Added general lock methods.

author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Thu, 27 Nov 2008 08:43:30 +0000 (08:43 +0000)

committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Thu, 27 Nov 2008 08:43:30 +0000 (08:43 +0000)
author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Thu, 27 Nov 2008 08:43:30 +0000 (08:43 +0000)
committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Thu, 27 Nov 2008 08:43:30 +0000 (08:43 +0000)
diff --git a/gosa-core/include/password-methods/class_password-methods-clear.inc b/gosa-core/include/password-methods/class_password-methods-clear.inc

index 211e98b94b4724a29077f8f5b6e986afdb770310..91d87d8dfc0788544e18894e717d5c768f19dd8c 100644 (file)
--- a/gosa-core/include/password-methods/class_password-methods-clear.inc
+++ b/gosa-core/include/password-methods/class_password-methods-clear.inc
@@ -22,6 +22,7 @@
  
  class passwordMethodClear extends passwordMethod
  {
+  var $lockable = FALSE;
  
         function passwordMethodClear($config)
         {
diff --git a/gosa-core/include/password-methods/class_password-methods.inc b/gosa-core/include/password-methods/class_password-methods.inc

index e9a2182bcba5bca225e5d2a27fc6d5956bfc1eb6..b3144a180931db0490579bec847727b070b19c41 100644 (file)
--- a/gosa-core/include/password-methods/class_password-methods.inc
+++ b/gosa-core/include/password-methods/class_password-methods.inc
@@ -26,6 +26,7 @@ class passwordMethod
    var $attrs= array();
    var $display = FALSE;
    var $hash= "";
+  var $lockable = TRUE;
  
    // Konstructor
    function passwordMethod($config)
@@ -46,6 +47,101 @@ class passwordMethod
    }
  
  
+  function is_locked($config,$dn = "")
+  {
+    if(!$this->lockable) return FALSE;
+
+    /* Get current password hash */
+    $pwd ="";
+    if(!empty($dn)){
+      $ldap = $config->get_ldap_link();
+      $ldap->cd($config->current['BASE']);
+      $ldap->cat($dn);
+      $attrs = $ldap->fetch();
+      if(isset($attrs['userPassword'][0])){
+        $pwd = $attrs['userPassword'][0];
+      }
+    }elseif(isset($this->attrs['userPassword'][0])){
+      $pwd = $this->attrs['userPassword'][0];
+    }
+    return(preg_match("/^[^\}]*+\}!/",$pwd));
+  }
+
+
+  function lock_account($config,$dn = "")
+  {
+    if(!$this->lockable) return FALSE;
+
+    /* Get current password hash */
+    $pwd ="";
+    $ldap = $config->get_ldap_link();
+    $ldap->cd($config->current['BASE']);
+    if(!empty($dn)){
+      $ldap->cat($dn);
+      $attrs = $ldap->fetch();
+      if(isset($attrs['userPassword'][0])){
+        $pwd = $attrs['userPassword'][0];
+      }
+    }elseif(isset($this->attrs['userPassword'][0])){
+      $pwd = $this->attrs['userPassword'][0];
+      $dn = $this->attrs['dn'];
+    }
+
+    /* We can only lock/unlock non-empty passwords */
+    if(!empty($pwd)){
+
+      /* Check if this entry is already locked. */
+      if(preg_match("/^[^\}]*+\}!/",$pwd)){
+        return;
+      }     
+      
+      /* Lock entry */
+      $pwd = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$pwd);
+      $ldap->cd($dn);
+      $ldap->modify(array("userPassword" => $pwd));
+      return($ldap->success());
+    }
+    return(FALSE);
+  }
+
+
+  function unlock_account($config,$dn = "")
+  {
+    if(!$this->lockable) return FALSE;
+
+    /* Get current password hash */
+    $pwd ="";
+    $ldap = $config->get_ldap_link();
+    $ldap->cd($config->current['BASE']);
+    if(!empty($dn)){
+      $ldap->cat($dn);
+      $attrs = $ldap->fetch();
+      if(isset($attrs['userPassword'][0])){
+        $pwd = $attrs['userPassword'][0];
+      }
+    }elseif(isset($this->attrs['userPassword'][0])){
+      $pwd = $this->attrs['userPassword'][0];
+      $dn = $this->attrs['dn'];
+    }
+
+    /* We can only lock/unlock non-empty passwords */
+    if(!empty($pwd)){
+
+      /* Check if this entry is already locked. */
+      if(!preg_match("/^[^\}]*+\}!/",$pwd)){
+        return;
+      }     
+      
+      /* Lock entry */
+      $pwd = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$pwd);
+      $ldap->cd($dn);
+      $ldap->modify(array("userPassword" => $pwd));
+      return($ldap->success());
+    }
+    return(FALSE);
+  }
+
+
    // this function returns all loaded classes for password encryption
    static function get_available_methods()
    {
diff --git a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_password-methods-MIT.inc b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_password-methods-MIT.inc

index 1d88c0800692ccffa81409043e9c3be45ada1c3a..322511f1fe521a74defce624a85fd53291f3175f 100644 (file)
--- a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_password-methods-MIT.inc
+++ b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_password-methods-MIT.inc
@@ -88,7 +88,6 @@ class passwordMethodMIT extends passwordMethod
    var $POLICY                   = "_none_";
    var $POLICIES                 = array(); // Policies provided by the corrently selected realm/server
  
-
    public function __construct(&$config,$dn = "new")  
    {
      $this->config= $config;
author	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Thu, 27 Nov 2008 08:43:30 +0000 (08:43 +0000)
committer	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Thu, 27 Nov 2008 08:43:30 +0000 (08:43 +0000)
gosa-core/include/password-methods/class_password-methods-clear.inc		patch \| blob \| history
gosa-core/include/password-methods/class_password-methods.inc		patch \| blob \| history
gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_password-methods-MIT.inc		patch \| blob \| history