WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

moved list of login shells to configuration profiles

This commit is contained in:
Roland Gruber 2013-02-05 19:10:04 +00:00
parent 50110b3ed6
commit 724815e60f
4 changed files with 58 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lam/config/shells
View File

@ -1,16 +0,0 @@
/bin/ash
/bin/bash
/bin/csh
/bin/false
/bin/ksh
/bin/sh
/bin/tcsh
/bin/true
/bin/zsh
/usr/bin/csh
/usr/bin/ksh
/usr/bin/passwd
/usr/bin/bash
/usr/bin/rbash
/usr/bin/tcsh
/usr/bin/zsh

13
lam/docs/manual-sources/howto.xml
View File

@ -691,6 +691,19 @@ Have fun!
<section id="a_versUpgrade"> <section id="a_versUpgrade">
<title>Version specific upgrade instructions</title> <title>Version specific upgrade instructions</title>
<section>
<title>4.0 -&gt; 4.1</title>
<para><emphasis role="bold">Unix:</emphasis> The list of valid login
shells is no longer configured in "config/shells" but in the
server/self service profiles (Unix settings). LAM will use the
following shells by default: /bin/bash, /bin/csh, /bin/dash,
/bin/false, /bin/ksh, /bin/sh.</para>
<para>Please update your server/self service profile if you would
like to change the list of valid login shells.</para>
</section>
<section> <section>
<title>3.9 -&gt; 4.0</title> <title>3.9 -&gt; 4.0</title>

27
lam/lib/account.inc
View File

@ -32,33 +32,6 @@ $Id$
*/ */
/**
* Returns a list of shells listed in config/shells.
*
* @return array list of shell names
*/
function getshells() {
$return = array();
$shellPath = dirname(__FILE__) . '/../config/shells';
// load shells from file
if (file_exists($shellPath)) {
$shells = file($shellPath);
for ($i = 0; $i < sizeof($shells); $i++) {
// remove whitespaces and line end
$shells[$i] = trim($shells[$i]);
// remove comments
if ((strlen($shells[$i]) == 0) || $shells[$i]{0}=='#') {
continue;
}
$return[] = $shells[$i];
}
return $return;
}
return $return;
}
/** /**
* This function will return all values from $array without values of $values. * This function will return all values from $array without values of $values.
* *

54
lam/lib/modules/posixAccount.inc
View File

@ -162,7 +162,11 @@ class posixAccount extends baseModule implements passwordService {
$selfServiceContainer = new htmlTable(); $selfServiceContainer = new htmlTable();
$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(), $selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
array('SSHA'), _("Password hash type"))); array('SSHA'), _("Password hash type")));
$selfServiceContainer->addElement(new htmlHelpLink('pwdHash', get_class($this))); $selfServiceContainer->addElement(new htmlHelpLink('pwdHash', get_class($this)), true);
$selfServiceContainer->addElement(new htmlTableExtendedInputTextarea('posixAccount_shells', implode("\r\n", $this->getShells()), 30, 4, _('Login shells')));
$loginShellsHelp = new htmlHelpLink('loginShells', get_class($this));
$loginShellsHelp->alignment = htmlElement::ALIGN_TOP;
$selfServiceContainer->addElement($loginShellsHelp, true);
$return['selfServiceSettings'] = $selfServiceContainer; $return['selfServiceSettings'] = $selfServiceContainer;
} }
// profile checks // profile checks
@ -198,7 +202,8 @@ class posixAccount extends baseModule implements passwordService {
$configOptionsContainer->addElement(new htmlSubTitle(_('Options')), true); $configOptionsContainer->addElement(new htmlSubTitle(_('Options')), true);
$configOptionsContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(), $configOptionsContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
array('SSHA'), _("Password hash type"), 'pwdHash'), true); array('SSHA'), _("Password hash type"), 'pwdHash'), true);
$configOptionsContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary')); $configOptionsContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'), true);
$configOptionsContainer->addElement(new htmlTableExtendedInputTextarea('posixAccount_shells', implode("\r\n", $this->getShells()), 30, 4, _('Login shells'), 'loginShells'), true);
$return['config_options']['all'] = $configOptionsContainer; $return['config_options']['all'] = $configOptionsContainer;
// upload // upload
$return['upload_preDepends'] = array('inetOrgPerson'); $return['upload_preDepends'] = array('inetOrgPerson');
@ -257,7 +262,7 @@ class posixAccount extends baseModule implements passwordService {
'description' => _('Login shell'), 'description' => _('Login shell'),
'help' => 'loginShell', 'help' => 'loginShell',
'example' => '/bin/bash', 'example' => '/bin/bash',
'values' => implode(", ", getshells()), 'values' => implode(", ", $this->getShells()),
'default' => '/bin/bash' 'default' => '/bin/bash'
), ),
array( array(
@ -384,6 +389,10 @@ class posixAccount extends baseModule implements passwordService {
"Headline" => _("Suffix for UID/user name check"), "Headline" => _("Suffix for UID/user name check"),
"Text" => _("LAM checks if the entered user name and UID are unique. Here you can enter the LDAP suffix that is used to search for duplicates. By default the account type suffix is used. You only need to change this if you use multiple server profiles with different OUs but need unique user names or UIDs.") "Text" => _("LAM checks if the entered user name and UID are unique. Here you can enter the LDAP suffix that is used to search for duplicates. By default the account type suffix is used. You only need to change this if you use multiple server profiles with different OUs but need unique user names or UIDs.")
), ),
'loginShells' => array(
"Headline" => _("Login shells"),
"Text" => _("This is the list of valid login shells.")
),
'user' => array( 'user' => array(
'uid' => array( 'uid' => array(
"Headline" => _("User name"), 'attr' => 'uid', "Headline" => _("User name"), 'attr' => 'uid',
@ -411,7 +420,7 @@ class posixAccount extends baseModule implements passwordService {
), ),
'loginShell' => array( 'loginShell' => array(
"Headline" => _("Login shell"), "Headline" => _("Login shell"),
"Text" => _("To disable login use /bin/false. The list of shells is read from lam/config/shells") "Text" => _("To disable login use /bin/false.")
), ),
'addgroup' => array( 'addgroup' => array(
"Headline" => _("Additional groups"), "Headline" => _("Additional groups"),
@ -1079,7 +1088,7 @@ class posixAccount extends baseModule implements passwordService {
$return->addElement(new htmlStatusMessage("ERROR", _('No Unix groups found in LDAP! Please create one first.'))); $return->addElement(new htmlStatusMessage("ERROR", _('No Unix groups found in LDAP! Please create one first.')));
return $return; return $return;
} }
$shelllist = getshells(); // list of all valid shells $shelllist = $this->getShells(); // list of all valid shells
// set default values // set default values
if (!isset($this->attributes['uid'][0]) && ($this->getAccountContainer()->getAccountModule('inetOrgPerson') != null)) { if (!isset($this->attributes['uid'][0]) && ($this->getAccountContainer()->getAccountModule('inetOrgPerson') != null)) {
@ -1390,7 +1399,7 @@ class posixAccount extends baseModule implements passwordService {
$groups[] = $groupList[$i][1]; $groups[] = $groupList[$i][1];
} }
if ($this->get_scope() == 'user') { if ($this->get_scope() == 'user') {
$shelllist = getshells(); // list of all valid shells $shelllist = $this->getShells(); // list of all valid shells
// primary Unix group // primary Unix group
$return->addElement(new htmlTableExtendedSelect('posixAccount_primaryGroup', $groups, array(), _('Primary group'), 'gidNumber'), true); $return->addElement(new htmlTableExtendedSelect('posixAccount_primaryGroup', $groups, array(), _('Primary group'), 'gidNumber'), true);
// additional group memberships // additional group memberships
@ -1746,7 +1755,7 @@ class posixAccount extends baseModule implements passwordService {
if ($rawAccounts[$i][$ids['posixAccount_shell']] == "") { if ($rawAccounts[$i][$ids['posixAccount_shell']] == "") {
$partialAccounts[$i]['loginShell'] = '/bin/bash'; $partialAccounts[$i]['loginShell'] = '/bin/bash';
} }
elseif (in_array($rawAccounts[$i][$ids['posixAccount_shell']], getshells())) { elseif (in_array($rawAccounts[$i][$ids['posixAccount_shell']], $this->getShells())) {
$partialAccounts[$i]['loginShell'] = $rawAccounts[$i][$ids['posixAccount_shell']]; $partialAccounts[$i]['loginShell'] = $rawAccounts[$i][$ids['posixAccount_shell']];
} }
else { else {
@ -2140,7 +2149,7 @@ class posixAccount extends baseModule implements passwordService {
)); ));
} }
if (in_array('loginShell', $fields)) { if (in_array('loginShell', $fields)) {
$shelllist = getshells(); // list of all valid shells $shelllist = $this->getShells(); // list of all valid shells
$loginShell = ''; $loginShell = '';
if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0]; if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0];
$loginShellField = new htmlSelect('posixAccount_loginShell', $shelllist, array($loginShell)); $loginShellField = new htmlSelect('posixAccount_loginShell', $shelllist, array($loginShell));
@ -2216,7 +2225,7 @@ class posixAccount extends baseModule implements passwordService {
} }
} }
if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) { if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) {
$shelllist = getshells(); // list of all valid shells $shelllist = $this->getShells(); // list of all valid shells
if (in_array($_POST['posixAccount_loginShell'], $shelllist) if (in_array($_POST['posixAccount_loginShell'], $shelllist)
&& (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) { && (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) {
$return['mod']['loginShell'][0] = $_POST['posixAccount_loginShell']; $return['mod']['loginShell'][0] = $_POST['posixAccount_loginShell'];
@ -2604,6 +2613,33 @@ class posixAccount extends baseModule implements passwordService {
return $userName; return $userName;
} }
/**
* Returns the list of possible login shells.
*
* @return array login shells
*/
private function getShells() {
// self service
if (!isset($_SESSION['loggedIn']) && isset($this->selfServiceSettings) && isset($this->selfServiceSettings->moduleSettings['posixAccount_shells'])
&& (sizeof($this->selfServiceSettings->moduleSettings['posixAccount_shells'])) > 0) {
return $this->selfServiceSettings->moduleSettings['posixAccount_shells'];
}
// server profile
if (!isset($this->selfServiceSettings) && isset($this->moduleSettings) && isset($this->moduleSettings['posixAccount_shells'])
&& (sizeof($this->moduleSettings['posixAccount_shells'])) > 0) {
return $this->moduleSettings['posixAccount_shells'];
}
// fall back to default
return array(
'/bin/bash',
'/bin/csh',
'/bin/dash',
'/bin/false',
'/bin/ksh',
'/bin/sh'
);
}
} }
?> ?>