✨ feat(core) Allow user tabs to take part in the user locking process

Also moving code to samba and ssh plugins issue #5970

✨ feat(core) Allow user tabs to take part in the user locking process
Also moving code to samba and ssh plugins issue #5970
0db8e076 · Côme Chilliet · ddcb07b3 · 0db8e076 · 0db8e076 · 0db8e076
Commit 0db8e076 authored Mar 13, 2019 by Côme Chilliet
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -1835,54 +1835,6 @@ function change_password ($dn, $password, $hash = "")
  return TRUE;
 }

-/* Lock or unlock samba account */
-function lock_samba_account ($mode, array $attrs)
-{
-  global $config;
-  if (!isset($attrs['sambaNTPassword'][0])) {
-    return [];
-  }
-  $modify = ['sambaNTPassword' => $attrs['sambaNTPassword'][0]];
-  if ($config->get_cfg_value("sambaGenLMPassword", "FALSE") == "TRUE") {
-    $modify['sambaLMPassword'] = $attrs['sambaLMPassword'][0];
-  } else {
-    $modify['sambaLMPassword'] = [];
-  }
-  foreach ($modify as &$pwd) {
-    if (is_array($pwd)) {
-      continue;
-    }
-    if ($mode == 'LOCK') {
-      /* Lock entry */
-      if (!preg_match('/^\!/', $pwd)) {
-        $pwd = '!'.$pwd;
-      }
-    } else {
-      /* Unlock entry */
-      $pwd = preg_replace("/^\!/",  "",   $pwd);
-    }
-  }
-  unset($pwd);
-  return $modify;
-}
-
-/* Lock or unlock ssh account */
-function lock_ssh_account ($mode, array $attrs, &$modify)
-{
-  if (!isset($attrs['sshPublicKey'])) {
-    return;
-  }
-  $modify['sshPublicKey'] = [];
-  for ($i = 0; $i < $attrs['sshPublicKey']['count']; ++$i) {
-    if ($mode == 'LOCK') {
-      $modify['sshPublicKey'][] = preg_replace('/^/', 'disabled-', $attrs['sshPublicKey'][$i]);
-    } else {
-      $modify['sshPublicKey'][] = preg_replace('/^disabled-/', '', $attrs['sshPublicKey'][$i]);
-    }
-  }
-}
-
-
 /*!
 * \brief Get the Change Sequence Number of a certain DN
 *

--- a/include/interface_userTabLockingAction.inc
+++ b/include/interface_userTabLockingAction.inc
+<?php
+/*
+  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
+
+  Copyright (C) 2018-2019  FusionDirectory
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+*/
+
+/*!
+ * \file interface_userTabLockingAction.inc
+ * Source code for the interface userTabLockingAction
+ */
+
+/*! \brief This interface is implemented when a user tabs needs to alter the locking LDAP modification for users
+ */
+interface userTabLockingAction
+{
+  /*! \brief Fills the $modify array with needed modifications for (un)locking this user
+   *
+   * This method is called after loading the object, so $this->attrs should
+   *  contain information identical to the one in the LDAP
+   *
+   * \param string  $mode   LOCK or UNLOCK
+   * \param array   &$modify LDAP modification to execute for (un)locking
+   * */
+  public function fillLockingLDAPAttrs (string $mode, array &$modify);
+}
--- a/include/password-methods/class_password-methods.inc
+++ b/include/password-methods/class_password-methods.inc
@@ -133,42 +133,37 @@ class passwordMethod
      throw new FusionDirectoryException('Invalid mode "'.$mode.'"');
    }

-    /* Get current password hash */
-    $pwd    = '';
-    $ldap   = $config->get_ldap_link();
-    $ldap->cd($config->current['BASE']);
-    if (!empty($dn)) {
-      $ldap->cat($dn);
-      $attrs = $ldap->fetch();
-      if (isset($attrs['userPassword'][0])) {
-        $pwd = $attrs['userPassword'][0];
-        $dn  = $attrs['dn'];
-      }
-    }
+    /* Open the user */
+    $userObject   = objects::open($dn, 'user');
+    $userMainTab  = $userObject->getBaseObject();

-    /* Check if this entry is already locked. */
-    if (!preg_match("/^[^\}]*+\}!/", $pwd)) {
-      if ($mode == 'UNLOCK') {
+    /* Check if this entry is already (un)locked. */
+    if ($userMainTab->attributesAccess['userPassword']->isLocked()) {
+      if ($mode == 'LOCK') {
        return TRUE;
      }
-    } elseif ($mode == 'LOCK') {
+    } elseif ($mode == 'UNLOCK') {
      return TRUE;
    }

-    // (Un)lock the samba account
-    $modify = lock_samba_account($mode, $attrs);
-
-    // (Un)lock SSH keys
-    lock_ssh_account($mode, $attrs, $modify);
+    /* Fill modification array */
+    $modify = [];
+    foreach ($userObject->by_object as $tab) {
+      if ($tab instanceof userTabLockingAction) {
+        $tab->fillLockingLDAPAttrs($mode, $modify);
+      }
+    }

    // Call pre hooks
-    $userClass = new user($dn);
-    $errors = $userClass->callHook('PRE'.$mode, [], $ret);
+    $errors = $userMainTab->callHook('PRE'.$mode, [], $ret);
    if (!empty($errors)) {
      msg_dialog::displayChecks($errors);
      return FALSE;
    }

+    /* Get current password hash */
+    $pwd = $userMainTab->attributesAccess['userPassword']->computeLdapValue();
+
    // (Un)lock the account by modifying the password hash.
    if ($mode == 'LOCK') {
      /* Lock entry */