[debian-edu-commits] debian-edu/pkg-team/ 13/32: Imported Upstream version 2.7.4
Mike Gabriel
sunweaver at debian.org
Tue Apr 1 16:52:04 UTC 2014
This is an automated email from the git hooks/post-receive script.
sunweaver pushed a commit to branch master
in repository gosa.
commit cf0e3fe0b2b27f3673020995d717407ed721fd32
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Tue Apr 1 15:14:41 2014 +0200
Imported Upstream version 2.7.4
---
gosa-core/Changelog | 14 +++++
gosa-core/include/class_core.inc | 10 ++++
gosa-core/include/functions.inc | 26 ++++----
.../class_password-methods-sasl.inc | 69 ++++++++++++++++++++++
gosa-core/include/utils/class_tests.inc | 23 +++++++-
.../plugins/admin/users/class_userManagement.inc | 27 ++++++++-
gosa-core/plugins/personal/generic/class_user.inc | 11 +++-
.../plugins/personal/password/class_password.inc | 6 +-
gosa-core/plugins/personal/password/password.tpl | 10 ++++
.../plugins/personal/posix/class_posixAccount.inc | 28 ++++++---
gosa-core/setup/class_setupStep_Checks.inc | 29 ++++-----
11 files changed, 206 insertions(+), 47 deletions(-)
diff --git a/gosa-core/Changelog b/gosa-core/Changelog
index b7e23a9..8b00406 100644
--- a/gosa-core/Changelog
+++ b/gosa-core/Changelog
@@ -1,6 +1,20 @@
GOsa2 changelog
===============
+* gosa 2.7.4
+ - Fixed problem in setup checks that seem to access a bool value by
+ string index.
+ - Robustness improvements for PHP 5.3/5.4 compatibility.
+ - Fixed problems with sieve login and TLS.
+ - Made asterisk delimiter configurable.
+ - Enabled template mode even when editing a template.
+ - Do not create primary groups for templates.
+ - Allow to modfiy the mail address when cyrus is used as mail method
+ and accounts are identified by uid.
+ - Added SASL password method.
+ - Fixed ACL resolution for login restrictions.
+ - Fixed pronlems with unsaved user pictures.
+
* gosa 2.7.3
- Fixed some listing problems.
- Made DHCP plugin overview show all hosts.
diff --git a/gosa-core/include/class_core.inc b/gosa-core/include/class_core.inc
index 61e4865..cda959a 100644
--- a/gosa-core/include/class_core.inc
+++ b/gosa-core/include/class_core.inc
@@ -803,6 +803,16 @@ DEBUG_SI = 256"),
"mandatory" => FALSE),
array(
+ "name" => "SASLRealm",
+ "type" => "string",
+ "default" => "REALM",
+ "description" => _("The SASL realm to use for password storage."),
+ "check" => "",
+ "migrate" => "",
+ "group" => "password",
+ "mandatory" => FALSE),
+
+ array(
"name" => "rfc2307bis",
"type" => "bool",
"default" => "false",
diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
index 85d5e9b..270fe46 100644
--- a/gosa-core/include/functions.inc
+++ b/gosa-core/include/functions.inc
@@ -24,8 +24,8 @@
* Common functions and named definitions. */
/* Define globals for revision comparing */
-$svn_path = '$HeadURL: https://oss.gonicus.de/repositories/gosa/tags/2.7.3/gosa-core/include/functions.inc $';
-$svn_revision = '$Revision: 21092 $';
+$svn_path = '$HeadURL: https://oss.gonicus.de/repositories/gosa/tags/2.7.4/gosa-core/include/functions.inc $';
+$svn_revision = '$Revision: 21123 $';
/* Configuration file location */
if(!isset($_SERVER['CONFIG_DIR'])){
@@ -292,10 +292,7 @@ function get_browser_language()
$gosa_languages= get_languages();
/* Move supported languages to flat list */
- $langs= array();
- foreach($gosa_languages as $lang => $dummy){
- $langs[]= $lang.'.UTF-8';
- }
+ $langs = array_map(function($lang){return $lang.'.UTF-8';}, array_keys($gosa_languages));
/* Return gettext based string */
return (al2gt($langs, 'text/html'));
@@ -1201,9 +1198,7 @@ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= arra
}
}
}
-# if(microtime(TRUE) - $start > 0.1){
-# echo sprintf("<pre>GET_SUB_LIST %s .| %f --- $base -----$filter ---- $flags</pre>",__LINE__,microtime(TRUE) - $start);
-# }
+
return($result);
}
@@ -2757,16 +2752,15 @@ function get_post($name)
// Handle Posted Arrays
$tmp = array();
if(is_array($_POST[$name]) && !is_string($_POST[$name])){
- foreach($_POST[$name] as $key => $val){
- if(get_magic_quotes_gpc()){
- $val = stripcslashes($val);
- }
- $tmp[$key] = $val;
- }
+ if(version_compare(PHP_VERSION, '5.4.0', '<') && get_magic_quotes_gpc()){
+ $tmp = array_map("stripcslashes", $_POST);
+ } else {
+ $tmp = $_POST;
+ }
return($tmp);
}else{
- if(get_magic_quotes_gpc()){
+ if(version_compare(PHP_VERSION, '5.4.0', '<') && get_magic_quotes_gpc()){
$val = stripcslashes($_POST[$name]);
}else{
$val = $_POST[$name];
diff --git a/gosa-core/include/password-methods/class_password-methods-sasl.inc b/gosa-core/include/password-methods/class_password-methods-sasl.inc
new file mode 100644
index 0000000..e4710bf
--- /dev/null
+++ b/gosa-core/include/password-methods/class_password-methods-sasl.inc
@@ -0,0 +1,69 @@
+<?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id: class_password-methods-ssha.inc 15380 2010-01-27 14:03:19Z cajus $$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+class passwordMethodsasl extends passwordMethod
+{
+ var $dn = "";
+ var $uid = "";
+ var $realm = "";
+
+ function __construct($config, $dn)
+ {
+ if($dn == "" || $dn == "new") return;
+
+ $this->realm = trim($config->get_cfg_value('core','SASLRealm'));
+ if($this->realm == ""){
+ trigger_error(msgPool::cmdnotfound("SASLRealm", _("SASL")));
+ }
+
+
+ $ldap = $config->get_ldap_link();
+ $ldap->cd($config->current['BASE']);
+ $ldap->cat($dn,array('uid'));
+ if($ldap->count() == 1){
+ $attrs = $ldap->fetch();
+ $this->uid = $attrs['uid'][0];
+ }else{
+ trigger_error("Cannot change password, unknown users '".$dn."'");
+ }
+ }
+
+ function is_available()
+ {
+ return(true);
+ }
+
+ function generate_hash($pwd)
+ {
+ return("{SASL}".$this->uid."@".$this->realm);
+ }
+
+
+ function get_hash_name()
+ {
+ return "sasl";
+ }
+
+}
+
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>
diff --git a/gosa-core/include/utils/class_tests.inc b/gosa-core/include/utils/class_tests.inc
index 7facf09..0b2a9f0 100644
--- a/gosa-core/include/utils/class_tests.inc
+++ b/gosa-core/include/utils/class_tests.inc
@@ -49,18 +49,37 @@ class tests {
public static function is_dns_name($str, &$reason = "", &$regex = "")
{
$regex = "[a-z0-9\.\-]";
+
+ # Check over all length
if(preg_match("/\./", $str) && strlen($str) >= 255){
$reason = 1;
return(FALSE);
}
+
+ # Check hostname length
if(strlen(preg_replace("/\..*$/", "", $str)) > 63){
$reason = 2;
return(FALSE);
- }
- if(!preg_match("/^{$regex}*$/i",$str)){
+ }
+
+ # Split host and domain part
+ $tmp = preg_split("/\./", $str, 2);
+ $host = $tmp[0];
+ $domain = count($tmp) == 1 ? NULL : $tmp[1];
+
+ if(!preg_match("/^{$regex}*$/i", $host)){
$reason = 3;
return(FALSE);
}
+
+ if ($domain) {
+ $regex = "[a-z0-9\.\-_]";
+ if(!preg_match("/^{$regex}*$/i", $domain)){
+ $reason = 4;
+ return(FALSE);
+ }
+ }
+
return(TRUE);
}
diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index 0d97aae..4893d69 100644
--- a/gosa-core/plugins/admin/users/class_userManagement.inc
+++ b/gosa-core/plugins/admin/users/class_userManagement.inc
@@ -3,7 +3,7 @@
* This code is part of GOsa (http://www.gosa-project.org)
* Copyright (C) 2003-2008 GONICUS GmbH
*
- * ID: $$Id: class_userManagement.inc 20952 2011-07-27 06:38:29Z hickert $$
+ * ID: $$Id: class_userManagement.inc 21144 2012-05-04 15:08:16Z hickert $$
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -142,6 +142,13 @@ class userManagement extends management
trigger_error("Unknown tab: ".$tab);
}
}
+
+ // Enable template mode if this is a gosaUserTemplate
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ if($ldap->object_match_filter($this->tabObject->dn, "(objectClass=gosaUserTemplate)")){
+ $this->tabObject->set_template_mode ();
+ }
}
@@ -218,7 +225,11 @@ class userManagement extends management
// Check permisions
$disallowed = array();
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+
foreach($this->pwd_change_queue as $key => $dn){
+
if(!preg_match("/w/",$this->ui->get_permissions($dn,$this->aclCategory."/password"))){
unset($this->pwd_change_queue[$key]);
$disallowed[] = $dn;
@@ -268,6 +279,18 @@ class userManagement extends management
$this->proposalSelected = ($this->proposal != "");
$this->dn = array_pop($this->pwd_change_queue);
+ // Do not allow to modify SASL passwords for this customer
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cat($this->dn, array('uid', 'userPassword'));
+ $attrs = $ldap->fetch();
+ $hasSasl = isset($attrs['userPassword'][0]) && preg_match("/^{SASL}/i", $attrs['userPassword'][0]);
+ $getsSasl= !isset($this->force_hash_type[$this->dn]) || $this->force_hash_type[$this->dn] == "sasl";
+ if($getsSasl && $hasSasl){
+ $this->dn = "";
+ $this->handlePasswordQueue();
+ return;
+ }
+
// Check if we are able to enforce a password change
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
@@ -286,6 +309,8 @@ class userManagement extends management
set_object_info($this->dn);
return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }elseif(!count($this->pwd_change_queue) && empty($this->dn)){
+ return;
}
// If we've just refreshed the proposal then do not check the password for validity.
diff --git a/gosa-core/plugins/personal/generic/class_user.inc b/gosa-core/plugins/personal/generic/class_user.inc
index 7d22009..6be1012 100644
--- a/gosa-core/plugins/personal/generic/class_user.inc
+++ b/gosa-core/plugins/personal/generic/class_user.inc
@@ -3,7 +3,7 @@
* This code is part of GOsa (http://www.gosa-project.org)
* Copyright (C) 2003-2008 GONICUS GmbH
*
- * ID: $$Id: class_user.inc 21057 2011-11-09 07:59:17Z hickert $$
+ * ID: $$Id: class_user.inc 21139 2012-05-02 09:49:01Z hickert $$
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -652,7 +652,7 @@ class user extends plugin
// Special ACL for gosaLoginRestrictions -
// In case of multiple edit, we need a readonly ACL for the list.
- $smarty->assign('gosaLoginRestriction_ONLY_R_ACL', preg_replace("/[^r]/i","", $this->getacl($val)));
+ $smarty->assign('gosaLoginRestriction_ONLY_R_ACL', preg_replace("/[^r]/i","", $this->getacl("gosaLoginRestriction")));
$smarty->assign("pwmode", set_post($pwd_methods));
$smarty->assign("pwmode_select", set_post($this->pw_storage));
@@ -910,6 +910,11 @@ class user extends plugin
/* First use parents methods to do some basic fillup in $this->attrs */
plugin::save ();
+ if($this->pw_storage == "sasl"){
+ $tmp = new passwordMethodsasl($this->config,$this->dn);
+ $this->attrs['userPassword'] = $tmp->generate_hash("dummy");
+ }
+
if ($this->dateOfBirth != ""){
if(!is_array($this->attrs['dateOfBirth'])) {
#TODO: use $lang to convert date
@@ -1461,6 +1466,7 @@ class user extends plugin
$this->jpegPhoto= "*removed*";
}
+ clearstatcache();
$fd = fopen ($filename, "rb");
$this->photoData= fread ($fd, filesize ($filename));
session::set('binary',$this->photoData);
@@ -1475,6 +1481,7 @@ class user extends plugin
function set_cert($cert, $filename)
{
if(!$this->acl_is_writeable("Certificate")) return;
+ clearstatcache();
$fd = fopen ($filename, "rb");
if (filesize($filename)>0) {
$this->$cert= fread ($fd, filesize ($filename));
diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc
index de1e66e..03f02f2 100644
--- a/gosa-core/plugins/personal/password/class_password.inc
+++ b/gosa-core/plugins/personal/password/class_password.inc
@@ -3,7 +3,7 @@
* This code is part of GOsa (http://www.gosa-project.org)
* Copyright (C) 2003-2008 GONICUS GmbH
*
- * ID: $$Id: class_password.inc 20973 2011-08-24 07:59:42Z hickert $$
+ * ID: $$Id: class_password.inc 21139 2012-05-02 09:49:01Z hickert $$
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -32,6 +32,9 @@ class password extends plugin
var $proposalInitialized = FALSE;
var $forcedHash = NULL;
+ var $userPassword = "";
+ var $attributes=array('userPassword');
+
function password(&$config, $dn= NULL, $parent= NULL)
{
@@ -72,6 +75,7 @@ class password extends plugin
/* Get acls */
$password_ACLS = $ui->get_permissions($ui->dn,"users/password");
$smarty->assign("ChangeACL" , $password_ACLS);
+ $smarty->assign("SASL" , preg_match("/^{SASL}/i", $this->userPassword));
$smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS));
/* Display expiration template */
diff --git a/gosa-core/plugins/personal/password/password.tpl b/gosa-core/plugins/personal/password/password.tpl
index fc4b849..965d731 100644
--- a/gosa-core/plugins/personal/password/password.tpl
+++ b/gosa-core/plugins/personal/password/password.tpl
@@ -1,3 +1,12 @@
+
+{if $SASL}
+
+ <br>
+ <b>{t}Your password cannot be changed from within GOsa{/t}</b>
+
+<input type="hidden" name="ignore">
+{else}
+
<script type="text/javascript" src="include/pwdStrength.js"></script>
<p>
@@ -143,3 +152,4 @@
updateFields();
</script>
+{/if}
diff --git a/gosa-core/plugins/personal/posix/class_posixAccount.inc b/gosa-core/plugins/personal/posix/class_posixAccount.inc
index 1275ce1..6e5d948 100644
--- a/gosa-core/plugins/personal/posix/class_posixAccount.inc
+++ b/gosa-core/plugins/personal/posix/class_posixAccount.inc
@@ -3,7 +3,7 @@
* This code is part of GOsa (http://www.gosa-project.org)
* Copyright (C) 2003-2008 GONICUS GmbH
*
- * ID: $$Id: class_posixAccount.inc 21101 2012-01-16 07:53:16Z hickert $$
+ * ID: $$Id: class_posixAccount.inc 21142 2012-05-02 12:24:10Z hickert $$
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -232,7 +232,7 @@ class posixAccount extends plugin
/* Generate group list */
$this->ui = get_userinfo();
- $this->secondaryGroups[]= "- "._("automatic")." -";
+ $this->secondaryGroups[0]= "- "._("automatic")." -";
$ldap->cd($this->config->current['BASE']);
$ldap->search("(objectClass=posixGroup)", array("cn", "gidNumber"));
while($attrs = $ldap->fetch()){
@@ -240,6 +240,12 @@ class posixAccount extends plugin
}
asort ($this->secondaryGroups);
+ // Templates do not have a gidNumber
+ if($this->gidNumber == 2147483647){
+ $this->gidNumber = "";
+ $this->primaryGroup = 0;
+ }
+
$this->ui = get_userinfo();
// Create group-list
@@ -706,7 +712,9 @@ class posixAccount extends plugin
* - .. if we couldn't find a group with the same name, we will create a new one,
* using the users uid as cn and a generated uniqe gidNumber.
* */
- if ($this->primaryGroup == 0 || $this->force_ids){
+ if($this->is_template && !$this->primaryGroup){
+ $this->gidNumber = 2147483647;
+ }elseif ($this->primaryGroup == 0 || $this->force_ids){
/* Search for existing group */
$ldap = $this->config->get_ldap_link();
@@ -1114,10 +1122,16 @@ class posixAccount extends plugin
$this->addGroup($groups);
/* Fix primary group settings */
- $ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=posixGroup)(cn=$template)(gidNumber=".$this->gidNumber."))", array("cn"));
- if ($ldap->count() != 1){
- $this->primaryGroup= $this->gidNumber;
+ if($this->gidNumber == 2147483647){
+ $this->gidNumber = "";
+ }
+
+ if($this->gidNumber){
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=posixGroup)(cn=$template)(gidNumber=".$this->gidNumber."))", array("cn"));
+ if ($ldap->count() != 1){
+ $this->primaryGroup= $this->gidNumber;
+ }
}
$ldap->cd($this->config->current['BASE']);
diff --git a/gosa-core/setup/class_setupStep_Checks.inc b/gosa-core/setup/class_setupStep_Checks.inc
index b7d5f03..f8a23ac 100644
--- a/gosa-core/setup/class_setupStep_Checks.inc
+++ b/gosa-core/setup/class_setupStep_Checks.inc
@@ -3,7 +3,7 @@
* This code is part of GOsa (http://www.gosa-project.org)
* Copyright (C) 2003-2008 GONICUS GmbH
*
- * ID: $$Id: class_setupStep_Checks.inc 20699 2011-04-12 06:13:42Z hickert $$
+ * ID: $$Id: class_setupStep_Checks.inc 21122 2012-03-26 08:44:38Z cajus $$
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -195,13 +195,14 @@ class Step_Checks extends setup_step
/* PHP Configuration checks */
/* Register_globals off */
- $N = "register_globals = <b>off</b>";
- $D = _("register_globals is a PHP mechanism to register all global variables to be accessible from scripts without changing the scope. This may be a security risk.");
- $S = _("Search for 'register_globals' in your php.ini and switch it to 'Off'.");
- $R = ini_get("register_globals") == 0;
- $M = FALSE;
- $this->config_checks[] = array("NAME" => $N , "DESC" => $D , "RESULT" => $R , "SOLUTION" => $S , "MUST" => $M );
-
+ if (version_compare(PHP_VERSION, "5.3", "<")) {
+ $N = "register_globals = <b>off</b>";
+ $D = _("register_globals is a PHP mechanism to register all global variables to be accessible from scripts without changing the scope. This may be a security risk.");
+ $S = _("Search for 'register_globals' in your php.ini and switch it to 'Off'.");
+ $R = ini_get("register_globals") == 0;
+ $M = FALSE;
+ $this->config_checks[] = array("NAME" => $N , "DESC" => $D , "RESULT" => $R , "SOLUTION" => $S , "MUST" => $M );
+ }
/* session lifetime set to >=86400 seconds ? */
$N = "session.gc_maxlifetime >= <b>86400</b>";
@@ -217,7 +218,7 @@ class Step_Checks extends setup_step
$N = "session.auto_start = <b>"._("Off")."</b>";
$D = _("In Order to use GOsa without any trouble, the session.auto_register option in your php.ini should be set to 'Off'.");
$S = _("Search for 'session.auto_start' in your php.ini and set it to 'Off'.");
- $R = !$session_auto_start['local_value'];
+ $R = !$session_auto_start;
$M = TRUE;
$this->config_checks[] = array("NAME" => $N , "DESC" => $D , "RESULT" => $R , "SOLUTION" => $S , "MUST" => $M );
@@ -253,17 +254,9 @@ class Step_Checks extends setup_step
$M = FALSE;
$this->config_checks[] = array("NAME" => $N , "DESC" => $D , "RESULT" => $R , "SOLUTION" => $S , "MUST" => $M );
- /* Automatic quoting must be turned on */
- $N = "magic_quotes_gpc = <b>"._("On")."</b>";
- $D = _("Increase your server security by setting magic_quotes_gpc to 'on'. PHP will escape all quotes in strings in this case.");
- $S = _("Search for 'magic_quotes_gpc' in your php.ini and set it to 'On'.");
- $R = ini_get('magic_quotes_gpc');
- $M = TRUE;
- $this->config_checks[] = array("NAME" => $N , "DESC" => $D , "RESULT" => $R , "SOLUTION" => $S , "MUST" => $M );
-
/* Emulating old stuff? */
$N = "zend.ze1_compatibility_mode = <b>"._("Off")."</b>";
- $D = _("Increase your server performance by setting magic_quotes_gpc to 'off'.");
+ $D = _("Increase your server performance by setting zend.ze1_compatibility_mode to 'off'.");
$S = _("Search for 'zend.ze1_compatibility_mode' in your php.ini and set it to 'Off'.");
$R = !ini_get('zend.ze1_compatibility_mode');
$M = FALSE;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/gosa.git
More information about the debian-edu-commits
mailing list