moved list of login shells to configuration profiles
This commit is contained in:
Roland Gruber
parent
50110b3ed6
commit
724815e60f
|
|
@ -1,16 +0,0 @@
|
|||
/bin/ash
|
||||
/bin/bash
|
||||
/bin/csh
|
||||
/bin/false
|
||||
/bin/ksh
|
||||
/bin/sh
|
||||
/bin/tcsh
|
||||
/bin/true
|
||||
/bin/zsh
|
||||
/usr/bin/csh
|
||||
/usr/bin/ksh
|
||||
/usr/bin/passwd
|
||||
/usr/bin/bash
|
||||
/usr/bin/rbash
|
||||
/usr/bin/tcsh
|
||||
/usr/bin/zsh
|
||||
|
|
@ -691,6 +691,19 @@ Have fun!
|
|||
<section id="a_versUpgrade">
|
||||
<title>Version specific upgrade instructions</title>
|
||||
|
||||
<section>
|
||||
<title>4.0 -> 4.1</title>
|
||||
|
||||
<para><emphasis role="bold">Unix:</emphasis> The list of valid login
|
||||
shells is no longer configured in "config/shells" but in the
|
||||
server/self service profiles (Unix settings). LAM will use the
|
||||
following shells by default: /bin/bash, /bin/csh, /bin/dash,
|
||||
/bin/false, /bin/ksh, /bin/sh.</para>
|
||||
|
||||
<para>Please update your server/self service profile if you would
|
||||
like to change the list of valid login shells.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>3.9 -> 4.0</title>
|
||||
|
||||
|
|
|
|||
|
|
@ -32,33 +32,6 @@ $Id$
|
|||
*/
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Returns a list of shells listed in config/shells.
|
||||
*
|
||||
* @return array list of shell names
|
||||
*/
|
||||
function getshells() {
|
||||
$return = array();
|
||||
$shellPath = dirname(__FILE__) . '/../config/shells';
|
||||
// load shells from file
|
||||
if (file_exists($shellPath)) {
|
||||
$shells = file($shellPath);
|
||||
for ($i = 0; $i < sizeof($shells); $i++) {
|
||||
// remove whitespaces and line end
|
||||
$shells[$i] = trim($shells[$i]);
|
||||
// remove comments
|
||||
if ((strlen($shells[$i]) == 0) || $shells[$i]{0}=='#') {
|
||||
continue;
|
||||
}
|
||||
$return[] = $shells[$i];
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* This function will return all values from $array without values of $values.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -162,7 +162,11 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$selfServiceContainer = new htmlTable();
|
||||
$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
|
||||
array('SSHA'), _("Password hash type")));
|
||||
$selfServiceContainer->addElement(new htmlHelpLink('pwdHash', get_class($this)));
|
||||
$selfServiceContainer->addElement(new htmlHelpLink('pwdHash', get_class($this)), true);
|
||||
$selfServiceContainer->addElement(new htmlTableExtendedInputTextarea('posixAccount_shells', implode("\r\n", $this->getShells()), 30, 4, _('Login shells')));
|
||||
$loginShellsHelp = new htmlHelpLink('loginShells', get_class($this));
|
||||
$loginShellsHelp->alignment = htmlElement::ALIGN_TOP;
|
||||
$selfServiceContainer->addElement($loginShellsHelp, true);
|
||||
$return['selfServiceSettings'] = $selfServiceContainer;
|
||||
}
|
||||
// profile checks
|
||||
|
|
@ -198,7 +202,8 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$configOptionsContainer->addElement(new htmlSubTitle(_('Options')), true);
|
||||
$configOptionsContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
|
||||
array('SSHA'), _("Password hash type"), 'pwdHash'), true);
|
||||
$configOptionsContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'));
|
||||
$configOptionsContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'), true);
|
||||
$configOptionsContainer->addElement(new htmlTableExtendedInputTextarea('posixAccount_shells', implode("\r\n", $this->getShells()), 30, 4, _('Login shells'), 'loginShells'), true);
|
||||
$return['config_options']['all'] = $configOptionsContainer;
|
||||
// upload
|
||||
$return['upload_preDepends'] = array('inetOrgPerson');
|
||||
|
|
@ -257,7 +262,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
'description' => _('Login shell'),
|
||||
'help' => 'loginShell',
|
||||
'example' => '/bin/bash',
|
||||
'values' => implode(", ", getshells()),
|
||||
'values' => implode(", ", $this->getShells()),
|
||||
'default' => '/bin/bash'
|
||||
),
|
||||
array(
|
||||
|
|
@ -384,6 +389,10 @@ class posixAccount extends baseModule implements passwordService {
|
|||
"Headline" => _("Suffix for UID/user name check"),
|
||||
"Text" => _("LAM checks if the entered user name and UID are unique. Here you can enter the LDAP suffix that is used to search for duplicates. By default the account type suffix is used. You only need to change this if you use multiple server profiles with different OUs but need unique user names or UIDs.")
|
||||
),
|
||||
'loginShells' => array(
|
||||
"Headline" => _("Login shells"),
|
||||
"Text" => _("This is the list of valid login shells.")
|
||||
),
|
||||
'user' => array(
|
||||
'uid' => array(
|
||||
"Headline" => _("User name"), 'attr' => 'uid',
|
||||
|
|
@ -411,7 +420,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
),
|
||||
'loginShell' => array(
|
||||
"Headline" => _("Login shell"),
|
||||
"Text" => _("To disable login use /bin/false. The list of shells is read from lam/config/shells")
|
||||
"Text" => _("To disable login use /bin/false.")
|
||||
),
|
||||
'addgroup' => array(
|
||||
"Headline" => _("Additional groups"),
|
||||
|
|
@ -1079,7 +1088,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$return->addElement(new htmlStatusMessage("ERROR", _('No Unix groups found in LDAP! Please create one first.')));
|
||||
return $return;
|
||||
}
|
||||
$shelllist = getshells(); // list of all valid shells
|
||||
$shelllist = $this->getShells(); // list of all valid shells
|
||||
|
||||
// set default values
|
||||
if (!isset($this->attributes['uid'][0]) && ($this->getAccountContainer()->getAccountModule('inetOrgPerson') != null)) {
|
||||
|
|
@ -1390,7 +1399,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$groups[] = $groupList[$i][1];
|
||||
}
|
||||
if ($this->get_scope() == 'user') {
|
||||
$shelllist = getshells(); // list of all valid shells
|
||||
$shelllist = $this->getShells(); // list of all valid shells
|
||||
// primary Unix group
|
||||
$return->addElement(new htmlTableExtendedSelect('posixAccount_primaryGroup', $groups, array(), _('Primary group'), 'gidNumber'), true);
|
||||
// additional group memberships
|
||||
|
|
@ -1746,7 +1755,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
if ($rawAccounts[$i][$ids['posixAccount_shell']] == "") {
|
||||
$partialAccounts[$i]['loginShell'] = '/bin/bash';
|
||||
}
|
||||
elseif (in_array($rawAccounts[$i][$ids['posixAccount_shell']], getshells())) {
|
||||
elseif (in_array($rawAccounts[$i][$ids['posixAccount_shell']], $this->getShells())) {
|
||||
$partialAccounts[$i]['loginShell'] = $rawAccounts[$i][$ids['posixAccount_shell']];
|
||||
}
|
||||
else {
|
||||
|
|
@ -2140,7 +2149,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
));
|
||||
}
|
||||
if (in_array('loginShell', $fields)) {
|
||||
$shelllist = getshells(); // list of all valid shells
|
||||
$shelllist = $this->getShells(); // list of all valid shells
|
||||
$loginShell = '';
|
||||
if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0];
|
||||
$loginShellField = new htmlSelect('posixAccount_loginShell', $shelllist, array($loginShell));
|
||||
|
|
@ -2216,7 +2225,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
}
|
||||
}
|
||||
if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) {
|
||||
$shelllist = getshells(); // list of all valid shells
|
||||
$shelllist = $this->getShells(); // list of all valid shells
|
||||
if (in_array($_POST['posixAccount_loginShell'], $shelllist)
|
||||
&& (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) {
|
||||
$return['mod']['loginShell'][0] = $_POST['posixAccount_loginShell'];
|
||||
|
|
@ -2604,6 +2613,33 @@ class posixAccount extends baseModule implements passwordService {
|
|||
return $userName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the list of possible login shells.
|
||||
*
|
||||
* @return array login shells
|
||||
*/
|
||||
private function getShells() {
|
||||
// self service
|
||||
if (!isset($_SESSION['loggedIn']) && isset($this->selfServiceSettings) && isset($this->selfServiceSettings->moduleSettings['posixAccount_shells'])
|
||||
&& (sizeof($this->selfServiceSettings->moduleSettings['posixAccount_shells'])) > 0) {
|
||||
return $this->selfServiceSettings->moduleSettings['posixAccount_shells'];
|
||||
}
|
||||
// server profile
|
||||
if (!isset($this->selfServiceSettings) && isset($this->moduleSettings) && isset($this->moduleSettings['posixAccount_shells'])
|
||||
&& (sizeof($this->moduleSettings['posixAccount_shells'])) > 0) {
|
||||
return $this->moduleSettings['posixAccount_shells'];
|
||||
}
|
||||
// fall back to default
|
||||
return array(
|
||||
'/bin/bash',
|
||||
'/bin/csh',
|
||||
'/bin/dash',
|
||||
'/bin/false',
|
||||
'/bin/ksh',
|
||||
'/bin/sh'
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue