X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fplugins%2Fadmin%2Fusers%2Fclass_userManagement.inc;h=a3817e77ea083942846f25935b96812558892aac;hb=296f2f2d04ddad2e27b57b36599818cbc2cad264;hp=6b9555930835a9500605024b0de4417cc98c67c7;hpb=602f71f2ee874ce922adbdd242657602995e383d;p=gosa.git diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc index 6b9555930..a3817e77e 100644 --- a/gosa-core/plugins/admin/users/class_userManagement.inc +++ b/gosa-core/plugins/admin/users/class_userManagement.inc @@ -33,6 +33,7 @@ class userManagement extends management var $edit_uid = ""; var $pwd_change_queue = array(); + var $force_hash_type = array(); // Tab definition protected $tabClass = "usertabs"; @@ -41,6 +42,14 @@ class userManagement extends management protected $aclPlugin = "user"; protected $objectName = "user"; + protected $proposal = ""; + protected $proposalEnabled = FALSE; + protected $proposalSelected = FALSE; + + protected $passwordChangeForceable = FALSE; + protected $enforcePasswordChange = FALSE; + + function __construct($config,$ui) { $this->config = $config; @@ -74,24 +83,6 @@ class userManagement extends management parent::__construct($config, $ui, "users", $headpage); - $this->registerAction("new", "newEntry"); - $this->registerAction("edit", "editEntry"); - $this->registerAction("apply", "applyChanges"); - $this->registerAction("save", "saveChanges"); - $this->registerAction("cancel", "cancelEdit"); - $this->registerAction("remove", "removeEntryRequested"); - $this->registerAction("removeConfirmed", "removeEntryConfirmed"); - - $this->registerAction("copy", "copyPasteHandler"); - $this->registerAction("cut", "copyPasteHandler"); - $this->registerAction("paste", "copyPasteHandler"); - - $this->registerAction("snapshot", "createSnapshotDialog"); - $this->registerAction("restore", "restoreSnapshotDialog"); - $this->registerAction("saveSnapshot","saveSnapshot"); - $this->registerAction("restoreSnapshot","restoreSnapshot"); - $this->registerAction("cancelSnapshot","closeDialogs"); - // Register special user actions $this->registerAction("lock", "lockEntry"); $this->registerAction("lockUsers", "lockUsers"); @@ -109,6 +100,23 @@ class userManagement extends management $this->registerAction("sendMessage", "sendMessage"); $this->registerAction("saveEventDialog", "saveEventDialog"); $this->registerAction("abortEventDialog", "closeDialogs"); + + // Register shortcut icon actions + $this->registerAction("edit_user","editEntry"); + $this->registerAction("edit_posixAccount","editEntry"); + $this->registerAction("edit_mailAccount","editEntry"); + $this->registerAction("edit_sambaAccount","editEntry"); + $this->registerAction("edit_netatalk","editEntry"); + $this->registerAction("edit_environment","editEntry"); + $this->registerAction("edit_gofaxAccount","editEntry"); + $this->registerAction("edit_phoneAccount","editEntry"); + } + + + function refreshProposal() + { + $this->proposal = passwordMethod::getPasswordProposal($this->config); + $this->proposalEnabled = (!empty($this->proposal)); } @@ -122,13 +130,29 @@ class userManagement extends management if(isset($_POST['abort_event_dialog'])) $action['action'] = "abortEventDialog"; if(isset($_POST['password_cancel'])){ $action['action'] = "passwordCancel"; - }elseif((count($this->pwd_change_queue) || isset($_POST['password_finish']))){ + }elseif((count($this->pwd_change_queue) || isset($_POST['password_finish']) || isset($_POST['refreshProposal']))){ $action['action'] = "passwordQueue"; } return($action); } + function editEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="") + { + $str = management::editEntry($action,$target); + if($str) return($str); + + if(preg_match("/^edit_/",$action)){ + $tab = preg_replace("/^edit_/","",$action); + if(isset($this->tabObject->by_object[$tab])){ + $this->tabObject->current = $tab; + }else{ + trigger_error("Unknown tab: ".$tab); + } + } + } + + function closeDialogs() { management::closeDialogs(); @@ -219,68 +243,213 @@ class userManagement extends management function handlePasswordQueue() { - // Get next entry from queue. - if(empty($this->dn) && count($this->pwd_change_queue)){ - $this->dn = array_pop($this->pwd_change_queue); - set_object_info($this->dn); - $smarty = get_smarty(); - return ($smarty->fetch(get_template_path('password.tpl', TRUE))); - } + // skip if nothing is to do + if(empty($this->dn) && !count($this->pwd_change_queue)) return; - // Check permissions - $dn = $this->dn; - $acl = $this->ui->get_permissions($dn, "users/password"); - $cacl= $this->ui->get_permissions($dn, "users/user"); - if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){ - $message= array(); - if ($_POST['new_password'] != $_POST['repeated_password']){ - $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."); - } else { - if ($_POST['new_password'] == ""){ - $message[] = msgPool::required(_("New password")); - } + // Refresh proposal if requested + if(isset($_POST['refreshProposal'])) $this->refreshProposal(); + if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1; + + $this->enforcePasswordChange = isset($_POST['new_password']) && isset($_POST['enforcePasswordChange']); + + $smarty = get_smarty(); + $smarty->assign("proposal" , $this->proposal); + $smarty->assign("proposalEnabled" , $this->proposalEnabled); + $smarty->assign("proposalSelected" , $this->proposalSelected); + + $smarty->assign("passwordChangeForceable" , $this->passwordChangeForceable); + $smarty->assign("enforcePasswordChange" , $this->enforcePasswordChange); + + // Get next entry from queue. + if(empty($this->dn) && count($this->pwd_change_queue)){ + + // Generate new proposal + $this->refreshProposal(); + $this->proposalSelected = ($this->proposal != ""); + $this->dn = array_pop($this->pwd_change_queue); + + // Check if we are able to enforce a password change + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ldap->cat($this->dn); + $attrs = $ldap->fetch(); + $this->passwordChangeForceable = + in_array('sambaAccount', $attrs['objectClass']) || + (in_array('posixAccount', $attrs['objectClass']) && isset($attrs['shadowMax'])); + $smarty->assign("passwordChangeForceable" , $this->passwordChangeForceable); + $smarty->assign("enforcePasswordChange" , $this->enforcePasswordChange); + + // Assign proposal variables + $smarty->assign("proposal" , $this->proposal); + $smarty->assign("proposalEnabled" , $this->proposalEnabled); + $smarty->assign("proposalSelected" , $this->proposalSelected); + + set_object_info($this->dn); + return ($smarty->fetch(get_template_path('password.tpl', TRUE))); } - // Display errors - if (count($message) != 0){ - msg_dialog::displayChecks($message); - $smarty = get_smarty(); - return($smarty->fetch(get_template_path('password.tpl', TRUE))); + // If we've just refreshed the proposal then do not check the password for validity. + if(isset($_POST['refreshProposal'])){ + return ($smarty->fetch(get_template_path('password.tpl', TRUE))); } - // Change cassword - if(!change_password ($this->dn, $_POST['new_password'])){ - return($smarty->fetch(get_template_path('password.tpl', TRUE))); + // Check permissions + if(isset($_POST['password_finish'])){ + + $dn = $this->dn; + $acl = $this->ui->get_permissions($dn, "users/password"); + $cacl= $this->ui->get_permissions($dn, "users/user"); + if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){ + + // Get posted passwords + if($this->proposalSelected){ + $new_password = $this->proposal; + $repeated_password = $this->proposal; + }else{ + $new_password = get_post('new_password'); + $repeated_password = get_post('repeated_password'); + } + + // Check posted passwords now. + $message= array(); + if ($new_password != $repeated_password){ + $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."); + } else { + if ($new_password == ""){ + $message[] = msgPool::required(_("New password")); + } + } + + // Display errors + if (count($message) != 0){ + msg_dialog::displayChecks($message); + return($smarty->fetch(get_template_path('password.tpl', TRUE))); + } + + // Change password + if(isset($this->force_hash_type[$this->dn])){ + if(!change_password ($this->dn, $new_password,0,$this->force_hash_type[$this->dn])){ + return($smarty->fetch(get_template_path('password.tpl', TRUE))); + } + }else{ + if(!change_password ($this->dn, $new_password)){ + return($smarty->fetch(get_template_path('password.tpl', TRUE))); + } + } + if ($this->config->get_cfg_value("passwordHook") != ""){ + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ldap->cat($this->dn,array('uid')); + $attrs = $ldap->fetch(); + exec($this->config->get_cfg_value("passwordHook")." ". + escapeshellarg($attrs['uid'][0])." ".escapeshellarg($new_password), $resarr); + $check_hook_output = ""; + if(count($resarr) > 0) { + $check_hook_output= join('\n', $resarr); + } + if(!empty($check_hook_output)){ + $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),$check_hook_output); + msg_dialog::displayChecks($message); + return($smarty->fetch(get_template_path('password.tpl', TRUE))); + } + } + + + // The user has to change his password on next login + // - We are going to update samba and posix attributes here, to enforce + // such a password change. + if($this->passwordChangeForceable && $this->enforcePasswordChange){ + + // Check if we are able to enforce a password change + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ldap->cat($this->dn); + $attrs = $ldap->fetch(); + $samba = in_array('sambaSamAccount', $attrs['objectClass']); + $posix = in_array('posixAccount', $attrs['objectClass']); + + // Update the posix shadow flag... + if($posix){ + $current= floor(date("U") /60 /60 /24); + $enforceDate = $current - $attrs['shadowMax'][0]; + $new_attrs = array(); + $new_attrs['shadowLastChange'] = $enforceDate; + $ldap->cd($this->dn); + $ldap->modify($new_attrs); + +# $posixAccount = new posixAccount($this->config, $this->dn); +# $posixAccount->is_modified=TRUE; +# $posixAccount->activate_shadowExpire=1; +# $posixAccount->shadowExpire = date('d.m.Y', time() - (1 * 24 * 60 *60)); +# $posixAccount->save(); + } + + // Update the samba kickoff flag... + if($samba){ + $sambaAccount = new sambaAccount($this->config, $this->dn); + $sambaAccount->is_modified=TRUE; + $sambaAccount->flag_enforcePasswordChange = TRUE; + $sambaAccount->flag_cannotChangePassword = FALSE; + $sambaAccount->save(); + } + } + + new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed"); + $this->dn =""; + + } else { + msg_dialog::display(_("Password change"), + _("You have no permission to change this users password!"), + WARNING_DIALOG); + } } - if ($this->config->get_cfg_value("passwordHook") != ""){ - exec($this->config->get_cfg_value("passwordHook")." ".$username." ".$_POST['new_password'], $resarr); + // Cleanup + if(!count($this->pwd_change_queue) && $this->dn=""){ + $this->remove_lock(); + $this->closeDialogs(); + }else{ + return($this->handlePasswordQueue()); } - new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed"); - $this->dn =""; - - } else { - msg_dialog::display(_("Password change"), - _("You have no permission to change this users password!"), - WARNING_DIALOG); - } - - // Cleanup - if(!count($this->pwd_change_queue)){ - $this->remove_lock(); - $this->closeDialogs(); - }else{ - return($this->handlePasswordQueue()); - } } + + /*! \brief Save user modifications. * Whenever we save a 'new' user, request a password change for him. */ function saveChanges() { - management::saveChanges(); - if($this->last_dn == "new"){ + $str = management::saveChanges(); + + if(!empty($str)) return($str); + + if($this->last_tabObject instanceOf multi_plug){ + foreach($this->last_tabObject->a_handles as $user){ + if($user->password_change_needed()){ + $this->force_hash_type[$user->dn] = $user->by_object['user']->pw_storage; + $this->pwd_change_queue[] = $user->dn; + } + } + return($this->handlePasswordQueue()); + } + + if(isset($this->last_tabObject->by_object['user']) && $this->last_tabObject->by_object['user']->password_change_needed()){ + $this->force_hash_type[$this->last_tabObject->dn] = $this->last_tabObject->by_object['user']->pw_storage; + $this->pwd_change_queue[] = $this->last_tabObject->dn; + return($this->handlePasswordQueue()); + } + } + + function cancelEdit() + { + $str = management::cancelEdit(); + if(!empty($str)) return($str); + + if(isset($this->last_tabObject->by_object['user']) && + $this->last_tabObject->by_object['user']->dn != "new" && + $this->last_tabObject->by_object['user']->password_change_needed()){ + $this->force_hash_type[$this->last_tabObject->dn] = $this->last_tabObject->by_object['user']->pw_storage; $this->pwd_change_queue[] = $this->last_tabObject->dn; return($this->handlePasswordQueue()); } @@ -294,7 +463,8 @@ class userManagement extends management function newUserFromTemplate($action="",$target=array(),$all=array()) { // Call parent method, it knows whats to do, locking and so on ... - management::newEntry($action,$target,$all); + $str = management::newEntry($action,$target,$all); + if(!empty($str)) return($str); // Reset uid selection. $this->got_uid= ""; @@ -313,6 +483,7 @@ class userManagement extends management $smarty->assign("template", array_pop($target)); $smarty->assign("templates", $templates); $smarty->assign("edit_uid", ""); + $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("allowUidProposalModification", "false")); return($smarty->fetch(get_template_path('template.tpl', TRUE))); // -> See 'templateContinue' for further handling! @@ -326,11 +497,12 @@ class userManagement extends management * if he wants to use one. * -> See 'templateContinue' for further handling. */ - function newEntry($action="",$target=array(),$all=array()) + function newEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="") { // Call parent method, it manages everything, locking, object creation... - management::newEntry($action,$target,$all); + $str = management::newEntry($action,$target,$all); + if(!empty($str)) return($str); // If we've at least one template, then ask the user if he wants to use one? $templates = array(); @@ -338,7 +510,7 @@ class userManagement extends management $templates = array_merge($templates,$this->get_templates()); // Display template selection - if (count($templates)){ + if (count($templates) > 1){ $smarty = get_smarty(); // Set default variables, normally empty. @@ -348,6 +520,7 @@ class userManagement extends management $smarty->assign("template", "none"); $smarty->assign("templates", $templates); $smarty->assign("edit_uid", ""); + $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("allowUidProposalModification", "false")); return($smarty->fetch(get_template_path('template.tpl', TRUE))); // -> See 'templateContinue' for further handling! @@ -401,6 +574,7 @@ class userManagement extends management $smarty->assign("templates",$templates); $smarty->assign("got_uid", $this->got_uid); $smarty->assign("edit_uid",false); + $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("allowUidProposalModification", "false")); return($smarty->fetch(get_template_path('template.tpl', TRUE))); } @@ -449,6 +623,7 @@ class userManagement extends management $smarty->assign("template", $_POST['template']); } $smarty->assign("templates",$templates); + $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("allowUidProposalModification", "false")); return($smarty->fetch(get_template_path('template.tpl', TRUE))); } @@ -484,7 +659,7 @@ class userManagement extends management // Adapt template values. $template_dn = $_POST['template']; $this->tabObject->adapt_from_template($template_dn, array("uid","cn","givenName","sn")); - $template_base = preg_replace("/^[^,]+,".preg_quote(get_people_ou(), '/')."/", '', $template_dn); + $template_base = preg_replace("/^[^,]+,".preg_quote(get_people_ou(), '/i')."/", '', $template_dn); $this->tabObject->by_object['user']->base= $template_base; // The user Tab object is already instantiated, so just go back and let the @@ -507,6 +682,7 @@ class userManagement extends management // Check entry locking foreach($target as $dn){ if (($user= get_lock($dn)) != ""){ + $this->dn = $dn; return(gen_locked_message ($user, $dn)); } $this->dns[] = $dn; @@ -555,6 +731,7 @@ class userManagement extends management */ function lockUsers($action,$target,$all) { + if(!count($target)) return; if($action == "lockUsers"){ $this->lockEntry($action,$target, $all, "lock"); }else{ @@ -655,6 +832,23 @@ class userManagement extends management } + function copyPasteHandler($action="",$target=array(),$all=array(), + $altTabClass ="", $altTabType = "", $altAclCategory="",$altAclPlugin="") + { + if ($this->config->boolValueIsTrue("main", "copyPaste")){ + $this->cpHandler->lastdn = ""; + $str = management::copyPasteHandler($action,$target,$all); + if($this->cpHandler->lastdn != "" && isset($_POST['passwordTodo']) && $_POST['passwordTodo'] == "new"){ + $this->pwd_change_queue[] = $this->cpHandler->lastdn; + return($this->handlePasswordQueue()); + } + return($str); + } + + return ""; + } + + static function filterLockImage($userPassword) { $image= "images/empty.png"; @@ -703,19 +897,19 @@ class userManagement extends management "alt" => _("Samba"), "title" => _("Edit samba properties")), "apple-user" => array("image" => "plugins/netatalk/images/select_netatalk.png", - "plugin" => "sambaAccount", + "plugin" => "netatalk", "alt" => _("Netatalk"), "title" => _("Edit netatalk properties")), "gotoEnvironment" => array("image" => "plugins/users/images/small_environment.png", - "plugin" => "gotoEnvironment", + "plugin" => "environment", "alt" => _("Environment"), "title" => _("Edit environment properties")), "goFaxAccount" => array("image" => "plugins/users/images/fax_small.png", - "plugin" => "goFaxAccount", + "plugin" => "gofaxAccount", "alt" => _("FAX"), "title" => _("Edit FAX properties")), "goFonAccount" => array("image" => "plugins/gofon/images/select_phone.png", - "plugin" => "goFonAccount", + "plugin" => "phoneAccount", "alt" => _("Phone"), "title" => _("Edit phone properties")));