From 3adc50c8accdc67e9967bbf24507acd86d3af7e4 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sun, 7 Apr 2013 17:28:09 +0000 Subject: [PATCH] password support --- lam/lib/modules/windowsUser.inc | 91 +++++++++++++++++++++++---------- 1 file changed, 63 insertions(+), 28 deletions(-) diff --git a/lam/lib/modules/windowsUser.inc b/lam/lib/modules/windowsUser.inc index 368b92c8..f792cac6 100644 --- a/lam/lib/modules/windowsUser.inc +++ b/lam/lib/modules/windowsUser.inc @@ -32,7 +32,7 @@ $Id$ * * @package modules */ -class windowsUser extends baseModule { +class windowsUser extends baseModule implements passwordService { /** * Returns meta data that is interpreted by parent class @@ -49,6 +49,8 @@ class windowsUser extends baseModule { $return["account_types"] = array('user'); // this is a base module $return["is_base"] = true; + // PHP extensions + $return['extensions'] = array('iconv'); // RDN attribute $return["RDN"] = array("cn" => "high"); // LDAP filter @@ -137,29 +139,23 @@ class windowsUser extends baseModule { // upload fields $return['upload_columns'] = array( array( - 'name' => 'windowsHost_name', - 'description' => _('Host name'), + 'name' => 'windowsUser_name', + 'description' => _('User name'), 'help' => 'cn', - 'example' => _('PC01'), + 'example' => _('smiller'), 'required' => true ), array( - 'name' => 'windowsHost_description', + 'name' => 'windowsUser_description', 'description' => _('Description'), 'help' => 'description', ), array( - 'name' => 'windowsHost_location', + 'name' => 'windowsUser_l', 'description' => _('Location'), - 'help' => 'location', + 'help' => 'l', 'example' => _('MyCity'), ), - array( - 'name' => 'windowsHost_managedBy', - 'description' => _('Managed by'), - 'help' => 'managedBy', - 'example' => 'cn=user1,o=test', - ), ); // available PDF fields $return['PDF_fields'] = array( @@ -301,6 +297,9 @@ class windowsUser extends baseModule { $this->processMultiValueInputTextField('url', $return); // web site $this->attributes['wWWHomePage'][0] = $_POST['wWWHomePage']; + if ($this->getAccountContainer()->isNewAccount) { + $this->attributes['userAccountControl'][0] = 512; + } return $return; } @@ -317,12 +316,12 @@ class windowsUser extends baseModule { $errors = array(); for ($i = 0; $i < sizeof($rawAccounts); $i++) { // add object class - if (!in_array('computer', $partialAccounts[$i]['objectClass'])) $partialAccounts[$i]['objectClass'][] = 'computer'; + if (!in_array('user', $partialAccounts[$i]['objectClass'])) $partialAccounts[$i]['objectClass'][] = 'user'; // cn + sAMAccountName - if ($rawAccounts[$i][$ids['windowsHost_name']] != "") { - if (get_preg($rawAccounts[$i][$ids['windowsHost_name']], 'hostname')) { - $partialAccounts[$i]['cn'] = $rawAccounts[$i][$ids['windowsHost_name']]; - $partialAccounts[$i]['sAMAccountName'] = $rawAccounts[$i][$ids['windowsHost_name']] . '$'; + if ($rawAccounts[$i][$ids['windowsUser_name']] != "") { + if (get_preg($rawAccounts[$i][$ids['windowsUser_name']], 'username')) { + $partialAccounts[$i]['cn'] = $rawAccounts[$i][$ids['windowsUser_name']]; + $partialAccounts[$i]['sAMAccountName'] = $rawAccounts[$i][$ids['windowsUser_name']] . '$'; } else { $errMsg = $this->messages['cn'][1]; @@ -331,19 +330,15 @@ class windowsUser extends baseModule { } } // description - if ($rawAccounts[$i][$ids['windowsHost_description']] != "") { - $partialAccounts[$i]['description'] = $rawAccounts[$i][$ids['windowsHost_description']]; + if ($rawAccounts[$i][$ids['windowsUser_description']] != "") { + $partialAccounts[$i]['description'] = $rawAccounts[$i][$ids['windowsUser_description']]; } // location - if ($rawAccounts[$i][$ids['windowsHost_location']] != "") { - $partialAccounts[$i]['location'] = $rawAccounts[$i][$ids['windowsHost_location']]; + if ($rawAccounts[$i][$ids['windowsUser_l']] != "") { + $partialAccounts[$i]['l'] = $rawAccounts[$i][$ids['windowsUser_l']]; } - // managed by - if ($rawAccounts[$i][$ids['windowsHost_managedBy']] != "") { - $partialAccounts[$i]['managedBy'] = $rawAccounts[$i][$ids['windowsHost_managedBy']]; - } - // machine trust account, no password required - $partialAccounts[$i]['userAccountControl'][0] = 4128; + // user account + $partialAccounts[$i]['userAccountControl'][0] = 512; } return $errors; } @@ -372,6 +367,46 @@ class windowsUser extends baseModule { $this->addSimplePDFField($return, 'wWWHomePage', _('Web site')); return $return; } + + /** + * This method specifies if a module manages password attributes. The module alias will + * then appear as option in the GUI. + *
If the module only wants to get notified about password changes then return false. + * + * @return boolean true if this module manages password attributes + */ + public function managesPasswordAttributes() { + return true; + } + + /** + * Specifies if this module supports to force that a user must change his password on next login. + * + * @return boolean force password change supported + */ + public function supportsForcePasswordChange() { + return false; + } + + /** + * This function is called whenever the password should be changed. Account modules + * must change their password attributes only if the modules list contains their module name. + * + * @param String $password new password + * @param array $modules list of modules for which the password should be changed + * @param boolean $forcePasswordChange force the user to change his password at next login + * @return array list of error messages if any as parameter array for StatusMessage + * e.g. return arrray(array('ERROR', 'Password change failed.')) + */ + public function passwordChangeRequested($password, $modules, $forcePasswordChange) { + if (!in_array(get_class($this), $modules)) { + return array(); + } + $pwdBin = iconv('UTF-8', 'UTF-16LE', '"' . $password . '"'); + $this->orig['unicodePwd'][0] = 'unknown'; + $this->attributes['unicodePwd'][0] = $pwdBin; + return array(); + } }