WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

changed Unix password management

This commit is contained in:
Roland Gruber 2006-09-03 13:02:42 +00:00
parent 644e8d3d45
commit 379caca184
1 changed files with 32 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
lam/lib/modules/posixGroup.inc
View File

@ -38,12 +38,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
class posixGroup extends baseModule { class posixGroup extends baseModule {
// Variables /** change GIDs of users and hosts? */
// Use a unix password?
var $userPassword_nopassword;
// Lock password
var $userPassword_lock;
// change gids of users and hosts?
var $changegids; var $changegids;
@ -149,12 +144,6 @@ class posixGroup extends baseModule {
* It will output a complete html-table * It will output a complete html-table
*/ */
function display_html_attributes() { function display_html_attributes() {
// check password format if called the first time
if (isset($this->attributes['userPassword'][0])) {
if (pwd_is_enabled($this->attributes['userPassword'][0])) $this->userPassword_lock = false;
else $this->userPassword_lock = true;
}
else $this->userPassword_nopassword = true;
$return[] = array( $return[] = array(
0 => array('kind' => 'text', 'text' => _("Group name").'*'), 0 => array('kind' => 'text', 'text' => _("Group name").'*'),
1 => array('kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]), 1 => array('kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]),
@ -168,33 +157,33 @@ class posixGroup extends baseModule {
1 => array('kind' => 'input', 'name' => 'description', 'type' => 'text', 'size' => '30', 'maxlength' => '255', 'value' => $this->attributes['description'][0]), 1 => array('kind' => 'input', 'name' => 'description', 'type' => 'text', 'size' => '30', 'maxlength' => '255', 'value' => $this->attributes['description'][0]),
2 => array ('kind' => 'help', 'value' => 'description')); 2 => array ('kind' => 'help', 'value' => 'description'));
$return[] = array( $return[] = array(
0 => array('kind' => 'text', 'text' => _("Group members")), 0 => array('kind' => 'text', 'text' => _("Group members")),
1 => array('kind' => 'input', 'name' => 'form_subpage_posixGroup_user_open', 'type' => 'submit', 'value' => _('Edit members')), 1 => array('kind' => 'input', 'name' => 'form_subpage_posixGroup_user_open', 'type' => 'submit', 'value' => _('Edit members')),
2 => array ('kind' => 'help', 'value' => 'members')); 2 => array ('kind' => 'help', 'value' => 'members'));
if ($_SESSION[$this->base]->isNewAccount) { if (!isset($this->attributes['userPassword'][0])) {
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Password')),
1 => array('kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]),
2 => array('kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password')));
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Repeat password')),
1 => array('kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]),
2 => array('kind' => 'help', 'value' => 'password'));
}
else {
$return[] = array( $return[] = array(
0 => array('kind' => 'text', 'text' => _('Password') ), 0 => array('kind' => 'text', 'text' => _('Password') ),
1 => array('kind' => 'input', 'name' => 'form_subpage_posixGroup_password_open', 'type' => 'submit', 'value' => _('Change password'))); 1 => array('kind' => 'input', 'name' => 'form_subpage_posixGroup_password_open', 'type' => 'submit', 'value' => _('Set password')));
} }
$return[] = array( else {
0 => array('kind' => 'text', 'text' => _('Set no password')), if (pwd_is_enabled($this->attributes['userPassword'][0])) {
1 => array('kind' => 'input', 'name' => 'userPassword_nopassword', 'type' => 'checkbox', 'checked' => $this->userPassword_nopassword), $lockOption = array('kind' => 'input', 'name' => 'form_subpage_posixGroup_attributes_lockPassword', 'type' => 'submit', 'value' => _('Lock password'));
2 => array('kind' => 'help', 'value' => 'userPassword_no')); }
if ($_SESSION[$this->base]->isNewAccount || isset($this->attributes['userPassword'][0])) { else {
$lockOption = array('kind' => 'input', 'name' => 'form_subpage_posixGroup_attributes_unlockPassword', 'type' => 'submit', 'value' => _('Unlock password'));
}
$return[] = array(array('kind' => 'text', 'text' => ""));
$return[] = array( $return[] = array(
0 => array('kind' => 'text', 'text' => _('Lock password')), array('kind' => 'text', 'text' => _('Password') ),
1 => array('kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock), array('kind' => 'table', 'value' => array(
2 => array('kind' => 'help', 'value' => 'userPassword_lock')); array(
array('kind' => 'input', 'name' => 'form_subpage_posixGroup_password_open', 'type' => 'submit', 'value' => _('Change password'))
),
array($lockOption),
array(
array('kind' => 'input', 'name' => 'form_subpage_posixGroup_attributes_removePassword', 'type' => 'submit', 'value' => _('Remove password'))
)
)));
} }
if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='') if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='')
$return[] = array( $return[] = array(
@ -406,14 +395,6 @@ class posixGroup extends baseModule {
"Headline" => _("Group password"), "Headline" => _("Group password"),
"Text" => _("Sets the group password.") "Text" => _("Sets the group password.")
), ),
'userPassword_no' => array(
"Headline" => _("Use no password"),
"Text" => _("This will set no password which prevents logins with this account.")
),
'userPassword_lock' => array(
"Headline" => _("Account deactivated"),
"Text" => _("If checked account will be deactivated by putting a \"!\" before the encrypted password.")
),
'minMaxGID' => array( 'minMaxGID' => array(
"Headline" => _("GID number"), "Headline" => _("GID number"),
"Text" => _("These are the minimum and maximum numbers to use for group IDs when creating new group accounts. New group accounts will always get the highest number in use plus one.") "Text" => _("These are the minimum and maximum numbers to use for group IDs when creating new group accounts. New group accounts will always get the highest number in use plus one.")
@ -479,7 +460,6 @@ class posixGroup extends baseModule {
function load_Messages() { function load_Messages() {
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}=@$ !')); $this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}=@$ !'));
$this->messages['userPassword'][3] = array('ERROR', _('Password'), _('You cannot use this password options at the same time.'));
$this->messages['gidNumber'][0] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.')); $this->messages['gidNumber'][0] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.'));
$this->messages['gidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.')); $this->messages['gidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
$this->messages['gidNumber'][3] = array('ERROR', _('ID-Number'), _('No free ID-Number!')); $this->messages['gidNumber'][3] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
@ -542,33 +522,14 @@ class posixGroup extends baseModule {
function process_attributes() { function process_attributes() {
$errors = array(); $errors = array();
$this->attributes['description'][0] = $_POST['description']; $this->attributes['description'][0] = $_POST['description'];
if (isset($_POST['form_subpage_posixGroup_attributes_lockPassword'])) {
if ($_POST['userPassword_lock'] && $_POST['userPassword_nopassword']) { $this->attributes['userPassword'][0] = pwd_disable($this->attributes['userPassword'][0]);
// found invalid password parameter combination
$errors[] = $this->messages['userPassword'][3];
} }
else { if (isset($_POST['form_subpage_posixGroup_attributes_unlockPassword'])) {
if ($_POST['userPassword_nopassword']) { $this->attributes['userPassword'][0] = pwd_enable($this->attributes['userPassword'][0]);
$this->userPassword_nopassword=true; }
$this->attributes['userPassword'][0] = ''; if (isset($_POST['form_subpage_posixGroup_attributes_removePassword'])) {
$_POST['userPassword2'] = ''; unset($this->attributes['userPassword']);
if ($_POST['userPassword_lock'])
$this->userPassword_lock=true;
else $this->userPassword_lock=false;
}
else {
$this->userPassword_nopassword=false;
if ($_POST['genpass']) $this->attributes['userPassword'][0] = genpasswd();
elseif ($_SESSION[$this->base]->isNewAccount) {
if ($_POST['userPassword'] != $_POST['userPassword2'])
$errors[] = $this->messages['userPassword'][0];
else $this->attributes['userPassword'][0] = $_POST['userPassword'];
if (!get_preg($this->attributes['userPassword'][0], 'password'))
$errors[] = $this->messages['userPassword'][1];
}
if ($_POST['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
}
} }
if ($_POST['changegids']) $this->changegids=true; if ($_POST['changegids']) $this->changegids=true;
else $this->changegids=false; else $this->changegids=false;
@ -713,28 +674,11 @@ class posixGroup extends baseModule {
$errors[] = $this->messages['userPassword'][1]; $errors[] = $this->messages['userPassword'][1];
} }
else { else {
$this->attributes['userPassword'][0] = $_POST['userPassword']; $this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword']);
$this->userPassword_lock = false;
$this->userPassword_nopassword = false;
} }
return $errors; return $errors;
} }
/**
* This function loads all needed LDAP attributes.
*
* @param array $attr list of attributes
*/
function load_attributes($attr) {
parent::load_attributes($attr);
// set password options
if (!isset($this->attributes['userPassword'][0])) $this->userPassword_nopassword = true;
else {
if (pwd_is_enabled($this->attributes['userPassword'][0])) $this->userPassword_lock = false;
else $this->userPassword_lock = true;
}
}
/* This function returns an array with 3 entries: /* This function returns an array with 3 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) * array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs, * DN is the DN to change. It may be possible to change several DNs,
@ -749,38 +693,6 @@ class posixGroup extends baseModule {
return array(); return array();
} }
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// unset password when needed
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']);
// Set unix password
if (isset($this->orig['userPassword'][0])) {
// use no password, do nothing
if ($this->userPassword_nopassword) {}
// password changed
elseif (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->attributes['userPassword'][0] != '')
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
// lock account if required
elseif ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0]))
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]);
// unlock password if required
elseif (!$this->userPassword_lock && (pwd_enable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0]))
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_enable($this->orig['userPassword'][0]);
// password has not changed
else
$return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0];
}
else {
// New user or no old password set
if ($this->userPassword_nopassword) {}// use no password
elseif ($this->attributes['userPassword'][0] != '') {
// set password if set
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
}
}
// Change gids of users and hosts? // Change gids of users and hosts?
if ($this->changegids) { if ($this->changegids) {
// get gidNumber // get gidNumber