password history

This commit is contained in:
Roland Gruber 2016-07-09 08:26:05 +02:00
parent 8bb1b358d2
commit feaa741096
1 changed files with 92 additions and 35 deletions

View File

@ -411,6 +411,9 @@ class sambaSamAccount extends baseModule implements passwordService {
'domainSuffix' => array( 'domainSuffix' => array(
"Headline" => _("Domain suffix"), "Headline" => _("Domain suffix"),
"Text" => _("Please enter the LDAP suffix where your Samba domain entries are stored.")), "Text" => _("Please enter the LDAP suffix where your Samba domain entries are stored.")),
'history' => array(
"Headline" => _("Password history"),
"Text" => _("Enables password history. Depending on your LDAP server you need to select the right server-side ordering (switch if old passwords are not removed from history).")),
); );
// upload dependencies // upload dependencies
$return['upload_preDepends'] = array('posixAccount', 'inetOrgPerson'); $return['upload_preDepends'] = array('posixAccount', 'inetOrgPerson');
@ -557,38 +560,6 @@ class sambaSamAccount extends baseModule implements passwordService {
) )
); );
} }
// configuration options
$configContainer = new htmlTable();
$disableLM = new htmlTable();
$yesNo = array(_('yes') => 'yes', _('no') => 'no');
$yesNoSelect = new htmlTableExtendedSelect('sambaSamAccount_lmHash', $yesNo, array('yes'), _("Disable LM hashes"), 'lmHash');
$yesNoSelect->setHasDescriptiveElements(true);
$disableLM->addElement($yesNoSelect, true);
$configContainer->addElement($disableLM, true);
$configContainer->addElement(new htmlSpacer(null, '10px'), true);
$configHiddenLabelGroup = new htmlGroup();
$configHiddenLabelGroup->addElement(new htmlOutputText(_('Hidden options') . ' '));
$configHiddenLabelGroup->addElement(new htmlHelpLink('hiddenOptions'));
$configContainer->addElement($configHiddenLabelGroup, true);
$hiddenContainer = new htmlTable();
$hiddenContainer->colspan = 5;
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideHomeDrive', false, _('Home drive'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideHomePath', false, _('Home path'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideProfilePath', false, _('Profile path'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideLogonScript', false, _('Logon script'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideSambaPwdLastSet', false, _('Last password change'), null, false));
$hiddenContainer->addNewLine();
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideWorkstations', false, _('Samba workstations'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideLogonHours', false, _('Logon hours'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideTerminalServer', false, _('Terminal server options'), null, false));
$configContainer->addElement($hiddenContainer);
$return['config_options']['user'] = $configContainer;
return $return; return $return;
} }
@ -1875,6 +1846,73 @@ class sambaSamAccount extends baseModule implements passwordService {
} }
} }
/**
* Returns a list of configuration options.
*
* Calling this method does not require the existence of an enclosing {@link accountContainer}.<br>
* <br>
* The field names are used as keywords to load and save settings.
* We recommend to use the module name as prefix for them (e.g. posixAccount_homeDirectory) to avoid naming conflicts.
*
* @param array $scopes account types (user, group, host)
* @param array $allScopes list of all active account modules and their scopes (module => array(scopes))
* @return mixed htmlElement or array of htmlElement
*
* @see baseModule::get_metaData()
* @see htmlElement
*/
public function get_configOptions($scopes, $allScopes) {
$return = parent::get_configOptions($scopes, $allScopes);
if (!in_array('user', $scopes)) {
return $return;
}
$configContainer = new htmlTable();
// password history
$history = new htmlTable();
$historyOptions = array(
_('yes - ordered ascending') => 'yes_deleteLast',
_('yes - ordered descending') => 'yes_deleteFirst',
_('no') => 'no'
);
$historySelect = new htmlTableExtendedSelect('sambaSamAccount_history', $historyOptions, array('yes_deleteLast'), _("Password history"), 'history');
$historySelect->setHasDescriptiveElements(true);
$history->addElement($historySelect, true);
$configContainer->addElement($history, true);
// disable LM passwords
$disableLM = new htmlTable();
$yesNo = array(_('yes') => 'yes', _('no') => 'no');
$lmYesNoSelect = new htmlTableExtendedSelect('sambaSamAccount_lmHash', $yesNo, array('yes'), _("Disable LM hashes"), 'lmHash');
$lmYesNoSelect->setHasDescriptiveElements(true);
$disableLM->addElement($lmYesNoSelect, true);
$configContainer->addElement($disableLM, true);
// hidden options
$configContainer->addElement(new htmlSpacer(null, '10px'), true);
$configHiddenLabelGroup = new htmlGroup();
$configHiddenLabelGroup->addElement(new htmlOutputText(_('Hidden options') . ' '));
$configHiddenLabelGroup->addElement(new htmlHelpLink('hiddenOptions'));
$configContainer->addElement($configHiddenLabelGroup, true);
$hiddenContainer = new htmlTable();
$hiddenContainer->colspan = 5;
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideHomeDrive', false, _('Home drive'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideHomePath', false, _('Home path'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideProfilePath', false, _('Profile path'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideLogonScript', false, _('Logon script'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideSambaPwdLastSet', false, _('Last password change'), null, false));
$hiddenContainer->addNewLine();
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideWorkstations', false, _('Samba workstations'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideLogonHours', false, _('Logon hours'), null, false));
$hiddenContainer->addElement(new htmlOutputText(' '));
$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideTerminalServer', false, _('Terminal server options'), null, false));
$configContainer->addElement($hiddenContainer);
$return[] = $configContainer;
return $return;
}
/** /**
* Returns a list of possible PDF entries for this account. * Returns a list of possible PDF entries for this account.
* *
@ -2467,7 +2505,7 @@ class sambaSamAccount extends baseModule implements passwordService {
} }
// set new history entry // set new history entry
$historyLength = $sambaDomain->pwdHistoryLength; $historyLength = $sambaDomain->pwdHistoryLength;
if (!$oldPasswordUsed && !empty($historyLength) && is_numeric($historyLength) && ($historyLength > 0)) { if (sambaSamAccount::isPasswordHistoryEnabled($this->moduleSettings) && !$oldPasswordUsed && !empty($historyLength) && is_numeric($historyLength) && ($historyLength > 0)) {
if (!empty($this->orig['sambaPasswordHistory'][0])) { if (!empty($this->orig['sambaPasswordHistory'][0])) {
$this->attributes['sambaPasswordHistory'] = $this->orig['sambaPasswordHistory']; $this->attributes['sambaPasswordHistory'] = $this->orig['sambaPasswordHistory'];
} }
@ -2475,9 +2513,19 @@ class sambaSamAccount extends baseModule implements passwordService {
$this->attributes['sambaPasswordHistory'] = array(); $this->attributes['sambaPasswordHistory'] = array();
} }
while (sizeof($this->attributes['sambaPasswordHistory']) > ($historyLength - 1)) { while (sizeof($this->attributes['sambaPasswordHistory']) > ($historyLength - 1)) {
array_pop($this->attributes['sambaPasswordHistory']); if (empty($this->moduleSettings['sambaSamAccount_history'][0]) || ($this->moduleSettings['sambaSamAccount_history'][0] == 'yes_deleteLast')) {
array_pop($this->attributes['sambaPasswordHistory']);
}
else {
array_shift($this->attributes['sambaPasswordHistory']);
}
}
if (empty($this->moduleSettings['sambaSamAccount_history'][0]) || ($this->moduleSettings['sambaSamAccount_history'][0] == 'yes_deleteLast')) {
array_unshift($this->attributes['sambaPasswordHistory'], sambaSamAccount::createHistoryEntry($password));
}
else {
$this->attributes['sambaPasswordHistory'][] = sambaSamAccount::createHistoryEntry($password);
} }
$this->attributes['sambaPasswordHistory'][] = sambaSamAccount::createHistoryEntry($password);
$this->attributes['sambaPasswordHistory'] = array_values($this->attributes['sambaPasswordHistory']); $this->attributes['sambaPasswordHistory'] = array_values($this->attributes['sambaPasswordHistory']);
} }
} }
@ -2754,6 +2802,15 @@ class sambaSamAccount extends baseModule implements passwordService {
return strtolower($md5hash) == strtolower($hash); return strtolower($md5hash) == strtolower($hash);
} }
/**
* Returns if password history is enabled.
*
* @param array $settings server profile or self service settings
*/
public static function isPasswordHistoryEnabled($settings) {
return empty($settings['sambaSamAccount_history']) || ($settings['sambaSamAccount_history'][0] != 'no');
}
} }
?> ?>