removed password encryption in session, fixed password bugs
This commit is contained in:
Roland Gruber
parent
f3f37da4a6
commit
f91528eff2
|
|
@ -115,7 +115,7 @@ class posixGroup extends baseModule {
|
||||||
// password
|
// password
|
||||||
if ($rawAccounts[$i][$ids['posixGroup_password']] != "") {
|
if ($rawAccounts[$i][$ids['posixGroup_password']] != "") {
|
||||||
if (get_preg($rawAccounts[$i][$ids['posixGroup_password']], 'password')) {
|
if (get_preg($rawAccounts[$i][$ids['posixGroup_password']], 'password')) {
|
||||||
$partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['posixGroup_password']], true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
$partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['posixGroup_password']], true, $this->moduleSettings['posixGroup_pwdHash'][0]);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$error_messages[] = $this->messages['userPassword'][1];
|
$error_messages[] = $this->messages['userPassword'][1];
|
||||||
|
|
@ -161,6 +161,16 @@ class posixGroup extends baseModule {
|
||||||
* It will output a complete html-table
|
* It will output a complete html-table
|
||||||
*/
|
*/
|
||||||
function display_html_attributes(&$post) {
|
function display_html_attributes(&$post) {
|
||||||
|
// check password format if called the first time
|
||||||
|
if (!isset($this->userPassword_invalid)) {
|
||||||
|
if ($this->attributes['userPassword'][0]) {
|
||||||
|
if ($this->attributes['userPassword'][0] == '*') $this->userPassword_invalid = true;
|
||||||
|
else $this->userPassword_invalid = false;
|
||||||
|
if (pwd_is_enabled($this->attributes['userPassword'][0])) $this->userPassword_lock = false;
|
||||||
|
else $this->userPassword_lock = true;
|
||||||
|
}
|
||||||
|
else $this->userPassword_nopassword = true;
|
||||||
|
}
|
||||||
$return[] = array(
|
$return[] = array(
|
||||||
0 => array('kind' => 'text', 'text' => _("Group name").'*'),
|
0 => array('kind' => 'text', 'text' => _("Group name").'*'),
|
||||||
1 => array('kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]),
|
1 => array('kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]),
|
||||||
|
|
@ -180,13 +190,11 @@ class posixGroup extends baseModule {
|
||||||
if ($_SESSION[$this->base]->isNewAccount) {
|
if ($_SESSION[$this->base]->isNewAccount) {
|
||||||
$return[] = array(
|
$return[] = array(
|
||||||
0 => array('kind' => 'text', 'text' => _('Password')),
|
0 => array('kind' => 'text', 'text' => _('Password')),
|
||||||
1 => array('kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->userPassword()),
|
1 => array('kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]),
|
||||||
2 => array('kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password')));
|
2 => array('kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password')));
|
||||||
if ($post['userPassword2']!='') $password2 = $post['userPassword2'];
|
|
||||||
else $password2 = $this->userPassword();
|
|
||||||
$return[] = array(
|
$return[] = array(
|
||||||
0 => array('kind' => 'text', 'text' => _('Repeat password')),
|
0 => array('kind' => 'text', 'text' => _('Repeat password')),
|
||||||
1 => array('kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password2),
|
1 => array('kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]),
|
||||||
2 => array('kind' => 'help', 'value' => 'userPassword'));
|
2 => array('kind' => 'help', 'value' => 'userPassword'));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
@ -469,17 +477,6 @@ class posixGroup extends baseModule {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* This function loads all attributes into the object
|
|
||||||
* $attr is an array as it's retured from ldap_get_attributes
|
|
||||||
*/
|
|
||||||
function load_attributes($attr) {
|
|
||||||
parent::load_attributes($attr);
|
|
||||||
// Delete password. We don't want to show an encrypted password because it makes no sense
|
|
||||||
$this->userPassword('');
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/** this functin fills the error message array with messages
|
/** this functin fills the error message array with messages
|
||||||
**/
|
**/
|
||||||
function load_Messages() {
|
function load_Messages() {
|
||||||
|
|
@ -542,7 +539,7 @@ class posixGroup extends baseModule {
|
||||||
if ($post['userPassword_nopassword']) {
|
if ($post['userPassword_nopassword']) {
|
||||||
$this->userPassword_nopassword=true;
|
$this->userPassword_nopassword=true;
|
||||||
$this->userPassword_invalid=false;
|
$this->userPassword_invalid=false;
|
||||||
$this->userPassword('');
|
$this->attributes['userPassword'][0] = '';
|
||||||
$post['userPassword2'] = '';
|
$post['userPassword2'] = '';
|
||||||
if ($post['userPassword_lock'])
|
if ($post['userPassword_lock'])
|
||||||
$this->userPassword_lock=true;
|
$this->userPassword_lock=true;
|
||||||
|
|
@ -553,17 +550,16 @@ class posixGroup extends baseModule {
|
||||||
if ($post['userPassword_invalid']) {
|
if ($post['userPassword_invalid']) {
|
||||||
$this->userPassword_invalid=true;
|
$this->userPassword_invalid=true;
|
||||||
$this->userPassword_lock=false;
|
$this->userPassword_lock=false;
|
||||||
$this->userPassword('');
|
|
||||||
$post['userPassword2'] = '';
|
$post['userPassword2'] = '';
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$this->userPassword_invalid=false;
|
$this->userPassword_invalid=false;
|
||||||
if ($post['genpass']) $this->userPassword(genpasswd());
|
if ($post['genpass']) $this->attributes['userPassword'][0] = genpasswd();
|
||||||
elseif ($_SESSION[$this->base]->isNewAccount) {
|
elseif ($_SESSION[$this->base]->isNewAccount) {
|
||||||
if ($post['userPassword'] != $post['userPassword2'])
|
if ($post['userPassword'] != $post['userPassword2'])
|
||||||
$triggered_messages['userPassword'][] = $this->messages['userPassword'][0];
|
$triggered_messages['userPassword'][] = $this->messages['userPassword'][0];
|
||||||
else $this->userPassword($post['userPassword']);
|
else $this->attributes['userPassword'][0] = $post['userPassword'];
|
||||||
if (!get_preg($this->userPassword(), 'password'))
|
if (!get_preg($this->attributes['userPassword'][0], 'password'))
|
||||||
$triggered_messages['userPassword'][] = $this->messages['userPassword'][1];
|
$triggered_messages['userPassword'][] = $this->messages['userPassword'][1];
|
||||||
}
|
}
|
||||||
if ($post['userPassword_lock']) $this->userPassword_lock=true;
|
if ($post['userPassword_lock']) $this->userPassword_lock=true;
|
||||||
|
|
@ -719,7 +715,12 @@ class posixGroup extends baseModule {
|
||||||
if (!get_preg($post['userPassword'], 'password'))
|
if (!get_preg($post['userPassword'], 'password'))
|
||||||
$messages['userPassword'][] = $this->messages['userPassword'][1];
|
$messages['userPassword'][] = $this->messages['userPassword'][1];
|
||||||
}
|
}
|
||||||
else $this->userPassword($post['userPassword']);
|
else {
|
||||||
|
$this->attributes['userPassword'][0] = $post['userPassword'];
|
||||||
|
$this->userPassword_invalid = false;
|
||||||
|
$this->userPassword_lock = false;
|
||||||
|
$this->userPassword_nopassword = false;
|
||||||
|
}
|
||||||
if (sizeof($messages) > 0) return $messages;
|
if (sizeof($messages) > 0) return $messages;
|
||||||
else return 'attributes';
|
else return 'attributes';
|
||||||
}
|
}
|
||||||
|
|
@ -734,7 +735,6 @@ class posixGroup extends baseModule {
|
||||||
*/
|
*/
|
||||||
function save_attributes() {
|
function save_attributes() {
|
||||||
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
||||||
|
|
||||||
// unset password when needed
|
// unset password when needed
|
||||||
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword']))
|
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword']))
|
||||||
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
|
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
|
||||||
|
|
@ -744,25 +744,33 @@ class posixGroup extends baseModule {
|
||||||
unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']);
|
unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']);
|
||||||
// Set unix password
|
// Set unix password
|
||||||
if (isset($this->orig['userPassword'][0])) {
|
if (isset($this->orig['userPassword'][0])) {
|
||||||
if ($this->userPassword_nopassword) // use no password
|
// use no password
|
||||||
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
if ($this->userPassword_nopassword)
|
||||||
else if ($this->userPassword_invalid) // use '*' as password
|
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]);
|
||||||
|
// invalid, use '*' as password
|
||||||
|
elseif ($this->userPassword_invalid)
|
||||||
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = '*';
|
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = '*';
|
||||||
else if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->userPassword()!='') // set password if set
|
// password changed
|
||||||
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
elseif (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->attributes['userPassword'][0] != '')
|
||||||
else if ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0])) // lock account if required
|
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]);
|
||||||
|
// lock account if required
|
||||||
|
elseif ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0]))
|
||||||
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]);
|
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]);
|
||||||
else // password hasn't changed
|
// unlock password if required
|
||||||
|
elseif (!$this->userPassword_lock && (pwd_enable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0]))
|
||||||
|
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_enable($this->orig['userPassword'][0]);
|
||||||
|
// password has not changed
|
||||||
|
else
|
||||||
$return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0];
|
$return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0];
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// New user or no old password set
|
// New user or no old password set
|
||||||
if ($this->userPassword_nopassword) // use no password
|
if ($this->userPassword_nopassword) // use no password
|
||||||
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]);
|
||||||
else if ($this->userPassword_invalid) // use '*' as password
|
else if ($this->userPassword_invalid) // use '*' as password
|
||||||
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = '*';
|
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = '*';
|
||||||
else if ($this->userPassword()!='') // set password if set
|
else if ($this->attributes['userPassword'][0] != '') // set password if set
|
||||||
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->userPassword(), !$this->userPassword_lock, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove primary group from users from memberUid
|
// Remove primary group from users from memberUid
|
||||||
|
|
@ -837,28 +845,6 @@ class posixGroup extends baseModule {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/** $attribute['userPassword'] can't accessed directly because it's enrcypted
|
|
||||||
* To read / write password function userPassword is needed
|
|
||||||
* This function will return the unencrypted password when
|
|
||||||
* called without a variable
|
|
||||||
* If it's called with a new password, the
|
|
||||||
* new password will be stored encrypted
|
|
||||||
*/
|
|
||||||
function userPassword($newpassword=false) {
|
|
||||||
if (is_string($newpassword)) {
|
|
||||||
// Write new password
|
|
||||||
if ($newpassword=='')
|
|
||||||
$this->attributes['userPassword'][0] = '';
|
|
||||||
else $this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
if ($this->attributes['userPassword'][0]!='') // Read existing password if set
|
|
||||||
return $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0]));
|
|
||||||
else return '';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns one or more free GID numbers.
|
* Returns one or more free GID numbers.
|
||||||
*
|
*
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue