Apply patch on old trunk LDAP code (#1011)
This commit is contained in:
parent
eb87ab449e
commit
7db58e5b4b
|
@ -119,7 +119,11 @@ sub authenticate {
|
|||
|
||||
# Remember password if password reset needed
|
||||
$self->{oldpassword} = $self->{password}
|
||||
if ( $res == PE_PP_CHANGE_AFTER_RESET );
|
||||
if (
|
||||
$res == PE_PP_CHANGE_AFTER_RESET
|
||||
or ( $res == PE_PP_PASSWORD_EXPIRED
|
||||
and $self->{ldapAllowResetExpiredPassword} )
|
||||
);
|
||||
|
||||
return $res;
|
||||
}
|
||||
|
|
|
@ -49,7 +49,11 @@ sub authenticate {
|
|||
|
||||
# Remember password if password reset needed
|
||||
$self->{oldpassword} = $self->{password}
|
||||
if ( $res == PE_PP_CHANGE_AFTER_RESET );
|
||||
if (
|
||||
$res == PE_PP_CHANGE_AFTER_RESET
|
||||
or ( $res == PE_PP_PASSWORD_EXPIRED
|
||||
and $self->{ldapAllowResetExpiredPassword} )
|
||||
);
|
||||
|
||||
# Unbind if there was an error
|
||||
unless ( $res == PE_OK ) {
|
||||
|
|
|
@ -230,6 +230,8 @@ sub display {
|
|||
or $self->{error} == PE_PASSWORD_MISMATCH
|
||||
or $self->{error} == PE_BADOLDPASSWORD
|
||||
or $self->{error} == PE_PASSWORDFORMEMPTY
|
||||
or ( $self->{error} == PE_PP_PASSWORD_EXPIRED
|
||||
and $self->{ldapAllowResetExpiredPassword} )
|
||||
)
|
||||
{
|
||||
%templateParams = (
|
||||
|
|
|
@ -398,12 +398,42 @@ sub userModifyPassword {
|
|||
|
||||
# Bind as user if oldpassword and ldapChangePasswordAsUser
|
||||
if ( $oldpassword and $asUser ) {
|
||||
$mesg = $self->bind( $dn, password => $oldpassword );
|
||||
|
||||
$mesg = $self->bind(
|
||||
$dn,
|
||||
password => $oldpassword,
|
||||
control => [$pp]
|
||||
);
|
||||
my ($bind_resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
|
||||
|
||||
unless ( defined $bind_resp ) {
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
# Check if password is expired
|
||||
my $pp_error = $bind_resp->pp_error;
|
||||
if ( defined $pp_error
|
||||
and $pp_error == 0
|
||||
and $self->{portal}->{ldapAllowResetExpiredPassword} )
|
||||
{
|
||||
$self->{portal}->lmLog(
|
||||
"Password is expired but user is allowed to change it",
|
||||
'debug'
|
||||
);
|
||||
}
|
||||
else {
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}
|
||||
->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Use SetPassword extended operation
|
||||
# Warning: need a patch on Perl-LDAP
|
||||
|
@ -433,11 +463,40 @@ sub userModifyPassword {
|
|||
if ($oldpassword) {
|
||||
|
||||
# Check old password with a bind
|
||||
$mesg = $self->bind( $dn, password => $oldpassword );
|
||||
$mesg = $self->bind(
|
||||
$dn,
|
||||
password => $oldpassword,
|
||||
control => [$pp]
|
||||
);
|
||||
my ($bind_resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
|
||||
|
||||
unless ( defined $bind_resp ) {
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
# Check if password is expired
|
||||
my $pp_error = $bind_resp->pp_error;
|
||||
if ( defined $pp_error
|
||||
and $pp_error == 0
|
||||
and $self->{portal}->{ldapAllowResetExpiredPassword} )
|
||||
{
|
||||
$self->{portal}->lmLog(
|
||||
"Password is expired but user is allowed to change it",
|
||||
'debug'
|
||||
);
|
||||
}
|
||||
else {
|
||||
if ( $mesg->code != 0 ) {
|
||||
$self->{portal}
|
||||
->lmLog( "Bad old password", 'debug' );
|
||||
return PE_BADOLDPASSWORD;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Rebind as Manager only if user is not granted to change its password
|
||||
$self->bind()
|
||||
|
|
Loading…
Reference in New Issue
Block a user