Commit 750dd52c authored by Côme Bernigaud's avatar Côme Bernigaud Committed by Benoit Mortier
Browse files

Fixes #3383 Relocking user after password change

parent 3353fca4
...@@ -55,6 +55,10 @@ class UserPasswordAttribute extends CompositeAttribute ...@@ -55,6 +55,10 @@ class UserPasswordAttribute extends CompositeAttribute
), ),
new HiddenAttribute( new HiddenAttribute(
$ldapName.'_hash' $ldapName.'_hash'
),
new HiddenAttribute(
$ldapName.'_locked', FALSE,
FALSE
) )
), ),
'', '', $acl, $label '', '', $acl, $label
...@@ -94,17 +98,19 @@ class UserPasswordAttribute extends CompositeAttribute ...@@ -94,17 +98,19 @@ class UserPasswordAttribute extends CompositeAttribute
function readValues($value) function readValues($value)
{ {
$pw_storage = $this->plugin->config->get_cfg_value('passwordDefaultHash', 'ssha'); $pw_storage = $this->plugin->config->get_cfg_value('passwordDefaultHash', 'ssha');
$locked = FALSE;
if (preg_match ('/^{[^}]+}/', $value)) { if (preg_match ('/^{[^}]+}/', $value)) {
$tmp = passwordMethod::get_method($value); $tmp = passwordMethod::get_method($value);
if (is_object($tmp)) { if (is_object($tmp)) {
$pw_storage = $tmp->get_hash(); $pw_storage = $tmp->get_hash();
$locked = $tmp->is_locked($this->plugin->config, $this->plugin->dn);
} }
} else { } else {
if ($value != '') { if ($value != '') {
$pw_storage = 'clear'; $pw_storage = 'clear';
} }
} }
return array($pw_storage, '', '', $value); return array($pw_storage, '', '', $value, $locked);
} }
function writeValues($values) function writeValues($values)
...@@ -128,6 +134,16 @@ class UserPasswordAttribute extends CompositeAttribute ...@@ -128,6 +134,16 @@ class UserPasswordAttribute extends CompositeAttribute
return _('Passwords does not match'); return _('Passwords does not match');
} }
} }
function isLocked()
{
return $this->attributes[4]->getValue();
}
function getMethod()
{
return $this->attributes[0]->getValue();
}
} }
class user extends simplePlugin class user extends simplePlugin
...@@ -135,6 +151,8 @@ class user extends simplePlugin ...@@ -135,6 +151,8 @@ class user extends simplePlugin
var $objectclasses = array('top','person','organizationalPerson','inetOrgPerson','gosaAccount'); var $objectclasses = array('top','person','organizationalPerson','inetOrgPerson','gosaAccount');
var $mainTab = TRUE; var $mainTab = TRUE;
private $was_locked;
static function plInfo() static function plInfo()
{ {
return array( return array(
...@@ -334,11 +352,13 @@ class user extends simplePlugin ...@@ -334,11 +352,13 @@ class user extends simplePlugin
$filename = './plugins/users/images/default.jpg'; $filename = './plugins/users/images/default.jpg';
$fd = fopen ($filename, 'rb'); $fd = fopen ($filename, 'rb');
$this->attributesAccess['jpegPhoto']->setPlaceholder(fread ($fd, filesize($filename))); $this->attributesAccess['jpegPhoto']->setPlaceholder(fread ($fd, filesize($filename)));
$this->was_locked = $this->attributesAccess['userPassword']->isLocked();
} }
function postCopyHook() function postCopyHook()
{ {
$this->attributesAccess['uid']->setDisabled($this->initially_was_account); $this->attributesAccess['uid']->setDisabled($this->initially_was_account && !$this->is_template);
} }
private function update_cn() private function update_cn()
...@@ -385,6 +405,17 @@ class user extends simplePlugin ...@@ -385,6 +405,17 @@ class user extends simplePlugin
return parent::execute(); return parent::execute();
} }
function ldap_save($cleanup = TRUE)
{
parent::ldap_save($cleanup);
if (!$this->is_template && $this->was_locked && $this->attributesAccess['userPassword']->hasChanged()) {
$methods = passwordMethod::get_available_methods();
$pmethod = new $methods[$this->attributesAccess['userPassword']->getMethod()]($this->config, $this->dn);
$pmethod->lock_account($this->config, $this->dn);
}
}
function save() function save()
{ {
parent::save(); parent::save();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment