Author Topic: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6  (Read 28019 times)

Offline l4r

  • Newbie
  • *
  • Posts: 4
[SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« on: August 29, 2012, 01:27:01 PM »
Hi! This is is my first post  ;D
Because I did not find any solution for my particular problem with changing password, I want to share with little driver that I wrote and it worked for me.

Mail server is based on cyrus, framework is Mac OS X v10.6, users are in OD and user profiles synch is thru LDAP. Problem was that passwords were Kerberos protected and any driver from password plugin simply did not work. I've tried almost everything but only this custom driver was able to do the job. Most of code is based on other password drivers. Main idea is to use bash dscl command with provided variables.


Code: [Select]
<?php

/**
 * DSCL Driver
 */

class rcube_dscl_password
{
    public function 
save($currpass$newpass)
    {
        
$username $_SESSION['username'];
$cmd exec('dscl -u '.$username.' -P '.$currpass.' /LDAPv3/127.0.0.1 -passwd /Users/'.$username.' '.$newpass); 
        
$handle popen($cmd"w");

        if (
pclose($handle) == 0) {
            return 
PASSWORD_SUCCESS;
        }
        else {
            
raise_error(array(
                
'code' => 600,
                
'type' => 'php',
                
'file' => __FILE__'line' => __LINE__,
                
'message' => "Password plugin: Unable to execute $cmd"
                
), truefalse);
        }

        return 
PASSWORD_ERROR;
    }
}
Driver works ony if you have proper ldap setup working!

You should save it as dscl.php  in /plugins/password/drivers/ and edit config.inc.php regardless. If enyone succeed (or not) with this, please share with results. It was not tested on any other enviroments than mentioned above. Anyway sorry for poor english  ::)

Regards!
« Last Edit: August 29, 2012, 05:02:56 PM by l4r »

Offline macserver2010

  • Newbie
  • *
  • Posts: 1
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #1 on: October 16, 2012, 04:21:09 PM »
hey Thanks for coming up with the driver.

It works fine with Roundcube 0.8.2 and Mac  OS 10.8.2 Server

Offline DClark

  • Jr. Member
  • **
  • Posts: 18
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #2 on: March 29, 2013, 11:23:38 AM »
This driver was helpful to me thanks to l4r.

Although it worked, it didn't for all occasions if your user's password had a space or other commandline special character the driver failed. I have posted the modified driver below incase it helps someone else running a mac server using open directory.

Code: [Select]
<?php

/**
 * DSCL Driver
 */

class rcube_dscl_password
{
    public function 
save($currpass$newpass)
    {
        
$username escapeshellarg($_SESSION['username']);
        
$userpass escapeshellarg($currpass);
        
$newuserpass escapeshellarg($newpass);
        
$cmd exec('dscl -u '.$username.' -P '.$userpass.' /LDAPv3/127.0.0.1 -passwd /Users/'.$username.' '.$newuserpass);
$handle popen($cmd"w");

        if (
pclose($handle) == 0) {
            return 
PASSWORD_SUCCESS;
        }
        else {
            
raise_error(array(
                
'code' => 600,
                
'type' => 'php',
                
'file' => __FILE__'line' => __LINE__,
                
'message' => "Password plugin: Unable to execute $cmd"
                
), truefalse);
        }

        return 
PASSWORD_ERROR;
    }
}

As the orginal post stated save the above code as dscl.php  in /roundcube/plugins/password/drivers/ and edit  /roundcube/plugins/password/config.inc.php and change the following line to use the driver

Code: [Select]
$rcmail_config['password_driver'] = 'dscl';

I have tested the driver with my own install which is a Mac OS X Server 10.6, it should work with current versions as long as it has the dscl command.


Offline l4r

  • Newbie
  • *
  • Posts: 4
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #3 on: March 30, 2013, 04:39:46 PM »
DClark: Good to konw and thank you for attribution :) From my original post to now (almost a year) I didn't realize troubles with special chars. None of my mail-users reported this (they are lazy ;-) ) but indeed it exist. Thanks!

Offline DClark

  • Jr. Member
  • **
  • Posts: 18
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #4 on: April 03, 2013, 03:47:24 PM »
DClark: Good to konw and thank you for attribution :) From my original post to now (almost a year) I didn't realize troubles with special chars. None of my mail-users reported this (they are lazy ;-) ) but indeed it exist. Thanks!

Thats ok l4r.
Glad I could give something back, in exchange for using the driver.

Offline ibrewster

  • Newbie
  • *
  • Posts: 5
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #5 on: June 10, 2013, 03:41:30 PM »
I've been trying to make this work on my Mac OS X lion server, but all I get when I try to change my password via the web interface is a useless message saying "Unable to save password". When I try the DSCL command in the script from the command line, manually substituting the variables, it works fine. Is there a log somewhere I can look at that might tell me what is going wrong here? I had thought of modifying the script to make it write debugging output to a file, but while I know several programing languages and BASH shell scripting, php is not one of them and my attempts to create a debugging file have not been successful - the file is never written. So if there is a log already that might tell me what is going on, that would be very helpful. Thanks.

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #6 on: June 10, 2013, 09:22:37 PM »
If its failing it should log to <RC root>/errors

Offline ibrewster

  • Newbie
  • *
  • Posts: 5
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #7 on: June 11, 2013, 12:28:33 PM »
Thank you for that information. After some hunting and perusing of config files, I discovered that the error log you referred to is actually stored in /var/log/webmail/errors on Mac OS X Lion server, not in <RC Root>/errors. Looking at that log shows me the following rather uninformative line:

Code: [Select]
PHP Error: Password plugin: Broken driver: /usr/share/webmail/plugins/password/drivers/dscl.php in /usr/share/webmail/plugins/password/password.php on line 243 (POST /webmail/?_task=settings&_action=plugin.password-save?_task=&_action=)
Since I don't know PHP at all, and the error doesn't exactly tell me why or how the driver is broken, I'm at a bit of a loss. Any suggestions as to how I can go about troubleshooting this? Thanks again!

Offline ibrewster

  • Newbie
  • *
  • Posts: 5
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #8 on: June 11, 2013, 01:00:51 PM »
Ok, I figured it out and got it working. The problem was that the code, as posted here, was wrapped in a class (class rcube_dscl_password) with a function named save. Looking at the readme in the password plugin (as well as a couple of the existing drivers), however, showed that the proper format was to simply have a function named password_save that took two arguments. So changing the above code to the following got it working:

Code: [Select]
<?php

/**
 * DSCL Driver
 */

function password_save($currpass$newpass)
{
        
$username escapeshellarg($_SESSION['username']);
        
$userpass escapeshellarg($currpass);
        
$newuserpass escapeshellarg($newpass);
        
        
$cmd exec('dscl -u '.$username.' -P '.$userpass.' /LDAPv3/127.0.0.1 -passwd /Users/'.$username.' '.$newuserpass);
        
$handle popen($cmd"w");

        if (
pclose($handle) == 0) {
            return 
PASSWORD_SUCCESS;
        }
        else {
            
raise_error(array(
                
'code' => 600,
                
'type' => 'php',
                
'file' => __FILE__'line' => __LINE__,
                
'message' => "Password plugin: Unable to execute $cmd"
                
), truefalse);
        }

        return 
PASSWORD_ERROR;
}

Offline alec

  • Hero Member
  • *****
  • Posts: 1,363
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #9 on: June 12, 2013, 02:07:58 AM »
Then you're using very old Roundcube version. You should upgrade.

Offline ibrewster

  • Newbie
  • *
  • Posts: 5
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #10 on: June 12, 2013, 11:53:01 AM »
I'm using, as I stated in both my first two posts, Mac OS X Lion Server. Specifically, version 10.7.5, Which uses roundcube for its webmail. I have no idea what version of roundcube it uses. Thanks for the suggestion to upgrade - the next time I update the OS on my mail sever, i'll look into it. That said, however, anyone else using 10.7.x server will have the same issues as me, and as such having the solution here makes sense. Thanks for the help!

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #11 on: June 12, 2013, 12:06:02 PM »
Knowing Mac they most likely ship with an out of date version but you can still upgrade manually. The RoundCube version number should be at the top of the index.php.

Offline ibrewster

  • Newbie
  • *
  • Posts: 5
Re: [SLOVED] Password plugin: dscl driver for Mac OS X v10.6
« Reply #12 on: June 12, 2013, 12:09:07 PM »
Ah, yes. Version 0.6 So just a FEW releases out-of-date :D