1: <?php
2: /**
3: * The Smbldap class attempts to change a user's LDAP password and Samba
4: * password stored in an LDAP directory service.
5: *
6: * Copyright 2004-2012 Horde LLC (http://www.horde.org/)
7: *
8: * See the enclosed file COPYING for license information (GPL). If you
9: * did not receive this file, see http://www.horde.org/licenses/gpl.php.
10: *
11: * @author Shane Boulter <sboulter@ariasolutions.com>
12: * @author Mike Cochrane <mike@graftonhall.co.nz>
13: * @author Tjeerd van der Zee <admin@xar.nl>
14: * @author Mattias Webjörn Eriksson <mattias@webjorn.org>
15: * @author Eric Jon Rostetter <eric.rostetter@physics.utexas.edu>
16: * @package Passwd
17: */
18: class Passwd_Driver_Smbldap extends Passwd_Driver_Ldap
19: {
20: /**
21: * Constructor.
22: *
23: * @param array $params A hash containing connection parameters.
24: */
25: public function __construct($params = array())
26: {
27: $params = array_merge(array('lm_attribute' => null,
28: 'nt_attribute' => null,
29: 'pw_set_attribute' => null,
30: 'pw_expire_attribute' => null,
31: 'pw_expire_time' => null,
32: 'smb_objectclass' => 'sambaSamAccount'),
33: $params);
34: parent::__construct($params);
35: }
36:
37: /**
38: * Changes the user's password.
39: *
40: * @param string $username The user for which to change the password.
41: * @param string $old_password The old (current) user password.
42: * @param string $new_password The new user password to set.
43: *
44: * @throws Passwd_Exception
45: */
46: public function changePassword($username, $old_password, $new_password)
47: {
48: parent::changePassword($username, $old_password, $new_password);
49:
50: // Get existing user information.
51: $entry = $this->_getUserEntry();
52:
53: // Return if the user is not a Samba user.
54: if (!in_array($this->_params['smb_objectclass'], $entry->getValue('objectClass', 'all'))) {
55: return;
56: }
57:
58: require_once 'Crypt/CHAP.php';
59: $hash = new Crypt_CHAP_MSv2();
60: $hash->password = $new_password;
61: $lmpasswd = Horde_String::upper(bin2hex($hash->lmPasswordHash()));
62: $ntpasswd = Horde_String::upper(bin2hex($hash->ntPasswordHash()));
63: $settime = time();
64:
65: if (!is_null($this->_params['pw_expire_time'])) {
66: // 24 hours/day * 60 min/hour * 60 secs/min = 86400 seconds/day
67: $expiretime = $settime + ($this->_params['pw_expire_time'] * 86400);
68: } else {
69: // This is NT's version of infinity time:
70: // http://lists.samba.org/archive/samba/2004-January/078175.html
71: $expiretime = 2147483647;
72: }
73:
74: // All changes must succeed or fail together. Attributes with
75: // null name are not updated.
76: $changes = array();
77: if (!is_null($this->_params['lm_attribute'])) {
78: $changes[$this->_params['lm_attribute']] = $lmpasswd;
79: }
80: if (!is_null($this->_params['nt_attribute'])) {
81: $changes[$this->_params['nt_attribute']] = $ntpasswd;
82: }
83: if (!is_null($this->_params['pw_set_attribute'])) {
84: $changes[$this->_params['pw_set_attribute']] = $settime;
85: }
86: if (!is_null($this->_params['pw_expire_attribute'])) {
87: $changes[$this->_params['pw_expire_attribute']] = $expiretime;
88: }
89:
90: if (count($changes) > 0) {
91: try {
92: $entry->replace($changes, true);
93: $entry->update();
94: } catch (Horde_Ldap_Exception $e) {
95: throw new Passwd_Exception($e);
96: }
97: }
98: }
99: }
100: