From 48be0a00c71b586de4fc328d529b806f6696a11a Mon Sep 17 00:00:00 2001 From: hickert Date: Thu, 27 Nov 2008 08:43:30 +0000 Subject: [PATCH] Added general lock methods. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@13050 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../class_password-methods-clear.inc | 1 + .../class_password-methods.inc | 96 +++++++++++++++++++ .../kerberos/class_password-methods-MIT.inc | 1 - 3 files changed, 97 insertions(+), 1 deletion(-) diff --git a/gosa-core/include/password-methods/class_password-methods-clear.inc b/gosa-core/include/password-methods/class_password-methods-clear.inc index 211e98b94..91d87d8df 100644 --- a/gosa-core/include/password-methods/class_password-methods-clear.inc +++ b/gosa-core/include/password-methods/class_password-methods-clear.inc @@ -22,6 +22,7 @@ class passwordMethodClear extends passwordMethod { + var $lockable = FALSE; function passwordMethodClear($config) { diff --git a/gosa-core/include/password-methods/class_password-methods.inc b/gosa-core/include/password-methods/class_password-methods.inc index e9a2182bc..b3144a180 100644 --- a/gosa-core/include/password-methods/class_password-methods.inc +++ b/gosa-core/include/password-methods/class_password-methods.inc @@ -26,6 +26,7 @@ class passwordMethod var $attrs= array(); var $display = FALSE; var $hash= ""; + var $lockable = TRUE; // Konstructor function passwordMethod($config) @@ -46,6 +47,101 @@ class passwordMethod } + function is_locked($config,$dn = "") + { + if(!$this->lockable) return FALSE; + + /* Get current password hash */ + $pwd =""; + if(!empty($dn)){ + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + $ldap->cat($dn); + $attrs = $ldap->fetch(); + if(isset($attrs['userPassword'][0])){ + $pwd = $attrs['userPassword'][0]; + } + }elseif(isset($this->attrs['userPassword'][0])){ + $pwd = $this->attrs['userPassword'][0]; + } + return(preg_match("/^[^\}]*+\}!/",$pwd)); + } + + + function lock_account($config,$dn = "") + { + if(!$this->lockable) return FALSE; + + /* Get current password hash */ + $pwd =""; + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + if(!empty($dn)){ + $ldap->cat($dn); + $attrs = $ldap->fetch(); + if(isset($attrs['userPassword'][0])){ + $pwd = $attrs['userPassword'][0]; + } + }elseif(isset($this->attrs['userPassword'][0])){ + $pwd = $this->attrs['userPassword'][0]; + $dn = $this->attrs['dn']; + } + + /* We can only lock/unlock non-empty passwords */ + if(!empty($pwd)){ + + /* Check if this entry is already locked. */ + if(preg_match("/^[^\}]*+\}!/",$pwd)){ + return; + } + + /* Lock entry */ + $pwd = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$pwd); + $ldap->cd($dn); + $ldap->modify(array("userPassword" => $pwd)); + return($ldap->success()); + } + return(FALSE); + } + + + function unlock_account($config,$dn = "") + { + if(!$this->lockable) return FALSE; + + /* Get current password hash */ + $pwd =""; + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + if(!empty($dn)){ + $ldap->cat($dn); + $attrs = $ldap->fetch(); + if(isset($attrs['userPassword'][0])){ + $pwd = $attrs['userPassword'][0]; + } + }elseif(isset($this->attrs['userPassword'][0])){ + $pwd = $this->attrs['userPassword'][0]; + $dn = $this->attrs['dn']; + } + + /* We can only lock/unlock non-empty passwords */ + if(!empty($pwd)){ + + /* Check if this entry is already locked. */ + if(!preg_match("/^[^\}]*+\}!/",$pwd)){ + return; + } + + /* Lock entry */ + $pwd = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$pwd); + $ldap->cd($dn); + $ldap->modify(array("userPassword" => $pwd)); + return($ldap->success()); + } + return(FALSE); + } + + // this function returns all loaded classes for password encryption static function get_available_methods() { diff --git a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_password-methods-MIT.inc b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_password-methods-MIT.inc index 1d88c0800..322511f1f 100644 --- a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_password-methods-MIT.inc +++ b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_password-methods-MIT.inc @@ -88,7 +88,6 @@ class passwordMethodMIT extends passwordMethod var $POLICY = "_none_"; var $POLICIES = array(); // Policies provided by the corrently selected realm/server - public function __construct(&$config,$dn = "new") { $this->config= $config; -- 2.30.2