|
30 |
# /usr/share/common-licenses/AGPL-3; if not, see |
30 |
# /usr/share/common-licenses/AGPL-3; if not, see |
31 |
# <http://www.gnu.org/licenses/>. |
31 |
# <http://www.gnu.org/licenses/>. |
32 |
|
32 |
|
|
|
33 |
from __future__ import absolute_import |
33 |
import traceback |
34 |
import traceback |
34 |
import re |
35 |
import re |
35 |
|
36 |
|
|
49 |
PAM_ACCT_EXPIRED, |
50 |
PAM_ACCT_EXPIRED, |
50 |
PAM_AUTH_ERR, |
51 |
PAM_AUTH_ERR, |
51 |
) |
52 |
) |
|
|
53 |
from ldap.filter import filter_format |
52 |
|
54 |
|
53 |
from univention.management.console.log import AUTH |
55 |
from univention.management.console.log import AUTH |
|
|
56 |
from univention.management.console.ldap import get_machine_connection, get_user_connection |
57 |
|
58 |
import univention.admin |
54 |
|
59 |
|
55 |
from univention.lib.i18n import Translation, I18N_Error |
60 |
from univention.lib.i18n import Translation, I18N_Error |
56 |
_ = Translation('univention.management.console').translate |
61 |
_ = Translation('univention.management.console').translate |
Lines 244-252
def change_password(self, username, old_password, new_password):
|
Link Here
|
---|
|
244 |
self.pam.chauthtok() |
249 |
self.pam.chauthtok() |
245 |
except PAMError as pam_err: |
250 |
except PAMError as pam_err: |
246 |
AUTH.warn('Changing password failed (%s). Prompts: %r' % (pam_err, prompts)) |
251 |
AUTH.warn('Changing password failed (%s). Prompts: %r' % (pam_err, prompts)) |
|
|
252 |
try: |
253 |
self.change_password_ldap(username, old_password, new_password) |
254 |
except Exception as exc: |
255 |
AUTH.process('Changing the user password via LDAP failed: %s' % (exc,)) |
256 |
pass # ignore a lot of exceptions, password changing failed! |
257 |
else: |
258 |
return # the password was sucessfully changed |
247 |
message = self._parse_error_message_from(pam_err, prompts) |
259 |
message = self._parse_error_message_from(pam_err, prompts) |
248 |
raise PasswordChangeFailed('%s %s' % (self._('Changing password failed.'), message)) |
260 |
raise PasswordChangeFailed('%s %s' % (self._('Changing password failed.'), message)) |
249 |
|
261 |
|
|
|
262 |
users_module = None |
263 |
|
264 |
def change_password_ldap(self, username, password, new_password): |
265 |
"""Changes the users password via UDM if it is a ldap-only user""" |
266 |
lo, po = get_machine_connection() |
267 |
if self.users_module is None: |
268 |
univention.admin.modules.update() |
269 |
self.users_module = univention.admin.modules.get('users/user') |
270 |
univention.admin.modules.init(lo, po, self.users_module) |
271 |
users = self.users_module |
272 |
user = users.lookup(None, lo, filter_format('username=%s', [username]), unique=True, required=True)[0] |
273 |
if set(user.options) & {'posix', 'samba', 'kerberos'} or 'ldap_pwd' not in user.options: |
274 |
raise PasswordChangeFailed('Not an LDAP user.') |
275 |
lo, po = get_user_connection(bind=lambda lo: lo.bind(user.dn, password)) |
276 |
user = users.object(None, lo, po, user.dn) |
277 |
user.open() |
278 |
#user['overridePWHistory'] = '1' |
279 |
user['password'] = new_password |
280 |
user.modify() |
281 |
|
250 |
def init(self): |
282 |
def init(self): |
251 |
pam = PAM() |
283 |
pam = PAM() |
252 |
pam.start('univention-management-console') |
284 |
pam.start('univention-management-console') |