Merge branch 'master' of https://github.com/tbnobody/horde

passwd/README

@@ -10,7 +10,7 @@
 Passwd is the Horde password changing application.  Right now, Passwd provides
 fairly complete support for changing passwords via Poppassd, LDAP, Unix expect
 scripts, the Unix smbpasswd command for SMB/CIFS passwords, Kolab, ADSI, Pine,
-Serv-U FTP, VMailMgr, vpopmail, and SQL passwords.
+Serv-U FTP, VMailMgr, vpopmail, SQL passwords and ISPConfig.
 
 This software is OSI Certified Open Source Software. OSI Certified is a
 certification mark of the `Open Source Initiative`_.

passwd/config/backends.php

@@ -20,6 +20,7 @@
  *     - adsi: ADSI COM interface.
  *     - expect: Expect script.
  *     - horde: Horde authentication driver.
+ *     - ispconfig: ISPConfig SOAP Server.
  *     - ldap: LDAP server.
  *     - pine: Pine-encoded file.
  *     - poppassd: Poppassd server.
@@ -551,3 +552,24 @@
         ),
     )),
 );
+
+/* ISPConfig Example */
+$backends['ispconfig'] = array(
+    'disabled' => true,
+    'name' => 'ISPConfig Server',
+    'driver' => 'Ispconfig',
+    'policy' => array(
+        'minLength' => 7,
+        'maxLength' => 64,
+        'maxSpace' => 0,
+        'minNumeric' => 1,
+    ),
+    'params' => array(
+        'soap_uri' => 'http://ispconfig-webinterface.example.com:8080/remote/',
+        // This user must be created in the ISPConfig webinterface
+        // under System -> Remote Users.  The required permissions
+        // ("functions") is "mail user functions" only.
+        'soap_user' => 'horde',
+        'soap_pass' => 'secret',
+    ),
+);

passwd/docs/INSTALL

@@ -56,7 +56,7 @@ To function properly, Passwd **requires** the following:
 
    e. SOAP support ``--enable-soap`` [OPTIONAL]
 
-      SOAP support is necessary for the soap driver.
+      SOAP support is necessary for the soap and ispconfig driver.
 
 3. The following PEAR modules:
    (See `horde/docs/INSTALL`_ for instructions on installing PEAR modules)
@@ -87,6 +87,8 @@ use:
 
 6. A SOAP service endpoint.
 
+7. A ISPConfig server with installed remoting API.
+
 
 Installing Passwd
 ===================
@@ -282,6 +284,15 @@ extension. It requires the PECL expect extension and a ssh program.
 You can find the extension on http://pecl.php.net/package/expect
 
 
+ISPConfig Implementation Information
+====================================
+
+This code allows users to change their passwords via the ISPConfig
+remoting API. The advantage compared to the SQL driver is that the
+SOAP API triggers the ISPConfig replication correctly which is necessary
+for multi server environments.
+
+
 Obtaining Support
 =================
 

passwd/lib/Driver/Ispconfig.php

@@ -0,0 +1,106 @@
+<?php
+/**
+ * Copyright 2016 Horde LLC (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (GPL). If you
+ * did not receive this file, see http://www.horde.org/licenses/gpl.
+ *
+ * @category  Horde
+ * @copyright 2016 Horde LLC
+ * @license   http://www.horde.org/licenses/gpl GPL
+ * @package   Passwd
+ */
+
+/**
+ * Changes a email password using the IspConfig 3 API.
+ *
+ * @author    Thomas Basler <tbasler@oprago.com>
+ * @author    Michael Bunk <mb@computer-leipzig.com>
+ * @category  Horde
+ * @copyright 2016 Horde LLC
+ * @license   http://www.horde.org/licenses/gpl GPL
+ * @package   Passwd
+ */
+class Passwd_Driver_Ispconfig extends Passwd_Driver
+{
+    /**
+     */
+    public function __construct(array $params = array())
+    {
+        // Default ISPConfig encryption settings
+        parent::__construct(array_merge(array(
+            'encryption' => 'crypt-md5',
+            'show_encryption' => false,
+        ), $params));
+
+        if (!class_exists('SoapClient')) {
+            throw new Passwd_Exception('You need the soap PHP extension to use this driver.');
+        }
+        if (empty($this->_params['soap_uri']) ||
+            empty($this->_params['soap_user']) ) {
+            throw new Passwd_Exception('The Passwd Ispconfig driver is not properly configured, edit your passwd/config/backends.local.php.');
+        }
+    }
+
+    /**
+     */
+    protected function _changePassword($user, $oldpass, $newpass)
+    {
+        // Connect
+        $soap_uri = $this->_params['soap_uri'];
+        $client = new SoapClient(null, array(
+            'location' => $soap_uri . 'index.php',
+            'uri'      => $soap_uri));
+
+        // Login
+        try {
+            if (!$session_id = $client->login(
+                $this->_params['soap_user'],
+                $this->_params['soap_pass'])) {
+                throw new Passwd_Exception(
+                    sprintf(_("Login to %s failed."), $soap_uri));
+            }
+        } catch (SoapFault $e) {
+            throw new Passwd_Exception($e);
+        }
+
+        // Get user information
+        try {
+            $users = $client->mail_user_get(
+                $session_id,
+                array('login' => $user));
+        } catch (SoapFault $e) {
+            throw new Passwd_Exception($e);
+        }
+        if (count($users) != 1) {
+            throw new Passwd_Exception(
+                sprintf(_("%d users with login %s found, one expected."),
+                        count($users),
+                        $user));
+        }
+        $user = $users[0];
+
+        // Check the passwords match
+        $this->_comparePasswords($user['password'], $oldpass);
+
+        // Set new password
+        $user['password'] = $newpass;
+
+        // Save information
+        try {
+            $client->mail_user_update(
+                    $session_id, $user['client_id'],
+                    $user['mailuser_id'], $user);
+        } catch (SoapFault $e) {
+            throw new Passwd_Exception($e);
+        }
+
+        // Logout
+        try {
+            $client->logout(
+                    $session_id);
+        } catch (SoapFault $e) {
+            throw new Passwd_Exception($e);
+        }
+    }
+}