e-smith-base/sme8/e-smith-base-5.2.0-allow-admin-pwd-change.patch

diff -up e-smith-base-5.2.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword.allow-admin-pwd-change e-smith-base-5.2.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword
--- e-smith-base-5.2.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword.allow-admin-pwd-change 2008-08-20 23:17:24.000000000 +0200
+++ e-smith-base-5.2.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword        2010-03-09 20:52:12.000000000 +0100
@@ -26,8 +26,10 @@ use strict;
 use esmith::FormMagick;
 use esmith::util;
 use esmith::ConfigDB;
+use esmith::AccountsDB;
 
 our $configdb = esmith::ConfigDB->open();
+our $accountsdb = esmith::AccountsDB->open();
 my $fm = new esmith::FormMagick;
 $fm->display();
 
@@ -117,14 +119,47 @@ Validates the password using the desired
 =cut
  
 sub check_password {
-        my $fm = shift;
-        my $pass1 = shift;
- 
-        my $check_type;
-        my $rec = $configdb->get('passwordstrength');
+
+    my $fm = shift;
+
+    my $pass1 = $fm->{cgi}->param('pass');
+    my $acctName = $fm->{cgi}->param('account');
+
+    my $check_type;
+    my $rec = $configdb->get('passwordstrength');
+
+    if (is_admin($acctName)) 
+        $check_type = ($rec ? ($rec->prop('Admin') || 'none') : 'none');
+    else 
         $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none');
- 
-        return $fm->validate_password($check_type,$pass1);
+
+    return $fm->validate_password($check_type,$pass1);
+}
+
+=pod
+
+=head2 is_admin
+
+Checks whether the user is admin or member of the so-called Domain Admins group
+
+=cut
+
+sub is_admin {
+
+    my $fm = shift;
+    my $acctName = shift;
+
+    if ($acctName eq 'admin') return 1;
+
+    # Find possible Domain Admins group
+    my $adminGroup = $db->get_all_by_prop('Description' => 'Domain Admins') || '';
+
+    if ($adminGroup eq '') return false;
+
+    my $members = $accountsdb->getprop($adminGroup, 'Members') || '';
+
+    return (",$members," =~ m/,$acctName,/);
+
 }
 
 __DATA__
1	diff -up e-smith-base-5.2.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword.allow-admin-pwd-change e-smith-base-5.2.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword
2	--- e-smith-base-5.2.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword.allow-admin-pwd-change 2008-08-20 23:17:24.000000000 +0200
3	+++ e-smith-base-5.2.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword 2010-03-09 20:52:12.000000000 +0100
4	@@ -26,8 +26,10 @@ use strict;
5	use esmith::FormMagick;
6	use esmith::util;
7	use esmith::ConfigDB;
8	+use esmith::AccountsDB;
9
10	our $configdb = esmith::ConfigDB->open();
11	+our $accountsdb = esmith::AccountsDB->open();
12	my $fm = new esmith::FormMagick;
13	$fm->display();
14
15	@@ -117,14 +119,47 @@ Validates the password using the desired
16	=cut
17
18	sub check_password {
19	- my $fm = shift;
20	- my $pass1 = shift;
21	-
22	- my $check_type;
23	- my $rec = $configdb->get('passwordstrength');
24	+
25	+ my $fm = shift;
26	+
27	+ my $pass1 = $fm->{cgi}->param('pass');
28	+ my $acctName = $fm->{cgi}->param('account');
29	+
30	+ my $check_type;
31	+ my $rec = $configdb->get('passwordstrength');
32	+
33	+ if (is_admin($acctName))
34	+ $check_type = ($rec ? ($rec->prop('Admin') \|\| 'none') : 'none');
35	+ else
36	$check_type = ($rec ? ($rec->prop('Users') \|\| 'none') : 'none');
37	-
38	- return $fm->validate_password($check_type,$pass1);
39	+
40	+ return $fm->validate_password($check_type,$pass1);
41	+}
42	+
43	+=pod
44	+
45	+=head2 is_admin
46	+
47	+Checks whether the user is admin or member of the so-called Domain Admins group
48	+
49	+=cut
50	+
51	+sub is_admin {
52	+
53	+ my $fm = shift;
54	+ my $acctName = shift;
55	+
56	+ if ($acctName eq 'admin') return 1;
57	+
58	+ # Find possible Domain Admins group
59	+ my $adminGroup = $db->get_all_by_prop('Description' => 'Domain Admins') \|\| '';
60	+
61	+ if ($adminGroup eq '') return false;
62	+
63	+ my $members = $accountsdb->getprop($adminGroup, 'Members') \|\| '';
64	+
65	+ return (",$members," =~ m/,$acctName,/);
66	+
67	}
68
69	__DATA__