Commit 468bf1d6 authored by Benoit Mortier's avatar Benoit Mortier
Browse files

Merge branch '1.0.8.4-fixes'

Releasing FusionDirectory 1.0.8.5
parents fc032fae 531ff36a
......@@ -156,3 +156,13 @@ documentation and additional help.
* Fabien Brachere <fabien.brachere@e-tera.com>
Fix support for special caracters in password
* Arnaud Patard <apatard@hupstream.com>
Fix for Invalid uri in the password recovery mail
* Adrian Reyer <are+fd@lihas.de>
Modifier for templates to convert german umlauts to 7-bit ASCII
* Samuel Bosquin samuel.bosquin@ibcp.fr
Plugin FAI - LVM partitions
*
FusionDirectory changelog
=========================
* FusionDirectory 1.0.8.5
[Fix] Bugs #3249: When a duplicate is found, its dn should be given
[Feature] Wishlist #3264: Hidden password for fusiondirectory-setup --check-ldap
[Fix] Bugs #3315: Warning message during adduser process
[Feature] Wishlist #3397: Ppolicy plugin
[Fix] Bugs #3437: Handle password policy checking inside FD
[Feature] Wishlist #3477: use fai plugin without creating a repository debian bug.
[Feature] Wishlist #3482: Plugin FAI - Centos support
[Fix] Bugs #3489: Documentation pour installer les dépots RPM
[Fix] Bugs #3492: Country error
[Fix] Bugs #3507: Error in plugin-dns documentation
[Fix] Bugs #3521: Can’t give group creation right through ACL system
[Fix] Bugs #3524: Can't create/edit users with gosaMailServer Attributes via acl system
[Fix] Bugs #3525: the sudo plugin doesnt allow to save the sudoOrder
[Fix] Bugs #3527: Add the value ALL in systems and users and groups
[Fix] Bugs #3528: misleading dialog box when trying to recover password for a non-existant user
[Fix] Bugs #3533: Date d'expiration Unix and Samba
[Feature] Wishlist #3534: gosaMailDeliveryMode in Group Mail Tab
[Fix] Bugs #3536: Plugins Quota et msg :The field 'Device' contains invalid characters!
[Fix] Bugs #3537: Error when I click on reference in EJBCA section
[Fix] Bugs #3538: getbin.php should quote the file name
[Fix] Bugs #3539: User tab roles should not appear in «My account» menu
[Fix] Bugs #3540: Password Recovery error for a non-existant user
[Fix] Bugs #3544: when adding ns record in the dns zone editor global name records it doesnt add the . at the end when saving
[Fix] Bugs #3547: Password Recovery (Invalid Token)
[Fix] Bugs #3551: Invalid uri in the password recovery mail
[Feature] Bugs #3554: New functionnality: list all members for a primary group
[Fix] Bugs #3555: editing a template inside fai provoke a crash
[Fix] Bugs #3557: Plugin FAI - partition LVM
[Fix] Bugs #3561: Remove the message "Take over DNS configuration from ..."
[Feature] simple-plugin - Bugs #3562: In most password fields, autocomplete should be deactivated
[Fix] Bugs #3564: References are only checked in the base
[Fix] Bugs #3569: after the first load of the kernel to be use in the fai tab, they should be cached for the rest of the session
[Fix] Bugs #3571: Informations for DHCP and DNS are lost after a copy paste
[Fix] Bugs #3579: We should update copyright notices to 2015
[Fix] Bugs #3580: We should update copyright notices to 2015
[Fix] Bugs #3582: translation not complete
[Fix] Wishlist #3586: Modifier for templates to convert german umlauts to 7-bit ASCII
[Fix] Bugs #3590: Error message if we have an assignement with no members
[Fix] Bugs #3592: the ppolicy exemple files should be changed to use a more generic dn
[Feature] Bugs #3595: The menu should be reorganized
[Feature] Bugs #3596: Dashboard plugin should go into core
[Feature] Bugs #3600: Dashboard should be completed
[Feature] Bugs #3601: The menu should be reorganized
[Fix] Bugs #3607: in queue management we should remove the action create and the first 3 icons on the left
[Feature] Bugs #3608: dashboard should be an exhaustive statistic plugin
[Fix] Bugs #3609: system and newtork tab from the dashboard plugin goes to systems plugins to add the tab when needed
[Feature] Bugs #3610: ppolicy should add a tab to dashboard
[Feature] Bugs #3616: Dashboard plugin should go into core
[Feature] Bugs #3620: system and newtork tab from the dashboard plugin goes to systems plugins to add the tab when needed
[Fix] Bugs #3621: ejbca my account link is broken
[Feature] Bugs #3622: ppolicy should add a tab to dashboard
[Fix] Bugs #3623: Cannot create a role with the same name of an DSA object
[Fix] simple-plugin - Bugs #3624: When a duplicate is found, its dn should be given
[Fix] Bugs #3626: Export single entry give an error
[Fix] Bugs #3627: OPSI import should not have an empty filter
[Fix] Bugs #3628: DHCP plugin edit host error
[Feature] Bugs #3630: Reset password must take the mail in personal plugin
[Fix] Bugs #3631: User templates issues.
[Fix] Bugs #3633: the small_warning.png icon is not present but used by the system dashboard tab
[Fix] Bugs #3634: the configuration of fusiondirectory entry in dashboard first tab doesnt have an icon
[Fix] Bugs #3635: the small_warning.png icon is not present but used by the system dashboard tab
[Fix] Bugs #3637: Applications plugin should not set forceSize parameter
[Fix] Bugs #3638: Error in cyrus template
[Fix] Bugs #3640: Remove a user display an error if we have ppolicy
[Fix] Bugs #3641: Token invalid when we use ppolicy
[Fix] Bugs #3642: FTPStatus attribute must default set at true
[Fix] Bugs #3644: Problem in regex to set release in FAI package list
[Fix] Bugs #3645: Parent servers are empty
[Fix] Bugs #3648: debconf variables field should take utf8
[Fix] Bugs #3653: Uninitialized string offset: 0 in ldapmanager when importing an ldif
[Fix] Bugs #3654: fai plugin empty with one repository on a server trigger an Undefined variable: prefix error
[Fix] Bugs #3659: error when copying a system from a departement to the root
[Fix] Bugs #3660: error when having two repo in one serveur and one repo in another system
[Fix] Bugs #3663: No image for up/down in FAI profil
[Fix] Bugs #3666: the dashboard doesnt show the icon associated to the fai objects and are not clickable
[Feature] Bugs #3667: the reset password should use the fdPrivateMail from the personnal plugin as alternative address
[Fix] Bugs #3669: in service we should not have the get status button if argonaut client tab is not activated
[Fix] Bugs #3670: in service we could add a second button to trigger an action on the selected services
[Fix] Bugs #3671: the reset password should use the fdPrivateMail from the personal plugin as alternative address
[Fix] Bugs #3676: remove example.ldif that is incorrect
* FusionDirectory 1.0.8.4
[Fix] Bugs #3530: the roles in the personal/roles miss an main.inc !
......
......@@ -29,6 +29,9 @@ use File::Copy::Recursive qw(rcopy);
#XML parser
use XML::Twig;
# To hide password input
use Term::ReadKey;
# fd's directory and class.cache file's path declaration
my %vars = (
fd_home => "/var/www/fusiondirectory",
......@@ -87,7 +90,7 @@ sub ask_yn_question {
# function that ask for an user input and do some checks
sub ask_user_input {
my ($thing_to_ask, $default_answer) = @_;
my ($thing_to_ask, $default_answer, $hide_input) = @_;
my $answer;
if (defined $default_answer) {
......@@ -95,6 +98,10 @@ sub ask_user_input {
}
print $thing_to_ask.":\n";
if (defined $hide_input && $hide_input) {
ReadMode('noecho');
}
do
{
if ($answer = <STDIN>) {
......@@ -105,6 +112,8 @@ sub ask_user_input {
}
} while (($answer eq "") && (not defined $default_answer));
ReadMode('restore');
if ($answer eq "") {
return $default_answer;
}
......@@ -591,8 +600,8 @@ sub add_ldap_admin {
}
if ($dn eq "") {
my $fd_admin_pwd = ask_user_input ("Please enter FusionDirectory's admin password");
my $fd_admin_pwd_confirm = ask_user_input ("Please enter it again");
my $fd_admin_pwd = ask_user_input ("Please enter FusionDirectory's admin password", undef, 1);
my $fd_admin_pwd_confirm = ask_user_input ("Please enter it again", undef, 1);
# while the confirmation password is not the same than the first one
while ( ($fd_admin_pwd_confirm ne $fd_admin_pwd) && ($fd_admin_pwd_confirm ne "quit" ) ) {
......@@ -722,7 +731,7 @@ sub get_ldap_connexion {
$hash_result{base} = $base;
$bind_dn = ask_user_input ("Bind DN");
$bind_pwd = ask_user_input("Bind password");
$bind_pwd = ask_user_input("Bind password", undef, 1);
} else {
return;
}
......@@ -816,7 +825,7 @@ sub check_admin {
my $acl = $assignment->get_value("gosaAclEntry", asref => 1);
foreach my $line (@$acl) {
if ($line =~ m/^.:subtree:\Q$role_dn64\E/) {
my @parts = split(':',$line);
my @parts = split(':',$line,4);
my @members = split(",",$parts[3]);
foreach my $member (@members) {
# Is this an existing user?
......
......@@ -222,6 +222,76 @@ fusiondirectory-setup --check-deprecated will output an ldif file on the console
!! Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.4 to 1.0.8.5
===============================================
- Remove the deprecated plugins
The dashboard plugin has been integrated to the core so it must be removed.
apt-get --purge remove fusiondirectory-plugin-dashboard
- Upgrade FusionDirectory first
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
- Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory
=========================
- You may have to update your LDAP schemas, first update the FusionDirectory core schemas.
!!! Only update this one if you don't have the dashboard.schema installed, because now that dashboard is merged to core, its attribute are in core. !!!
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
- If you are using the debconf plugin update his schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/debconf.schema
- If you are using the fai plugin update his schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/fai.schema
If you are using the mail plugin update his schema
- fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/mail-fd.schema
Check for deprecated attributes and objectClasses in your LDAP
==============================================================
FusionDirectory 1.0.8.1 comes with two new options in fusiondirectory-setup
fusiondirectory-setup --list-deprecated
List deprecated attributes and objectclasses
Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup --list-deprecated show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup --check-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClass
!! Please read it carefully before applying !!
---
* Further information
......
......@@ -398,6 +398,26 @@ attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
# merged from dashboard-fd.schema - Needed by Fusion Directory for dashboard options
attributetype ( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix'
DESC 'FusionDirectory - Dashboard computer name prefix'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.38414.27.1.2 NAME 'fdDashboardNumberOfDigit'
DESC 'FusionDirectory - Dashboard number of digits after prefixes in computer names'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.27.1.3 NAME 'fdDashboardExpiredAccountsDays'
DESC 'FusionDirectory - Dashboard number of days before expiration to be shown in board user tab'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
# Object Class
objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
......@@ -432,3 +452,10 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.2 NAME 'fusionDirectoryPluginsConf'
SUP top AUXILIARY
MUST ( cn )
MAY ( fdOGroupRDN ) )
# Dashboard Object Class
objectclass ( 1.3.6.1.4.1.38414.27.2.1 NAME 'fdDashboardPluginConf'
DESC 'FusionDirectory dashboard plugin configuration'
SUP top AUXILIARY
MUST ( cn )
MAY ( fdDashboardPrefix $ fdDashboardNumberOfDigit $ fdDashboardExpiredAccountsDays) )
......@@ -3,7 +3,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2013 FusionDirectory
Copyright (C) 2011-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -171,7 +171,9 @@ class passwordRecovery {
$this->step4();
} elseif (isset($_POST['apply'])) {
$this->step2();
$this->step3();
if ($this->step == 2) { /* No errors */
$this->step3();
}
}
} elseif ($_SERVER["REQUEST_METHOD"] == "GET") {
if (isset($_GET['uniq'])) {
......@@ -332,7 +334,7 @@ class passwordRecovery {
{
/* Store it in ldap with the salt */
$salt_temp_password = $this->salt.$temp_password.$this->salt;
$sha1_temp_password = sha1($salt_temp_password);
$sha1_temp_password = "{SHA}".base64_encode(pack("H*", sha1($salt_temp_password)));
$ldap = $this->config->get_ldap_link();
......@@ -378,7 +380,7 @@ class passwordRecovery {
function checkToken($token)
{
$salt_token = $this->salt.$token.$this->salt;
$sha1_token = sha1($salt_token);
$sha1_token = "{SHA}".base64_encode(pack("H*", sha1($salt_token)));
/* Retrieve hash from the ldap */
$ldap = $this->config->get_ldap_link();
......@@ -503,6 +505,9 @@ class passwordRecovery {
} else {
$filter = "(&(objectClass=gosaMailAccount)(mail=".$this->email_address."))";
}
if (class_available('personalInfo') && ($this->config->get_cfg_value('privateEmailPasswordRecovery', 'FALSE') == 'TRUE')) {
$filter = '(|'.$filter.'(&(objectClass=fdPersonalInfo)(fdPrivateMail='.$this->email_address.')))';
}
$uids = get_list( $filter, "",
$this->config->current['BASE'], array("uid"),
GL_SUBSEARCH | GL_NO_ACL_CHECK);
......@@ -542,9 +547,9 @@ class passwordRecovery {
}
$reinit_link = $this->getPageURL();
$reinit_link .= "?uniq=".$activatecode;
$reinit_link .= "&uid=".$this->uid;
$reinit_link .= "&email_address=".$this->email_address;
$reinit_link .= "?uniq=".urlencode($activatecode);
$reinit_link .= "&uid=".urlencode($this->uid);
$reinit_link .= "&email_address=".urlencode($this->email_address);
@DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $reinit_link, "Setting link to");
......@@ -610,7 +615,6 @@ class passwordRecovery {
escapeshellarg($this->uid)." ".escapeshellarg($_POST['new_password']), $resarr);
if (count($resarr) > 0) {
$this->message[] = _("External password changer reported a problem: ".join('\n', $resarr));
msg_dialog::displayChecks($this->message);
return;
}
}
......
......@@ -51,8 +51,8 @@ $bintype = session::is_set($key.'type')
? session::get($key.'type') : "octet-stream";
header("Content-type: " . $bintype);
if (session::is_set($key.'file')) {
header( "Content-disposition: attachment; filename="
. session::get($key.'file'));
header( 'Content-disposition: attachment; filename="'
. session::get($key.'file')).'"';
}
echo session::get($key);
......
......@@ -69,7 +69,7 @@ if (($config->get_cfg_value("forcessl") == "TRUE") && ($ssl != '')) {
exit;
}
timezone::get_default_timezone();
timezone::setDefaultTimezoneFromConfig();
/* Check for invalid sessions */
if (session::global_get('_LAST_PAGE_REQUEST') == "") {
......
......@@ -3,7 +3,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2013 FusionDirectory
Copyright (C) 2011-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
<?php
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2011-2014 FusionDirectory
Copyright (C) 2011-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
......@@ -3,7 +3,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2013 FusionDirectory
Copyright (C) 2011-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
......@@ -2,7 +2,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2014 FusionDirectory
Copyright (C) 2011-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
......@@ -2,7 +2,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2013 FusionDirectory
Copyright (C) 2011-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
......@@ -2,7 +2,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2013 FusionDirectory
Copyright (C) 2011-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
......@@ -2,7 +2,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2013 FusionDirectory
Copyright (C) 2011-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
......@@ -3,7 +3,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2013 FusionDirectory
Copyright (C) 2011-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -445,6 +445,8 @@ class config {
session::global_set('DEBUGLEVEL', $debugLevel);
IconTheme::loadThemes('themes');
timezone::setDefaultTimezoneFromConfig();
}
......@@ -1373,7 +1375,7 @@ class config {
}
}
unset($infos);
$this->data['SECTIONS']['personal'] = array('NAME' => _('My account'), 'PRIORITY' => 20);
$this->data['SECTIONS']['personal'] = array('NAME' => _('My account'), 'PRIORITY' => 40);
$personal = array();
foreach ($this->data['TABS']['USERTABS'] as $tab) {
$personal[] = array('CLASS' => $tab['CLASS'], 'ACL' => 'user/'.$tab['CLASS'].':self');
......
......@@ -2,7 +2,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2012-2013 FusionDirectory
Copyright (C) 2012-2015 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment