Apply patch on new trunk LDAP code (#1011)
This commit is contained in:
parent
3bce0abda4
commit
6e1dc4b20b
|
@ -28,7 +28,11 @@ sub authenticate {
|
|||
|
||||
# Remember password if password reset needed
|
||||
$req->datas->{oldpassword} = $self->{password}
|
||||
if ( $res == PE_PP_CHANGE_AFTER_RESET );
|
||||
if (
|
||||
$res == PE_PP_CHANGE_AFTER_RESET
|
||||
or ( $res == PE_PP_PASSWORD_EXPIRED
|
||||
and $self->conf->{ldapAllowResetExpiredPassword} )
|
||||
);
|
||||
|
||||
return $res;
|
||||
|
||||
|
|
|
@ -393,10 +393,40 @@ sub userModifyPassword {
|
|||
|
||||
# Bind as user if oldpassword and ldapChangePasswordAsUser
|
||||
if ( $oldpassword and $asUser ) {
|
||||
$mesg = $self->bind( $dn, password => $oldpassword );
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
|
||||
$mesg = $self->bind(
|
||||
$dn,
|
||||
password => $oldpassword,
|
||||
control => [$pp]
|
||||
);
|
||||
my ($bind_resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
|
||||
|
||||
unless ( defined $bind_resp ) {
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
# Check if password is expired
|
||||
my $pp_error = $bind_resp->pp_error;
|
||||
if ( defined $pp_error
|
||||
and $pp_error == 0
|
||||
and $self->{conf}->{ldapAllowResetExpiredPassword} )
|
||||
{
|
||||
$self->{portal}->lmLog(
|
||||
"Password is expired but user is allowed to change it",
|
||||
'debug'
|
||||
);
|
||||
}
|
||||
else {
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}
|
||||
->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -428,10 +458,39 @@ sub userModifyPassword {
|
|||
if ($oldpassword) {
|
||||
|
||||
# Check old password with a bind
|
||||
$mesg = $self->bind( $dn, password => $oldpassword );
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
$mesg = $self->bind(
|
||||
$dn,
|
||||
password => $oldpassword,
|
||||
control => [$pp]
|
||||
);
|
||||
my ($bind_resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
|
||||
|
||||
unless ( defined $bind_resp ) {
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
# Check if password is expired
|
||||
my $pp_error = $bind_resp->pp_error;
|
||||
if ( defined $pp_error
|
||||
and $pp_error == 0
|
||||
and $self->{conf}->{ldapAllowResetExpiredPassword} )
|
||||
{
|
||||
$self->{portal}->lmLog(
|
||||
"Password is expired but user is allowed to change it",
|
||||
'debug'
|
||||
);
|
||||
}
|
||||
else {
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}
|
||||
->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Rebind as Manager only if user is not granted to change its password
|
||||
|
|
|
@ -207,6 +207,8 @@ sub display {
|
|||
or $req->{error} == PE_PASSWORD_MISMATCH
|
||||
or $req->{error} == PE_BADOLDPASSWORD
|
||||
or $req->{error} == PE_PASSWORDFORMEMPTY
|
||||
or ( $req->{error} == PE_PP_PASSWORD_EXPIRED
|
||||
and $self->conf->{ldapAllowResetExpiredPassword} )
|
||||
)
|
||||
{
|
||||
%templateParams = (
|
||||
|
@ -221,8 +223,8 @@ sub display {
|
|||
AUTH_LOOP => [],
|
||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||
CHOICE_VALUE => $req->{_authChoice},
|
||||
OLDPASSWORD =>
|
||||
$self->checkXSSAttack( 'oldpassword', $req->datas->{oldpassword} )
|
||||
OLDPASSWORD => $self->checkXSSAttack( 'oldpassword',
|
||||
$req->datas->{oldpassword} )
|
||||
? ""
|
||||
: $req->datas->{oldpassword},
|
||||
HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
|
||||
|
|
Loading…
Reference in New Issue
Block a user