WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Hosts are wrking know and password-fields are making sens

This commit is contained in:
katagia 2003-05-17 11:19:03 +00:00
parent 2dc3330651
commit 87cb401fe0
2 changed files with 47 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
lam/lib/account.inc
View File

@ -206,9 +206,8 @@ function checkunix() { // This function checks all unix account paramters
if ($_SESSION['account_temp']->unix_pwdmaxage=='') $error = _('No value for Password Maxage.'); if ($_SESSION['account_temp']->unix_pwdmaxage=='') $error = _('No value for Password Maxage.');
if ( !ereg('^([1-9]+)([0-9]*)$', $_SESSION['account_temp']->unix_pwdwarn)) $error = _('Password Warn must be are natural number.'); if ( !ereg('^([1-9]+)([0-9]*)$', $_SESSION['account_temp']->unix_pwdwarn)) $error = _('Password Warn must be are natural number.');
if ($_SESSION['account_temp']->unix_pwdallowlogin=='') $error = _('No value for Password Expire.'); if ($_SESSION['account_temp']->unix_pwdallowlogin=='') $error = _('No value for Password Expire.');
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$',
$_SESSION['account_temp']->unix_password)) $error = _('Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !');
if ($_SESSION['account_temp']->unix_pwdwarn=='') $error = _('No value for Password Warn.'); if ($_SESSION['account_temp']->unix_pwdwarn=='') $error = _('No value for Password Warn.');
$_SESSION['account_temp']->unix_password = '';
break; break;
} }
// Write Values from Webpage to Session-Variables // Write Values from Webpage to Session-Variables
@ -247,8 +246,7 @@ function checksamba() { // This function checks all samba account paramters
break; break;
case 'host' : case 'host' :
if ( (!$_SESSION['account_temp']->smb_domain=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[-])+$', $_SESSION['account_temp']->smb_domain)) $error = _('Domain Name contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.'); if ( (!$_SESSION['account_temp']->smb_domain=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[-])+$', $_SESSION['account_temp']->smb_domain)) $error = _('Domain Name contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.');
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $_SESSION['account_temp']->smb_password = $_SESSION['account_temp']->unix_password;
$_SESSION['account_temp']->smb_password)) $error = _('Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !');
$_SESSION['account_temp']->smb_flagsW = 1; $_SESSION['account_temp']->smb_flagsW = 1;
break; break;
} }
@ -691,10 +689,10 @@ function createuser() { // Will create the LDAP-Account
// All Values need for an user-account // All Values need for an user-account
// General Objectclasses // General Objectclasses
$attr['objectClass'][0] = 'inetOrgPerson'; $attr['objectClass'][0] = 'posixAccount';
$attr['objectClass'][1] = 'posixAccount'; $attr['objectClass'][1] = 'shadowAccount';
$attr['objectClass'][2] = 'shadowAccount'; $attr['objectClass'][2] = 'sambaAccount';
$attr['objectClass'][3] = 'sambaAccount'; $attr['objectClass'][3] = 'inetOrgPerson';
$attr['cn'] = $_SESSION['account']->general_username; // posixAccount_req shadowAccount_req sambaAccount_may $attr['cn'] = $_SESSION['account']->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
$attr['uid'] = $_SESSION['account']->general_username; // posixAccount_req $attr['uid'] = $_SESSION['account']->general_username; // posixAccount_req
$attr['uidNumber'] = $_SESSION['account']->general_uidNumber; // posixAccount_req $attr['uidNumber'] = $_SESSION['account']->general_uidNumber; // posixAccount_req
@ -817,6 +815,7 @@ function createuser() { // Will create the LDAP-Account
else { else {
// Write a new entry if user doesn't exists // Write a new entry if user doesn't exists
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr); $success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
if (!$success) return 4;
if ($_SESSION['config']->scriptServer) { if ($_SESSION['config']->scriptServer) {
setquotas($_SESSION['account']->general_username); setquotas($_SESSION['account']->general_username);
addhomedir($_SESSION['account']->general_username); addhomedir($_SESSION['account']->general_username);
@ -848,29 +847,29 @@ function createuser() { // Will create the LDAP-Account
} }
} }
function createhost() { // Will create the LDAP-Host function createhost() { // Will create the LDAP-Account
// 2 == Host allready exists at different location // 2 == Account allready exists at different location
// 1 == Host has been created // 1 == Account has been created
// 3 == Host has been modified // 3 == Account has been modified
// 4 == Error while creating Host // 4 == Error while creating Account
// 5 == Error while modifying Host // 5 == Error while modifying Account
// Value stored in shadowExpire, days since 1.1.1970 // Value stored in shadowExpire, days since 1.1.1970
$date = mktime(10,0,0, $_SESSION['account']->unix_pwdexpire_mon, $_SESSION['account']->unix_pwdexpire_day, $_SESSION['account']->unix_pwdexpire_yea) / 86400 ; $date = mktime(10,0,0, $_SESSION['account']->unix_pwdexpire_mon, $_SESSION['account']->unix_pwdexpire_day, $_SESSION['account']->unix_pwdexpire_yea) / 86400 ;
settype($date, 'integer'); settype($date, 'integer');
$_SESSION['account']->general_dn = 'uid=' . $_SESSION['account']->general_username . ',' . $_SESSION['config']->get_HostSuffix(); $_SESSION['account']->general_dn = 'uid=' . $_SESSION['account']->general_username . ',' . $_SESSION['config']->get_HostSuffix();
// All Values needed for an user-account // All Values need for an host-account
// General Objectclasses // General Objectclasses
$attr['objectClass'][0] = 'top'; $attr['objectClass'][0] = 'posixAccount';
$attr['objectClass'][1] = 'posixAccount'; $attr['objectClass'][1] = 'shadowAccount';
$attr['objectClass'][2] = 'shadowAccount'; $attr['objectClass'][2] = 'sambaAccount';
$attr['objectClass'][3] = 'sambaAccount'; $attr['objectClass'][3] = 'account';
$attr['cn'] = $_SESSION['account']->general_username; // posixAccount_req shadowAccount_req sambaAccount_may $attr['cn'] = $_SESSION['account']->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
$attr['uid'] = $_SESSION['account']->general_username; // posixAccount_req $attr['uid'] = $_SESSION['account']->general_username; // posixAccount_req
$attr['uidNumber'] = $_SESSION['account']->general_uidNumber; // posixAccount_req $attr['uidNumber'] = $_SESSION['account']->general_uidNumber; // posixAccount_req
$attr['gidNumber'] = getgid($_SESSION['account']->general_group); // posixAccount_req $attr['gidNumber'] = getgid($_SESSION['account']->general_group); // posixAccount_req
$attr['homeDirectory'] = $_SESSION['account']->general_homedir; // posixAccount_req $attr['homeDirectory'] = $_SESSION['account']->general_homedir; // posixAccount_req
// posixAccount_may shadowAccount_may // posixAccount_may shadowAccount_may
if ($_SESSION['modify']==1) { if ($_SESSION['modify']==1) {
$password_old = str_replace('{CRYPT}', '',$_SESSION['account_old']->unix_password); $password_old = str_replace('{CRYPT}', '',$_SESSION['account_old']->unix_password);
@ -887,8 +886,8 @@ function createhost() { // Will create the LDAP-Host
$attr['shadowLastChange'] = getdays(); // shadowAccount_may $attr['shadowLastChange'] = getdays(); // shadowAccount_may
} }
if ($_SESSION['account']->smb_password!='') { if ($_SESSION['account']->smb_password!='') {
$attr['ntPassword'] = exec('../lib/createntlm.pl nt' . $_SESSION['account']->smb_password); $attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $_SESSION['account']->smb_password);
$attr['lmPassword'] = exec('../lib/createntlm.pl lm' . $_SESSION['account']->smb_password); $attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $_SESSION['account']->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may $attr['pwdLastSet'] = time(); // sambaAccount_may
} }
} }
@ -897,8 +896,8 @@ function createhost() { // Will create the LDAP-Host
if ($_SESSION['account']->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($_SESSION['account']->unix_password); if ($_SESSION['account']->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($_SESSION['account']->unix_password);
else $attr['userPassword'] = '{CRYPT}' . crypt($_SESSION['account']->unix_password); else $attr['userPassword'] = '{CRYPT}' . crypt($_SESSION['account']->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may $attr['shadowLastChange'] = getdays(); // shadowAccount_may
$attr['ntPassword'] = exec('../lib/createntlm.pl nt' . $_SESSION['account']->smb_password); $attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $_SESSION['account']->smb_password);
$attr['lmPassword'] = exec('../lib/createntlm.pl lm' . $_SESSION['account']->smb_password); $attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $_SESSION['account']->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may $attr['pwdLastSet'] = time(); // sambaAccount_may
} }
if ($_SESSION['account']->smb_password_no) { if ($_SESSION['account']->smb_password_no) {
@ -909,6 +908,7 @@ function createhost() { // Will create the LDAP-Host
$attr['loginShell'] = $_SESSION['account']->general_shell; // posixAccount_may $attr['loginShell'] = $_SESSION['account']->general_shell; // posixAccount_may
$attr['gecos'] = $_SESSION['account']->general_gecos; // posixAccount_may $attr['gecos'] = $_SESSION['account']->general_gecos; // posixAccount_may
$attr['description'] = $_SESSION['account']->general_gecos; // posixAccount_may sambaAccount_may $attr['description'] = $_SESSION['account']->general_gecos; // posixAccount_may sambaAccount_may
$attr['shadowMin'] = $_SESSION['account']->unix_pwdminage; // shadowAccount_may $attr['shadowMin'] = $_SESSION['account']->unix_pwdminage; // shadowAccount_may
$attr['shadowMax'] = $_SESSION['account']->unix_pwdmaxage; // shadowAccount_may $attr['shadowMax'] = $_SESSION['account']->unix_pwdmaxage; // shadowAccount_may
$attr['shadowWarning'] = $_SESSION['account']->unix_pwdwarn; // shadowAccount_may $attr['shadowWarning'] = $_SESSION['account']->unix_pwdwarn; // shadowAccount_may
@ -920,16 +920,17 @@ function createhost() { // Will create the LDAP-Host
if ($_SESSION['account']->smb_pwdmustchange) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may if ($_SESSION['account']->smb_pwdmustchange) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag(); // sambaAccount_may $attr['acctFlags'] = smbflag(); // sambaAccount_may
$attr['displayName'] = $_SESSION['account']->general_gecos; // sambaAccount_may $attr['displayName'] = $_SESSION['account']->general_gecos; // sambaAccount_may
$attr['domain'] = $_SESSION['account']->smb_domain; // sambaAccount_may if ($_SESSION['account']->smb_domain!='') $attr['domain'] = $_SESSION['account']->smb_domain; // sambaAccount_may
if ( $_SESSION['modify'] == 1 ) { if ( $_SESSION['modify'] == 1 ) {
if ($_SESSION['account']->general_username == $_SESSION['account_old']->general_username) // Username hasn't changed if ($_SESSION['account']->general_username == $_SESSION['account_old']->general_username) // Hostname hasn't changed
$success = ldap_modify($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr); $success = ldap_modify($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
else { else {
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr); $success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
if ($success) ldap_delete($_SESSION['ldap']->server(),$_SESSION['account_old']->general_dn); if ($success) ldap_delete($_SESSION['ldap']->server(),$_SESSION['account_old']->general_dn);
} }
if (!$success) return 5; if (!$success) return 5;
// Write Groupmemberchips
if ($_SESSION['account']->general_groupadd) { if ($_SESSION['account']->general_groupadd) {
$allgroups = $_SESSION['account']->general_groupadd; $allgroups = $_SESSION['account']->general_groupadd;
if (!in_array($_SESSION['account']->general_group, $allgroups)) $allgroups[] = $_SESSION['account']->general_group; if (!in_array($_SESSION['account']->general_group, $allgroups)) $allgroups[] = $_SESSION['account']->general_group;
@ -966,15 +967,15 @@ function createhost() { // Will create the LDAP-Host
return 3; return 3;
} }
else { else {
// Write a new entry if user doesn't exists // Write a new entry if host doesn't exists
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr); $success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
if (!$success) return 4; if (!$success) return 4;
// Add Host to groups // Add host to groups
$result = ldap_search($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), "objectclass=posixGroup"); $result = ldap_search($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), "objectclass=posixGroup");
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result); $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
$group = ldap_get_attributes($_SESSION['ldap']->server(), $entry); $group = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if ($group['memberUid']) array_shift($group['memberUid']); if ($group['memberUid']) array_shift($group['memberUid']);
if (! in_array($_SESSION['account']->general_username, $group['memberUid'])) { if (! in_array($_SESSION['account']->general_username, $group)) {
$toadd['memberUid'] = $_SESSION['account']->general_username; $toadd['memberUid'] = $_SESSION['account']->general_username;
$success = ldap_mod_add($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), $toadd); $success = ldap_mod_add($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), $toadd);
} }

41
lam/templates/account.php
View File

@ -111,6 +111,12 @@ switch ($_POST['select']) {
$error = checkunix(); // account.inc $error = checkunix(); // account.inc
// Check which part Site should be displayd // Check which part Site should be displayd
if ($_POST['genpass']) $select_local = 'unix'; if ($_POST['genpass']) $select_local = 'unix';
if ($_POST['respass']) {
$_SESSION['account_temp']->unix_password_no=1;
$_SESSION['account_temp']->smb_password_no=1;
$_SESSION['account']->unix_password_no=1;
$_SESSION['account']->smb_password_no=1;
}
if (($_POST['next']) && ($error=="0")) $select_local = 'samba'; if (($_POST['next']) && ($error=="0")) $select_local = 'samba';
else $select_local = 'unix'; else $select_local = 'unix';
if ($_POST['back']) $select_local = 'general'; if ($_POST['back']) $select_local = 'general';
@ -480,32 +486,29 @@ switch ($select_local) {
echo '></td></tr>'; echo '></td></tr>';
break; break;
case 'host' : case 'host' :
echo '<input name="f_unix_password_no" type="hidden" value="'.$_SESSION['account']->unix_password_no.'">';
echo '<tr><td>'; echo '<tr><td>';
echo _('Password'); echo _('Password');
echo '</td><td> echo '</td><td></td><td>';
<input name="f_unix_password" type="text" size="20" maxlength="20" value="' . $_SESSION['account']->unix_password . '"> if ($_SESSION['modify']==1) {
</td><td> echo '<input name="respass" type="submit" value="';
<input name="genpass" type="submit" value="'; echo _('Reset Password'); echo '">';
echo _('Generate Password'); echo '"> }
</td></tr><tr><td>'; echo '</td></tr><tr><td>';
echo _('Use no Password.');
echo '</td><td><input name="f_unix_password_no" type="checkbox"';
if ($_SESSION['account']->unix_password_no) echo ' checked ';
echo '></td></tr><tr><td>';
echo _('Password Warn'); echo _('Password Warn');
echo '</td><td><input name="f_unix_pwdwarn" type="text" size="4" maxlength="4" value="' . $_SESSION['account']->unix_pwdwarn . '"> echo '</td><td><input name="f_unix_pwdwarn" type="text" size="4" maxlength="4" value="' . $_SESSION['account']->unix_pwdwarn . '">
</td><td>'; </td><td>';
echo _('Number of days a user will be warned when password will expire. Value must be 0<.'); echo _('Number of host a user will be warned when password will expire. Value must be 0<.');
echo '</td></tr><tr><td>'; echo '</td></tr><tr><td>';
echo _('Password Expire'); echo _('Password Expire');
echo '</td><td><input name="f_unix_pwdallowlogin" type="text" size="4" maxlength="4" value="' . $_SESSION['account']->unix_pwdallowlogin . '"> echo '</td><td><input name="f_unix_pwdallowlogin" type="text" size="4" maxlength="4" value="' . $_SESSION['account']->unix_pwdallowlogin . '">
</td><td>'; </td><td>';
echo _('Number of days a user can login even his password has expired. -1=always'); echo _('Number of days a host can login even his password has expired. -1=always');
echo '</td></tr><tr><td>'; echo '</td></tr><tr><td>';
echo _('Maximum Passwordage'); echo _('Maximum Passwordage');
echo '</td><td><input name="f_unix_pwdmaxage" type="text" size="5" maxlength="5" value="' . $_SESSION['account']->unix_pwdmaxage . '"> echo '</td><td><input name="f_unix_pwdmaxage" type="text" size="5" maxlength="5" value="' . $_SESSION['account']->unix_pwdmaxage . '">
</td><td>'; </td><td>';
echo _('Number of days after a user has to change his password again Value must be 0<.'); echo _('Number of days after a host has to change his password again Value must be 0< and should be higher as the value on client-side.');
echo '</td></tr><tr><td>'; echo '</td></tr><tr><td>';
echo _('Minimum Passwordage'); echo _('Minimum Passwordage');
echo '</td><td><input name="f_unix_pwdminage" type="text" size="4" maxlength="4" value="' . $_SESSION['account']->unix_pwdminage . '"> echo '</td><td><input name="f_unix_pwdminage" type="text" size="4" maxlength="4" value="' . $_SESSION['account']->unix_pwdminage . '">
@ -633,18 +636,8 @@ switch ($select_local) {
echo '</td></tr>'; echo '</td></tr>';
break; break;
case 'host': case 'host':
echo '<input name="f_smb_password_no" type="hidden" value="'.$_SESSION['account']->unix_password_no.'">';
echo '<tr><td>'; echo '<tr><td>';
echo _('Samba Password');
echo '</td><td><input name="f_smb_password" type="text" size="20" maxlength="20" value="' . $_SESSION['account']->smb_password . '">
</td><td><input name="f_smb_useunixpwd" type="checkbox"';
if ($_SESSION['account']->smb_useunixpwd) echo ' checked ';
echo '>';
echo _('Use Unix-Password');
echo '</td></tr><tr><td>';
echo _('Use no Password.');
echo '</td><td><input name="f_smb_password_no" type="checkbox"';
if ($_SESSION['account']->smb_password_no) echo ' checked ';
echo '></td></tr><tr><td>';
echo _('Password doesn\'t expire.'); echo _('Password doesn\'t expire.');
echo '</td><td><input name="f_smb_flagsX" type="checkbox"'; echo '</td><td><input name="f_smb_flagsX" type="checkbox"';
if ($_SESSION['account']->smb_flagsX) echo ' checked '; if ($_SESSION['account']->smb_flagsX) echo ' checked ';