2003-12-27 11:21:00 +00:00
< ? php
/*
$Id $
2004-09-15 19:52:29 +00:00
This code is part of LDAP Account Manager ( http :// www . sourceforge . net / projects / lam )
Copyright ( C ) 2003 Tilo Lutz
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
2003-12-27 11:21:00 +00:00
*/
2004-09-15 19:52:29 +00:00
2005-07-21 10:33:02 +00:00
/**
* Manages Unix accounts for groups .
*
* @ package modules
*
* @ author Tilo Lutz
* @ author Roland Gruber
* @ author Michael Duergner
*/
/**
* Manages the object class " posixGroup " for groups.
*
* @ package modules
*/
2004-06-08 18:54:37 +00:00
class posixGroup extends baseModule {
2004-09-21 11:14:22 +00:00
// Variables
// Use a unix password?
2004-10-12 13:34:00 +00:00
var $userPassword_nopassword ;
// Use invalid password, '*', e.g. * for services
var $userPassword_invalid ;
// Lock password
2004-09-21 11:14:22 +00:00
var $userPassword_lock ;
// change gids of users and hosts?
var $changegids ;
/**
* In this function the LDAP account is built up .
*
* @ param array $rawAccounts list of hash arrays ( name => value ) from user input
* @ param array $partialAccounts list of hash arrays ( name => value ) which are later added to LDAP
* @ param array $ids list of IDs for column position ( e . g . " posixAccount_uid " => 5 )
* @ return array list of error messages if any
*/
function build_uploadAccounts ( $rawAccounts , $ids , & $partialAccounts ) {
2005-03-25 12:38:36 +00:00
$error_messages = array ();
$needAutoGID = array ();
2004-09-21 11:14:22 +00:00
for ( $i = 0 ; $i < sizeof ( $rawAccounts ); $i ++ ) {
2004-09-21 18:32:44 +00:00
if ( ! in_array ( " posixGroup " , $partialAccounts [ $i ][ 'objectClass' ])) $partialAccounts [ $i ][ 'objectClass' ][] = " posixGroup " ;
2004-09-26 17:39:27 +00:00
// group name
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'posixGroup_cn' ]], 'groupname' )) {
2004-09-21 11:14:22 +00:00
$partialAccounts [ $i ][ 'cn' ] = $rawAccounts [ $i ][ $ids [ 'posixGroup_cn' ]];
}
2004-09-26 17:39:27 +00:00
else {
2004-10-09 11:09:53 +00:00
$errMsg = $this -> messages [ 'cn' ][ 3 ];
array_push ( $errMsg , array ( $i ));
2005-03-25 12:38:36 +00:00
$error_messages [] = $errMsg ;
2004-09-26 17:39:27 +00:00
}
// GID
2004-09-21 11:14:22 +00:00
if ( $rawAccounts [ $i ][ $ids [ 'posixGroup_gid' ]] == " " ) {
2005-03-25 12:38:36 +00:00
// autoGID
$needAutoGID [] = $i ;
2004-09-21 11:14:22 +00:00
}
2004-09-26 17:39:27 +00:00
elseif ( get_preg ( $rawAccounts [ $i ][ $ids [ 'posixGroup_gid' ]], 'digit' )) {
2004-09-21 11:14:22 +00:00
$partialAccounts [ $i ][ 'gidNumber' ] = $rawAccounts [ $i ][ $ids [ 'posixGroup_gid' ]];
}
2004-10-09 11:09:53 +00:00
else {
$errMsg = $this -> messages [ 'gidNumber' ][ 8 ];
array_push ( $errMsg , array ( $i ));
2005-03-25 12:38:36 +00:00
$error_messages [] = $errMsg ;
2004-10-09 11:09:53 +00:00
}
2004-09-26 17:39:27 +00:00
// description (UTF-8, no regex check needed)
2004-09-21 11:14:22 +00:00
if ( $rawAccounts [ $i ][ $ids [ 'posixGroup_description' ]] == " " ) {
$partialAccounts [ $i ][ 'description' ] = $partialAccounts [ $i ][ 'cn' ];
}
2004-09-26 17:39:27 +00:00
else {
2004-09-21 11:14:22 +00:00
$partialAccounts [ $i ][ 'description' ] = $rawAccounts [ $i ][ $ids [ 'posixGroup_description' ]];
}
2004-09-26 17:39:27 +00:00
// group members
2004-09-21 11:14:22 +00:00
if ( $rawAccounts [ $i ][ $ids [ 'posixGroup_members' ]] != " " ) {
2004-09-26 17:39:27 +00:00
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'posixGroup_members' ]], 'usernameList' )) {
2004-09-21 11:14:22 +00:00
$partialAccounts [ $i ][ 'memberUid' ] = explode ( " , " , $rawAccounts [ $i ][ $ids [ 'posixGroup_members' ]]);
}
else {
2004-10-03 18:06:57 +00:00
$errMsg = $this -> messages [ 'memberUID' ][ 0 ];
array_push ( $errMsg , $i );
2005-03-25 12:38:36 +00:00
$error_messages [] = $errMsg ;
2004-09-21 11:14:22 +00:00
}
}
2004-09-26 17:39:27 +00:00
// password
2004-09-21 11:14:22 +00:00
if ( $rawAccounts [ $i ][ $ids [ 'posixGroup_password' ]] != " " ) {
2004-09-26 17:39:27 +00:00
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'posixGroup_password' ]], 'password' )) {
2005-08-05 09:42:49 +00:00
$partialAccounts [ $i ][ 'userPassword' ] = pwd_hash ( $rawAccounts [ $i ][ $ids [ 'posixGroup_password' ]], true , $this -> moduleSettings [ 'posixGroup_pwdHash' ][ 0 ]);
2004-09-21 11:14:22 +00:00
}
else {
2005-03-25 12:38:36 +00:00
$error_messages [] = $this -> messages [ 'userPassword' ][ 1 ];
2004-09-21 11:14:22 +00:00
}
}
}
2005-03-25 12:38:36 +00:00
// fill in autoGIDs
if ( sizeof ( $needAutoGID ) > 0 ) {
2005-03-25 12:54:04 +00:00
$errorsTemp = array ();
$gids = $this -> getNextGIDs ( sizeof ( $needAutoGID ), $errorsTemp );
2005-03-25 12:38:36 +00:00
if ( is_array ( $gids )) {
for ( $i = 0 ; $i < sizeof ( $needAutoGID ); $i ++ ) {
$partialAccounts [ $i ][ 'gidNumber' ] = $gids [ $i ];
}
}
else {
$error_messages [] = $this -> messages [ 'gidNumber' ][ 2 ];
}
}
return $error_messages ;
2004-09-21 11:14:22 +00:00
}
function delete_attributes ( $post ) {
2005-07-30 09:01:56 +00:00
$data = $_SESSION [ 'cache' ] -> get_cache ( 'gidNumber' , 'posixAccount' , 'user' );
$DNs = array_keys ( $data );
$found = false ;
for ( $i = 0 ; $i < sizeof ( $DNs ); $i ++ ) {
if ( $data [ $DNs [ $i ]][ 0 ] == $this -> attributes [ 'gidNumber' ][ 0 ]) {
$found = true ;
break ;
}
}
if ( $found ) {
$return [ $_SESSION [ $this -> base ] -> dn ][ 'errors' ][] = $this -> messages [ 'primaryGroup' ][ 0 ];
}
2004-09-21 11:14:22 +00:00
return $return ;
}
/* This function will create the html - page
* to show a page with all attributes .
* It will output a complete html - table
*/
2005-02-16 21:00:19 +00:00
function display_html_attributes ( & $post ) {
2005-08-05 09:42:49 +00:00
// check password format if called the first time
if ( ! isset ( $this -> userPassword_invalid )) {
if ( $this -> attributes [ 'userPassword' ][ 0 ]) {
if ( $this -> attributes [ 'userPassword' ][ 0 ] == '*' ) $this -> userPassword_invalid = true ;
else $this -> userPassword_invalid = false ;
if ( pwd_is_enabled ( $this -> attributes [ 'userPassword' ][ 0 ])) $this -> userPassword_lock = false ;
else $this -> userPassword_lock = true ;
}
else $this -> userPassword_nopassword = true ;
}
2005-05-03 14:46:06 +00:00
$return [] = array (
2005-06-18 16:12:01 +00:00
0 => array ( 'kind' => 'text' , 'text' => _ ( " Group name " ) . '*' ),
2005-05-03 14:46:06 +00:00
1 => array ( 'kind' => 'input' , 'name' => 'cn' , 'type' => 'text' , 'size' => '20' , 'maxlength' => '20' , 'value' => $this -> attributes [ 'cn' ][ 0 ]),
2 => array ( 'kind' => 'help' , 'value' => 'cn' ));
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'GID number' ) . '*' ),
1 => array ( 'kind' => 'input' , 'name' => 'gidNumber' , 'type' => 'text' , 'size' => '6' , 'maxlength' => '6' , 'value' => $this -> attributes [ 'gidNumber' ][ 0 ]),
2 => array ( 'kind' => 'help' , 'value' => 'gidNumber' ));
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Description' )),
1 => array ( 'kind' => 'input' , 'name' => 'description' , 'type' => 'text' , 'size' => '30' , 'maxlength' => '255' , 'value' => $this -> attributes [ 'description' ][ 0 ]),
2 => array ( 'kind' => 'help' , 'value' => 'description' ));
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( " Group members " ) . '*' ),
1 => array ( 'kind' => 'input' , 'name' => 'adduser' , 'type' => 'submit' , 'value' => _ ( 'Edit members' )),
2 => array ( 'kind' => 'help' , 'value' => 'adduser' ));
if ( $_SESSION [ $this -> base ] -> isNewAccount ) {
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Password' )),
2005-08-05 09:42:49 +00:00
1 => array ( 'kind' => 'input' , 'name' => 'userPassword' , 'type' => 'password' , 'size' => '20' , 'maxlength' => '255' , 'value' => $this -> attributes [ 'userPassword' ][ 0 ]),
2005-05-03 14:46:06 +00:00
2 => array ( 'kind' => 'input' , 'name' => 'genpass' , 'type' => 'submit' , 'value' => _ ( 'Generate password' )));
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Repeat password' )),
2005-08-05 09:42:49 +00:00
1 => array ( 'kind' => 'input' , 'name' => 'userPassword2' , 'type' => 'password' , 'size' => '20' , 'maxlength' => '255' , 'value' => $this -> attributes [ 'userPassword' ][ 0 ]),
2005-05-03 14:46:06 +00:00
2 => array ( 'kind' => 'help' , 'value' => 'userPassword' ));
}
else {
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Password' ) ),
1 => array ( 'kind' => 'input' , 'name' => 'changepass' , 'type' => 'submit' , 'value' => _ ( 'Change password' )));
}
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Set no password' )),
1 => array ( 'kind' => 'input' , 'name' => 'userPassword_nopassword' , 'type' => 'checkbox' , 'checked' => $this -> userPassword_nopassword ),
2 => array ( 'kind' => 'help' , 'value' => 'userPassword_nopassword' ));
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Invalid password' )),
1 => array ( 'kind' => 'input' , 'name' => 'userPassword_invalid' , 'type' => 'checkbox' , 'checked' => $this -> userPassword_invalid ),
2 => array ( 'kind' => 'help' , 'value' => 'userPassword_invalid' ));
if ( $_SESSION [ $this -> base ] -> isNewAccount || isset ( $this -> attributes [ 'userPassword' ][ 0 ])) {
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Lock password' )),
1 => array ( 'kind' => 'input' , 'name' => 'userPassword_lock' , 'type' => 'checkbox' , 'checked' => $this -> userPassword_lock ),
2 => array ( 'kind' => 'help' , 'value' => 'userPassword_lock' ));
}
2004-10-16 19:51:36 +00:00
if ( $this -> attributes [ 'gidNumber' ][ 0 ] != $this -> orig [ 'gidNumber' ][ 0 ] && $this -> orig [ 'gidNumber' ][ 0 ] != '' )
2005-05-03 14:46:06 +00:00
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Change GID number of users and hosts' )),
1 => array ( 'kind' => 'input' , 'name' => 'changegids' , 'type' => 'checkbox' , 'checked' => $this -> changegids , 'value' => true ),
2 => array ( 'kind' => 'help' , 'value' => 'changegids' ));
2004-09-21 11:14:22 +00:00
return $return ;
}
2005-04-22 13:33:34 +00:00
/**
* Displays selections to add or remove users from current group .
*
* @ param array $post HTTP - POST
* @ return array meta HTML output
*/
2005-02-16 21:00:19 +00:00
function display_html_user ( & $post ) {
2005-04-22 13:33:34 +00:00
// load list with all users
2005-05-05 13:07:34 +00:00
$dn_users = $_SESSION [ 'cache' ] -> get_cache ( array ( 'uid' , 'gidNumber' ), 'posixAccount' , 'user' );
$users = array ();
2004-09-21 11:14:22 +00:00
if ( is_array ( $dn_users )) {
2005-05-05 13:07:34 +00:00
$DNs = array_keys ( $dn_users );
for ( $i = 0 ; $i < sizeof ( $DNs ); $i ++ ) {
// users who can be added have a uid and gidNumber
if ( isset ( $dn_users [ $DNs [ $i ]][ 'uid' ][ 0 ]) && isset ( $dn_users [ $DNs [ $i ]][ 'gidNumber' ][ 0 ]) &&
// are not already member
! in_array ( $dn_users [ $DNs [ $i ]][ 'uid' ][ 0 ], $this -> attributes [ 'memberUid' ]) &&
// and do not have this group as their primary group
! ( $this -> attributes [ 'gidNumber' ][ 0 ] == $dn_users [ $DNs [ $i ]][ 'gidNumber' ][ 0 ])) {
$users [] = $dn_users [ $DNs [ $i ]][ 'uid' ][ 0 ];
2004-09-21 11:14:22 +00:00
}
}
// sort users
sort ( $users );
}
2005-04-22 13:33:34 +00:00
$return [] = array (
0 => array ( 'kind' => 'fieldset' , 'legend' => _ ( " Group members " ), 'value' => array (
0 => array (
0 => array ( 'kind' => 'fieldset' , 'td' => array ( 'valign' => 'top' ), 'legend' => _ ( " Selected users " ), 'value' => array (
0 => array (
0 => array ( 'kind' => 'select' , 'name' => 'removeusers' , 'size' => '15' , 'multiple' => true , 'options' => $this -> attributes [ 'memberUid' ])))),
1 => array ( 'kind' => 'table' , 'value' => array (
0 => array (
2005-04-23 14:25:40 +00:00
0 => array ( 'kind' => 'input' , 'type' => 'submit' , 'name' => 'addusers_button' , 'value' => '<=' , 'td' => array ( 'align' => 'center' ))),
2005-04-22 13:33:34 +00:00
1 => array (
2005-04-23 14:25:40 +00:00
0 => array ( 'kind' => 'input' , 'type' => 'submit' , 'name' => 'removeusers_button' , 'value' => '=>' , 'td' => array ( 'align' => 'center' ))),
2005-04-22 13:33:34 +00:00
2 => array (
2005-04-23 14:25:40 +00:00
0 => array ( 'kind' => 'help' , 'value' => 'adduser' , 'td' => array ( 'align' => 'center' ))))),
2005-04-22 13:33:34 +00:00
2 => array ( 'kind' => 'fieldset' , 'td' => array ( 'valign' => 'top' ), 'legend' => _ ( " Available users " ), 'value' => array (
0 => array (
0 => array ( 'kind' => 'select' , 'name' => 'addusers' , 'size' => '15' , 'multiple' => true , 'options' => $users ))))
2004-09-21 11:14:22 +00:00
))));
2005-04-22 13:33:34 +00:00
$return [] = array (
0 => array ( 'kind' => 'input' , 'name' => 'toattributes' , 'type' => 'submit' , 'value' => _ ( 'Back' ) ),
1 => array ( 'kind' => 'text' ),
2 => array ( 'kind' => 'text' ));
2004-09-21 11:14:22 +00:00
return $return ;
}
2005-05-03 14:46:06 +00:00
/**
* Displays the password changing dialog .
*
* @ param array $post HTTP - POST
* @ return array meta HTML code
*/
function display_html_password ( & $post ) {
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Password' ) ),
1 => array ( 'kind' => 'input' , 'name' => 'userPassword' , 'type' => 'password' , 'size' => '20' , 'maxlength' => '255' , 'value' => " " ),
2 => array ( 'kind' => 'help' , 'value' => 'password' ));
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Repeat password' )),
1 => array ( 'kind' => 'input' , 'name' => 'userPassword2' , 'type' => 'password' , 'size' => '20' , 'maxlength' => '255' , 'value' => " " ));
$return [] = array (
0 => array ( 'kind' => 'table' , 'value' => array (
0 => array (
0 => array ( 'kind' => 'input' , 'type' => 'submit' , 'value' => _ ( 'Submit' ), 'name' => 'submit' ),
1 => array ( 'kind' => 'input' , 'type' => 'submit' , 'value' => _ ( 'Back' ), 'name' => 'back' ),
2 => array ( 'kind' => 'text' )))));
return $return ;
}
2004-06-08 18:54:37 +00:00
/**
* Returns meta data that is interpreted by parent class
*
* @ return array array with meta data
*/
function get_metaData () {
$return = array ();
2004-06-13 19:58:58 +00:00
// manages group accounts
$return [ " account_types " ] = array ( " group " );
2004-06-08 18:54:37 +00:00
if ( $this -> get_scope () == " group " ) {
2004-06-11 15:44:49 +00:00
// this is a base module
2004-06-08 18:54:37 +00:00
$return [ " is_base " ] = true ;
2004-06-11 15:44:49 +00:00
// LDAP filter
$return [ " ldap_filter " ] = array ( 'or' => " (objectClass=posixGroup) " );
2004-06-08 18:54:37 +00:00
}
2004-06-14 16:05:36 +00:00
// alias name
$return [ " alias " ] = _ ( 'Unix' );
2004-10-06 18:17:22 +00:00
// RDN attribute
$return [ " RDN " ] = array ( " cn " => " normal " );
2004-06-20 17:32:02 +00:00
// module dependencies
2005-01-10 10:41:38 +00:00
$return [ 'dependencies' ] = array ( 'depends' => array (), 'conflicts' => array ());
2004-07-26 15:15:30 +00:00
// configuration options
$return [ 'config_options' ][ 'group' ] = array (
2004-11-14 13:50:57 +00:00
array (
0 => array ( 'kind' => 'text' , 'text' => '<b>' . _ ( 'Minimum GID number' ) . " *: </b> " ),
1 => array ( 'kind' => 'input' , 'name' => 'posixGroup_minGID' , 'type' => 'text' , 'size' => '10' , 'maxlength' => '255' ),
2 => array ( 'kind' => 'text' , 'value' => ' ' ),
3 => array ( 'kind' => 'text' , 'text' => '<b>' . _ ( 'Maximum GID number' ) . " *: </b> " ),
4 => array ( 'kind' => 'input' , 'name' => 'posixGroup_maxGID' , 'type' => 'text' , 'size' => '10' , 'maxlength' => '255' ),
5 => array ( 'kind' => 'help' , 'value' => 'minMaxGID' )),
array (
0 => array ( 'kind' => 'text' , 'text' => '<b>' . _ ( " Password hash type " ) . ': </b>' ),
1 => array ( 'kind' => 'select' , 'name' => 'posixGroup_pwdHash' , 'size' => '1' ,
'options' => array ( " CRYPT " , " SHA " , " SSHA " , " MD5 " , " SMD5 " , " PLAIN " ), 'options_selected' => array ( 'SSHA' )),
2 => array ( 'kind' => 'text' , 'value' => ' ' ),
3 => array ( 'kind' => 'text' , 'value' => ' ' ),
4 => array ( 'kind' => 'text' , 'value' => ' ' ),
5 => array ( 'kind' => 'help' , 'value' => 'pwdHash' ))
2004-08-03 18:49:19 +00:00
);
2004-07-26 15:15:30 +00:00
// configuration descriptions
$return [ 'config_descriptions' ] = array (
2004-11-14 13:50:57 +00:00
'legend' => _ ( " GID ranges for Unix groups " ),
'descriptions' => array (
'posixGroup_minGID' => _ ( " Minimum GID number for Unix groups " ),
'posixGroup_maxGID' => _ ( " Maximum GID number for Unix groups " ),
'posixGroup_pwdHash' => _ ( " Password hash type for Unix groups " ),
)
2004-07-26 15:15:30 +00:00
);
// configuration checks
2004-09-26 14:51:18 +00:00
$return [ 'config_checks' ][ 'group' ][ 'posixGroup_minGID' ] = array (
'type' => 'ext_preg' ,
'regex' => 'digit' ,
'required' => true ,
2004-09-26 14:56:34 +00:00
'required_message' => $this -> messages [ 'gidNumber' ][ 5 ],
'error_message' => $this -> messages [ 'gidNumber' ][ 5 ]);
2004-09-26 14:51:18 +00:00
$return [ 'config_checks' ][ 'group' ][ 'posixGroup_maxGID' ] = array (
'type' => 'ext_preg' ,
'regex' => 'digit' ,
'required' => true ,
2004-09-26 14:56:34 +00:00
'required_message' => $this -> messages [ 'gidNumber' ][ 6 ],
'error_message' => $this -> messages [ 'gidNumber' ][ 6 ]);
2004-09-26 14:51:18 +00:00
$return [ 'config_checks' ][ 'group' ][ 'cmpGID' ] = array (
'type' => 'int_greater' ,
'cmp_name1' => 'posixGroup_maxGID' ,
'cmp_name2' => 'posixGroup_minGID' ,
2004-09-26 14:56:34 +00:00
'error_message' => $this -> messages [ 'gidNumber' ][ 7 ]);
2004-08-17 15:16:17 +00:00
// available PDF fields
2004-10-30 16:46:06 +00:00
$return [ 'PDF_fields' ] = array (
'cn' ,
'gidNumber' ,
'memberUid' ,
'description'
);
2004-08-28 11:53:40 +00:00
// upload fields
$return [ 'upload_columns' ] = array (
2004-09-15 19:52:29 +00:00
array (
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_cn' ,
'description' => _ ( 'Group name' ),
'help' => 'cn' ,
'example' => _ ( 'adminstrators' ),
'required' => true ,
'unique' => true
2004-09-15 19:52:29 +00:00
),
array (
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_gid' ,
'description' => _ ( 'GID number' ),
'help' => 'gidNumber' ,
'example' => '2034'
2004-09-15 19:52:29 +00:00
),
array (
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_description' ,
'description' => _ ( 'Group description' ),
'help' => 'description' ,
'example' => _ ( 'Administrators group' )
2004-09-15 19:52:29 +00:00
),
array (
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_members' ,
'description' => _ ( 'Group members' ),
'help' => 'upload_members' ,
'example' => _ ( 'user01,user02,user03' )
2004-09-15 19:52:29 +00:00
),
array (
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_password' ,
'description' => _ ( 'Group password' ),
'help' => 'password' ,
'example' => _ ( 'secret' )
2004-09-15 19:52:29 +00:00
)
2004-08-28 11:53:40 +00:00
);
2004-09-08 17:39:06 +00:00
// help Entries
2004-09-26 10:58:36 +00:00
$return [ 'help' ] = array (
2004-10-30 16:46:06 +00:00
'cn' => array (
2005-06-18 16:12:01 +00:00
" Headline " => _ ( " Group name " ),
" Text " => _ ( " Group name of the group which should be created. Valid characters are: a-z,0-9, .-_. LAM does not allow a number as first character because groupadd also does not allow it. LAM does not allow capital letters A-Z because it can cause several problems. If group name is already used group name will be expanded with a number. The next free number will be used. " )
2004-10-30 16:46:06 +00:00
),
'gidNumber' => array (
" Headline " => _ ( " GID number " ),
" Text " => _ ( " If empty GID number will be generated automaticly depending on your configuration settings. " )
),
'description' => array (
" Headline " => _ ( " Description " ),
" Text " => _ ( " Group description. If left empty group name will be used. " )
),
'members' => array (
" Headline " => _ ( " Group members " ),
2004-11-07 13:25:48 +00:00
" Text " => _ ( " Users who are member of the current group. " ) . ' ' . _ ( " Can be left empty. " )
2004-10-30 16:46:06 +00:00
),
'upload_members' => array (
" Headline " => _ ( " Group members " ),
2004-11-07 13:25:48 +00:00
" Text " => _ ( " Users who will become member of the current group. User names are separated by semicolons. " )
2004-10-30 16:46:06 +00:00
),
'password' => array (
" Headline " => _ ( " Group password " ),
" Text " => _ ( " Sets the group password. " )
),
'userPassword_no' => array (
" Headline " => _ ( " Use no password " ),
" Text " => _ ( " If checked no password will be used. " )
),
/*'userPassword_lock' => */
'minMaxGID' => array (
" Headline " => _ ( " GID number " ),
" Text " => _ ( " These are the minimum and maximum numbers to use for group IDs when creating new group accounts. New group accounts will always get the highest number in use plus one. " )
),
'pwdHash' => array (
" Headline " => _ ( " Password hash type " ),
" Text " => _ ( " LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords. " )
)
2004-09-26 10:58:36 +00:00
);
2004-09-15 19:52:29 +00:00
2004-06-08 18:54:37 +00:00
return $return ;
}
2004-09-21 11:14:22 +00:00
/*
* ( non - PHPDoc )
* @ see baseModule #get_pdfEntries
*/
function get_pdfEntries ( $account_type = " group " ) {
2005-07-15 13:34:29 +00:00
return array (
'posixGroup_cn' => array ( '<block><key>' . _ ( 'Group name' ) . '</key><value>' . $this -> attributes [ 'cn' ][ 0 ] . '</value></block>' ),
2004-09-21 11:14:22 +00:00
'posixGroup_gidNumber' => array ( '<block><key>' . _ ( 'GID number' ) . '</key><value>' . $this -> attributes [ 'gidNumber' ][ 0 ] . '</value></block>' ),
2005-07-15 13:34:29 +00:00
'posixGroup_memberUid' => array ( '<block><key>' . _ ( 'Group members' ) . '</key><value>' . implode ( ', ' , $this -> attributes [ 'memberUid' ]) . '</value></block>' ),
2004-09-21 11:14:22 +00:00
'posixGroup_description' => array ( '<block><key>' . _ ( 'Description' ) . '</key><value>' . $this -> attributes [ 'description' ][ 0 ] . '</value></block>' ));
}
/** This functin will be called when the module will be loaded **/
2004-06-08 18:54:37 +00:00
function init ( $base ) {
2004-09-01 20:53:06 +00:00
// call parent init
parent :: init ( $base );
2003-12-27 11:21:00 +00:00
$this -> changegids = false ;
2004-09-15 19:52:29 +00:00
}
2003-12-27 11:21:00 +00:00
2004-06-14 16:05:36 +00:00
2004-09-21 11:14:22 +00:00
/** this functin fills the error message array with messages
**/
2004-09-26 13:48:52 +00:00
function load_Messages () {
$this -> messages [ 'userPassword' ][ 0 ] = array ( 'ERROR' , _ ( 'Password' ), _ ( 'Please enter the same password in both password-fields.' ));
$this -> messages [ 'userPassword' ][ 1 ] = array ( 'ERROR' , _ ( 'Password' ), _ ( 'Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !' ));
2004-10-12 13:34:00 +00:00
$this -> messages [ 'userPassword' ][ 3 ] = array ( 'ERROR' , _ ( 'Password' ), _ ( 'You cannot use this password options at the same time.' ));
2004-09-26 13:48:52 +00:00
$this -> messages [ 'gidNumber' ][ 0 ] = array ( 'INFO' , _ ( 'GID number' ), _ ( 'GID number has changed. Please select checkbox to change GID number of users and hosts.' ));
$this -> messages [ 'gidNumber' ][ 2 ] = array ( 'WARN' , _ ( 'ID-Number' ), _ ( 'It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.' ));
$this -> messages [ 'gidNumber' ][ 3 ] = array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'No free ID-Number!' ));
$this -> messages [ 'gidNumber' ][ 4 ] = array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'ID is already in use' ));
2004-09-26 14:51:18 +00:00
$this -> messages [ 'gidNumber' ][ 5 ] = array ( 'ERROR' , _ ( 'Minimum GID number' ), _ ( 'Minimum GID number is invalid or empty!' ));
$this -> messages [ 'gidNumber' ][ 6 ] = array ( 'ERROR' , _ ( 'Maximum GID number' ), _ ( 'Maximum GID number is invalid or empty!' ));
$this -> messages [ 'gidNumber' ][ 7 ] = array ( 'ERROR' , _ ( 'Maximum GID number' ), _ ( 'Maximum GID number must be greater than minimum GID number!' ));
2004-10-23 11:11:31 +00:00
$this -> messages [ 'gidNumber' ][ 8 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' posixGroup_gid' , _ ( 'GID number has to be a numeric value!' ));
2005-06-18 16:12:01 +00:00
$this -> messages [ 'cn' ][ 0 ] = array ( 'WARN' , _ ( 'Group name' ), _ ( 'You are using a capital letters. This can cause problems because Windows isn\'t case-sensitive.' ));
$this -> messages [ 'cn' ][ 1 ] = array ( 'WARN' , _ ( 'Group name' ), _ ( 'Group name in use. Selected next free group name.' ));
$this -> messages [ 'cn' ][ 2 ] = array ( 'ERROR' , _ ( 'Group name' ), _ ( 'Group name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !' ));
$this -> messages [ 'cn' ][ 3 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' posixGroup_cn' , _ ( 'Group name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !' ));
2004-10-23 11:11:31 +00:00
$this -> messages [ 'memberUID' ][ 0 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' posixGroup_members' , _ ( " This value must be a list of user names separated by semicolons. " ));
2005-07-30 09:01:56 +00:00
$this -> messages [ 'primaryGroup' ][ 0 ] = array ( 'ERROR' , _ ( 'Primary group' ), _ ( 'There are still users who have this group as their primary group.' ));
2004-09-21 11:14:22 +00:00
}
2003-12-27 11:21:00 +00:00
2004-02-09 18:11:01 +00:00
/* This functions return true
* if all needed settings are done
*/
function module_complete () {
2005-08-26 08:53:16 +00:00
if ( ! $_SESSION [ $this -> base ] -> isNewAccount ) {
// check if account is based on our object class
$objectClasses = $_SESSION [ $this -> base ] -> attributes_orig [ 'objectClass' ];
if ( is_array ( $objectClasses ) && ! in_array ( 'posixGroup' , $objectClasses )) {
return true ;
}
}
2004-02-09 18:11:01 +00:00
if ( $this -> attributes [ 'cn' ][ 0 ] == '' ) return false ;
if ( $this -> attributes [ 'gidNumber' ][ 0 ] == '' ) return false ;
return true ;
2004-09-15 19:52:29 +00:00
}
2004-09-21 11:14:22 +00:00
2005-08-26 08:53:16 +00:00
/**
* Controls if the module button the account page is visible and activated .
*
* @ return string status ( " enabled " , " disabled " , " hidden " )
*/
function getButtonStatus () {
if ( ! $_SESSION [ $this -> base ] -> isNewAccount ) {
// check if account is based on our object class
$objectClasses = $_SESSION [ $this -> base ] -> attributes_orig [ 'objectClass' ];
if ( is_array ( $objectClasses ) && ! in_array ( 'posixGroup' , $objectClasses )) {
return " disabled " ;
}
}
return " enabled " ;
}
2004-09-21 11:14:22 +00:00
/* This function returns a list of all html - pages in module
* This is usefull for mass upload and pdf - files
* because lam can walk trough all pages itself and do some
* error checkings
*/
function pages () {
return array ( 'attributes' , 'user' );
2004-09-15 19:52:29 +00:00
}
2003-12-27 11:21:00 +00:00
2004-09-21 11:14:22 +00:00
2003-12-30 15:36:30 +00:00
/* Write variables into object and do some regexp checks
2003-12-27 11:21:00 +00:00
*/
2005-03-10 18:35:04 +00:00
function process_attributes ( & $post ) {
2003-12-30 15:36:30 +00:00
$this -> attributes [ 'description' ][ 0 ] = $post [ 'description' ];
2004-10-12 13:34:00 +00:00
2004-10-16 19:51:36 +00:00
if (( $post [ 'userPassword_lock' ] && $post [ 'userPassword_invalid' ]) || ( $post [ 'userPassword_nopassword' ] && $post [ 'userPassword_invalid' ])) {
// found invalid password parameter combination
$triggered_messages [ 'userPassword' ][] = $this -> messages [ 'userPassword' ][ 3 ];
}
else {
if ( $post [ 'userPassword_nopassword' ]) {
$this -> userPassword_nopassword = true ;
$this -> userPassword_invalid = false ;
2005-08-05 09:42:49 +00:00
$this -> attributes [ 'userPassword' ][ 0 ] = '' ;
2004-10-16 19:51:36 +00:00
$post [ 'userPassword2' ] = '' ;
if ( $post [ 'userPassword_lock' ])
$this -> userPassword_lock = true ;
else $this -> userPassword_lock = false ;
2004-10-12 13:34:00 +00:00
}
else {
2004-10-16 19:51:36 +00:00
$this -> userPassword_nopassword = false ;
if ( $post [ 'userPassword_invalid' ]) {
$this -> userPassword_invalid = true ;
$this -> userPassword_lock = false ;
2004-09-24 16:32:46 +00:00
$post [ 'userPassword2' ] = '' ;
}
else {
2004-10-16 19:51:36 +00:00
$this -> userPassword_invalid = false ;
2005-08-05 09:42:49 +00:00
if ( $post [ 'genpass' ]) $this -> attributes [ 'userPassword' ][ 0 ] = genpasswd ();
2005-05-03 14:46:06 +00:00
elseif ( $_SESSION [ $this -> base ] -> isNewAccount ) {
2004-10-16 19:51:36 +00:00
if ( $post [ 'userPassword' ] != $post [ 'userPassword2' ])
$triggered_messages [ 'userPassword' ][] = $this -> messages [ 'userPassword' ][ 0 ];
2005-08-05 09:42:49 +00:00
else $this -> attributes [ 'userPassword' ][ 0 ] = $post [ 'userPassword' ];
if ( ! get_preg ( $this -> attributes [ 'userPassword' ][ 0 ], 'password' ))
2004-10-16 19:51:36 +00:00
$triggered_messages [ 'userPassword' ][] = $this -> messages [ 'userPassword' ][ 1 ];
2004-09-24 16:32:46 +00:00
}
2004-10-16 19:51:36 +00:00
if ( $post [ 'userPassword_lock' ]) $this -> userPassword_lock = true ;
else $this -> userPassword_lock = false ;
2003-12-30 15:36:30 +00:00
}
2004-10-16 19:51:36 +00:00
}
if ( $post [ 'changegids' ]) $this -> changegids = true ;
else $this -> changegids = false ;
if ( $this -> attributes [ 'gidNumber' ][ 0 ] != $post [ 'gidNumber' ] || ( $this -> triggered_messages [ 'gidNumber' ][ 0 ] = 'ERROR' )) {
// Check if GID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber
$minID = intval ( $this -> moduleSettings [ 'posixGroup_minGID' ][ 0 ]);
$maxID = intval ( $this -> moduleSettings [ 'posixGroup_maxGID' ][ 0 ]);
$dn_gids = $_SESSION [ 'cache' ] -> get_cache ( 'gidNumber' , 'posixGroup' , '*' );
// get_cache will return an array ( dn1 => array(uidnumber1), dn2 => array(uidnumber2), ... )
if ( is_array ( $dn_gids )) {
foreach ( $dn_gids as $gid ) $gids [] = $gid [ 0 ];
sort ( $gids , SORT_NUMERIC );
}
$this -> attributes [ 'gidNumber' ][ 0 ] = $post [ 'gidNumber' ];
if ( $this -> attributes [ 'gidNumber' ][ 0 ] == '' ) {
2005-03-25 12:38:36 +00:00
// No id-number given, find free GID
2004-10-16 19:51:36 +00:00
if ( $this -> orig [ 'gidNumber' ][ 0 ] == '' ) {
2005-03-25 12:54:04 +00:00
$newGID = $this -> getNextGIDs ( 1 , $triggered_messages );
2005-03-25 12:38:36 +00:00
if ( is_array ( $newGID )) {
$this -> attributes [ 'gidNumber' ][ 0 ] = $newGID [ 0 ];
}
else {
2004-10-16 19:51:36 +00:00
$triggered_messages [ 'gidNumber' ][] = $this -> messages [ 'gidNumber' ][ 3 ];
2004-09-15 19:52:29 +00:00
}
}
2004-10-16 19:51:36 +00:00
else $this -> attributes [ 'gidNumber' ][ 0 ] = $this -> orig [ 'gidNumber' ][ 0 ];
// old account -> return id-number which has been used
}
else {
// Check manual ID
// id-number is out of valid range
if ( ( $this -> attributes [ 'gidNumber' ][ 0 ] != $post [ 'gidNumber' ]) && ( $this -> attributes [ 'gidNumber' ][ 0 ] < $minID || $this -> attributes [ 'gidNumber' ][ 0 ] > $maxID )) $triggered_messages [ 'gidNumber' ][] = array ( 'ERROR' , _ ( 'ID-Number' ), sprintf ( _ ( 'Please enter a value between %s and %s!' ), $minID , $maxID ));
// $uids is allways an array but not if no entries were found
if ( is_array ( $gids )) {
// id-number is in use and account is a new account
if (( in_array ( $this -> attributes [ 'gidNumber' ][ 0 ], $gids )) && $this -> orig [ 'gidNumber' ][ 0 ] == '' ) $triggered_messages [ 'gidNumber' ][] = array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'ID is already in use' ));
// id-number is in use, account is existing account and id-number is not used by itself
if (( in_array ( $this -> attributes [ 'gidNumber' ][ 0 ], $gids )) && $this -> orig [ 'gidNumber' ][ 0 ] != '' && ( $this -> orig [ 'gidNumber' ][ 0 ] != $this -> attributes [ 'gidNumber' ][ 0 ]) ) {
$triggered_messages [ 'gidNumber' ][] = $this -> messages [ 'gidNumber' ][ 4 ];
$this -> attributes [ 'gidNumber' ][ 0 ] = $this -> orig [ 'gidNumber' ][ 0 ];
2003-12-30 15:36:30 +00:00
}
}
2004-09-15 19:52:29 +00:00
}
2004-10-16 19:51:36 +00:00
}
if ( $this -> attributes [ 'cn' ][ 0 ] != $post [ 'cn' ] || ( $this -> triggered_messages [ 'cn' ][ 0 ] = 'ERROR' )) {
$this -> attributes [ 'cn' ][ 0 ] = $post [ 'cn' ];
if (( $this -> attributes [ 'cn' ][ 0 ] != $post [ 'cn' ]) && ereg ( '[A-Z]$' , $post [ 'cn' ]))
$triggered_messages [ 'cn' ][] = $this -> messages [ 'cn' ][ 0 ];
// Check if Groupname contains only valid characters
if ( ! get_preg ( $this -> attributes [ 'cn' ][ 0 ], 'groupname' ))
$triggered_messages [ 'cn' ][] = $this -> messages [ 'cn' ][ 2 ];
// Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use
// Set username back to original name if new username is in use
if ( $_SESSION [ 'cache' ] -> in_cache ( $this -> attributes [ 'cn' ][ 0 ], 'cn' , '*' ) != false && ( $this -> orig [ 'cn' ][ 0 ] != '' )) {
$this -> attributes [ 'cn' ][ 0 ] = $this -> orig [ 'cn' ][ 0 ];
}
// Change gid to a new gid until a free gid is found
else while ( $_SESSION [ 'cache' ] -> in_cache ( $this -> attributes [ 'cn' ][ 0 ], 'cn' , '*' )) {
// get last character of username
$lastchar = substr ( $this -> attributes [ 'cn' ][ 0 ], strlen ( $this -> attributes [ 'cn' ][ 0 ]) - 1 , 1 );
// Last character is no number
if ( ! ereg ( '^([0-9])+$' , $lastchar ))
/* Last character is no number . Therefore we only have to
* add " 2 " to it .
*/
$this -> attributes [ 'cn' ][ 0 ] = $this -> attributes [ 'cn' ][ 0 ] . '2' ;
else {
/* Last character is a number -> we have to increase the number until we ' ve
* found a groupname with trailing number which is not in use .
*
* $i will show us were we have to split groupname so we get a part
* with the groupname and a part with the trailing number
2004-01-27 19:07:31 +00:00
*/
2004-10-16 19:51:36 +00:00
$i = strlen ( $this -> attributes [ 'cn' ][ 0 ]) - 1 ;
$mark = false ;
// Set $i to the last character which is a number in $account_new->general_username
while ( ! $mark ) {
if ( ereg ( '^([0-9])+$' , substr ( $this -> attributes [ 'cn' ][ 0 ], $i , strlen ( $this -> attributes [ 'cn' ][ 0 ]) - $i ))) $i -- ;
else $mark = true ;
2004-09-15 19:52:29 +00:00
}
2004-10-16 19:51:36 +00:00
// increase last number with one
$firstchars = substr ( $this -> attributes [ 'cn' ][ 0 ], 0 , $i + 1 );
$lastchars = substr ( $this -> attributes [ 'cn' ][ 0 ], $i + 1 , strlen ( $this -> attributes [ 'cn' ][ 0 ]) - $i );
// Put username together
$this -> attributes [ 'cn' ][ 0 ] = $firstchars . ( intval ( $lastchars ) + 1 );
2004-09-18 18:44:47 +00:00
}
2004-09-15 19:52:29 +00:00
}
2004-10-16 19:51:36 +00:00
// Show warning if lam has changed username
if ( $this -> attributes [ 'cn' ][ 0 ] != $post [ 'cn' ]) {
$triggered_messages [ 'cn' ][] = $this -> messages [ 'cn' ][ 0 ];
}
// show info when gidnumber has changed
if (( $this -> orig [ 'gidNumber' ][ 0 ] != $this -> attributes [ 'gidNumber' ][ 0 ]) && $this -> orig [ 'gidNumber' ][ 0 ] != '' && $post [ 'gidNumber' ] != $this -> attributes [ 'gidNumber' ][ 0 ])
$triggered_messages [ 'gidNumber' ][] = $this -> messages [ 'gidNumber' ][ 0 ];
2004-09-15 19:52:29 +00:00
}
2004-10-12 13:34:00 +00:00
}
2003-12-30 15:36:30 +00:00
// Return error-messages
2004-10-16 19:51:36 +00:00
if ( count ( $triggered_messages ) != 0 ) {
$this -> triggered_messages = $triggered_messages ;
return $triggered_messages ;
2004-09-19 09:50:31 +00:00
}
2004-10-16 19:51:36 +00:00
else $this -> triggered_messages = array ();
2003-12-30 15:36:30 +00:00
// Go to additional group page when no error did ocour and button was pressed
if ( $post [ 'adduser' ]) return 'user' ;
2005-05-03 14:46:06 +00:00
if ( $post [ 'changepass' ]) return 'password' ;
2003-12-30 15:36:30 +00:00
return 0 ;
2004-09-15 19:52:29 +00:00
}
2003-12-30 15:36:30 +00:00
2004-09-21 11:14:22 +00:00
2005-04-22 13:33:34 +00:00
/**
* Processes input data and adds or removes users from current group .
*
* @ param array $post HTTP - POST
* @ return string name of next page
2003-12-30 15:36:30 +00:00
*/
2005-03-10 18:35:04 +00:00
function process_user ( & $post ) {
2005-04-22 13:33:34 +00:00
if ( isset ( $post [ 'addusers' ]) && isset ( $post [ 'addusers_button' ])) { // Add users to list
// Add new user
$this -> attributes [ 'memberUid' ] = @ array_merge ( $this -> attributes [ 'memberUid' ], $post [ 'addusers' ]);
// remove duplicates
$this -> attributes [ 'memberUid' ] = @ array_flip ( $this -> attributes [ 'memberUid' ]);
array_unique ( $this -> attributes [ 'memberUid' ]);
$this -> attributes [ 'memberUid' ] = @ array_flip ( $this -> attributes [ 'memberUid' ]);
// sort users
sort ( $this -> attributes [ 'memberUid' ]);
2004-09-15 19:52:29 +00:00
}
2005-04-22 13:33:34 +00:00
elseif ( isset ( $post [ 'removeusers' ]) && isset ( $post [ 'removeusers_button' ])) { // remove users from list
$this -> attributes [ 'memberUid' ] = array_delete ( $post [ 'removeusers' ], $this -> attributes [ 'memberUid' ]);
2004-09-15 19:52:29 +00:00
}
2003-12-30 15:36:30 +00:00
if ( isset ( $post [ 'adduser_button' ]) || isset ( $post [ 'removeuser_button' ])) return 'user' ;
2005-04-22 13:33:34 +00:00
elseif ( $post [ 'toattributes' ]) return 'attributes' ;
2003-12-30 15:36:30 +00:00
return 0 ;
2004-09-15 19:52:29 +00:00
}
2003-12-27 11:21:00 +00:00
2004-09-21 11:14:22 +00:00
2005-05-03 14:46:06 +00:00
/**
* Sets a new password .
*
* @ param $post HTTP POST
*/
function process_password ( & $post ) {
if ( $post [ 'back' ]) return 'attributes' ;
$messages = array ();
if ( $post [ 'userPassword' ] != $post [ 'userPassword2' ]) {
$messages [ 'userPassword' ][] = $this -> messages [ 'userPassword' ][ 0 ];
if ( ! get_preg ( $post [ 'userPassword' ], 'password' ))
$messages [ 'userPassword' ][] = $this -> messages [ 'userPassword' ][ 1 ];
}
2005-08-05 09:42:49 +00:00
else {
$this -> attributes [ 'userPassword' ][ 0 ] = $post [ 'userPassword' ];
$this -> userPassword_invalid = false ;
$this -> userPassword_lock = false ;
$this -> userPassword_nopassword = false ;
}
2005-05-03 14:46:06 +00:00
if ( sizeof ( $messages ) > 0 ) return $messages ;
else return 'attributes' ;
}
2004-09-21 11:14:22 +00:00
/* This function returns an array with 3 entries :
* array ( DN1 ( 'add' => array ( $attr ), 'remove' => array ( $attr ), 'modify' => array ( $attr )), DN2 .... )
* DN is the DN to change . It may be possible to change several DNs ,
* e . g . create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* modify are attributes which have to been modified in ldap entry
2003-12-27 11:21:00 +00:00
*/
2004-09-21 11:14:22 +00:00
function save_attributes () {
2005-08-26 08:53:16 +00:00
// skip saving if account is based on another structural object class
if ( ! $_SESSION [ $this -> base ] -> isNewAccount && ! in_array ( 'posixGroup' , $_SESSION [ $this -> base ] -> attributes_orig [ 'objectClass' ])) {
return array ();
}
2004-09-21 11:14:22 +00:00
$return = $_SESSION [ $this -> base ] -> save_module_attributes ( $this -> attributes , $this -> orig );
2004-10-12 13:34:00 +00:00
// unset password when needed
if ( isset ( $return [ $_SESSION [ $this -> base ] -> dn ][ 'add' ][ 'userPassword' ]))
unset ( $return [ $_SESSION [ $this -> base ] -> dn ][ 'add' ][ 'userPassword' ]);
2004-09-21 11:14:22 +00:00
if ( isset ( $return [ $_SESSION [ $this -> base ] -> dn ][ 'modify' ][ 'userPassword' ]))
unset ( $return [ $_SESSION [ $this -> base ] -> dn ][ 'modify' ][ 'userPassword' ]);
2004-10-12 13:34:00 +00:00
if ( isset ( $return [ $_SESSION [ $this -> base ] -> dn ][ 'notchanged' ][ 'userPassword' ]))
unset ( $return [ $_SESSION [ $this -> base ] -> dn ][ 'notchanged' ][ 'userPassword' ]);
2004-09-21 11:14:22 +00:00
// Set unix password
2004-10-12 13:34:00 +00:00
if ( isset ( $this -> orig [ 'userPassword' ][ 0 ])) {
2005-08-06 08:01:27 +00:00
// use no password, do nothing
if ( $this -> userPassword_nopassword ) {}
2005-08-05 09:42:49 +00:00
// invalid, use '*' as password
elseif ( $this -> userPassword_invalid )
2004-10-12 13:34:00 +00:00
$return [ $_SESSION [ $this -> base ] -> dn ][ 'modify' ][ 'userPassword' ][ 0 ] = '*' ;
2005-08-05 09:42:49 +00:00
// password changed
elseif (( $this -> attributes [ 'userPassword' ][ 0 ] != $this -> orig [ 'userPassword' ][ 0 ]) && $this -> attributes [ 'userPassword' ][ 0 ] != '' )
$return [ $_SESSION [ $this -> base ] -> dn ][ 'modify' ][ 'userPassword' ][ 0 ] = pwd_hash ( $this -> attributes [ 'userPassword' ][ 0 ], ! $this -> userPassword_lock , $this -> moduleSettings [ 'posixGroup_pwdHash' ][ 0 ]);
// lock account if required
elseif ( $this -> userPassword_lock && ( pwd_disable ( $this -> orig [ 'userPassword' ][ 0 ]) != $this -> orig [ 'userPassword' ][ 0 ]))
2004-10-12 13:34:00 +00:00
$return [ $_SESSION [ $this -> base ] -> dn ][ 'modify' ][ 'userPassword' ][ 0 ] = pwd_disable ( $this -> orig [ 'userPassword' ][ 0 ]);
2005-08-05 09:42:49 +00:00
// unlock password if required
elseif ( ! $this -> userPassword_lock && ( pwd_enable ( $this -> orig [ 'userPassword' ][ 0 ]) != $this -> orig [ 'userPassword' ][ 0 ]))
$return [ $_SESSION [ $this -> base ] -> dn ][ 'modify' ][ 'userPassword' ][ 0 ] = pwd_enable ( $this -> orig [ 'userPassword' ][ 0 ]);
// password has not changed
else
2004-10-12 13:34:00 +00:00
$return [ $_SESSION [ $this -> base ] -> dn ][ 'notchanged' ][ 'userPassword' ][ 0 ] = $this -> orig [ 'userPassword' ][ 0 ];
2004-09-15 19:52:29 +00:00
}
2004-09-21 11:14:22 +00:00
else {
2004-10-12 13:34:00 +00:00
// New user or no old password set
if ( $this -> userPassword_nopassword ) // use no password
2005-08-05 09:42:49 +00:00
$return [ $_SESSION [ $this -> base ] -> dn ][ 'add' ][ 'userPassword' ][ 0 ] = pwd_hash ( '' , ! $this -> userPassword_lock , $this -> moduleSettings [ 'posixGroup_pwdHash' ][ 0 ]);
2004-10-12 13:34:00 +00:00
else if ( $this -> userPassword_invalid ) // use '*' as password
$return [ $_SESSION [ $this -> base ] -> dn ][ 'add' ][ 'userPassword' ][ 0 ] = '*' ;
2005-08-05 09:42:49 +00:00
else if ( $this -> attributes [ 'userPassword' ][ 0 ] != '' ) // set password if set
$return [ $_SESSION [ $this -> base ] -> dn ][ 'add' ][ 'userPassword' ][ 0 ] = pwd_hash ( $this -> attributes [ 'userPassword' ][ 0 ], ! $this -> userPassword_lock , $this -> moduleSettings [ 'posixGroup_pwdHash' ][ 0 ]);
2003-12-27 11:21:00 +00:00
}
2003-12-30 15:36:30 +00:00
2004-09-21 11:14:22 +00:00
// Remove primary group from users from memberUid
$users_dn = $_SESSION [ 'cache' ] -> get_cache ( 'gidNumber' , 'posixAccount' , 'user' );
if ( is_array ( $users_dn )) {
2004-09-08 10:58:56 +00:00
$DNs = array_keys ( $users_dn );
for ( $i = 0 ; $i < count ( $DNs ); $i ++ ) {
if ( $users_dn [ $DNs [ $i ]][ 0 ] == $this -> attributes [ 'gidNumber' ][ 0 ]) {
$thisuser = substr ( $DNs [ $i ], 4 , strpos ( $DNs [ $i ], " , " ) - 4 );
2004-09-21 11:14:22 +00:00
if ( @ in_array ( $thisuser , $this -> attribtues [ 'memberUid' ])) {
$this -> attribtues [ 'memberUid' ] = @ array_flip ( $this -> attribtues [ 'memberUid' ]);
unset ( $this -> attribtues [ 'memberUid' ][ $thisuser ]);
$this -> attribtues [ 'memberUid' ] = @ array_flip ( $this -> attribtues [ 'memberUid' ]);
2003-12-27 11:21:00 +00:00
}
}
2004-09-15 19:52:29 +00:00
}
}
2004-03-14 17:33:05 +00:00
2004-09-21 11:14:22 +00:00
// Change gids of users and hosts?
if ( $this -> changegids ) {
// get gidNumber
$line =- 1 ;
for ( $i = 0 ; $i < count ( $_SESSION [ 'ldap' ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ 'ldap' ] -> objectClasses [ $i ], " NAME 'posixAccount' " )) $line = $i ;
2004-09-19 08:33:37 +00:00
}
2004-09-21 11:14:22 +00:00
if ( $line !=- 1 ) {
$result = $_SESSION [ 'cache' ] -> get_cache ( 'gidNumber' , 'posixAccount' , '*' );
if ( is_array ( $result )) {
$DNs = array_keys ( $result );
for ( $i = 0 ; $i < count ( $DNs ); $i ++ )
if ( $result [ $DNs [ $i ]][ 0 ] == $this -> orig [ 'gidNumber' ][ 0 ]) $return [ $DNs [ $i ]][ 'modify' ][ 'gidNumber' ][ 0 ] = $this -> attributes [ 'gidNumber' ][ 0 ];
}
2004-09-19 08:33:37 +00:00
}
2004-09-21 11:14:22 +00:00
// change primaryGroupID
$line =- 1 ;
for ( $i = 0 ; $i < count ( $_SESSION [ 'ldap' ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ 'ldap' ] -> objectClasses [ $i ], " NAME 'sambaAccount' " )) $line = $i ;
2004-09-19 08:33:37 +00:00
}
2004-09-21 11:14:22 +00:00
if ( $line !=- 1 ) {
$result = $_SESSION [ 'cache' ] -> get_cache ( 'primaryGroupID' , 'sambaAccount' , '*' );
if ( is_array ( $result )) {
$DNs = array_keys ( $result );
for ( $i = 0 ; $i < count ( $DNs ); $i ++ ) {
if ( $result [ $DNs [ $i ]][ 0 ] == $this -> orig [ 'gidNumber' ][ 0 ] * 2 + 1001 ) $return [ $DNs [ $i ]][ 'modify' ][ 'PrimaryGroupID' ][ 0 ] = $this -> attributes [ 'gidNumber' ][ 0 ] * 2 + 1001 ;
}
2004-09-19 08:33:37 +00:00
}
}
2004-09-21 11:14:22 +00:00
// change sambaPrimaryGroupSID
$line =- 1 ;
for ( $i = 0 ; $i < count ( $_SESSION [ 'ldap' ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ 'ldap' ] -> objectClasses [ $i ], " NAME 'sambaSamAccount' " )) $line = $i ;
}
if ( $line !=- 1 ) {
$result = $_SESSION [ 'cache' ] -> get_cache ( 'sambaPrimaryGroupSID' , 'sambaSamAccount' , '*' );
if ( is_array ( $result )) {
$DNs = array_keys ( $result );
for ( $i = 0 ; $i < count ( $DNs ); $i ++ ) {
// Get Domain SID from name
2005-03-10 20:20:00 +00:00
$sambaDomains = search_domains ( $_SESSION [ 'config' ] -> get_Suffix ( 'domain' ));
2004-09-21 11:14:22 +00:00
// Get Domain-SID from group SID
$domainSID = substr ( $result [ $DNs [ $i ]], 0 , strrpos ( $result [ $DNs [ $i ]], " - " ));
for ( $i = 0 ; $i < count ( $sambaDomains ); $i ++ )
if ( $domainSID == $sambaDomains [ $i ] -> SID )
$RIDbase = $sambaDomains [ $i ] -> RIDbase ;
if ( $result [ $DNs [ $i ]][ 0 ] == $SID . " - " . $this -> orig [ 'gidNumber' ][ 0 ] * 2 + 1 + $RIDbase ) $return [ $DNs [ $i ]][ 'modify' ][ 'sambaPrimaryGroupSID' ][ 0 ] = $SID . " - " . $this -> attributes [ 'gidNumber' ][ 0 ] * 2 + 1 + $RIDbase ;
}
2004-09-19 08:33:37 +00:00
}
}
}
2004-09-21 11:14:22 +00:00
return $return ;
2004-09-19 08:33:37 +00:00
}
2004-09-21 11:14:22 +00:00
2005-03-25 12:38:36 +00:00
/**
* Returns one or more free GID numbers .
*
* @ param integer $count Number of needed free GIDs .
2005-03-25 12:54:04 +00:00
* @ param array $triggered_messages list of error messages where errors can be added
2005-03-25 12:38:36 +00:00
* @ return mixed Null if no GIDs are free else an array of free GIDs .
*/
2005-03-25 12:54:04 +00:00
function getNextGIDs ( $count , & $triggered_messages ) {
2005-03-25 12:38:36 +00:00
$ret = array ();
$minID = intval ( $this -> moduleSettings [ 'posixGroup_minGID' ][ 0 ]);
$maxID = intval ( $this -> moduleSettings [ 'posixGroup_maxGID' ][ 0 ]);
$dn_gids = $_SESSION [ 'cache' ] -> get_cache ( 'gidNumber' , 'posixGroup' , '*' );
2005-03-25 14:20:26 +00:00
// get_cache will return an array ( dn1 => array(gidnumber1), dn2 => array(gidnumber2), ... )
2005-03-25 12:38:36 +00:00
$gids = array ();
if ( is_array ( $dn_gids )) {
2005-03-25 14:20:26 +00:00
foreach ( $dn_gids as $gid ) {
if (( $gid [ 0 ] < $maxID ) && ( $gid [ 0 ] > $minID )) $gids [] = $gid [ 0 ]; // ignore GIDs > maxID and GIDs < minID
}
2005-03-25 12:38:36 +00:00
sort ( $gids , SORT_NUMERIC );
}
for ( $i = 0 ; $i < $count ; $i ++ ) {
if ( count ( $gids ) != 0 ) {
// there already are some GIDs
// store highest id-number
$id = $gids [ count ( $gids ) - 1 ];
// Return minimum allowed id-number if all found id-numbers are too low
if ( $id < $minID ) {
$ret [] = $minID ;
$gids [] = $minID ;
}
// return highest used id-number + 1 if it's still in valid range
elseif ( $id < $maxID ) {
$ret [] = $id + 1 ;
$gids [] = $id + 1 ;
}
// find free numbers between existing ones
else {
$k = intval ( $minID );
while ( in_array ( $k , $gids )) $k ++ ;
if ( $k > $maxID ) return null ;
else {
$ret [] = $k ;
$gids [] = $k ;
sort ( $gids , SORT_NUMERIC );
}
// show warning message
$triggered_messages [ 'gidNumber' ][] = $this -> messages [ 'gidNumber' ][ 2 ];
}
}
else {
// return minimum allowed id-number if no id-numbers are found
$ret [] = $minID ;
$gids [] = $minID ;
}
}
return $ret ;
2004-10-16 19:51:36 +00:00
}
2005-03-25 12:38:36 +00:00
}
2004-10-16 19:51:36 +00:00
2003-12-27 11:21:00 +00:00
?>