/** * Find out if a set of login credentials are valid. Only supports * htpasswd files with DES passwords right now. * * @param string $userId The userId to check. * @param array $credentials An array of login credentials. For IMAP, * this must contain a password entry. * * @throws Horde_Auth_Exception */ protected function _authenticate($userId, $credentials) { if (empty($credentials['password']) || empty($this->_users[$userId])) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } $hash = Horde_Auth::getCryptedPassword($credentials['password'], $this->_users[$userId], $this->_params['encryption'], !empty($this->_params['show_encryption'])); if ($hash != $this->_users[$userId]) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } }
/** * Factory for ActiveSync Auth object. * * @return Horde_Core_ActiveSync_Auth */ protected function _getAuth() { global $conf, $injector; $params = array('base_driver' => $injector->getInstance('Horde_Core_Factory_Auth')->create()); if ($conf['activesync']['auth']['type'] != 'basic') { $x_params = $conf['activesync']['auth']['params']; $x_params['default_user'] = $GLOBALS['registry']->getAuth(); $x_params['logger'] = $this->_injector->getInstance('Horde_Log_Logger'); $params['transparent_driver'] = Horde_Auth::factory('Horde_Core_Auth_X509', $x_params); } $obj = new Horde_Core_ActiveSync_Auth($params); return $obj; }
/** * Asks for the administrator settings. * * @return string The administrator name. */ protected function _configAuth(Horde_Variables $vars) { $vars->auth__driver = 'sql'; $vars->auth__params__driverconfig = 'horde'; while (true) { $admin_user = $this->_cli->prompt('Specify a user name for the administrator account:'); if (empty($admin_user)) { $this->_cli->writeln($this->_cli->red('An administration user is required')); continue; } $admin_pass = $this->_cli->passwordPrompt('Specify a password for the administrator account:'); if (empty($admin_pass)) { $this->_cli->writeln($this->_cli->red('An administrator password is required')); continue; } $params = array('db' => $GLOBALS['injector']->getInstance('Horde_Db_Adapter'), 'encryption' => isset($GLOBALS['conf']['auth']['params']['encryption']) ? $GLOBALS['conf']['auth']['params']['encryption'] : 'ssha'); $auth = Horde_Auth::factory('sql', $params); try { $exists = $auth->exists($admin_user); } catch (Horde_Exception $e) { $this->_cli->message('An error occured while trying to list the users. Error messages:', 'cli.error'); $this->_cli->writeln($e->getMessage()); return; } try { if ($exists) { if ($this->_cli->prompt('This user exists already, do you want to update his password?', array('y' => 'Yes', 'n' => 'No'), 'y') == 'y') { $auth->updateUser($admin_user, $admin_user, array('password' => $admin_pass)); } else { break; } } else { $auth->addUser($admin_user, array('password' => $admin_pass)); } } catch (Horde_Exception $e) { $this->_cli->message('An error occured while adding or updating the administrator. Error messages:', 'cli.error'); $this->_cli->writeln($e->getMessage()); return; } break; } return $admin_user; }
/** * Return the Horde_Auth_Imap instance that uses IMP configuration. * * @return Horde_Auth_Imap The singleton instance. * @throws IMP_Exception */ public function create(Horde_Injector $injector) { global $injector, $registry; $admin = $injector->getInstance('IMP_Factory_Imap')->create()->config->admin; if (!$admin) { throw new IMP_Exception('Admin access not enabled.'); } $params = $registry->callByPackage('imp', 'server'); if (is_null($params)) { throw new IMP_Exception('No server parameters found.'); } $params_map = array('password' => 'admin_password', 'user' => 'admin_user', 'userhierarchy' => 'userhierarchy'); foreach ($admin as $key => $val) { if (isset($params_map[$key])) { $params[$params_map[$key]] = $val; } } $params['default_user'] = $registry->getAuth(); $params['logger'] = $injector->getInstance('Horde_Log_Logger'); return Horde_Auth::factory('Imap', $params); }
/** * Compare an encrypted password to a plaintext string to see if * they match. * * @param string $encrypted The crypted password to compare against. * @param string $plaintext The plaintext password to verify. * * @return boolean True if matched, false otherwise. */ protected function _comparePasswords($encrypted, $plaintext) { return $encrypted == Horde_Auth::getCryptedPassword($plaintext, $encrypted, $this->_params['encryption'], $this->_params['show_encryption']); }
/** * Logs a user view. * * @param string $id Username * * @return boolean True, if the view was logged, false if the mesage was aleredy seen */ function logView($id) { if (!$GLOBALS['registry']->isAuthenticated() || Horde_Auth::getAUth() == $id) { return false; } /* We already read this user? */ if (isset($_COOKIE['folks_viewed_user']) && strpos($_COOKIE['folks_viewed_user'], $id . ':') !== false) { return false; } /* Remember when we see a user */ if (!isset($_COOKIE['folks_viewed_user'])) { $_COOKIE['folks_viewed_user'] = $id . ':'; } else { $_COOKIE['folks_viewed_user'] .= $id . ':'; } setcookie('folks_viewed_user', $_COOKIE['folks_viewed_user'], $_SERVER['REQUEST_TIME'] + 22896000, $GLOBALS['conf']['cookie']['path'], $GLOBALS['conf']['cookie']['domain'], $GLOBALS['conf']['use_ssl'] == 1 ? 1 : 0); return $this->_logView($id); }
/** * @param string $backend_key Backend key. */ private function _changePassword($backend_key) { global $conf, $injector, $notification, $registry; // Check for users that cannot change their passwords. if (in_array($this->_userid, $conf['user']['refused'])) { $notification->push(sprintf(_("You can't change password for user %s"), $userid), 'horde.error'); return; } // We must be passed the old (current) password. if (!isset($this->_vars->oldpassword)) { $notification->push(_("You must give your current password"), 'horde.warning'); return; } if (!isset($this->_vars->newpassword0)) { $notification->push(_("You must give your new password"), 'horde.warning'); return; } if (!isset($this->_vars->newpassword1)) { $notification->push(_("You must verify your new password"), 'horde.warning'); return; } if ($this->_vars->newpassword0 != $this->_vars->newpassword1) { $notification->push(_("Your new passwords didn't match"), 'horde.warning'); return; } if ($this->_vars->newpassword0 == $this->_vars->oldpassword) { $notification->push(_("Your new password must be different from your current password"), 'horde.warning'); return; } $b_ptr = $this->_backends[$backend_key]; try { Horde_Auth::checkPasswordPolicy($this->_vars->newpassword0, isset($b_ptr['policy']) ? $b_ptr['policy'] : array()); } catch (Horde_Auth_Exception $e) { $notification->push($e, 'horde.warning'); return; } // Do some simple strength tests, if enabled in the config file. if (!empty($conf['password']['strengthtests'])) { try { Horde_Auth::checkPasswordSimilarity($this->_vars->newpassword0, array($this->_userid, $this->_vars->oldpassword)); } catch (Horde_Auth_Exception $e) { $notification->push($e, 'horde.warning'); return; } } try { $driver = $injector->getInstance('Passwd_Factory_Driver')->create($backend_key); } catch (Passwd_Exception $e) { Horde::log($e); $notification->push(_("Password module is not properly configured"), 'horde.error'); return; } try { $driver->changePassword($this->_userid, $this->_vars->oldpassword, $this->_vars->newpassword0); } catch (Exception $e) { $notification->push(sprintf(_("Failure in changing password for %s: %s"), $b_ptr['name'], $e->getMessage()), 'horde.error'); return; } $notification->push(sprintf(_("Password changed on %s."), $b_ptr['name']), 'horde.success'); try { Horde::callHook('password_changed', array($this->_userid, $this->_vars->oldpassword, $this->_vars->newpassword0), 'passwd'); } catch (Horde_Exception_HookNotSet $e) { } if (!empty($b_ptr['logout'])) { $logout_url = $registry->getLogoutUrl(array('msg' => _("Your password has been succesfully changed. You need to re-login to the system with your new password."), 'reason' => Horde_Auth::REASON_MESSAGE)); $registry->clearAuth(); $logout_url->redirect(); } if ($this->_vars->return_to) { $url = new Horde_Url($return_to); $url->redirect(); } }
/** * Salt and hash the password. * * @param string $password The password. * * @return string The salted hashed password. */ protected function hashPassword($password) { $type = isset($this->server->params['hashtype']) ? $this->server->params['hashtype'] : 'ssha'; return Horde_Auth::getCryptedPassword($password, '', $type, true); }
/** * Creates a user in the backend. * * @param array $info The user information to save. * * @return array The user information. * @throws Vilma_Exception */ protected function _createUser($info) { // Bind with appropriate dn to give update access. $res = ldap_bind($this->_ldap, $this->_params['ldap']['binddn'], $this->_params['ldap']['bindpw']); if (!$res) { throw new Vilma_Exception(_("Unable to bind to the LDAP server. Check authentication credentials.")); } // Prepare data. $entry['cn'] = $info['user_full_name']; // sn is not used operationally but we make an effort to be // something sensical. No guarantees, though. $entry['sn'] = array_pop(explode(' ', $info['user_full_name'])); $entry['mail'] = $info['user_name'] . '@' . $info['domain']; // uid must match mail or SMTP auth fails. $entry['uid'] = $entry['mail']; $entry['homeDirectory'] = '/srv/vhost/mail/' . $info['domain'] . '/' . $info['user_name']; $entry['qmailUID'] = $entry['qmailGID'] = 8; $entry['objectclass'] = array('top', 'person', 'organizationalPerson', 'inetOrgPerson', 'hordePerson', 'qmailUser'); $entry['accountstatus'] = $info['user_enabled']; // FIXME: Allow choice of hash $entry['userPassword'] = Horde_Auth::getCryptedPassword($info['password'], '', 'ssha', true); // Stir in any site-local custom LDAP attributes. try { $entry = Horde::callHook('getLDAPAttrs', array($entry), 'vilma'); } catch (Horde_Exception_HookNotSet $e) { } $rdn = 'mail=' . $entry['mail']; $dn = $rdn . ',' . $this->_params['ldap']['basedn']; $res = @ldap_add($this->_ldap, $dn, $entry); if ($res === false) { throw new Vilma_Exception(sprintf(_("Error adding account to LDAP: %s"), @ldap_error($this->_ldap))); } return $dn; }
/** * Authentication handler * * On failure, Horde_Auth_Exception should pass a message string (if any) * in the message field, and the Horde_Auth::REASON_* constant in the code * field (defaults to Horde_Auth::REASON_MESSAGE). * * @param string $userID The userID to check. * @param array $credentials An array of login credentials. * * @throws Horde_Auth_Exception */ protected function _authenticate($userID, $credentials) { $um = $this->_mappers->create('Dolcore_Rdo_UserMapper'); if ($this->exists($userID) == false) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } $user = $um->findOne(array('nickname' => $userID)); $pass = Horde_Auth::getCryptedPassword($credentials['password'], substr($credentials['password'], 0, 2), 'crypt', false); if ($pass != $user->passwort) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } return true; }
/** * Reset a user's password. Used for example when the user does not * remember the existing password. * * @param string $user_id The user id for which to reset the password. * * @return string The new password on success. * @throws Horde_Auth_Exception */ public function resetPassword($user_id) { /* Get a new random password. */ $password = Horde_Auth::genRandomPassword() . '/'; $this->updateUser($user_id, $user_id, array('userPassword' => $password)); return $password; }
/** */ public function authResetPassword($userId) { /* Get a new random password. */ $password = Horde_Auth::genRandomPassword(); /* Update password in DB. */ require_once __DIR__ . '/base.php'; $result = $GLOBALS['folks_driver']->changePassword($password, $userId); if ($result instanceof PEAR_Error) { throw new Horde_Auth_Exception($result); } return $password; }
/** * Update a set of authentication credentials. * * @param string $oldID The old userId. * @param string $newID The new userId. [NOT SUPPORTED] * @param array $credentials The new credentials * * @throws Horde_Auth_Exception */ public function updateUser($oldID, $newID, $credentials) { if (!empty($this->_params['domain_field']) && $this->_params['domain_field'] != 'none') { list($name, $domain) = explode('@', $oldID); /* Build the SQL query with domain. */ $query = sprintf('UPDATE %s SET %s = ? WHERE %s = ? and %s = ?', $this->_params['table'], $this->_params['password_field'], $this->_params['username_field'], $this->_params['domain_field']); $values = array(Horde_Auth::getCryptedPassword($credentials['password'], '', $this->_params['encryption'], $this->_params['show_encryption']), $name, $domain); } else { /* Build the SQL query. */ $query = sprintf('UPDATE %s SET %s = ? WHERE %s = ?', $this->_params['table'], $this->_params['password_field'], $this->_params['username_field']); $values = array(Horde_Auth::getCryptedPassword($credentials['password'], '', $this->_params['encryption'], $this->_params['show_encryption']), $oldID); } try { $this->_db->update($query, $values); } catch (Horde_Db_Exception $e) { throw new Horde_Auth_Exception($e); } }
/** * @dataProvider getCredentials */ public function testGetCryptedPassword($encryption, $password, $salt, $show_encryption = false) { $this->assertEquals($password, Horde_Auth::getCryptedPassword('foobar', $password, $encryption, $show_encryption)); }
/** * Reset a user's password. Used for example when the user does not * remember the existing password. * * @param string $userId The user id for which to reset the password. * * @return string The new password on success. * @throws Horde_Auth_Exception */ public function resetPassword($userId) { if (!empty($this->_params['ad'])) { throw new Horde_Auth_Exception(__CLASS__ . ': Updating users is not supported for Active Directory.'); } /* Search for the user's full DN. */ try { $dn = $this->_ldap->findUserDN($userId); } catch (Horde_Exception_Ldap $e) { throw new Horde_Auth_Exception($e); } /* Get a new random password. */ $password = Horde_Auth::genRandomPassword(); /* Encrypt the new password */ $entry = array('userpassword' => Horde_Auth::getCryptedPassword($password, '', $this->_params['encryption'], 'true')); /* Set the lastchange field */ $shadow = $this->_lookupShadow($dn); if ($shadow['shadowlastchange']) { $entry['shadowlastchange'] = floor(time() / 86400); } /* Update user entry. */ try { $this->_ldap->modify($dn, array('replace' => $entry)); } catch (Horde_Ldap_Exception $e) { throw new Horde_Auth_Exception($e); } return $password; }
/** * Resets a user's password. Used for example when the user does not * remember the existing password. * * @param string $userId The user id for which to reset the password. * * @return string The new password on success. * @throws Horde_Auth_Exception */ public function resetPassword($userId) { /* Get a new random password. */ $password = Horde_Auth::genRandomPassword(); /* Build the SQL query. */ $query = str_replace(array('\\L', '\\P'), array($this->_db->quote($userId), $this->_db->quote(Horde_Auth::getCryptedPassword($password, '', $this->_params['encryption'], $this->_params['show_encryption']))), $this->_params['query_resetpassword']); try { $this->_db->update($query); } catch (Horde_Db_Exception $e) { throw new Horde_Auth_Exception($e); } return $password; }
/** * Encrypts a password. * * @param string $plaintext A plaintext password. * * @return string The encrypted password. */ protected function _encryptPassword($plaintext) { return Horde_Auth::getCryptedPassword($plaintext, '', $this->_params['encryption'], $this->_params['show_encryption']); }