From a160f3a2fa1eee211cdd0baef9ca017139b01eb2 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 30 Jul 2015 11:44:20 +0000 Subject: [PATCH] (legacy/ldap) allow local users to be created with random password, solves errors in log when linking groups and leaves the possibility open to allow shell login using ldap in a later stage (currently not supported) --- src/etc/inc/auth.inc | 12 ++++-------- src/www/system_usermanager_import_ldap.php | 12 ++++++++++++ 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index fca698184..f67975648 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -395,14 +395,10 @@ function local_sync_accounts() function local_user_set(&$user) { if (empty($user['password'])) { - if (empty($user['user_dn'])) { - // log error for local users, (ldap) server authenticated users should not be created locally - // and therefore maybe empty - log_error(sprintf( - gettext('There is something wrong in your config because user %s password is missing!'), - $user['name'] - )); - } + log_error(sprintf( + gettext('There is something wrong in your config because user %s password is missing!'), + $user['name'] + )); return; } diff --git a/src/www/system_usermanager_import_ldap.php b/src/www/system_usermanager_import_ldap.php index e8af1eb1c..ef1b39b08 100644 --- a/src/www/system_usermanager_import_ldap.php +++ b/src/www/system_usermanager_import_ldap.php @@ -31,10 +31,20 @@ require_once("auth.inc"); function add_local_user($username, $userdn, $userfullname) { global $config; + + // generate new random user_password + $bytes = openssl_random_pseudo_bytes(50); + $user_password = pack('H*',bin2hex($bytes)); + foreach ($config['system']['user'] as &$user) { if ($user['name'] == $username && $user['name'] != 'root') { // link local user to remote server by updating user_dn $user['user_dn'] = $userdn; + // trash user password when linking to ldap, avoid accidental login + // using fall-back local password. User could still reset it's + // local password, but only by choice. + local_user_set_password($user, $user_password); + local_user_set($user); return; } } @@ -44,8 +54,10 @@ function add_local_user($username, $userdn, $userfullname) { $new_user['name'] = $username; $new_user['user_dn'] = $userdn; $new_user['descr'] = $userfullname; + local_user_set_password($new_user, $user_password); $new_user['uid'] = $config['system']['nextuid']++; $config['system']['user'][] = $new_user; + local_user_set($new_user); } global $config;