Fixes #3383 Relocking user after password change

750dd52c · Côme Bernigaud · Benoit Mortier · 3353fca4 · 750dd52c
Commit 750dd52c authored Oct 01, 2014 by Côme Bernigaud Committed by Benoit Mortier Oct 01, 2014
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -55,6 +55,10 @@ class UserPasswordAttribute extends CompositeAttribute
        ),
        new HiddenAttribute(
          $ldapName.'_hash'
+        ),
+        new HiddenAttribute(
+          $ldapName.'_locked', FALSE,
+          FALSE
        )
      ),
      '', '', $acl, $label
@@ -94,17 +98,19 @@ class UserPasswordAttribute extends CompositeAttribute
  function readValues($value)
  {
    $pw_storage = $this->plugin->config->get_cfg_value('passwordDefaultHash', 'ssha');
+    $locked     = FALSE;
    if (preg_match ('/^{[^}]+}/', $value)) {
      $tmp = passwordMethod::get_method($value);
      if (is_object($tmp)) {
        $pw_storage = $tmp->get_hash();
+        $locked     = $tmp->is_locked($this->plugin->config, $this->plugin->dn);
      }
    } else {
      if ($value != '') {
        $pw_storage = 'clear';
      }
    }
-    return array($pw_storage, '', '', $value);
+    return array($pw_storage, '', '', $value, $locked);
  }
  function writeValues($values)
@@ -128,6 +134,16 @@ class UserPasswordAttribute extends CompositeAttribute
      return _('Passwords does not match');
    }
  }
+  function isLocked()
+  {
+    return $this->attributes[4]->getValue();
+  }
+  function getMethod()
+  {
+    return $this->attributes[0]->getValue();
+  }
 }
 class user extends simplePlugin
@@ -135,6 +151,8 @@ class user extends simplePlugin
  var $objectclasses  = array('top','person','organizationalPerson','inetOrgPerson','gosaAccount');
  var $mainTab        = TRUE;
+  private $was_locked;
  static function plInfo()
  {
    return array(
@@ -334,11 +352,13 @@ class user extends simplePlugin
    $filename = './plugins/users/images/default.jpg';
    $fd       = fopen ($filename, 'rb');
    $this->attributesAccess['jpegPhoto']->setPlaceholder(fread ($fd, filesize($filename)));
+    $this->was_locked = $this->attributesAccess['userPassword']->isLocked();
  }
  function postCopyHook()
  {
-    $this->attributesAccess['uid']->setDisabled($this->initially_was_account);
+    $this->attributesAccess['uid']->setDisabled($this->initially_was_account && !$this->is_template);
  }
  private function update_cn()
@@ -385,6 +405,17 @@ class user extends simplePlugin
    return parent::execute();
  }
+  function ldap_save($cleanup = TRUE)
+  {
+    parent::ldap_save($cleanup);
+    if (!$this->is_template && $this->was_locked && $this->attributesAccess['userPassword']->hasChanged()) {
+      $methods  = passwordMethod::get_available_methods();
+      $pmethod  = new $methods[$this->attributesAccess['userPassword']->getMethod()]($this->config, $this->dn);
+      $pmethod->lock_account($this->config, $this->dn);
+    }
+  }
  function save()
  {
    parent::save();