Merge branch 'develop' into webauthn

lam-packaging/debian/postinst

@@ -36,12 +36,15 @@ files=`ls -a *.jpg`
 for file in $files; do
 	cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
 done
-if [ ! -h /usr/share/ldap-account-manager/config ]; then\
+if [ ! -h /usr/share/ldap-account-manager/config ]; then
-  ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config; fi
+  ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
-if [ ! -h /usr/share/ldap-account-manager/sess ]; then\
+fi
-  ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess; fi
+if [ ! -h /usr/share/ldap-account-manager/sess ]; then
-if [ ! -h /usr/share/ldap-account-manager/tmp ]; then\
+  ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
-  ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp; fi
+fi
+if [ ! -h /usr/share/ldap-account-manager/tmp ]; then
+  ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
+fi
 chown www-data /etc/ldap-account-manager/config.cfg
 chmod 600 /etc/ldap-account-manager/config.cfg
 chown www-data /var/lib/ldap-account-manager/sess
@@ -51,9 +54,14 @@ chown www-data /var/lib/ldap-account-manager/tmp/internal
 chmod 700 /var/lib/ldap-account-manager/tmp
 chown -R www-data /var/lib/ldap-account-manager/config
 chmod 700 /var/lib/ldap-account-manager/config
-if [ ! -f /var/lib/ldap-account-manager/config/lam.conf ]; \
+set +e
-   then cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf; \
+ls -l /var/lib/ldap-account-manager/config/*.conf &> /dev/null
-	chown www-data /var/lib/ldap-account-manager/config/lam.conf; fi
+cfgFilesExist=$?
+set -e
+if [ $cfgFilesExist -ne 0 ]; then
+  cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf
+	chown www-data /var/lib/ldap-account-manager/config/lam.conf
+fi
 chmod 600 /var/lib/ldap-account-manager/config/*.conf
 if [ "$1" = "configure" ]; then
     db_get "ldap-account-manager/alias"

lam-packaging/debian/preinst

@@ -14,3 +14,4 @@ for phpThirdPartyLib in $phpThirdPartyLibs; do
 	fi
 done
 
+#DEBHELPER#

lam-packaging/docker/.env

@@ -1,3 +1,9 @@
+#
+# LAM setup
+#
+# skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false)
+# If set to false the other variables below have no effect.
+LAM_SKIP_PRECONFIGURE=false
 # domain of LDAP database root entry, will be converted to dc=...,dc=...
 LDAP_DOMAIN=my-domain.com
 # LDAP base DN to overwrite value generated by LDAP_DOMAIN
@@ -6,13 +12,17 @@ LDAP_BASE_DN=dc=my-domain,dc=com
 LDAP_SERVER=ldap://ldap:389
 # LDAP admin user (set as login user for LAM)
 LDAP_USER=cn=admin,dc=my-domain,dc=com
-# LDAP admin password
+# default language, e.g. en_US, de_DE, fr_FR, ...
-LDAP_ADMIN_PASSWORD=adminpw
+LAM_LANG=en_US
-
 # LAM configuration master password and password for server profile "lam"
 LAM_PASSWORD=lam
 
-# docker-compose only, LDAP organisation name for OpenLDAP
+#
+# docker-compose only, LDAP server setup
+#
+# LDAP organisation name for OpenLDAP
 LDAP_ORGANISATION="LDAP Account Manager Demo"
-# docker-compose only, password for LDAP read-only user
+# LDAP admin password
+LDAP_ADMIN_PASSWORD=adminpw
+# password for LDAP read-only user
 LDAP_READONLY_USER_PASSWORD=readonlypw

lam-packaging/docker/start.sh

@@ -23,28 +23,33 @@
 set -eu # unset variables are errors & non-zero return values exit the whole script
 [ "$DEBUG" ] && set -x
 
-LAM_LANG="${LAM_LANG:-en_US}"
+LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}"
-export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
+if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
-LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
-LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
-LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
-LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
-LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
 
-sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
+  LAM_LANG="${LAM_LANG:-en_US}"
-	s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
+  export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
-EOF
+  LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
-unset LAM_PASSWORD
+  LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
+  LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
+  LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
+  LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
 
-sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
+  sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
-	s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
+    s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
-	s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
-	s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
-	s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
-	s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
-	s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
-	s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
 EOF
+  unset LAM_PASSWORD
+
+  sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
+    s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|;
+    s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
+    s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
+    s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
+    s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
+    s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
+    s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
+EOF
+
+fi
 
 echo "Starting Apache"
 rm -f /run/apache2/apache2.pid

lam/lib/modules/windowsHost.inc

@@ -66,7 +66,9 @@ class windowsHost extends baseModule {
 		// managed object classes
 		$return['objectClasses'] = array('computer', 'securityPrincipal');
 		// managed attributes
-		$return['attributes'] = array('cn', 'description', 'location', 'sAMAccountName', 'managedBy', 'operatingSystem', 'operatingSystemVersion', 'dNSHostName');
+		$return['attributes'] = array('cn', 'description', 'location', 'sAMAccountName', 'managedBy',
+			'operatingSystem', 'operatingSystemVersion', 'dNSHostName', 'pwdLastSet', 'lastLogonTimestamp',
+			'logonCount');
 		// help Entries
 		$return['help'] = array(
 			'cn' => array(
@@ -85,6 +87,18 @@ class windowsHost extends baseModule {
 				"Headline" => _('Managed by'), 'attr' => 'managedBy',
 				"Text" => _('The host is managed by this contact person.')
 			),
+			'pwdLastSet' => array(
+				"Headline" => _('Last password change'), 'attr' => 'pwdLastSet',
+				"Text" => _('Time of user\'s last password change.')
+			),
+			'lastLogonTimestamp' => array(
+				"Headline" => _('Last login'), 'attr' => 'lastLogonTimestamp',
+				"Text" => _('Time of user\'s last login.')
+			),
+			'logonCount' => array(
+				"Headline" => _('Logon count'), 'attr' => 'logonCount',
+				"Text" => _('This is the number of logins using this account.')
+			),
 		);
 		// upload fields
 		$return['upload_columns'] = array(
@@ -141,6 +155,33 @@ class windowsHost extends baseModule {
 		$this->addSimpleInputTextField($container, 'cn', _('Host name'), true);
 		$this->addSimpleInputTextField($container, 'description', _('Description'), false);
 		$this->addSimpleInputTextField($container, 'location', _('Location'), false);
+		// last password change
+		if (!empty($this->attributes['pwdLastSet'])) {
+			$container->addLabel(new htmlOutputText(_('Last password change')));
+			$pwdLastSetGroup = new htmlGroup();
+			$pwdLastSetGroup->addElement(new htmlOutputText($this->formatFileTime($this->attributes['pwdLastSet'][0])));
+			$pwdLastSetGroup->addElement(new htmlSpacer('0.5rem', null));
+			$pwdLastSetGroup->addElement(new htmlHelpLink('pwdLastSet'));
+			$container->addField($pwdLastSetGroup);
+		}
+		// last login
+		if (!empty($this->attributes['lastLogonTimestamp'])) {
+			$container->addLabel(new htmlOutputText(_('Last login')));
+			$lastLogonTimestampGroup = new htmlGroup();
+			$lastLogonTimestampGroup->addElement(new htmlOutputText($this->formatFileTime($this->attributes['lastLogonTimestamp'][0])));
+			$lastLogonTimestampGroup->addElement(new htmlSpacer('0.5rem', null));
+			$lastLogonTimestampGroup->addElement(new htmlHelpLink('lastLogonTimestamp'));
+			$container->addField($lastLogonTimestampGroup);
+		}
+		// logon count
+		if (!empty($this->attributes['logonCount'])) {
+			$container->addLabel(new htmlOutputText(_('Logon count')));
+			$logonCountGroup = new htmlGroup();
+			$logonCountGroup->addElement(new htmlOutputText($this->attributes['logonCount'][0]));
+			$logonCountGroup->addElement(new htmlSpacer('0.5rem', null));
+			$logonCountGroup->addElement(new htmlHelpLink('logonCount'));
+			$container->addField($logonCountGroup);
+		}
 		// managed by
 		$container->addLabel(new htmlOutputText(_('Managed by')));
 		$managedBy = '-';
@@ -296,6 +337,23 @@ class windowsHost extends baseModule {
 		return $return;
 	}
 
+	/**
+	 * Formats a value in file time (100 ns since 1601-01-01).
+	 *
+	 * @param integer $value time value
+	 * @return String formatted value
+	 */
+	private function formatFileTime($value) {
+		if (empty($value) || ($value == '-1')) {
+			return '';
+		}
+		$seconds = substr($value, 0, -7);
+		$time = new DateTime('1601-01-01', new DateTimeZone('UTC'));
+		$time->add(new DateInterval('PT' . $seconds . 'S'));
+		$time->setTimezone(getTimeZone());
+		return $time->format('Y-m-d H:i:s');
+	}
+
 }
 
 

lam/templates/config/index.php

@@ -45,6 +45,10 @@ printHeaderContents(_("Configuration overview"), '../..');
 ?>
 	</head>
 	<body class="admin">
+        <?php
+            // include all JavaScript files
+            printJsIncludes('../..');
+        ?>
 		<table class="lamTop ui-corner-all">
 			<tr>
 				<td align="left">