WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

password expiration

This commit is contained in:
Roland Gruber 2018-04-15 19:03:50 +02:00
parent a1fa476517
commit 7128404409
1 changed files with 43 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
lam/lib/types/user.inc
View File

@ -1,9 +1,8 @@
<?php <?php
/* /*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2005 - 2017 Roland Gruber Copyright (C) 2005 - 2018 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -242,6 +241,7 @@ class user extends baseType {
$is389dsAvailable = ($container->getAccountModule('locking389ds') != null); $is389dsAvailable = ($container->getAccountModule('locking389ds') != null);
$is389dsLocked = $is389dsAvailable && $container->getAccountModule('locking389ds')->isLocked(); $is389dsLocked = $is389dsAvailable && $container->getAccountModule('locking389ds')->isLocked();
$is389dsDeactivated = $is389dsAvailable && $container->getAccountModule('locking389ds')->isDeactivated(); $is389dsDeactivated = $is389dsAvailable && $container->getAccountModule('locking389ds')->isDeactivated();
$is389dsPwdExpired = $is389dsAvailable && locking389ds::isPasswordExpired($container->getAccountModule('locking389ds')->getAttributes());
if (!$unixAvailable && !$sambaAvailable && !$ppolicyAvailable && !$windowsAvailable && !$is389dsAvailable) { if (!$unixAvailable && !$sambaAvailable && !$ppolicyAvailable && !$windowsAvailable && !$is389dsAvailable) {
return ''; return '';
} }
@ -275,7 +275,7 @@ class user extends baseType {
} }
$partiallyLocked = $unixLocked || $sambaLocked $partiallyLocked = $unixLocked || $sambaLocked
|| $ppolicyLocked || $windowsLocked || $windowsPasswordLocked || $ppolicyLocked || $windowsLocked || $windowsPasswordLocked
|| $is389dsDeactivated || $is389dsLocked; || $is389dsDeactivated || $is389dsLocked || $is389dsPwdExpired;
$fullyLocked = ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsDeactivated || $is389dsLocked) $fullyLocked = ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsDeactivated || $is389dsLocked)
&& (!$unixAvailable || $unixLocked) && (!$unixAvailable || $unixLocked)
&& (!$sambaAvailable || $sambaLocked) && (!$sambaAvailable || $sambaLocked)
@ -335,13 +335,19 @@ class user extends baseType {
$icon389dsActivation = $is389dsDeactivated ? 'lock.png' : 'unlocked.png'; $icon389dsActivation = $is389dsDeactivated ? 'lock.png' : 'unlocked.png';
$statusTable .= '<tr><td>' . $text389dsActivation . '&nbsp;&nbsp;</td><td><img height=16 width=16 src=&quot;../../graphics/' . $icon389dsActivation . '&quot;></td></tr>'; $statusTable .= '<tr><td>' . $text389dsActivation . '&nbsp;&nbsp;</td><td><img height=16 width=16 src=&quot;../../graphics/' . $icon389dsActivation . '&quot;></td></tr>';
} }
// 389ds password expired
if ($is389dsPwdExpired) {
$statusTable .= '<tr><td>' . _('Password expired') . '&nbsp;&nbsp;</td><td><img height=16 width=16 src=&quot;../../graphics/lock.png&quot;></td></tr>';
}
$statusTable .= '</table>'; $statusTable .= '</table>';
$tipContent = $statusTable; $tipContent = $statusTable;
if ($isEditable) { if ($isEditable) {
$tipContent .= '<br><img alt=&quot;hint&quot; src=&quot;../../graphics/light.png&quot;> '; $tipContent .= '<br><img alt=&quot;hint&quot; src=&quot;../../graphics/light.png&quot;> ';
$tipContent .= _('Please click to lock/unlock this account.'); $tipContent .= _('Please click to lock/unlock this account.');
} }
$dialogDiv = $this->buildAccountStatusDialogDiv($unixAvailable, $unixLocked, $sambaAvailable, $sambaLocked, $ppolicyAvailable, $ppolicyLocked, $windowsAvailable, $windowsLocked, $windowsPasswordLockedTime, $is389dsAvailable, $is389dsLocked, $is389dsDeactivated); $dialogDiv = $this->buildAccountStatusDialogDiv($unixAvailable, $unixLocked, $sambaAvailable, $sambaLocked,
$ppolicyAvailable, $ppolicyLocked, $windowsAvailable, $windowsLocked, $windowsPasswordLockedTime,
$is389dsAvailable, $is389dsLocked, $is389dsDeactivated, $is389dsPwdExpired);
$onClick = ''; $onClick = '';
if ($isEditable) { if ($isEditable) {
$onClick = 'onclick="showConfirmationDialog(\'' . _('Change account status') . '\', \'' . _('Ok') . '\', \'' . _('Cancel') . '\', \'lam_accountStatusDialog\', \'inputForm\', \'lam_accountStatusResult\');"'; $onClick = 'onclick="showConfirmationDialog(\'' . _('Change account status') . '\', \'' . _('Ok') . '\', \'' . _('Cancel') . '\', \'lam_accountStatusDialog\', \'inputForm\', \'lam_accountStatusResult\');"';
@ -392,11 +398,12 @@ class user extends baseType {
* @param boolean $is389dsAvailable 389ds is available * @param boolean $is389dsAvailable 389ds is available
* @param boolean $is389dsLocked account is locked * @param boolean $is389dsLocked account is locked
* @param boolean $is389dsDeactivated account is deactivated * @param boolean $is389dsDeactivated account is deactivated
* @param boolean $is389dsPwdExpired password expired
*/ */
private function buildAccountStatusDialogDiv($unixAvailable, $unixLocked, $sambaAvailable, $sambaLocked, $ppolicyAvailable, $ppolicyLocked, $windowsAvailable, private function buildAccountStatusDialogDiv($unixAvailable, $unixLocked, $sambaAvailable, $sambaLocked, $ppolicyAvailable, $ppolicyLocked, $windowsAvailable,
$windowsLocked, $windowsPasswordLockedTime, $is389dsAvailable, $is389dsLocked, $is389dsDeactivated) { $windowsLocked, $windowsPasswordLockedTime, $is389dsAvailable, $is389dsLocked, $is389dsDeactivated, $is389dsPwdExpired) {
$windowsPasswordLocked = ($windowsPasswordLockedTime != null); $windowsPasswordLocked = ($windowsPasswordLockedTime != null);
$partiallyLocked = $unixLocked || $sambaLocked || $ppolicyLocked || $windowsLocked || $windowsPasswordLocked || $is389dsLocked || $is389dsDeactivated; $partiallyLocked = $unixLocked || $sambaLocked || $ppolicyLocked || $windowsLocked || $windowsPasswordLocked || $is389dsLocked || $is389dsDeactivated || $is389dsPwdExpired;
$fullyLocked = ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsLocked || $is389dsDeactivated) $fullyLocked = ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsLocked || $is389dsDeactivated)
&& (!$unixAvailable || $unixLocked) && (!$unixAvailable || $unixLocked)
&& (!$sambaAvailable || $sambaLocked) && (!$sambaAvailable || $sambaLocked)
@ -496,6 +503,10 @@ class user extends baseType {
$unlockContent->addElement(new htmlImage('../../graphics/security.png')); $unlockContent->addElement(new htmlImage('../../graphics/security.png'));
$unlockContent->addElement(new htmlTableExtendedInputCheckbox('lam_accountStatusActivate389ds', true, _('Activate'), null, false), true); $unlockContent->addElement(new htmlTableExtendedInputCheckbox('lam_accountStatusActivate389ds', true, _('Activate'), null, false), true);
} }
if ($is389dsAvailable && $is389dsPwdExpired) {
$unlockContent->addElement(new htmlImage('../../graphics/security.png'));
$unlockContent->addElement(new htmlTableExtendedInputCheckbox('lam_accountStatusPwdUnexpire389ds', true, _('Clear password expiration'), null, false), true);
}
if ($windowsAvailable && $windowsLocked) { if ($windowsAvailable && $windowsLocked) {
$unlockContent->addElement(new htmlImage('../../graphics/samba.png')); $unlockContent->addElement(new htmlImage('../../graphics/samba.png'));
$unlockContent->addElement(new htmlTableExtendedInputCheckbox('lam_accountStatusUnlockWindows', true, _('Windows'), null, false), true); $unlockContent->addElement(new htmlTableExtendedInputCheckbox('lam_accountStatusUnlockWindows', true, _('Windows'), null, false), true);
@ -587,6 +598,9 @@ class user extends baseType {
if (isset($_POST['lam_accountStatusActivate389ds']) && ($_POST['lam_accountStatusActivate389ds'] == 'on')) { if (isset($_POST['lam_accountStatusActivate389ds']) && ($_POST['lam_accountStatusActivate389ds'] == 'on')) {
$container->getAccountModule('locking389ds')->activate(); $container->getAccountModule('locking389ds')->activate();
} }
if (isset($_POST['lam_accountStatusPwdUnexpire389ds']) && ($_POST['lam_accountStatusPwdUnexpire389ds'] == 'on')) {
$container->getAccountModule('locking389ds')->clearPasswordExpiration();
}
// Windows // Windows
if (isset($_POST['lam_accountStatusUnlockWindows']) && ($_POST['lam_accountStatusUnlockWindows'] == 'on')) { if (isset($_POST['lam_accountStatusUnlockWindows']) && ($_POST['lam_accountStatusUnlockWindows'] == 'on')) {
$container->getAccountModule('windowsUser')->setIsDeactivated(false); $container->getAccountModule('windowsUser')->setIsDeactivated(false);
@ -935,6 +949,7 @@ class lamUserList extends lamList {
$attrs[] = 'shadowMax'; $attrs[] = 'shadowMax';
$attrs[] = 'shadowInactive'; $attrs[] = 'shadowInactive';
$attrs[] = 'accountExpires'; $attrs[] = 'accountExpires';
$attrs[] = 'passwordExpirationTime';
$attrs[] = 'objectClass'; $attrs[] = 'objectClass';
} }
return $attrs; return $attrs;
@ -957,11 +972,12 @@ class lamUserList extends lamList {
$windowsPasswordLocked = ($this->getWindowsPasswordLockedTime($this->entries[$i]) != null); $windowsPasswordLocked = ($this->getWindowsPasswordLockedTime($this->entries[$i]) != null);
$is389dsLocked = self::is389dsLocked($this->entries[$i]); $is389dsLocked = self::is389dsLocked($this->entries[$i]);
$is389dsDeactivated = self::is389dsDeactivated($this->entries[$i]); $is389dsDeactivated = self::is389dsDeactivated($this->entries[$i]);
$is389dsPwdExpired = self::is389dsPwdExpired($this->entries[$i]);
$hasLocked = ($unixAvailable && $unixLocked) $hasLocked = ($unixAvailable && $unixLocked)
|| ($sambaAvailable && $sambaLocked) || ($sambaAvailable && $sambaLocked)
|| ($ppolicyAvailable && $ppolicyLocked) || ($ppolicyAvailable && $ppolicyLocked)
|| ($windowsAvailable && ($windowsLocked || $windowsPasswordLocked)) || ($windowsAvailable && ($windowsLocked || $windowsPasswordLocked))
|| $is389dsDeactivated || $is389dsDeactivated || $is389dsPwdExpired
|| $is389dsLocked; || $is389dsLocked;
$hasUnlocked = ($unixAvailable && !$unixLocked) $hasUnlocked = ($unixAvailable && !$unixLocked)
|| ($sambaAvailable && !$sambaLocked) || ($sambaAvailable && !$sambaLocked)
@ -1013,10 +1029,12 @@ class lamUserList extends lamList {
$windowsPasswordLocked = ($windowsPasswordLockedTime != null); $windowsPasswordLocked = ($windowsPasswordLockedTime != null);
$is389dsDeactivated = self::is389dsDeactivated($attrs); $is389dsDeactivated = self::is389dsDeactivated($attrs);
$is389dsLocked = self::is389dsLocked($attrs); $is389dsLocked = self::is389dsLocked($attrs);
$is389dsPwdExpired = self::is389dsPwdExpired($attrs);
$partiallyLocked = $unixLocked || $sambaLocked $partiallyLocked = $unixLocked || $sambaLocked
|| $ppolicyLocked || $windowsLocked || $windowsPasswordLocked || $ppolicyLocked || $windowsLocked || $windowsPasswordLocked
|| $is389dsDeactivated || $is389dsLocked; || $is389dsDeactivated || $is389dsLocked || $is389dsPwdExpired;
$fullyLocked = ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsDeactivated || $is389dsLocked) $fullyLocked = ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable ||
$is389dsDeactivated || $is389dsLocked)
&& (!$unixAvailable || $unixLocked) && (!$unixAvailable || $unixLocked)
&& (!$sambaAvailable || $sambaLocked) && (!$sambaAvailable || $sambaLocked)
&& (!$ppolicyAvailable || $ppolicyLocked) && (!$ppolicyAvailable || $ppolicyLocked)
@ -1036,7 +1054,8 @@ class lamUserList extends lamList {
$icon = 'partiallyLocked.png'; $icon = 'partiallyLocked.png';
} }
// print icon and detail tooltips // print icon and detail tooltips
if ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsDeactivated || $expired) { if ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable ||
$is389dsDeactivated || $is389dsLocked || $is389dsPwdExpired || $expired) {
$tipContent = '<table border=0>'; $tipContent = '<table border=0>';
// Shadow expired // Shadow expired
if ($shadowExpired) { if ($shadowExpired) {
@ -1091,6 +1110,10 @@ class lamUserList extends lamList {
if ($is389dsDeactivated) { if ($is389dsDeactivated) {
$tipContent .= '<tr><td>' . _('Deactivated') . '&nbsp;&nbsp;</td><td><img height=16 width=16 src=&quot;../../graphics/lock.png&quot;></td></tr>'; $tipContent .= '<tr><td>' . _('Deactivated') . '&nbsp;&nbsp;</td><td><img height=16 width=16 src=&quot;../../graphics/lock.png&quot;></td></tr>';
} }
// 389 password expired
if ($is389dsPwdExpired) {
$tipContent .= '<tr><td>' . _('Password expired') . '&nbsp;&nbsp;</td><td><img height=16 width=16 src=&quot;../../graphics/lock.png&quot;></td></tr>';
}
$tipContent .= '</table>'; $tipContent .= '</table>';
echo '<img helptitle="' . _('Account status') . '" helpdata="' . $tipContent . '" alt="status" height=16 width=16 src="../../graphics/' . $icon . '">'; echo '<img helptitle="' . _('Account status') . '" helpdata="' . $tipContent . '" alt="status" height=16 width=16 src="../../graphics/' . $icon . '">';
} }
@ -1219,6 +1242,16 @@ class lamUserList extends lamList {
return (isset($attrs['nsaccountlock'][0]) && ($attrs['nsaccountlock'][0] == 'true')); return (isset($attrs['nsaccountlock'][0]) && ($attrs['nsaccountlock'][0] == 'true'));
} }
/**
* Returns if password expired.
*
* @param array $attrs LDAP attributes
* @return boolean password is expired
*/
public static function is389dsPwdExpired(&$attrs) {
return (class_exists('locking389ds') && locking389ds::isPasswordExpired($attrs));
}
/** /**
* Returns if locked by accountUnlockTime. * Returns if locked by accountUnlockTime.
* *