Commit d61d1c66 authored by bmortier's avatar bmortier

Merge branch '1.0.14-fixes'

parents 400a1c41 13df02c7
......@@ -71,8 +71,8 @@ documentation and additional help.
French online documentation
English online documentation
* Vincent Seynhaeve
Xls export plugin <vincent.seynhaeve@opensides.be>
* Vincent Seynhaeve <vincent.seynhaeve@opensides.be>
Xls export plugin
* Wouter Verhelst <wouter@debian.org>
accept-to-gettext code that helps for language conversation
......@@ -163,7 +163,7 @@ documentation and additional help.
* Adrian Reyer <are+fd@lihas.de>
Modifier for templates to convert german umlauts to 7-bit ASCII
* Samuel Bosquin samuel.bosquin@ibcp.fr
* Samuel Bosquin <samuel.bosquin@ibcp.fr>
Plugin FAI - LVM partitions
* IOhannes umlaeute <noc@iem.at>
......@@ -188,6 +188,15 @@ documentation and additional help.
QA on FusionDirectory
RPM packaging maintener and ArchLinux Packager
* Timothée Giet timo@timotheegiet.com
* Timothée Giet <timo@timotheegiet.com>
New breezy icon Theme
* Clement Oudot <clem.oudot@gmail.com>
HTTP header authentication
* Thomas Niercke <thomas@niercke.de>
Code and ideas for making Argonaut Events Extensible
* Paola Penati <paolapenati@hotmail.com>
Italian translation
FusionDirectory changelog
=========================
* FusionDirectory 1.0.15
[Feature] Wishlist #4832: Allow removal of user picture
[Feature] Bugs #4945: Add the possibility to use %askme% for password expiration in template
FusionDirectory plugins - Bugs #4991: we should document all the change in the webservice done recently
|Fix] Bugs #5003: Error on mixed groups when nis schema not present
[Feature] Wishlist #5010: HTTP header authentication
|Fix] Bugs #5012: [PRINTERS] old printers are not migrated after upgrade to 1.0.14
|Fix] Bugs #5013: User that will expire in two weeks is not show in dashboard
|Fix] Argonaut Deployment System - Bugs #5018: Reinstall trigger on a workstation trigger an error
|Fix] FusionDirectory plugins - Bugs #5020: PHP errors in DHCP plugin with PHP7
|Fix] Bugs #5021: Checkhook should have a way to know if other check errors occured
|Fix] Bugs #5022: Random password does not work when we use a template in read only
|Fix] Bugs #5023: Icon for section account is not found
|Fix] FusionDirectory plugins - Bugs #5026: CSV import bug ?
|Fix] FusionDirectory plugins - Bugs #5031: Icon for LDAP should be moved to core
|Fix] Bugs #5040: Uppercase login triggers php notice
|Fix] FusionDirectory plugins - Bugs #5043: GPG server info cannot be edited anymore
[Feature] FusionDirectory plugins - Bugs #5044: Use simpleManagement in GPG plugin
|Fix] Bugs #5047: add git-shell in default shell list
|Fix] Bugs #5049: probleme de traduction dans le systeme de reinitialisation des mots de passe
|Fix] Bugs #5050: mauvais encodage dans le message de demande de reinitialisation du mot de passe
|Fix] FusionDirectory plugins - Bugs #5051: add a url text field for the linkedin account url
|Fix] Bugs #5052: password storage in firefox provoque an issue in the password field of the user tab in FusionDirectory
|Fix] FusionDirectory plugins - Bugs #5055: Argonaut actions launching is broken
[Feature] FusionDirectory plugins - Bugs #5056: Need to edit class_argonautActions.inc for custom modules
|Fix] Bugs #5057: check_schema should be reviewed
|Fix] Bugs #5058: notice on 1.0.14-fixes
|Fix] FusionDirectory plugins - Bugs #5068: PHP4 constructor in FAI plugin
|Fix] FusionDirectory plugins - Bugs #5069: PHP4 constructor in mail plugin
|Fix] Bugs #5071: Fatal error in FAI plugin
|Fix] Bugs #5074: Error to add ACL
|Fix] FusionDirectory plugins - Bugs #5075: Error to add ACL
|Fix] FusionDirectory plugins - Bugs #5088: Add samba shares update action to the list
|Fix] Bugs #5089: Attribute dob of fusiondirectory schema conflicts with evolution schema
|Fix] FusionDirectory plugins - Bugs #5090: Attribute dob of fusiondirectory schema conflicts with evolution schema
|Fix] Bugs #5092: FD should not interfere with form handling
* FusionDirectory 1.0.14
|Fix] FusionDirectory plugins - Bugs #4142: Local quota
......
......@@ -1578,6 +1578,65 @@ sub get_deprecated {
return (\@obsolete_attrs, \@obsolete_classes);
}
# function that migrates printers from FD<=1.0.13 to FD>=1.0.14
sub migrate_printers {
# initiate the LDAP connexion
my %hash_ldap_param = get_ldap_connexion();
# LDAP's connection's parameters
my $base = $hash_ldap_param{base};
my $ldap = $hash_ldap_param{ldap};
my $mesg = $ldap->search(
filter => '(objectClass=gotoPrinter)',
base => $base
);
$mesg->code && die $mesg->error;
if ($mesg->count > 0) {
print ("The following printers are using the obsolete gotoPrinter objectClass:\n");
my @entries = $mesg->entries;
foreach my $entry (@entries) {
print $entry->dn()."\n";
}
if (ask_yn_question("Migrate these entries to fdPrinter objectClass?")) {
foreach my $entry (@entries) {
my $newrdn = "cn=".$entry->get_value('cn')."+ipHostNumber=".$entry->get_value('ipHostNumber');
$mesg = $ldap->moddn($entry->dn(), newrdn => $newrdn);
if ($mesg->code) {
print $entry->dn().": ".$mesg->error."\n";
next;
}
my $dn_old = $entry->dn();
$dn_old =~ s/^[^,]+,/$newrdn,/;
my @replace = ('ieee802Device', 'ipHost', 'fdPrinter');
my @classes = $entry->get_value('objectClass');
foreach my $class (@classes) {
if ($class ne 'gotoPrinter') {
push(@replace, "$class");
}
}
$entry->replace("objectClass" => \@replace);
$mesg = $ldap->add($entry);
if ($mesg->code) {
print $entry->dn().": ".$mesg->error."\n";
next;
}
undef @replace;
$mesg = $ldap->delete($dn_old);
$mesg->code && print $dn_old.": ".$mesg->error."\n";
}
}
}
# unbind to the LDAP server
my $unbind = $ldap->unbind;
$unbind->code && warn "! Unable to unbind from LDAP server: ", $unbind->error."\n";
}
# List LDAP attributes which have been deprecated
sub list_deprecated {
my ($obsolete_attrs, $obsolete_classes) = get_deprecated();
......@@ -1824,6 +1883,7 @@ die ("! You have to run this script as root\n") if ($<!=0);
$commands{"--check-ldap"} = ["Checking your LDAP tree", \&check_ldap];
$commands{"--check-ids"} = ["Checking for duplicated uid or gid numbers", \&check_id_numbers];
$commands{"--migrate-users"} = ["Migrating your users", \&migrate_users];
$commands{"--migrate-printers"} = ["Migrating your printer from FD < 1.0.14", \&migrate_printers];
$commands{"--migrate-dns"} = ["Migrating DNS zones for FD 1.0.10", \&migrate_dns];
$commands{"--migrate-acls"} = ["Migrating your ACLs", \&migrate_acls];
$commands{"--install-plugins"} = ["Installing FusionDirectory's plugins", \&install_plugins];
......@@ -1922,6 +1982,10 @@ This option check your LDAP tree for duplicated uidNumber or gidNumber among use
This option add FusionDirectory attributes to the people branch.
=item --migrate-printers
This option replace gosaPrinter objectClass by new fdPrinter objectClass.
=item --migrate-dns
This option moves DNS zones from systems branch to DNS branch, which is necessary for FusionDirectory 1.0.10 and above.
......
This diff is collapsed.
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "FUSIONDIRECTORY-INSERT-SCHEMA 1"
.TH FUSIONDIRECTORY-INSERT-SCHEMA 1 "2016-06-23" "FusionDirectory 1.0.14" "FusionDirectory Documentation"
.TH FUSIONDIRECTORY-INSERT-SCHEMA 1 "2016-08-01" "FusionDirectory 1.0.15" "FusionDirectory Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "FUSIONDIRECTORY-SETUP 1"
.TH FUSIONDIRECTORY-SETUP 1 "2016-06-23" "FusionDirectory 1.0.14" "FusionDirectory Documentation"
.TH FUSIONDIRECTORY-SETUP 1 "2016-08-09" "FusionDirectory 1.0.15" "FusionDirectory Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......@@ -168,6 +168,9 @@ This option check your \s-1LDAP\s0 tree for duplicated uidNumber or gidNumber am
.IP "\-\-migrate\-users" 4
.IX Item "--migrate-users"
This option add FusionDirectory attributes to the people branch.
.IP "\-\-migrate\-printers" 4
.IX Item "--migrate-printers"
This option replace gosaPrinter objectClass by new fdPrinter objectClass.
.IP "\-\-migrate\-dns" 4
.IX Item "--migrate-dns"
This option moves \s-1DNS\s0 zones from systems branch to \s-1DNS\s0 branch, which is necessary for FusionDirectory 1.0.10 and above.
......
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "FUSIONDIRECTORY.CONF 1"
.TH FUSIONDIRECTORY.CONF 1 "2016-06-23" "FusionDirectory 1.0.14" "FusionDirectory Documentation"
.TH FUSIONDIRECTORY.CONF 1 "2016-08-01" "FusionDirectory 1.0.15" "FusionDirectory Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
......@@ -302,11 +302,24 @@ attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime'
SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.38414.8.15.6 NAME 'fdHttpAuthActivated'
DESC 'FusionDirectory - HTTP Auth activation'
DESC 'FusionDirectory - HTTP Basic Auth activation'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.8.15.7 NAME 'fdHttpHeaderAuthActivated'
DESC 'FusionDirectory - HTTP Header Auth activation'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.8.15.8 NAME 'fdHttpHeaderAuthHeaderName'
DESC 'FusionDirectory - HTTP Header Auth - Header name'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
# Debugging
attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors'
......@@ -581,7 +594,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
fdPrimaryGroupFilter $ fdListSummary $
fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $
fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $
fdHttpAuthActivated $
fdHttpAuthActivated $ fdHttpHeaderAuthActivated $ fdHttpHeaderAuthHeaderName $
fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $
fdEnableSnapshots $ fdSnapshotBase $
fdTabHook $ fdShells $ fdDisplayHookOutput $
......
......@@ -4,12 +4,6 @@
# Attributes
attributetype ( 1.3.6.1.4.1.10098.1.1.12.1 NAME 'gosaSubtreeACL'
DESC 'GOsa - ACL entry'
OBSOLETE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.2 NAME 'gosaUser'
DESC 'GOsa - DN of a user'
......@@ -23,13 +17,6 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.12.3 NAME 'gosaObject'
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.14 NAME 'gosaDefaultLanguage'
DESC 'GOsa - Defines the default language for a user'
OBSOLETE
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects'
DESC 'GOsa - List of all object types that are in a gosaGroupOfNames'
EQUALITY caseIgnoreIA5Match
......@@ -64,61 +51,17 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData'
DESC 'GOsa - Original data of saved object in snapshot'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.46 NAME 'gosaLoginRestriction'
DESC 'GOsa - Multivalue attribute to carry a number of allowed ips/subnets'
OBSOLETE
SUP name)
attributetype ( 1.3.6.1.4.1.10098.1.1.6.2 NAME 'academicTitle'
DESC 'Field to represent the academic title'
OBSOLETE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.15305.2.1 NAME ( 'gender' 'sex' )
DESC 'Gender: M for male, F for female'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1}
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.15305.2.2 NAME ( 'dateOfBirth' 'dob' )
DESC 'Date of birth in ISO 8601 format'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10}
SINGLE-VALUE )
# Classes
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.1 NAME 'gosaObject' SUP top AUXILIARY
DESC 'GOsa - Class for GOsa settings'
OBSOLETE
MUST ( )
MAY ( gosaSubtreeACL ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.2 NAME 'gosaLockEntry' SUP top STRUCTURAL
DESC 'GOsa - Class for GOsa locking'
MUST ( gosaUser $ gosaObject $ cn ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.3 NAME 'gosaCacheEntry' SUP top STRUCTURAL
DESC 'GOsa - Class for GOsa caching'
OBSOLETE
MAY ( )
MUST ( cn $ gosaUser ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY
DESC 'GOsa - Class to mark Departments for GOsa'
MUST ( ou $ description )
MAY ( manager $ co $ labeledURI ) )
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.6 NAME 'gosaAccount' SUP top AUXILIARY
DESC 'GOsa - Class for GOsa Accounts'
OBSOLETE
MUST ( )
MAY (
gosaLoginRestriction $
gosaDefaultLanguage $ academicTitle $ personalTitle $ dateOfBirth $ gender
) )
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate' SUP top AUXILIARY
DESC 'GOsa - Class for GOsa User Templates'
OBSOLETE
......
......@@ -248,14 +248,10 @@ class passwordRecovery extends standAlonePage {
{
parent::__construct();
$smarty = get_smarty();
if (isset($_GET['email_address']) && $_GET['email_address'] != "") {
$this->email_address = validate($_GET['email_address']);
$smarty->assign('email_address', $this->email_address);
} elseif (isset($_POST['email_address'])) {
$this->email_address = validate($_POST['email_address']);
$smarty->assign('email_address', $this->email_address);
}
/* Check for selected user... */
......@@ -264,7 +260,7 @@ class passwordRecovery extends standAlonePage {
} elseif (isset($_POST['uid'])) {
$this->uid = validate($_POST['uid']);
} else {
$this->uid = "";
$this->uid = '';
}
}
......@@ -322,13 +318,16 @@ class passwordRecovery extends standAlonePage {
$smarty->assign('usePrototype', 'FALSE');
$smarty->append('js_files', 'include/pwdStrength.js');
$smarty->append('css_files', get_template_path('login.css'));
$lang = session::global_get('lang');
$smarty->assign('lang', preg_replace('/_.*$/', '', $lang));
$smarty->assign('rtl', language_is_rtl($lang));
$smarty->display(get_template_path('headers.tpl'));
$smarty->assign('version', FD_VERSION);
$smarty->assign('step', $this->step);
$smarty->assign('delay_allowed', $this->delay_allowed);
$smarty->assign('activated', $this->activated);
$smarty->assign('email_address', $this->email_address);
$smarty->display(get_template_path('recovery.tpl'));
exit();
}
......@@ -533,13 +532,7 @@ class passwordRecovery extends standAlonePage {
/* Send the mail */
$mail_body = sprintf($this->mail_body, $this->uid, $reinit_link);
/* From */
$headers = "From: ".$this->from_mail."\r\n";
$headers .= "Reply-To: ".$this->from_mail."\r\n";
$additional_parameters = "-f".$this->from_mail;
if (mail($this->email_address, $this->mail_subject, $mail_body, $headers, $additional_parameters)) {
if (mail_utf8($this->email_address, FALSE, $this->from_mail, $this->mail_subject, $mail_body)) {
$this->step = 3;
} else {
$this->message[] = msgPool::invalid(_("Contact your administrator, there was a problem with mail server"));
......@@ -602,13 +595,7 @@ class passwordRecovery extends standAlonePage {
/* Send the mail */
$mail_body = sprintf($this->mail2_body, $this->uid);
/* From */
$headers = "From: ".$this->from_mail."\r\n";
$headers .= "Reply-To: ".$this->from_mail."\r\n";
$additional_parameters = "-f".$this->from_mail;
if (mail($this->email_address, $this->mail2_subject, $mail_body, $headers, $additional_parameters)) {
if (mail_utf8($this->email_address, FALSE, $this->from_mail, $this->mail2_subject, $mail_body)) {
$smarty = get_smarty();
$this->step = 5;
$smarty->assign('changed', TRUE);
......
......@@ -22,8 +22,6 @@
Event.observe(window, 'resize', resizeHandler);
Event.observe(window, 'load', resizeHandler);
Event.observe(window, 'load', initProgressPie);
Event.observe(window, 'keypress', keyHandler);
/* Ask before switching a plugin with this function */
function question(text, url)
......@@ -100,80 +98,6 @@ function acl_toggle_all(regex)
}
}
/* Global key handler to estimate which element gets the next focus if enter is pressed */
function keyHandler(DnEvents) {
// determines whether Netscape or Internet Explorer
k = (Prototype.Browser.Gecko) ? DnEvents.keyCode : window.event.keyCode;
if (k == 13) { // enter key pressed
if(typeof(nextfield)!='undefined') {
if(nextfield == 'login') {
return true; // submit, we finished all fields
} else { // we are not done yet, send focus to next box
eval('document.mainform.' + nextfield + '.focus()');
return false;
}
} else {
if(Prototype.Browser.Gecko) {
if(DnEvents.target.type == 'textarea') {
return true;
} else if (DnEvents.target.type != 'submit') {
// TAB
var thisfield = document.getElementById(DnEvents.target.id);
for (i = 0; i < document.forms[0].elements.length; i++) {
if(document.forms[0].elements[i].id==thisfield.id) {
// Last form element on page?
if(i!=document.forms[0].elements.length-1) {
document.forms[0].elements[i+1].focus();
}
}
}
return false;
} else {
return true;
}
// Check for konqueror
} else if(document.clientWidth) {
// do nothing ATM
} else {
if(window.event.srcElement.type == 'textarea') {
return true;
} else if (window.event.srcElement.type != 'submit') {
// TAB
var thisfield = document.getElementById(window.event.srcElement.id);
for (i = 0; i < document.forms[0].elements.length; i++) {
if(document.forms[0].elements[i].id==thisfield.id) {
// Last form element on page?
if(i!=document.forms[0].elements.length-1) {
document.forms[0].elements[i+1].focus();
}
}
}
return false;
} else {
return true;
}
}
}
} else if (k==9) {
// Tab key pressed
if(Prototype.Browser.Gecko) {
if(DnEvents.target.type == 'textarea') {
document.getElementById(DnEvents.target.id).value+="\t";
return false;
}
// Check for konqueror
} else if(document.clientWidth) {
// do nothing ATM
} else {
if(window.event.srcElement.type == 'textarea') {
document.getElementById(window.event.srcElement.id).value+="\t";
return false;
}
}
}
}
function inArray(p_val, array) {
var l = array.length;
for (var i = 0; i < l; i++) {
......@@ -232,14 +156,6 @@ function changeTripleSelectState_2nd_neg(firstTriggerField, secondTriggerField,
}
}
// work together to analyze keystrokes
if (Prototype.Browser.Gecko){
window.onkeypress= keyHandler;
} else {
document.onkeydown= keyHandler;
}
function popup(target, name) {
var mypopup=
window.open(
......@@ -579,7 +495,7 @@ function setProgressPie(context, percent)
if (percent > 75) {
r = "ED"
g = "15"
b = "15";
b = "15";
}
context.strokeStyle = "#" + r + g + b
......
......@@ -183,7 +183,7 @@ clean_smarty_compile_dir($smarty->compile_dir);
initLanguage();
$smarty->assign ('nextfield', 'username');
$smarty->assign ('focusfield', 'username');
if (isset($_POST['server'])) {
$server = $_POST['server'];
......@@ -223,7 +223,7 @@ if (isset($_REQUEST['message'])) {
/* Class with a function for each login step
* Each function can return a string to display an LDAP error, or FALSE to redirect to login
* In this case it can set global $message and assign nextfield in smarty before hand */
* In this case it can set global $message and assign focusfield in smarty before hand */
class Index {
static protected $username;
static protected $password;
......@@ -279,7 +279,7 @@ class Index {
return FALSE;
} elseif (mb_strlen(self::$password, 'UTF-8') == 0) {
$message = _('Please specify your password!');
$smarty->assign ('nextfield', 'password');
$smarty->assign ('focusfield', 'password');
return FALSE;
}
return TRUE;
......@@ -291,14 +291,14 @@ class Index {
global $ui, $config, $message, $smarty;
/* Login as user, initialize user ACL's */
$ui = ldap_login_user(self::$username, self::$password);
if ($ui === NULL || !$ui) {
if ($ui === NULL) {
if (isset($_SERVER['REMOTE_ADDR'])) {
logging::log('security', 'login', '', array(), 'Authentication failed for user "'.self::$username.'" [from '.$_SERVER['REMOTE_ADDR'].']');
} else {
logging::log('security', 'login', '', array(), 'Authentication failed for user "'.self::$username.'"');
}
$message = _('Please check the username/password combination.');
$smarty->assign ('nextfield', 'password');
$smarty->assign ('focusfield', 'password');
return FALSE;
}
return TRUE;
......@@ -328,7 +328,7 @@ class Index {
if ($expired == POSIX_ACCOUNT_EXPIRED) {
logging::log('security', 'login', '', array(), 'Account for user "'.self::$username.'" has expired');
$message = _('Account locked. Please contact your system administrator!');
$smarty->assign ('nextfield', 'password');
$smarty->assign ('focusfield', 'username');
return FALSE;
}
}
......@@ -429,6 +429,77 @@ class Index {
}
}
/* All login steps in the right order for HTTP Header login */
static function headerAuthLoginProcess()
{
global $config, $message, $ui;
self::init();
/* Reset error messages */
$message = '';
$header = $config->get_cfg_value('httpHeaderAuthHeaderName', 'AUTH_USER');
self::$username = $_SERVER['HTTP_'.$header];
if (!self::$username) {
msg_dialog::display(
_('Error'),
sprintf(
_('No value found in HTTP header "%s"'),
$header
),
FATAL_ERROR_DIALOG
);
exit();
}
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
$verify_attr = explode(',', $config->get_cfg_value('loginAttribute', 'uid'));
$filter = '';
foreach ($verify_attr as $attr) {
$filter .= '('.$attr.'='.ldap_escape_f(self::$username).')';
}
$ldap->search('(&(|'.$filter.')(objectClass=inetOrgPerson))');
$attrs = $ldap->fetch();
if ($ldap->count() < 1) {
msg_dialog::display(
_('Error'),
sprintf(
_('Header user "%s" could not be found in the LDAP'),
self::$username
),
FATAL_ERROR_DIALOG
);
exit();
} elseif ($ldap->count() > 1) {
msg_dialog::display(
_('Error'),
sprintf(
_('Header user "%s" match several users in the LDAP'),
self::$username
),
FATAL_ERROR_DIALOG
);
exit();
}
$ui = new userinfo($config, $attrs['dn']);
$ui->loadACL();
$success = self::runSteps(array(
'loginAndCheckExpired',
'runSchemaCheck',
'checkForLockingBranch',
));
if ($success) {
/* Everything went well, redirect to main.php */
self::redirect();
}
}
/* All login steps in the right order for CAS login */
static function casLoginProcess()
{
......@@ -510,6 +581,8 @@ if ($config->get_cfg_value('httpAuthActivated') == 'TRUE') {
spl_autoload_unregister('CAS_autoload');
spl_autoload_register('CAS_autoload', TRUE, TRUE);
Index::casLoginProcess();
} elseif ($config->get_cfg_value('httpHeaderAuthActivated') == 'TRUE') {
Index::headerAuthLoginProcess();
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
/* Got a formular answer, validate and try to log in */
Index::fullLoginProcess();
......
......@@ -8,7 +8,7 @@
<div id="window_container">
<div id="window_div">
<form action="index.php" method="post" name="mainform" onSubmit="js_check(this);return true;">
<form action="index.php" method="post" id="loginform" name="loginform" onSubmit="js_check(this);return true;">
{$msg_dialogs}
<div id="window_titlebar">
......@@ -25,20 +25,22 @@
</div>
<div>
<label for="username"><img class="center" src="{$personal_img|escape}" alt="{t}Username{/t}" title="{t}Username{/t}"/>&nbsp;</label>
<input type="text" name="username" id="username" maxlength="40" value="{$username|escape}"
title="{t}Username{/t}" onFocus="nextfield= 'password';" />
<label for="username">
<img class="center" src="{$personal_img|escape}" alt="{t}Username{/t}" title="{t}Username{/t}"/>&nbsp;
</label>
<input type="text" name="username" id="username" maxlength="40" value="{$username|escape}" title="{t}Username{/t}" />
<br />
<br />
<label for="password"><img class="center" src="{$password_img|escape}" alt="{t}Password{/t}" title="{t}Password{/t}" />&nbsp;</label>
<input type="password" name="password" id="password" maxlength="40" value=""
title="{t}Password{/t}" onFocus="nextfield= 'login';" />
<label for="password">
<img class="center" src="{$password_img|escape}" alt="{t}Password{/t}" title="{t}Password{/t}" />&nbsp;
</label>
<input type="password" name="password" id="password" maxlength="40" value="" title="{t}Password{/t}"/>
<br />
<a href="recovery.php">{t}I forgot my password{/t}</a>
</div>
<div>
<img class="center" src="{$directory_img|escape}" alt="{t}Directory{/t}" title="{t}Directory{/t}" />&nbsp;
<select name="server" title="{t}Directory{/t}" onchange="javascript:document.mainform.submit();">
<select name="server" title="{t}Directory{/t}" onchange="javascript:document.loginform.submit();">
{html_options options=$server_options selected=$server_id}
</select>
</div>
......@@ -58,14 +60,12 @@
</div>
<div id="window_footer" class="plugbottom">
<div>
{$message}