From b09fdce7e3f01fb51c2cac848d6f74a226fccb08 Mon Sep 17 00:00:00 2001
From: Arturo Gonzalez <arturo.gonzalez@artica.es>
Date: Tue, 26 Sep 2017 15:41:04 +0200
Subject: [PATCH] Added password verification when log in with ldap

---
 pandora_console/include/auth/mysql.php | 29 +++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index 9f4240079b..139543ee75 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -173,8 +173,6 @@ function process_user_login_local ($login, $pass, $api = false) {
 function process_user_login_remote ($login, $pass, $api = false) {
 	global $config, $mysql_cache;
 	
-	
-	
 	// Remote authentication
 	switch ($config["auth"]) {
 		// LDAP
@@ -219,8 +217,6 @@ function process_user_login_remote ($login, $pass, $api = false) {
 	
 	// Authentication ok, check if the user exists in the local database
 	if (is_user ($login)) {
-		
-		
 		if (!user_can_login($login)) {
 			return false;
 		}
@@ -230,7 +226,7 @@ function process_user_login_remote ($login, $pass, $api = false) {
 			
 			$return = enterprise_hook ('prepare_permissions_groups_of_user_ad',
 				array ($login, $pass, false, true, defined('METACONSOLE')));
-			
+
 			if ($return === "error_permissions") {
 				$config["auth_error"] =
 					__("Problems with configuration permissions. Please contact with Administrator");
@@ -262,6 +258,8 @@ function process_user_login_remote ($login, $pass, $api = false) {
 					return false;
 				}
 			}
+
+			change_local_user_pass_ldap ($login, $pass);
 		}
 
 		return $login;
@@ -761,6 +759,27 @@ function is_user_blacklisted ($user) {
 	return false;
 }
 
+/**
+ * Update local user pass from ldap user
+ *
+ * @param string Login
+ * @param string Password
+ *
+ * @return bool
+ */
+function change_local_user_pass_ldap ($id_user, $password) {
+	$local_user_pass = db_get_value_filter('password', 'tusuario', array('id_user' => $id_user));
+
+	if (md5($password) !== $local_user_pass) {
+		$values_update = array();
+		$values_update['password'] = md5($password);
+
+		db_process_sql_update('tusuario', $values_update, array('id_user' => $id_user));
+	}
+
+	return;
+}
+
 //Reference the global use authorization error to last auth error.
 $config["auth_error"] = &$mysql_cache["auth_error"];
 ?>
\ No newline at end of file