From acbc56f5e4fb9cf2c5f34f2a1c2dd5b2134a566d Mon Sep 17 00:00:00 2001 From: hickert Date: Thu, 1 Jul 2010 13:58:49 +0000 Subject: [PATCH] Code alignment -Added password proposal method git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@18904 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../class_password-methods.inc | 540 +++++++++--------- 1 file changed, 275 insertions(+), 265 deletions(-) diff --git a/gosa-core/include/password-methods/class_password-methods.inc b/gosa-core/include/password-methods/class_password-methods.inc index 002740798..808d5950e 100644 --- a/gosa-core/include/password-methods/class_password-methods.inc +++ b/gosa-core/include/password-methods/class_password-methods.inc @@ -22,314 +22,324 @@ class passwordMethod { - var $config = false; - var $attrs= array(); - var $display = FALSE; - var $hash= ""; - var $lockable = TRUE; - - // Konstructor - function passwordMethod($config, $dn) - { - } - - function create_template_hash($attrs) - { - if($this->get_hash_name() == ""){ - return("{crypt}N0T$3T4N0W"); - }else{ - return('{'.$this->get_hash().'}').'N0T$3T4N0W'; + var $config = false; + var $attrs= array(); + var $display = FALSE; + var $hash= ""; + var $lockable = TRUE; + + // Konstructor + function passwordMethod($config, $dn) + { } - } - - function get_hash_name() - { - } - - - function is_locked($config,$dn = "") - { - if(!$this->lockable) return FALSE; - - /* Get current password hash */ - $pwd =""; - if(!empty($dn)){ - $ldap = $config->get_ldap_link(); - $ldap->cd($config->current['BASE']); - $ldap->cat($dn); - $attrs = $ldap->fetch(); - if(isset($attrs['userPassword'][0])){ - $pwd = $attrs['userPassword'][0]; - } - }elseif(isset($this->attrs['userPassword'][0])){ - $pwd = $this->attrs['userPassword'][0]; + + function create_template_hash($attrs) + { + if($this->get_hash_name() == ""){ + return("{crypt}N0T$3T4N0W"); + }else{ + return('{'.$this->get_hash().'}').'N0T$3T4N0W'; + } + } + + function get_hash_name() + { } - return(preg_match("/^[^\}]*+\}!/",$pwd)); - } - - - - /*! \brief Locks an account (gosaAccount) by added a '!' as prefix to the password hashes. - * This makes logins impossible, due to the fact that the hash becomes invalid. - * userPassword: {SHA}!q02NKl9IChNwZEAJxzRdmB6E - * sambaLMPassword: !EBD223B61F8C259AD3B435B51404EE - * sambaNTPassword: !98BB35737013AAF181D0FE9FDA09E - */ - function lock_account($config,$dn = "") - { - if(!$this->lockable) return FALSE; - - /* Get current password hash */ - $userPassword = $sambaLMPassword = $sambaNTPassword = ""; - $ldap = $config->get_ldap_link(); - $ldap->cd($config->current['BASE']); - if(!empty($dn)){ - $ldap->cat($dn,array('sambaLMPassword','sambaNTPassword','userPassword')); - $attrs = $ldap->fetch(); - $userPassword = (isset($attrs['userPassword'][0])) ? $attrs['userPassword'][0]: ""; - $sambaLMPassword = (isset($attrs['sambaLMPassword'][0])) ? $attrs['sambaLMPassword'][0]: ""; - $sambaNTPassword = (isset($attrs['sambaNTPassword'][0])) ? $attrs['sambaNTPassword'][0]: ""; - }elseif(isset($this->attrs['userPassword'][0])){ - $dn = $this->attrs['dn']; - $userPassword = (isset($this->attrs['userPassword'][0])) ? $this->attrs['userPassword'][0]: ""; - $sambaLMPassword = (isset($this->attrs['sambaLMPassword'][0])) ? $this->attrs['sambaLMPassword'][0]: ""; - $sambaNTPassword = (isset($this->attrs['sambaNTPassword'][0])) ? $this->attrs['sambaNTPassword'][0]: ""; - } - - /* We can only lock/unlock non-empty passwords */ - if(!empty($userPassword)){ - - /* Check if this entry is already locked. */ - if(preg_match("/^[^\}]*+\}!/",$userPassword)){ - return(TRUE); - } - - /* Lock entry */ - $userPassword = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$userPassword); - $sambaLMPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaLMPassword); - $sambaNTPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaNTPassword); - $ldap->cd($dn); - $ldap->modify( - array( - "userPassword" => $userPassword, - "sambaLMPassword" => $sambaLMPassword, - "sambaNTPassword" => $sambaNTPassword)); - return($ldap->success()); - } - return(FALSE); - } - - - /*! \brief Unlocks an account (gosaAccount) which was locked by 'lock_account()'. - * For details about the locking mechanism see 'lock_account()'. - */ - function unlock_account($config,$dn = "") - { - if(!$this->lockable) return FALSE; - - /* Get current password hash */ - $userPassword = $sambaLMPassword = $sambaNTPassword = ""; - $ldap = $config->get_ldap_link(); - $ldap->cd($config->current['BASE']); - if(!empty($dn)){ - $ldap->cat($dn,array('sambaLMPassword','sambaNTPassword','userPassword')); - $attrs = $ldap->fetch(); - $userPassword = (isset($attrs['userPassword'][0])) ? $attrs['userPassword'][0]: ""; - $sambaLMPassword = (isset($attrs['sambaLMPassword'][0])) ? $attrs['sambaLMPassword'][0]: ""; - $sambaNTPassword = (isset($attrs['sambaNTPassword'][0])) ? $attrs['sambaNTPassword'][0]: ""; - }elseif(isset($this->attrs['userPassword'][0])){ - $dn = $this->attrs['dn']; - $userPassword = (isset($this->attrs['userPassword'][0])) ? $this->attrs['userPassword'][0]: ""; - $sambaLMPassword = (isset($this->attrs['sambaLMPassword'][0])) ? $this->attrs['sambaLMPassword'][0]: ""; - $sambaNTPassword = (isset($this->attrs['sambaNTPassword'][0])) ? $this->attrs['sambaNTPassword'][0]: ""; - } - - - /* We can only lock/unlock non-empty passwords */ - if(!empty($userPassword)){ - - /* Check if this entry is already locked. */ - if(!preg_match("/^[^\}]*+\}!/",$userPassword)){ - return (TRUE); - } - - /* Lock entry */ - $userPassword = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$userPassword); - $sambaLMPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaLMPassword); - $sambaNTPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaNTPassword); - $ldap->cd($dn); - $ldap->modify( - array( - "userPassword" => $userPassword, - "sambaLMPassword" => $sambaLMPassword, - "sambaNTPassword" => $sambaNTPassword)); - return($ldap->success()); - } - return(FALSE); - } - - - // this function returns all loaded classes for password encryption - static function get_available_methods() - { - global $class_mapping, $config; - $ret =false; - $i =0; - - /* Only */ - if(!session::is_set("passwordMethod::get_available_methods")){ - foreach($class_mapping as $class => $path) { - if(preg_match('/passwordMethod/i', $class) && !preg_match("/^passwordMethod$/i", $class)){ - $name = preg_replace ("/passwordMethod/i", "", $class); - $test = new $class($config, ""); - if($test->is_available()) { - $plugs= $test->get_hash_name(); - if (!is_array($plugs)){ - $plugs= array($plugs); + + + function is_locked($config,$dn = "") + { + if(!$this->lockable) return FALSE; + + /* Get current password hash */ + $pwd =""; + if(!empty($dn)){ + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + $ldap->cat($dn); + $attrs = $ldap->fetch(); + if(isset($attrs['userPassword'][0])){ + $pwd = $attrs['userPassword'][0]; } + }elseif(isset($this->attrs['userPassword'][0])){ + $pwd = $this->attrs['userPassword'][0]; + } + return(preg_match("/^[^\}]*+\}!/",$pwd)); + } + + + + /*! \brief Locks an account (gosaAccount) by added a '!' as prefix to the password hashes. + * This makes logins impossible, due to the fact that the hash becomes invalid. + * userPassword: {SHA}!q02NKl9IChNwZEAJxzRdmB6E + * sambaLMPassword: !EBD223B61F8C259AD3B435B51404EE + * sambaNTPassword: !98BB35737013AAF181D0FE9FDA09E + */ + function lock_account($config,$dn = "") + { + if(!$this->lockable) return FALSE; + + /* Get current password hash */ + $userPassword = $sambaLMPassword = $sambaNTPassword = ""; + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + if(!empty($dn)){ + $ldap->cat($dn,array('sambaLMPassword','sambaNTPassword','userPassword')); + $attrs = $ldap->fetch(); + $userPassword = (isset($attrs['userPassword'][0])) ? $attrs['userPassword'][0]: ""; + $sambaLMPassword = (isset($attrs['sambaLMPassword'][0])) ? $attrs['sambaLMPassword'][0]: ""; + $sambaNTPassword = (isset($attrs['sambaNTPassword'][0])) ? $attrs['sambaNTPassword'][0]: ""; + }elseif(isset($this->attrs['userPassword'][0])){ + $dn = $this->attrs['dn']; + $userPassword = (isset($this->attrs['userPassword'][0])) ? $this->attrs['userPassword'][0]: ""; + $sambaLMPassword = (isset($this->attrs['sambaLMPassword'][0])) ? $this->attrs['sambaLMPassword'][0]: ""; + $sambaNTPassword = (isset($this->attrs['sambaNTPassword'][0])) ? $this->attrs['sambaNTPassword'][0]: ""; + } + + /* We can only lock/unlock non-empty passwords */ + if(!empty($userPassword)){ + + /* Check if this entry is already locked. */ + if(preg_match("/^[^\}]*+\}!/",$userPassword)){ + return(TRUE); + } + + /* Lock entry */ + $userPassword = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$userPassword); + $sambaLMPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaLMPassword); + $sambaNTPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaNTPassword); + $ldap->cd($dn); + $ldap->modify( + array( + "userPassword" => $userPassword, + "sambaLMPassword" => $sambaLMPassword, + "sambaNTPassword" => $sambaNTPassword)); + return($ldap->success()); + } + return(FALSE); + } + + + /*! \brief Unlocks an account (gosaAccount) which was locked by 'lock_account()'. + * For details about the locking mechanism see 'lock_account()'. + */ + function unlock_account($config,$dn = "") + { + if(!$this->lockable) return FALSE; + + /* Get current password hash */ + $userPassword = $sambaLMPassword = $sambaNTPassword = ""; + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + if(!empty($dn)){ + $ldap->cat($dn,array('sambaLMPassword','sambaNTPassword','userPassword')); + $attrs = $ldap->fetch(); + $userPassword = (isset($attrs['userPassword'][0])) ? $attrs['userPassword'][0]: ""; + $sambaLMPassword = (isset($attrs['sambaLMPassword'][0])) ? $attrs['sambaLMPassword'][0]: ""; + $sambaNTPassword = (isset($attrs['sambaNTPassword'][0])) ? $attrs['sambaNTPassword'][0]: ""; + }elseif(isset($this->attrs['userPassword'][0])){ + $dn = $this->attrs['dn']; + $userPassword = (isset($this->attrs['userPassword'][0])) ? $this->attrs['userPassword'][0]: ""; + $sambaLMPassword = (isset($this->attrs['sambaLMPassword'][0])) ? $this->attrs['sambaLMPassword'][0]: ""; + $sambaNTPassword = (isset($this->attrs['sambaNTPassword'][0])) ? $this->attrs['sambaNTPassword'][0]: ""; + } + + + /* We can only lock/unlock non-empty passwords */ + if(!empty($userPassword)){ + + /* Check if this entry is already locked. */ + if(!preg_match("/^[^\}]*+\}!/",$userPassword)){ + return (TRUE); + } + + /* Lock entry */ + $userPassword = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$userPassword); + $sambaLMPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaLMPassword); + $sambaNTPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaNTPassword); + $ldap->cd($dn); + $ldap->modify( + array( + "userPassword" => $userPassword, + "sambaLMPassword" => $sambaLMPassword, + "sambaNTPassword" => $sambaNTPassword)); + return($ldap->success()); + } + return(FALSE); + } + - foreach ($plugs as $plugname){ - - $cfg = $test->is_configurable(); - - $ret['name'][$i]= $plugname; - $ret['class'][$i]=$class; - $ret['is_configurable'][$i]= $cfg; - $ret['object'][$i]= $test; - $ret['desc'][$i] = $test->get_description(); - $ret[$i]['name'] = $plugname; - $ret[$i]['class'] = $class; - $ret[$i]['object']= $test; - $ret[$i]['is_configurable']= $cfg; - $ret[$i]['desc'] = $test->get_description(); - $ret[$plugname]=$class; - $i++; + // this function returns all loaded classes for password encryption + static function get_available_methods() + { + global $class_mapping, $config; + $ret =false; + $i =0; + + /* Only */ + if(!session::is_set("passwordMethod::get_available_methods")){ + foreach($class_mapping as $class => $path) { + if(preg_match('/passwordMethod/i', $class) && !preg_match("/^passwordMethod$/i", $class)){ + $name = preg_replace ("/passwordMethod/i", "", $class); + $test = new $class($config, ""); + if($test->is_available()) { + $plugs= $test->get_hash_name(); + if (!is_array($plugs)){ + $plugs= array($plugs); + } + + foreach ($plugs as $plugname){ + + $cfg = $test->is_configurable(); + + $ret['name'][$i]= $plugname; + $ret['class'][$i]=$class; + $ret['is_configurable'][$i]= $cfg; + $ret['object'][$i]= $test; + $ret['desc'][$i] = $test->get_description(); + $ret[$i]['name'] = $plugname; + $ret[$i]['class'] = $class; + $ret[$i]['object']= $test; + $ret[$i]['is_configurable']= $cfg; + $ret[$i]['desc'] = $test->get_description(); + $ret[$plugname]=$class; + $i++; + } + } + } } - } + session::set("passwordMethod::get_available_methods",$ret); } - } - session::set("passwordMethod::get_available_methods",$ret); + return(session::get("passwordMethod::get_available_methods")); } - return(session::get("passwordMethod::get_available_methods")); - } - - function get_description() - { - return(""); - } + function get_description() + { + return(""); + } + + + // Method to let password backends remove additional information besides + // the userPassword attribute + function remove_from_parent() + { + } - // Method to let password backends remove additional information besides - // the userPassword attribute - function remove_from_parent() - { - } + // Method to let passwords backends manage additional information + // besides the userAttribute entry + function set_password($password) + { + return(TRUE); + } - // Method to let passwords backends manage additional information - // besides the userAttribute entry - function set_password($password) - { - return(TRUE); - } + // Return true if this password method provides a configuration dialog + function is_configurable() + { + return FALSE; + } - // Return true if this password method provides a configuration dialog - function is_configurable() - { - return FALSE; - } + // Provide a subdialog to configure a password method + function configure() + { + return ""; + } - // Provide a subdialog to configure a password method - function configure() - { - return ""; - } - - // Save information to LDAP - function save($dn) - { - } + // Save information to LDAP + function save($dn) + { + } - // Try to find out if it's our hash... - static function get_method($password_hash,$dn = "") - { - global $config; + // Try to find out if it's our hash... + static function get_method($password_hash,$dn = "") + { + global $config; - $methods= passwordMethod::get_available_methods(); + $methods= passwordMethod::get_available_methods(); - foreach ($methods['class'] as $class){ + foreach ($methods['class'] as $class){ - $test = new $class($config,$dn); + $test = new $class($config,$dn); # All listed methods are available. # if(!$test->is_available())continue; - $method= $test->_extract_method($password_hash); - if ($method != ""){ - $test->set_hash($method); - return $test; + $method= $test->_extract_method($password_hash); + if ($method != ""){ + $test->set_hash($method); + return $test; + } } - } - msg_dialog::display(_("Error"), _("Cannot find a suitable password method for the current hash!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot find a suitable password method for the current hash!"), ERROR_DIALOG); - return NULL; - } + return NULL; + } - function _extract_method($password_hash) - { - $hash= $this->get_hash_name(); - if (preg_match("/^\{$hash\}/i", $password_hash)){ - return $hash; + function _extract_method($password_hash) + { + $hash= $this->get_hash_name(); + if (preg_match("/^\{$hash\}/i", $password_hash)){ + return $hash; + } + + return ""; } - return ""; - } + static function make_hash($password, $hash) + { + global $config; - static function make_hash($password, $hash) - { - global $config; + $methods= passwordMethod::get_available_methods(); + $tmp= new $methods[$hash]($config); + $tmp->set_hash($hash); + return $tmp->generate_hash($password); + } - $methods= passwordMethod::get_available_methods(); - $tmp= new $methods[$hash]($config); - $tmp->set_hash($hash); - return $tmp->generate_hash($password); - } + function set_hash($hash) + { + $this->hash= $hash; + } - function set_hash($hash) - { - $this->hash= $hash; - } + function get_hash() + { + return $this->hash; + } - function get_hash() - { - return $this->hash; - } + function adapt_from_template($dn) + { + return($this); + } - function adapt_from_template($dn) - { - return($this); - } + static function is_harmless($password) + { + global $config; - static function is_harmless($password) - { - global $config; + if ($config->boolValueIsTrue("core","strictPasswordRules")) { + // Do we have UTF8 characters in the password? + return ($password == utf8_decode($password)); + } - if ($config->boolValueIsTrue("core","strictPasswordRules")) { - // Do we have UTF8 characters in the password? - return ($password == utf8_decode($password)); - } + return(true); + } + + + static function getPasswordProposal($config) + { + if($config->configRegistry->propertyExists('core', 'passwordProposalHook')){ + $value = $config->configRegistry->getPropertyValue('core', 'passwordProposalHook'); + echo $value; + } + } - return(true); - } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: -- 2.30.2