/usr/share/horde/passwd/lib/Driver/Pspasswd.php is in php-horde-passwd 5.0.2-3+deb8u1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 | <?php
/**
* Copyright 2004-2014 Horde LLC (http://www.horde.org/)
*
* See the enclosed file COPYING for license information (GPL). If you
* did not receive this file, see http://www.horde.org/licenses/gpl.
*
* @category Horde
* @copyright 2004-2014 Horde LLC
* @license http://www.horde.org/licenses/gpl GPL
* @package Passwd
*/
/**
* The PSPasswd class changes a user's password on any Windows Machine
* (NT+) using the pspasswd free utility available at Sysinternals
* website: http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml
*
* IMPORTANT!
*
* This driver should be used only as a last resort when there's no
* possibility of using the ADSI or LDAP drivers, which are far more
* secure and fast. This driver needs administrative credentials
* exposed on the backends.php file, which is required by the
* pspasswd.exe tool. It's an alternative driver that should be
* avoided, but could also be the only option for a few scenarios.
* (eg: When you don't have ADSI or LDAP support)
*
* Sample backend configuration:
* <code>
* $backends['pspasswd'] = array(
* 'name' => 'Sample pspasswd backend',
* 'preferred' => 'localhost',
* 'policy' => array(
* 'minLength' => 8,
* 'maxLength' => 14
* ),
* 'driver' => 'pspasswd',
* 'params' => array(
* 'server' => 'YOUR_SERVER_NAME',
* 'bin' => 'DRIVE:\\DIR\\pspasswd.exe', // Notice: "\\"
* 'admusr' => 'Administrator',
* 'admpwd' => 'Password',
* 'domain' => 'YOUR_DOMAIN_NAME'
* )
* );
* </code>
*
* Backend parameters:<pre>
* server = Machine where you want to change the password (Required)
* bin = Full pathname of the pspasswd.exe program (Required)
* admusr = User with administrative privileges (Required)
* admpwd = Password of the administrative user (Required)
* domain = Windows domain name (Optional)
* </pre>
*
* For example: Passing a NT4 PDC server name to the server parameter
* means you can change the user's password on that NT4 Domain.
*
* Special thanks to Mark Russinovich (mark@sysinternals.com) for the
* tool and helping me solve some questions about it.
*
* @author Luiz R Malheiros (malheiros@gmail.com)
* @category Horde
* @copyright 2000-2014 Horde LLC
* @license http://www.horde.org/licenses/gpl GPL
* @package Passwd
*/
class Passwd_Driver_Pspasswd extends Passwd_Driver
{
/**
*/
public function __construct(array $params = array())
{
if (empty($params['server']) ||
empty($params['bin']) ||
empty($params['admusr']) ||
empty($params['admpwd'])) {
throw new Passwd_Exception(_("Password module is missing required parameters."));
}
if (!file_exists($params['bin'])) {
throw new Passwd_Exception(_("Password module can't find the supplied bin."));
}
parent::__construct($params);
}
/**
*/
protected function _changePassword($user, $oldpass, $newpass)
{
$server = $this->_params['server'];
$chpwd_adm = $this->_params['admusr'];
$chpwd_usr = $user;
if (!empty($this->_params['domain'])) {
$chpwd_adm = $this->_params['domain'] . "\\" . $chpwd_adm;
$chpwd_usr = $this->_params['domain'] . "\\" . $chpwd_usr_name;
}
exec('NET USE \\\\' . $server . '\\IPC$ /D >NUL 2>NUL');
$cmdline = 'NET USE \\\\' . $server . '\\IPC$ "' . $oldpass
. '" /USER:' . $chpwd_usr;
exec($cmdline, $cmdreply, $retval);
if (strpos(implode(' ', $cmdreply), 'The command completed successfully.') === false) {
throw new Passwd_Exception(_("Failed to verify old password."));
}
exec('NET USE \\\\' . $server . '\\IPC$ /D >NUL 2>NUL');
$cmdline = $this->_params['bin'] . ' \\\\' . $server . ' -u ' . $chpwd_adm . ' -p ' . $this->_params['admpwd'] . ' ' . $user. ' ' . $newpass;
exec($cmdline, $cmdreply, $retval);
exec('NET USE \\\\' . $server . '\\IPC$ /D >NUL 2>NUL');
if (strpos(implode(' ', $cmdreply), 'Password for ' . $server . '\\' . $user. ' successfully changed.') === false) {
throw new Passwd_Exception(_("Access Denied."));
}
}
}
|