added support for different encryption types
This commit is contained in:
parent
e75a2edc87
commit
bba0d4b01b
|
@ -534,14 +534,10 @@ function loaduser($dn) { // Will load all needed values from an existing account
|
||||||
if (isset($attr['postalCode'][0])) $return->personal_postalCode = utf8_decode($attr['postalCode'][0]);
|
if (isset($attr['postalCode'][0])) $return->personal_postalCode = utf8_decode($attr['postalCode'][0]);
|
||||||
if (isset($attr['postalAddress'][0])) $return->personal_postalAddress = utf8_decode($attr['postalAddress'][0]);
|
if (isset($attr['postalAddress'][0])) $return->personal_postalAddress = utf8_decode($attr['postalAddress'][0]);
|
||||||
if (isset($attr['employeeType'][0])) $return->personal_employeeType = utf8_decode($attr['employeeType'][0]);
|
if (isset($attr['employeeType'][0])) $return->personal_employeeType = utf8_decode($attr['employeeType'][0]);
|
||||||
// New password code. should work with every kind of encryption ({CRYPT}, {SHA}
|
|
||||||
if ( ereg('^[{]([A-Z]|[a-z]|[0-9])+[}][!]', $attr['userPassword'][0])) $return->unix_deactivated=true;
|
if ( ereg('^[{]([A-Z]|[a-z]|[0-9])+[}][!]', $attr['userPassword'][0])) $return->unix_deactivated=true;
|
||||||
// next line is old code
|
|
||||||
//if (substr(str_replace('{CRYPT}', '',$attr['userPassword'][0]),0,1) == '!' ) $return->unix_deactivated=true;
|
|
||||||
|
|
||||||
if (isset($attr['userPassword'][0])) $return->unix_password = $attr['userPassword'][0];
|
if (isset($attr['userPassword'][0])) $return->unix_password = $attr['userPassword'][0];
|
||||||
|
|
||||||
|
|
||||||
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
|
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
|
||||||
|
|
||||||
if (in_array('sambaSamAccount', $attr['objectClass'])) {
|
if (in_array('sambaSamAccount', $attr['objectClass'])) {
|
||||||
|
@ -828,8 +824,8 @@ function createuser($values) { // Will create the LDAP-Account
|
||||||
if ($values->personal_employeeType!='') $attr['employeeType'] = utf8_encode($values->personal_employeeType);
|
if ($values->personal_employeeType!='') $attr['employeeType'] = utf8_encode($values->personal_employeeType);
|
||||||
// posixAccount_may shadowAccount_may
|
// posixAccount_may shadowAccount_may
|
||||||
if ($values->unix_password_no) $values->unix_password = '';
|
if ($values->unix_password_no) $values->unix_password = '';
|
||||||
if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
|
if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
|
||||||
else $attr['userPassword'] = '{CRYPT}'. crypt($values->unix_password);
|
else $attr['userPassword'] = pwd_hash($values->unix_password, false);
|
||||||
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
||||||
$attr['loginShell'] = $values->general_shell; // posixAccount_may
|
$attr['loginShell'] = $values->general_shell; // posixAccount_may
|
||||||
$attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
|
$attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
|
||||||
|
@ -938,48 +934,28 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
|
||||||
if ($values->general_homedir != $values_old->general_homedir)
|
if ($values->general_homedir != $values_old->general_homedir)
|
||||||
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
|
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
|
||||||
// posixAccount_may shadowAccount_may
|
// posixAccount_may shadowAccount_may
|
||||||
// new password code
|
|
||||||
// Why doesn't ldap encrypt the password if now {???} is given?
|
|
||||||
// change password if new password is used or account es (un)locked
|
|
||||||
/*
|
|
||||||
if ($values->unix_password=='') {
|
|
||||||
// check if account has been (un)locked
|
|
||||||
if ($values->unix_deactivated && !$values_old->unix_deactivated) {
|
|
||||||
// Put ! between {??} andPassword Hash
|
|
||||||
for ($i=0; $i<strlen($values_old->unix_password); $i++)
|
|
||||||
if ($values_old->unix_password{$i} == '}') $char = $i;
|
|
||||||
//$attr['userPassword'] = substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1);
|
|
||||||
echo $values_old->unix_password."---";
|
|
||||||
echo substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1);
|
|
||||||
}
|
|
||||||
if (!$values->unix_deactivated && $values_old->unix_deactivated) {
|
|
||||||
// Remov ! between {??} andPassword Hash
|
|
||||||
for ($i=0; $i<strlen($values_old->unix_password); $i++)
|
|
||||||
if ($values_old->unix_password{$i} == '}') $char = $i;
|
|
||||||
$attr['userPassword'] = substr($values_old->unix_password,0,$char). substr($values_old->unix_password,$char+2,-1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
// Create new password
|
|
||||||
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
|
||||||
if ($values->unix_deactivated) $attr['userPassword'] = '!'. $values->unix_password;
|
|
||||||
else $attr['userPassword'] = $values->unix_password;
|
|
||||||
} */
|
|
||||||
|
|
||||||
// old password code
|
// Set new password
|
||||||
$password_old = str_replace('{CRYPT}', '',$values_old->unix_password);
|
|
||||||
if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old));
|
|
||||||
if ($values->unix_password=='') {
|
if ($values->unix_password=='') {
|
||||||
|
if ($values->unix_deactivated != $values_old->unix_deactivated) {
|
||||||
|
$i = 0;
|
||||||
|
while ($values_old->unix_password{$i} != '}') $i++;
|
||||||
|
$passwd = substr($values_old->unix_password, $i+1 );
|
||||||
|
$crypt = substr($values_old->unix_password, 0, $i+1 );
|
||||||
|
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
|
||||||
|
if ($values->unix_deactivated) $attr['userPassword'] = $crypt.'!'.$passwd;
|
||||||
|
else $attr['userPassword'] = $crypt.$passwd;
|
||||||
|
}
|
||||||
if ($values->unix_password_no) {
|
if ($values->unix_password_no) {
|
||||||
$password_old = '';
|
if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash('', false);
|
||||||
|
else $attr['userPassword'] = pwd_hash('');
|
||||||
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
||||||
}
|
}
|
||||||
if ($values->unix_deactivated && !$values_old->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . $password_old;
|
|
||||||
if (!$values->unix_deactivated && $values_old->unix_deactivated) $attr['userPassword'] = '{CRYPT}' . $password_old;
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
|
if ($values->unix_password_no) $values->unix_password = '';
|
||||||
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
|
if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
|
||||||
|
else $attr['userPassword'] = pwd_hash($values->unix_password);
|
||||||
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1357,8 +1333,8 @@ function createhost($values) { // Will create the LDAP-Account
|
||||||
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
|
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
|
||||||
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
|
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
|
||||||
|
|
||||||
if ($values->smb_flagsD) $attr['userPassword'] = '{CRYPT}!' . crypt('');
|
if ($values->smb_flagsD) $attr['userPassword'] = pwd_hash('', false);
|
||||||
else $attr['userPassword'] = '{CRYPT}' . crypt('');
|
else $attr['userPassword'] = pwd_hash('');
|
||||||
|
|
||||||
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
||||||
$attr['loginShell'] = $values->general_shell; // posixAccount_may
|
$attr['loginShell'] = $values->general_shell; // posixAccount_may
|
||||||
|
@ -1407,15 +1383,22 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Lock unix password if Account should be disbaled
|
|
||||||
$password_old = str_replace('{CRYPT}', '',$values_old->unix_password);
|
|
||||||
if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old));
|
if ($values->smb_flagsD != $values_old->smb_flagsD) {
|
||||||
if ($values->smb_password_no) {
|
$i = 0;
|
||||||
$password_old = '';
|
while ($values_old->unix_password{$i} != '}') $i++;
|
||||||
$attr['shadowLastChange'] = getdays();
|
$passwd = substr($values_old->unix_password, $i+1 );
|
||||||
|
$crypt = substr($values_old->unix_password, 0, $i+1 );
|
||||||
|
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
|
||||||
|
if ($values->smb_flagsD ) $attr['userPassword'] = $crypt.'!'.$passwd;
|
||||||
|
else $attr['userPassword'] = $crypt.$passwd;
|
||||||
|
}
|
||||||
|
if ($values->smb_password_no) {
|
||||||
|
if ($values->smb_flagsD) $attr['userPassword'] = pwd_hash('', false);
|
||||||
|
else $attr['userPassword'] = pwd_hash('');
|
||||||
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
||||||
}
|
}
|
||||||
if ($values->smb_flagsD) $attr['userPassword'] = '{CRYPT}!' . $password_old;
|
|
||||||
else $attr['userPassword'] = '{CRYPT}' . $password_old;
|
|
||||||
|
|
||||||
// Add missing objectclasses to group
|
// Add missing objectclasses to group
|
||||||
if (!in_array('posixAccount', $values->general_objectClass)) {
|
if (!in_array('posixAccount', $values->general_objectClass)) {
|
||||||
|
|
Loading…
Reference in New Issue