This commit is contained in:
Roland Gruber 2015-09-02 16:39:30 +00:00
parent 7cd3b6b6c8
commit 7cd0018933
3 changed files with 189 additions and 14 deletions

View File

@ -1,3 +1,7 @@
December 2015 5.2
- SSH public key: added possibility to add/remove SSH extension
31.08.2015 5.1 31.08.2015 5.1
- IMAP: support Windows users - IMAP: support Windows users
- SSH public key: check uploaded files if in right format - SSH public key: check uploaded files if in right format

View File

@ -38,6 +38,17 @@ class ldapPublicKey extends baseModule {
/** session variable for existing keys in self service */ /** session variable for existing keys in self service */
const SESS_KEY_LIST = 'ldapPublicKey_keyList'; const SESS_KEY_LIST = 'ldapPublicKey_keyList';
/**
* Creates a new sambaSamAccount object.
*
* @param string $scope account type (user, group, host)
*/
function __construct($scope) {
// call parent constructor
parent::__construct($scope);
$this->autoAddObjectClasses = false;
}
/** /**
* Returns true if this module can manage accounts of the current type, otherwise false. * Returns true if this module can manage accounts of the current type, otherwise false.
* *
@ -80,7 +91,15 @@ class ldapPublicKey extends baseModule {
"Headline" => _("File upload"), 'attr' => 'sshPublicKey', "Headline" => _("File upload"), 'attr' => 'sshPublicKey',
"Text" => _("Upload a file with one or more keys. Each line contains one key.") "Text" => _("Upload a file with one or more keys. Each line contains one key.")
), ),
'autoAdd' => array(
"Headline" => _("Automatically add this extension"),
"Text" => _("This will enable the extension automatically if this profile is loaded.")
),
); );
// profile options
$profileContainer = new htmlTable();
$profileContainer->addElement(new htmlTableExtendedInputCheckbox('ldapPublicKey_addExt', false, _('Automatically add this extension'), 'autoAdd'), true);
$return['profile_options'] = $profileContainer;
// upload fields // upload fields
$return['upload_columns'] = array( $return['upload_columns'] = array(
array( array(
@ -117,17 +136,28 @@ class ldapPublicKey extends baseModule {
*/ */
function display_html_attributes() { function display_html_attributes() {
$return = new htmlTable(); $return = new htmlTable();
$this->addMultiValueInputTextField($return, 'sshPublicKey', _('SSH public key'), false, '16384', false, null, '50'); if (in_array('ldapPublicKey', $this->attributes['objectClass'])) {
// file upload $this->addMultiValueInputTextField($return, 'sshPublicKey', _('SSH public key'), false, '16384', false, null, '50');
$return->addElement(new htmlSpacer(null, '20px'), true); // file upload
$return->addElement(new htmlOutputText(_('Upload file'))); $return->addElement(new htmlSpacer(null, '20px'), true);
$uploadGroup = new htmlGroup(); $return->addElement(new htmlOutputText(_('Upload file')));
$uploadGroup->addElement(new htmlInputFileUpload('sshPublicKeyFile')); $uploadGroup = new htmlGroup();
$uploadGroup->addElement(new htmlSpacer('1px', null)); $uploadGroup->addElement(new htmlInputFileUpload('sshPublicKeyFile'));
$uploadGroup->addElement(new htmlButton('sshPublicKeyFileSubmit', _('Upload'))); $uploadGroup->addElement(new htmlSpacer('1px', null));
$uploadGroup->addElement(new htmlSpacer('5px', null)); $uploadGroup->addElement(new htmlButton('sshPublicKeyFileSubmit', _('Upload')));
$uploadGroup->addElement(new htmlHelpLink('upload')); $uploadGroup->addElement(new htmlSpacer('5px', null));
$return->addElement($uploadGroup); $uploadGroup->addElement(new htmlHelpLink('upload'));
$return->addElement($uploadGroup, true);
$return->addElement(new htmlSpacer(null, '30px'), true);
$remButton = new htmlButton('remObjectClass', _('Remove SSH public key extension'));
$remButton->colspan = 3;
$return->addElement($remButton);
}
else {
$return->addElement(new htmlButton('addObjectClass', _('Add SSH public key extension')));
}
return $return; return $return;
} }
@ -139,6 +169,23 @@ class ldapPublicKey extends baseModule {
*/ */
function process_attributes() { function process_attributes() {
$messages = array(); $messages = array();
// add extension
if (isset($_POST['addObjectClass'])) {
$this->attributes['objectClass'][] = 'ldapPublicKey';
return array();
}
// remove extension
elseif (isset($_POST['remObjectClass'])) {
$this->attributes['objectClass'] = array_delete(array('ldapPublicKey'), $this->attributes['objectClass']);
if (!empty($this->attributes['sshPublicKey'])) {
unset($this->attributes['sshPublicKey']);
}
return array();
}
// skip processing if extension is not active
if (!in_array('ldapPublicKey', $this->attributes['objectClass'])) {
return array();
}
$this->processMultiValueInputTextField('sshPublicKey', $messages); $this->processMultiValueInputTextField('sshPublicKey', $messages);
// file upload // file upload
if (isset($_POST['sshPublicKeyFileSubmit'])) { if (isset($_POST['sshPublicKeyFileSubmit'])) {
@ -175,6 +222,42 @@ class ldapPublicKey extends baseModule {
return $messages; return $messages;
} }
/**
* Returns a list of modifications which have to be made to the LDAP account.
*
* @return array list of modifications
* <br>This function returns an array with 3 entries:
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
if (!in_array('ldapPublicKey', $this->attributes['objectClass']) && !in_array('ldapPublicKey', $this->orig['objectClass'])) {
// skip saving if the extension was not added/modified
return array();
}
return parent::save_attributes();
}
/**
* Loads the values of an account profile into internal variables.
*
* @param array $profile hash array with profile values (identifier => value)
*/
function load_profile($profile) {
// profile mappings in meta data
parent::load_profile($profile);
// add extension
if (isset($profile['ldapPublicKey_addExt'][0]) && ($profile['ldapPublicKey_addExt'][0] == "true")) {
if (!in_array('ldapPublicKey', $this->attributes['objectClass'])) {
$this->attributes['objectClass'][] = 'ldapPublicKey';
}
}
}
/** /**
* In this function the LDAP account is built up. * In this function the LDAP account is built up.
* *

View File

@ -95,7 +95,9 @@ class windowsUser extends baseModule implements passwordService {
$return['attributes'] = array('userPrincipalName', 'cn', 'sAMAccountName', 'description', 'displayName', 'givenName', 'initials', $return['attributes'] = array('userPrincipalName', 'cn', 'sAMAccountName', 'description', 'displayName', 'givenName', 'initials',
'l', 'mail', 'otherTelephone', 'physicalDeliveryOfficeName', 'postalCode', 'postOfficeBox', 'sn', 'st', 'l', 'mail', 'otherTelephone', 'physicalDeliveryOfficeName', 'postalCode', 'postOfficeBox', 'sn', 'st',
'streetAddress', 'telephoneNumber', 'url', 'wWWHomePage', 'userAccountControl', 'profilePath', 'scriptPath', 'streetAddress', 'telephoneNumber', 'url', 'wWWHomePage', 'userAccountControl', 'profilePath', 'scriptPath',
'pwdLastSet', 'otherMailbox', 'homeDirectory', 'homeDrive', 'msSFU30Name', 'msSFU30NisDomain'); 'pwdLastSet', 'otherMailbox', 'homeDirectory', 'homeDrive', 'msSFU30Name', 'msSFU30NisDomain', 'pwdLastSet',
'lastLogonTimestamp'
);
// help Entries // help Entries
$return['help'] = array( $return['help'] = array(
'cn' => array( 'cn' => array(
@ -256,6 +258,14 @@ class windowsUser extends baseModule implements passwordService {
"Headline" => _('NIS domain'), 'attr' => 'msSFU30NisDomain', "Headline" => _('NIS domain'), 'attr' => 'msSFU30NisDomain',
"Text" => _('NIS domain name.') "Text" => _('NIS domain name.')
), ),
'pwdLastSet' => array(
"Headline" => _('Last password change'), 'attr' => 'pwdLastSet',
"Text" => _('Time of user\'s last password change.')
),
'lastLogonTimestamp' => array(
"Headline" => _('Last login'), 'attr' => 'lastLogonTimestamp',
"Text" => _('Time of user\'s last login.')
),
); );
// upload fields // upload fields
$return['upload_columns'] = array( $return['upload_columns'] = array(
@ -534,6 +544,12 @@ class windowsUser extends baseModule implements passwordService {
if (!$this->isBooleanConfigOptionSet('windowsUser_hidemsSFU30NisDomain', true)) { if (!$this->isBooleanConfigOptionSet('windowsUser_hidemsSFU30NisDomain', true)) {
$return['PDF_fields']['msSFU30NisDomain'] = _('NIS domain'); $return['PDF_fields']['msSFU30NisDomain'] = _('NIS domain');
} }
if (!$this->isBooleanConfigOptionSet('windowsUser_hidepwdLastSet')) {
$return['PDF_fields']['pwdLastSet'] = _('Last password change');
}
if (!$this->isBooleanConfigOptionSet('windowsUser_hidelastLogonTimestamp')) {
$return['PDF_fields']['lastLogonTimestamp'] = _('Last login');
}
// self service search attributes // self service search attributes
$return['selfServiceSearchAttributes'] = array('sAMAccountName', 'userPrincipalName'); $return['selfServiceSearchAttributes'] = array('sAMAccountName', 'userPrincipalName');
// self service field settings // self service field settings
@ -546,7 +562,8 @@ class windowsUser extends baseModule implements passwordService {
'l' => _('Location'), 'l' => _('Location'),
'postOfficeBox' => _('Post office box'), 'postOfficeBox' => _('Post office box'),
'postalCode' => _('Postal code'), 'postalCode' => _('Postal code'),
'unicodePwd' => _('Password') 'unicodePwd' => _('Password'),
'pwdLastSet' => _('Last password change (read-only)')
); );
// possible self service read-only fields // possible self service read-only fields
$return['selfServiceReadOnlyFields'] = array('physicalDeliveryOfficeName', 'telephoneNumber', $return['selfServiceReadOnlyFields'] = array('physicalDeliveryOfficeName', 'telephoneNumber',
@ -565,6 +582,8 @@ class windowsUser extends baseModule implements passwordService {
$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('windowsUser_hidesAMAccountName', true, _('User name (pre W2K)'), null, false)); $configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('windowsUser_hidesAMAccountName', true, _('User name (pre W2K)'), null, false));
$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('windowsUser_hidemsSFU30Name', true, _('NIS name'), null, false)); $configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('windowsUser_hidemsSFU30Name', true, _('NIS name'), null, false));
$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('windowsUser_hidemsSFU30NisDomain', true, _('NIS domain'), null, false)); $configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('windowsUser_hidemsSFU30NisDomain', true, _('NIS domain'), null, false));
$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('windowsUser_hidepwdLastSet', false, _('Last password change'), null, false));
$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('windowsUser_hidelastLogonTimestamp', false, _('Last login'), null, false));
$configContainer->addElement($configContainerOptions, true); $configContainer->addElement($configContainerOptions, true);
$return['config_options']['all'] = $configContainer; $return['config_options']['all'] = $configContainer;
return $return; return $return;
@ -720,7 +739,7 @@ class windowsUser extends baseModule implements passwordService {
$this->addSimpleInputTextField($containerLeft, 'wWWHomePage', _('Web site')); $this->addSimpleInputTextField($containerLeft, 'wWWHomePage', _('Web site'));
$this->addMultiValueInputTextField($containerLeft, 'url', _('Other web sites')); $this->addMultiValueInputTextField($containerLeft, 'url', _('Other web sites'));
$containerLeft->addElement(new htmlSubTitle(_('Options')), true); $containerLeft->addElement(new htmlSubTitle(_('Account')), true);
// locked out // locked out
$containerLeft->addElement(new htmlOutputText(_("Account is locked"))); $containerLeft->addElement(new htmlOutputText(_("Account is locked")));
$lockedOut = windowsUser::isLockedOut($this->attributes); $lockedOut = windowsUser::isLockedOut($this->attributes);
@ -748,6 +767,18 @@ class windowsUser extends baseModule implements passwordService {
// require smartcard // require smartcard
$requireCard = windowsUser::isSmartCardRequired($this->attributes); $requireCard = windowsUser::isSmartCardRequired($this->attributes);
$containerLeft->addElement(new htmlTableExtendedInputCheckbox('requireCard', $requireCard, _("Require smartcard"), 'requireCard'), true); $containerLeft->addElement(new htmlTableExtendedInputCheckbox('requireCard', $requireCard, _("Require smartcard"), 'requireCard'), true);
// last password change
if (!$this->isBooleanConfigOptionSet('windowsUser_hidepwdLastSet')) {
$containerLeft->addElement(new htmlOutputText(_('Last password change')));
$containerLeft->addElement(new htmlOutputText($this->formatPwdLastSet()));
$containerLeft->addElement(new htmlHelpLink('pwdLastSet'), true);
}
// last login
if (!$this->isBooleanConfigOptionSet('windowsUser_hidelastLogonTimestamp')) {
$containerLeft->addElement(new htmlOutputText(_('Last login')));
$containerLeft->addElement(new htmlOutputText($this->formatLastLogonTimestamp()));
$containerLeft->addElement(new htmlHelpLink('lastLogonTimestamp'), true);
}
$containerLeft->addElement(new htmlSubTitle(_('User profile')), true); $containerLeft->addElement(new htmlSubTitle(_('User profile')), true);
// profile path // profile path
@ -1636,6 +1667,10 @@ class windowsUser extends baseModule implements passwordService {
else if (isset($this->attributes['INFO.userPasswordClearText'])) { else if (isset($this->attributes['INFO.userPasswordClearText'])) {
$this->addPDFKeyValue($return, 'password', _('Password'), $this->attributes['INFO.userPasswordClearText']); $this->addPDFKeyValue($return, 'password', _('Password'), $this->attributes['INFO.userPasswordClearText']);
} }
// last password change
$this->addPDFKeyValue($return, 'pwdLastSet', _('Last password change'), $this->formatPwdLastSet());
// last login
$this->addPDFKeyValue($return, 'lastLogonTimestamp', _('Last login'), $this->formatLastLogonTimestamp());
return $return; return $return;
} }
@ -1729,6 +1764,11 @@ class windowsUser extends baseModule implements passwordService {
$this->addSimpleSelfServiceTextField($return, 'l', _('Location'), $fields, $attributes, $readOnlyFields); $this->addSimpleSelfServiceTextField($return, 'l', _('Location'), $fields, $attributes, $readOnlyFields);
$this->addSimpleSelfServiceTextField($return, 'postOfficeBox', _('Post office box'), $fields, $attributes, $readOnlyFields); $this->addSimpleSelfServiceTextField($return, 'postOfficeBox', _('Post office box'), $fields, $attributes, $readOnlyFields);
$this->addSimpleSelfServiceTextField($return, 'postalCode', _('Postal code'), $fields, $attributes, $readOnlyFields); $this->addSimpleSelfServiceTextField($return, 'postalCode', _('Postal code'), $fields, $attributes, $readOnlyFields);
// last password change
$row = new htmlResponsiveRow();
$row->addLabel(new htmlOutputText($this->getSelfServiceLabel('pwdLastSet', _('Last password change'))));
$row->addField(new htmlOutputText($this->formatPwdLastSet($attributes)));
$return['pwdLastSet'] = $row;
return $return; return $return;
} }
@ -2119,6 +2159,54 @@ class windowsUser extends baseModule implements passwordService {
return array_values(array_unique($domains)); return array_values(array_unique($domains));
} }
/**
* Returns the formatted value for last password change.
*
* @param array $attributes user attributes ($this->attributes if null)
* @return String last password change or " - "
*/
private function formatPwdLastSet($attributes = null) {
if ($attributes == null) {
$attributes = &$this->attributes;
}
if (!empty($attributes['pwdlastset'][0])) {
return $this->formatFileTime($attributes['pwdlastset'][0]);
}
elseif (empty($attributes['pwdLastSet'][0])) {
return ' - ';
}
return $this->formatFileTime($attributes['pwdLastSet'][0]);
}
/**
* Returns the formatted value for last login.
*
* @return String last login or " - "
*/
private function formatLastLogonTimestamp() {
if (empty($this->attributes['lastLogonTimestamp'][0])) {
return ' - ';
}
return $this->formatFileTime($this->attributes['lastLogonTimestamp'][0]);
}
/**
* Formats a value in file time (100 ns since 1601-01-01).
*
* @param integer $value time value
* @return String formatted value
*/
private function formatFileTime($value) {
if (empty($value)) {
return '';
}
$seconds = substr($value, 0, -7);
$time = new DateTime('1601-01-01', new DateTimeZone('UTC'));
$time->add(new DateInterval('PT' . $seconds . 'S'));
$time->setTimezone(getTimeZone());
return $time->format('Y-m-d H:i:s');
}
} }
?> ?>