2.1.27

Fix for #2563, #2560, #2536, #2505, #2503, #2439

Dockerfile

@@ -26,7 +26,7 @@ echo
 # Search last } and insert configuration rows before
 RUN sed -i "/^}/i \
   location /api/ {\
-          try_files $uri $uri/ /api/index.php?$args;\
+          try_files \$uri \$uri/ /api/index.php?\$args;\
   }" /etc/nginx/sites-enabled/default.conf
 
 COPY teampass-docker-start.sh /teampass-docker-start.sh

api/functions.php

@@ -880,7 +880,7 @@ function restGet()
                     // get sent parameters
                     $params = explode(';', $GLOBALS['request'][2]);
                     if (count($params) != 9) {
-                        rest_error('ITEMBADDEFINITION');
+                        restError('ITEMBADDEFINITION');
                     }
 
                     $item_label = urlSafeB64Decode($params[0]);

changelog.txt

@@ -1,4 +1,12 @@
 2.1.27
+35/
+ #2563 Unable to add item via API
+ #2560 Fix an issue for one time password changes if current user is not root
+ #2536 low 40bit RC4 - pdf export?
+ #2505 Update readme.md
+ #2503 Update Dockerfile to use $uri and $args variables
+ #2439 Allow RFC2307bis group membership checks.
+
 34/
  #2549 Missing library
  #2534 Syntax error in share permissions

includes/config/include.php

@@ -12,7 +12,7 @@
 global $SETTINGS, $languagesList, $SETTINGS_EXT;
 
 $SETTINGS_EXT['version'] = "2.1.27";
-$SETTINGS_EXT['version_full'] = $SETTINGS_EXT['version'].".34";
+$SETTINGS_EXT['version_full'] = $SETTINGS_EXT['version'].".35";
 $SETTINGS_EXT['tool_name'] = "TeamPass";
 $SETTINGS_EXT['one_day_seconds'] = 86400;
 $SETTINGS_EXT['one_week_seconds'] = 604800;

readme.md

@@ -43,7 +43,12 @@ Teampass is a Collaborative Passwords Manager
 * Once uploaded, launch Teampass in a browser and follow instructions.
 
 ### With Docker
-The Docker image provided will create a Teampass installation in its `/var/www/html/` directory, which you should mount as a volume to keep persistent. **SSL is not provided** if you use this image without a proxy in front of it. See the included [Docker Compose file](docker-compose.yml) for an example setup.
+The Docker image provided will create a Teampass installation in its `/var/www/html/` directory, which you should mount as a volume to keep persistent. You should also mount `/var/php/session`, otherwise the installation will freeze during *Server checks* phase. **SSL is not provided** if you use this image without a proxy in front of it. See the included [Docker Compose file](docker-compose.yml) for an example setup.
+
+Sample docker run command: 
+```
+docker run --name teampass -d --restart always -v /var/teampass-data/www:/var/www/html -v /var/teampass-data/php_session:/var/php/session -p 9501:80 teampass/teampass
+```
 
 **Note:** Use `/var/www/html/sk` as your "Absolute path to saltkey" during installation.
 

sources/export.queries.php

@@ -222,7 +222,7 @@
                 include $SETTINGS['cpassman_dir'].'/includes/libraries/Pdf/Tfpdf/tcpdf.php';
 
                 $pdf = new TCPDF("L", "mm", "A4", true, 'UTF-8', false);
-                $pdf->SetProtection(array('print'), $post_pdf_password);
+                $pdf->SetProtection(array('print'), $post_pdf_password, $post_pdf_password, 3);
 
                 $pdf->SetCreator($_SESSION['name'].' '.$_SESSION['lastname']);
                 $pdf->SetAuthor('Teampass');

sources/identify.php

@@ -658,8 +658,8 @@ function identifyUser(
                         // Should we restrain the search in specified user groups
                         $GroupRestrictionEnabled = false;
                         if (isset($SETTINGS['ldap_usergroup']) === true && empty($SETTINGS['ldap_usergroup']) === false) {
-                            // New way to check User's group membership
-                            $filter_group = "memberUid=".$username;
+                            // New way to check User's group membership & also allow RFC2307bis group membership
+                            $filter_group = "(|(memberUid=".$username.")(member=".$user_dn."))";
                             $result_group = ldap_search(
                                 $ldapconn,
                                 $SETTINGS['ldap_search_base'],

sources/utils.queries.php

@@ -446,7 +446,11 @@
                 } else {
                     // send ssh script for user change
                     $ret .= "<br />".$LANG['ssh_answer_from_server'].':&nbsp;<div style="margin-left:20px;font-style: italic;">';
-                    $ret_server = $ssh->exec('echo -e "'.$dataReceived['new_pwd'].'\n'.$dataReceived['new_pwd'].'" | passwd '.$dataItem['login']);
+                    if ("root" === $dataReceived['ssh_root']) {
+                        $ret_server = $ssh->exec('echo -e "'.$dataReceived['new_pwd'].'\n'.$dataReceived['new_pwd'].'" | passwd '.$dataItem['login']);
+                    } else {
+                        $ret_server = $ssh->exec('echo -e "'.$dataReceived['ssh_pwd'].'\n'.$dataReceived['new_pwd'].'\n'.$dataReceived['new_pwd'].'" | passwd '.$dataItem['login']);
+                    }
                     if (strpos($ret_server, "updated successfully") !== false) {
                         $err = false;
                     } else {