changed Unix password management
This commit is contained in:
parent
5753d4e55a
commit
644e8d3d45
|
@ -1,5 +1,6 @@
|
||||||
??? 1.1.0
|
??? 1.1.0
|
||||||
- Lamdaemon now uses the SSH implementation from PECL which is much more stable
|
- Lamdaemon now uses the SSH implementation from PECL which is much more stable
|
||||||
|
- Samba 2/3: "Use Unix password" now on by default (1517678)
|
||||||
|
|
||||||
Developers:
|
Developers:
|
||||||
API changes:
|
API changes:
|
||||||
|
|
|
@ -37,6 +37,14 @@
|
||||||
*/
|
*/
|
||||||
class posixAccount extends baseModule {
|
class posixAccount extends baseModule {
|
||||||
|
|
||||||
|
// Variables
|
||||||
|
|
||||||
|
/* These two variables keep an array of groups the user is also member of. */
|
||||||
|
var $groups;
|
||||||
|
var $groups_orig;
|
||||||
|
var $createhomedir;
|
||||||
|
var $clearTextPassword;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This function fills the error message array with messages.
|
* This function fills the error message array with messages.
|
||||||
**/
|
**/
|
||||||
|
@ -60,7 +68,6 @@ class posixAccount extends baseModule {
|
||||||
$this->messages['uidNumber'][5] = array('INFO', _('UID number'), _('UID number has changed. To keep file ownership you have to run the following command as root: \'find / -uid %s -exec chown %s {} \;\''));
|
$this->messages['uidNumber'][5] = array('INFO', _('UID number'), _('UID number has changed. To keep file ownership you have to run the following command as root: \'find / -uid %s -exec chown %s {} \;\''));
|
||||||
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password fields.'));
|
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password fields.'));
|
||||||
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}=@$ !'));
|
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}=@$ !'));
|
||||||
$this->messages['userPassword'][3] = array('ERROR', _('Password'), _('You cannot use these password options at the same time.'));
|
|
||||||
$this->messages['userPassword'][4] = array('ERROR', _('Account %s:') . ' posixAccount_password', _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}=@$ !'));
|
$this->messages['userPassword'][4] = array('ERROR', _('Account %s:') . ' posixAccount_password', _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}=@$ !'));
|
||||||
$this->messages['uid'][0] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?'));
|
$this->messages['uid'][0] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?'));
|
||||||
$this->messages['uid'][1] = array('WARN', _('User name'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
|
$this->messages['uid'][1] = array('WARN', _('User name'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
|
||||||
|
@ -356,10 +363,6 @@ class posixAccount extends baseModule {
|
||||||
"Headline" => _("Password"),
|
"Headline" => _("Password"),
|
||||||
"Text" => _("Please enter the password which you want to set for this account.")
|
"Text" => _("Please enter the password which you want to set for this account.")
|
||||||
),
|
),
|
||||||
'userPassword_no' => array(
|
|
||||||
"Headline" => _("Use no password"),
|
|
||||||
"Text" => _("This will set no password which prevents logins with this account.")
|
|
||||||
),
|
|
||||||
'userPassword_lock' => array(
|
'userPassword_lock' => array(
|
||||||
"Headline" => _("Account deactivated"),
|
"Headline" => _("Account deactivated"),
|
||||||
"Text" => _("If checked account will be deactivated by putting a \"!\" before the encrypted password.")
|
"Text" => _("If checked account will be deactivated by putting a \"!\" before the encrypted password.")
|
||||||
|
@ -414,20 +417,10 @@ class posixAccount extends baseModule {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Variables
|
/**
|
||||||
// Use a unix password?
|
* This functions is used to check if all settings for this module have been made.
|
||||||
var $userPassword_nopassword;
|
*
|
||||||
// Lock password
|
* @return boolean true, if settings are complete
|
||||||
var $userPassword_lock;
|
|
||||||
/* These two variables keep an array of groups the
|
|
||||||
* user is also member of.
|
|
||||||
*/
|
|
||||||
var $groups;
|
|
||||||
var $groups_orig;
|
|
||||||
var $createhomedir;
|
|
||||||
|
|
||||||
/* This functions return true
|
|
||||||
* if all needed settings are done
|
|
||||||
*/
|
*/
|
||||||
function module_complete() {
|
function module_complete() {
|
||||||
if ($this->attributes['uid'][0] == '') return false;
|
if ($this->attributes['uid'][0] == '') return false;
|
||||||
|
@ -456,55 +449,21 @@ class posixAccount extends baseModule {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->groups_orig = $this->groups;
|
$this->groups_orig = $this->groups;
|
||||||
// set password options
|
|
||||||
if (!isset($this->attributes['userPassword'][0])) $this->userPassword_nopassword = true;
|
|
||||||
else {
|
|
||||||
if (pwd_is_enabled($this->attributes['userPassword'][0])) $this->userPassword_lock = false;
|
|
||||||
else $this->userPassword_lock = true;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This function returns an array with 3 entries:
|
/**
|
||||||
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
|
* Returns a list of modifications which have to be made to the LDAP account.
|
||||||
* DN is the DN to change. It may be possible to change several DNs,
|
*
|
||||||
* e.g. create a new user and add him to some groups via attribute memberUid
|
* @return array list of modifications
|
||||||
* add are attributes which have to be added to ldap entry
|
* <br>This function returns an array with 3 entries:
|
||||||
* remove are attributes which have to be removed from ldap entry
|
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
|
||||||
* modify are attributes which have to been modified in ldap entry
|
* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
|
||||||
|
* <br>"add" are attributes which have to be added to LDAP entry
|
||||||
|
* <br>"remove" are attributes which have to be removed from LDAP entry
|
||||||
|
* <br>"modify" are attributes which have to been modified in LDAP entry
|
||||||
*/
|
*/
|
||||||
function save_attributes() {
|
function save_attributes() {
|
||||||
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
||||||
// unset password when needed
|
|
||||||
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword']))
|
|
||||||
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
|
|
||||||
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
|
|
||||||
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
|
|
||||||
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']))
|
|
||||||
unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']);
|
|
||||||
// Set unix password
|
|
||||||
if (isset($this->orig['userPassword'][0])) {
|
|
||||||
// use no password, do nothing
|
|
||||||
if ($this->userPassword_nopassword) {}
|
|
||||||
// set password if set
|
|
||||||
elseif (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->attributes['userPassword'][0] != '')
|
|
||||||
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
|
||||||
// lock account if required
|
|
||||||
elseif ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0]))
|
|
||||||
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]);
|
|
||||||
// unlock account if required
|
|
||||||
elseif (!$this->userPassword_lock && (pwd_enable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0]))
|
|
||||||
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_enable($this->orig['userPassword'][0]);
|
|
||||||
// password has not changed
|
|
||||||
else
|
|
||||||
$return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0];
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
// New user or no old password set
|
|
||||||
if ($this->userPassword_nopassword) {}// use no password
|
|
||||||
else if ($this->attributes['userPassword'][0] != '') // set password if set
|
|
||||||
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Remove primary group from additional groups
|
// Remove primary group from additional groups
|
||||||
for ($i=0; $i<count($this->groups); $i++) {
|
for ($i=0; $i<count($this->groups); $i++) {
|
||||||
if ($this->groups[$i]==$_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0])) unset($this->groups[$i]);
|
if ($this->groups[$i]==$_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0])) unset($this->groups[$i]);
|
||||||
|
@ -599,6 +558,15 @@ class posixAccount extends baseModule {
|
||||||
}
|
}
|
||||||
$this->attributes['homeDirectory'][0] = $_POST['homeDirectory'];
|
$this->attributes['homeDirectory'][0] = $_POST['homeDirectory'];
|
||||||
// Load attributes
|
// Load attributes
|
||||||
|
if (isset($_POST['form_subpage_posixAccount_attributes_lockPassword'])) {
|
||||||
|
$this->attributes['userPassword'][0] = pwd_disable($this->attributes['userPassword'][0]);
|
||||||
|
}
|
||||||
|
if (isset($_POST['form_subpage_posixAccount_attributes_unlockPassword'])) {
|
||||||
|
$this->attributes['userPassword'][0] = pwd_enable($this->attributes['userPassword'][0]);
|
||||||
|
}
|
||||||
|
if (isset($_POST['form_subpage_posixAccount_attributes_removePassword'])) {
|
||||||
|
unset($this->attributes['userPassword']);
|
||||||
|
}
|
||||||
$this->attributes['uid'][0] = $_POST['uid'];
|
$this->attributes['uid'][0] = $_POST['uid'];
|
||||||
$this->attributes['cn'][0] = $_POST['cn'];
|
$this->attributes['cn'][0] = $_POST['cn'];
|
||||||
if ($this->attributes['cn'][0] == '') {
|
if ($this->attributes['cn'][0] == '') {
|
||||||
|
@ -677,32 +645,6 @@ class posixAccount extends baseModule {
|
||||||
if ( !get_preg($this->attributes['homeDirectory'][0], 'homeDirectory' ))
|
if ( !get_preg($this->attributes['homeDirectory'][0], 'homeDirectory' ))
|
||||||
$errors[] = $this->messages['homeDirectory'][0];
|
$errors[] = $this->messages['homeDirectory'][0];
|
||||||
}
|
}
|
||||||
if (isset($_POST['userPassword_lock']) && isset($_POST['userPassword_nopassword'])) {
|
|
||||||
// found invalid password parameter combination
|
|
||||||
$errors[] = $this->messages['userPassword'][3];
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
if (isset($_POST['userPassword_nopassword'])) {
|
|
||||||
$this->userPassword_nopassword=true;
|
|
||||||
$this->attributes['userPassword'][0] = '';
|
|
||||||
$_POST['userPassword2'] = '';
|
|
||||||
if (isset($_POST['userPassword_lock']))
|
|
||||||
$this->userPassword_lock=true;
|
|
||||||
else $this->userPassword_lock=false;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$this->userPassword_nopassword=false;
|
|
||||||
if (isset($_POST['genpass'])) $this->attributes['userPassword'][0] = genpasswd();
|
|
||||||
elseif ($_SESSION[$this->base]->isNewAccount) {
|
|
||||||
if ($_POST['userPassword'] != $_POST['userPassword2'])
|
|
||||||
$errors[] = $this->messages['userPassword'][0];
|
|
||||||
else $this->attributes['userPassword'][0] = $_POST['userPassword'];
|
|
||||||
if (!get_preg($this->attributes['userPassword'][0], 'password'))
|
|
||||||
$errors[] = $this->messages['userPassword'][1];
|
|
||||||
}
|
|
||||||
if (isset($_POST['userPassword_lock'])) $this->userPassword_lock=true;
|
|
||||||
else $this->userPassword_lock=false;
|
|
||||||
}
|
|
||||||
if ($_SESSION[$this->base]->type=='user') {
|
if ($_SESSION[$this->base]->type=='user') {
|
||||||
$this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
|
$this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
|
||||||
if ($this->attributes['uid'][0] != '')
|
if ($this->attributes['uid'][0] != '')
|
||||||
|
@ -740,12 +682,15 @@ class posixAccount extends baseModule {
|
||||||
// get last character of username
|
// get last character of username
|
||||||
$lastchar = substr($this->attributes['uid'][0], strlen($this->attributes['uid'][0])-1, 1);
|
$lastchar = substr($this->attributes['uid'][0], strlen($this->attributes['uid'][0])-1, 1);
|
||||||
// Last character is no number
|
// Last character is no number
|
||||||
if ( !ereg('^([0-9])+$', $lastchar))
|
if ( !ereg('^([0-9])+$', $lastchar)) {
|
||||||
/* Last character is no number. Therefore we only have to
|
// Last character is no number. Therefore we only have to add "2" to it.
|
||||||
* add "2" to it.
|
if ($_SESSION[$this->base]->type=='host') {
|
||||||
*/
|
$this->attributes['uid'][0] = $this->attributes['uid'][0] . '2$';
|
||||||
if ($_SESSION[$this->base]->type=='host') $this->attributes['uid'][0] = $this->attributes['uid'][0] . '2$';
|
}
|
||||||
else $this->attributes['uid'][0] = $this->attributes['uid'][0] . '2';
|
else {
|
||||||
|
$this->attributes['uid'][0] = $this->attributes['uid'][0] . '2';
|
||||||
|
}
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
/* Last character is a number -> we have to increase the number until we've
|
/* Last character is a number -> we have to increase the number until we've
|
||||||
* found a groupname with trailing number which is not in use.
|
* found a groupname with trailing number which is not in use.
|
||||||
|
@ -772,9 +717,6 @@ class posixAccount extends baseModule {
|
||||||
if ($_SESSION[$this->base]->type=='user') $errors[] = $this->messages['uid'][5];
|
if ($_SESSION[$this->base]->type=='user') $errors[] = $this->messages['uid'][5];
|
||||||
if ($_SESSION[$this->base]->type=='host') $errors[] = $this->messages['uid'][6];
|
if ($_SESSION[$this->base]->type=='host') $errors[] = $this->messages['uid'][6];
|
||||||
}
|
}
|
||||||
if ($_SESSION[$this->base]->isNewAccount && !get_preg($this->attributes['userPassword'][0], 'password'))
|
|
||||||
$errors[] = $this->messages['userPassword'][1];
|
|
||||||
}
|
|
||||||
$attributeList = array('gecos', 'homeDirectory');
|
$attributeList = array('gecos', 'homeDirectory');
|
||||||
for ($i = 0; $i < sizeof($attributeList); $i++) {
|
for ($i = 0; $i < sizeof($attributeList); $i++) {
|
||||||
if (isset($this->attributes[$attributeList[$i]][0])) {
|
if (isset($this->attributes[$attributeList[$i]][0])) {
|
||||||
|
@ -849,9 +791,8 @@ class posixAccount extends baseModule {
|
||||||
$errors[] = $this->messages['userPassword'][1];
|
$errors[] = $this->messages['userPassword'][1];
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$this->attributes['userPassword'][0] = $_POST['userPassword'];
|
$this->clearTextPassword = $_POST['userPassword'];
|
||||||
$this->userPassword_lock = false;
|
$this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword']);
|
||||||
$this->userPassword_nopassword = false;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $errors;
|
return $errors;
|
||||||
|
@ -862,23 +803,10 @@ class posixAccount extends baseModule {
|
||||||
* It will output a complete html-table
|
* It will output a complete html-table
|
||||||
*/
|
*/
|
||||||
function display_html_attributes() {
|
function display_html_attributes() {
|
||||||
// check password format if called the first time
|
|
||||||
if (isset($this->attributes['userPassword'][0])) {
|
|
||||||
if (pwd_is_enabled($this->attributes['userPassword'][0])) $this->userPassword_lock = false;
|
|
||||||
else $this->userPassword_lock = true;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
if ($_SESSION[$this->base]->isNewAccount) {
|
|
||||||
$this->userPassword_nopassword = false;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$this->userPassword_nopassword = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$groups = $_SESSION['cache']->findgroups(); // list of all groupnames
|
$groups = $_SESSION['cache']->findgroups(); // list of all groupnames
|
||||||
if (count($groups)==0) {
|
if (count($groups)==0) {
|
||||||
StatusMessage("ERROR", _('No Unix groups found in LDAP! Please create one first.'), '');
|
StatusMessage("ERROR", _('No Unix groups found in LDAP! Please create one first.'), '');
|
||||||
return;
|
return array();
|
||||||
}
|
}
|
||||||
$shelllist = getshells(); // list of all valid shells
|
$shelllist = getshells(); // list of all valid shells
|
||||||
|
|
||||||
|
@ -918,30 +846,29 @@ class posixAccount extends baseModule {
|
||||||
1 => array('kind' => 'input', 'name' => 'createhomedir', 'type' => 'checkbox', 'checked' => $this->createhomedir),
|
1 => array('kind' => 'input', 'name' => 'createhomedir', 'type' => 'checkbox', 'checked' => $this->createhomedir),
|
||||||
2 => array('kind' => 'help', 'value' => 'createhomedir'));
|
2 => array('kind' => 'help', 'value' => 'createhomedir'));
|
||||||
}
|
}
|
||||||
if ($_SESSION[$this->base]->isNewAccount) {
|
if (!isset($this->attributes['userPassword'][0])) {
|
||||||
$return[] = array(
|
$return[] = array(
|
||||||
0 => array('kind' => 'text', 'text' => _('Password') ),
|
0 => array('kind' => 'text', 'text' => _('Password') ),
|
||||||
1 => array('kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '30', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]),
|
1 => array('kind' => 'input', 'name' => 'form_subpage_posixAccount_password_open', 'type' => 'submit', 'value' => _('Set password')));
|
||||||
2 => array('kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password')));
|
|
||||||
$return[] = array(
|
|
||||||
0 => array('kind' => 'text', 'text' => _('Repeat password')),
|
|
||||||
1 => array('kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '30', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]),
|
|
||||||
2 => array('kind' => 'help', 'value' => 'userPassword'));
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$return[] = array(
|
if (pwd_is_enabled($this->attributes['userPassword'][0])) {
|
||||||
0 => array('kind' => 'text', 'text' => _('Password') ),
|
$lockOption = array('kind' => 'input', 'name' => 'form_subpage_posixAccount_attributes_lockPassword', 'type' => 'submit', 'value' => _('Lock password'));
|
||||||
1 => array('kind' => 'input', 'name' => 'form_subpage_posixAccount_password_open', 'type' => 'submit', 'value' => _('Change password')));
|
}
|
||||||
|
else {
|
||||||
|
$lockOption = array('kind' => 'input', 'name' => 'form_subpage_posixAccount_attributes_unlockPassword', 'type' => 'submit', 'value' => _('Unlock password'));
|
||||||
}
|
}
|
||||||
$return[] = array(
|
$return[] = array(
|
||||||
0 => array('kind' => 'text', 'text' => _('Set no password')),
|
array('kind' => 'text', 'text' => _('Password') ),
|
||||||
1 => array('kind' => 'input', 'name' => 'userPassword_nopassword', 'type' => 'checkbox', 'checked' => $this->userPassword_nopassword),
|
array('kind' => 'table', 'value' => array(
|
||||||
2 => array('kind' => 'help', 'value' => 'userPassword_no'));
|
array(
|
||||||
if ($_SESSION[$this->base]->isNewAccount || isset($this->attributes['userPassword'][0])) {
|
array('kind' => 'input', 'name' => 'form_subpage_posixAccount_password_open', 'type' => 'submit', 'value' => _('Change password'))
|
||||||
$return[] = array(
|
),
|
||||||
0 => array('kind' => 'text', 'text' => _('Lock password')),
|
array($lockOption),
|
||||||
1 => array('kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock),
|
array(
|
||||||
2 => array('kind' => 'help', 'value' => 'userPassword_lock'));
|
array('kind' => 'input', 'name' => 'form_subpage_posixAccount_attributes_removePassword', 'type' => 'submit', 'value' => _('Remove password'))
|
||||||
|
)
|
||||||
|
)));
|
||||||
}
|
}
|
||||||
if (count($shelllist)!=0) {
|
if (count($shelllist)!=0) {
|
||||||
$return[] = array(
|
$return[] = array(
|
||||||
|
@ -1057,14 +984,6 @@ class posixAccount extends baseModule {
|
||||||
$return[] = array(0 => array('kind' => 'text', 'text' => _('Login shell') . ": "),
|
$return[] = array(0 => array('kind' => 'text', 'text' => _('Login shell') . ": "),
|
||||||
1 => array('kind' => 'select', 'name' => 'posixAccount_loginShell', 'options' => $shelllist, 'options_selected' => array("/bin/bash")),
|
1 => array('kind' => 'select', 'name' => 'posixAccount_loginShell', 'options' => $shelllist, 'options_selected' => array("/bin/bash")),
|
||||||
2 => array('kind' => 'help', 'value' => 'loginShell', 'scope' => 'user'));
|
2 => array('kind' => 'help', 'value' => 'loginShell', 'scope' => 'user'));
|
||||||
// do not set password
|
|
||||||
$return[] = array(0 => array('kind' => 'text', 'text' => _('Set no password') . ": "),
|
|
||||||
1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_no', 'type' => 'checkbox', 'checked' => false),
|
|
||||||
2 => array('kind' => 'help', 'value' => 'posixAccount_userPassword_no', 'scope' => 'user'));
|
|
||||||
// disable account
|
|
||||||
$return[] = array(0 => array('kind' => 'text', 'text' => _('Lock password') . ": "),
|
|
||||||
1 => array('kind' => 'input', 'name' => 'posixAccount_userPassword_lock', 'type' => 'checkbox', 'checked' => false),
|
|
||||||
2 => array('kind' => 'help', 'value' => 'posixAccount_userPassword_lock', 'scope' => 'user'));
|
|
||||||
}
|
}
|
||||||
elseif ($this->scope == 'host') {
|
elseif ($this->scope == 'host') {
|
||||||
$groups = $_SESSION['cache']->findgroups(); // list of all groupnames
|
$groups = $_SESSION['cache']->findgroups(); // list of all groupnames
|
||||||
|
@ -1096,20 +1015,6 @@ class posixAccount extends baseModule {
|
||||||
if (isset($profile['posixAccount_additionalGroup'][0])) {
|
if (isset($profile['posixAccount_additionalGroup'][0])) {
|
||||||
$this->groups = $profile['posixAccount_additionalGroup'];
|
$this->groups = $profile['posixAccount_additionalGroup'];
|
||||||
}
|
}
|
||||||
// no password
|
|
||||||
if ($profile['posixAccount_userPassword_no'][0] == "true") {
|
|
||||||
$this->userPassword_nopassword = true;
|
|
||||||
}
|
|
||||||
elseif ($profile['posixAccount_userPassword_no'][0] == "false") {
|
|
||||||
$this->userPassword_nopassword = false;
|
|
||||||
}
|
|
||||||
// locked password
|
|
||||||
if ($profile['posixAccount_userPassword_lock'][0] == "true") {
|
|
||||||
$this->userPassword_lock = true;
|
|
||||||
}
|
|
||||||
elseif ($profile['posixAccount_userPassword_lock'][0] == "false") {
|
|
||||||
$this->userPassword_lock = false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1118,7 +1023,7 @@ class posixAccount extends baseModule {
|
||||||
* @return array list of possible PDF entries
|
* @return array list of possible PDF entries
|
||||||
*/
|
*/
|
||||||
function get_pdfEntries() {
|
function get_pdfEntries() {
|
||||||
return array(
|
$return = array(
|
||||||
'posixAccount_uid' => array('<block><key>' . _('User name') . '</key><value>' . $this->attributes['uid'][0] . '</value></block>'),
|
'posixAccount_uid' => array('<block><key>' . _('User name') . '</key><value>' . $this->attributes['uid'][0] . '</value></block>'),
|
||||||
'posixAccount_cn' => array('<block><key>' . _('Common name') . '</key><value>' . $this->attributes['cn'][0] . '</value></block>'),
|
'posixAccount_cn' => array('<block><key>' . _('Common name') . '</key><value>' . $this->attributes['cn'][0] . '</value></block>'),
|
||||||
'posixAccount_uidNumber' => array('<block><key>' . _('UID number') . '</key><value>' . $this->attributes['uidNumber'][0] . '</value></block>'),
|
'posixAccount_uidNumber' => array('<block><key>' . _('UID number') . '</key><value>' . $this->attributes['uidNumber'][0] . '</value></block>'),
|
||||||
|
@ -1127,9 +1032,12 @@ class posixAccount extends baseModule {
|
||||||
'posixAccount_primaryGroup' => array('<block><key>' . _('Primary group') . '</key><value>' . $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]) . '</value></block>'),
|
'posixAccount_primaryGroup' => array('<block><key>' . _('Primary group') . '</key><value>' . $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]) . '</value></block>'),
|
||||||
'posixAccount_additionalGroups' => array('<block><key>' . _('Additional groups') . '</key><value>' . implode(", ", $this->groups) . '</value></block>'),
|
'posixAccount_additionalGroups' => array('<block><key>' . _('Additional groups') . '</key><value>' . implode(", ", $this->groups) . '</value></block>'),
|
||||||
'posixAccount_homeDirectory' => array('<block><key>' . _('Home directory') . '</key><value>' . $this->attributes['homeDirectory'][0] . '</value></block>'),
|
'posixAccount_homeDirectory' => array('<block><key>' . _('Home directory') . '</key><value>' . $this->attributes['homeDirectory'][0] . '</value></block>'),
|
||||||
'posixAccount_userPassword' => array('<block><key>' . _('Password') . '</key><value>' . $this->attributes['userPassword'][0] . '</value></block>'),
|
|
||||||
'posixAccount_loginShell' => array('<block><key>' . _('Login shell') . '</key><value>' . $this->attributes['loginShell'][0] . '</value></block>'),
|
'posixAccount_loginShell' => array('<block><key>' . _('Login shell') . '</key><value>' . $this->attributes['loginShell'][0] . '</value></block>'),
|
||||||
);
|
);
|
||||||
|
if (isset($this->clearTextPassword)) {
|
||||||
|
$return['posixAccount_userPassword'] = array('<block><key>' . _('Password') . '</key><value>' . $this->clearTextPassword . '</value></block>');
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -416,14 +416,14 @@ class sambaAccount extends baseModule {
|
||||||
function init($base) {
|
function init($base) {
|
||||||
// call parent init
|
// call parent init
|
||||||
parent::init($base);
|
parent::init($base);
|
||||||
$this->useunixpwd = false;
|
$this->useunixpwd = true;
|
||||||
$this->noexpire = true;
|
$this->noexpire = true;
|
||||||
$this->nopwd = false;
|
$this->nopwd = false;
|
||||||
$this->deactivated = false;
|
$this->deactivated = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Variables
|
// Variables
|
||||||
/** use unix password as samba password? */
|
/** use Unix password as samba password? */
|
||||||
var $useunixpwd;
|
var $useunixpwd;
|
||||||
/** use no password? */
|
/** use no password? */
|
||||||
var $nopwd;
|
var $nopwd;
|
||||||
|
@ -580,8 +580,8 @@ class sambaAccount extends baseModule {
|
||||||
else $this->useunixpwd = false;
|
else $this->useunixpwd = false;
|
||||||
if ($_POST['useunixpwd']) {
|
if ($_POST['useunixpwd']) {
|
||||||
$this->useunixpwd = true;
|
$this->useunixpwd = true;
|
||||||
$this->attributes['lmPassword'][0] = lmPassword($_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]);
|
$this->attributes['lmPassword'][0] = lmPassword($_SESSION[$this->base]->module['posixAccount']->clearTextPassword);
|
||||||
$this->attributes['ntPassword'][0] = ntPassword($_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]);
|
$this->attributes['ntPassword'][0] = ntPassword($_SESSION[$this->base]->module['posixAccount']->clearTextPassword);
|
||||||
$this->attributes['pwdLastSet'][0] = time();
|
$this->attributes['pwdLastSet'][0] = time();
|
||||||
}
|
}
|
||||||
else $this->useunixpwd = false;
|
else $this->useunixpwd = false;
|
||||||
|
@ -718,8 +718,8 @@ class sambaAccount extends baseModule {
|
||||||
0 => array('kind' => 'text', 'text' => _('Repeat password') ),
|
0 => array('kind' => 'text', 'text' => _('Repeat password') ),
|
||||||
1 => array('kind' => 'input', 'name' => 'lmPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => ''),
|
1 => array('kind' => 'input', 'name' => 'lmPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => ''),
|
||||||
2 => array('kind' => 'help', 'value' => 'password'));
|
2 => array('kind' => 'help', 'value' => 'password'));
|
||||||
if ($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]) {
|
if (isset($_SESSION[$this->base]->module['posixAccount']->clearTextPassword)) {
|
||||||
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use unix password') ),
|
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use Unix password') ),
|
||||||
1 => array ( 'kind' => 'input', 'name' => 'useunixpwd', 'type' => 'checkbox', 'checked' => $this->useunixpwd, 'value' => true),
|
1 => array ( 'kind' => 'input', 'name' => 'useunixpwd', 'type' => 'checkbox', 'checked' => $this->useunixpwd, 'value' => true),
|
||||||
2 => array ('kind' => 'help', 'value' => 'pwdUnix'));
|
2 => array ('kind' => 'help', 'value' => 'pwdUnix'));
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,7 +38,7 @@ $Id$
|
||||||
class sambaSamAccount extends baseModule {
|
class sambaSamAccount extends baseModule {
|
||||||
|
|
||||||
// Variables
|
// Variables
|
||||||
/** use unix password as samba password? */
|
/** use Unix password as samba password? */
|
||||||
var $useunixpwd;
|
var $useunixpwd;
|
||||||
/** use no password? */
|
/** use no password? */
|
||||||
var $nopwd;
|
var $nopwd;
|
||||||
|
@ -460,7 +460,7 @@ class sambaSamAccount extends baseModule {
|
||||||
function init($base) {
|
function init($base) {
|
||||||
// call parent init
|
// call parent init
|
||||||
parent::init($base);
|
parent::init($base);
|
||||||
$this->useunixpwd=false;
|
$this->useunixpwd = true;
|
||||||
$this->noexpire = true;
|
$this->noexpire = true;
|
||||||
$this->nopwd = false;
|
$this->nopwd = false;
|
||||||
$this->deactivated = false;
|
$this->deactivated = false;
|
||||||
|
@ -652,8 +652,8 @@ class sambaSamAccount extends baseModule {
|
||||||
|
|
||||||
if ($_POST['useunixpwd']) {
|
if ($_POST['useunixpwd']) {
|
||||||
$this->useunixpwd = true;
|
$this->useunixpwd = true;
|
||||||
$this->attributes['sambaLMPassword'][0] = lmPassword($_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]);
|
$this->attributes['sambaLMPassword'][0] = lmPassword($_SESSION[$this->base]->module['posixAccount']->clearTextPassword);
|
||||||
$this->attributes['sambaNTPassword'][0] = ntPassword($_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]);
|
$this->attributes['sambaNTPassword'][0] = ntPassword($_SESSION[$this->base]->module['posixAccount']->clearTextPassword);
|
||||||
$this->attributes['sambaPwdLastSet'][0] = time();
|
$this->attributes['sambaPwdLastSet'][0] = time();
|
||||||
}
|
}
|
||||||
else $this->useunixpwd = false;
|
else $this->useunixpwd = false;
|
||||||
|
@ -845,8 +845,8 @@ class sambaSamAccount extends baseModule {
|
||||||
$return[] = array(
|
$return[] = array(
|
||||||
0 => array('kind' => 'text', 'text' => _('Repeat password')),
|
0 => array('kind' => 'text', 'text' => _('Repeat password')),
|
||||||
1 => array('kind' => 'input', 'name' => 'sambaLMPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255'));
|
1 => array('kind' => 'input', 'name' => 'sambaLMPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255'));
|
||||||
if ($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0]) {
|
if (isset($_SESSION[$this->base]->module['posixAccount']->clearTextPassword)) {
|
||||||
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use unix password') ),
|
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Use Unix password') ),
|
||||||
1 => array ( 'kind' => 'input', 'name' => 'useunixpwd', 'type' => 'checkbox', 'checked' => $this->useunixpwd),
|
1 => array ( 'kind' => 'input', 'name' => 'useunixpwd', 'type' => 'checkbox', 'checked' => $this->useunixpwd),
|
||||||
2 => array ('kind' => 'help', 'value' => 'useunixpwd'));
|
2 => array ('kind' => 'help', 'value' => 'useunixpwd'));
|
||||||
}
|
}
|
||||||
|
@ -1074,7 +1074,7 @@ class sambaSamAccount extends baseModule {
|
||||||
for ( $i=2003; $i<=2030; $i++ ) $year[] = $i;
|
for ( $i=2003; $i<=2030; $i++ ) $year[] = $i;
|
||||||
// use Unix password as Samba password
|
// use Unix password as Samba password
|
||||||
$return[] = array(
|
$return[] = array(
|
||||||
0 => array('kind' => 'text', 'text' => _('Use unix password') . ': '),
|
0 => array('kind' => 'text', 'text' => _('Use Unix password') . ': '),
|
||||||
1 => array('kind' => 'input', 'name' => 'sambaSamAccount_useunixpwd', 'type' => 'checkbox', 'checked' => true),
|
1 => array('kind' => 'input', 'name' => 'sambaSamAccount_useunixpwd', 'type' => 'checkbox', 'checked' => true),
|
||||||
2 => array('kind' => 'help', 'value' => 'pwdunix')
|
2 => array('kind' => 'help', 'value' => 'pwdunix')
|
||||||
);
|
);
|
||||||
|
|
|
@ -71,7 +71,7 @@ class shadowAccount extends baseModule {
|
||||||
// managed object classes
|
// managed object classes
|
||||||
$return['objectClasses'] = array('shadowAccount');
|
$return['objectClasses'] = array('shadowAccount');
|
||||||
// managed attributes
|
// managed attributes
|
||||||
$return['attributes'] = array('userPassword', 'shadowLastChange', 'shadowMin', 'shadowMax', 'shadowWarning',
|
$return['attributes'] = array('shadowLastChange', 'shadowMin', 'shadowMax', 'shadowWarning',
|
||||||
'shadowInactive', 'shadowExpire');
|
'shadowInactive', 'shadowExpire');
|
||||||
// lists for expiration date
|
// lists for expiration date
|
||||||
$day = array(); $mon = array(); $year = array();
|
$day = array(); $mon = array(); $year = array();
|
||||||
|
@ -220,23 +220,12 @@ class shadowAccount extends baseModule {
|
||||||
function save_attributes() {
|
function save_attributes() {
|
||||||
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
||||||
// Set shadowLastchange manual.
|
// Set shadowLastchange manual.
|
||||||
if (isset($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0])) {
|
if (isset($_SESSION[$this->base]->module['posixAccount']->clearTextPassword)) {
|
||||||
if ($_SESSION[$this->base]->module['posixAccount']->orig['userPassword'][0] != $_SESSION[$this->base]->module['posixAccount']->attributes['userPassword'][0])
|
|
||||||
$return[$_SESSION[$this->base]->dn]['modify']['shadowLastChange'] = array(intval(time()/3600/24));
|
$return[$_SESSION[$this->base]->dn]['modify']['shadowLastChange'] = array(intval(time()/3600/24));
|
||||||
}
|
}
|
||||||
elseif ($_SESSION[$this->base]->isNewAccount) {
|
elseif ($_SESSION[$this->base]->isNewAccount) {
|
||||||
$return[$_SESSION[$this->base]->dn]['add']['shadowLastChange'] = array(intval(time()/3600/24));
|
$return[$_SESSION[$this->base]->dn]['add']['shadowLastChange'] = array(intval(time()/3600/24));
|
||||||
}
|
}
|
||||||
// do not set password if posixAccount is active
|
|
||||||
$modules = $_SESSION['config']->get_AccountModules($this->get_scope());
|
|
||||||
if (in_array('posixAccount', $modules)) {
|
|
||||||
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword'])) {
|
|
||||||
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
|
|
||||||
}
|
|
||||||
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword'])) {
|
|
||||||
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $return;
|
return $return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue