Commit b7981808 authored by bmortier's avatar bmortier

Merge branch '1.0.8.8-fixes'

parents 9fd813a0 4b31afd7
FusionDirectory changelog
=========================
* FusionDirectory 1.0.8.9
Bugs #3877: add a switch to select the good library when in wheezy or jessie for fusiondirectory-shell
Bugs #3928: Doesn't work if ldap's cn=admin has password with "<" symbol
Bugs #3930: updating the list of supported language in fusiondirectory
Bugs #3932: Password default hashes of type CRYPT/XXX other than CRYPT/MD5 are not working
Bugs #3941: fusiondirectory-setup --check-ldap should respect password encoding taken from the ldap
Bugs #3943: Add a option to not touch at the reverse zone
Bugs #3960: fusiondirectory-shell cannot cat a user
Bugs #3961: the DESC of each attribute and object should describe exactly the purpose of it - ported description and formatting issues to 1.0.8.x
Bugs #3962: fusiondirectory-shell should handle multivaluated attributes properly
* FusionDirectory 1.0.8.8
[Fix] Bugs #3864: correct all the date and version on the man pages
......
......@@ -41,8 +41,8 @@ use Net::LDAP;
# used to base64 encode
use MIME::Base64;
# used to generate {CRYPT} password (for LDAP)
use Crypt::PasswdMD5;
# used to generate {SSHA} password (for LDAP)
use Digest::SHA;
use Crypt::CBC;
# used to uncompress tar.gz
......@@ -597,7 +597,7 @@ sub add_ldap_admin {
my $mesg = $ldap->search(
base => "$base",
filter => "(&(objectClass=fusionDirectoryConf)(cn=fusiondirectory))",
attrs => ['fdAccountPrimaryAttribute']
attrs => ['fdAccountPrimaryAttribute', 'fdForcePasswordDefaultHash', 'fdPasswordDefaultHash']
);
$mesg->code && die $mesg->error;
my $attr;
......@@ -609,6 +609,14 @@ sub add_ldap_admin {
} else {
$attr = 'uid';
}
if ($mesg->count > 0) {
if (($mesg->entries)[0]->exists('fdForcePasswordDefaultHash') && ($mesg->entries)[0]->exists('fdPasswordDefaultHash')) {
if ((($mesg->entries)[0]->get_value('fdForcePasswordDefaultHash') eq 'TRUE') &&
(($mesg->entries)[0]->get_value('fdPasswordDefaultHash') ne 'ssha')) {
warn "Warning: Administator password will be hashed with ssha instead of forced default ".($mesg->entries)[0]->get_value('fdPasswordDefaultHash')."\n";
}
}
}
my $fd_admin_uid = ask_user_input ("Please enter a login for FusionDirectory's admin", "fd-admin");
# Does this user exists?
......@@ -637,13 +645,18 @@ sub add_ldap_admin {
}
return -1 if ($fd_admin_pwd_confirm eq "quit");
my $ctx = Digest::SHA->new(1);
my $salt = get_random_string(8);
$ctx->add($fd_admin_pwd);
$ctx->add($salt);
my $hashedPasswd = '{SSHA}'.encode_base64($ctx->digest.$salt, '');
my %obj = (
'cn' => 'System Administrator',
'sn' => 'Administrator',
'uid' => $fd_admin_uid,
'givenname' => 'System',
'objectclass' => [ 'top', 'person', 'gosaAccount', 'organizationalPerson', 'inetOrgPerson' ],
'userPassword' => "{CRYPT}".unix_md5_crypt($fd_admin_pwd)
'userPassword' => $hashedPasswd
);
if (not defined $obj{$attr}) {
print "Error : invalid account primary attribute $attr, using uid\n";
......
......@@ -375,6 +375,58 @@ Upgrade of LDAP directory
- Nothing to do
Check for deprecated attributes and objectClasses in your LDAP
==============================================================
FusionDirectory 1.0.8.1 comes with two new options in fusiondirectory-setup
fusiondirectory-setup --list-deprecated
List deprecated attributes and objectclasses
Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup --list-deprecated show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –check-deprecated will output a list of dns using old attributes and objectClasses
fusiondirectory-setup –ldif-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClasses
!! Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.8 to 1.0.8.9
===============================================
- Upgrade FusionDirectory first
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
- Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory
=========================
- Upgrade the argonaut.schema if you use the argonaut plugin
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/argonaut-fd.schema
Check for deprecated attributes and objectClasses in your LDAP
==============================================================
......
......@@ -5,78 +5,78 @@
# Attributes
attributetype ( 1.3.6.1.4.1.10098.1.1.12.1 NAME 'gosaSubtreeACL'
DESC 'GOsa acl entry'
DESC 'GOsa - ACL entry'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.2 NAME 'gosaUser'
DESC 'GOsa user'
DESC 'GOsa - DN of a user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.3 NAME 'gosaObject'
DESC 'GOsa object'
DESC 'GOsa - DN of an object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.14 NAME 'gosaDefaultLanguage'
DESC 'Defines the default language for a user'
DESC 'GOsa - Defines the default language for a user'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects'
DESC 'Takes a list of all object types that are in a gosaGroupOfNames'
DESC 'GOsa - List of all object types that are in a gosaGroupOfNames'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.33 NAME 'gosaUnitTag'
DESC 'Takes a list of relevant mime-type|priority settings'
DESC 'GOsa - Takes a list of relevant mime-type|priority settings'
OBSOLETE
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.34 NAME 'gosaAclTemplate'
DESC 'Takes ACL entries for gosaRoles'
DESC 'GOsa - ACL entries for ACL roles'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.35 NAME 'gosaAclEntry'
DESC 'Takes ACL entries for gosaRoles'
DESC 'GOsa - ACL entries'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.36 NAME 'gosaSnapshotType'
DESC 'Takes either undo or snapshot'
DESC 'GOsa - Takes either undo or snapshot'
OBSOLETE
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.37 NAME 'gosaSnapshotTimestamp'
DESC 'Unix timestamp of snapshot'
DESC 'GOsa - Unix timestamp of snapshot'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.38 NAME 'gosaSnapshotDN'
DESC 'Original DN of saved object'
DESC 'GOsa - Original DN of saved object in snapshot'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData'
DESC 'Original DN of saved object'
DESC 'GOsa - Original data of saved object in snapshot'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.46 NAME 'gosaLoginRestriction'
DESC 'Multivalue attribute to carry a number of allowed ips/subnets'
DESC 'GOsa - Multivalue attribute to carry a number of allowed ips/subnets'
SUP name)
attributetype ( 1.3.6.1.4.1.10098.1.1.6.2 NAME 'academicTitle'
......@@ -98,37 +98,43 @@ attributetype ( 1.3.6.1.4.1.15305.2.2 NAME ( 'dateOfBirth' 'dob' )
SINGLE-VALUE )
# Classes
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.1 NAME 'gosaObject' SUP top AUXILIARY
DESC 'Class for GOsa settings (v2.6.1)'
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.1 NAME 'gosaObject'
DESC 'GOsa - Class for GOsa settings (v2.6.1)'
SUP top AUXILIARY
MUST ( gosaSubtreeACL ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.2 NAME 'gosaLockEntry' SUP top STRUCTURAL
DESC 'Class for GOsa locking (v2.6.1)'
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.2 NAME 'gosaLockEntry'
DESC 'GOsa - Class for GOsa locking (v2.6.1)'
SUP top STRUCTURAL
MUST ( gosaUser $ gosaObject $ cn ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.3 NAME 'gosaCacheEntry' SUP top STRUCTURAL
DESC 'Class for GOsa caching (v2.6.1)'
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.3 NAME 'gosaCacheEntry'
DESC 'GOsa - Class for GOsa caching (v2.6.1)'
SUP top STRUCTURAL
MAY ( gosaUser )
MUST ( cn ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY
DESC 'Class to mark Departments for GOsa (v2.6.1)'
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment'
DESC 'GOsa - Class to mark Departments for GOsa (v2.6.1)'
SUP top AUXILIARY
MUST ( ou $ description )
MAY ( manager ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.6 NAME 'gosaAccount' SUP top AUXILIARY
DESC 'Class for GOsa Accounts (v2.6.6)'
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.6 NAME 'gosaAccount'
DESC 'GOsa - Class for GOsa Accounts (v2.6.6)'
SUP top AUXILIARY
MUST ( uid )
MAY ( sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
MAY ( sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
gosaDefaultLanguage $ academicTitle $ personalTitle $ dateOfBirth $
sambaBadPasswordCount $ sambaBadPasswordTime $ gender $ gosaLoginRestriction ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate' SUP top AUXILIARY
DESC 'Class for GOsa User Templates (v2.6.1)'
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate'
DESC 'GOsa - Class for GOsa User Templates (v2.6.1)'
SUP top AUXILIARY
MUST ( cn ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames'
DESC 'GOsa object grouping (v2.6.1)'
DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames (v2.6.1)'
SUP top STRUCTURAL
MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) )
......@@ -145,16 +151,19 @@ objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.16 NAME 'gosaAdministrativeUnitTag'
MUST ( gosaUnitTag ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole'
DESC 'ACL container to define roles (v2.6.1)' SUP top STRUCTURAL
DESC 'GOsa - ACL container to define ACL roles (v2.6.1)'
SUP top STRUCTURAL
MUST ( gosaAclTemplate $ cn )
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl'
DESC 'ACL container to define single ACLs (v2.6.1)' SUP top AUXILIARY
DESC 'GOsa - ACL container to define single ACLs (v2.6.1)'
SUP top AUXILIARY
MUST ( gosaAclEntry ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObject'
DESC 'Container object for undo and snapshot data (v2.6.1)' SUP top STRUCTURAL
DESC 'GOsa - Container object for undo and snapshot data (v2.6.1)'
SUP top STRUCTURAL
MUST ( gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData )
MAY ( description $
gosaSnapshotType ) )
......@@ -38,7 +38,7 @@ function displayLogin()
/* Fill template with required values */
$username = "";
if (isset($_POST["username"])) {
$username = trim(get_post("username"));
$username = trim($_POST['username']);
}
$smarty->assign ('date', gmdate("D, d M Y H:i:s"));
$smarty->assign ('username', $username);
......@@ -70,7 +70,7 @@ function displayLogin()
/* Generate server list */
$servers = array();
if (isset($_POST['server'])) {
$selected = get_post('server');
$selected = $_POST['server'];
} else {
$selected = $config->data['MAIN']['DEFAULT'];
}
......@@ -191,7 +191,7 @@ if ($config->get_cfg_value("htaccessAuthentication") == "TRUE" ) {
}
if (!$htaccess_authenticated) {
if (isset($_POST['server'])) {
$server = get_post("server");
$server = $_POST['server'];
} else {
$server = $config->data['MAIN']['DEFAULT'];
}
......@@ -269,7 +269,7 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces
/* Check for valid input */
$ok = TRUE;
if (!$htaccess_authenticated) {
$username = trim(get_post("username"));
$username = trim($_POST['username']);
if (!preg_match("/^[@A-Za-z0-9_.-]+$/", $username)) {
$message = _("Please specify a valid username!");
$ok = FALSE;
......
......@@ -2869,14 +2869,17 @@ function get_languages($languages_in_own_language = FALSE, $strip_region_tag = F
"ca_ES" => "Catalan",
"cs_CZ" => "Czech",
"de_DE" => "German",
"el_GR" => "Greek",
"en_US" => "English",
"es_ES" => "Spanish",
"es_VE" => "Venezuelan",
"fa_IR" => "Persian",
"fr_FR" => "French",
"it_IT" => "Italian",
"nb" => "Norwegian Bokmål",
"nl_NL" => "Dutch",
"pl_PL" => "Polish",
"pt" => "Portuguese",
"pt_BR" => "Brazilian",
"ru_RU" => "Russian",
"vi_VN" => "Vietnamese",
......@@ -2891,14 +2894,17 @@ function get_languages($languages_in_own_language = FALSE, $strip_region_tag = F
"ca_ES" => "Català",
"cs_CZ" => "Česky",
"de_DE" => "Deutsch",
"el_GR" => "ελληνικά",
"en_US" => "English",
"es_ES" => "Español",
"es_VE" => "Castellano",
"fa_IR" => "پارسی",
"fr_FR" => "Français",
"it_IT" => "Italiano",
"nb" => "Norsk bokmål",
"nl_NL" => "Nederlands",
"pl_PL" => "Polski",
"pt" => "Portuguese",
"pt_BR" => "Portuguese (Brazil)",
"ru_RU" => "русский язык",
"vi_VN" => "Tiếng Việt",
......@@ -3023,6 +3029,7 @@ function change_password ($dn, $password, $mode = 0, $hash = "")
// hash and if it is not defined we use 'ssha' as default
$hash = $config->get_cfg_value("passwordDefaultHash", "ssha");
$test = new $available[$hash]($config, $dn);
$test->set_hash($hash);
} elseif ((isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0])) || $hash != "") {
/* Check for supported algorithm */
......
......@@ -63,7 +63,7 @@ define("FPDF_FONTPATH", "/usr/share/php/fpdf/font/"); /*! Define fpdf font path
/*!
* \brief FusionDirectory Version
*/
define ("FD_VERSION", "1.0.8.8"); /*! Define FusionDirectory version */
define ("FD_VERSION", "1.0.8.9"); /*! Define FusionDirectory version */
/*!
* \brief FusionDirectory config object RDN
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -121,14 +121,14 @@ class Step_Ldap extends setup_step
if (!empty($this->admin)) {
$str = sprintf(_("Bind as user '%s' failed!"), $this->admin, $this->connection);
}
return "<div style='color:red;'>".$str."</div>";
return "<div style='color:red;'>".htmlentities($str, ENT_QUOTES, "UTF-8")."</div>";
} else {
if (empty($this->admin)) {
$str = sprintf(_("Anonymous bind to server '%s' succeeded."), $this->connection);
return "<div style='color:blue;'>".$str."</div> <div style='color:red;'>"._("Please specify user and password!")."</div>";
return "<div style='color:blue;'>".htmlentities($str, ENT_QUOTES, "UTF-8")."</div> <div style='color:red;'>"._("Please specify user and password!")."</div>";
} else {
$str = sprintf(_("Bind as user '%s' to server '%s' succeeded!"), $this->admin, $this->connection);
return "<div style='color:green;'>".$str."</div>";
return "<div style='color:green;'>".htmlentities($str, ENT_QUOTES, "UTF-8")."</div>";
}
}
}
......@@ -160,7 +160,7 @@ class Step_Ldap extends setup_step
if (in_array($attr, array("base","connection")) && $this->$attr != get_post($attr)) {
$reset = TRUE;
}
$this->$attr = get_post($attr);
$this->$attr = $_POST[$attr];
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment