dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Apply patch on old trunk LDAP code (#1011)

Browse Source
This commit is contained in:
Clément Oudot 2016-05-11 09:39:57 +00:00
parent eb87ab449e
commit 7db58e5b4b
4 changed files with 79 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthAD.pm
View File

@ -119,7 +119,11 @@ sub authenticate {
# Remember password if password reset needed
$self->{oldpassword} = $self->{password}
if ( $res == PE_PP_CHANGE_AFTER_RESET );
if (
$res == PE_PP_CHANGE_AFTER_RESET
or ( $res == PE_PP_PASSWORD_EXPIRED
and $self->{ldapAllowResetExpiredPassword} )
);
return $res;
}

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm
View File

@ -49,7 +49,11 @@ sub authenticate {
# Remember password if password reset needed
$self->{oldpassword} = $self->{password}
if ( $res == PE_PP_CHANGE_AFTER_RESET );
if (
$res == PE_PP_CHANGE_AFTER_RESET
or ( $res == PE_PP_PASSWORD_EXPIRED
and $self->{ldapAllowResetExpiredPassword} )
);
# Unbind if there was an error
unless ( $res == PE_OK ) {

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm
View File

@ -230,6 +230,8 @@ sub display {
or $self->{error} == PE_PASSWORD_MISMATCH
or $self->{error} == PE_BADOLDPASSWORD
or $self->{error} == PE_PASSWORDFORMEMPTY
or ( $self->{error} == PE_PP_PASSWORD_EXPIRED
and $self->{ldapAllowResetExpiredPassword} )
)
{
%templateParams = (

75
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm
View File

@ -398,10 +398,40 @@ sub userModifyPassword {
# Bind as user if oldpassword and ldapChangePasswordAsUser
if ( $oldpassword and $asUser ) {
$mesg = $self->bind( $dn, password => $oldpassword );
if ( $mesg->code != 0 ) {
$self->{portal}->lmLog( "Bad old password", 'debug' );
return PE_BADOLDPASSWORD;
$mesg = $self->bind(
$dn,
password => $oldpassword,
control => [$pp]
);
my ($bind_resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
unless ( defined $bind_resp ) {
if ( $mesg->code != 0 ) {
$self->{portal}->lmLog( "Bad old password", 'debug' );
return PE_BADOLDPASSWORD;
}
}
else {
# Check if password is expired
my $pp_error = $bind_resp->pp_error;
if ( defined $pp_error
and $pp_error == 0
and $self->{portal}->{ldapAllowResetExpiredPassword} )
{
$self->{portal}->lmLog(
"Password is expired but user is allowed to change it",
'debug'
);
}
else {
if ( $mesg->code != 0 ) {
$self->{portal}
->lmLog( "Bad old password", 'debug' );
return PE_BADOLDPASSWORD;
}
}
}
}
@ -433,10 +463,39 @@ sub userModifyPassword {
if ($oldpassword) {
# Check old password with a bind
$mesg = $self->bind( $dn, password => $oldpassword );
if ( $mesg->code != 0 ) {
$self->{portal}->lmLog( "Bad old password", 'debug' );
return PE_BADOLDPASSWORD;
$mesg = $self->bind(
$dn,
password => $oldpassword,
control => [$pp]
);
my ($bind_resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
unless ( defined $bind_resp ) {
if ( $mesg->code != 0 ) {
$self->{portal}->lmLog( "Bad old password", 'debug' );
return PE_BADOLDPASSWORD;
}
}
else {
# Check if password is expired
my $pp_error = $bind_resp->pp_error;
if ( defined $pp_error
and $pp_error == 0
and $self->{portal}->{ldapAllowResetExpiredPassword} )
{
$self->{portal}->lmLog(
"Password is expired but user is allowed to change it",
'debug'
);
}
else {
if ( $mesg->code != 0 ) {
$self->{portal}
->lmLog( "Bad old password", 'debug' );
return PE_BADOLDPASSWORD;
}
}
}
# Rebind as Manager only if user is not granted to change its password