WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

support posixAccount/posixGroup on Samba 4

This commit is contained in:
Roland Gruber 2013-08-18 14:19:37 +00:00
parent 24646635f9
commit c2bf387275
2 changed files with 86 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/HISTORY
View File

@ -1,5 +1,6 @@
September 2013 4.3 September 2013 4.3
- Custom SSL CA certificates can be setup in LAM main configuration - Custom SSL CA certificates can be setup in LAM main configuration
- Unix user and group support for Samba 4
- LAM Pro: - LAM Pro:
-> PPolicy: check password history for password reuse -> PPolicy: check password history for password reuse
-> Custom fields: read-only fields for admin interface and file upload for binary data -> Custom fields: read-only fields for admin interface and file upload for binary data

129
lam/lib/modules/posixAccount.inc
View File

@ -166,8 +166,8 @@ class posixAccount extends baseModule implements passwordService {
// LDAP aliases // LDAP aliases
$return['LDAPaliases'] = array('commonName' => 'cn', 'userid' => 'uid'); $return['LDAPaliases'] = array('commonName' => 'cn', 'userid' => 'uid');
// managed attributes // managed attributes
$return['attributes'] = array('uid', 'uidNumber', 'gidNumber', 'homeDirectory', $return['attributes'] = array('uid', 'uidNumber', 'gidNumber', $this->getHomedirAttrName(),
'userPassword', 'loginShell', 'gecos', 'INFO.userPasswordClearText'); $this->getPasswordAttrName(), 'loginShell', 'gecos', 'INFO.userPasswordClearText');
if ($this->manageCn()) { if ($this->manageCn()) {
$return['attributes'][] = 'cn'; $return['attributes'][] = 'cn';
} }
@ -194,7 +194,7 @@ class posixAccount extends baseModule implements passwordService {
'error_message' => $this->messages['homeDirectory'][0]); 'error_message' => $this->messages['homeDirectory'][0]);
// profile mappings // profile mappings
$return['profile_mappings'] = array( $return['profile_mappings'] = array(
'posixAccount_homeDirectory' => 'homeDirectory', 'posixAccount_homeDirectory' => $this->getHomedirAttrName(),
'posixAccount_loginShell' => 'loginShell' 'posixAccount_loginShell' => 'loginShell'
); );
// configuration options // configuration options
@ -587,7 +587,7 @@ class posixAccount extends baseModule implements passwordService {
if (!isset($this->attributes['uid'][0]) || ($this->attributes['uid'][0] == '')) return false; if (!isset($this->attributes['uid'][0]) || ($this->attributes['uid'][0] == '')) return false;
if (!isset($this->attributes['uidNumber'][0]) || ($this->attributes['uidNumber'][0] == '')) return false; if (!isset($this->attributes['uidNumber'][0]) || ($this->attributes['uidNumber'][0] == '')) return false;
if (!isset($this->attributes['gidNumber'][0]) || ($this->attributes['gidNumber'][0] == '')) return false; if (!isset($this->attributes['gidNumber'][0]) || ($this->attributes['gidNumber'][0] == '')) return false;
if (!isset($this->attributes['homeDirectory'][0]) || ($this->attributes['homeDirectory'][0] == '')) return false; if (!isset($this->attributes[$this->getHomedirAttrName()][0]) || ($this->attributes[$this->getHomedirAttrName()][0] == '')) return false;
if (!isset($this->attributes['loginShell'][0]) || ($this->attributes['loginShell'][0] == '')) return false; if (!isset($this->attributes['loginShell'][0]) || ($this->attributes['loginShell'][0] == '')) return false;
return true; return true;
} }
@ -640,12 +640,13 @@ class posixAccount extends baseModule implements passwordService {
} }
// add information about clear text password and password status change // add information about clear text password and password status change
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordClearText'][0] = $this->clearTextPassword; $return[$this->getAccountContainer()->dn_orig]['info']['userPasswordClearText'][0] = $this->clearTextPassword;
if (isset($this->orig['userPassword'][0]) && isset($this->attributes['userPassword'][0])) { $pwdAttrName = $this->getPasswordAttrName();
if ((pwd_is_enabled($this->orig['userPassword'][0]) && pwd_is_enabled($this->attributes['userPassword'][0])) if (isset($this->orig[$pwdAttrName][0]) && isset($this->attributes[$pwdAttrName][0])) {
|| (!pwd_is_enabled($this->orig['userPassword'][0]) && !pwd_is_enabled($this->attributes['userPassword'][0]))) { if ((pwd_is_enabled($this->orig[$pwdAttrName][0]) && pwd_is_enabled($this->attributes[$pwdAttrName][0]))
|| (!pwd_is_enabled($this->orig[$pwdAttrName][0]) && !pwd_is_enabled($this->attributes[$pwdAttrName][0]))) {
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'unchanged'; $return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'unchanged';
} }
elseif (pwd_is_enabled($this->orig['userPassword'][0])) { elseif (pwd_is_enabled($this->orig[$pwdAttrName][0])) {
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'locked'; $return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'locked';
} }
else { else {
@ -744,7 +745,7 @@ class posixAccount extends baseModule implements passwordService {
$this->attributes['uid'][0], $this->attributes['uid'][0],
"home", "home",
"add", "add",
$this->attributes['homeDirectory'][0], $this->attributes[$this->getHomedirAttrName()][0],
"0".$_SESSION['config']->get_scriptRights(), "0".$_SESSION['config']->get_scriptRights(),
$this->attributes['uidNumber'][0], $this->attributes['uidNumber'][0],
$this->attributes['gidNumber'][0]) $this->attributes['gidNumber'][0])
@ -917,7 +918,7 @@ class posixAccount extends baseModule implements passwordService {
$this->attributes['uid'][0], $this->attributes['uid'][0],
"home", "home",
"rem", "rem",
$this->attributes['homeDirectory'][0], $this->attributes[$this->getHomedirAttrName()][0],
$this->attributes['uidNumber'][0] $this->attributes['uidNumber'][0]
) )
), ),
@ -993,9 +994,10 @@ class posixAccount extends baseModule implements passwordService {
$errorMessage[] = array($this->orig['uidNumber'][0], $_POST['uidNumber']); $errorMessage[] = array($this->orig['uidNumber'][0], $_POST['uidNumber']);
$errors[] = $errorMessage; $errors[] = $errorMessage;
} }
if (isset($_POST['homeDirectory']) && isset($this->orig['homeDirectory'][0]) && ($this->orig['homeDirectory'][0] != '') && ($_POST['homeDirectory'] != $this->attributes['homeDirectory'][0])) { $homedirAttrName = $this->getHomedirAttrName();
if (isset($_POST['homeDirectory']) && isset($this->orig[$homedirAttrName][0]) && ($this->orig[$homedirAttrName][0] != '') && ($_POST['homeDirectory'] != $this->attributes[$homedirAttrName][0])) {
$errorMessage = $this->messages['homeDirectory'][3]; $errorMessage = $this->messages['homeDirectory'][3];
$errorMessage[] = array($this->orig['homeDirectory'][0], $_POST['homeDirectory']); $errorMessage[] = array($this->orig[$homedirAttrName][0], $_POST['homeDirectory']);
$errors[] = $errorMessage; $errors[] = $errorMessage;
} }
// get list of DNS names or IPs // get list of DNS names or IPs
@ -1012,7 +1014,7 @@ class posixAccount extends baseModule implements passwordService {
} }
} }
if (isset($_POST['homeDirectory'])) { if (isset($_POST['homeDirectory'])) {
$this->attributes['homeDirectory'][0] = $_POST['homeDirectory']; $this->attributes[$homedirAttrName][0] = $_POST['homeDirectory'];
} }
// Load attributes // Load attributes
if (isset($_POST['lockPassword'])) { if (isset($_POST['lockPassword'])) {
@ -1022,7 +1024,7 @@ class posixAccount extends baseModule implements passwordService {
$this->unlock(); $this->unlock();
} }
if (isset($_POST['removePassword'])) { if (isset($_POST['removePassword'])) {
unset($this->attributes['userPassword']); unset($this->attributes[$this->getPasswordAttrName()]);
} }
if ($this->manageCn()) { if ($this->manageCn()) {
$this->attributes['cn'][0] = $_POST['cn']; $this->attributes['cn'][0] = $_POST['cn'];
@ -1036,7 +1038,7 @@ class posixAccount extends baseModule implements passwordService {
if (($this->attributes['uid'][0] != $_POST['uid']) && !get_preg($_POST['uid'], '!upper')) { if (($this->attributes['uid'][0] != $_POST['uid']) && !get_preg($_POST['uid'], '!upper')) {
$errors[] = $this->messages['uid'][1]; $errors[] = $this->messages['uid'][1];
} }
if ( !get_preg($this->attributes['homeDirectory'][0], 'homeDirectory' )) { if ( !get_preg($this->attributes[$homedirAttrName][0], 'homeDirectory' )) {
$errors[] = $this->messages['homeDirectory'][0]; $errors[] = $this->messages['homeDirectory'][0];
} }
} }
@ -1108,11 +1110,11 @@ class posixAccount extends baseModule implements passwordService {
if ($this->get_scope()=='host') $errors[] = $this->messages['uid'][6]; if ($this->get_scope()=='host') $errors[] = $this->messages['uid'][6];
} }
if ($this->get_scope()=='user') { if ($this->get_scope()=='user') {
$this->attributes['homeDirectory'][0] = str_replace('$group', $this->getGroupName($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]); $this->attributes[$homedirAttrName][0] = str_replace('$group', $this->getGroupName($this->attributes['gidNumber'][0]), $this->attributes[$homedirAttrName][0]);
if ($this->attributes['uid'][0] != '') { if ($this->attributes['uid'][0] != '') {
$this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]); $this->attributes[$homedirAttrName][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes[$homedirAttrName][0]);
} }
if ($this->attributes['homeDirectory'][0] != $_POST['homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.')); if ($this->attributes[$homedirAttrName][0] != $_POST['homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
// Check if Username contains only valid characters // Check if Username contains only valid characters
if (!get_preg($this->attributes['uid'][0], 'username')) if (!get_preg($this->attributes['uid'][0], 'username'))
$errors[] = $this->messages['uid'][2]; $errors[] = $this->messages['uid'][2];
@ -1121,14 +1123,14 @@ class posixAccount extends baseModule implements passwordService {
// Check if Hostname contains only valid characters // Check if Hostname contains only valid characters
if (!get_preg($this->attributes['uid'][0], 'hostname')) if (!get_preg($this->attributes['uid'][0], 'hostname'))
$errors[] = $this->messages['uid'][4]; $errors[] = $this->messages['uid'][4];
if (!isset($this->attributes['homeDirectory'][0])) { if (!isset($this->attributes[$homedirAttrName][0])) {
$this->attributes['homeDirectory'][0] = '/dev/null'; $this->attributes[$homedirAttrName][0] = '/dev/null';
} }
if (!isset($this->attributes['loginShell'][0])) { if (!isset($this->attributes['loginShell'][0])) {
$this->attributes['loginShell'][0] = '/bin/false'; $this->attributes['loginShell'][0] = '/bin/false';
} }
} }
$attributeList = array('homeDirectory'); $attributeList = array($homedirAttrName);
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) { if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
$attributeList[] = 'gecos'; $attributeList[] = 'gecos';
} }
@ -1219,7 +1221,7 @@ class posixAccount extends baseModule implements passwordService {
$this->attributes['uid'][0], $this->attributes['uid'][0],
"home", "home",
"add", "add",
$this->attributes['homeDirectory'][0], $this->attributes[$this->getHomedirAttrName()][0],
"0".$_SESSION['config']->get_scriptRights(), "0".$_SESSION['config']->get_scriptRights(),
$this->attributes['uidNumber'][0], $this->attributes['uidNumber'][0],
$this->attributes['gidNumber'][0]) $this->attributes['gidNumber'][0])
@ -1245,7 +1247,7 @@ class posixAccount extends baseModule implements passwordService {
$this->attributes['uid'][0], $this->attributes['uid'][0],
"home", "home",
"rem", "rem",
$this->attributes['homeDirectory'][0], $this->attributes[$this->getHomedirAttrName()][0],
$this->attributes['uidNumber'][0] $this->attributes['uidNumber'][0]
) )
), ),
@ -1355,7 +1357,8 @@ class posixAccount extends baseModule implements passwordService {
$return->addElement(new htmlHelpLink('addgroup'), true); $return->addElement(new htmlHelpLink('addgroup'), true);
} }
// home directory // home directory
$homedirInput = new htmlTableExtendedInputField(_('Home directory'), 'homeDirectory', $this->attributes['homeDirectory'][0], 'homeDirectory'); $homeDir = isset($this->attributes[$this->getHomedirAttrName()][0]) ? $this->attributes[$this->getHomedirAttrName()][0] : '';
$homedirInput = new htmlTableExtendedInputField(_('Home directory'), 'homeDirectory', $homeDir, 'homeDirectory');
$homedirInput->setRequired(true); $homedirInput->setRequired(true);
$return->addElement($homedirInput, true); $return->addElement($homedirInput, true);
if (($_SESSION['config']->get_scriptPath() != null) && ($_SESSION['config']->get_scriptPath() != '')) { if (($_SESSION['config']->get_scriptPath() != null) && ($_SESSION['config']->get_scriptPath() != '')) {
@ -1391,10 +1394,10 @@ class posixAccount extends baseModule implements passwordService {
$return->addElement(new htmlTableExtendedSelect('loginShell', $shelllist, $selectedShell, _('Login shell'), 'loginShell'), true); $return->addElement(new htmlTableExtendedSelect('loginShell', $shelllist, $selectedShell, _('Login shell'), 'loginShell'), true);
} }
// password buttons // password buttons
if (checkIfWriteAccessIsAllowed() && isset($this->attributes['userPassword'][0])) { if (checkIfWriteAccessIsAllowed() && isset($this->attributes[$this->getPasswordAttrName()][0])) {
$return->addElement(new htmlOutputText(_('Password'))); $return->addElement(new htmlOutputText(_('Password')));
$pwdContainer = new htmlTable(); $pwdContainer = new htmlTable();
if (pwd_is_enabled($this->attributes['userPassword'][0])) { if (pwd_is_enabled($this->attributes[$this->getPasswordAttrName()][0])) {
$pwdContainer->addElement(new htmlButton('lockPassword', _('Lock password'))); $pwdContainer->addElement(new htmlButton('lockPassword', _('Lock password')));
} }
else { else {
@ -1402,14 +1405,14 @@ class posixAccount extends baseModule implements passwordService {
} }
$pwdContainer->addElement(new htmlButton('removePassword', _('Remove password'))); $pwdContainer->addElement(new htmlButton('removePassword', _('Remove password')));
$pwdContainer->colspan = 2; $pwdContainer->colspan = 2;
$return->addElement($pwdContainer); $return->addElement($pwdContainer, true);
} }
// remove button // remove button
if ($this->isOptional()) { if ($this->isOptional()) {
$return->addElement(new htmlSpacer(null, '20px'), true); $return->addElement(new htmlSpacer(null, '20px'), true);
$remButton = new htmlButton('remObjectClass', _('Remove Unix extension')); $remButton = new htmlButton('remObjectClass', _('Remove Unix extension'));
$remButton->colspan = 5; $remButton->colspan = 5;
$return->addElement($remButton); $return->addElement($remButton, true);
} }
} }
else { else {
@ -1547,7 +1550,7 @@ class posixAccount extends baseModule implements passwordService {
$return = new htmlTable(); $return = new htmlTable();
$return->addElement(new htmlOutputText(_('Home directory'))); $return->addElement(new htmlOutputText(_('Home directory')));
$return->addElement(new htmlSpacer('5px', null)); $return->addElement(new htmlSpacer('5px', null));
$return->addElement(new htmlOutputText($this->attributes['homeDirectory'][0]), true); $return->addElement(new htmlOutputText($this->attributes[$this->getHomedirAttrName()][0]), true);
$return->addElement(new htmlSpacer(null, '10px'), true); $return->addElement(new htmlSpacer(null, '10px'), true);
$homeServerContainer = new htmlTable(); $homeServerContainer = new htmlTable();
$homeServerContainer->colspan = 5; $homeServerContainer->colspan = 5;
@ -1567,7 +1570,7 @@ class posixAccount extends baseModule implements passwordService {
$this->attributes['uid'][0], $this->attributes['uid'][0],
"home", "home",
"check", "check",
$this->attributes['homeDirectory'][0]) $this->attributes[$this->getHomedirAttrName()][0])
), ),
$server); $server);
// lamdaemon results // lamdaemon results
@ -1744,7 +1747,7 @@ class posixAccount extends baseModule implements passwordService {
$this->addSimplePDFField($return, 'cn', _('Common name')); $this->addSimplePDFField($return, 'cn', _('Common name'));
$this->addSimplePDFField($return, 'uidNumber', _('UID number')); $this->addSimplePDFField($return, 'uidNumber', _('UID number'));
$this->addSimplePDFField($return, 'gidNumber', _('GID number')); $this->addSimplePDFField($return, 'gidNumber', _('GID number'));
$this->addSimplePDFField($return, 'homeDirectory', _('Home directory')); $this->addSimplePDFField($return, 'homeDirectory', _('Home directory'), $this->getHomedirAttrName());
$this->addSimplePDFField($return, 'loginShell', _('Login shell')); $this->addSimplePDFField($return, 'loginShell', _('Login shell'));
$this->addSimplePDFField($return, 'gecos', _('Gecos')); $this->addSimplePDFField($return, 'gecos', _('Gecos'));
if (self::areGroupOfNamesActive()) { if (self::areGroupOfNamesActive()) {
@ -1850,6 +1853,8 @@ class posixAccount extends baseModule implements passwordService {
*/ */
function build_uploadAccounts($rawAccounts, $ids, &$partialAccounts, $selectedModules) { function build_uploadAccounts($rawAccounts, $ids, &$partialAccounts, $selectedModules) {
$errors = array(); $errors = array();
$pwdAttrName = $this->getPasswordAttrName();
$homedirAttrName = $this->getHomedirAttrName();
$needAutoUID = array(); $needAutoUID = array();
// get list of existing users // get list of existing users
$existingUsers = $this->getUserNames(); $existingUsers = $this->getUserNames();
@ -1993,10 +1998,10 @@ class posixAccount extends baseModule implements passwordService {
} }
// home directory // home directory
if ($rawAccounts[$i][$ids['posixAccount_homedir']] == "") { if ($rawAccounts[$i][$ids['posixAccount_homedir']] == "") {
$partialAccounts[$i]['homeDirectory'] = '/home/' . $partialAccounts[$i]['uid']; $partialAccounts[$i][$homedirAttrName] = '/home/' . $partialAccounts[$i]['uid'];
} }
elseif (get_preg($rawAccounts[$i][$ids['posixAccount_homedir']], 'homeDirectory')) { elseif (get_preg($rawAccounts[$i][$ids['posixAccount_homedir']], 'homeDirectory')) {
$partialAccounts[$i]['homeDirectory'] = $rawAccounts[$i][$ids['posixAccount_homedir']]; $partialAccounts[$i][$homedirAttrName] = $rawAccounts[$i][$ids['posixAccount_homedir']];
} }
else { else {
$errMsg = $this->messages['homeDirectory'][2]; $errMsg = $this->messages['homeDirectory'][2];
@ -2031,7 +2036,7 @@ class posixAccount extends baseModule implements passwordService {
} }
// password // password
if (($rawAccounts[$i][$ids['posixAccount_password']] != "") && (get_preg($rawAccounts[$i][$ids['posixAccount_password']], 'password'))) { if (($rawAccounts[$i][$ids['posixAccount_password']] != "") && (get_preg($rawAccounts[$i][$ids['posixAccount_password']], 'password'))) {
$partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['posixAccount_password']], $pwd_enabled, $this->moduleSettings['posixAccount_pwdHash'][0]); $partialAccounts[$i][$pwdAttrName] = pwd_hash($rawAccounts[$i][$ids['posixAccount_password']], $pwd_enabled, $this->moduleSettings['posixAccount_pwdHash'][0]);
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccounts[$i][$ids['posixAccount_password']]; // for custom scripts etc. $partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccounts[$i][$ids['posixAccount_password']]; // for custom scripts etc.
} }
elseif ($rawAccounts[$i][$ids['posixAccount_password']] != "") { elseif ($rawAccounts[$i][$ids['posixAccount_password']] != "") {
@ -2093,7 +2098,7 @@ class posixAccount extends baseModule implements passwordService {
else { else {
$partialAccounts[$i]['description'] = $rawAccounts[$i][$ids['posixAccount_hostName']]; $partialAccounts[$i]['description'] = $rawAccounts[$i][$ids['posixAccount_hostName']];
} }
$partialAccounts[$i]['homeDirectory'] = '/dev/null'; $partialAccounts[$i][$homedirAttrName] = '/dev/null';
$partialAccounts[$i]['loginShell'] = '/bin/false'; $partialAccounts[$i]['loginShell'] = '/bin/false';
} }
} }
@ -2249,7 +2254,7 @@ class posixAccount extends baseModule implements passwordService {
$data[$pos][$ids['posixAccount_userName']], $data[$pos][$ids['posixAccount_userName']],
"home", "home",
"add", "add",
$accounts[$pos]['homeDirectory'], $accounts[$pos][$this->getHomedirAttrName()],
"0".$_SESSION['config']->get_scriptRights(), "0".$_SESSION['config']->get_scriptRights(),
$accounts[$pos]['uidNumber'], $accounts[$pos]['uidNumber'],
$accounts[$pos]['gidNumber'], $accounts[$pos]['gidNumber'],
@ -2488,7 +2493,7 @@ class posixAccount extends baseModule implements passwordService {
else { else {
$pwdPolicyResult = checkPasswordStrength($_POST['posixAccount_password']); $pwdPolicyResult = checkPasswordStrength($_POST['posixAccount_password']);
if ($pwdPolicyResult === true) { if ($pwdPolicyResult === true) {
$return['mod']['userPassword'][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]); $return['mod'][$this->getPasswordAttrName()][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]);
$return['info']['userPasswordClearText'][0] = $_POST['posixAccount_password']; $return['info']['userPasswordClearText'][0] = $_POST['posixAccount_password'];
if (isset($attributes['shadowLastChange'][0])) { if (isset($attributes['shadowLastChange'][0])) {
$return['mod']['shadowLastChange'][0] = intval(time()/3600/24); $return['mod']['shadowLastChange'][0] = intval(time()/3600/24);
@ -2563,7 +2568,7 @@ class posixAccount extends baseModule implements passwordService {
return array(); return array();
} }
$this->clearTextPassword = $password; $this->clearTextPassword = $password;
$this->attributes['userPassword'][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]); $this->attributes[$this->getPasswordAttrName()][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
return array(); return array();
} }
@ -2820,7 +2825,7 @@ class posixAccount extends baseModule implements passwordService {
* This is the case if a hashed password is set ("{" at the beginning). * This is the case if a hashed password is set ("{" at the beginning).
*/ */
public function isLockable() { public function isLockable() {
if (isset($this->attributes['userPassword'][0]) && pwd_is_lockable($this->attributes['userPassword'][0])) { if (isset($this->attributes[$this->getPasswordAttrName()][0]) && pwd_is_lockable($this->attributes[$this->getPasswordAttrName()][0])) {
return true; return true;
} }
return false; return false;
@ -2832,15 +2837,16 @@ class posixAccount extends baseModule implements passwordService {
* @return boolean password is locked * @return boolean password is locked
*/ */
public function isLocked() { public function isLocked() {
return isset($this->attributes['userPassword'][0]) && !pwd_is_enabled($this->attributes['userPassword'][0]); return isset($this->attributes[$this->getPasswordAttrName()][0]) && !pwd_is_enabled($this->attributes[$this->getPasswordAttrName()][0]);
} }
/** /**
* Locks the user password of this account. * Locks the user password of this account.
*/ */
public function lock() { public function lock() {
if (isset($this->attributes['userPassword'][0])) { $pwdAttrName = $this->getPasswordAttrName();
$this->attributes['userPassword'][0] = pwd_disable($this->attributes['userPassword'][0]); if (isset($this->attributes[$pwdAttrName][0])) {
$this->attributes[$pwdAttrName][0] = pwd_disable($this->attributes[$pwdAttrName][0]);
} }
} }
@ -2848,8 +2854,9 @@ class posixAccount extends baseModule implements passwordService {
* Unlocks the user password of this account. * Unlocks the user password of this account.
*/ */
public function unlock() { public function unlock() {
if (isset($this->attributes['userPassword'][0])) { $pwdAttrName = $this->getPasswordAttrName();
$this->attributes['userPassword'][0] = pwd_enable($this->attributes['userPassword'][0]); if (isset($this->attributes[$pwdAttrName][0])) {
$this->attributes[$pwdAttrName][0] = pwd_enable($this->attributes[$pwdAttrName][0]);
} }
} }
@ -2980,6 +2987,40 @@ class posixAccount extends baseModule implements passwordService {
return !$this->manageCn(); return !$this->manageCn();
} }
/**
* Returns the password attribute.
* Usually, this is userPassword. If Windows modules are active this is unixUserPassword.
*
* @return boolean attribute name
*/
private function getPasswordAttrName() {
$name = 'userPassword';
if (isset($_SESSION['config'])) {
$conf = $_SESSION['config'];
if (in_array('windowsUser', $conf->get_AccountModules($this->get_scope()))) {
return 'unixUserPassword';
}
}
return $name;
}
/**
* Returns the home directory attribute.
* Usually, this is homeDirectory. If Windows modules are active this is unixHomeDirectory.
*
* @return boolean attribute name
*/
private function getHomedirAttrName() {
$name = 'homeDirectory';
if (isset($_SESSION['config'])) {
$conf = $_SESSION['config'];
if (in_array('windowsUser', $conf->get_AccountModules($this->get_scope()))) {
return 'unixHomeDirectory';
}
}
return $name;
}
} }
?> ?>