Commit 0db8e076 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

feat(core) Allow user tabs to take part in the user locking process

Also moving code to samba and ssh plugins

issue #5970
parent ddcb07b3
......@@ -1835,54 +1835,6 @@ function change_password ($dn, $password, $hash = "")
return TRUE;
}
/* Lock or unlock samba account */
function lock_samba_account ($mode, array $attrs)
{
global $config;
if (!isset($attrs['sambaNTPassword'][0])) {
return [];
}
$modify = ['sambaNTPassword' => $attrs['sambaNTPassword'][0]];
if ($config->get_cfg_value("sambaGenLMPassword", "FALSE") == "TRUE") {
$modify['sambaLMPassword'] = $attrs['sambaLMPassword'][0];
} else {
$modify['sambaLMPassword'] = [];
}
foreach ($modify as &$pwd) {
if (is_array($pwd)) {
continue;
}
if ($mode == 'LOCK') {
/* Lock entry */
if (!preg_match('/^\!/', $pwd)) {
$pwd = '!'.$pwd;
}
} else {
/* Unlock entry */
$pwd = preg_replace("/^\!/", "", $pwd);
}
}
unset($pwd);
return $modify;
}
/* Lock or unlock ssh account */
function lock_ssh_account ($mode, array $attrs, &$modify)
{
if (!isset($attrs['sshPublicKey'])) {
return;
}
$modify['sshPublicKey'] = [];
for ($i = 0; $i < $attrs['sshPublicKey']['count']; ++$i) {
if ($mode == 'LOCK') {
$modify['sshPublicKey'][] = preg_replace('/^/', 'disabled-', $attrs['sshPublicKey'][$i]);
} else {
$modify['sshPublicKey'][] = preg_replace('/^disabled-/', '', $attrs['sshPublicKey'][$i]);
}
}
}
/*!
* \brief Get the Change Sequence Number of a certain DN
*
......
<?php
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2018-2019 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*!
* \file interface_userTabLockingAction.inc
* Source code for the interface userTabLockingAction
*/
/*! \brief This interface is implemented when a user tabs needs to alter the locking LDAP modification for users
*/
interface userTabLockingAction
  • 🔽 Rename this interface name to match the regular expression ^[A-Z][a-zA-Z0-9]*$. 📘

Please register or sign in to reply
{
/*! \brief Fills the $modify array with needed modifications for (un)locking this user
*
* This method is called after loading the object, so $this->attrs should
* contain information identical to the one in the LDAP
*
* \param string $mode LOCK or UNLOCK
* \param array &$modify LDAP modification to execute for (un)locking
* */
public function fillLockingLDAPAttrs (string $mode, array &$modify);
}
......@@ -133,42 +133,37 @@ class passwordMethod
throw new FusionDirectoryException('Invalid mode "'.$mode.'"');
}
/* Get current password hash */
$pwd = '';
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
if (!empty($dn)) {
$ldap->cat($dn);
$attrs = $ldap->fetch();
if (isset($attrs['userPassword'][0])) {
$pwd = $attrs['userPassword'][0];
$dn = $attrs['dn'];
}
}
/* Open the user */
$userObject = objects::open($dn, 'user');
$userMainTab = $userObject->getBaseObject();
/* Check if this entry is already locked. */
if (!preg_match("/^[^\}]*+\}!/", $pwd)) {
if ($mode == 'UNLOCK') {
/* Check if this entry is already (un)locked. */
if ($userMainTab->attributesAccess['userPassword']->isLocked()) {
if ($mode == 'LOCK') {
return TRUE;
}
} elseif ($mode == 'LOCK') {
} elseif ($mode == 'UNLOCK') {
return TRUE;
}
// (Un)lock the samba account
$modify = lock_samba_account($mode, $attrs);
// (Un)lock SSH keys
lock_ssh_account($mode, $attrs, $modify);
/* Fill modification array */
$modify = [];
foreach ($userObject->by_object as $tab) {
if ($tab instanceof userTabLockingAction) {
$tab->fillLockingLDAPAttrs($mode, $modify);
}
}
// Call pre hooks
$userClass = new user($dn);
$errors = $userClass->callHook('PRE'.$mode, [], $ret);
$errors = $userMainTab->callHook('PRE'.$mode, [], $ret);
if (!empty($errors)) {
msg_dialog::displayChecks($errors);
return FALSE;
}
/* Get current password hash */
$pwd = $userMainTab->attributesAccess['userPassword']->computeLdapValue();
// (Un)lock the account by modifying the password hash.
if ($mode == 'LOCK') {
/* Lock entry */
......
  • SonarQube analysis reported 1 issue

    • 🔽 1 minor

    Watch the comments in this conversation to review them.

Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment