WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixed smaller bus. 

I hope password handling is now ok
This commit is contained in:
katagia 2004-10-12 13:34:00 +00:00
parent 1e87c10747
commit 3216280f16
7 changed files with 571 additions and 504 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/lib/account.inc
View File

@ -522,4 +522,5 @@ function get_preg($argument, $regexp) {
return false; return false;
} }
?> ?>

2
lam/lib/modules.inc
View File

@ -633,7 +633,7 @@ class accountContainer {
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n"; echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
echo "</head><body>\n"; echo "</head><body>\n";
echo "<form action=\"edit.php\" method=\"post\">\n"; echo "<form action=\"edit.php\" method=\"post\">\n";
// Display errir-messages // Display error-messages
if (is_array($result)) if (is_array($result))
foreach ($result as $result2) foreach ($result as $result2)
if (is_array($result2)) if (is_array($result2))

213
lam/lib/modules/posixAccount.inc
View File

@ -2,22 +2,22 @@
/* /*
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam) This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 Tilo Lutz Copyright (C) 2003 Tilo Lutz
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or the Free Software Foundation; either version 2 of the License, or
(at your option) any later version. (at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
class posixAccount extends baseModule { class posixAccount extends baseModule {
@ -68,6 +68,7 @@ class posixAccount extends baseModule {
$this->messages['uidNumber'][3] = array('ERROR', _('ID-Number'), _('ID is already in use')); $this->messages['uidNumber'][3] = array('ERROR', _('ID-Number'), _('ID is already in use'));
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); $this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
$this->messages['userPassword'][3] = array('ERROR', _('Password'), _('You cannot use this password options at the same time.'));
$this->messages['uid'][0] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?')); $this->messages['uid'][0] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?'));
$this->messages['uid'][1] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.')); $this->messages['uid'][1] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
$this->messages['uid'][2] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !')); $this->messages['uid'][2] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
@ -233,8 +234,10 @@ class posixAccount extends baseModule {
// Variables // Variables
// Use a unix password? // Use a unix password?
var $userPassword_no; var $userPassword_nopassword;
// Lock account? // Use invalid password, '*', e.g. * for services
var $userPassword_invalid;
// Lock password
var $userPassword_lock; var $userPassword_lock;
/* These two variables keep an array of groups the /* These two variables keep an array of groups the
* user is also member of. * user is also member of.
@ -253,14 +256,14 @@ class posixAccount extends baseModule {
function userPassword($newpassword=false) { function userPassword($newpassword=false) {
if (is_string($newpassword)) { if (is_string($newpassword)) {
// Write new password // Write new password
$this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword)); if ($newpassword=='')
$this->attributes['userPassword'][0] = '';
else $this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
return 0; return 0;
} }
else { else {
if ($this->attributes['userPassword'][0]!='') { if ($this->attributes['userPassword'][0]!='') // Read existing password if set
// Read existing password if set
return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0])); return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0]));
}
else return ''; else return '';
} }
} }
@ -309,6 +312,7 @@ class posixAccount extends baseModule {
// get all additional groupmemberships // get all additional groupmemberships
$dn_groups = $_SESSION['cache']->get_cache('memberUid', 'posixGroup', 'group'); $dn_groups = $_SESSION['cache']->get_cache('memberUid', 'posixGroup', 'group');
if (is_array($dn_groups)) {
$DNs = array_keys($dn_groups); $DNs = array_keys($dn_groups);
foreach ($DNs as $DN) { foreach ($DNs as $DN) {
if (in_array($attr['uid'][0], $dn_groups[$DN])) { if (in_array($attr['uid'][0], $dn_groups[$DN])) {
@ -317,6 +321,9 @@ class posixAccount extends baseModule {
} }
$this->groups = sort ($this->groups); $this->groups = sort ($this->groups);
$this->groups_orig = $this->groups; $this->groups_orig = $this->groups;
}
// Delete password. We don't want to show an encrypted password because it makes no sense
$this->userPassword('');
return 0; return 0;
} }
@ -331,33 +338,34 @@ class posixAccount extends baseModule {
function save_attributes() { function save_attributes() {
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// unset password when needed
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword'])) if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']); unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']);
// Set unix password // Set unix password
if (count($this->orig['userPassword'])==0) { if (isset($this->orig['userPassword'][0])) {
// New user or no old password set if ($this->userPassword_nopassword) // use no password
if ($this->userPassword_no) {
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]); $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
} else if ($this->userPassword_invalid) // use '*' as password
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]); $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = '*';
} else if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->userPassword()!='') // set password if set
else { $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0] && $this->userPassword()!='' ) || $this->userPassword_no) { else if ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0])) // lock account if required
// Write new password
if ($this->userPassword_no) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
}
else { // No new password but old password
// (un)lock password
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'][0])) {
if ($this->userPassword_lock) {
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]); $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]);
else // password hasn't changed
$return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0];
} }
else { else {
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_enable($this->orig['userPassword'][0]); // New user or no old password set
} if ($this->userPassword_nopassword) // use no password
} $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
} else if ($this->userPassword_invalid) // use '*' as password
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = '*';
else if ($this->userPassword()!='') // set password if set
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
} }
// Remove primary group from additional groups // Remove primary group from additional groups
@ -441,6 +449,13 @@ class posixAccount extends baseModule {
/* Write variables into object and do some regexp checks /* Write variables into object and do some regexp checks
*/ */
function proccess_attributes($post, $profile=false) { function proccess_attributes($post, $profile=false) {
$this->attributes['homeDirectory'][0] = $post['homeDirectory'];
$this->attributes['loginShell'][0] = $post['loginShell'];
$this->attributes['gecos'][0] = $post['gecos'];
if ($post['createhomedir']) $this->createhomedir = true;
else $this->createhomedir = false;
if (!$profile) {
if ($this->orig['uid'][0]!='' && $post['uid']!=$this->attributes['uid'][0]) if ($this->orig['uid'][0]!='' && $post['uid']!=$this->attributes['uid'][0])
$errors['uid'][] = $this->messages['uid'][0]; $errors['uid'][] = $this->messages['uid'][0];
if ($this->orig['gidNumber'][0]!='' && $_SESSION['cache']->getgid($post['gidNumber'])!=$this->attributes['gidNumber'][0]) if ($this->orig['gidNumber'][0]!='' && $_SESSION['cache']->getgid($post['gidNumber'])!=$this->attributes['gidNumber'][0])
@ -449,37 +464,11 @@ class posixAccount extends baseModule {
$errors['uidNumber'][] = $this->dynamic_Message('uidNumber',0); $errors['uidNumber'][] = $this->dynamic_Message('uidNumber',0);
if (isset($post['homeDirectory']) && $this->orig['homeDirectory'][0]!='' && $post['homeDirectory']!=$this->attributes['homeDirectory'][0]) if (isset($post['homeDirectory']) && $this->orig['homeDirectory'][0]!='' && $post['homeDirectory']!=$this->attributes['homeDirectory'][0])
$errors['homeDirectory'][] = $this->dynamic_Message('homeDirectory',0); $errors['homeDirectory'][] = $this->dynamic_Message('homeDirectory',0);
// Load attributes // Load attributes
$this->attributes['uid'][0] = $post['uid']; $this->attributes['uid'][0] = $post['uid'];
$this->attributes['cn'][0] = $this->attributes['uid'][0]; $this->attributes['cn'][0] = $this->attributes['uid'][0];
$this->attributes['uidNumber'][0] = $post['uidNumber']; $this->attributes['uidNumber'][0] = $post['uidNumber'];
$this->attributes['gidNumber'][0] = $_SESSION['cache']->getgid($post['gidNumber']); $this->attributes['gidNumber'][0] = $_SESSION['cache']->getgid($post['gidNumber']);
$this->attributes['homeDirectory'][0] = $post['homeDirectory'];
$this->attributes['loginShell'][0] = $post['loginShell'];
$this->attributes['gecos'][0] = $post['gecos'];
if ($post['createhomedir']) $this->createhomedir = true;
else $this->createhomedir = false;
if ($post['userPassword_no']) $this->userPassword_no=true;
else $this->userPassword_no=false;
if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
if (!$profile) {
if ($post['genpass']) {
$this->userPassword(genpasswd());
$post['userPassword2'] = '';
}
else {
if (isset($post['userPassword'])) {
if ($post['userPassword'] != $post['userPassword2']) {
$errors['userPassword'][] = $this->messages['userPassword'][0];
}
else $this->userPassword($post['userPassword']);
if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->messages['userPassword'][1];
}
}
// Check if UID is valid. If none value was entered, the next useable value will be inserted // Check if UID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber // load min and may uidNumber
if ($_SESSION[$this->base]->type=='user') { if ($_SESSION[$this->base]->type=='user') {
@ -541,41 +530,72 @@ class posixAccount extends baseModule {
} }
} }
} }
}
if ($_SESSION[$this->base]->type=='user') { if ($_SESSION[$this->base]->type=='user') {
if (($this->attributes['uid'][0] != $post['uid']) && !get_preg($post['uid'], '!upper') && !$profile) if (($this->attributes['uid'][0] != $post['uid']) && !get_preg($post['uid'], '!upper'))
$errors['uid'][] = $this->messages['uid'][1]; $errors['uid'][] = $this->messages['uid'][1];
// Check if Homedir is valid if ( !get_preg($this->attributes['homeDirectory'][0], 'homeDirectory' ))
if (!$profile) { $errors['homeDirecotry'][] = $this->messages['homeDirectory'][0];
}
if (($post['userPassword_lock'] && $post['userPassword_invalid']) || ($post['userPassword_nopassword'] && $post['userPassword_invalid'])) {
// found invalid password parameter combination
$errors['userPassword'][] = $this->messages['userPassword'][3];
}
else {
if ($post['userPassword_nopassword']) {
$this->userPassword_nopassword=true;
$this->userPassword_invalid=false;
$this->userPassword('');
$post['userPassword2'] = '';
if ($post['userPassword_lock'])
$this->userPassword_lock=true;
else $this->userPassword_lock=false;
}
else {
$this->userPassword_nopassword=false;
if ($post['userPassword_invalid']) {
$this->userPassword_invalid=true;
$this->userPassword_lock=false;
$this->userPassword('');
$post['userPassword2'] = '';
}
else {
$this->userPassword_invalid=false;
if ($post['genpass']) $this->userPassword(genpasswd());
else {
if ($post['userPassword'] != $post['userPassword2'])
$errors['userPassword'][] = $this->messages['userPassword'][0];
else $this->userPassword($post['userPassword']);
if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->messages['userPassword'][1];
}
if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
}
}
if ($_SESSION[$this->base]->type=='user') {
$this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]); $this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
if ($this->attributes['uid'][0] != '') if ($this->attributes['uid'][0] != '')
$this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]); $this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]);
if ($this->attributes['homeDirectory'][0] != $post['homeDirectory']) $errors['homeDirecotry'][] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.')); if ($this->attributes['homeDirectory'][0] != $post['homeDirectory']) $errors['homeDirecotry'][] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
}
if ( !get_preg($this->attributes['homeDirectory'][0], 'homeDirectory' ))
$errors['homeDirecotry'][] = $this->messages['homeDirectory'][0];
// Check if Username contains only valid characters // Check if Username contains only valid characters
if ( !get_preg($this->attributes['uid'][0], 'username') && !$profile) if ( !get_preg($this->attributes['uid'][0], 'username') && !$profile)
$errors['uid'][] = $this->messages['uid'][2]; $errors['uid'][] = $this->messages['uid'][2];
} }
if ($_SESSION[$this->base]->type=='host') {
if ($_SESSION[$this->base]->type=='host' && !$profile) {
if (($this->attributes['uid'][0] != $post['uid']) && !get_preg($post['uid'], '!upper'))
$errors['uid'][] = $this->messages['uid'][3];
// Check if Hostname contains only valid characters // Check if Hostname contains only valid characters
if ( !get_preg($this->attributes['uid'][0], 'hostname')) if ( !get_preg($this->attributes['uid'][0], 'hostname'))
$errors['uid'][] = $this->messages['uid'][4]; $errors['uid'][] = $this->messages['uid'][4];
} }
// Create automatic useraccount with number if original user already exists // Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use // Reset name to original name if new name is in use
// Set username back to original name if new username is in use // Set username back to original name if new username is in use
if (!$profile) { if ($_SESSION['cache']->in_cache($this->attributes['uid'][0],'uid', '*') && ($this->orig['uid'][0]!=''))
if ($_SESSION['cache']->in_cache($this->attributes['uid'][0],'uid', '*')!=false && ($this->orig['uid'][0]!='')) {
$this->attributes['uid'][0] = $this->orig['uid'][0]; $this->attributes['uid'][0] = $this->orig['uid'][0];
}
// Change uid to a new uid until a free uid is found // Change uid to a new uid until a free uid is found
else while ($_SESSION['cache']->in_cache($this->attributes['uid'][0], 'uid', '*')) { else
while ($_SESSION['cache']->in_cache($this->attributes['uid'][0], 'uid', '*')) {
if ($_SESSION[$this->base]->type=='host') $this->attributes['uid'][0] = substr($this->attributes['uid'][0], 0, -1); if ($_SESSION[$this->base]->type=='host') $this->attributes['uid'][0] = substr($this->attributes['uid'][0], 0, -1);
// get last character of username // get last character of username
$lastchar = substr($this->attributes['uid'][0], strlen($this->attributes['uid'][0])-1, 1); $lastchar = substr($this->attributes['uid'][0], strlen($this->attributes['uid'][0])-1, 1);
@ -596,10 +616,9 @@ class posixAccount extends baseModule {
$i=strlen($this->attributes['uid'][0])-1; $i=strlen($this->attributes['uid'][0])-1;
$mark = false; $mark = false;
// Set $i to the last character which is a number in $account_new->general_username // Set $i to the last character which is a number in $account_new->general_username
while (!$mark) { while (!$mark)
if (ereg('^([0-9])+$',substr($this->attributes['uid'][0], $i, strlen($this->attributes['uid'][0])-$i))) $i--; if (ereg('^([0-9])+$',substr($this->attributes['uid'][0], $i, strlen($this->attributes['uid'][0])-$i))) $i--;
else $mark=true; else $mark=true;
}
// increase last number with one // increase last number with one
$firstchars = substr($this->attributes['uid'][0], 0, $i+1); $firstchars = substr($this->attributes['uid'][0], 0, $i+1);
$lastchars = substr($this->attributes['uid'][0], $i+1, strlen($this->attributes['uid'][0])-$i); $lastchars = substr($this->attributes['uid'][0], $i+1, strlen($this->attributes['uid'][0])-$i);
@ -609,19 +628,22 @@ class posixAccount extends baseModule {
} }
} }
// Show warning if lam has changed username // Show warning if lam has changed username
if ($this->attributes['uid'][0] != $post['uid']) {
if ($_SESSION[$this->base]->type=='user') if ($_SESSION[$this->base]->type=='user')
if ($this->attributes['uid'][0] != $post['uid']) {
$errors['uid'][] = $this->messages['uid'][5]; $errors['uid'][] = $this->messages['uid'][5];
}
if ($_SESSION[$this->base]->type=='host') if ($_SESSION[$this->base]->type=='host')
if ($this->attributes['uid'][0] != $post['uid']) {
$errors['uid'][] = $this->messages['uid'][6]; $errors['uid'][] = $this->messages['uid'][6];
} }
if (!get_preg($this->userPassword(), 'password')) if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->messages['userPassword'][1]; $errors['userPassword'][] = $this->messages['userPassword'][1];
} }
}
// Return error-messages // Return error-messages
if (is_array($errors)) return $errors; if (count($errors)!=0) {
$this->errors = $errors;
return $errors;
}
else $this->errors = array();
// Go to additional group page when no error did ocour and button was pressed // Go to additional group page when no error did ocour and button was pressed
if ($post['addgroup']) return 'group'; if ($post['addgroup']) return 'group';
return 0; return 0;
@ -657,8 +679,6 @@ class posixAccount extends baseModule {
$shelllist = getshells(); // list of all valid shells $shelllist = getshells(); // list of all valid shells
if (!$profile) { if (!$profile) {
if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword();
else if ($this->attributes['userPassword'][0] != '') $password=$post['userPassword'];
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Username").'*' ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Username").'*' ),
1 => array ( 'kind' => 'input', 'name' => 'uid', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['uid'][0]), 1 => array ( 'kind' => 'input', 'name' => 'uid', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['uid'][0]),
2 => array ('kind' => 'help', 'value' => 'uid')); 2 => array ('kind' => 'help', 'value' => 'uid'));
@ -690,17 +710,20 @@ class posixAccount extends baseModule {
2 => array ('kind' => 'help', 'value' => 'createhomedir')); 2 => array ('kind' => 'help', 'value' => 'createhomedir'));
} }
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password), 1 => array ( 'kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->userPassword()),
2 => array ( 'kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password'))); 2 => array ( 'kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password')));
if ($post['userPassword2']!='') $password2 = $post['userPassword2']; if ($post['userPassword2']!='') $password2 = $post['userPassword2'];
else $password2 = $password; else $password2 = $this->userPassword();
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2), 1 => array ( 'kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2),
2 => array ('kind' => 'help', 'value' => 'userPassword')); 2 => array ('kind' => 'help', 'value' => 'userPassword'));
} }
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Set no password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Set no password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_no', 'type' => 'checkbox', 'checked' => $this->userPassword_no), 1 => array ( 'kind' => 'input', 'name' => 'userPassword_nopassword', 'type' => 'checkbox', 'checked' => $this->userPassword_nopassword),
2 => array ('kind' => 'help', 'value' => 'userPassword_no')); 2 => array ('kind' => 'help', 'value' => 'userPassword_nopassword'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Invalid password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_invalid', 'type' => 'checkbox', 'checked' => $this->userPassword_invalid),
2 => array ('kind' => 'help', 'value' => 'userPassword_invalid'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Lock password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Lock password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock), 1 => array ( 'kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock),
2 => array ('kind' => 'help', 'value' => 'userPassword_lock')); 2 => array ('kind' => 'help', 'value' => 'userPassword_lock'));
@ -785,11 +808,11 @@ class posixAccount extends baseModule {
// do not set password // do not set password
$return[] = array(0 => array('kind' => 'text', 'text' => _('Set no password') . ": "), $return[] = array(0 => array('kind' => 'text', 'text' => _('Set no password') . ": "),
1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_no', 'type' => 'checkbox', 'checked' => false), 1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_no', 'type' => 'checkbox', 'checked' => false),
2 => array('kind' => 'help', 'value' => 'TODO', 'scope' => 'user')); 2 => array('kind' => 'help', 'value' => 'posixAccount_userPassword_no', 'scope' => 'user'));
// disable account // disable account
$return[] = array(0 => array('kind' => 'text', 'text' => _('Lock password') . ": "), $return[] = array(0 => array('kind' => 'text', 'text' => _('Lock password') . ": "),
1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_lock', 'type' => 'checkbox', 'checked' => false), 1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_lock', 'type' => 'checkbox', 'checked' => false),
2 => array('kind' => 'help', 'value' => 'TODO', 'scope' => 'user')); 2 => array('kind' => 'help', 'value' => 'posixAccount_userPassword_lock', 'scope' => 'user'));
} }
elseif ($this->scope == 'host') { elseif ($this->scope == 'host') {
$groups = $_SESSION['cache']->findgroups(); // list of all groupnames $groups = $_SESSION['cache']->findgroups(); // list of all groupnames

127
lam/lib/modules/posixGroup.inc
View File

@ -25,8 +25,10 @@ class posixGroup extends baseModule {
// Variables // Variables
// Use a unix password? // Use a unix password?
var $userPassword_no; var $userPassword_nopassword;
// Lock account? // Use invalid password, '*', e.g. * for services
var $userPassword_invalid;
// Lock password
var $userPassword_lock; var $userPassword_lock;
// change gids of users and hosts? // change gids of users and hosts?
var $changegids; var $changegids;
@ -120,8 +122,6 @@ class posixGroup extends baseModule {
* It will output a complete html-table * It will output a complete html-table
*/ */
function display_html_attributes($post) { function display_html_attributes($post) {
if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword();
else if ($this->attributes['userPassword'][0] != '') $password=$post['userPassword'];
if (!$profile) { if (!$profile) {
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Groupname").'*' ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Groupname").'*' ),
1 => array ( 'kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]), 1 => array ( 'kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]),
@ -138,23 +138,26 @@ class posixGroup extends baseModule {
1 => array ( 'kind' => 'input', 'name' => 'adduser', 'type' => 'submit', 'value' => _('Edit groups')), 1 => array ( 'kind' => 'input', 'name' => 'adduser', 'type' => 'submit', 'value' => _('Edit groups')),
2 => array ('kind' => 'help', 'value' => 'adduser')); 2 => array ('kind' => 'help', 'value' => 'adduser'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password), 1 => array ( 'kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->userPassword()),
2 => array ( 'kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password'))); 2 => array ( 'kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password')));
if ($post['userPassword2']!='') $password2 = $post['userPassword2']; if ($post['userPassword2']!='') $password2 = $post['userPassword2'];
else $password2 = $password; else $password2 = $this->userPassword();
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2), 1 => array ( 'kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2),
2 => array ('kind' => 'help', 'value' => 'userPassword')); 2 => array ('kind' => 'help', 'value' => 'userPassword'));
} }
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use no password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Set no password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_no', 'type' => 'checkbox', 'checked' => $this->userPassword_no), 1 => array ( 'kind' => 'input', 'name' => 'userPassword_nopassword', 'type' => 'checkbox', 'checked' => $this->userPassword_nopassword),
2 => array ('kind' => 'help', 'value' => 'userPassword_no')); 2 => array ('kind' => 'help', 'value' => 'userPassword_nopassword'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Invalid password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_invalid', 'type' => 'checkbox', 'checked' => $this->userPassword_invalid),
2 => array ('kind' => 'help', 'value' => 'userPassword_invalid'));
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Lock password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Lock password') ),
1 => array ( 'kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock), 1 => array ( 'kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock),
2 => array ('kind' => 'help', 'value' => 'userPassword_lock')); 2 => array ('kind' => 'help', 'value' => 'userPassword_lock'));
if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='' && !$profile) { if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='' && !$profile) {
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Change GID number of users and hosts') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Change GID number of users and hosts') ),
1 => array ( 'kind' => 'input', 'name' => 'changegids', 'type' => 'checkbox', 'checked' => $this->changegids), 1 => array ( 'kind' => 'input', 'name' => 'changegids', 'type' => 'checkbox', 'checked' => $this->changegids, 'value' => true),
2 => array ('kind' => 'help', 'value' => 'changegids')); 2 => array ('kind' => 'help', 'value' => 'changegids'));
} }
return $return; return $return;
@ -398,6 +401,8 @@ class posixGroup extends baseModule {
*/ */
function load_attributes($attr) { function load_attributes($attr) {
$this->load_ldap_attributes($attr); $this->load_ldap_attributes($attr);
// Delete password. We don't want to show an encrypted password because it makes no sense
$this->userPassword('');
return 0; return 0;
} }
@ -407,6 +412,7 @@ class posixGroup extends baseModule {
function load_Messages() { function load_Messages() {
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); $this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
$this->messages['userPassword'][3] = array('ERROR', _('Password'), _('You cannot use this password options at the same time.'));
$this->messages['gidNumber'][0] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.')); $this->messages['gidNumber'][0] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.'));
$this->messages['gidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.')); $this->messages['gidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
$this->messages['gidNumber'][3] = array('ERROR', _('ID-Number'), _('No free ID-Number!')); $this->messages['gidNumber'][3] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
@ -452,29 +458,47 @@ class posixGroup extends baseModule {
/* Write variables into object and do some regexp checks /* Write variables into object and do some regexp checks
*/ */
function proccess_attributes($post, $profile=false) { function proccess_attributes($post, $profile=false) {
// Load attributes
$this->attributes['description'][0] = $post['description']; $this->attributes['description'][0] = $post['description'];
if ($post['userPassword_no']) $this->userPassword_no=true;
else $this->userPassword_no=false;
if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
If (!$profile) { If (!$profile) {
if ($post['changegids']) $this->changegids=true; if (($post['userPassword_lock'] && $post['userPassword_invalid']) || ($post['userPassword_nopassword'] && $post['userPassword_invalid'])) {
else $this->changegids=false; // found invalid password parameter combination
if ($post['genpass']) { $errors['userPassword'][] = $this->messages['userPassword'][3];
$this->userPassword(genpasswd()); }
else {
if ($post['userPassword_nopassword']) {
$this->userPassword_nopassword=true;
$this->userPassword_invalid=false;
$this->userPassword('');
$post['userPassword2'] = '';
if ($post['userPassword_lock'])
$this->userPassword_lock=true;
else $this->userPassword_lock=false;
}
else {
$this->userPassword_nopassword=false;
if ($post['userPassword_invalid']) {
$this->userPassword_invalid=true;
$this->userPassword_lock=false;
$this->userPassword('');
$post['userPassword2'] = ''; $post['userPassword2'] = '';
} }
else { else {
if (isset($post['userPassword'])) { $this->userPassword_invalid=false;
if ($post['userPassword'] != $post['userPassword2']) { if ($post['genpass']) $this->userPassword(genpasswd());
else {
if ($post['userPassword'] != $post['userPassword2'])
$errors['userPassword'][] = $this->messages['userPassword'][0]; $errors['userPassword'][] = $this->messages['userPassword'][0];
}
else $this->userPassword($post['userPassword']); else $this->userPassword($post['userPassword']);
if (!get_preg($this->userPassword(), 'password')) if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->messages['userPassword'][1]; $errors['userPassword'][] = $this->messages['userPassword'][1];
} }
if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
} }
}
if ($post['changegids']) $this->changegids=true;
else $this->changegids=false;
if ($this->attributes['gidNumber'][0]!=$post['gidNumber'] || ($this->errors['gidNumber'][0]='ERROR')) { if ($this->attributes['gidNumber'][0]!=$post['gidNumber'] || ($this->errors['gidNumber'][0]='ERROR')) {
// Check if GID is valid. If none value was entered, the next useable value will be inserted // Check if GID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber // load min and may uidNumber
@ -586,6 +610,7 @@ class posixGroup extends baseModule {
$errors['gidNumber'][] = $this->messages['gidNumber'][0]; $errors['gidNumber'][] = $this->messages['gidNumber'][0];
} }
} }
}
// Return error-messages // Return error-messages
if (count($errors)!=0) { if (count($errors)!=0) {
$this->errors = $errors; $this->errors = $errors;
@ -634,37 +659,35 @@ class posixGroup extends baseModule {
*/ */
function save_attributes() { function save_attributes() {
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// unset password when needed
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword'])) if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']); unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']);
// Set unix password // Set unix password
if (count($this->orig['userPassword'])==0) { if (isset($this->orig['userPassword'][0])) {
// New user or no old password set if ($this->userPassword_nopassword) // use no password
if ($this->userPassword_no) { $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); else if ($this->userPassword_invalid) // use '*' as password
} $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = '*';
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); else if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->userPassword()!='') // set password if set
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
else if ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0])) // lock account if required
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]);
else // password hasn't changed
$return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0];
} }
else { else {
if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0] && $this->userPassword()!='' ) || $this->userPassword_no) { // New user or no old password set
// Write new password if ($this->userPassword_nopassword) // use no password
if ($this->userPassword_no) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); else if ($this->userPassword_invalid) // use '*' as password
} $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = '*';
else { // No new password but old password else if ($this->userPassword()!='') // set password if set
// (un)lock password $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'][0])) {
// Split old password hash in {CRYPT} and password-hash
$i = 0;
while ($this->orig['userPassword'][0]{$i} != '}') $i++;
$passwd = substr($this->orig['userPassword'][0], $i+1 );
$crypt = substr($this->orig['userPassword'][0], 0, $i+1 );
// remove trailing ! from password hash
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
// Write new password
if ($this->userPassword_lock) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = "$crypt!$passwd";
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = "$crypt$passwd";
}
}
} }
// Remove primary group from users from memberUid // Remove primary group from users from memberUid
@ -749,14 +772,14 @@ class posixGroup extends baseModule {
function userPassword($newpassword=false) { function userPassword($newpassword=false) {
if (is_string($newpassword)) { if (is_string($newpassword)) {
// Write new password // Write new password
$this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword)); if ($newpassword=='')
$this->attributes['userPassword'][0] = '';
else $this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
return 0; return 0;
} }
else { else {
if ($this->attributes['userPassword'][0]!='') { if ($this->attributes['userPassword'][0]!='') // Read existing password if set
// Read existing password if set
return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0])); return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0]));
}
else return ''; else return '';
} }
} }

2
lam/lib/modules/sambaAccount.inc
View File

@ -492,7 +492,7 @@ class sambaAccount extends baseModule {
if ($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]) { if ($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]) {
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use unix password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use unix password') ),
1 => array ( 'kind' => 'input', 'name' => 'useunixpwd', 'type' => 'checkbox', 'checked' => $this->useunixpwd), 1 => array ( 'kind' => 'input', 'name' => 'useunixpwd', 'type' => 'checkbox', 'checked' => $this->useunixpwd, 'value' => true),
2 => array ('kind' => 'help', 'value' => 'useunixpwd')); 2 => array ('kind' => 'help', 'value' => 'useunixpwd'));
} }
$checked = false; $checked = false;

40
lam/lib/modules/sambaSamAccount.inc
View File

@ -126,7 +126,9 @@ class sambaSamAccount extends baseModule {
function sambaLMPassword($newpassword=false) { function sambaLMPassword($newpassword=false) {
if (is_string($newpassword)) { if (is_string($newpassword)) {
// Write new password // Write new password
$this->attributes['sambaLMPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword)); if ($newpassword=='')
$this->attributes['userPassword'][0] = '';
else $this->attributes['sambaLMPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
return 0; return 0;
} }
else { else {
@ -192,6 +194,8 @@ class sambaSamAccount extends baseModule {
*/ */
function load_attributes($attr) { function load_attributes($attr) {
$this->load_ldap_attributes($attr); $this->load_ldap_attributes($attr);
// Delete password. We don't want to show an encrypted password because it makes no sense
$this->sambaLMPassword('');
return 0; return 0;
} }
@ -227,17 +231,29 @@ class sambaSamAccount extends baseModule {
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// Set password
// unset password when needed
if (isset($return[$_SESSION[$this->base]->dn]['add']['sambaLMPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['sambaLMPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword'])) if (isset($return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword']); unset($return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['sambaLMPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['sambaLMPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['add']['sambaNTPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['sambaNTPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword'])) if (isset($return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword']); unset($return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['sambaNTPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['sambaNTPassword']);
if (!isset($this->orig['sambaLMPassword'][0])) { if (!isset($this->orig['sambaLMPassword'][0])) {
$return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword'][0] = lmPassword($this->sambaLMPassword()); // new account
$return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword'][0] = ntPassword($this->sambaLMPassword()); $return[$_SESSION[$this->base]->dn]['add']['sambaLMPassword'][0] = lmPassword($this->sambaLMPassword());
$return[$_SESSION[$this->base]->dn]['modify']['sambaPwdLastSet'][0] = time(); $return[$_SESSION[$this->base]->dn]['add']['sambaNTPassword'][0] = ntPassword($this->sambaLMPassword());
$return[$_SESSION[$this->base]->dn]['add']['sambaPwdLastSet'][0] = time();
} }
if ($this->sambaLMPassword()!='') { else
// edit existing account
if ($this->sambaLMPassword()!='' && $this->attributes['sambaLMPassword'][0] != $this->orig['sambaLMPassword'][0]) {
$return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword'][0] = lmPassword($this->sambaLMPassword()); $return[$_SESSION[$this->base]->dn]['modify']['sambaLMPassword'][0] = lmPassword($this->sambaLMPassword());
$return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword'][0] = ntPassword($this->sambaLMPassword()); $return[$_SESSION[$this->base]->dn]['modify']['sambaNTPassword'][0] = ntPassword($this->sambaLMPassword());
$return[$_SESSION[$this->base]->dn]['modify']['sambaPwdLastSet'][0] = time(); $return[$_SESSION[$this->base]->dn]['modify']['sambaPwdLastSet'][0] = time();
@ -443,16 +459,10 @@ class sambaSamAccount extends baseModule {
5 => array ( 'kind' => 'input', 'name' => 'sambaPwdMustChange_s', 'type' => 'hidden', 'value' => $mustchangedate['seconds']), 5 => array ( 'kind' => 'input', 'name' => 'sambaPwdMustChange_s', 'type' => 'hidden', 'value' => $mustchangedate['seconds']),
6 => array ( 'kind' => 'input', 'name' => 'sambaAcctFlagsU', 'type' => 'hidden', 'value' => 'true')); 6 => array ( 'kind' => 'input', 'name' => 'sambaAcctFlagsU', 'type' => 'hidden', 'value' => 'true'));
if (!$profile) { if (!$profile) {
if ($this->attributes['sambaLMPassword'][0] != $this->orig['sambaLMPassword'][0]) $password=$this->sambaLMPassword();
else if ($this->attributes['sambaLMPassword'][0] != '') $password=$post['sambaLMPassword'];
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Samba password') ),
1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password));
if ($post['sambaLMPassword2']!='') $password2 = $post['sambaLMPassword2']; if ($post['sambaLMPassword2']!='') $password2 = $post['sambaLMPassword2'];
else $password2 = $password; else $password2 = $this->sambaLMPassword();
if ($this->useunixpwd) { $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Samba password') ),
$password = $_SESSION[$this->base]->module['posixAccount']->userPassword(); 1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->sambaLMPassword()));
$password2 = $password;
}
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Repeat password') ),
1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2), 1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2),
2 => array ('kind' => 'help', 'value' => 'sambaLMPassword')); 2 => array ('kind' => 'help', 'value' => 'sambaLMPassword'));

18
lam/lib/modules/shadowAccount.inc
View File

@ -176,6 +176,12 @@ class shadowAccount extends baseModule {
* $attr is an array as it's retured from ldap_get_attributes * $attr is an array as it's retured from ldap_get_attributes
*/ */
function load_attributes($attr) { function load_attributes($attr) {
/* unset userPassword because:
* it is used by posixAccount
* it is a special attribute and stores encrypted in session
*/
unset($this->attributes['userPassword']);
unset($this->orig['userPassword']);
$this->load_ldap_attributes($attr); $this->load_ldap_attributes($attr);
return 0; return 0;
} }
@ -192,8 +198,12 @@ class shadowAccount extends baseModule {
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// Set shadowLastchange manual. // Set shadowLastchange manual.
if (($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0] && $_SESSION[$this->base]->module['posixAccount']->userPassword()!='') || $_SESSION[$this->base]->module['posixAccount']->userPassword_no) if (isset($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0])) {
// TODO fixme ****** fix this behavoir
if ($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0] && $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]!='')
$return[$_SESSION[$this->base]->dn]['modify']['shadowLastChange'] = array(intval(time()/3600/24)); $return[$_SESSION[$this->base]->dn]['modify']['shadowLastChange'] = array(intval(time()/3600/24));
}
return $return; return $return;
} }
@ -247,11 +257,11 @@ class shadowAccount extends baseModule {
for ( $i=2003; $i<=2030; $i++ ) $year[] = $i; for ( $i=2003; $i<=2030; $i++ ) $year[] = $i;
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Expire day') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Expire day') ),
1 => array ( 'kind' => 'table', 'value' => array ( 0 => array ( 0 => array ( 'kind' => 'select', 'name' => 'shadowExpire_day', 1 => array ( 'kind' => 'table', 'value' => array ( 0 => array ( 0 => array ( 'kind' => 'select', 'name' => 'shadowExpire_day',
'options' => $mday, 'options_selectd' => $date['mday']), 'options' => $mday, 'options_selected' => $date['mday']),
1 => array ( 'kind' => 'select', 'name' => 'shadowExpire_mon', 1 => array ( 'kind' => 'select', 'name' => 'shadowExpire_mon',
'options' => $mon, 'options_selectd' => $date['mon']), 'options' => $mon, 'options_selected' => $date['mon']),
2 => array ( 'kind' => 'select', 'name' => 'shadowExpire_yea', 2 => array ( 'kind' => 'select', 'name' => 'shadowExpire_yea',
'options' => $year, 'options_selectd' => $date['year'])))), 'options' => $year, 'options_selected' => $date['year'])))),
2 => array ( 'kind' => 'help', 'value' => 'shadowExpire' )); 2 => array ( 'kind' => 'help', 'value' => 'shadowExpire' ));
return $return; return $return;