self service: set sambaPwdLastSet, sync sambaPwdCan/MustChange

This commit is contained in:
Roland Gruber 2008-12-14 10:20:05 +00:00
parent c088243b48
commit 489a72cf29
1 changed files with 51 additions and 5 deletions

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam) This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 - 2006 Tilo Lutz Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2007 Roland Gruber 2005 - 2008 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -185,7 +185,10 @@ class sambaSamAccount extends baseModule {
); );
$return['selfServiceFieldSettings'] = array( $return['selfServiceFieldSettings'] = array(
'syncNTPassword' => _('Sync Samba NT password with Unix password'), 'syncNTPassword' => _('Sync Samba NT password with Unix password'),
'syncLMPassword' => _('Sync Samba LM password with Unix password') 'syncLMPassword' => _('Sync Samba LM password with Unix password'),
'syncSambaPwdLastSet' => _('Update attribute "sambaPwdLastSet" on password change'),
'syncSambaPwdMustChange' => _('Update attribute "sambaPwdMustChange" on password change'),
'syncSambaPwdCanChange' => _('Update attribute "sambaPwdCanChange" on password change')
); );
// help Entries // help Entries
$return['help'] = array ( $return['help'] = array (
@ -2052,6 +2055,7 @@ class sambaSamAccount extends baseModule {
$partialAccounts[$i]['sambaSID'] .= '-' . ($partialAccounts[$i]['uidNumber']*2 + $domains[$domIndex]->RIDbase); $partialAccounts[$i]['sambaSID'] .= '-' . ($partialAccounts[$i]['uidNumber']*2 + $domains[$domIndex]->RIDbase);
} }
// passwords ( = host name) // passwords ( = host name)
$partialAccounts[$i]['sambaPwdLastSet'] = time();
$partialAccounts[$i]['sambaLMPassword'] = lmPassword(substr($partialAccounts[$i]['uid'], 0, sizeof($partialAccounts[$i]['uid']) - 1)); $partialAccounts[$i]['sambaLMPassword'] = lmPassword(substr($partialAccounts[$i]['uid'], 0, sizeof($partialAccounts[$i]['uid']) - 1));
$partialAccounts[$i]['sambaNTPassword'] = ntPassword(substr($partialAccounts[$i]['uid'], 0, sizeof($partialAccounts[$i]['uid']) - 1)); $partialAccounts[$i]['sambaNTPassword'] = ntPassword(substr($partialAccounts[$i]['uid'], 0, sizeof($partialAccounts[$i]['uid']) - 1));
// flags // flags
@ -2070,22 +2074,64 @@ class sambaSamAccount extends baseModule {
*/ */
function checkSelfServiceOptions($fields, $attributes) { function checkSelfServiceOptions($fields, $attributes) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()); $return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array());
if (!in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) {
return $return;
}
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) { if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
if ($_POST['posixAccount_password'] != $_POST['posixAccount_password2']) { if ($_POST['posixAccount_password'] != $_POST['posixAccount_password2']) {
return array(); return $return;
} }
else { else {
if (!get_preg($_POST['posixAccount_password'], 'password')) { if (!get_preg($_POST['posixAccount_password'], 'password')) {
return array(); return $return;
} }
else { else {
$setPassword = false;
// sync password // sync password
if (in_array('syncNTPassword', $fields)) { if (in_array('syncNTPassword', $fields)) {
$return['mod']['sambaNTPassword'][0] = ntPassword($_POST['posixAccount_password']); $return['mod']['sambaNTPassword'][0] = ntPassword($_POST['posixAccount_password']);
$setPassword = true;
} }
if (in_array('syncLMPassword', $fields)) { if (in_array('syncLMPassword', $fields)) {
$return['mod']['sambaLMPassword'][0] = lmPassword($_POST['posixAccount_password']); $return['mod']['sambaLMPassword'][0] = lmPassword($_POST['posixAccount_password']);
$setPassword = true;
}
if ($setPassword) {
if (in_array('syncSambaPwdLastSet', $fields)) {
$return['mod']['sambaPwdLastSet'][0] = time();
}
}
if (in_array('syncSambaPwdMustChange', $fields) || in_array('syncSambaPwdCanChange', $fields)) {
$sambaDomains = search_domains($_SESSION['ldapHandle'], $this->selfServiceSettings->LDAPSuffix);
if (($sambaDomains == null) || (sizeof($sambaDomains) == 0)) {
$return['messages'][] = array("ERROR", _('Unable to sync the time when the user can/must change his password as no domain was found.'), '');
return $return;
}
if (!isset($attributes['sambaSID'][0]) || $attributes['sambaSID'][0] == '') {
$return['messages'][] = array("ERROR", _('Unable to read sambaSID attribute.'), '');
return $return;
}
$domainSID = substr($attributes['sambaSID'][0], 0, strrpos($attributes['sambaSID'][0], "-"));
$sel_domain = null;
for ($i = 0; $i < count($sambaDomains); $i++ ) {
if ($domainSID == $sambaDomains[$i]->SID) {
$sel_domain = $sambaDomains[$i];
}
}
if ($sel_domain == null) {
$return['messages'][] = array("ERROR", _('Unable to sync the time when the user can/must change his password as no domain was found.'), $domainSID);
return $return;
}
if (in_array('syncSambaPwdCanChange', $fields)) {
if (($sel_domain != null) && (isset($sel_domain->maxPwdAge))) {
$return['mod']['sambaPwdCanChange'][0] = time() + $sel_domain->minPwdAge;
}
}
if (in_array('syncSambaPwdMustChange', $fields)) {
if (($sel_domain != null) && (isset($sel_domain->maxPwdAge))) {
$return['mod']['sambaPwdMustChange'][0] = time() + $sel_domain->maxPwdAge;
}
}
} }
} }
} }