From feaa74109653f5f5eaaa06a81ace8de5ebf41d6c Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sat, 9 Jul 2016 08:26:05 +0200 Subject: [PATCH] password history --- lam/lib/modules/sambaSamAccount.inc | 127 ++++++++++++++++++++-------- 1 file changed, 92 insertions(+), 35 deletions(-) diff --git a/lam/lib/modules/sambaSamAccount.inc b/lam/lib/modules/sambaSamAccount.inc index dc56455c..f303c1b5 100644 --- a/lam/lib/modules/sambaSamAccount.inc +++ b/lam/lib/modules/sambaSamAccount.inc @@ -411,6 +411,9 @@ class sambaSamAccount extends baseModule implements passwordService { 'domainSuffix' => array( "Headline" => _("Domain suffix"), "Text" => _("Please enter the LDAP suffix where your Samba domain entries are stored.")), + 'history' => array( + "Headline" => _("Password history"), + "Text" => _("Enables password history. Depending on your LDAP server you need to select the right server-side ordering (switch if old passwords are not removed from history).")), ); // upload dependencies $return['upload_preDepends'] = array('posixAccount', 'inetOrgPerson'); @@ -557,38 +560,6 @@ class sambaSamAccount extends baseModule implements passwordService { ) ); } - // configuration options - $configContainer = new htmlTable(); - $disableLM = new htmlTable(); - $yesNo = array(_('yes') => 'yes', _('no') => 'no'); - $yesNoSelect = new htmlTableExtendedSelect('sambaSamAccount_lmHash', $yesNo, array('yes'), _("Disable LM hashes"), 'lmHash'); - $yesNoSelect->setHasDescriptiveElements(true); - $disableLM->addElement($yesNoSelect, true); - $configContainer->addElement($disableLM, true); - $configContainer->addElement(new htmlSpacer(null, '10px'), true); - $configHiddenLabelGroup = new htmlGroup(); - $configHiddenLabelGroup->addElement(new htmlOutputText(_('Hidden options') . ' ')); - $configHiddenLabelGroup->addElement(new htmlHelpLink('hiddenOptions')); - $configContainer->addElement($configHiddenLabelGroup, true); - $hiddenContainer = new htmlTable(); - $hiddenContainer->colspan = 5; - $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideHomeDrive', false, _('Home drive'), null, false)); - $hiddenContainer->addElement(new htmlOutputText(' ')); - $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideHomePath', false, _('Home path'), null, false)); - $hiddenContainer->addElement(new htmlOutputText(' ')); - $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideProfilePath', false, _('Profile path'), null, false)); - $hiddenContainer->addElement(new htmlOutputText(' ')); - $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideLogonScript', false, _('Logon script'), null, false)); - $hiddenContainer->addElement(new htmlOutputText(' ')); - $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideSambaPwdLastSet', false, _('Last password change'), null, false)); - $hiddenContainer->addNewLine(); - $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideWorkstations', false, _('Samba workstations'), null, false)); - $hiddenContainer->addElement(new htmlOutputText(' ')); - $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideLogonHours', false, _('Logon hours'), null, false)); - $hiddenContainer->addElement(new htmlOutputText(' ')); - $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideTerminalServer', false, _('Terminal server options'), null, false)); - $configContainer->addElement($hiddenContainer); - $return['config_options']['user'] = $configContainer; return $return; } @@ -1875,6 +1846,73 @@ class sambaSamAccount extends baseModule implements passwordService { } } + /** + * Returns a list of configuration options. + * + * Calling this method does not require the existence of an enclosing {@link accountContainer}.
+ *
+ * The field names are used as keywords to load and save settings. + * We recommend to use the module name as prefix for them (e.g. posixAccount_homeDirectory) to avoid naming conflicts. + * + * @param array $scopes account types (user, group, host) + * @param array $allScopes list of all active account modules and their scopes (module => array(scopes)) + * @return mixed htmlElement or array of htmlElement + * + * @see baseModule::get_metaData() + * @see htmlElement + */ + public function get_configOptions($scopes, $allScopes) { + $return = parent::get_configOptions($scopes, $allScopes); + if (!in_array('user', $scopes)) { + return $return; + } + $configContainer = new htmlTable(); + // password history + $history = new htmlTable(); + $historyOptions = array( + _('yes - ordered ascending') => 'yes_deleteLast', + _('yes - ordered descending') => 'yes_deleteFirst', + _('no') => 'no' + ); + $historySelect = new htmlTableExtendedSelect('sambaSamAccount_history', $historyOptions, array('yes_deleteLast'), _("Password history"), 'history'); + $historySelect->setHasDescriptiveElements(true); + $history->addElement($historySelect, true); + $configContainer->addElement($history, true); + // disable LM passwords + $disableLM = new htmlTable(); + $yesNo = array(_('yes') => 'yes', _('no') => 'no'); + $lmYesNoSelect = new htmlTableExtendedSelect('sambaSamAccount_lmHash', $yesNo, array('yes'), _("Disable LM hashes"), 'lmHash'); + $lmYesNoSelect->setHasDescriptiveElements(true); + $disableLM->addElement($lmYesNoSelect, true); + $configContainer->addElement($disableLM, true); + // hidden options + $configContainer->addElement(new htmlSpacer(null, '10px'), true); + $configHiddenLabelGroup = new htmlGroup(); + $configHiddenLabelGroup->addElement(new htmlOutputText(_('Hidden options') . ' ')); + $configHiddenLabelGroup->addElement(new htmlHelpLink('hiddenOptions')); + $configContainer->addElement($configHiddenLabelGroup, true); + $hiddenContainer = new htmlTable(); + $hiddenContainer->colspan = 5; + $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideHomeDrive', false, _('Home drive'), null, false)); + $hiddenContainer->addElement(new htmlOutputText(' ')); + $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideHomePath', false, _('Home path'), null, false)); + $hiddenContainer->addElement(new htmlOutputText(' ')); + $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideProfilePath', false, _('Profile path'), null, false)); + $hiddenContainer->addElement(new htmlOutputText(' ')); + $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideLogonScript', false, _('Logon script'), null, false)); + $hiddenContainer->addElement(new htmlOutputText(' ')); + $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideSambaPwdLastSet', false, _('Last password change'), null, false)); + $hiddenContainer->addNewLine(); + $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideWorkstations', false, _('Samba workstations'), null, false)); + $hiddenContainer->addElement(new htmlOutputText(' ')); + $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideLogonHours', false, _('Logon hours'), null, false)); + $hiddenContainer->addElement(new htmlOutputText(' ')); + $hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideTerminalServer', false, _('Terminal server options'), null, false)); + $configContainer->addElement($hiddenContainer); + $return[] = $configContainer; + return $return; + } + /** * Returns a list of possible PDF entries for this account. * @@ -2467,7 +2505,7 @@ class sambaSamAccount extends baseModule implements passwordService { } // set new history entry $historyLength = $sambaDomain->pwdHistoryLength; - if (!$oldPasswordUsed && !empty($historyLength) && is_numeric($historyLength) && ($historyLength > 0)) { + if (sambaSamAccount::isPasswordHistoryEnabled($this->moduleSettings) && !$oldPasswordUsed && !empty($historyLength) && is_numeric($historyLength) && ($historyLength > 0)) { if (!empty($this->orig['sambaPasswordHistory'][0])) { $this->attributes['sambaPasswordHistory'] = $this->orig['sambaPasswordHistory']; } @@ -2475,9 +2513,19 @@ class sambaSamAccount extends baseModule implements passwordService { $this->attributes['sambaPasswordHistory'] = array(); } while (sizeof($this->attributes['sambaPasswordHistory']) > ($historyLength - 1)) { - array_pop($this->attributes['sambaPasswordHistory']); + if (empty($this->moduleSettings['sambaSamAccount_history'][0]) || ($this->moduleSettings['sambaSamAccount_history'][0] == 'yes_deleteLast')) { + array_pop($this->attributes['sambaPasswordHistory']); + } + else { + array_shift($this->attributes['sambaPasswordHistory']); + } + } + if (empty($this->moduleSettings['sambaSamAccount_history'][0]) || ($this->moduleSettings['sambaSamAccount_history'][0] == 'yes_deleteLast')) { + array_unshift($this->attributes['sambaPasswordHistory'], sambaSamAccount::createHistoryEntry($password)); + } + else { + $this->attributes['sambaPasswordHistory'][] = sambaSamAccount::createHistoryEntry($password); } - $this->attributes['sambaPasswordHistory'][] = sambaSamAccount::createHistoryEntry($password); $this->attributes['sambaPasswordHistory'] = array_values($this->attributes['sambaPasswordHistory']); } } @@ -2754,6 +2802,15 @@ class sambaSamAccount extends baseModule implements passwordService { return strtolower($md5hash) == strtolower($hash); } + /** + * Returns if password history is enabled. + * + * @param array $settings server profile or self service settings + */ + public static function isPasswordHistoryEnabled($settings) { + return empty($settings['sambaSamAccount_history']) || ($settings['sambaSamAccount_history'][0] != 'no'); + } + } ?>