diff --git a/lam/lib/modules/posixGroup.inc b/lam/lib/modules/posixGroup.inc index 6dff9168..239f6f40 100644 --- a/lam/lib/modules/posixGroup.inc +++ b/lam/lib/modules/posixGroup.inc @@ -115,7 +115,7 @@ class posixGroup extends baseModule { // password if ($rawAccounts[$i][$ids['posixGroup_password']] != "") { if (get_preg($rawAccounts[$i][$ids['posixGroup_password']], 'password')) { - $partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['posixGroup_password']], true, $this->moduleSettings['posixAccount_pwdHash'][0]); + $partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['posixGroup_password']], true, $this->moduleSettings['posixGroup_pwdHash'][0]); } else { $error_messages[] = $this->messages['userPassword'][1]; @@ -161,6 +161,16 @@ class posixGroup extends baseModule { * It will output a complete html-table */ function display_html_attributes(&$post) { + // check password format if called the first time + if (!isset($this->userPassword_invalid)) { + if ($this->attributes['userPassword'][0]) { + if ($this->attributes['userPassword'][0] == '*') $this->userPassword_invalid = true; + else $this->userPassword_invalid = false; + if (pwd_is_enabled($this->attributes['userPassword'][0])) $this->userPassword_lock = false; + else $this->userPassword_lock = true; + } + else $this->userPassword_nopassword = true; + } $return[] = array( 0 => array('kind' => 'text', 'text' => _("Group name").'*'), 1 => array('kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]), @@ -180,13 +190,11 @@ class posixGroup extends baseModule { if ($_SESSION[$this->base]->isNewAccount) { $return[] = array( 0 => array('kind' => 'text', 'text' => _('Password')), - 1 => array('kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->userPassword()), + 1 => array('kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]), 2 => array('kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password'))); - if ($post['userPassword2']!='') $password2 = $post['userPassword2']; - else $password2 = $this->userPassword(); $return[] = array( 0 => array('kind' => 'text', 'text' => _('Repeat password')), - 1 => array('kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2), + 1 => array('kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]), 2 => array('kind' => 'help', 'value' => 'userPassword')); } else { @@ -469,17 +477,6 @@ class posixGroup extends baseModule { } - /* This function loads all attributes into the object - * $attr is an array as it's retured from ldap_get_attributes - */ - function load_attributes($attr) { - parent::load_attributes($attr); - // Delete password. We don't want to show an encrypted password because it makes no sense - $this->userPassword(''); - return 0; - } - - /** this functin fills the error message array with messages **/ function load_Messages() { @@ -542,7 +539,7 @@ class posixGroup extends baseModule { if ($post['userPassword_nopassword']) { $this->userPassword_nopassword=true; $this->userPassword_invalid=false; - $this->userPassword(''); + $this->attributes['userPassword'][0] = ''; $post['userPassword2'] = ''; if ($post['userPassword_lock']) $this->userPassword_lock=true; @@ -553,17 +550,16 @@ class posixGroup extends baseModule { if ($post['userPassword_invalid']) { $this->userPassword_invalid=true; $this->userPassword_lock=false; - $this->userPassword(''); $post['userPassword2'] = ''; } else { $this->userPassword_invalid=false; - if ($post['genpass']) $this->userPassword(genpasswd()); + if ($post['genpass']) $this->attributes['userPassword'][0] = genpasswd(); elseif ($_SESSION[$this->base]->isNewAccount) { if ($post['userPassword'] != $post['userPassword2']) $triggered_messages['userPassword'][] = $this->messages['userPassword'][0]; - else $this->userPassword($post['userPassword']); - if (!get_preg($this->userPassword(), 'password')) + else $this->attributes['userPassword'][0] = $post['userPassword']; + if (!get_preg($this->attributes['userPassword'][0], 'password')) $triggered_messages['userPassword'][] = $this->messages['userPassword'][1]; } if ($post['userPassword_lock']) $this->userPassword_lock=true; @@ -719,7 +715,12 @@ class posixGroup extends baseModule { if (!get_preg($post['userPassword'], 'password')) $messages['userPassword'][] = $this->messages['userPassword'][1]; } - else $this->userPassword($post['userPassword']); + else { + $this->attributes['userPassword'][0] = $post['userPassword']; + $this->userPassword_invalid = false; + $this->userPassword_lock = false; + $this->userPassword_nopassword = false; + } if (sizeof($messages) > 0) return $messages; else return 'attributes'; } @@ -734,7 +735,6 @@ class posixGroup extends baseModule { */ function save_attributes() { $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); - // unset password when needed if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword'])) unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']); @@ -744,25 +744,33 @@ class posixGroup extends baseModule { unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']); // Set unix password if (isset($this->orig['userPassword'][0])) { - if ($this->userPassword_nopassword) // use no password - $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]); - else if ($this->userPassword_invalid) // use '*' as password + // use no password + if ($this->userPassword_nopassword) + $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); + // invalid, use '*' as password + elseif ($this->userPassword_invalid) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = '*'; - else if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->userPassword()!='') // set password if set - $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]); - else if ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0])) // lock account if required + // password changed + elseif (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->attributes['userPassword'][0] != '') + $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); + // lock account if required + elseif ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0])) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]); - else // password hasn't changed + // unlock password if required + elseif (!$this->userPassword_lock && (pwd_enable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0])) + $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_enable($this->orig['userPassword'][0]); + // password has not changed + else $return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0]; } else { // New user or no old password set if ($this->userPassword_nopassword) // use no password - $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]); + $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); else if ($this->userPassword_invalid) // use '*' as password $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = '*'; - else if ($this->userPassword()!='') // set password if set - $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]); + else if ($this->attributes['userPassword'][0] != '') // set password if set + $return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]); } // Remove primary group from users from memberUid @@ -837,28 +845,6 @@ class posixGroup extends baseModule { } - /** $attribute['userPassword'] can't accessed directly because it's enrcypted - * To read / write password function userPassword is needed - * This function will return the unencrypted password when - * called without a variable - * If it's called with a new password, the - * new password will be stored encrypted - */ - function userPassword($newpassword=false) { - if (is_string($newpassword)) { - // Write new password - if ($newpassword=='') - $this->attributes['userPassword'][0] = ''; - else $this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword)); - return 0; - } - else { - if ($this->attributes['userPassword'][0]!='') // Read existing password if set - return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0])); - else return ''; - } - } - /** * Returns one or more free GID numbers. *