WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixed smaller bus. 

I hope password handling is now ok
This commit is contained in:
katagia 2004-10-12 13:34:00 +00:00
parent 1e87c10747
commit 3216280f16
7 changed files with 571 additions and 504 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/lib/account.inc
View File

@ -522,4 +522,5 @@ function get_preg($argument, $regexp) {
return false; return false;
} }
?> ?>

2
lam/lib/modules.inc
View File

@ -633,7 +633,7 @@ class accountContainer {
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n"; echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
echo "</head><body>\n"; echo "</head><body>\n";
echo "<form action=\"edit.php\" method=\"post\">\n"; echo "<form action=\"edit.php\" method=\"post\">\n";
// Display errir-messages // Display error-messages
if (is_array($result)) if (is_array($result))
foreach ($result as $result2) foreach ($result as $result2)
if (is_array($result2)) if (is_array($result2))

187
lam/lib/modules/posixAccount.inc
View File

@ -68,6 +68,7 @@ class posixAccount extends baseModule {
$this->messages['uidNumber'][3] = array('ERROR', _('ID-Number'), _('ID is already in use')); $this->messages['uidNumber'][3] = array('ERROR', _('ID-Number'), _('ID is already in use'));
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); $this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
$this->messages['userPassword'][3] = array('ERROR', _('Password'), _('You cannot use this password options at the same time.'));
$this->messages['uid'][0] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?')); $this->messages['uid'][0] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?'));
$this->messages['uid'][1] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.')); $this->messages['uid'][1] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
$this->messages['uid'][2] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !')); $this->messages['uid'][2] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
@ -233,8 +234,10 @@ class posixAccount extends baseModule {
// Variables // Variables
// Use a unix password? // Use a unix password?
var $userPassword_no; var $userPassword_nopassword;
// Lock account? // Use invalid password, '*', e.g. * for services
var $userPassword_invalid;
// Lock password
var $userPassword_lock; var $userPassword_lock;
/* These two variables keep an array of groups the /* These two variables keep an array of groups the
* user is also member of. * user is also member of.
@ -253,14 +256,14 @@ class posixAccount extends baseModule {
function userPassword($newpassword=false) { function userPassword($newpassword=false) {
if (is_string($newpassword)) { if (is_string($newpassword)) {
// Write new password // Write new password
$this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword)); if ($newpassword=='')
$this->attributes['userPassword'][0] = '';
else $this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
return 0; return 0;
} }
else { else {
if ($this->attributes['userPassword'][0]!='') { if ($this->attributes['userPassword'][0]!='') // Read existing password if set
// Read existing password if set
return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0])); return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0]));
}
else return ''; else return '';
} }
} }
@ -309,6 +312,7 @@ class posixAccount extends baseModule {
// get all additional groupmemberships // get all additional groupmemberships
$dn_groups = $_SESSION['cache']->get_cache('memberUid', 'posixGroup', 'group'); $dn_groups = $_SESSION['cache']->get_cache('memberUid', 'posixGroup', 'group');
if (is_array($dn_groups)) {
$DNs = array_keys($dn_groups); $DNs = array_keys($dn_groups);
foreach ($DNs as $DN) { foreach ($DNs as $DN) {
if (in_array($attr['uid'][0], $dn_groups[$DN])) { if (in_array($attr['uid'][0], $dn_groups[$DN])) {
@ -317,6 +321,9 @@ class posixAccount extends baseModule {
} }
$this->groups = sort ($this->groups); $this->groups = sort ($this->groups);
$this->groups_orig = $this->groups; $this->groups_orig = $this->groups;
}
// Delete password. We don't want to show an encrypted password because it makes no sense
$this->userPassword('');
return 0; return 0;
} }
@ -331,33 +338,34 @@ class posixAccount extends baseModule {
function save_attributes() { function save_attributes() {
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// unset password when needed
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword'])) if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']); unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']);
// Set unix password // Set unix password
if (count($this->orig['userPassword'])==0) { if (isset($this->orig['userPassword'][0])) {
// New user or no old password set if ($this->userPassword_nopassword) // use no password
if ($this->userPassword_no) {
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]); $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
} else if ($this->userPassword_invalid) // use '*' as password
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]); $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = '*';
} else if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->userPassword()!='') // set password if set
else { $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0] && $this->userPassword()!='' ) || $this->userPassword_no) { else if ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0])) // lock account if required
// Write new password
if ($this->userPassword_no) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
}
else { // No new password but old password
// (un)lock password
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'][0])) {
if ($this->userPassword_lock) {
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]); $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]);
else // password hasn't changed
$return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0];
} }
else { else {
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_enable($this->orig['userPassword'][0]); // New user or no old password set
} if ($this->userPassword_nopassword) // use no password
} $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
} else if ($this->userPassword_invalid) // use '*' as password
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = '*';
else if ($this->userPassword()!='') // set password if set
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
} }
// Remove primary group from additional groups // Remove primary group from additional groups
@ -441,6 +449,13 @@ class posixAccount extends baseModule {
/* Write variables into object and do some regexp checks /* Write variables into object and do some regexp checks
*/ */
function proccess_attributes($post, $profile=false) { function proccess_attributes($post, $profile=false) {
$this->attributes['homeDirectory'][0] = $post['homeDirectory'];
$this->attributes['loginShell'][0] = $post['loginShell'];
$this->attributes['gecos'][0] = $post['gecos'];
if ($post['createhomedir']) $this->createhomedir = true;
else $this->createhomedir = false;
if (!$profile) {
if ($this->orig['uid'][0]!='' && $post['uid']!=$this->attributes['uid'][0]) if ($this->orig['uid'][0]!='' && $post['uid']!=$this->attributes['uid'][0])
$errors['uid'][] = $this->messages['uid'][0]; $errors['uid'][] = $this->messages['uid'][0];
if ($this->orig['gidNumber'][0]!='' && $_SESSION['cache']->getgid($post['gidNumber'])!=$this->attributes['gidNumber'][0]) if ($this->orig['gidNumber'][0]!='' && $_SESSION['cache']->getgid($post['gidNumber'])!=$this->attributes['gidNumber'][0])
@ -449,37 +464,11 @@ class posixAccount extends baseModule {
$errors['uidNumber'][] = $this->dynamic_Message('uidNumber',0); $errors['uidNumber'][] = $this->dynamic_Message('uidNumber',0);
if (isset($post['homeDirectory']) && $this->orig['homeDirectory'][0]!='' && $post['homeDirectory']!=$this->attributes['homeDirectory'][0]) if (isset($post['homeDirectory']) && $this->orig['homeDirectory'][0]!='' && $post['homeDirectory']!=$this->attributes['homeDirectory'][0])
$errors['homeDirectory'][] = $this->dynamic_Message('homeDirectory',0); $errors['homeDirectory'][] = $this->dynamic_Message('homeDirectory',0);
// Load attributes // Load attributes
$this->attributes['uid'][0] = $post['uid']; $this->attributes['uid'][0] = $post['uid'];
$this->attributes['cn'][0] = $this->attributes['uid'][0]; $this->attributes['cn'][0] = $this->attributes['uid'][0];
$this->attributes['uidNumber'][0] = $post['uidNumber']; $this->attributes['uidNumber'][0] = $post['uidNumber'];
$this->attributes['gidNumber'][0] = $_SESSION['cache']->getgid($post['gidNumber']); $this->attributes['gidNumber'][0] = $_SESSION['cache']->getgid($post['gidNumber']);
$this->attributes['homeDirectory'][0] = $post['homeDirectory'];
$this->attributes['loginShell'][0] = $post['loginShell'];
$this->attributes['gecos'][0] = $post['gecos'];
if ($post['createhomedir']) $this->createhomedir = true;
else $this->createhomedir = false;
if ($post['userPassword_no']) $this->userPassword_no=true;
else $this->userPassword_no=false;
if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
if (!$profile) {
if ($post['genpass']) {
$this->userPassword(genpasswd());
$post['userPassword2'] = '';
}
else {
if (isset($post['userPassword'])) {
if ($post['userPassword'] != $post['userPassword2']) {
$errors['userPassword'][] = $this->messages['userPassword'][0];
}
else $this->userPassword($post['userPassword']);
if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->messages['userPassword'][1];
}
}
// Check if UID is valid. If none value was entered, the next useable value will be inserted // Check if UID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber // load min and may uidNumber
if ($_SESSION[$this->base]->type=='user') { if ($_SESSION[$this->base]->type=='user') {
@ -541,41 +530,72 @@ class posixAccount extends baseModule {
} }
} }
} }
}
if ($_SESSION[$this->base]->type=='user') { if ($_SESSION[$this->base]->type=='user') {
if (($this->attributes['uid'][0] != $post['uid']) && !get_preg($post['uid'], '!upper') && !$profile) if (($this->attributes['uid'][0] != $post['uid']) && !get_preg($post['uid'], '!upper'))
$errors['uid'][] = $this->messages['uid'][1]; $errors['uid'][] = $this->messages['uid'][1];
// Check if Homedir is valid if ( !get_preg($this->attributes['homeDirectory'][0], 'homeDirectory' ))
if (!$profile) { $errors['homeDirecotry'][] = $this->messages['homeDirectory'][0];
}
if (($post['userPassword_lock'] && $post['userPassword_invalid']) || ($post['userPassword_nopassword'] && $post['userPassword_invalid'])) {
// found invalid password parameter combination
$errors['userPassword'][] = $this->messages['userPassword'][3];
}
else {
if ($post['userPassword_nopassword']) {
$this->userPassword_nopassword=true;
$this->userPassword_invalid=false;
$this->userPassword('');
$post['userPassword2'] = '';
if ($post['userPassword_lock'])
$this->userPassword_lock=true;
else $this->userPassword_lock=false;
}
else {
$this->userPassword_nopassword=false;
if ($post['userPassword_invalid']) {
$this->userPassword_invalid=true;
$this->userPassword_lock=false;
$this->userPassword('');
$post['userPassword2'] = '';
}
else {
$this->userPassword_invalid=false;
if ($post['genpass']) $this->userPassword(genpasswd());
else {
if ($post['userPassword'] != $post['userPassword2'])
$errors['userPassword'][] = $this->messages['userPassword'][0];
else $this->userPassword($post['userPassword']);
if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->messages['userPassword'][1];
}
if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
}
}
if ($_SESSION[$this->base]->type=='user') {
$this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]); $this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
if ($this->attributes['uid'][0] != '') if ($this->attributes['uid'][0] != '')
$this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]); $this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]);
if ($this->attributes['homeDirectory'][0] != $post['homeDirectory']) $errors['homeDirecotry'][] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.')); if ($this->attributes['homeDirectory'][0] != $post['homeDirectory']) $errors['homeDirecotry'][] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
}
if ( !get_preg($this->attributes['homeDirectory'][0], 'homeDirectory' ))
$errors['homeDirecotry'][] = $this->messages['homeDirectory'][0];
// Check if Username contains only valid characters // Check if Username contains only valid characters
if ( !get_preg($this->attributes['uid'][0], 'username') && !$profile) if ( !get_preg($this->attributes['uid'][0], 'username') && !$profile)
$errors['uid'][] = $this->messages['uid'][2]; $errors['uid'][] = $this->messages['uid'][2];
} }
if ($_SESSION[$this->base]->type=='host') {
if ($_SESSION[$this->base]->type=='host' && !$profile) {
if (($this->attributes['uid'][0] != $post['uid']) && !get_preg($post['uid'], '!upper'))
$errors['uid'][] = $this->messages['uid'][3];
// Check if Hostname contains only valid characters // Check if Hostname contains only valid characters
if ( !get_preg($this->attributes['uid'][0], 'hostname')) if ( !get_preg($this->attributes['uid'][0], 'hostname'))
$errors['uid'][] = $this->messages['uid'][4]; $errors['uid'][] = $this->messages['uid'][4];
} }
// Create automatic useraccount with number if original user already exists // Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use // Reset name to original name if new name is in use
// Set username back to original name if new username is in use // Set username back to original name if new username is in use
if (!$profile) { if ($_SESSION['cache']->in_cache($this->attributes['uid'][0],'uid', '*') && ($this->orig['uid'][0]!=''))
if ($_SESSION['cache']->in_cache($this->attributes['uid'][0],'uid', '*')!=false && ($this->orig['uid'][0]!='')) {
$this->attributes['uid'][0] = $this->orig['uid'][0]; $this->attributes['uid'][0] = $this->orig['uid'][0];
}
// Change uid to a new uid until a free uid is found // Change uid to a new uid until a free uid is found
else while ($_SESSION['cache']->in_cache($this->attributes['uid'][0], 'uid', '*')) { else
while ($_SESSION['cache']->in_cache($this->attributes['uid'][0], 'uid', '*')) {
if ($_SESSION[$this->base]->type=='host') $this->attributes['uid'][0] = substr($this->attributes['uid'][0], 0, -1); if ($_SESSION[$this->base]->type=='host') $this->attributes['uid'][0] = substr($this->attributes['uid'][0], 0, -1);
// get last character of username // get last character of username
$lastchar = substr($this->attributes['uid'][0], strlen($this->attributes['uid'][0])-1, 1); $lastchar = substr($this->attributes['uid'][0], strlen($this->attributes['uid'][0])-1, 1);
@ -596,10 +616,9 @@ class posixAccount extends baseModule {
$i=strlen($this->attributes['uid'][0])-1; $i=strlen($this->attributes['uid'][0])-1;
$mark = false; $mark = false;
// Set $i to the last character which is a number in $account_new->general_username // Set $i to the last character which is a number in $account_new->general_username
while (!$mark) { while (!$mark)
if (ereg('^([0-9])+$',substr($this->attributes['uid'][0], $i, strlen($this->attributes['uid'][0])-$i))) $i--; if (ereg('^([0-9])+$',substr($this->attributes['uid'][0], $i, strlen($this->attributes['uid'][0])-$i))) $i--;
else $mark=true; else $mark=true;
}
// increase last number with one // increase last number with one
$firstchars = substr($this->attributes['uid'][0], 0, $i+1); $firstchars = substr($this->attributes['uid'][0], 0, $i+1);
$lastchars = substr($this->attributes['uid'][0], $i+1, strlen($this->attributes['uid'][0])-$i); $lastchars = substr($this->attributes['uid'][0], $i+1, strlen($this->attributes['uid'][0])-$i);
@ -609,19 +628,22 @@ class posixAccount extends baseModule {
} }
} }
// Show warning if lam has changed username // Show warning if lam has changed username
if ($this->attributes['uid'][0] != $post['uid']) {
if ($_SESSION[$this->base]->type=='user') if ($_SESSION[$this->base]->type=='user')
if ($this->attributes['uid'][0] != $post['uid']) {
$errors['uid'][] = $this->messages['uid'][5]; $errors['uid'][] = $this->messages['uid'][5];
}
if ($_SESSION[$this->base]->type=='host') if ($_SESSION[$this->base]->type=='host')
if ($this->attributes['uid'][0] != $post['uid']) {
$errors['uid'][] = $this->messages['uid'][6]; $errors['uid'][] = $this->messages['uid'][6];
} }
if (!get_preg($this->userPassword(), 'password')) if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->messages['userPassword'][1]; $errors['userPassword'][] = $this->messages['userPassword'][1];
} }
}
// Return error-messages // Return error-messages
if (is_array($errors)) return $errors; if (count($errors)!=0) {
$this->errors = $errors;
return $errors;
}
else $this->errors = array();
// Go to additional group page when no error did ocour and button was pressed // Go to additional group page when no error did ocour and button was pressed
if ($post['addgroup']) return 'group'; if ($post['addgroup']) return 'group';
return 0; return 0;
@ -657,8 +679,6 @@ class posixAccount extends baseModule {
$shelllist = getshells(); // list of all valid shells $shelllist = getshells(); // list of all valid shells
if (!$profile) { if (!$profile) {
if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword();
else if ($this->attributes['userPassword'][0] != '') $password=$post['userPassword'];
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Username").'*' ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Username").'*' ),
1 => array ( 'kind' => 'input', 'name' => 'uid', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['uid'][0]), 1 => array ( 'kind' => 'input', 'name' => 'uid', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['uid'][0]),
2 => array ('kind' => 'help', 'value' => 'uid')); 2 => array ('kind' => 'help', 'value' => 'uid'));
@ -690,17 +710,20 @@ class posixAccount extends baseModule {
2 => array ('kind' => 'help', 'value' => 'createhomedir')); 2 => array ('kind' => 'help', 'value' => 'createhomedir'));
} }
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password), 1 => array ( 'kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->userPassword()),
2 => array ( 'kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password'))); 2 => array ( 'kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password')));
if ($post['userPassword2']!='') $password2 = $post['userPassword2']; if ($post['userPassword2']!='') $password2 = $post['userPassword2'];
else $password2 = $password; else $password2 = $this->userPassword();
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2), 1 => array ( 'kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2),
2 => array ('kind' => 'help', 'value' => 'userPassword')); 2 => array ('kind' => 'help', 'value' => 'userPassword'));
} }
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Set no password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Set no password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_no', 'type' => 'checkbox', 'checked' => $this->userPassword_no), 1 => array ( 'kind' => 'input', 'name' => 'userPassword_nopassword', 'type' => 'checkbox', 'checked' => $this->userPassword_nopassword),
2 => array ('kind' => 'help', 'value' => 'userPassword_no')); 2 => array ('kind' => 'help', 'value' => 'userPassword_nopassword'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Invalid password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_invalid', 'type' => 'checkbox', 'checked' => $this->userPassword_invalid),
2 => array ('kind' => 'help', 'value' => 'userPassword_invalid'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Lock password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Lock password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock), 1 => array ( 'kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock),
2 => array ('kind' => 'help', 'value' => 'userPassword_lock')); 2 => array ('kind' => 'help', 'value' => 'userPassword_lock'));
@ -785,11 +808,11 @@ class posixAccount extends baseModule {
// do not set password // do not set password
$return[] = array(0 => array('kind' => 'text', 'text' => _('Set no password') . ": "), $return[] = array(0 => array('kind' => 'text', 'text' => _('Set no password') . ": "),
1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_no', 'type' => 'checkbox', 'checked' => false), 1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_no', 'type' => 'checkbox', 'checked' => false),
2 => array('kind' => 'help', 'value' => 'TODO', 'scope' => 'user')); 2 => array('kind' => 'help', 'value' => 'posixAccount_userPassword_no', 'scope' => 'user'));
// disable account // disable account
$return[] = array(0 => array('kind' => 'text', 'text' => _('Lock password') . ": "), $return[] = array(0 => array('kind' => 'text', 'text' => _('Lock password') . ": "),
1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_lock', 'type' => 'checkbox', 'checked' => false), 1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_lock', 'type' => 'checkbox', 'checked' => false),
2 => array('kind' => 'help', 'value' => 'TODO', 'scope' => 'user')); 2 => array('kind' => 'help', 'value' => 'posixAccount_userPassword_lock', 'scope' => 'user'));
} }
elseif ($this->scope == 'host') { elseif ($this->scope == 'host') {
$groups = $_SESSION['cache']->findgroups(); // list of all groupnames $groups = $_SESSION['cache']->findgroups(); // list of all groupnames

127
lam/lib/modules/posixGroup.inc
View File

@ -25,8 +25,10 @@ class posixGroup extends baseModule {
// Variables // Variables
// Use a unix password? // Use a unix password?
var $userPassword_no; var $userPassword_nopassword;
// Lock account? // Use invalid password, '*', e.g. * for services
var $userPassword_invalid;
// Lock password
var $userPassword_lock; var $userPassword_lock;
// change gids of users and hosts? // change gids of users and hosts?
var $changegids; var $changegids;
@ -120,8 +122,6 @@ class posixGroup extends baseModule {
* It will output a complete html-table * It will output a complete html-table
*/ */
function display_html_attributes($post) { function display_html_attributes($post) {
if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword();
else if ($this->attributes['userPassword'][0] != '') $password=$post['userPassword'];
if (!$profile) { if (!$profile) {
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Groupname").'*' ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Groupname").'*' ),
1 => array ( 'kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]), 1 => array ( 'kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]),
@ -138,23 +138,26 @@ class posixGroup extends baseModule {
1 => array ( 'kind' => 'input', 'name' => 'adduser', 'type' => 'submit', 'value' => _('Edit groups')), 1 => array ( 'kind' => 'input', 'name' => 'adduser', 'type' => 'submit', 'value' => _('Edit groups')),
2 => array ('kind' => 'help', 'value' => 'adduser')); 2 => array ('kind' => 'help', 'value' => 'adduser'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password), 1 => array ( 'kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->userPassword()),
2 => array ( 'kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password'))); 2 => array ( 'kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password')));
if ($post['userPassword2']!='') $password2 = $post['userPassword2']; if ($post['userPassword2']!='') $password2 = $post['userPassword2'];
else $password2 = $password; else $password2 = $this->userPassword();
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2), 1 => array ( 'kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2),
2 => array ('kind' => 'help', 'value' => 'userPassword')); 2 => array ('kind' => 'help', 'value' => 'userPassword'));
} }
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use no password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Set no password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_no', 'type' => 'checkbox', 'checked' => $this->userPassword_no), 1 => array ( 'kind' => 'input', 'name' => 'userPassword_nopassword', 'type' => 'checkbox', 'checked' => $this->userPassword_nopassword),
2 => array ('kind' => 'help', 'value' => 'userPassword_no')); 2 => array ('kind' => 'help', 'value' => 'userPassword_nopassword'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Invalid password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_invalid', 'type' => 'checkbox', 'checked' => $this->userPassword_invalid),
2 => array ('kind' => 'help', 'value' => 'userPassword_invalid'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Lock password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Lock password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock), 1 => array ( 'kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock),
2 => array ('kind' => 'help', 'value' => 'userPassword_lock')); 2 => array ('kind' => 'help', 'value' => 'userPassword_lock'));
if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='' && !$profile) { if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='' && !$profile) {
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Change GID number of users and hosts') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Change GID number of users and hosts') ),
1 => array ( 'kind' => 'input', 'name' => 'changegids', 'type' => 'checkbox', 'checked' => $this->changegids), 1 => array ( 'kind' => 'input', 'name' => 'changegids', 'type' => 'checkbox', 'checked' => $this->changegids, 'value' => true),
2 => array ('kind' => 'help', 'value' => 'changegids')); 2 => array ('kind' => 'help', 'value' => 'changegids'));
} }
return $return; return $return;
@ -398,6 +401,8 @@ class posixGroup extends baseModule {
*/ */
function load_attributes($attr) { function load_attributes($attr) {
$this->load_ldap_attributes($attr); $this->load_ldap_attributes($attr);
// Delete password. We don't want to show an encrypted password because it makes no sense
$this->userPassword('');
return 0; return 0;
} }
@ -407,6 +412,7 @@ class posixGroup extends baseModule {
function load_Messages() { function load_Messages() {
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); $this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
$this->messages['userPassword'][3] = array('ERROR', _('Password'), _('You cannot use this password options at the same time.'));
$this->messages['gidNumber'][0] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.')); $this->messages['gidNumber'][0] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.'));
$this->messages['gidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.')); $this->messages['gidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
$this->messages['gidNumber'][3] = array('ERROR', _('ID-Number'), _('No free ID-Number!')); $this->messages['gidNumber'][3] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
@ -452,29 +458,47 @@ class posixGroup extends baseModule {
/* Write variables into object and do some regexp checks /* Write variables into object and do some regexp checks
*/ */
function proccess_attributes($post, $profile=false) { function proccess_attributes($post, $profile=false) {
// Load attributes
$this->attributes['description'][0] = $post['description']; $this->attributes['description'][0] = $post['description'];
if ($post['userPassword_no']) $this->userPassword_no=true;
else $this->userPassword_no=false;
if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
If (!$profile) { If (!$profile) {
if ($post['changegids']) $this->changegids=true; if (($post['userPassword_lock'] && $post['userPassword_invalid']) || ($post['userPassword_nopassword'] && $post['userPassword_invalid'])) {
else $this->changegids=false; // found invalid password parameter combination
if ($post['genpass']) { $errors['userPassword'][] = $this->messages['userPassword'][3];
$this->userPassword(genpasswd()); }
else {
if ($post['userPassword_nopassword']) {
$this->userPassword_nopassword=true;
$this->userPassword_invalid=false;
$this->userPassword('');
$post['userPassword2'] = '';
if ($post['userPassword_lock'])
$this->userPassword_lock=true;
else $this->userPassword_lock=false;
}
else {
$this->userPassword_nopassword=false;
if ($post['userPassword_invalid']) {
$this->userPassword_invalid=true;
$this->userPassword_lock=false;
$this->userPassword('');
$post['userPassword2'] = ''; $post['userPassword2'] = '';
} }
else { else {
if (isset($post['userPassword'])) { $this->userPassword_invalid=false;
if ($post['userPassword'] != $post['userPassword2']) { if ($post['genpass']) $this->userPassword(genpasswd());
else {
if ($post['userPassword'] != $post['userPassword2'])
$errors['userPassword'][] = $this->messages['userPassword'][0]; $errors['userPassword'][] = $this->messages['userPassword'][0];
}
else $this->userPassword($post['userPassword']); else $this->userPassword($post['userPassword']);
if (!get_preg($this->userPassword(), 'password')) if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->messages['userPassword'][1]; $errors['userPassword'][] = $this->messages['userPassword'][1];
} }
if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
} }
}
if ($post['changegids']) $this->changegids=true;
else $this->changegids=false;
if ($this->attributes['gidNumber'][0]!=$post['gidNumber'] || ($this->errors['gidNumber'][0]='ERROR')) { if ($this->attributes['gidNumber'][0]!=$post['gidNumber'] || ($this->errors['gidNumber'][0]='ERROR')) {
// Check if GID is valid. If none value was entered, the next useable value will be inserted // Check if GID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber // load min and may uidNumber
@ -586,6 +610,7 @@ class posixGroup extends baseModule {
$errors['gidNumber'][] = $this->messages['gidNumber'][0]; $errors['gidNumber'][] = $this->messages['gidNumber'][0];
} }
} }
}
// Return error-messages // Return error-messages
if (count($errors)!=0) { if (count($errors)!=0) {
$this->errors = $errors; $this->errors = $errors;
@ -634,37 +659,35 @@ class posixGroup extends baseModule {
*/ */
function save_attributes() { function save_attributes() {
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// unset password when needed
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword'])) if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']); unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']);
// Set unix password // Set unix password
if (count($this->orig['userPassword'])==0) { if (isset($this->orig['userPassword'][0])) {
// New user or no old password set if ($this->userPassword_nopassword) // use no password
if ($this->userPassword_no) { $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); else if ($this->userPassword_invalid) // use '*' as password
} $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = '*';
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); else if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->userPassword()!='') // set password if set
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
else if ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0])) // lock account if required
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]);
else // password hasn't changed
$return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0];
} }
else { else {
if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0] && $this->userPassword()!='' ) || $this->userPassword_no) { // New user or no old password set
// Write new password if ($this->userPassword_nopassword) // use no password
if ($this->userPassword_no) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); else if ($this->userPassword_invalid) // use '*' as password
} $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = '*';
else { // No new password but old password else if ($this->userPassword()!='') // set password if set
// (un)lock password $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'][0])) {
// Split old password hash in {CRYPT} and password-hash
$i = 0;
while ($this->orig['userPassword'][0]{$i} != '}') $i++;
$passwd = substr($this->orig['userPassword'][0], $i+1 );
$crypt = substr($this->orig['userPassword'][0], 0, $i+1 );
// remove trailing ! from password hash
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
// Write new password
if ($this->userPassword_lock) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = "$crypt!$passwd";
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = "$crypt$passwd";
}
}
} }
// Remove primary group from users from memberUid // Remove primary group from users from memberUid
@ -749,14 +772,14 @@ class posixGroup extends baseModule {
function userPassword($newpassword=false) { function userPassword($newpassword=false) {
if (is_string($newpassword)) { if (is_string($newpassword)) {
// Write new password // Write new password
$this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword)); if ($newpassword=='')
$this->attributes['userPassword'][0] = '';
else $this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
return 0; return 0;
} }
else { else {
if ($this->attributes['userPassword'][0]!='') { if ($this->attributes['userPassword'][0]!='') // Read existing password if set
// Read existing password if set
return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0])); return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0]));
}
else return ''; else return '';
} }
} }

2
lam/lib/modules/sambaAccount.inc
View File

@ -492,7 +492,7 @@ class sambaAccount extends baseModule {
if ($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]) { if ($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]) {
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use unix password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use unix password') ),
1 => array ( 'kind' => 'input', 'name' => 'useunixpwd', 'type' => 'checkbox', 'checked' => $this->useunixpwd), 1 => array ( 'kind' => 'input', 'name' => 'useunixpwd', 'type' => 'checkbox', 'checked' => $this->useunixpwd, 'value' => true),
2 => array ('kind' => 'help', 'value' => 'useunixpwd')); 2 => array ('kind' => 'help', 'value' => 'useunixpwd'));
} }
$checked = false; $checked = false;

40
lam/lib/modules/sambaSamAccount.inc
View File

@ -126,7 +126,9 @@ class sambaSamAccount extends baseModule {
function sambaLMPassword($newpassword=false) { function sambaLMPassword($newpassword=false) {
if (is_string($newpassword)) { if (is_string($newpassword)) {
// Write new password // Write new password
$this->attributes['sambaLMPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword)); if ($newpassword=='')
$this->attributes['userPassword'][0] = '';
else $this->attributes['sambaLMPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
return 0; return 0;
} }
else { else {
@ -192,6 +194,8 @@ class sambaSamAccount extends baseModule {
*/ */
function load_attributes($attr) { function load_attributes($attr) {
$this->load_ldap_attributes($attr); $this->load_ldap_attributes($attr);
// Delete password. We don't want to show an encrypted password because it makes no sense
$this->sambaLMPassword('');
return 0; return 0;
} }
@ -227,17 +231,29 @@ class sambaSamAccount extends baseModule {
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// Set password
// unset password when needed
if (isset($return[$_SESSION[$this->base]->dn]['add']['sambaLMPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['sambaLMPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword'])) if (isset($return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword']); unset($return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['sambaLMPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['sambaLMPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['add']['sambaNTPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['sambaNTPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword'])) if (isset($return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword']); unset($return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['sambaNTPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['sambaNTPassword']);
if (!isset($this->orig['sambaLMPassword'][0])) { if (!isset($this->orig['sambaLMPassword'][0])) {
$return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword'][0] = lmPassword($this->sambaLMPassword()); // new account
$return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword'][0] = ntPassword($this->sambaLMPassword()); $return[$_SESSION[$this->base]->dn]['add']['sambaLMPassword'][0] = lmPassword($this->sambaLMPassword());
$return[$_SESSION[$this->base]->dn]['modify']['sambaPwdLastSet'][0] = time(); $return[$_SESSION[$this->base]->dn]['add']['sambaNTPassword'][0] = ntPassword($this->sambaLMPassword());
$return[$_SESSION[$this->base]->dn]['add']['sambaPwdLastSet'][0] = time();
} }
if ($this->sambaLMPassword()!='') { else
// edit existing account
if ($this->sambaLMPassword()!='' && $this->attributes['sambaLMPassword'][0] != $this->orig['sambaLMPassword'][0]) {
$return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword'][0] = lmPassword($this->sambaLMPassword()); $return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword'][0] = lmPassword($this->sambaLMPassword());
$return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword'][0] = ntPassword($this->sambaLMPassword()); $return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword'][0] = ntPassword($this->sambaLMPassword());
$return[$_SESSION[$this->base]->dn]['modify']['sambaPwdLastSet'][0] = time(); $return[$_SESSION[$this->base]->dn]['modify']['sambaPwdLastSet'][0] = time();
@ -443,16 +459,10 @@ class sambaSamAccount extends baseModule {
5 => array ( 'kind' => 'input', 'name' => 'sambaPwdMustChange_s', 'type' => 'hidden', 'value' => $mustchangedate['seconds']), 5 => array ( 'kind' => 'input', 'name' => 'sambaPwdMustChange_s', 'type' => 'hidden', 'value' => $mustchangedate['seconds']),
6 => array ( 'kind' => 'input', 'name' => 'sambaAcctFlagsU', 'type' => 'hidden', 'value' => 'true')); 6 => array ( 'kind' => 'input', 'name' => 'sambaAcctFlagsU', 'type' => 'hidden', 'value' => 'true'));
if (!$profile) { if (!$profile) {
if ($this->attributes['sambaLMPassword'][0] != $this->orig['sambaLMPassword'][0]) $password=$this->sambaLMPassword();
else if ($this->attributes['sambaLMPassword'][0] != '') $password=$post['sambaLMPassword'];
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Samba password') ),
1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password));
if ($post['sambaLMPassword2']!='') $password2 = $post['sambaLMPassword2']; if ($post['sambaLMPassword2']!='') $password2 = $post['sambaLMPassword2'];
else $password2 = $password; else $password2 = $this->sambaLMPassword();
if ($this->useunixpwd) { $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Samba password') ),
$password = $_SESSION[$this->base]->module['posixAccount']->userPassword(); 1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->sambaLMPassword()));
$password2 = $password;
}
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ),
1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2), 1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2),
2 => array ('kind' => 'help', 'value' => 'sambaLMPassword')); 2 => array ('kind' => 'help', 'value' => 'sambaLMPassword'));

18
lam/lib/modules/shadowAccount.inc
View File

@ -176,6 +176,12 @@ class shadowAccount extends baseModule {
* $attr is an array as it's retured from ldap_get_attributes * $attr is an array as it's retured from ldap_get_attributes
*/ */
function load_attributes($attr) { function load_attributes($attr) {
/* unset userPassword because:
* it is used by posixAccount
* it is a special attribute and stores encrypted in session
*/
unset($this->attributes['userPassword']);
unset($this->orig['userPassword']);
$this->load_ldap_attributes($attr); $this->load_ldap_attributes($attr);
return 0; return 0;
} }
@ -192,8 +198,12 @@ class shadowAccount extends baseModule {
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// Set shadowLastchange manual. // Set shadowLastchange manual.
if (($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0] && $_SESSION[$this->base]->module['posixAccount']->userPassword()!='') || $_SESSION[$this->base]->module['posixAccount']->userPassword_no) if (isset($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0])) {
// TODO fixme ****** fix this behavoir
if ($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0] && $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]!='')
$return[$_SESSION[$this->base]->dn]['modify']['shadowLastChange'] = array(intval(time()/3600/24)); $return[$_SESSION[$this->base]->dn]['modify']['shadowLastChange'] = array(intval(time()/3600/24));
}
return $return; return $return;
} }
@ -247,11 +257,11 @@ class shadowAccount extends baseModule {
for ( $i=2003; $i<=2030; $i++ ) $year[] = $i; for ( $i=2003; $i<=2030; $i++ ) $year[] = $i;
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Expire day') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Expire day') ),
1 => array ( 'kind' => 'table', 'value' => array ( 0 => array ( 0 => array ( 'kind' => 'select', 'name' => 'shadowExpire_day', 1 => array ( 'kind' => 'table', 'value' => array ( 0 => array ( 0 => array ( 'kind' => 'select', 'name' => 'shadowExpire_day',
'options' => $mday, 'options_selectd' => $date['mday']), 'options' => $mday, 'options_selected' => $date['mday']),
1 => array ( 'kind' => 'select', 'name' => 'shadowExpire_mon', 1 => array ( 'kind' => 'select', 'name' => 'shadowExpire_mon',
'options' => $mon, 'options_selectd' => $date['mon']), 'options' => $mon, 'options_selected' => $date['mon']),
2 => array ( 'kind' => 'select', 'name' => 'shadowExpire_yea', 2 => array ( 'kind' => 'select', 'name' => 'shadowExpire_yea',
'options' => $year, 'options_selectd' => $date['year'])))), 'options' => $year, 'options_selected' => $date['year'])))),
2 => array ( 'kind' => 'help', 'value' => 'shadowExpire' )); 2 => array ( 'kind' => 'help', 'value' => 'shadowExpire' ));
return $return; return $return;