Merge branch 'develop' into webauthn

This commit is contained in:
Roland Gruber 2019-12-19 21:14:28 +01:00
commit 0ed0d17676
12 changed files with 11123 additions and 10817 deletions

View File

@ -36,12 +36,15 @@ files=`ls -a *.jpg`
for file in $files; do
cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
done
if [ ! -h /usr/share/ldap-account-manager/config ]; then\
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config; fi
if [ ! -h /usr/share/ldap-account-manager/sess ]; then\
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess; fi
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then\
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp; fi
if [ ! -h /usr/share/ldap-account-manager/config ]; then
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
fi
if [ ! -h /usr/share/ldap-account-manager/sess ]; then
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
fi
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
fi
chown www-data /etc/ldap-account-manager/config.cfg
chmod 600 /etc/ldap-account-manager/config.cfg
chown www-data /var/lib/ldap-account-manager/sess
@ -51,9 +54,14 @@ chown www-data /var/lib/ldap-account-manager/tmp/internal
chmod 700 /var/lib/ldap-account-manager/tmp
chown -R www-data /var/lib/ldap-account-manager/config
chmod 700 /var/lib/ldap-account-manager/config
if [ ! -f /var/lib/ldap-account-manager/config/lam.conf ]; \
then cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf; \
chown www-data /var/lib/ldap-account-manager/config/lam.conf; fi
set +e
ls -l /var/lib/ldap-account-manager/config/*.conf &> /dev/null
cfgFilesExist=$?
set -e
if [ $cfgFilesExist -ne 0 ]; then
cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf
chown www-data /var/lib/ldap-account-manager/config/lam.conf
fi
chmod 600 /var/lib/ldap-account-manager/config/*.conf
if [ "$1" = "configure" ]; then
db_get "ldap-account-manager/alias"

View File

@ -14,3 +14,4 @@ for phpThirdPartyLib in $phpThirdPartyLibs; do
fi
done
#DEBHELPER#

View File

@ -1,3 +1,9 @@
#
# LAM setup
#
# skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false)
# If set to false the other variables below have no effect.
LAM_SKIP_PRECONFIGURE=false
# domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_DOMAIN=my-domain.com
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
@ -6,13 +12,17 @@ LDAP_BASE_DN=dc=my-domain,dc=com
LDAP_SERVER=ldap://ldap:389
# LDAP admin user (set as login user for LAM)
LDAP_USER=cn=admin,dc=my-domain,dc=com
# LDAP admin password
LDAP_ADMIN_PASSWORD=adminpw
# default language, e.g. en_US, de_DE, fr_FR, ...
LAM_LANG=en_US
# LAM configuration master password and password for server profile "lam"
LAM_PASSWORD=lam
# docker-compose only, LDAP organisation name for OpenLDAP
#
# docker-compose only, LDAP server setup
#
# LDAP organisation name for OpenLDAP
LDAP_ORGANISATION="LDAP Account Manager Demo"
# docker-compose only, password for LDAP read-only user
# LDAP admin password
LDAP_ADMIN_PASSWORD=adminpw
# password for LDAP read-only user
LDAP_READONLY_USER_PASSWORD=readonlypw

View File

@ -23,21 +23,24 @@
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}"
if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
EOF
unset LAM_PASSWORD
unset LAM_PASSWORD
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|;
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
@ -46,6 +49,8 @@ sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
EOF
fi
echo "Starting Apache"
rm -f /run/apache2/apache2.pid
set +u

View File

@ -66,7 +66,9 @@ class windowsHost extends baseModule {
// managed object classes
$return['objectClasses'] = array('computer', 'securityPrincipal');
// managed attributes
$return['attributes'] = array('cn', 'description', 'location', 'sAMAccountName', 'managedBy', 'operatingSystem', 'operatingSystemVersion', 'dNSHostName');
$return['attributes'] = array('cn', 'description', 'location', 'sAMAccountName', 'managedBy',
'operatingSystem', 'operatingSystemVersion', 'dNSHostName', 'pwdLastSet', 'lastLogonTimestamp',
'logonCount');
// help Entries
$return['help'] = array(
'cn' => array(
@ -85,6 +87,18 @@ class windowsHost extends baseModule {
"Headline" => _('Managed by'), 'attr' => 'managedBy',
"Text" => _('The host is managed by this contact person.')
),
'pwdLastSet' => array(
"Headline" => _('Last password change'), 'attr' => 'pwdLastSet',
"Text" => _('Time of user\'s last password change.')
),
'lastLogonTimestamp' => array(
"Headline" => _('Last login'), 'attr' => 'lastLogonTimestamp',
"Text" => _('Time of user\'s last login.')
),
'logonCount' => array(
"Headline" => _('Logon count'), 'attr' => 'logonCount',
"Text" => _('This is the number of logins using this account.')
),
);
// upload fields
$return['upload_columns'] = array(
@ -141,6 +155,33 @@ class windowsHost extends baseModule {
$this->addSimpleInputTextField($container, 'cn', _('Host name'), true);
$this->addSimpleInputTextField($container, 'description', _('Description'), false);
$this->addSimpleInputTextField($container, 'location', _('Location'), false);
// last password change
if (!empty($this->attributes['pwdLastSet'])) {
$container->addLabel(new htmlOutputText(_('Last password change')));
$pwdLastSetGroup = new htmlGroup();
$pwdLastSetGroup->addElement(new htmlOutputText($this->formatFileTime($this->attributes['pwdLastSet'][0])));
$pwdLastSetGroup->addElement(new htmlSpacer('0.5rem', null));
$pwdLastSetGroup->addElement(new htmlHelpLink('pwdLastSet'));
$container->addField($pwdLastSetGroup);
}
// last login
if (!empty($this->attributes['lastLogonTimestamp'])) {
$container->addLabel(new htmlOutputText(_('Last login')));
$lastLogonTimestampGroup = new htmlGroup();
$lastLogonTimestampGroup->addElement(new htmlOutputText($this->formatFileTime($this->attributes['lastLogonTimestamp'][0])));
$lastLogonTimestampGroup->addElement(new htmlSpacer('0.5rem', null));
$lastLogonTimestampGroup->addElement(new htmlHelpLink('lastLogonTimestamp'));
$container->addField($lastLogonTimestampGroup);
}
// logon count
if (!empty($this->attributes['logonCount'])) {
$container->addLabel(new htmlOutputText(_('Logon count')));
$logonCountGroup = new htmlGroup();
$logonCountGroup->addElement(new htmlOutputText($this->attributes['logonCount'][0]));
$logonCountGroup->addElement(new htmlSpacer('0.5rem', null));
$logonCountGroup->addElement(new htmlHelpLink('logonCount'));
$container->addField($logonCountGroup);
}
// managed by
$container->addLabel(new htmlOutputText(_('Managed by')));
$managedBy = '-';
@ -296,6 +337,23 @@ class windowsHost extends baseModule {
return $return;
}
/**
* Formats a value in file time (100 ns since 1601-01-01).
*
* @param integer $value time value
* @return String formatted value
*/
private function formatFileTime($value) {
if (empty($value) || ($value == '-1')) {
return '';
}
$seconds = substr($value, 0, -7);
$time = new DateTime('1601-01-01', new DateTimeZone('UTC'));
$time->add(new DateInterval('PT' . $seconds . 'S'));
$time->setTimezone(getTimeZone());
return $time->format('Y-m-d H:i:s');
}
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -45,6 +45,10 @@ printHeaderContents(_("Configuration overview"), '../..');
?>
</head>
<body class="admin">
<?php
// include all JavaScript files
printJsIncludes('../..');
?>
<table class="lamTop ui-corner-all">
<tr>
<td align="left">