Merge branch 'develop' into webauthn

pull/80/head
Roland Gruber 4 years ago
commit 0ed0d17676

@ -36,12 +36,15 @@ files=`ls -a *.jpg`
for file in $files; do
cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
done
if [ ! -h /usr/share/ldap-account-manager/config ]; then\
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config; fi
if [ ! -h /usr/share/ldap-account-manager/sess ]; then\
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess; fi
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then\
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp; fi
if [ ! -h /usr/share/ldap-account-manager/config ]; then
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
fi
if [ ! -h /usr/share/ldap-account-manager/sess ]; then
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
fi
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
fi
chown www-data /etc/ldap-account-manager/config.cfg
chmod 600 /etc/ldap-account-manager/config.cfg
chown www-data /var/lib/ldap-account-manager/sess
@ -51,9 +54,14 @@ chown www-data /var/lib/ldap-account-manager/tmp/internal
chmod 700 /var/lib/ldap-account-manager/tmp
chown -R www-data /var/lib/ldap-account-manager/config
chmod 700 /var/lib/ldap-account-manager/config
if [ ! -f /var/lib/ldap-account-manager/config/lam.conf ]; \
then cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf; \
chown www-data /var/lib/ldap-account-manager/config/lam.conf; fi
set +e
ls -l /var/lib/ldap-account-manager/config/*.conf &> /dev/null
cfgFilesExist=$?
set -e
if [ $cfgFilesExist -ne 0 ]; then
cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf
chown www-data /var/lib/ldap-account-manager/config/lam.conf
fi
chmod 600 /var/lib/ldap-account-manager/config/*.conf
if [ "$1" = "configure" ]; then
db_get "ldap-account-manager/alias"

@ -14,3 +14,4 @@ for phpThirdPartyLib in $phpThirdPartyLibs; do
fi
done
#DEBHELPER#

@ -1,3 +1,9 @@
#
# LAM setup
#
# skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false)
# If set to false the other variables below have no effect.
LAM_SKIP_PRECONFIGURE=false
# domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_DOMAIN=my-domain.com
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
@ -6,13 +12,17 @@ LDAP_BASE_DN=dc=my-domain,dc=com
LDAP_SERVER=ldap://ldap:389
# LDAP admin user (set as login user for LAM)
LDAP_USER=cn=admin,dc=my-domain,dc=com
# LDAP admin password
LDAP_ADMIN_PASSWORD=adminpw
# default language, e.g. en_US, de_DE, fr_FR, ...
LAM_LANG=en_US
# LAM configuration master password and password for server profile "lam"
LAM_PASSWORD=lam
# docker-compose only, LDAP organisation name for OpenLDAP
#
# docker-compose only, LDAP server setup
#
# LDAP organisation name for OpenLDAP
LDAP_ORGANISATION="LDAP Account Manager Demo"
# docker-compose only, password for LDAP read-only user
# LDAP admin password
LDAP_ADMIN_PASSWORD=adminpw
# password for LDAP read-only user
LDAP_READONLY_USER_PASSWORD=readonlypw

@ -23,29 +23,34 @@
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}"
if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
EOF
unset LAM_PASSWORD
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
unset LAM_PASSWORD
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|;
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
EOF
fi
echo "Starting Apache"
rm -f /run/apache2/apache2.pid
set +u

@ -66,7 +66,9 @@ class windowsHost extends baseModule {
// managed object classes
$return['objectClasses'] = array('computer', 'securityPrincipal');
// managed attributes
$return['attributes'] = array('cn', 'description', 'location', 'sAMAccountName', 'managedBy', 'operatingSystem', 'operatingSystemVersion', 'dNSHostName');
$return['attributes'] = array('cn', 'description', 'location', 'sAMAccountName', 'managedBy',
'operatingSystem', 'operatingSystemVersion', 'dNSHostName', 'pwdLastSet', 'lastLogonTimestamp',
'logonCount');
// help Entries
$return['help'] = array(
'cn' => array(
@ -85,6 +87,18 @@ class windowsHost extends baseModule {
"Headline" => _('Managed by'), 'attr' => 'managedBy',
"Text" => _('The host is managed by this contact person.')
),
'pwdLastSet' => array(
"Headline" => _('Last password change'), 'attr' => 'pwdLastSet',
"Text" => _('Time of user\'s last password change.')
),
'lastLogonTimestamp' => array(
"Headline" => _('Last login'), 'attr' => 'lastLogonTimestamp',
"Text" => _('Time of user\'s last login.')
),
'logonCount' => array(
"Headline" => _('Logon count'), 'attr' => 'logonCount',
"Text" => _('This is the number of logins using this account.')
),
);
// upload fields
$return['upload_columns'] = array(
@ -141,6 +155,33 @@ class windowsHost extends baseModule {
$this->addSimpleInputTextField($container, 'cn', _('Host name'), true);
$this->addSimpleInputTextField($container, 'description', _('Description'), false);
$this->addSimpleInputTextField($container, 'location', _('Location'), false);
// last password change
if (!empty($this->attributes['pwdLastSet'])) {
$container->addLabel(new htmlOutputText(_('Last password change')));
$pwdLastSetGroup = new htmlGroup();
$pwdLastSetGroup->addElement(new htmlOutputText($this->formatFileTime($this->attributes['pwdLastSet'][0])));
$pwdLastSetGroup->addElement(new htmlSpacer('0.5rem', null));
$pwdLastSetGroup->addElement(new htmlHelpLink('pwdLastSet'));
$container->addField($pwdLastSetGroup);
}
// last login
if (!empty($this->attributes['lastLogonTimestamp'])) {
$container->addLabel(new htmlOutputText(_('Last login')));
$lastLogonTimestampGroup = new htmlGroup();
$lastLogonTimestampGroup->addElement(new htmlOutputText($this->formatFileTime($this->attributes['lastLogonTimestamp'][0])));
$lastLogonTimestampGroup->addElement(new htmlSpacer('0.5rem', null));
$lastLogonTimestampGroup->addElement(new htmlHelpLink('lastLogonTimestamp'));
$container->addField($lastLogonTimestampGroup);
}
// logon count
if (!empty($this->attributes['logonCount'])) {
$container->addLabel(new htmlOutputText(_('Logon count')));
$logonCountGroup = new htmlGroup();
$logonCountGroup->addElement(new htmlOutputText($this->attributes['logonCount'][0]));
$logonCountGroup->addElement(new htmlSpacer('0.5rem', null));
$logonCountGroup->addElement(new htmlHelpLink('logonCount'));
$container->addField($logonCountGroup);
}
// managed by
$container->addLabel(new htmlOutputText(_('Managed by')));
$managedBy = '-';
@ -296,6 +337,23 @@ class windowsHost extends baseModule {
return $return;
}
/**
* Formats a value in file time (100 ns since 1601-01-01).
*
* @param integer $value time value
* @return String formatted value
*/
private function formatFileTime($value) {
if (empty($value) || ($value == '-1')) {
return '';
}
$seconds = substr($value, 0, -7);
$time = new DateTime('1601-01-01', new DateTimeZone('UTC'));
$time->add(new DateInterval('PT' . $seconds . 'S'));
$time->setTimezone(getTimeZone());
return $time->format('Y-m-d H:i:s');
}
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

@ -45,6 +45,10 @@ printHeaderContents(_("Configuration overview"), '../..');
?>
</head>
<body class="admin">
<?php
// include all JavaScript files
printJsIncludes('../..');
?>
<table class="lamTop ui-corner-all">
<tr>
<td align="left">

Loading…
Cancel
Save