mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-12-18 14:33:49 +01:00
Add LSldap_attr::pwdHistory
This commit is contained in:
parent
c6501d479b
commit
a7ab192274
4 changed files with 191 additions and 0 deletions
|
@ -12,6 +12,7 @@
|
|||
&conf-LSattr_ldap_numeric;
|
||||
&conf-LSattr_ldap_password;
|
||||
&conf-LSattr_ldap_postaladdress;
|
||||
&conf-LSattr_ldap_pwdHistory;
|
||||
&conf-LSattr_ldap_sambaAcctFlags;
|
||||
&conf-LSattr_ldap_shadowExpire;
|
||||
</sect3>
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
<!ENTITY conf-LSattr_ldap_numeric SYSTEM "LSattr_ldap_numeric.docbook">
|
||||
<!ENTITY conf-LSattr_ldap_password SYSTEM "LSattr_ldap_password.docbook">
|
||||
<!ENTITY conf-LSattr_ldap_postaladdress SYSTEM "LSattr_ldap_postaladdress.docbook">
|
||||
<!ENTITY conf-LSattr_ldap_pwdHistory SYSTEM "LSattr_ldap_pwdHistory.docbook">
|
||||
<!ENTITY conf-LSattr_ldap_sambaAcctFlags SYSTEM "LSattr_ldap_sambaAcctFlags.docbook">
|
||||
<!ENTITY conf-LSattr_ldap_shadowExpire SYSTEM "LSattr_ldap_shadowExpire.docbook">
|
||||
|
||||
|
|
|
@ -0,0 +1,74 @@
|
|||
<sect4 id="config-LSattr_ldap_pwdHistory">
|
||||
<title>LSattr_ldap_pwdHistory</title>
|
||||
<para>Ce type est utilisé pour la gestion de l'attribut standard <emphasis>pwdHistory</emphasis>.
|
||||
Cet attribut, accessible en lecture uniquement, stocke dans un format prédéfini l'historique des
|
||||
mots de passe d'une utilisateur avec pour chaque entrée :
|
||||
<itemizedlist>
|
||||
<listitem><simpara>la date et heure de l'ajout du mot de passe dans l'historique</simpara></listitem>
|
||||
<listitem><simpara>l'OID de la syntaxe du mot de passe</simpara></listitem>
|
||||
<listitem><simpara>la longueur du mot de passe</simpara></listitem>
|
||||
<listitem><simpara>le mot de passe (hâché)</simpara></listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
<para>Ce type d'attribut LDAP permettra de convertir la valeur en son équivalent <literal>JSON</literal>
|
||||
pour pouvoir être traité à l'aide du type d'attribut HTML &LSattr_html_jsonCompositeAttribute;.</para>
|
||||
<programlisting linenumbering="unnumbered">
|
||||
<citetitle>Exemple de valeur de l'attribut pwdHistory</citetitle>
|
||||
<![CDATA[20201202144718Z#1.3.6.1.4.1.1466.115.121.1.40#105#{SSHA512}XDSiR6Sh6W7gyVIk6Rr2OUv8rNPr+0rHF99d9lcirE/TnnEdkjkncIi5iPubErL5lpfgh8gXLgSfmqvmFcMqXLToC25xIqyk]]>
|
||||
</programlisting>
|
||||
<programlisting linenumbering="unnumbered">
|
||||
<citetitle>Exemple de valeur tranformée</citetitle>
|
||||
<![CDATA[{"time":1606920438,"syntaxOID":"1.3.6.1.4.1.1466.115.121.1.40","length":105,"hashed_password":"{SSHA512}XDSiR6Sh6W7gyVIk6Rr2OUv8rNPr+0rHF99d9lcirE/TnnEdkjkncIi5iPubErL5lpfgh8gXLgSfmqvmFcMqXLToC25xIqyk"}]]>
|
||||
</programlisting>
|
||||
<programlisting linenumbering="unnumbered">
|
||||
<citetitle>Exemple de configuration complète de l'attribut</citetitle>
|
||||
<![CDATA['pwdHistory' => array (
|
||||
'label' => 'Passwords in history',
|
||||
'ldap_type' => 'pwdHistory',
|
||||
'html_type' => 'jsonCompositeAttribute',
|
||||
'html_options' => array (
|
||||
'components' => array (
|
||||
'time' => array (
|
||||
'label' => 'Date added to history',
|
||||
'type' => 'text',
|
||||
'required' => true,
|
||||
'multiple' => false,
|
||||
),
|
||||
'syntaxOID' => array (
|
||||
'label' => 'Syntax OID',
|
||||
'type' => 'text',
|
||||
'required' => true,
|
||||
'multiple' => false,
|
||||
),
|
||||
'length' => array (
|
||||
'label' => 'Length',
|
||||
'type' => 'text',
|
||||
'required' => true,
|
||||
'multiple' => false,
|
||||
),
|
||||
'hashed_password' => array (
|
||||
'label' => 'Hashed password',
|
||||
'type' => 'text',
|
||||
'required' => true,
|
||||
'multiple' => false,
|
||||
),
|
||||
),
|
||||
),
|
||||
'no_value_label' => 'History is empty.',
|
||||
'multiple' => 1,
|
||||
'rights' => array(
|
||||
'admin' => 'r',
|
||||
),
|
||||
'view' => 1,
|
||||
),]]>
|
||||
</programlisting>
|
||||
<para>La date et heure de l'ajout du mot de passe dans l'historique est convertie dans un format lisible.
|
||||
Par défaut, ce format est <literal>AAAA/MM/JJ HH:MM:SS</literal>, mais il peut aussi est personnalisé via
|
||||
le paramètre <literal>date_format</literal>. Ce format est composé à partir des motifs clés gérés par la
|
||||
fonction <function>date()</function> de &php;. Pour plus d'information, consulter
|
||||
<ulink url='http://www.php.net/date'>la documentation officielle</ulink>.</para>
|
||||
<note><simpara>La valeur par défaut est <emphasis>YmdHisO</emphasis>, correspondant à la syntaxe
|
||||
<literal>Generalized Time</literal> telle que définie dans la <ulink url='https://tools.ietf.org/html/rfc4517'>RFC4517
|
||||
</ulink> et prévu par le <ulink url='http://tools.ietf.org/id/draft-behera-ldap-password-policy-10.txt'>
|
||||
Draft-behera-ldap-password-policy</ulink> spécifiant cet attribut standard.</simpara></note>
|
||||
</sect4>
|
115
src/includes/class/class.LSattr_ldap_pwdHistory.php
Normal file
115
src/includes/class/class.LSattr_ldap_pwdHistory.php
Normal file
|
@ -0,0 +1,115 @@
|
|||
<?php
|
||||
/*******************************************************************************
|
||||
* Copyright (C) 2007 Easter-eggs
|
||||
* http://ldapsaisie.labs.libre-entreprise.org
|
||||
*
|
||||
* Author: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* Ldap attribute type for stanard pwdHistory attribute (see draft-behera-ldap-password-policy-10)
|
||||
*
|
||||
* Convert pwdHistory attribute value :
|
||||
* From :
|
||||
*
|
||||
* 20201202144718Z#1.3.6.1.4.1.1466.115.121.1.40#105#{SSHA512}XDSiR6Sh6W7gyVIk6Rr2OUv8rNPr+0rHF99d9lcirE/TnnEdkjkncIi5iPubErL5lpfgh8gXLgSfmqvmFcMqXLToC25xIqyk
|
||||
* To:
|
||||
*
|
||||
* {"time":1606920438,"syntaxOID":"1.3.6.1.4.1.1466.115.121.1.40","length":105,"hashed_password":"{SSHA512}XDSiR6Sh6W7gyVIk6Rr2OUv8rNPr+0rHF99d9lcirE/TnnEdkjkncIi5iPubErL5lpfgh8gXLgSfmqvmFcMqXLToC25xIqyk"}
|
||||
*/
|
||||
class LSattr_ldap_pwdHistory extends LSattr_ldap {
|
||||
|
||||
/**
|
||||
* Return the values as JSON encoded string
|
||||
*
|
||||
* @param[in] $data mixed LDAP attribute value
|
||||
*
|
||||
* @retval mixed Array of JSON encoded string
|
||||
*/
|
||||
public function getDisplayValue($data) {
|
||||
$ret = array();
|
||||
foreach(ensureIsArray($data) as $key => $val)
|
||||
$ret[$key] = json_encode($this -> parseValue($val));
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the values for saving
|
||||
*
|
||||
* @param[in] $data mixed Array of timestamp
|
||||
*
|
||||
* @retval mixed LDAP attribute values
|
||||
*/
|
||||
public function getUpdateData($data) {
|
||||
$ret = array();
|
||||
foreach(ensureIsArray($data) as $key => $val)
|
||||
$ret[$key] = $this -> encodeValue(json_decode($val, true));
|
||||
return $ret;
|
||||
}
|
||||
|
||||
public function parseValue($value) {
|
||||
$parts = explode('#', $value);
|
||||
if (!is_array($parts) || count($parts) != 4) {
|
||||
self :: log_warning($this."->parseValue($value): Invalid value (parts count != 4).");
|
||||
return;
|
||||
}
|
||||
$datetime = date_create_from_format('YmdHisO', $parts[0]);
|
||||
if ($datetime instanceof DateTime) {
|
||||
$time = $datetime -> format($this -> getFormat());
|
||||
}
|
||||
else {
|
||||
self :: log_warning($this."->parseValue($value): Fail to parse time '".$parts[0]."'.");
|
||||
$time = getFData(_('Unknown (%{raw_value})'), $parts[0]);
|
||||
}
|
||||
return array(
|
||||
"time" => $time,
|
||||
"syntaxOID" => $parts[1],
|
||||
"length" => intval($parts[2]),
|
||||
"hashed_password" => $parts[3],
|
||||
);
|
||||
}
|
||||
|
||||
public function encodeValue($value) {
|
||||
if (!is_array($value)) {
|
||||
self :: log_warning($this."->encodeValue($value): Provided value is not an array.");
|
||||
return;
|
||||
}
|
||||
$datetime = date_create_from_format('YmdHisO', $value['time']);
|
||||
$datetime -> setTimezone('UTC');
|
||||
$datetime_string = $datetime -> format('YmdHisO');
|
||||
$datetime_string = preg_replace('/[\+\-]0000$/', 'Z', $datetime_string);
|
||||
return implode(
|
||||
"#",
|
||||
array (
|
||||
$datetime_string,
|
||||
$value['syntaxOID'],
|
||||
$value['length'],
|
||||
$value['hashed_password'],
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return date format
|
||||
*
|
||||
* @retval string The date format (as accept by Datetime :: format() and date_create_from_format())
|
||||
**/
|
||||
public function getFormat() {
|
||||
return $this -> getConfig('ldap_options.date_format', 'Y/m/d H:i:s');
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue