diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index eba470ebf957eaf0db7aaef90fe6bf16e83afd72..a3817e77ea083942846f25935b96812558892aac 100644 (file)
protected $aclPlugin = "user";
protected $objectName = "user";
+ protected $proposal = "";
+ protected $proposalEnabled = FALSE;
+ protected $proposalSelected = FALSE;
+
+ protected $passwordChangeForceable = FALSE;
+ protected $enforcePasswordChange = FALSE;
+
+
function __construct($config,$ui)
{
$this->config = $config;
}
+ function refreshProposal()
+ {
+ $this->proposal = passwordMethod::getPasswordProposal($this->config);
+ $this->proposalEnabled = (!empty($this->proposal));
+ }
+
+
// Inject user actions
function detectPostActions()
{
if(isset($_POST['abort_event_dialog'])) $action['action'] = "abortEventDialog";
if(isset($_POST['password_cancel'])){
$action['action'] = "passwordCancel";
- }elseif((count($this->pwd_change_queue) || isset($_POST['password_finish']))){
+ }elseif((count($this->pwd_change_queue) || isset($_POST['password_finish']) || isset($_POST['refreshProposal']))){
$action['action'] = "passwordQueue";
}
return($action);
function editEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="")
{
- management::editEntry($action,$target);
+ $str = management::editEntry($action,$target);
+ if($str) return($str);
if(preg_match("/^edit_/",$action)){
$tab = preg_replace("/^edit_/","",$action);
function handlePasswordQueue()
{
- // Get next entry from queue.
- if(empty($this->dn) && count($this->pwd_change_queue)){
- $this->dn = array_pop($this->pwd_change_queue);
- set_object_info($this->dn);
- $smarty = get_smarty();
- return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
- }
+ // skip if nothing is to do
+ if(empty($this->dn) && !count($this->pwd_change_queue)) return;
- // Check permissions
- $dn = $this->dn;
- $acl = $this->ui->get_permissions($dn, "users/password");
- $cacl= $this->ui->get_permissions($dn, "users/user");
- if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){
- $message= array();
- if ($_POST['new_password'] != $_POST['repeated_password']){
- $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
- } else {
- if ($_POST['new_password'] == ""){
- $message[] = msgPool::required(_("New password"));
- }
+ // Refresh proposal if requested
+ if(isset($_POST['refreshProposal'])) $this->refreshProposal();
+ if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;
+
+ $this->enforcePasswordChange = isset($_POST['new_password']) && isset($_POST['enforcePasswordChange']);
+
+ $smarty = get_smarty();
+ $smarty->assign("proposal" , $this->proposal);
+ $smarty->assign("proposalEnabled" , $this->proposalEnabled);
+ $smarty->assign("proposalSelected" , $this->proposalSelected);
+
+ $smarty->assign("passwordChangeForceable" , $this->passwordChangeForceable);
+ $smarty->assign("enforcePasswordChange" , $this->enforcePasswordChange);
+
+ // Get next entry from queue.
+ if(empty($this->dn) && count($this->pwd_change_queue)){
+
+ // Generate new proposal
+ $this->refreshProposal();
+ $this->proposalSelected = ($this->proposal != "");
+ $this->dn = array_pop($this->pwd_change_queue);
+
+ // Check if we are able to enforce a password change
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->cat($this->dn);
+ $attrs = $ldap->fetch();
+ $this->passwordChangeForceable =
+ in_array('sambaAccount', $attrs['objectClass']) ||
+ (in_array('posixAccount', $attrs['objectClass']) && isset($attrs['shadowMax']));
+ $smarty->assign("passwordChangeForceable" , $this->passwordChangeForceable);
+ $smarty->assign("enforcePasswordChange" , $this->enforcePasswordChange);
+
+ // Assign proposal variables
+ $smarty->assign("proposal" , $this->proposal);
+ $smarty->assign("proposalEnabled" , $this->proposalEnabled);
+ $smarty->assign("proposalSelected" , $this->proposalSelected);
+
+ set_object_info($this->dn);
+ return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
}
- // Display errors
- if (count($message) != 0){
- msg_dialog::displayChecks($message);
- $smarty = get_smarty();
- return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ // If we've just refreshed the proposal then do not check the password for validity.
+ if(isset($_POST['refreshProposal'])){
+ return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
}
- // Change cassword
- if(isset($this->force_hash_type[$this->dn])){
- if(!change_password ($this->dn, $_POST['new_password'],0,$this->force_hash_type[$this->dn])){
- return($smarty->fetch(get_template_path('password.tpl', TRUE)));
- }
- }else{
- if(!change_password ($this->dn, $_POST['new_password'])){
- return($smarty->fetch(get_template_path('password.tpl', TRUE)));
- }
+ // Check permissions
+ if(isset($_POST['password_finish'])){
+
+ $dn = $this->dn;
+ $acl = $this->ui->get_permissions($dn, "users/password");
+ $cacl= $this->ui->get_permissions($dn, "users/user");
+ if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){
+
+ // Get posted passwords
+ if($this->proposalSelected){
+ $new_password = $this->proposal;
+ $repeated_password = $this->proposal;
+ }else{
+ $new_password = get_post('new_password');
+ $repeated_password = get_post('repeated_password');
+ }
+
+ // Check posted passwords now.
+ $message= array();
+ if ($new_password != $repeated_password){
+ $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
+ } else {
+ if ($new_password == ""){
+ $message[] = msgPool::required(_("New password"));
+ }
+ }
+
+ // Display errors
+ if (count($message) != 0){
+ msg_dialog::displayChecks($message);
+ return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+
+ // Change password
+ if(isset($this->force_hash_type[$this->dn])){
+ if(!change_password ($this->dn, $new_password,0,$this->force_hash_type[$this->dn])){
+ return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+ }else{
+ if(!change_password ($this->dn, $new_password)){
+ return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+ }
+ if ($this->config->get_cfg_value("passwordHook") != ""){
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->cat($this->dn,array('uid'));
+ $attrs = $ldap->fetch();
+ exec($this->config->get_cfg_value("passwordHook")." ".
+ escapeshellarg($attrs['uid'][0])." ".escapeshellarg($new_password), $resarr);
+ $check_hook_output = "";
+ if(count($resarr) > 0) {
+ $check_hook_output= join('\n', $resarr);
+ }
+ if(!empty($check_hook_output)){
+ $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),$check_hook_output);
+ msg_dialog::displayChecks($message);
+ return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+ }
+
+
+ // The user has to change his password on next login
+ // - We are going to update samba and posix attributes here, to enforce
+ // such a password change.
+ if($this->passwordChangeForceable && $this->enforcePasswordChange){
+
+ // Check if we are able to enforce a password change
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->cat($this->dn);
+ $attrs = $ldap->fetch();
+ $samba = in_array('sambaSamAccount', $attrs['objectClass']);
+ $posix = in_array('posixAccount', $attrs['objectClass']);
+
+ // Update the posix shadow flag...
+ if($posix){
+ $current= floor(date("U") /60 /60 /24);
+ $enforceDate = $current - $attrs['shadowMax'][0];
+ $new_attrs = array();
+ $new_attrs['shadowLastChange'] = $enforceDate;
+ $ldap->cd($this->dn);
+ $ldap->modify($new_attrs);
+
+# $posixAccount = new posixAccount($this->config, $this->dn);
+# $posixAccount->is_modified=TRUE;
+# $posixAccount->activate_shadowExpire=1;
+# $posixAccount->shadowExpire = date('d.m.Y', time() - (1 * 24 * 60 *60));
+# $posixAccount->save();
+ }
+
+ // Update the samba kickoff flag...
+ if($samba){
+ $sambaAccount = new sambaAccount($this->config, $this->dn);
+ $sambaAccount->is_modified=TRUE;
+ $sambaAccount->flag_enforcePasswordChange = TRUE;
+ $sambaAccount->flag_cannotChangePassword = FALSE;
+ $sambaAccount->save();
+ }
+ }
+
+ new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed");
+ $this->dn ="";
+
+ } else {
+ msg_dialog::display(_("Password change"),
+ _("You have no permission to change this users password!"),
+ WARNING_DIALOG);
+ }
}
- if ($this->config->get_cfg_value("passwordHook") != ""){
- exec($this->config->get_cfg_value("passwordHook")." ".$username." ".$_POST['new_password'], $resarr);
+ // Cleanup
+ if(!count($this->pwd_change_queue) && $this->dn=""){
+ $this->remove_lock();
+ $this->closeDialogs();
+ }else{
+ return($this->handlePasswordQueue());
}
- new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed");
- $this->dn ="";
-
- } else {
- msg_dialog::display(_("Password change"),
- _("You have no permission to change this users password!"),
- WARNING_DIALOG);
- }
-
- // Cleanup
- if(!count($this->pwd_change_queue)){
- $this->remove_lock();
- $this->closeDialogs();
- }else{
- return($this->handlePasswordQueue());
- }
}
+
+
/*! \brief Save user modifications.
* Whenever we save a 'new' user, request a password change for him.
*/
function saveChanges()
{
- management::saveChanges();
+ $str = management::saveChanges();
+
+ if(!empty($str)) return($str);
+
+ if($this->last_tabObject instanceOf multi_plug){
+ foreach($this->last_tabObject->a_handles as $user){
+ if($user->password_change_needed()){
+ $this->force_hash_type[$user->dn] = $user->by_object['user']->pw_storage;
+ $this->pwd_change_queue[] = $user->dn;
+ }
+ }
+ return($this->handlePasswordQueue());
+ }
if(isset($this->last_tabObject->by_object['user']) && $this->last_tabObject->by_object['user']->password_change_needed()){
$this->force_hash_type[$this->last_tabObject->dn] = $this->last_tabObject->by_object['user']->pw_storage;
function cancelEdit()
{
- management::cancelEdit();
+ $str = management::cancelEdit();
+ if(!empty($str)) return($str);
- if(isset($this->last_tabObject->by_object['user']) && $this->last_tabObject->by_object['user']->password_change_needed()){
+ if(isset($this->last_tabObject->by_object['user']) &&
+ $this->last_tabObject->by_object['user']->dn != "new" &&
+ $this->last_tabObject->by_object['user']->password_change_needed()){
$this->force_hash_type[$this->last_tabObject->dn] = $this->last_tabObject->by_object['user']->pw_storage;
$this->pwd_change_queue[] = $this->last_tabObject->dn;
return($this->handlePasswordQueue());
function newUserFromTemplate($action="",$target=array(),$all=array())
{
// Call parent method, it knows whats to do, locking and so on ...
- management::newEntry($action,$target,$all);
+ $str = management::newEntry($action,$target,$all);
+ if(!empty($str)) return($str);
// Reset uid selection.
$this->got_uid= "";
$smarty->assign("template", array_pop($target));
$smarty->assign("templates", $templates);
$smarty->assign("edit_uid", "");
+ $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("allowUidProposalModification", "false"));
return($smarty->fetch(get_template_path('template.tpl', TRUE)));
// -> See 'templateContinue' for further handling!
{
// Call parent method, it manages everything, locking, object creation...
- management::newEntry($action,$target,$all);
+ $str = management::newEntry($action,$target,$all);
+ if(!empty($str)) return($str);
// If we've at least one template, then ask the user if he wants to use one?
$templates = array();
$templates = array_merge($templates,$this->get_templates());
// Display template selection
- if (count($templates)){
+ if (count($templates) > 1){
$smarty = get_smarty();
// Set default variables, normally empty.
$smarty->assign("template", "none");
$smarty->assign("templates", $templates);
$smarty->assign("edit_uid", "");
+ $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("allowUidProposalModification", "false"));
return($smarty->fetch(get_template_path('template.tpl', TRUE)));
// -> See 'templateContinue' for further handling!
$smarty->assign("templates",$templates);
$smarty->assign("got_uid", $this->got_uid);
$smarty->assign("edit_uid",false);
+ $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("allowUidProposalModification", "false"));
return($smarty->fetch(get_template_path('template.tpl', TRUE)));
}
$smarty->assign("template", $_POST['template']);
}
$smarty->assign("templates",$templates);
+ $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("allowUidProposalModification", "false"));
return($smarty->fetch(get_template_path('template.tpl', TRUE)));
}
// Check entry locking
foreach($target as $dn){
if (($user= get_lock($dn)) != ""){
+ $this->dn = $dn;
return(gen_locked_message ($user, $dn));
}
$this->dns[] = $dn;
*/
function lockUsers($action,$target,$all)
{
+ if(!count($target)) return;
if($action == "lockUsers"){
$this->lockEntry($action,$target, $all, "lock");
}else{