fixed password must be changed option

This commit is contained in:
Roland Gruber 2013-04-21 16:41:19 +00:00
parent c4ba99bbba
commit 2112eb82b0
1 changed files with 23 additions and 2 deletions

View File

@ -51,6 +51,8 @@ class windowsUser extends baseModule implements passwordService {
private $groupList_orig = array(); private $groupList_orig = array();
/** cache for groups */ /** cache for groups */
private $groupCache = null; private $groupCache = null;
/** option for forcing password change, used in postModifyActions */
private $pwdLastSet = null;
/** /**
@ -513,7 +515,7 @@ class windowsUser extends baseModule implements passwordService {
if (isset($this->attributes['pwdLastSet'][0]) && ($this->attributes['pwdLastSet'][0] === '0')) { if (isset($this->attributes['pwdLastSet'][0]) && ($this->attributes['pwdLastSet'][0] === '0')) {
$pwdMustChange = true; $pwdMustChange = true;
} }
$containerLeft->addElement(new htmlTableExtendedInputCheckbox('pwdMustChange', $pwdMustChange, _("User must change password"), 'pwdMustChange'), true); $containerLeft->addElement(new htmlTableExtendedInputCheckbox('forcePasswordChangeOption', $pwdMustChange, _("User must change password"), 'pwdMustChange'), true);
// deactivated // deactivated
$deactivated = windowsUser::isDeactivated($this->attributes); $deactivated = windowsUser::isDeactivated($this->attributes);
$containerLeft->addElement(new htmlTableExtendedInputCheckbox('deactivated', $deactivated, _("Account is deactivated"), 'deactivated'), true); $containerLeft->addElement(new htmlTableExtendedInputCheckbox('deactivated', $deactivated, _("Account is deactivated"), 'deactivated'), true);
@ -621,7 +623,7 @@ class windowsUser extends baseModule implements passwordService {
// web site // web site
$this->attributes['wWWHomePage'][0] = $_POST['wWWHomePage']; $this->attributes['wWWHomePage'][0] = $_POST['wWWHomePage'];
// password must be changed // password must be changed
if (isset($_POST['pwdMustChange']) && ($_POST['pwdMustChange'] == 'on')) { if (isset($_POST['forcePasswordChangeOption']) && ($_POST['forcePasswordChangeOption'] == 'on')) {
$this->attributes['pwdLastSet'][0] = '0'; $this->attributes['pwdLastSet'][0] = '0';
} }
else { else {
@ -632,6 +634,13 @@ class windowsUser extends baseModule implements passwordService {
$this->attributes['pwdLastSet'][0] = '-1'; $this->attributes['pwdLastSet'][0] = '-1';
} }
} }
// save pwdLastSet for postModifyActions
$this->pwdLastSet = null;
if (isset($this->attributes['pwdLastSet'][0])) {
if (!isset($this->orig['pwdLastSet'][0]) || ($this->orig['pwdLastSet'][0] != $this->attributes['pwdLastSet'][0])) {
$this->pwdLastSet = $this->attributes['pwdLastSet'][0];
}
}
// deactivated // deactivated
$deactivated = isset($_POST['deactivated']) && ($_POST['deactivated'] == 'on'); $deactivated = isset($_POST['deactivated']) && ($_POST['deactivated'] == 'on');
windowsUser::setIsDeactivated($deactivated); windowsUser::setIsDeactivated($deactivated);
@ -783,6 +792,15 @@ class windowsUser extends baseModule implements passwordService {
} }
} }
} }
// force password change if needed
if ($this->pwdLastSet != null) {
$attrs = array('pwdLastSet' => array($this->pwdLastSet));
$success = @ldap_modify($_SESSION['ldap']->server(), $this->getAccountContainer()->finalDN, $attrs);
if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to change pwdLastSet for ' . $this->getAccountContainer()->finalDN . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $this->getAccountContainer()->finalDN), ldap_error($_SESSION['ldap']->server()));
}
}
return $messages; return $messages;
} }
@ -1428,6 +1446,9 @@ class windowsUser extends baseModule implements passwordService {
$this->orig['unicodePwd'][0] = 'unknown'; $this->orig['unicodePwd'][0] = 'unknown';
$this->attributes['unicodePwd'][0] = $pwdBin; $this->attributes['unicodePwd'][0] = $pwdBin;
$this->attributes['pwdLastSet'][0] = '-1'; $this->attributes['pwdLastSet'][0] = '-1';
if ($forcePasswordChange) {
$this->attributes['pwdLastSet'][0] = '0';
}
return array(); return array();
} }