user