From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
plugins/password/drivers/ldap_simple.php | 38 ++++++++++++++++++++++++++------------
1 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php
index 47e3b07..5b82205 100644
--- a/plugins/password/drivers/ldap_simple.php
+++ b/plugins/password/drivers/ldap_simple.php
@@ -9,6 +9,22 @@
*
* @version 2.0
* @author Wout Decre <wout@canodus.be>
+ * @author Aleksander Machniak <machniak@kolabsys.com>
+ *
+ * Copyright (C) 2005-2014, The Roundcube Dev Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
*/
class rcube_ldap_simple_password
@@ -95,7 +111,7 @@
$smblchattr = $rcmail->config->get('password_ldap_samba_lchattr');
$samba = $rcmail->config->get('password_ldap_samba');
$pass_mode = $rcmail->config->get('password_ldap_encodage');
- $crypted_pass = rcube_ldap_password::hash_password($passwd, $pass_mode);
+ $crypted_pass = password::hash_password($passwd, $pass_mode);
// Support password_ldap_samba option for backward compat.
if ($samba && !$smbpwattr) {
@@ -109,11 +125,11 @@
}
// Crypt new Samba password
- if ($smbpwattr && !($samba_pass = rcube_ldap_password::hash_password($passwd, 'samba'))) {
+ if ($smbpwattr && !($samba_pass = password::hash_password($passwd, 'samba'))) {
return PASSWORD_CRYPT_ERROR;
}
- $this->_debug("C: Bind $binddn [pass: $bindpw]");
+ $this->_debug("C: Bind $binddn, pass: **** [" . strlen($bindpw) . "]");
// Bind
if (!ldap_bind($ds, $binddn, $bindpw)) {
@@ -168,14 +184,16 @@
*/
function search_userdn($rcmail, $ds)
{
- $search_user = $rcmail->config->get('password_ldap_searchDN');
- $search_pass = $rcmail->config->get('password_ldap_searchPW');
+ $search_user = $rcmail->config->get('password_ldap_searchDN');
+ $search_pass = $rcmail->config->get('password_ldap_searchPW');
+ $search_base = $rcmail->config->get('password_ldap_search_base');
+ $search_filter = $rcmail->config->get('password_ldap_search_filter');
- if (empty($search_user)) {
- return null;
+ if (empty($search_filter)) {
+ return false;
}
- $this->_debug("C: Bind $search_user [pass: $search_pass]");
+ $this->_debug("C: Bind " . ($search_user ? $search_user : '[anonymous]'));
// Bind
if (!ldap_bind($ds, $search_user, $search_pass)) {
@@ -184,9 +202,6 @@
}
$this->_debug("S: OK");
-
- $search_base = $rcmail->config->get('password_ldap_search_base');
- $search_filter = $rcmail->config->get('password_ldap_search_filter');
$search_base = rcube_ldap_password::substitute_vars($search_base);
$search_filter = rcube_ldap_password::substitute_vars($search_filter);
@@ -220,5 +235,4 @@
rcube::write_log('ldap', $str);
}
}
-
}
--
Gitblit v1.9.1