|
|
|---|
| 30 |
# /usr/share/common-licenses/AGPL-3; if not, see |
30 |
# /usr/share/common-licenses/AGPL-3; if not, see |
| 31 |
# <http://www.gnu.org/licenses/>. |
31 |
# <http://www.gnu.org/licenses/>. |
| 32 |
|
32 |
|
|
|
33 |
from __future__ import absolute_import |
| 33 |
import traceback |
34 |
import traceback |
| 34 |
import re |
35 |
import re |
| 35 |
|
36 |
|
|
|
|---|
| 49 |
PAM_ACCT_EXPIRED, |
50 |
PAM_ACCT_EXPIRED, |
| 50 |
PAM_AUTH_ERR, |
51 |
PAM_AUTH_ERR, |
| 51 |
) |
52 |
) |
|
|
53 |
from ldap.filter import filter_format |
| 52 |
|
54 |
|
| 53 |
from univention.management.console.log import AUTH |
55 |
from univention.management.console.log import AUTH |
|
|
56 |
from univention.management.console.ldap import get_machine_connection, get_user_connection |
| 57 |
|
| 58 |
import univention.admin |
| 54 |
|
59 |
|
| 55 |
from univention.lib.i18n import Translation, I18N_Error |
60 |
from univention.lib.i18n import Translation, I18N_Error |
| 56 |
_ = Translation('univention.management.console').translate |
61 |
_ = Translation('univention.management.console').translate |
|
Lines 244-252
def change_password(self, username, old_password, new_password):
|
Link Here
|
|---|
|
|---|
| 244 |
self.pam.chauthtok() |
249 |
self.pam.chauthtok() |
| 245 |
except PAMError as pam_err: |
250 |
except PAMError as pam_err: |
| 246 |
AUTH.warn('Changing password failed (%s). Prompts: %r' % (pam_err, prompts)) |
251 |
AUTH.warn('Changing password failed (%s). Prompts: %r' % (pam_err, prompts)) |
|
|
252 |
try: |
| 253 |
self.change_password_ldap(username, old_password, new_password) |
| 254 |
except Exception as exc: |
| 255 |
AUTH.process('Changing the user password via LDAP failed: %s' % (exc,)) |
| 256 |
pass # ignore a lot of exceptions, password changing failed! |
| 257 |
else: |
| 258 |
return # the password was sucessfully changed |
| 247 |
message = self._parse_error_message_from(pam_err, prompts) |
259 |
message = self._parse_error_message_from(pam_err, prompts) |
| 248 |
raise PasswordChangeFailed('%s %s' % (self._('Changing password failed.'), message)) |
260 |
raise PasswordChangeFailed('%s %s' % (self._('Changing password failed.'), message)) |
| 249 |
|
261 |
|
|
|
262 |
users_module = None |
| 263 |
|
| 264 |
def change_password_ldap(self, username, password, new_password): |
| 265 |
"""Changes the users password via UDM if it is a ldap-only user""" |
| 266 |
lo, po = get_machine_connection() |
| 267 |
if self.users_module is None: |
| 268 |
univention.admin.modules.update() |
| 269 |
self.users_module = univention.admin.modules.get('users/user') |
| 270 |
univention.admin.modules.init(lo, po, self.users_module) |
| 271 |
users = self.users_module |
| 272 |
user = users.lookup(None, lo, filter_format('username=%s', [username]), unique=True, required=True)[0] |
| 273 |
if set(user.options) & {'posix', 'samba', 'kerberos'} or 'ldap_pwd' not in user.options: |
| 274 |
raise PasswordChangeFailed('Not an LDAP user.') |
| 275 |
lo, po = get_user_connection(bind=lambda lo: lo.bind(user.dn, password)) |
| 276 |
user = users.object(None, lo, po, user.dn) |
| 277 |
user.open() |
| 278 |
#user['overridePWHistory'] = '1' |
| 279 |
user['password'] = new_password |
| 280 |
user.modify() |
| 281 |
|
| 250 |
def init(self): |
282 |
def init(self): |
| 251 |
pam = PAM() |
283 |
pam = PAM() |
| 252 |
pam.start('univention-management-console') |
284 |
pam.start('univention-management-console') |