2003-06-01 10:02:44 +00:00
< ? php
2003-04-23 15:47:00 +00:00
/*
$Id $
This code is part of LDAP Account Manager ( http :// www . sourceforge . net / projects / lam )
Copyright ( C ) 2003 Tilo Lutz
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
LDAP Account Manager functions used by account . php
*/
2003-12-12 00:53:10 +00:00
/* This class contains all functions
* which are needed to manage the ldap cache
*/
class cache {
function cache () {
2003-12-19 12:45:23 +00:00
$this -> config =& $_SESSION [ 'config' ];
$this -> ldap =& $_SESSION [ 'ldap' ];
2003-12-12 00:53:10 +00:00
$this -> time = 0 ;
2003-12-19 12:45:23 +00:00
$this -> attributes = array ();
2003-12-12 00:53:10 +00:00
}
var $ldapcache ; // This variable contains the cache
var $attributes ; // This variable contains a list and their scope of attributes which should be cached
var $config ; // This is a reference to the config class in session
var $ldap ; // This is a reference to the ldap class in session
var $time ; // This is the laste timestamp ldap cache has been refreshed
/* This function adds attributes to cache
* syntax of $attributes is array ( scope1 => array ( attributes ), scope2 => array ( attributes ), ... )
*/
function add_cache ( $attributes ) {
// Check input variable
2003-12-27 11:21:00 +00:00
$allowed_types = array ( 'user' , 'group' , 'host' , 'domain' , '*' );
2003-12-12 00:53:10 +00:00
if ( ! is_array ( $attributes )) trigger_error ( _ ( 'Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).' ), E_USER_ERROR );
foreach ( $attributes as $attribute ) {
if ( ! is_array ( $attribute )) trigger_error ( _ ( 'Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).' ), E_USER_ERROR );
foreach ( $attribute as $singleattribute ) {
if ( ! is_string ( $singleattribute )) trigger_error ( _ ( 'Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).' ), E_USER_ERROR );
}
}
$scopes = array_keys ( $attributes );
foreach ( $scopes as $scope ) {
2003-12-12 18:21:15 +00:00
if ( !@ in_array ( $scope , $allowed_types )) trigger_error ( sprintf ( _ ( 'Invalid scope. Valid scopes are %s.' ), implode ( " " , $allowed_types )), E_USER_ERROR );
2003-12-12 00:53:10 +00:00
}
// Everything seems to be OK, start processing data
foreach ( $scopes as $scope ) {
for ( $i = 0 ; $i < count ( $attributes [ $scope ]); $i ++ ) {
if ( !@ in_array ( $attributes [ $scope ][ $i ] , $this -> attributes [ $scope ])) $this -> attributes [ $scope ][] = $attributes [ $scope ][ $i ];
}
}
2003-12-21 14:52:23 +00:00
// Rebuild cache
$this -> refresh_cache ( true );
2003-12-12 00:53:10 +00:00
}
/* This function returns an array ( dn1 => array ( uidnumber1 ), dn2 => array ( uidnumber2 ), ... )
*
*/
function get_cache ( $attribute , $objectClass , $singlescope ) {
2003-12-19 12:45:23 +00:00
$this -> refresh_cache ();
2003-12-12 00:53:10 +00:00
// Check input variables
2003-12-27 11:21:00 +00:00
$allowed_types = array ( 'user' , 'group' , 'host' , 'domain' , '*' );
2003-12-12 00:53:10 +00:00
if ( ! in_array ( $singlescope , $allowed_types )) trigger_error ( sprintf ( _ ( 'Invalid scope. Valid scopes are %s.' ), implode ( " " , $allowed_types )), E_USER_ERROR );
$line =- 1 ;
for ( $i = 0 ; $i < count ( $_SESSION [ 'ldap' ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ 'ldap' ] -> objectClasses [ $i ], " NAME ' $objectClass ' " )) $line = $i ;
}
// Return error if objectClass isn't found
2003-12-12 18:21:15 +00:00
if ( $line ==- 1 ) trigger_error ( sprintf ( _ ( " objectClass %s required but not defined in ldap. " ), $objectClass ), E_USER_WARNING );
2003-12-21 14:52:23 +00:00
// Create list of all allowed attributes
for ( $i = 0 ; $i < count ( $this -> ldap -> objectClasses ); $i ++ ) {
if ( strpos ( $this -> ldap -> objectClasses [ $i ], 'MUST (' )) {
$string_withtail = substr ( $this -> ldap -> objectClasses [ $i ], strpos ( $this -> ldap -> objectClasses [ $i ], 'MUST (' ) + 6 );
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
$allowed_attributes = array_merge ( $allowed_attributes , explode ( " $ " , $string ));
}
// create array with may-attributes
// Get startposition in string
if ( strpos ( $this -> ldap -> objectClasses [ $i ], 'MAY (' )) {
$string_withtail = substr ( $this -> ldap -> objectClasses [ $i ], strpos ( $this -> ldap -> objectClasses [ $i ], 'MAY (' ) + 5 );
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
$allowed_attributes = array_merge ( $allowed_attributes , explode ( " $ " , $string ));
}
}
$allowed_attributes = array_unique ( $allowed_attributes );
if ( ! in_array ( $attribute , $allowed_attributes )) trigger_error ( _ ( 'Attribute not defined in LDAP.' ), E_USER_WARNING );
2003-12-12 00:53:10 +00:00
// Everything seems to be OK, start processing data
$this -> refresh_cache ();
if ( $singlescope == '*' ) $scopes = $allowed_types ;
else $scopes = array ( $singlescope );
2003-12-21 14:52:23 +00:00
// Add cache entry dynamic
foreach ( $scopes as $scope ) {
if ( !@ in_array ( $attribute , $this -> attributes [ $scope ])) $add [ $scope ][] = $attribute ;
}
if ( count ( $add ) != 0 ) $this -> add_cache ( $add );
2003-12-12 00:53:10 +00:00
foreach ( $scopes as $scope ) {
2003-12-19 12:45:23 +00:00
if ( isset ( $this -> ldapcache [ $scope ])) {
$DNs = array_keys ( $this -> ldapcache [ $scope ]);
foreach ( $DNs as $dn ) {
if ( isset ( $this -> ldapcache [ $scope ][ $dn ][ $attribute ]) && in_array ( $objectClass , $this -> ldapcache [ $scope ][ $dn ][ 'objectClass' ])) {
// return string if only attribute exists only once
if ( count ( $this -> ldapcache [ $scope ][ $dn ][ $attribute ]) == 1 ) $return [ $dn ][] = $this -> ldapcache [ $scope ][ $dn ][ $attribute ][ 0 ];
else {
// else return array with all attributes
$return [ $dn ] = $this -> ldapcache [ $scope ][ $dn ][ $attribute ];
}
2003-12-12 00:53:10 +00:00
}
}
}
}
return $return ;
}
/* This functions returns the dn if a dn with $attribute = $value is found
* $values is the value $attribute is set to
* $scope is the scope where to search
*/
function in_cache ( $value , $attribute , $singlescope ) {
2003-12-19 12:45:23 +00:00
$this -> refresh_cache ();
2003-12-12 00:53:10 +00:00
// Check input variables
2003-12-27 11:21:00 +00:00
$allowed_types = array ( 'user' , 'group' , 'host' , 'domain' , '*' );
2003-12-12 00:53:10 +00:00
if ( ! in_array ( $singlescope , $allowed_types )) trigger_error ( sprintf ( _ ( 'Invalid scope. Valid scopes are %s.' ), implode ( " " , $allowed_types )), E_USER_ERROR );
// Create list of all allowed attributes
for ( $i = 0 ; $i < count ( $this -> ldap -> objectClasses ); $i ++ ) {
if ( strpos ( $this -> ldap -> objectClasses [ $i ], 'MUST (' )) {
$string_withtail = substr ( $this -> ldap -> objectClasses [ $i ], strpos ( $this -> ldap -> objectClasses [ $i ], 'MUST (' ) + 6 );
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
$allowed_attributes = array_merge ( $allowed_attributes , explode ( " $ " , $string ));
}
// create array with may-attributes
// Get startposition in string
if ( strpos ( $this -> ldap -> objectClasses [ $i ], 'MAY (' )) {
$string_withtail = substr ( $this -> ldap -> objectClasses [ $i ], strpos ( $this -> ldap -> objectClasses [ $i ], 'MAY (' ) + 5 );
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
$allowed_attributes = array_merge ( $allowed_attributes , explode ( " $ " , $string ));
}
}
$allowed_attributes = array_unique ( $allowed_attributes );
if ( ! in_array ( $attribute , $allowed_attributes )) trigger_error ( _ ( 'Attribute not defined in LDAP.' ), E_USER_WARNING );
2003-12-21 14:52:23 +00:00
2003-12-12 00:53:10 +00:00
// Everything seems to be OK, start processing data
$this -> refresh_cache ();
if ( $singlescope == '*' ) $scopes = $allowed_types ;
else $scopes = array ( $singlescope );
2003-12-21 14:52:23 +00:00
// Add cache entry dynamic
foreach ( $scopes as $scope ) {
if ( !@ in_array ( $attribute , $this -> attributes [ $scope ])) $add [ $scope ][] = $attribute ;
}
if ( count ( $add ) != 0 ) $this -> add_cache ( $add );
2003-12-12 00:53:10 +00:00
foreach ( $scopes as $scope ) {
2003-12-19 12:45:23 +00:00
if ( isset ( $this -> ldapcache [ $scope ])) {
$DNs = array_keys ( $this -> ldapcache [ $scope ]);
foreach ( $DNs as $dn ) {
if ( is_array ( $this -> ldapcache [ $scope ][ $dn ][ $attribute ])) {
if ( in_array ( $value , $this -> ldapcache [ $scope ][ $dn ][ $attribute ])) {
// Return value if value was found
return $dn ;
}
}
2003-12-12 00:53:10 +00:00
}
}
}
// Return false if value wasn't found
return false ;
}
/* This functions refreshs the cache
*/
2003-12-21 14:52:23 +00:00
function refresh_cache ( $rebuild = false ) {
if ( $time + $this -> config -> get_cacheTimeoutSec () < time () || $rebuild ) {
2003-12-12 00:53:10 +00:00
// unset old cache
unset ( $this -> ldapcache );
$scopes = array_keys ( $this -> attributes );
foreach ( $scopes as $scope ) {
// Get Scope
2003-12-12 10:15:36 +00:00
$function = '$suffix = $this->config->get_' . ucfirst ( $scope ) . 'Suffix();' ;
If ( $scope != '*' ) eval ( $function );
2003-12-12 00:53:10 +00:00
else $suffix = '' ;
// Get Data from ldap
$search = $this -> attributes [ $scope ];
$search [] = 'objectClass' ;
$result = @ ldap_search ( $this -> ldap -> server (), $suffix , 'objectClass=*' , $search , 0 );
// Write search result in array
$entry = @ ldap_first_entry ( $this -> ldap -> server (), $result );
while ( $entry ) {
$dn = ( ldap_get_dn ( $this -> ldap -> server (), $entry ));
$attr = ldap_get_attributes ( $this -> ldap -> server (), $entry );
// unset every count entry
unset ( $attr [ 'count' ]);
$attributes = array_keys ( $attr );
foreach ( $attributes as $attribute ) unset ( $attr [ $attribute ][ 'count' ]);
// unset double entries
for ( $i = 0 ; $i < count ( $attr ); $i ++ ) {
if ( isset ( $attr [ $i ])) unset ( $attr [ $i ]);
}
// Write new cache entry
$addcache = $attr ;
unset ( $addcache [ 'objectClass' ]);
if ( count ( $addcache ) != 0 ) $this -> ldapcache [ $scope ][ $dn ] = $attr ;
$entry = ldap_next_entry ( $this -> ldap -> server (), $entry );
}
}
$this -> time = time ();
}
}
/* This function update the cache when changes were
* made without refrehing the complete cache
*/
function update_cache ( $dn , $attributes , $singlescope ) {
2003-12-27 11:21:00 +00:00
$allowed_types = array ( 'user' , 'group' , 'host' , 'domain' , '*' );
2003-12-12 00:53:10 +00:00
if ( ! in_array ( $singlescope , $allowed_types )) trigger_error ( sprintf ( _ ( 'Invalid scope. Valid scopes are %s.' ), implode ( " " , $allowed_types )), E_USER_ERROR );
// Everything seems to be OK, start processing data
$this -> refresh_cache ();
if ( isset ( $this -> ldapcache [ $singlescope ][ $dn ])) unset ( $this -> ldapcache [ $singlescope ][ $dn ]);
$attrnames = array_keys ( $this -> attributes [ $singlescope ]);
foreach ( $attrnames as $name ) {
if ( is_string ( $attributes [ $name ])) $this -> ldapcache [ $singlescope ][ $dn ][ $name ][] = $attributes [ $name ];
if ( is_array ( $attributes [ $name ])) $this -> ldapcache [ $singlescope ][ $dn ][ $name ] = $attributes [ $name ];
}
}
2003-12-27 11:21:00 +00:00
/* This function will return the gidNumber to an existing groupname
* gidNumbers are taken from cache - array
2003-12-15 15:11:44 +00:00
*/
2003-12-27 11:21:00 +00:00
function getgid ( $groupname ) {
$dn_groups = $_SESSION [ 'cache' ] -> get_cache ( 'gidNumber' , 'posixGroup' , 'group' );
$DNs = array_keys ( $dn_groups );
foreach ( $DNs as $DN ) {
if ( strpos ( $DN , $groupname ))
return $dn_groups [ $DN ][ 0 ];
2003-12-19 12:45:23 +00:00
}
}
2003-12-15 15:11:44 +00:00
2003-12-27 11:21:00 +00:00
/* This function will return an array with all groupnames
* found in ldap . Groupnames are taken from cache - array .
2003-12-19 12:45:23 +00:00
*/
2003-12-27 11:21:00 +00:00
function findgroups () {
$dn_groups = $_SESSION [ 'cache' ] -> get_cache ( 'cn' , 'posixGroup' , 'group' );
$DNs = array_keys ( $dn_groups );
foreach ( $DNs as $DN )
$return [] = $dn_groups [ $DN ][ 0 ];
return $return ;
2003-12-19 12:45:23 +00:00
}
2003-12-27 11:21:00 +00:00
/* This function will return the groupname to an existing gidNumber
* groupnames are taken from cache - array
2003-12-19 12:45:23 +00:00
*/
2003-12-27 11:21:00 +00:00
function getgrnam ( $gidNumber ) {
$dn_groups = $_SESSION [ 'cache' ] -> get_cache ( 'gidNumber' , 'posixGroup' , 'group' );
$DNs = array_keys ( $dn_groups );
foreach ( $DNs as $DN ) {
if ( $dn_groups [ $DN ][ 0 ] == $gidNumber )
$return = substr ( $DN , 3 , strpos ( $DN , ',' ) - 3 );
2003-12-15 15:11:44 +00:00
}
2003-12-27 11:21:00 +00:00
return $return ;
2003-12-19 12:45:23 +00:00
}
2003-12-15 15:11:44 +00:00
}
2003-12-12 00:53:10 +00:00
class accountContainer {
// Constructor
2003-12-19 12:45:23 +00:00
function accountContainer ( $type , $base ) {
2003-12-12 00:53:10 +00:00
/* Set the type of account . Valid
* types are : user , group , host
*/
// Check input variable
if ( ! is_string ( $type )) trigger_error ( _ ( 'Argument of accountContainer must be string.' ), E_USER_ERROR );
2003-12-19 12:45:23 +00:00
if ( ! is_string ( $base )) trigger_error ( _ ( 'Argument of accountContainer must be string.' ), E_USER_ERROR );
2003-12-12 00:53:10 +00:00
// *** fixme use global variable to determine allowed types
2003-12-27 11:21:00 +00:00
$allowed_types = array ( 'user' , 'group' , 'host' , 'domain' );
2003-12-12 00:53:10 +00:00
if ( ! in_array ( $type , $allowed_types )) trigger_error ( _ ( 'Account type not recognized.' ), E_USER_ERROR );
$this -> type = $type ;
2003-12-19 12:45:23 +00:00
$this -> base = $base ;
// Name of variables in session
$this -> ldap = 'ldap' ;
$this -> config = 'config' ;
$this -> cache = 'cache' ;
$this -> header2 = 'header' ;
$this -> module [ 'main' ] = new main ( $this -> base );
2003-12-12 00:53:10 +00:00
return 0 ;
}
/* Array of all used attributes
* Syntax is attribute => array ( objectClass => MUST or MAY , ... )
*/
var $attributes ;
/* This variale stores the type
* of account . Current unix , group , host are supported
*/
var $type ;
var $ldap ; // This is a reference to the ldap class in session
2003-12-19 12:45:23 +00:00
var $config ; // This is a reference to the config class in session
// Localized part of HTML-Header
var $header2 ;
2003-12-12 18:21:15 +00:00
var $module ; // This is an array with all module objects
2003-12-15 15:11:44 +00:00
// DN of the account
var $dn ;
var $dn_orig ;
// this are stores the module order
var $order ;
2003-12-19 12:45:23 +00:00
// name of accountContainer so we can read other classes in accuontArray
var $base ;
2003-12-12 00:53:10 +00:00
/* Get the type of account . Valid
* types are : user , group , host
*/
function get_type () {
return $this -> type ;
}
2003-12-15 15:11:44 +00:00
/* This function asks $this -> module [ 'main' ]
* what to do next
*/
2003-12-19 12:45:23 +00:00
function continue_main ( $post ) {
if ( $this -> module [ 'main' ] -> subpage == '' ) $this -> module [ 'main' ] -> subpage = 'attributes' ;
2003-12-29 14:07:06 +00:00
if ( $post [ 'form_main_reset' ]) {
$this -> load_account ( $this -> dn_orig );
}
else {
$function = '$result = $this->module[$this->order[$this->module[\'main\']->current_page]]->proccess_' . $this -> module [ 'main' ] -> subpage . '($post);' ;
eval ( $function );
}
2003-12-19 12:45:23 +00:00
if ( is_string ( $result )) $this -> module [ 'main' ] -> subpage = $result ;
2003-12-20 19:24:01 +00:00
if ( is_int ( $result ))
for ( $i = 0 ; $i < count ( $this -> order ); $i ++ )
if ( $post [ 'form_main_' . $this -> order [ $i ]]) {
$this -> module [ 'main' ] -> current_page = $i ;
$this -> module [ 'main' ] -> subpage = 'attributes' ;
}
2003-12-19 12:45:23 +00:00
// Write HTML-Code
echo $_SESSION [ $this -> header2 ];
echo " <title> " ;
2003-12-29 14:07:06 +00:00
if ( $this -> dn_orig != '' ) echo _ ( " Modify Account " );
else echo _ ( " Create new Account " );
2003-12-19 12:45:23 +00:00
echo " </title> \n " ;
echo " <link rel= \" stylesheet \" type= \" text/css \" href= \" ../../style/layout.css \" > \n " ;
echo " </head><body> \n " ;
2003-12-20 19:24:01 +00:00
echo " <form action= \" " . $this -> type . " edit.php \" method= \" post \" > \n " ;
2003-12-19 12:45:23 +00:00
// Display errir-messages
if ( is_array ( $result ))
for ( $i = 0 ; $i < sizeof ( $result ); $i ++ ) StatusMessage ( $result [ $i ][ 0 ], $result [ $i ][ 1 ], $result [ $i ][ 2 ]);
// Create left module-menu
echo " <table border=0 width= \" 100% \" > \n <tr><td valign= \" top \" width= \" 15% \" > " ;
echo " <table><tr> " ;
2003-12-20 19:24:01 +00:00
echo " <td><fieldset class= \" " . $this -> type . " edit-dark \" ><legend class= \" " . $this -> type . " edit-bright \" ><b> " ;
2003-12-19 12:45:23 +00:00
echo _ ( 'Please select page:' );
echo " </b></legend> \n " ;
// Loop for module
for ( $i = 0 ; $i < count ( $this -> order ); $i ++ ) {
2003-12-20 19:24:01 +00:00
if ( $this -> order [ $i ] == $this -> order [ $this -> module [ 'main' ] -> current_page ] || ! $this -> module [ $this -> order [ $i ]] -> module_ready () ) {
2003-12-19 12:45:23 +00:00
// print disabled button
echo " <input name= \" form_main_ " . $this -> order [ $i ] . " \" type= \" submit \" value= \" " ;
echo $this -> module [ $this -> order [ $i ]] -> alias ;
echo " \" disabled> \n <br> " ;
}
else {
// print normal button
echo " <input name= \" form_main_ " . $this -> order [ $i ] . " \" type= \" submit \" value= \" " ;
echo $this -> module [ $this -> order [ $i ]] -> alias ;
echo " \" > \n <br> " ;
}
}
2003-12-29 14:07:06 +00:00
if ( $this -> dn_orig != '' ) echo " <input name= \" form_main_reset \" type= \" submit \" value= \" " . _ ( 'Reset changes' ) . " \" ><br> \n " ;
2003-12-19 12:45:23 +00:00
echo " </fieldset></td></tr> \n " ;
echo " </table></td> \n <td> " ;
2003-12-29 14:07:06 +00:00
echo " <td><fieldset class= \" " . $this -> type . " edit-dark \" ><legend class= \" " . $this -> type . " edit-bright \" ><b> " ;
echo $this -> module [ $this -> order [ $this -> module [ 'main' ] -> current_page ]] -> alias ;
echo " </b></legend> \n " ;
2003-12-19 12:45:23 +00:00
// display html-code from mdule
$function = '$result = $this->module[$this->order[$this->module[\'main\']->current_page]]->display_html_' . $this -> module [ 'main' ] -> subpage . '($post);' ;
eval ( $function );
// Display rest of html-page
2003-12-29 14:07:06 +00:00
echo " </fieldset> \n " ;
2003-12-19 12:45:23 +00:00
echo " </td></tr></table> \n " ;
echo " </form> \n " ;
echo " </body> \n " ;
echo " </html> \n " ;
2003-12-15 15:11:44 +00:00
return 0 ;
}
2003-12-12 00:53:10 +00:00
/* Add attributes to variable . Syntax is array ( attribute = array ( objectClass1 => MUST | MAX , objectClass2 => MUST | MAY ), ... )
*/
function add_attributes ( $objectClass ) {
// loop through every existing objectlass and select current objectClass
$line =- 1 ;
2003-12-19 12:45:23 +00:00
for ( $i = 0 ; $i < count ( $_SESSION [ $this -> ldap ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $i ], " NAME ' $objectClass ' " )) $line = $i ;
2003-12-12 00:53:10 +00:00
}
// Return error if objectClass isn't found
2003-12-12 18:21:15 +00:00
if ( $line ==- 1 ) trigger_error ( sprintf ( _ ( " objectClass %s required but not defined in ldap. " ), $objectClass ), E_USER_WARNING );
2003-12-12 00:53:10 +00:00
// create array with must-attributes
// Get startposition in string
2003-12-19 12:45:23 +00:00
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MUST (' )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MUST (' ) + 6 );
2003-12-12 00:53:10 +00:00
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
$must = explode ( " $ " , $string );
// Ad must
foreach ( $must as $attribute ) {
if ( ! isset ( $this -> attributes [ $attribute ])) $this -> attributes [ $attribute ][ $objectClass ] = 'MUST' ;
else $this -> attributes [ $attribute ][ $objectClass ] = 'MUST' ;
}
}
// create array with may-attributes
// Get startposition in string
2003-12-19 12:45:23 +00:00
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MAY (' )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MAY (' ) + 5 );
2003-12-12 00:53:10 +00:00
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
$may = explode ( " $ " , $string );
// Ad may
foreach ( $may as $attribute ) {
if ( ! isset ( $this -> attributes [ $attribute ])) $this -> attributes [ $attribute ][ $objectClass ] = 'MAY' ;
else $this -> attributes [ $attribute ][ $objectClass ] = 'MAY' ;
}
}
2003-12-12 11:52:52 +00:00
// Get attributes of subclasses
2003-12-19 12:45:23 +00:00
while ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], " SUP " )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'SUP ' ) + 4 );
2003-12-12 11:52:52 +00:00
$subclass = substr ( $string_withtail , 0 , strpos ( $string_withtail , ' ' ));
// Add account type to object
2003-12-19 12:45:23 +00:00
for ( $i = 0 ; $i < count ( $_SESSION [ $this -> ldap ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $i ], " NAME ' $subclass ' " )) $line = $i ;
2003-12-12 11:52:52 +00:00
}
// Return error if objectClass isn't found
2003-12-12 18:21:15 +00:00
if ( $line ==- 1 ) trigger_error ( sprintf ( _ ( " objectClass %s required but not defined in ldap. " ), $objectClass ), E_USER_WARNING );
2003-12-12 11:52:52 +00:00
// create array with must-attributes
// Get startposition in string
2003-12-19 12:45:23 +00:00
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MUST (' )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MUST (' ) + 6 );
2003-12-12 11:52:52 +00:00
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
2003-12-19 12:45:23 +00:00
$must = explode ( " $ " , $string );
2003-12-12 11:52:52 +00:00
// Ad must
foreach ( $must as $attribute ) {
if ( ! isset ( $this -> attributes [ $attribute ])) $this -> attributes [ $attribute ][ $objectClass ] = 'MUST' ;
else $this -> attributes [ $attribute ][ $objectClass ] = 'MUST' ;
}
}
// create array with may-attributes
// Get startposition in string
2003-12-19 12:45:23 +00:00
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MAY (' )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MAY (' ) + 5 );
2003-12-12 11:52:52 +00:00
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
2003-12-19 12:45:23 +00:00
$may = explode ( " $ " , $string );
2003-12-12 11:52:52 +00:00
// Ad may
2003-12-19 12:45:23 +00:00
foreach ( $may as $attribute ) {
2003-12-12 11:52:52 +00:00
if ( ! isset ( $this -> attributes [ $attribute ])) $this -> attributes [ $attribute ][ $objectClass ] = 'MAY' ;
else $this -> attributes [ $attribute ][ $objectClass ] = 'MAY' ;
}
}
}
2003-12-12 00:53:10 +00:00
}
/* This function return ldap attributes
* Syntax is get_attributes ( $value , $scope )
* $scope = 'objectClass' , $value = objectClass return value are all attributes of objectClass
* $scope = 'attribute' , $value = attribute returns alle objectClasses which are using the attribute
*/
function get_attributes ( $value , $scope ) {
if ( $scope == 'attribute' && isset ( $this -> attributes [ $value ])) return $this -> attributes [ $value ];
if ( $scope == 'objectClass' ) {
$keys = array_keys ( $this -> attributes );
foreach ( $keys as $attribute ) {
if ( isset ( $this -> attributes [ $attribute ][ $value ])) $return [ $attribute ] = $this -> attributes [ $attribute ][ $value ];
}
return $return ;
}
return 0 ;
}
2003-12-20 19:24:01 +00:00
/* This function return ldap attributes which are uses by $objectClass
* Syntax is get_attributes ( $objectClass )
* Return is an array with all allowed attributes
*/
function get_module_attributes ( $objectClass ) {
// Add account type to object
$line =- 1 ;
for ( $i = 0 ; $i < count ( $_SESSION [ $this -> ldap ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $i ], " NAME ' $objectClass ' " )) $line = $i ;
}
// Return error if objectClass isn't found
if ( $line ==- 1 ) trigger_error ( sprintf ( _ ( " ObjectClass %s required but not defined in ldap. " ), $objectClass ), E_USER_WARNING );
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MUST (' )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MUST (' ) + 6 );
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
// Ad must
foreach ( explode ( " $ " , $string ) as $attribute ) {
$return [ $attribute ] = '' ;
}
}
// create array with may-attributes
// Get startposition in string
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MAY (' )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MAY (' ) + 5 );
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
// Ad may
foreach ( explode ( " $ " , $string ) as $attribute ) {
$return [ $attribute ] = '' ;
}
}
// Get attributes of subclasses
while ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], " SUP " )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'SUP ' ) + 4 );
$subclass = substr ( $string_withtail , 0 , strpos ( $string_withtail , ' ' ));
// Add account type to object
for ( $i = 0 ; $i < count ( $_SESSION [ $this -> ldap ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $i ], " NAME ' $subclass ' " )) $line = $i ;
}
// Return error if objectClass isn't found
if ( $line ==- 1 ) trigger_error ( sprintf ( _ ( " ObjectClass %s required but not defined in ldap. " ), $subclass ), E_USER_WARNING );
// create array with must-attributes
// Get startposition in string
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MUST (' )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MUST (' ) + 6 );
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
// Ad must
foreach ( explode ( " $ " , $string ) as $attribute ) {
$return [ $attribute ] = '' ;
}
}
// create array with may-attributes
// Get startposition in string
if ( strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MAY (' )) {
$string_withtail = substr ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $this -> ldap ] -> objectClasses [ $line ], 'MAY (' ) + 5 );
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
// Ad may
foreach ( explode ( " $ " , $string ) as $attribute ) {
$return [ $attribute ] = '' ;
}
}
}
2003-12-27 11:21:00 +00:00
$this -> add_attributes ( $objectClass );
2003-12-20 19:24:01 +00:00
return $return ;
}
/* This function return ldap attributes which are uses by $objectClass
* Syntax is get_attributes ( $attributes , $orig )
* Return is an array as needed for $this -> saveAccount ()
*/
function save_module_attributes ( $attributes , $orig ) {
// Get list of all "easy" attributes
$attr_names = array_keys ( $attributes );
// Get attributes which should be added
for ( $i = 0 ; $i < count ( $attr_names ); $i ++ ) {
for ( $j = 0 ; $j < count ( $orig [ $attr_names [ $i ]]); $j ++ ) {
if ( is_array ( $attributes [ $attr_names [ $i ]])) {
if ( ! in_array ( $orig [ $attr_names [ $i ]][ $j ], $attributes [ $attr_names [ $i ]]))
if ( $orig [ $attr_names [ $i ]][ $j ] != '' ) $torem [ $attr_names [ $i ]][] = utf8_encode ( $orig [ $attr_names [ $i ]][ $j ]);
}
else if ( $orig [ $attr_names [ $i ]][ $j ] != '' ) $torem [ $attr_names [ $i ]][] = utf8_encode ( $orig [ $attr_names [ $i ]][ $j ]);
}
for ( $j = 0 ; $j < count ( $attributes [ $attr_names [ $i ]]); $j ++ ) {
if ( is_array ( $orig [ $attr_names [ $i ]])) {
if ( ! in_array ( $attributes [ $attr_names [ $i ]][ $j ], $orig [ $attr_names [ $i ]]))
if ( $attributes [ $attr_names [ $i ]][ $j ] != '' ) $toadd [ $attr_names [ $i ]][] = utf8_encode ( $attributes [ $attr_names [ $i ]][ $j ]);
}
else if ( $attributes [ $attr_names [ $i ]][ $j ] != '' ) $toadd [ $attr_names [ $i ]][] = utf8_encode ( $attributes [ $attr_names [ $i ]][ $j ]);
}
for ( $j = 0 ; $j < count ( $attributes [ $attr_names [ $i ]]); $j ++ ) {
if ( is_array ( $orig [ $attr_names [ $i ]]) && is_array ( $attributes [ $attr_names [ $i ]])) {
if (( $attributes [ $attr_names [ $i ]][ $j ] == $orig [ $attr_names [ $i ]][ $j ]) && $attributes [ $attr_names [ $i ]][ $j ] != '' )
$notchanged [ $attr_names [ $i ]][] = utf8_encode ( $attributes [ $attr_names [ $i ]][ $j ]);
}
}
}
// create modify wuth add and remove
if ( is_array ( $toadd )) {
$attributes2 = array_keys ( $toadd );
for ( $i = 0 ; $i < count ( $attributes2 ); $i ++ ) {
if ( isset ( $torem [ $attributes2 [ $i ]])) {
// found modify entry
// Add unchanged attributes
if ( isset ( $notchanged [ $attributes2 [ $i ]])) $tomodify [ $attributes [ $i ]] = $notchanged [ $attributes [ $i ]];
$tomodify [ $attributes2 [ $i ]] = array_merge_recursive ( $tomodify [ $attributes2 [ $i ]], $toadd [ $attributes2 [ $i ]]);
// unset attributes
if ( isset ( $notchanged [ $attributes2 [ $i ]])) unset ( $notchanged [ $attributes2 [ $i ]]);
if ( isset ( $toadd [ $attributes2 [ $i ]])) unset ( $toadd [ $attributes2 [ $i ]]);
if ( isset ( $torem [ $attributes2 [ $i ]])) unset ( $torem [ $attributes2 [ $i ]]);
}
}
}
if ( count ( $toadd ) != 0 ) $return [ $this -> dn ][ 'add' ] = $toadd ;
if ( count ( $torem ) != 0 ) $return [ $this -> dn ][ 'remove' ] = $torem ;
if ( count ( $tomodify ) != 0 ) $return [ $this -> dn ][ 'modify' ] = $tomodify ;
if ( count ( $notchanged ) != 0 ) $return [ $this -> dn ][ 'notchanged' ] = $notchanged ;
return $return ;
}
2003-12-19 12:45:23 +00:00
/* This function checks if all MUST - attribtues are set .
* If not it will return an array with all modules
* which have to be set first
*/
function check_attributes () {
$return = array ();
// get named list of attributes
$attributes = array_keys ( $this -> attributes );
for ( $i = 0 ; $i < count ( $attributes ); $i ++ ) {
$singleattribute = array_keys ( $this -> attributes [ $attributes [ $i ]]);
for ( $j = 0 ; $j < count ( $singleattribute ); $j ++ ) {
// found attribute which must be set
if ( $this -> attributes [ $attributes [ $i ]][ $singleattribute [ $j ]] == 'MUST' ) {
// Check if attribute is set
if ( $this -> module [ $singleattribute [ $j ]] -> attributes [ $attributes [ $i ]] == '' )
if ( ! in_array ( $singleattribute [ $j ], $return )) $return [] = $singleattribute [ $j ];
}
}
}
return $return ;
}
2003-12-12 00:53:10 +00:00
/* This function adds an objectClass class ( module ) to accountContainer
*/
function add_objectClass ( $objectClass ) {
$line =- 1 ;
for ( $i = 0 ; $i < count ( $_SESSION [ 'ldap' ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ 'ldap' ] -> objectClasses [ $i ], " NAME ' $objectClass ' " )) $line = $i ;
}
// Return error if objectClass isn't found
2003-12-12 18:21:15 +00:00
if ( $line ==- 1 ) trigger_error ( _ ( " objectClass $objectClass required but not defined in ldap. " ), E_USER_WARNING );
2003-12-12 00:53:10 +00:00
else {
// Add module if it exists
2003-12-19 12:45:23 +00:00
if ( class_exists ( $objectClass )) {
$this -> module [ $objectClass ] = new $objectClass ( $this -> base );
2003-12-12 00:53:10 +00:00
}
2003-12-15 15:11:44 +00:00
else trigger_error ( _ ( " objectClass $objectClass required but no module found. " ), E_USER_WARNING );
2003-12-12 00:53:10 +00:00
}
return 0 ;
}
2003-12-15 15:11:44 +00:00
/* This function will load an account .
* $dn is the dn of the account which should be loaded
*/
function load_account ( $dn ) {
$search = substr ( $dn , 0 , strpos ( $dn , ',' ));
2003-12-19 12:45:23 +00:00
$result = ldap_search ( $_SESSION [ $this -> ldap ] -> server (), $dn , $search );
$entry = ldap_first_entry ( $_SESSION [ $this -> ldap ] -> server (), $result );
2003-12-15 15:11:44 +00:00
$this -> dn = substr ( $dn , strpos ( $dn , ',' ) + 1 );
$this -> dn_orig = $dn ;
2003-12-29 14:07:06 +00:00
$attr = ldap_get_attributes ( $_SESSION [ $this -> ldap ] -> server (), $entry );
2003-12-15 15:11:44 +00:00
if ( isset ( $attr [ 'objectClass' ][ 'count' ])) unset ( $attr [ 'objectClass' ][ 'count' ]);
// load attributes
2003-12-27 11:21:00 +00:00
foreach ( $attr [ 'objectClass' ] as $objectClass ) {
$this -> add_objectClass ( $objectClass );
2003-12-21 14:52:23 +00:00
if ( isset ( $this -> module [ $objectClass ])) $this -> module [ $objectClass ] -> load_attributes ( $attr );
2003-12-27 11:21:00 +00:00
}
$this -> module [ 'quota' ] = new quota ( $this -> base );
$this -> module [ 'quota' ] -> load_attributes ( $attr );
2003-12-15 15:11:44 +00:00
// sortm modules and make all active because all required attributes should be set
$module = array_keys ( $this -> module );
$modulelist = array ();
// *** fixme add modules from config which should be used but not yet in loaded account
2003-12-27 11:21:00 +00:00
// *** fixme how to handle non ldap modules?
2003-12-15 15:11:44 +00:00
// loop until all modules are in order.
// We don't want to loop forever
$remain = count ( $module ) * count ( $module );
2003-12-19 12:45:23 +00:00
$order = array ();
2003-12-15 15:11:44 +00:00
while ( ( count ( $module ) != count ( $modulelist )) && ( $remain != 0 ) ) {
$remain -- ;
foreach ( $module as $moduleitem ) {
2003-12-19 12:45:23 +00:00
$required = $this -> module [ $moduleitem ] -> dependencies ();
2003-12-15 15:11:44 +00:00
$everything_found = true ;
2003-12-19 12:45:23 +00:00
if ( is_array ( $required )) {
2003-12-15 15:11:44 +00:00
foreach ( $required as $requireditem )
if ( ! in_array ( $reuquireditem , $modulelist )) $everthing_found = false ;
2003-12-19 12:45:23 +00:00
}
if ( $everything_found && ! in_array ( $moduleitem , $order ) ) $order [] = $moduleitem ;
2003-12-15 15:11:44 +00:00
}
}
// Write Module-Order in variable
2003-12-19 12:45:23 +00:00
$this -> order = $order ;
2003-12-15 15:11:44 +00:00
return 0 ;
}
/* This function will prepare the object
* for a new account
*/
function new_account () {
2003-12-20 19:24:01 +00:00
$modulelist = array ( 'posixAccount' , 'shadowAccount' , 'sambaAccount' );
2003-12-15 15:11:44 +00:00
// *** fixme add modules from config which should be used but not yet in loaded account
2003-12-19 12:45:23 +00:00
foreach ( $modulelist as $objectClass ) $this -> add_objectClass ( $objectClass );
2003-12-15 15:11:44 +00:00
2003-12-19 12:45:23 +00:00
$module = array_keys ( $this -> module );
2003-12-15 15:11:44 +00:00
// loop until all modules are in order.
// We don't want to loop forever
$remain = count ( $module ) * count ( $module );
2003-12-19 12:45:23 +00:00
$order = array ();
2003-12-15 15:11:44 +00:00
while ( ( count ( $module ) != count ( $modulelist )) && ( $remain != 0 ) ) {
$remain -- ;
foreach ( $module as $moduleitem ) {
2003-12-19 12:45:23 +00:00
$required = $this -> module [ $moduleitem ] -> dependencies ();
2003-12-15 15:11:44 +00:00
$everything_found = true ;
2003-12-19 12:45:23 +00:00
if ( is_array ( $required )) {
2003-12-15 15:11:44 +00:00
foreach ( $required as $requireditem )
if ( ! in_array ( $reuquireditem , $modulelist )) $everthing_found = false ;
2003-12-19 12:45:23 +00:00
}
if ( $everything_found && ! in_array ( $moduleitem , $order ) ) $order [] = $moduleitem ;
2003-12-15 15:11:44 +00:00
}
}
// Write Module-Order in variable
2003-12-19 12:45:23 +00:00
$this -> order = $order ;
// *** fixme load*Profile must return array in the same way ldap_get_attributes does.
$function = '$newattributes = load' . ucfirst ( $this -> type ) . 'Profile(\'default\');' ;
eval ( $function );
// pass newattributes to each module
//foreach ($module as $module2)
// $this->module[$module2]->load_attributes($newattributes);
2003-12-15 15:11:44 +00:00
return 0 ;
}
/* This function will load an account .
*/
function save_account () {
2003-12-19 12:45:23 +00:00
$module = array_keys ( $this -> module );
$attributes = array ();
// load attributes
foreach ( $module as $singlemodule ) {
// load changes
$temp = $this -> module [ $singlemodule ] -> save_attributes ();
// merge changes
$DNs = array_keys ( $temp );
2003-12-20 19:24:01 +00:00
// *** fixme don't include references
2003-12-19 12:45:23 +00:00
$attributes = array_merge_recursive ( $temp , $attributes );
for ( $i = 0 ; $i < count ( $DNs ); $i ++ ) {
$ops = array_keys ( $temp [ $DNs [ $i ]]);
for ( $j = 0 ; $j < count ( $ops ); $j ++ ) {
$attrs = array_keys ( $temp [ $DNs [ $i ]][ $ops [ $j ]]);
for ( $k = 0 ; $k < count ( $attrs ); $k ++ )
$attributes [ $DNs [ $i ]][ $ops [ $j ]][ $attrs [ $k ]] = array_unique ( $attributes [ $DNs [ $i ]][ $ops [ $j ]][ $attrs [ $k ]]);
}
}
}
2003-12-20 19:24:01 +00:00
2003-12-19 12:45:23 +00:00
// Complete dn with uid or cn=
if ( $this -> type == 'group' ) $search = 'cn' ;
else $search = 'uid' ;
$added = false ;
foreach ( $attributes as $DN ) {
if ( isset ( $DN [ 'modify' ][ $search ][ 0 ]) && ! $added ) {
$attributes [ $search . '=' . $DN [ 'modify' ][ $search ][ 0 ] . ',' . $this -> dn ] = $attributes [ $this -> dn ];
unset ( $attributes [ $this -> dn ]);
$this -> dn = $search . '=' . $DN [ 'modify' ][ $search ][ 0 ] . ',' . $this -> dn ;
$added = true ;
}
if ( isset ( $DN [ 'add' ][ $search ][ 0 ]) && ! $added ) {
$attributes [ $search . '=' . $DN [ 'add' ][ $search ][ 0 ] . ',' . $this -> dn ] = $attributes [ $this -> dn ];
unset ( $attributes [ $this -> dn ]);
$this -> dn = $search . '=' . $DN [ 'add' ][ $search ][ 0 ] . ',' . $this -> dn ;
$added = true ;
}
if ( isset ( $DN [ 'notchanged' ][ $search ][ 0 ]) && ! $added ) {
$attributes [ $search . '=' . $DN [ 'notchanged' ][ $search ][ 0 ] . ',' . $this -> dn ] = $attributes [ $this -> dn ];
unset ( $attributes [ $this -> dn ]);
$this -> dn = $search . '=' . $DN [ 'notchanged' ][ $search ][ 0 ] . ',' . $this -> dn ;
$added = true ;
}
}
// Add old dn if dn hasn't changed
if ( ! $added ) {
$attributes [ $this -> dn_orig ] = $attributes [ $this -> dn ];
unset ( $attributes [ $this -> dn ]);
$this -> dn = $this -> dn_orig ;
}
// Add new DN
if ( $this -> dn != $this -> dn_orig ) {
// move existing DN
if ( $this -> dn_orig != '' ) {
// merge attributes together
$attr = array_merge_recursive ( $attributes [ $this -> dn ][ 'add' ], $attributes [ $this -> dn ][ 'notchanged' ], $attributes [ $this -> dn ][ 'modify' ]);
$success = @ ldap_add ( $_SESSION [ $this -> ldap ] -> server (), $this -> dn , $attr );
if ( $success ) {
$success = @ ldap_delete ( $_SESSION [ $this -> ldap ] -> server (), $this -> dn_orig );
if ( ! $success ) return array ( 'ERROR' , 'LDAP' , sprintf ( _ ( 'Was unable to delete dn: %s.' ), $this -> dn_orig ));
}
if ( ! $success ) return array ( 'ERROR' , 'LDAP' , sprintf ( _ ( 'Was unable to create dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.' ), $this -> dn ));
}
// create complete new dn
else {
$attr = array_merge_recursive ( $attributes [ $this -> dn ][ 'add' ], $attributes [ $this -> dn ][ 'notchanged' ], $attributes [ $this -> dn ][ 'modify' ]);
$success = @ ldap_add ( $_SESSION [ $this -> ldap ] -> server (), $this -> dn , $attributes [ $this -> dn ][ 'add' ]);
if ( ! $success ) return array ( 'ERROR' , 'LDAP' , sprintf ( _ ( 'Was unable to create dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.' ), $this -> dn ));
}
unset ( $attributes [ $this -> dn ]);
}
$DNs = array_keys ( $attributes );
for ( $i = 0 ; $i < count ( $DNs ); $i ++ ) {
// modify attributes
if ( isset ( $attributes [ $DNs [ $i ]][ 'modify' ])) {
$success = @ ldap_mod_replace ( $_SESSION [ $this -> ldap ] -> server (), $DNs [ $i ], $attributes [ $DNs [ $i ]][ 'modify' ]);
if ( ! $success ) return array ( 'ERROR' , 'LDAP' , sprintf ( _ ( 'Was unable to modify attribtues from dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.' ), $DNs [ $i ]));
}
// add attributes
if ( isset ( $attributes [ $DNs [ $i ]][ 'add' ])) {
$success = @ ldap_mod_add ( $_SESSION [ $this -> ldap ] -> server (), $DNs [ $i ], $attributes [ $DNs [ $i ]][ 'add' ]);
if ( ! $success ) return array ( 'ERROR' , 'LDAP' , sprintf ( _ ( 'Was unable to add attribtues to dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.' ), $DNs [ $i ]));
}
// removce attributes
if ( isset ( $attributes [ $DNs [ $i ]][ 'remove' ])) {
$success = @ ldap_mod_del ( $_SESSION [ $this -> ldap ] -> server (), $DNs [ $i ], $attributes [ $DNs [ $i ]][ 'remove' ]);
if ( ! $success ) return array ( 'ERROR' , 'LDAP' , sprintf ( _ ( 'Was unable to remove attribtues from dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.' ), $DNs [ $i ]));
}
}
2003-12-20 21:42:52 +00:00
foreach ( $attributes as $DN )
2003-12-27 11:21:00 +00:00
if ( is_array ( $DN [ 'lamdaemon' ][ 'command' ])) $this -> lamdaemon ( $DN [ 'lamdaemon' ][ 'command' ]);
2003-12-15 15:11:44 +00:00
2003-12-19 12:45:23 +00:00
return 0 ;
2003-12-15 15:11:44 +00:00
}
2003-12-20 21:42:52 +00:00
function lamdaemon ( $commands ) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION [ $this -> ldap ] -> decrypt ();
/* $towrite has the following syntax :
* admin - username , admin - password , owner of homedir , 'home' , operation = 'add'
* use escapeshellarg to make exec () shell - safe
*/
$towrite = escapeshellarg ( $_SESSION [ $this -> config ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ $this -> config ] -> scriptPath ) . " " .
escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]);
2003-12-27 11:21:00 +00:00
2003-12-20 21:42:52 +00:00
$userstring = implode ( " \n " , $commands );
if ( function_exists ( proc_open )) {
// New Code, requires PHP 4.3
$descriptorspec = array (
0 => array ( " pipe " , " r " ), // stdin
1 => array ( " pipe " , " w " ), // stout
2 => array ( " file " , " /dev/null " , " a " ) // sterr
);
$process = proc_open ( escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ,
$descriptorspec ,
$pipes );
if ( is_resource ( $process )) {
/* perl - script is running
* $pipes [ 0 ] is writeable handle to child stdin
* $pipes [ 1 ] is readable handle to child stdout
* any error is send to / dev / null
*/
// Write to stdin
fwrite ( $pipes [ 0 ], $userstring );
}
fclose ( $pipes [ 0 ]);
while ( ! feof ( $pipes [ 1 ])) {
$output = fgets ( $pipes [ 1 ], 1024 );
if ( $output != '' ) $output_array [] = $output ;
}
fclose ( $pipes [ 1 ]);
proc_close ( $process );
}
else { // PHP 4.3>
$command = escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ;
$pipe = popen ( " echo \" $userstring\ " | $command " , 'r');
while ( ! feof ( $pipe )) {
//$output .= fread($pipe, 1024);
$output = fgets ( $pipe , 1024 );
if ( $output != '' ) $output_array [] = $output ;
}
pclose ( $pipe );
}
return $output_array ;
}
2003-12-12 00:53:10 +00:00
}
2003-10-19 17:04:49 +00:00
// This class keeps all needed values for any account
class account {
2003-08-16 09:38:17 +00:00
// Type : user | group | host
var $type ;
2003-04-23 15:47:00 +00:00
// General Settings
2003-08-12 19:45:24 +00:00
var $general_objectClass ; // Array, contains old objectclasses of loaded account
2003-06-08 12:12:42 +00:00
var $general_username ; // string Username, Hostname or Groupname
var $general_uidNumber ; // string UIDNumber(user|host) GIDNumber(group) only natural numbers allowed
var $general_surname ; // string Surname (user)
var $general_givenname ; // string Givenname (user)
var $general_dn ; // string DN
var $general_group ; // string Primary group (user|host)
2003-10-19 17:04:49 +00:00
var $general_groupadd ; // array(string) Addititional Groups (user) is member of
2003-06-08 12:12:42 +00:00
var $general_homedir ; // atring Homedirectoy (user) For host it's hardcoded to/dev/null
var $general_shell ; // array(string) list off all valid shells (user) hosts are hard-wired to /bin/false
2003-10-19 17:04:49 +00:00
var $general_gecos ; // string, gecos-field (user|group|host)
2003-04-23 15:47:00 +00:00
// Unix Password Settings
2003-09-11 16:55:57 +00:00
var $unix_memberUid ; // array Stores all users which are member of group but is not primary group (group)
2003-06-08 12:12:42 +00:00
var $unix_password ; // string for unix-password (user|host)
var $unix_password_no ; // string (0|1) set unix-password to none (user|host)
var $unix_pwdwarn ; // string number of days a user is warned before password expires (user|host) value must be a natural number (user|host)
var $unix_pwdallowlogin ; // string number of days a user can login even his password has expired (user) muste be a natural number or 0 or -1 (user|host)
var $unix_pwdmaxage ; // string Number of days after a user has to change his password again Value must be 0<. (user|host)
var $unix_pwdminage ; // string Number of days a user has to wait until he\'s allowed to change his password again. Value must be 0<. (user|host)
2003-07-11 14:42:28 +00:00
var $unix_pwdexpire ; // string days since 1.1.1970 the account expires (user|host)
2003-06-08 12:12:42 +00:00
var $unix_deactivated ; // string (1|0) account deactivated? (user|host)
var $unix_shadowLastChange ; // string, contains the days since 1.1.1970 the password has been changed last time (user|host)
2003-08-03 14:04:18 +00:00
var $unix_host ; // list of unix hosts the user is allowed to log in
2003-04-23 15:47:00 +00:00
// Samba Account
2003-06-08 12:12:42 +00:00
var $smb_password ; // string for samba-password (user|host)
var $smb_useunixpwd ; // string (1|0) use unix-password as samba-password (user|host)
2003-07-13 12:31:12 +00:00
var $smb_pwdcanchange ; // string unix-timestamp user/host is able to change password (user|host)
var $smb_pwdmustchange ; // string unix-timestamp user/host has to change password at next login (user|host)
2003-06-08 12:12:42 +00:00
var $smb_homedrive ; // string Homedrive (C:, D:, ...) (user)
var $smb_scriptPath ; // string ScriptPath (\\server\loginscript) (user)
var $smb_profilePath ; // string profilePAth (\\server\profilepath) (user)
var $smb_smbuserworkstations ; // string comma-separated list of workstations (user)
var $smb_smbhome ; // string Home-Share (\\server\home) (user)
2003-08-10 19:46:21 +00:00
var $smb_domain ; // string Domain of (user|host) or samba3domain-Object
2003-11-17 16:02:23 +00:00
var $smb_flags ; // array of acctFlags, ( {'W'] => 0, ['X'] => 1, ......
2003-06-30 12:06:44 +00:00
var $smb_mapgroup ; // decimal ID for groups
2003-09-16 12:44:28 +00:00
var $smb_displayName ; // string, description, similar to gecos-field.
2003-05-07 16:53:03 +00:00
// Quota Settins
2003-10-20 17:56:52 +00:00
var $quota ; /* array [][] First array is an index for every chare with active quotas
* second array Contains values for every share :
* mountpoint , used blocks , soft block limit , hard block limit , grace block period , used inodes ,
* soft inode limit , hard inode limit , grace inode period
*/
2003-04-23 15:47:00 +00:00
// Personal Settings
2003-06-08 12:12:42 +00:00
var $personal_title ; // string title of user
var $personal_mail ; // string mailaddress of user
var $personal_telephoneNumber ; // string telephonenumber of user
var $personal_mobileTelephoneNumber ; // string mobile umber of user
var $personal_facsimileTelephoneNumber ; // strinf fax-number of user
var $personal_street ; // stirng streetname of user
var $personal_postalCode ; // string postal code of user
var $personal_postalAddress ; // string postal Address of user
var $personal_employeeType ; // string employe type of user
2003-04-23 15:47:00 +00:00
}
2003-12-29 14:07:06 +00:00
2003-06-08 12:12:42 +00:00
2003-10-19 17:04:49 +00:00
/* Return a list of all shells listed in ../ config / shells
* Normally ../ config / shells is a symbolic link to / etc / shells
*/
function getshells () {
// Load shells from file
2003-09-28 13:30:31 +00:00
$shells = file ( $_SESSION [ 'lampath' ] . 'config/shells' );
2003-05-14 21:12:17 +00:00
$i = 0 ;
2003-10-17 07:58:43 +00:00
while ( count ( $shells ) > $i ) {
// remove whitespaces
2003-05-14 21:12:17 +00:00
trim ( $shells [ $i ]);
2003-10-17 07:58:43 +00:00
// remove lineend
$shells [ $i ] = substr ( $shells [ $i ], 0 , strpos ( $shells [ $i ], " \n " ));
2003-10-19 17:04:49 +00:00
// remove comments
2003-10-17 07:58:43 +00:00
if ( $shells [ $i ]{ 0 } == '#' ) unset ( $shells [ $i ]);
2003-05-16 20:00:45 +00:00
else $i ++ ;
2003-05-14 21:12:17 +00:00
}
2003-10-19 17:04:49 +00:00
// $shells is array with all valid shells
2003-05-02 15:32:44 +00:00
return $shells ;
2003-05-01 17:02:57 +00:00
}
2003-04-23 15:47:00 +00:00
2003-10-19 17:04:49 +00:00
/* This function will replace umlates with ascci - chars
2003-12-19 12:45:23 +00:00
* fixme ***
2003-10-19 17:04:49 +00:00
* In order to map all non - ascii characters this function should be changed
*/
function replace_umlaut ( $text ) {
2003-08-14 12:49:11 +00:00
$aTranslate = array ( " <EFBFBD> " => " ae " , " <EFBFBD> " => " Ae " ,
" <EFBFBD> " => " oe " , " <EFBFBD> " => " Oe " ,
" <EFBFBD> " => " ue " , " <EFBFBD> " => " Ue " ,
" <EFBFBD> " => " ss "
);
return strtr ( $text , $aTranslate );
}
2003-09-11 16:55:57 +00:00
2003-10-19 17:04:49 +00:00
/* This function will return all values from $array without values of $values
* $values , $array and $return are arrays
*/
function array_delete ( $values , $array ) {
// Loop for every entry and check if it should be removed
if ( is_array ( $array )) {
2003-12-27 11:21:00 +00:00
$return = array ();
2003-10-19 17:04:49 +00:00
foreach ( $array as $array_value )
if ( !@ in_array ( $array_value , $values ))
$return [] = $array_value ;
return $return ;
}
2003-12-27 11:21:00 +00:00
else return array ();
2003-10-19 17:04:49 +00:00
}
2003-09-11 16:55:57 +00:00
2003-10-19 17:04:49 +00:00
// This function will return a password with max. 8 characters
function genpasswd () {
2003-04-23 15:47:00 +00:00
// Allowed Characters to generate passwords
2003-10-19 17:04:49 +00:00
// I'Ve removed characters like l and 1 because they are too similar
2003-04-23 15:47:00 +00:00
$LCase = 'abcdefghjkmnpqrstuvwxyz' ;
2003-05-02 15:32:44 +00:00
$UCase = 'ABCDEFGHJKMNPQRSTUVWXYZ' ;
2003-04-23 15:47:00 +00:00
$Integer = '23456789' ;
// DEFINE CONSTANTS FOR ALGORTTHM
define ( " LEN " , '1' );
$a = RndInt ( 'letter' );
$b = RndInt ( 'letter' );
$c = RndInt ( 'letter' );
$d = RndInt ( 'letter' );
$e = RndInt ( 'number' );
$f = RndInt ( 'number' );
$g = RndInt ( 'letter' );
$h = RndInt ( 'letter' );
// EXTRACT 8 CHARACTERS RANDOMLY FROM TH // E DEFINITION STRINGS
$L1 = substr ( $LCase , $a , LEN );
$L2 = substr ( $LCase , $b , LEN );
$L3 = substr ( $LCase , $h , LEN );
$U1 = substr ( $UCase , $c , LEN );
$U2 = substr ( $UCase , $d , LEN );
$U3 = substr ( $UCase , $g , LEN );
$I1 = substr ( $Integer , $e , LEN );
$I2 = substr ( $Integer , $f , LEN );
// COMBINE THE CHARACTERS AND DISPLAY TH // E NEW PASSWORD
$PW = $L1 . $U2 . $I1 . $L2 . $I2 . $U1 . $U3 . $L3 ;
return $PW ;
}
2003-10-19 17:04:49 +00:00
2003-05-02 16:18:05 +00:00
/* THIS FUNCTION GENERATES A RANDOM NUMBER THAT WILL BE USED TO
* RANDOMLY SELECT CHARACTERS FROM THE STRINGS ABOVE
*/
function RndInt ( $Format ){
switch ( $Format ){
case 'letter' :
$Rnd = rand ( 0 , 23 );
if ( $Rnd > 23 ){
$Rnd = $Rnd - 1 ;
}
break ;
case 'number' :
$Rnd = rand ( 2 , 9 );
if ( $Rnd > 8 ){
$Rnd = $Rnd - 1 ;
}
break ;
}
return $Rnd ;
} // END RndInt() FUNCTION
2003-10-19 17:04:49 +00:00
/* Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
2003-11-12 10:30:52 +00:00
* $users = array of account objects . , return - value is an array of account objects
* if $users is account object return values is also an account object
2003-11-09 22:09:22 +00:00
* An array with all quota - enabled partitions will be returned in this case all returned values are 0 exept mointpoint [ x ][ 0 ]
2003-10-19 17:04:49 +00:00
*/
2003-11-08 18:51:48 +00:00
function getquotas ( $users ) {
2003-10-19 17:04:49 +00:00
// define new object
2003-11-12 10:30:52 +00:00
if ( is_array ( $users )) $return = $users ;
else $return [ 0 ] = $users ;
2003-10-19 17:04:49 +00:00
// get username and password of the current lam-admin
2003-05-13 10:54:53 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
* admin - username , admin - password , account with quotas , 'quota' , operation = 'get' , type = user | group
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-11-06 10:58:21 +00:00
$towrite = escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " .
escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]);
2003-10-19 17:04:49 +00:00
/* scriptServer is the IP to remote - host to which lam should connect via ssh
* scriptPath is Path to lamdaemon . pl on remote system
*/
2003-11-12 10:30:52 +00:00
if ( is_array ( $return )) {
for ( $i = 0 ; $i < count ( $return ); $i ++ )
// put string to trasmit together
if ( $return [ $i ] -> general_username != '' ) $userstring .= $return [ $i ] -> general_username . " quota get " . $return [ $i ] -> type . " \n " ;
else $userstring .= " + quota get " . $return [ $i ] -> type . " \n " ;
}
2003-11-08 12:29:23 +00:00
if ( function_exists ( proc_open )) {
// New Code, requires PHP 4.3
$descriptorspec = array (
0 => array ( " pipe " , " r " ), // stdin
1 => array ( " pipe " , " w " ), // stout
2 => array ( " file " , " /dev/null " , " a " ) // sterr
);
$process = proc_open ( escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ,
$descriptorspec ,
$pipes );
if ( is_resource ( $process )) {
/* perl - script is running
* $pipes [ 0 ] is writeable handle to child stdin
* $pipes [ 1 ] is readable handle to child stdout
* any error is send to / dev / null
*/
2003-11-08 18:51:48 +00:00
// Write one output-line for every user
fwrite ( $pipes [ 0 ], $userstring );
2003-11-08 12:29:23 +00:00
fclose ( $pipes [ 0 ]);
while ( ! feof ( $pipes [ 1 ])) {
$output = fgets ( $pipes [ 1 ], 1024 );
2003-11-08 18:51:48 +00:00
if ( $output != '' ) $output_array [] = $output ;
2003-11-08 12:29:23 +00:00
}
fclose ( $pipes [ 1 ]);
2003-11-12 10:30:52 +00:00
proc_close ( $process );
2003-11-06 10:58:21 +00:00
}
2003-11-08 12:29:23 +00:00
}
else { // PHP 4.3>
$command = escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ;
2003-11-08 18:51:48 +00:00
$pipe = popen ( " echo \" $userstring\ " | $command " , 'r');
2003-11-08 12:29:23 +00:00
while ( ! feof ( $pipe )) {
2003-11-10 14:24:17 +00:00
//$output .= fread($pipe, 1024);
$output = fgets ( $pipe , 1024 );
2003-11-08 18:51:48 +00:00
if ( $output != '' ) $output_array [] = $output ;
2003-11-06 10:58:21 +00:00
}
2003-11-08 12:29:23 +00:00
pclose ( $pipe );
2003-11-06 10:58:21 +00:00
}
2003-10-19 17:04:49 +00:00
/* $vals is a string which contains a two dimensional array .
* We have to recreate it with explode
*
* $return -> quota [][] First array is an index for every chare with active quotas
* second array Contains values for every share :
* mountpoint , used blocks , soft block limit , hard block limit , grace block period , used inodes ,
* soft inode limit , hard inode limit , grace inode period
*/
2003-11-09 22:09:22 +00:00
if ( is_array ( $output_array )) {
for ( $i = 0 ; $i < count ( $return ); $i ++ ) {
$all_quota = explode ( ':' , $output_array [ $i ]);
for ( $j = 0 ; $j < sizeof ( $all_quota ) - 1 ; $j ++ ) {
$single_quota = explode ( ',' , $all_quota [ $j ]);
// unset not existing quotas from account-object
// collect all existing mountpoints in array
$real_quotas [] = $single_quota [ 0 ];
for ( $k = 0 ; $k < sizeof ( $single_quota ); $k ++ )
$return [ $i ] -> quota [ $j ][ $k ] = $single_quota [ $k ];
if ( $return [ $i ] -> quota [ $j ][ 4 ] < time ()) $return [ $i ] -> quota [ $j ][ 4 ] = '' ;
2003-11-17 12:46:22 +00:00
else $return [ $i ] -> quota [ $j ][ 4 ] = strval ( intval (( $return [ $i ] -> quota [ $j ][ 4 ] - time ()) / 3600 )) . ' ' . _ ( 'hours' );
2003-11-09 22:09:22 +00:00
if ( $return [ $i ] -> quota [ $j ][ 8 ] < time ()) $return [ $i ] -> quota [ $j ][ 8 ] = '' ;
2003-11-17 12:46:22 +00:00
else $return [ $i ] -> quota [ $j ][ 8 ] = strval ( intval (( $return [ $i ] -> quota [ $j ][ 8 ] - time ()) / 3600 )) . ' ' . _ ( 'hours' );
2003-11-09 22:09:22 +00:00
}
$j = 0 ;
while ( isset ( $return [ $i ] -> quota [ $j ][ 0 ]))
// remove invalid quotas
if ( ! in_array ( $return [ $i ] -> quota [ $j ][ 0 ], $real_quotas )) unset ( $return [ $i ] -> quota [ $j ]);
else $j ++ ;
// Beautify array, repair index
if ( is_array ( $return [ $i ] -> quota )) $return [ $i ] -> quota = array_values ( $return [ $i ] -> quota );
}
2003-11-12 10:30:52 +00:00
if ( is_array ( $users )) return $return ;
else return $return [ 0 ];
2003-11-09 22:09:22 +00:00
}
else {
2003-11-10 15:49:12 +00:00
return $users ;
2003-11-08 18:51:48 +00:00
}
2003-05-07 16:53:03 +00:00
}
2003-10-19 17:04:49 +00:00
/* Whis function will set the quotas from the specified user .
2003-11-06 10:58:21 +00:00
* $values2 = array of object account with quotas which should be set
2003-11-12 10:30:52 +00:00
* $values2 can also be an account object
2003-10-19 17:04:49 +00:00
*/
2003-11-09 22:09:22 +00:00
function setquotas ( $values2 ) {
2003-10-19 17:04:49 +00:00
// get username and password of the current lam-admin
2003-05-13 10:54:53 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
* admin - username , admin - password , account with quotas , 'quota' , operation = 'set' , type = user | group
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-11-06 14:53:00 +00:00
$towrite = escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " .
escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]);
2003-11-12 10:30:52 +00:00
/* Check wich quotas have changed
* Because we can not send an array to lamdaemon . pl we have to put all
* values in a string . ':' sepraeates the first array , ',' the second
*
* $values -> quota [][] First array is an index for every chare with active quotas
* second array Contains values for every share :
* mountpoint , used blocks , soft block limit , hard block limit , grace block period , used inodes ,
* soft inode limit , hard inode limit , grace inode period
*
* run only once if no array is given
*
*/
if ( is_array ( $values2 )) {
foreach ( $values2 as $values ) {
$i = 0 ;
while ( $values -> quota [ $i ][ 0 ]) {
$quotastring = $quotastring . $values -> quota [ $i ][ 0 ] . ',' . $values -> quota [ $i ][ 2 ] . ',' . $values -> quota [ $i ][ 3 ]
. ',' . $values -> quota [ $i ][ 6 ] . ',' . $values -> quota [ $i ][ 7 ] . ':' ;
$i ++ ;
}
$userstring .= $values -> general_username . " quota set " . $values -> type . " " . $quotastring . " \n " ;
}
}
else {
$i = 0 ;
while ( $values2 -> quota [ $i ][ 0 ]) {
$quotastring = $quotastring . $values2 -> quota [ $i ][ 0 ] . ',' . $values2 -> quota [ $i ][ 2 ] . ',' . $values2 -> quota [ $i ][ 3 ]
. ',' . $values2 -> quota [ $i ][ 6 ] . ',' . $values2 -> quota [ $i ][ 7 ] . ':' ;
$i ++ ;
}
$userstring = $values2 -> general_username . " quota set " . $values2 -> type . " " . $quotastring . " \n " ;
}
2003-11-08 12:29:23 +00:00
if ( function_exists ( proc_open )) {
// New Code, requires PHP 4.3
$descriptorspec = array (
0 => array ( " pipe " , " r " ), // stdin
1 => array ( " pipe " , " w " ), // stout
2 => array ( " file " , " /dev/null " , " a " ) // sterr
);
$process = proc_open ( escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ,
$descriptorspec ,
$pipes );
if ( is_resource ( $process )) {
/* perl - script is running
* $pipes [ 0 ] is writeable handle to child stdin
* $pipes [ 1 ] is readable handle to child stdout
* any error is send to / dev / null
*/
2003-11-12 10:30:52 +00:00
// Write to stdin
fwrite ( $pipes [ 0 ], $userstring );
2003-11-08 12:29:23 +00:00
}
fclose ( $pipes [ 0 ]);
2003-11-12 10:30:52 +00:00
while ( ! feof ( $pipes [ 1 ])) {
$output = fgets ( $pipes [ 1 ], 1024 );
if ( $output != '' ) $output_array [] = $output ;
}
2003-11-08 12:29:23 +00:00
fclose ( $pipes [ 1 ]);
2003-11-12 10:30:52 +00:00
proc_close ( $process );
2003-11-08 12:29:23 +00:00
}
else { // PHP 4.3>
$command = escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ;
2003-11-12 10:30:52 +00:00
$pipe = popen ( " echo \" $userstring\ " | $command " , 'r');
2003-11-08 12:29:23 +00:00
while ( ! feof ( $pipe )) {
2003-11-12 10:30:52 +00:00
//$output .= fread($pipe, 1024);
$output = fgets ( $pipe , 1024 );
if ( $output != '' ) $output_array [] = $output ;
2003-05-13 10:54:53 +00:00
}
2003-11-08 12:29:23 +00:00
pclose ( $pipe );
2003-05-13 10:54:53 +00:00
}
2003-11-12 10:30:52 +00:00
if ( is_array ( $values2 )) return $output_array ;
else return $output_array [ 0 ];
2003-05-13 10:54:53 +00:00
}
2003-10-19 17:04:49 +00:00
/* Whis function will remove the quotas from the specified user .
2003-11-12 10:30:52 +00:00
* $users = array of usernames of which quta should be deleted
* $users can also be a string ( single user )
2003-10-19 17:04:49 +00:00
* $type = user or group
* Delteing quotas means settings all values to 0 which means no quotas
*/
2003-11-06 10:58:21 +00:00
function remquotas ( $users , $type ) {
2003-10-19 17:04:49 +00:00
// get username and password of the current lam-admin
2003-05-15 20:59:26 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
* admin - username , admin - password , account with quotas , 'quota' , operation = 'rem' , type = user | group
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-11-06 14:53:00 +00:00
$towrite = escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " .
escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]);
2003-11-12 10:30:52 +00:00
if ( is_array ( $users )) {
foreach ( $users as $user ) {
$userstring .= " $user quota rem $type\n " ;
}
}
else $userstring = " $users quota rem $type\n " ;
2003-11-08 12:29:23 +00:00
if ( function_exists ( proc_open )) {
// New Code, requires PHP 4.3
$descriptorspec = array (
0 => array ( " pipe " , " r " ), // stdin
1 => array ( " pipe " , " w " ), // stout
2 => array ( " file " , " /dev/null " , " a " ) // sterr
);
$process = proc_open ( escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ,
$descriptorspec ,
$pipes );
if ( is_resource ( $process )) {
/* perl - script is running
* $pipes [ 0 ] is writeable handle to child stdin
* $pipes [ 1 ] is readable handle to child stdout
* any error is send to / dev / null
*/
2003-11-12 10:30:52 +00:00
// Write to stdin
fwrite ( $pipes [ 0 ], $userstring );
2003-11-06 10:58:21 +00:00
}
2003-11-08 12:29:23 +00:00
fclose ( $pipes [ 0 ]);
2003-11-12 10:30:52 +00:00
while ( ! feof ( $pipes [ 1 ])) {
$output = fgets ( $pipes [ 1 ], 1024 );
if ( $output != '' ) $output_array [] = $output ;
}
2003-11-08 12:29:23 +00:00
fclose ( $pipes [ 1 ]);
2003-11-12 10:30:52 +00:00
proc_close ( $process );
2003-11-08 12:29:23 +00:00
}
else { // PHP 4.3>
$command = escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ;
2003-11-12 10:30:52 +00:00
$pipe = popen ( " echo \" $userstring\ " | $command " , 'r');
2003-11-08 12:29:23 +00:00
while ( ! feof ( $pipe )) {
2003-11-12 10:30:52 +00:00
//$output .= fread($pipe, 1024);
$output = fgets ( $pipe , 1024 );
if ( $output != '' ) $output_array [] = $output ;
2003-11-08 12:29:23 +00:00
}
pclose ( $pipe );
2003-11-06 10:58:21 +00:00
}
2003-11-12 10:30:52 +00:00
if ( is_array ( $values2 )) return $output_array ;
else return $output_array [ 0 ];
2003-05-15 20:59:26 +00:00
}
2003-05-13 10:54:53 +00:00
2003-10-19 17:04:49 +00:00
/* Create Homedirectory
* lamdaemon . pl uses getpwnam on remote system to get homedir path .
* Therefore ldap have to be used on remote system for user accounts
2003-11-06 10:58:21 +00:00
* $users = array of usernames
2003-11-12 10:30:52 +00:00
* $users can also be a string ( single user )
2003-10-19 17:04:49 +00:00
*/
2003-11-06 10:58:21 +00:00
function addhomedir ( $users ) {
2003-10-19 17:04:49 +00:00
// get username and password of the current lam-admin
2003-05-13 10:54:53 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
* admin - username , admin - password , owner of homedir , 'home' , operation = 'add'
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-11-06 14:53:00 +00:00
$towrite = escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " .
escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]);
2003-11-12 10:30:52 +00:00
if ( is_array ( $users )) {
foreach ( $users as $user ) {
$userstring .= " $user home add \n " ;
}
}
else $userstring = " $users home add \n " ;
2003-11-08 12:29:23 +00:00
if ( function_exists ( proc_open )) {
// New Code, requires PHP 4.3
$descriptorspec = array (
0 => array ( " pipe " , " r " ), // stdin
1 => array ( " pipe " , " w " ), // stout
2 => array ( " file " , " /dev/null " , " a " ) // sterr
);
$process = proc_open ( escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ,
$descriptorspec ,
$pipes );
if ( is_resource ( $process )) {
/* perl - script is running
* $pipes [ 0 ] is writeable handle to child stdin
* $pipes [ 1 ] is readable handle to child stdout
* any error is send to / dev / null
*/
2003-11-12 10:30:52 +00:00
// Write to stdin
fwrite ( $pipes [ 0 ], $userstring );
2003-11-08 12:29:23 +00:00
}
fclose ( $pipes [ 0 ]);
2003-11-12 10:30:52 +00:00
while ( ! feof ( $pipes [ 1 ])) {
$output = fgets ( $pipes [ 1 ], 1024 );
if ( $output != '' ) $output_array [] = $output ;
}
2003-11-08 12:29:23 +00:00
fclose ( $pipes [ 1 ]);
2003-11-12 10:30:52 +00:00
proc_close ( $process );
2003-11-08 12:29:23 +00:00
}
else { // PHP 4.3>
$command = escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ;
2003-11-12 10:30:52 +00:00
$pipe = popen ( " echo \" $userstring\ " | $command " , 'r');
2003-11-08 12:29:23 +00:00
while ( ! feof ( $pipe )) {
2003-11-12 10:30:52 +00:00
//$output .= fread($pipe, 1024);
$output = fgets ( $pipe , 1024 );
if ( $output != '' ) $output_array [] = $output ;
2003-11-06 10:58:21 +00:00
}
2003-11-08 12:29:23 +00:00
pclose ( $pipe );
2003-11-06 10:58:21 +00:00
}
2003-11-12 10:30:52 +00:00
if ( is_array ( $values2 )) return $output_array ;
else return $output_array [ 0 ];
2003-05-13 10:54:53 +00:00
}
2003-10-19 17:04:49 +00:00
/* Remove Homedirectory
* lamdaemon . pl uses getpwnam on remote system to get homedir path .
* Therefore ldap have to be used on remote system for user accounts
* This also means you have to remove the homedirectory before the
* account is removed from ldap
2003-11-06 10:58:21 +00:00
* $users = array of usernames
2003-11-12 10:30:52 +00:00
* $users can also be a string ( single user )
2003-10-19 17:04:49 +00:00
*/
2003-11-06 14:53:00 +00:00
function remhomedir ( $users ) {
2003-10-19 17:04:49 +00:00
// get username and password of the current lam-admin
2003-05-13 10:54:53 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
2003-11-06 10:58:21 +00:00
* admin - username , admin - password , owner of homedir , 'home' , operation = 'add'
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-11-06 14:53:00 +00:00
$towrite = escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " .
escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]);
2003-11-12 10:30:52 +00:00
if ( is_array ( $users )) {
foreach ( $users as $user ) {
$userstring .= " $user home rem \n " ;
}
}
else $userstring = " $users home rem \n " ;
2003-11-08 12:29:23 +00:00
if ( function_exists ( proc_open )) {
// New Code, requires PHP 4.3
$descriptorspec = array (
0 => array ( " pipe " , " r " ), // stdin
1 => array ( " pipe " , " w " ), // stout
2 => array ( " file " , " /dev/null " , " a " ) // sterr
);
$process = proc_open ( escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ,
$descriptorspec ,
$pipes );
if ( is_resource ( $process )) {
/* perl - script is running
* $pipes [ 0 ] is writeable handle to child stdin
* $pipes [ 1 ] is readable handle to child stdout
* any error is send to / dev / null
*/
2003-11-12 10:30:52 +00:00
// Write to stdin
fwrite ( $pipes [ 0 ], $userstring );
2003-11-08 12:29:23 +00:00
}
fclose ( $pipes [ 0 ]);
2003-11-12 10:30:52 +00:00
while ( ! feof ( $pipes [ 1 ])) {
$output = fgets ( $pipes [ 1 ], 1024 );
if ( $output != '' ) $output_array [] = $output ;
}
2003-11-08 12:29:23 +00:00
fclose ( $pipes [ 1 ]);
2003-11-12 10:30:52 +00:00
proc_close ( $process );
2003-11-08 12:29:23 +00:00
}
else { // PHP 4.3>
$command = escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . $towrite ;
2003-11-12 10:30:52 +00:00
$pipe = popen ( " echo \" $userstring\ " | $command " , 'r');
2003-11-08 12:29:23 +00:00
while ( ! feof ( $pipe )) {
2003-11-12 10:30:52 +00:00
//$output .= fread($pipe, 1024);
$output = fgets ( $pipe , 1024 );
if ( $output != '' ) $output_array [] = $output ;
2003-11-06 10:58:21 +00:00
}
2003-11-08 12:29:23 +00:00
pclose ( $pipe );
2003-11-06 10:58:21 +00:00
}
2003-11-12 10:30:52 +00:00
if ( is_array ( $values2 )) return $output_array ;
else return $output_array [ 0 ];
2003-05-13 10:54:53 +00:00
}
2003-10-19 17:04:49 +00:00
/* This function maintains the ldap - cache which is used to reduce ldap requests
* If the array is older than $_SESSION [ 'config' ] -> get_cacheTimeoutSec () it will
* be recreated
*
* $type can be user | group | host .
*
* $_SESSION [ 'xxxxDN' ] contains all attributes which are needed very often from
* more than one function
* $_SESSION [ 'xxxx' DN ' ][ 0 ] contains the creation time of the array as unix timestamp .
* All other entries have the following syntax :
* $_SESSION [ 'xxxx' DN ' ][ $dn ][ $attributes ]
* $dn = DN of cached entry
* $attributes = All cached attributes of DN
* The cache contains the following attributes :
* user : cn , uidNumber
* group : cn , gidNumber
* host : cn , uidNumber
*/
function ldapreload ( $type ) {
2003-08-18 11:16:37 +00:00
switch ( $type ) {
case 'user' :
2003-10-19 17:04:49 +00:00
// Do we have to recreate array?
2003-08-18 17:41:34 +00:00
if (( ! isset ( $_SESSION [ 'userDN' ])) || ( $_SESSION [ 'userDN' ][ 0 ] < time () - $_SESSION [ 'config' ] -> get_cacheTimeoutSec ())) {
2003-10-19 17:04:49 +00:00
// Remove old array
2003-08-18 11:16:37 +00:00
if ( isset ( $_SESSION [ 'userDN' ])) unset ( $_SESSION [ 'userDN' ]);
2003-10-19 17:04:49 +00:00
// insert timestamp in array
2003-08-18 11:16:37 +00:00
$_SESSION [ 'userDN' ][ 0 ] = time ();
2003-10-19 17:04:49 +00:00
// Search 4 values which should be cached
2003-11-08 12:29:23 +00:00
$result = @ ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_UserSuffix (),
2003-10-28 18:24:30 +00:00
'(&(objectClass=posixAccount)(!(uid=*$)))' , array ( 'cn' , 'uidNumber' ), 0 );
2003-10-19 17:04:49 +00:00
// Write search result in array
2003-11-08 12:29:23 +00:00
$entry = @ ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-08-18 11:16:37 +00:00
while ( $entry ) {
$dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr [ 'cn' ][ 0 ]))
$_SESSION [ 'userDN' ][ $dn ][ 'cn' ] = $attr [ 'cn' ][ 0 ];
if ( isset ( $attr [ 'uidNumber' ][ 0 ]))
$_SESSION [ 'userDN' ][ $dn ][ 'uidNumber' ] = $attr [ 'uidNumber' ][ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
}
break ;
case 'group' :
2003-10-19 17:04:49 +00:00
// Do we have to recreate array?
2003-08-18 17:41:34 +00:00
if (( ! isset ( $_SESSION [ 'groupDN' ])) || ( $_SESSION [ 'groupDN' ][ 0 ] < time () - $_SESSION [ 'config' ] -> get_cacheTimeoutSec ())) {
2003-10-19 17:04:49 +00:00
// Remove old array
2003-08-18 11:16:37 +00:00
if ( isset ( $_SESSION [ 'groupDN' ])) unset ( $_SESSION [ 'groupDN' ]);
2003-10-19 17:04:49 +00:00
// insert timestamp in array
2003-08-18 11:16:37 +00:00
$_SESSION [ 'groupDN' ][ 0 ] = time ();
2003-10-19 17:04:49 +00:00
// Search 4 values which should be cached
2003-11-08 12:29:23 +00:00
$result = @ ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (),
2003-12-06 14:22:54 +00:00
'objectClass=posixGroup' , array ( 'gidNumber' , 'cn' , 'memberUid' , 'sambaSID' ), 0 );
2003-10-19 17:04:49 +00:00
// Write search result in array
2003-11-08 12:29:23 +00:00
$entry = @ ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-08-18 11:16:37 +00:00
while ( $entry ) {
$dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr [ 'gidNumber' ][ 0 ]))
2003-08-18 17:41:34 +00:00
$_SESSION [ 'groupDN' ][ $dn ][ 'uidNumber' ] = $attr [ 'gidNumber' ][ 0 ];
2003-08-18 11:16:37 +00:00
if ( isset ( $attr [ 'cn' ][ 0 ]))
$_SESSION [ 'groupDN' ][ $dn ][ 'cn' ] = $attr [ 'cn' ][ 0 ];
2003-12-06 14:22:54 +00:00
if ( isset ( $attr [ 'sambaSID' ][ 0 ]))
$_SESSION [ 'groupDN' ][ $dn ][ 'sambaSID' ] = $attr [ 'sambaSID' ][ 0 ];
2003-11-13 17:58:51 +00:00
$i = 0 ;
while ( isset ( $attr [ 'memberUid' ][ $i ])) {
$_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][ $i ] = $attr [ 'memberUid' ][ $i ];
$i ++ ;
}
2003-08-18 11:16:37 +00:00
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
}
break ;
case 'host' :
2003-10-19 17:04:49 +00:00
// Do we have to recreate array?
2003-08-18 17:41:34 +00:00
if (( ! isset ( $_SESSION [ 'hostDN' ])) || ( $_SESSION [ 'hostDN' ][ 0 ] < time () - $_SESSION [ 'config' ] -> get_cacheTimeoutSec ())) {
2003-10-19 17:04:49 +00:00
// Remove old array
2003-08-18 11:16:37 +00:00
if ( isset ( $_SESSION [ 'hostDN' ])) unset ( $_SESSION [ 'hostDN' ]);
2003-10-19 17:04:49 +00:00
// insert timestamp in array
2003-08-18 11:16:37 +00:00
$_SESSION [ 'hostDN' ][ 0 ] = time ();
2003-10-19 17:04:49 +00:00
// Search 4 values which should be cached
2003-11-08 12:29:23 +00:00
$result = @ ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_HostSuffix (),
2003-10-28 18:24:30 +00:00
'(&(objectClass=posixAccount)(uid=*$))' , array ( 'cn' , 'uidNumber' ), 0 );
2003-10-19 17:04:49 +00:00
// Write search result in array
2003-11-08 12:29:23 +00:00
$entry = @ ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-08-18 11:16:37 +00:00
while ( $entry ) {
$dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr [ 'cn' ][ 0 ]))
$_SESSION [ 'hostDN' ][ $dn ][ 'cn' ] = $attr [ 'cn' ][ 0 ];
if ( isset ( $attr [ 'uidNumber' ][ 0 ]))
$_SESSION [ 'hostDN' ][ $dn ][ 'uidNumber' ] = $attr [ 'uidNumber' ][ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
}
break ;
}
return 0 ;
}
2003-10-19 17:04:49 +00:00
/* This function will search in cache if the DN already exists
* $values is an account - object
* $values_old is an account - object
* $values_old is needed because we don ' t want to raise
* an error if the DN allredy exists but is the original DN
*/
function ldapexists ( $values , $values_old = false ) {
switch ( $values -> type ) {
2003-05-16 20:00:45 +00:00
case 'user' :
2003-10-19 17:04:49 +00:00
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'user' );
2003-10-19 17:04:49 +00:00
// Entry which we search in ldap ',' is needed to ensure the complete username is checked
$search = 'uid=' . $values -> general_username . ',' ;
// Get copy of cache-array
2003-08-18 11:16:37 +00:00
$keys = array_keys ( $_SESSION [ 'userDN' ]);
2003-05-16 20:00:45 +00:00
break ;
case 'group' :
2003-10-19 17:04:49 +00:00
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'group' );
2003-10-19 17:04:49 +00:00
// Entry which we search in ldap ',' is needed to ensure the complete username is checked
$search = 'cn=' . $values -> general_username . ',' ;
// Get copy of cache-array and
2003-08-18 11:16:37 +00:00
$keys = array_keys ( $_SESSION [ 'groupDN' ]);
2003-05-16 20:00:45 +00:00
break ;
case 'host' :
2003-10-19 17:04:49 +00:00
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'host' );
2003-10-19 17:04:49 +00:00
// Entry which we search in ldap ',' is needed to ensure the complete username is checked
$search = 'uid=' . $values -> general_username . ',' ;
// Get copy of cache-array
2003-08-18 11:16:37 +00:00
$keys = array_keys ( $_SESSION [ 'hostDN' ]);
2003-05-16 20:00:45 +00:00
break ;
2003-04-23 15:47:00 +00:00
}
2003-10-19 17:04:49 +00:00
// Remove timestamp stored in [0]
unset ( $keys [ 0 ]);
$keys = array_values ( $keys );
if ( ! $values_old ) {
// Create new account
// Check if entry allready exists
foreach ( $keys as $key )
if ( strstr ( $key , $search )) return sprintf ( _ ( '%s already exists!' ), $values -> type );
}
// edit existing account and don't create a new one
else if ( $values_old -> general_username != $values -> general_username ) {
foreach ( $keys as $key )
if ( strstr ( $key , $search )) return sprintf ( _ ( '%s already exists!' ), $values -> type );
}
2003-04-23 15:47:00 +00:00
return 0 ;
}
2003-10-19 17:04:49 +00:00
/* This function will return an array with all groupnames
* found in ldap . Groupnames are taken from cache - array .
*/
function findgroups () {
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'group' );
2003-10-19 17:04:49 +00:00
// Get copy of cache-array
2003-08-18 18:46:33 +00:00
$groups = $_SESSION [ 'groupDN' ];
2003-10-19 17:04:49 +00:00
// Remove timestamp stored in [0]
2003-08-18 18:46:33 +00:00
unset ( $groups [ 0 ]);
2003-10-19 17:04:49 +00:00
// Create and sort array
2003-08-18 18:46:33 +00:00
foreach ( $groups as $group ) {
$return [] = $group [ 'cn' ];
}
2003-11-08 11:32:52 +00:00
if ( is_array ( $return )) sort ( $return , SORT_STRING );
2003-08-18 18:46:33 +00:00
return $return ;
2003-04-23 15:47:00 +00:00
}
2003-10-19 17:04:49 +00:00
/* This function will return the gidNumber to an existing groupname
* gidNumbers are taken from cache - array
*/
function getgid ( $groupname ) {
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'group' );
2003-10-19 17:04:49 +00:00
// Get copy of cache-array
2003-08-18 18:46:33 +00:00
$keys = $_SESSION [ 'groupDN' ];
2003-10-19 17:04:49 +00:00
// Remove timestamp stored in [0]
2003-08-18 11:16:37 +00:00
unset ( $keys [ 0 ]);
2003-10-19 17:04:49 +00:00
// Return gidNumber as soon as it's found
2003-08-18 18:46:33 +00:00
foreach ( $keys as $key ) {
if ( $key [ 'cn' ] == $groupname ) return $key [ 'uidNumber' ];
}
2003-10-19 17:04:49 +00:00
// return -1 if groupname isn't found
2003-07-10 12:25:29 +00:00
return - 1 ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will return the groupname to an existing gidNumber
* groupnames are taken from cache - array
*/
function getgrnam ( $gidNumber ) {
// Validate cache-array
ldapreload ( 'group' );
// Get copy of cache-array
$groupDN_local = $_SESSION [ 'groupDN' ];
// Remove timestamp stored in [0]
unset ( $groupDN_local [ 0 ]);
// Now we only have an array with DNs
$groupDN_local = array_keys ( $groupDN_local );
$i = 0 ;
// Loop until we've found the right uidNumber
while ( ! isset ( $return ) && isset ( $_SESSION [ 'groupDN' ][ $groupDN_local [ $i ]][ 'uidNumber' ])) {
if ( $_SESSION [ 'groupDN' ][ $groupDN_local [ $i ]][ 'uidNumber' ] == $gidNumber ) {
// We've found the correct entry. Now we need the groupname
2003-10-22 13:57:32 +00:00
$return = $_SESSION [ 'groupDN' ][ $groupDN_local [ $i ]][ 'cn' ];
2003-10-20 17:56:52 +00:00
}
// Increase loop-variable if entry wasn't found
else $i ++ ;
}
// Set $return to -1 if no group was found
if ( ! isset ( $return )) $return = - 1 ;
return $return ;
}
2003-04-23 15:47:00 +00:00
2003-10-19 17:04:49 +00:00
/* This function will return an unuesed id - number if $values -> general_uidNumber is not set and $values_old is false
* If values_old is true and $values -> general_uidNumber is not set the original id - number is returned
* If $values -> general_uidNumber is set id - number is checked . If it ' s allready in use an error will be reported
* id - numbers are taken from cache - array
* $values and $values_old are account objects
* Return - Values is an integer id - number or an string - error
*/
function checkid ( $values , $values_old = false ) {
switch ( $values -> type ) {
2003-10-20 17:56:52 +00:00
case 'group' :
// Validate cache-array
ldapreload ( 'group' );
// Load all needed variables from session
$minID = intval ( $_SESSION [ 'config' ] -> get_MinGID ());
$maxID = intval ( $_SESSION [ 'config' ] -> get_MaxGID ());
// Get copy of cache-array
$temp = $_SESSION [ 'groupDN' ];
break ;
2003-04-23 15:47:00 +00:00
case 'user' :
2003-10-19 17:04:49 +00:00
/* Validate cache - array
* Because users and hosts are using the same id - numbers we have to merge
* both cache - arrays
*/
2003-09-12 07:16:23 +00:00
ldapreload ( 'user' );
2003-10-17 07:58:43 +00:00
ldapreload ( 'host' );
2003-10-19 17:04:49 +00:00
// Load all needed variables from session
2003-06-05 17:25:52 +00:00
$minID = intval ( $_SESSION [ 'config' ] -> get_minUID ());
$maxID = intval ( $_SESSION [ 'config' ] -> get_maxUID ());
2003-10-19 17:04:49 +00:00
// load and merge arrays
$temp = $_SESSION [ 'userDN' ];
// Remove timestamp stored in [0]
unset ( $temp [ 0 ]);
// put only uidNumbers in array
foreach ( $temp as $key ) $uids [] = $key [ 'uidNumber' ];
$temp = $_SESSION [ 'hostDN' ];
2003-04-23 15:47:00 +00:00
break ;
case 'host' :
2003-10-19 17:04:49 +00:00
/* Validate cache - array
* Because users and hosts are using the same id - numbers we have to merge
* both cache - arrays
*/
2003-10-17 07:58:43 +00:00
ldapreload ( 'user' );
2003-09-12 07:16:23 +00:00
ldapreload ( 'host' );
2003-10-19 17:04:49 +00:00
// Load all needed variables from session
2003-10-20 17:56:52 +00:00
$minID = intval ( $_SESSION [ 'config' ] -> get_minMachine ());
$maxID = intval ( $_SESSION [ 'config' ] -> get_maxMachine ());
2003-10-19 17:04:49 +00:00
// load and merge arrays
$temp = $_SESSION [ 'userDN' ];
// Remove timestamp stored in [0]
unset ( $temp [ 0 ]);
// put only uidNumbers in array
foreach ( $temp as $key ) $uids [] = $key [ 'uidNumber' ];
$temp = $_SESSION [ 'hostDN' ];
2003-04-23 15:47:00 +00:00
break ;
}
2003-10-19 17:04:49 +00:00
// Remove timestamp stored in [0]
unset ( $temp [ 0 ]);
2003-10-28 18:24:30 +00:00
// put only uidNumbers in array. Put only uids in array witch are smaller than maxID
foreach ( $temp as $key ) if ( $key [ 'uidNumber' ] < $maxID ) $uids [] = $key [ 'uidNumber' ];
2003-10-19 17:04:49 +00:00
// sort array with uids
if ( is_array ( $uids )) sort ( $uids , SORT_NUMERIC );
2003-09-11 16:55:57 +00:00
if ( $values -> general_uidNumber == '' ) {
2003-10-19 17:04:49 +00:00
// No id-number given
2003-09-12 07:16:23 +00:00
if ( ! isset ( $values_old -> general_uidNumber )) {
2003-10-19 17:04:49 +00:00
// new account -> we have to find a free id-number
if ( count ( $uids ) != 0 ) {
// There are some uids
// Store highest id-number
$id = $uids [ count ( $uids ) - 1 ];
// Return minimum allowed id-number if all found id-numbers are too low
2003-10-21 13:40:13 +00:00
if ( $id < $minID ) return implode ( ':' , array ( $minID , '' ));
2003-10-20 17:56:52 +00:00
// Return higesht used id-number + 1 if it's still in valid range
2003-10-21 13:40:13 +00:00
if ( $id < $maxID ) return implode ( ':' , array ( $id + 1 , '' ));
2003-10-19 17:04:49 +00:00
/* If this function is still running we have to fid a free id - number between
* the used id - numbers
*/
2003-10-17 16:04:57 +00:00
$i = intval ( $minID );
2003-10-19 17:04:49 +00:00
while ( in_array ( $i , $uids )) $i ++ ;
2003-10-21 13:40:13 +00:00
if ( $i > $maxID ) return implode ( ':' , array ( $values -> general_uidNumber , implode ( ';' , array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'No free ID-Number!' )))));
2003-10-28 11:23:06 +00:00
else return implode ( ':' , array ( $i , implode ( ';' , array ( 'WARN' , _ ( 'ID-Number' ), _ ( 'It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.' )))));
2003-05-20 21:12:15 +00:00
}
2003-10-21 13:40:13 +00:00
else return implode ( ':' , array ( $minID , '' ));
2003-10-19 17:04:49 +00:00
// return minimum allowed id-number if no id-numbers are found
2003-04-23 15:47:00 +00:00
}
2003-10-21 13:40:13 +00:00
else return implode ( ':' , array ( $values_old -> general_uidNumber , '' ));
2003-10-19 17:04:49 +00:00
// old account -> return id-number which has been used
}
else {
// Check manual ID
// id-number is out of valid range
2003-10-21 13:40:13 +00:00
if ( $values -> general_uidNumber < $minID || $values -> general_uidNumber > $maxID ) return implode ( ':' , array ( $values -> general_uidNumber , implode ( ';' , array ( 'ERROR' , _ ( 'ID-Number' ), sprintf ( _ ( 'Please enter a value between %s and %s!' ), $minID , $maxID )))));
2003-10-19 17:04:49 +00:00
// $uids is allways an array but not if no entries were found
if ( is_array ( $uids )) {
// id-number is in use and account is a new account
2003-10-21 13:40:13 +00:00
if (( in_array ( $values -> general_uidNumber , $uids )) && ! $values_old ) return implode ( ':' , array ( $values -> general_uidNumber , implode ( ';' , array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'ID is already in use' )))));
2003-10-19 17:04:49 +00:00
// id-number is in use, account is existing account and id-number is not used by itself
if (( in_array ( $values -> general_uidNumber , $uids )) && $values_old && ( $values_old -> general_uidNumber != $values -> general_uidNumber ) )
2003-10-21 13:40:13 +00:00
return implode ( ':' , array ( $values_old -> general_uidNumber , implode ( ';' , array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'ID is already in use' )))));
2003-09-11 16:55:57 +00:00
}
2003-10-19 17:04:49 +00:00
// return id-number if everything is OK
2003-10-21 13:40:13 +00:00
return implode ( ':' , array ( $values -> general_uidNumber , '' ));
2003-09-11 16:55:57 +00:00
}
2003-04-23 15:47:00 +00:00
}
2003-10-19 17:04:49 +00:00
// This function will return the days from 1.1.1970 until now
function getdays () {
2003-04-23 15:47:00 +00:00
$days = time () / 86400 ;
settype ( $days , 'integer' );
return $days ;
}
2003-10-19 17:04:49 +00:00
/* This function creates all attributes stored in attrFlags . It ' s the same
* syntax used in smbpasswd
2003-11-17 16:02:23 +00:00
* $values is an array of samba flags as defined in account object
2003-10-19 17:04:49 +00:00
* Return value is a string
*/
2003-11-17 16:02:23 +00:00
function smbflag ( $input ) {
2003-10-19 17:04:49 +00:00
// Start character
2003-04-23 15:47:00 +00:00
$flag = " [ " ;
2003-10-19 17:04:49 +00:00
// Add Options
2003-11-17 16:02:23 +00:00
if ( $input [ 'W' ]) $flag .= " W " ; else $flag .= " U " ;
if ( $input [ 'D' ]) $flag .= " D " ;
if ( $input [ 'X' ]) $flag .= " X " ;
if ( $input [ 'N' ]) $flag .= " N " ;
if ( $input [ 'S' ]) $flag .= " S " ;
if ( $input [ 'H' ]) $flag .= " H " ;
2003-10-19 17:04:49 +00:00
// Expand string to fixed length
2003-05-18 09:45:56 +00:00
$flag = str_pad ( $flag , 12 );
2003-10-19 17:04:49 +00:00
// End character
2003-04-23 15:47:00 +00:00
$flag = $flag . " ] " ;
return $flag ;
}
2003-10-19 17:04:49 +00:00
2003-10-20 17:56:52 +00:00
/* This function will load all needed values from an existing user account
2003-11-12 10:30:52 +00:00
* $dns is an array of dns ( string ) of the users which should be loaded
* return - value is an array of account - objects
* $dns can also be an string . Then return - value is a single string too
2003-10-19 17:04:49 +00:00
*/
2003-11-12 10:30:52 +00:00
function loaduser ( $dns ) {
2003-10-19 17:04:49 +00:00
// Load userattributes from ldap
2003-11-12 10:30:52 +00:00
//$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
// Get uid=$user from DN
// Put ldapsearch together
if ( is_array ( $dns )) {
foreach ( $dns as $dn )
$uids [] = substr ( $dn , 0 , strpos ( $dn , ',' ));
$search = " (| " ;
foreach ( $uids as $uid ) $search .= " ( $uid ) " ;
$search .= " ) " ;
}
else $search = substr ( $dns , 0 , strpos ( $dns , ',' ));
2003-11-12 10:46:13 +00:00
/* if string is langer then 1024 characters we have to search for all users and
* output only the selcted users because searchfilter would be too big
*/
2003-11-12 11:40:23 +00:00
if ( strlen ( $search ) < 1024 ) $result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_UserSuffix (), $search );
2003-11-12 14:24:23 +00:00
else $result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_UserSuffix (), " uid=* " );
2003-04-23 15:47:00 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-11-12 11:40:23 +00:00
// store smb_domain as samba3domain-Object
if ( $_SESSION [ 'config' ] -> is_samba3 ()) $samba3domains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ config ] -> get_domainSuffix ());
2003-11-12 10:30:52 +00:00
// loop for every found user
$i = 0 ;
2003-04-23 15:47:00 +00:00
while ( $entry ) {
2003-11-12 10:30:52 +00:00
// Only load user if it should be loaded
if ( is_array ( $dns )) {
if ( in_array ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ), $dns )) $continue = true ;
else $continue = false ;
}
else $continue = true ;
if ( $continue ) {
// Create new object
$return [ $i ] = new account ();
// Set type of account
$return [ $i ] -> type = 'user' ;
// Set user samba flag
2003-11-17 16:02:23 +00:00
$return [ $i ] -> smb_flags [ 'W' ] = false ;
2003-11-12 10:30:52 +00:00
$return [ $i ] -> general_dn = ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry );
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
$return [ $i ] -> general_username = $attr [ 'uid' ][ 0 ];
$return [ $i ] -> general_uidNumber = $attr [ 'uidNumber' ][ 0 ];
$return [ $i ] -> general_homedir = $attr [ 'homeDirectory' ][ 0 ];
if ( isset ( $attr [ 'shadowLastChange' ][ 0 ])) $return [ $i ] -> unix_shadowLastChange = $attr [ 'shadowLastChange' ][ 0 ];
if ( isset ( $attr [ 'loginShell' ][ 0 ])) $return [ $i ] -> general_shell = $attr [ 'loginShell' ][ 0 ];
if ( isset ( $attr [ 'gecos' ][ 0 ])) $return [ $i ] -> general_gecos = utf8_decode ( $attr [ 'gecos' ][ 0 ]);
2003-09-18 13:54:02 +00:00
2003-11-12 10:30:52 +00:00
// get groupname
$return [ $i ] -> general_group = getgrnam ( $attr [ 'gidNumber' ][ 0 ]);
2003-09-18 13:54:02 +00:00
2003-11-12 10:30:52 +00:00
// get all additional groupmemberships
2003-11-13 17:58:51 +00:00
// Load groups in cache
ldapreload ( 'group' );
foreach ( $_SESSION [ 'groupDN' ] as $group ) {
if ( is_array ( $group [ 'memberUid' ]))
if ( in_array ( $return [ $i ] -> general_username , $group [ 'memberUid' ])) $return [ $i ] -> general_groupadd [] = $group [ 'cn' ];
2003-11-12 10:30:52 +00:00
}
2003-09-18 13:54:02 +00:00
2003-11-12 10:30:52 +00:00
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
if ( isset ( $attr [ 'shadowMin' ][ 0 ])) $return [ $i ] -> unix_pwdminage = $attr [ 'shadowMin' ][ 0 ];
if ( isset ( $attr [ 'shadowMax' ][ 0 ])) $return [ $i ] -> unix_pwdmaxage = $attr [ 'shadowMax' ][ 0 ];
if ( isset ( $attr [ 'shadowWarning' ][ 0 ])) $return [ $i ] -> unix_pwdwarn = $attr [ 'shadowWarning' ][ 0 ];
if ( isset ( $attr [ 'shadowInactive' ][ 0 ])) $return [ $i ] -> unix_pwdallowlogin = $attr [ 'shadowInactive' ][ 0 ];
if ( isset ( $attr [ 'shadowExpire' ][ 0 ])) $return [ $i ] -> unix_pwdexpire = $attr [ 'shadowExpire' ][ 0 ] * 86400 ;
2003-09-18 13:54:02 +00:00
2003-11-12 10:30:52 +00:00
// load hosts attributes if set
$j = 0 ;
while ( isset ( $attr [ 'host' ][ $j ])) {
if ( $j == 0 ) $return [ $i ] -> unix_host = $attr [ 'host' ][ $j ];
else $return [ $i ] -> unix_host = $return [ $i ] -> unix_host . ', ' . $attr [ 'host' ][ $j ];
$j ++ ;
}
// load objectclasses
$j = 0 ;
while ( isset ( $attr [ 'objectClass' ][ $j ])) {
$return [ $i ] -> general_objectClass [ $j ] = $attr [ 'objectClass' ][ $j ];
$j ++ ;
}
// load personal settings
if ( isset ( $attr [ 'givenName' ][ 0 ])) $return [ $i ] -> general_givenname = utf8_decode ( $attr [ 'givenName' ][ 0 ]);
if ( isset ( $attr [ 'sn' ][ 0 ])) $return [ $i ] -> general_surname = utf8_decode ( $attr [ 'sn' ][ 0 ]);
if ( isset ( $attr [ 'title' ][ 0 ])) $return [ $i ] -> personal_title = utf8_decode ( $attr [ 'title' ][ 0 ]);
if ( isset ( $attr [ 'mail' ][ 0 ])) $return [ $i ] -> personal_mail = utf8_decode ( $attr [ 'mail' ][ 0 ]);
if ( isset ( $attr [ 'telephoneNumber' ][ 0 ])) $return [ $i ] -> personal_telephoneNumber = utf8_decode ( $attr [ 'telephoneNumber' ][ 0 ]);
if ( isset ( $attr [ 'mobileTelephoneNumber' ][ 0 ])) $return [ $i ] -> personal_mobileTelephoneNumber = utf8_decode ( $attr [ 'mobileTelephoneNumber' ][ 0 ]);
else if ( isset ( $attr [ 'mobile' ][ 0 ])) $return [ $i ] -> personal_mobileTelephoneNumber = utf8_decode ( $attr [ 'mobile' ][ 0 ]);
if ( isset ( $attr [ 'facsimileTelephoneNumber' ][ 0 ])) $return [ $i ] -> personal_facsimileTelephoneNumber = utf8_decode ( $attr [ 'facsimileTelephoneNumber' ][ 0 ]);
if ( isset ( $attr [ 'street' ][ 0 ])) $return [ $i ] -> personal_street = utf8_decode ( $attr [ 'street' ][ 0 ]);
if ( isset ( $attr [ 'postalCode' ][ 0 ])) $return [ $i ] -> personal_postalCode = utf8_decode ( $attr [ 'postalCode' ][ 0 ]);
if ( isset ( $attr [ 'postalAddress' ][ 0 ])) $return [ $i ] -> personal_postalAddress = utf8_decode ( $attr [ 'postalAddress' ][ 0 ]);
if ( isset ( $attr [ 'employeeType' ][ 0 ])) $return [ $i ] -> personal_employeeType = utf8_decode ( $attr [ 'employeeType' ][ 0 ]);
if ( isset ( $attr [ 'userPassword' ][ 0 ])) {
$return [ $i ] -> unix_password = $attr [ 'userPassword' ][ 0 ];
$return [ $i ] -> unix_deactivated =! pwd_is_enabled ( $attr [ 'userPassword' ][ 0 ]);
}
if ( isset ( $attr [ 'displayName' ][ 0 ])) $return [ $i ] -> smb_displayName = utf8_decode ( $attr [ 'displayName' ][ 0 ]);
// sambaSamAccount (Samba3) is used.
if ( in_array ( 'sambaSamAccount' , $attr [ 'objectClass' ])) {
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
if ( isset ( $attr [ 'sambaAcctFlags' ][ 0 ])) {
2003-11-17 16:02:23 +00:00
if ( strrpos ( $attr [ 'sambaAcctFlags' ][ 0 ], 'D' )) $return [ $i ] -> smb_flags [ 'D' ] = true ;
if ( strrpos ( $attr [ 'sambaAcctFlags' ][ 0 ], 'X' )) $return [ $i ] -> smb_flags [ 'X' ] = true ;
if ( strrpos ( $attr [ 'sambaAcctFlags' ][ 0 ], 'N' )) $return [ $i ] -> smb_flags [ 'N' ] = true ;
if ( strrpos ( $attr [ 'sambaAcctFlags' ][ 0 ], 'S' )) $return [ $i ] -> smb_flags [ 'S' ] = true ;
if ( strrpos ( $attr [ 'sambaAcctFlags' ][ 0 ], 'H' )) $return [ $i ] -> smb_flags [ 'H' ] = true ;
2003-11-12 10:30:52 +00:00
}
if ( isset ( $attr [ 'sambaPwdCanChange' ][ 0 ])) $return [ $i ] -> smb_pwdcanchange = $attr [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr [ 'sambaPwdMustChange' ][ 0 ])) $return [ $i ] -> smb_pwdmustchange = $attr [ 'sambaPwdMustChange' ][ 0 ];
if ( isset ( $attr [ 'sambaHomePath' ][ 0 ])) $return [ $i ] -> smb_smbhome = utf8_decode ( $attr [ 'sambaHomePath' ][ 0 ]);
if ( isset ( $attr [ 'sambaHomeDrive' ][ 0 ])) $return [ $i ] -> smb_homedrive = $attr [ 'sambaHomeDrive' ][ 0 ];
if ( isset ( $attr [ 'sambaLogonScript' ][ 0 ])) $return [ $i ] -> smb_scriptPath = utf8_decode ( $attr [ 'sambaLogonScript' ][ 0 ]);
if ( isset ( $attr [ 'sambaProfilePath' ][ 0 ])) $return [ $i ] -> smb_profilePath = $attr [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr [ 'sambaUserWorkstations' ][ 0 ])) $return [ $i ] -> smb_smbuserworkstations = $attr [ 'sambaUserWorkstations' ][ 0 ];
if ( isset ( $attr [ 'sambaNTPassword' ][ 0 ])) $return [ $i ] -> smb_password = $attr [ 'sambaNTPassword' ][ 0 ];
if ( isset ( $attr [ 'sambaDomainName' ][ 0 ])) {
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
$j = 0 ;
while ( ! isset ( $return [ $i ] -> smb_domain ) && ( count ( $samba3domains ) > $j )) {
if ( $attr [ 'sambaDomainName' ][ 0 ] == $samba3domains [ $j ] -> name )
$return [ $i ] -> smb_domain = $samba3domains [ $j ];
else $j ++ ;
}
}
// store smb_domain as string
if ( ! isset ( $return [ $i ] -> smb_domain )) $return [ $i ] -> smb_domain = $attr [ 'sambaDomainName' ];
}
if ( isset ( $attr [ 'sambaPrimaryGroupSID' ][ 0 ])) {
if ( $_SESSION [ 'config' ] -> is_samba3 ())
// store "real" SID if we want to save user as samba3 entry
$return [ $i ] -> smb_mapgroup = $attr [ 'sambaPrimaryGroupSID' ][ 0 ];
// store "calculated" id if we want to save user as samba2.2 entry
else $return [ $i ] -> smb_mapgroup = 2 * $attr [ 'gidNumber' ][ 0 ] + 1001 ;
2003-10-17 07:58:43 +00:00
}
2003-09-18 13:54:02 +00:00
}
2003-11-12 10:30:52 +00:00
// sambaSamAccount (Samba2.2) is used.
// second argument should prevent samba3 settings to be overwritten from samba 2.2 settings
if ( ( in_array ( 'sambaAccount' , $attr [ 'objectClass' ])) && ( ! $_SESSION [ 'config' ] -> is_samba3 () || ! isset ( $return [ $i ] -> smb_domain ))) {
if ( isset ( $attr [ 'acctFlags' ][ 0 ])) {
2003-11-17 16:02:23 +00:00
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'D' )) $return [ $i ] -> smb_flags [ 'D' ] = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'X' )) $return [ $i ] -> smb_flags [ 'X' ] = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'N' )) $return [ $i ] -> smb_flags [ 'N' ] = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'S' )) $return [ $i ] -> smb_flags [ 'S' ] = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'H' )) $return [ $i ] -> smb_flags [ 'H' ] = true ;
2003-11-12 10:30:52 +00:00
}
if ( isset ( $attr [ 'ntPassword' ][ 0 ])) $return [ $i ] -> smb_password = $attr [ 'ntPassword' ][ 0 ];
if ( isset ( $attr [ 'smbHome' ][ 0 ])) $return [ $i ] -> smb_smbhome = utf8_decode ( $attr [ 'smbHome' ][ 0 ]);
if ( isset ( $attr [ 'pwdCanChange' ][ 0 ])) $return [ $i ] -> smb_pwdcanchange = $attr [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr [ 'pwdMustChange' ][ 0 ])) $return [ $i ] -> smb_pwdmustchange = $attr [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr [ 'homeDrive' ][ 0 ])) $return [ $i ] -> smb_homedrive = $attr [ 'homeDrive' ][ 0 ];
if ( isset ( $attr [ 'scriptPath' ][ 0 ])) $return [ $i ] -> smb_scriptPath = utf8_decode ( $attr [ 'scriptPath' ][ 0 ]);
if ( isset ( $attr [ 'profilePath' ][ 0 ])) $return [ $i ] -> smb_profilePath = $attr [ 'profilePath' ][ 0 ];
if ( isset ( $attr [ 'userWorkstations' ][ 0 ])) $return [ $i ] -> smb_smbuserworkstations = $attr [ 'userWorkstations' ][ 0 ];
if ( isset ( $attr [ 'domain' ][ 0 ])) {
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
$j = 0 ;
while ( ! isset ( $return [ $i ] -> smb_domain ) && ( count ( $samba3domains ) > $j )) {
if ( $attr [ 'domain' ][ 0 ] == $samba3domains [ $j ] -> name )
$return [ $i ] -> smb_domain = $samba3domains [ $j ];
else $j ++ ;
}
}
// store smb_domain as string
if ( ! isset ( $return [ $i ] -> smb_domain )) $return [ $i ] -> smb_domain = $attr [ 'domain' ];
}
if ( isset ( $attr [ 'primaryGroupID' ][ 0 ])) {
if ( $_SESSION [ 'config' ] -> is_samba3 ())
// store "real" SID if we want to save user as samba3 entry
$return [ $i ] -> smb_mapgroup = $return [ $i ] -> smb_domain -> SID . '-' . ( 2 * $attr [ 'primaryGroupID' ][ 0 ] + 1 );
// store "calculated" id if we want to save user as samba2.2 entry
else $return [ $i ] -> smb_mapgroup = $attr [ 'primaryGroupID' ][ 0 ];
2003-10-20 17:56:52 +00:00
}
2003-09-18 13:54:02 +00:00
}
2003-06-05 11:36:54 +00:00
}
2003-11-12 10:30:52 +00:00
$i ++ ;
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-06-05 11:36:54 +00:00
}
2003-11-12 10:30:52 +00:00
// Return array if $dns is an array
// else return string
if ( is_array ( $dns )) return $return ;
else return $return [ 0 ];
2003-04-23 15:47:00 +00:00
}
2003-10-19 17:04:49 +00:00
2003-10-20 17:56:52 +00:00
/* This function will load all needed values from an existing host account
* $dn is the dn ( string ) of the host which should be loaded
* return - value is an account - object
*/
function loadhost ( $dn ) {
// Create new object
2003-06-01 10:02:44 +00:00
$return = new account ();
2003-10-20 17:56:52 +00:00
// Set type of account
2003-09-17 16:57:01 +00:00
$return -> type = 'host' ;
2003-10-20 17:56:52 +00:00
// Load hostattributes from ldap
2003-05-02 15:32:44 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $dn , " objectclass=PosixAccount " );
2003-04-23 15:47:00 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-06-03 14:01:39 +00:00
$return -> general_dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
2003-04-23 15:47:00 +00:00
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-10-20 17:56:52 +00:00
2003-10-21 13:40:13 +00:00
// Set host samba flags
2003-11-17 16:02:23 +00:00
$return -> smb_flags [ 'W' ] = true ;
$return -> smb_flags [ 'X' ] = true ;
2003-10-20 17:56:52 +00:00
// load objectclasses
2003-08-12 19:45:24 +00:00
$i = 0 ;
while ( isset ( $attr [ 'objectClass' ][ $i ])) {
$return -> general_objectClass [ $i ] = $attr [ 'objectClass' ][ $i ];
$i ++ ;
}
2003-10-20 17:56:52 +00:00
$return -> general_username = $attr [ 'uid' ][ 0 ];
$return -> general_uidNumber = $attr [ 'uidNumber' ][ 0 ];
2003-08-14 12:49:11 +00:00
if ( isset ( $attr [ 'gecos' ][ 0 ])) $return -> general_gecos = utf8_decode ( $attr [ 'gecos' ][ 0 ]);
2003-09-17 16:57:01 +00:00
// Get Groupname
2003-10-20 17:56:52 +00:00
$return -> general_group = getgrnam ( $attr [ 'gidNumber' ][ 0 ]);
2003-09-18 13:54:02 +00:00
2003-10-20 17:56:52 +00:00
// sambaSamAccount (Samba3) is used.
2003-09-17 16:57:01 +00:00
if ( in_array ( 'sambaSamAccount' , $attr [ 'objectClass' ])) {
2003-10-20 17:56:52 +00:00
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
2003-07-14 12:27:52 +00:00
if ( isset ( $attr [ 'sambaAcctFlags' ][ 0 ])) {
2003-10-20 17:56:52 +00:00
// we load a workstation
2003-11-17 16:02:23 +00:00
$return -> smb_flags [ 'W' ] = true ;
if ( strrpos ( $attr [ 'sambaAcctFlags' ][ 0 ], 'X' )) $return -> smb_flags [ 'X' ] = true ;
2003-10-20 17:56:52 +00:00
// Because the "D"-Flag is ignored for hosts it has been removed
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
if ( isset ( $attr [ 'sambaDomainName' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// store smb_domain as samba3domain-Object
2003-09-18 13:54:02 +00:00
$samba3domains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ config ] -> get_domainSuffix ());
2003-10-20 17:56:52 +00:00
$i = 0 ;
2003-10-22 13:57:32 +00:00
while ( ! isset ( $return -> smb_domain ) && ( count ( $samba3domains ) > $i )) {
2003-10-20 17:56:52 +00:00
if ( $attr [ 'sambaDomainName' ][ 0 ] == $samba3domains [ $i ] -> name )
$return -> smb_domain = $samba3domains [ $i ];
else $i ++ ;
}
2003-09-18 13:54:02 +00:00
}
2003-10-20 17:56:52 +00:00
// store smb_domain as string
if ( ! isset ( $return -> smb_domain )) $return -> smb_domain = $attr [ 'sambaDomainName' ];
2003-09-18 13:54:02 +00:00
}
if ( isset ( $attr [ 'sambaPrimaryGroupSID' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ())
2003-10-20 17:56:52 +00:00
// store "real" SID if we want to save user as samba3 entry
2003-09-18 13:54:02 +00:00
$return -> smb_mapgroup = $attr [ 'sambaPrimaryGroupSID' ][ 0 ];
2003-10-20 17:56:52 +00:00
// store "calculated" id if we want to save user as samba2.2 entry
2003-09-18 13:54:02 +00:00
else $return -> smb_mapgroup = 2 * $attr [ 'gidNumber' ][ 0 ] + 1001 ;
2003-09-17 16:57:01 +00:00
}
// return value to prevent loaded values to be overwritten from old samba 2.2 attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) return $return ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
// sambaSamAccount (Samba2.2) is used.
2003-09-17 16:57:01 +00:00
if ( in_array ( 'sambaAccount' , $attr [ 'objectClass' ])) {
if ( isset ( $attr [ 'acctFlags' ][ 0 ])) {
2003-10-20 17:56:52 +00:00
// we load a workstation
2003-11-17 16:02:23 +00:00
$return -> smb_flags [ 'W' ] = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'X' )) $return -> smb_flags [ 'X' ] = true ;
2003-10-20 17:56:52 +00:00
// Because the "D"-Flag is ignored for hosts it has been removed
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
if ( isset ( $attr [ 'domain' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// store smb_domain as samba3domain-Object
2003-09-18 13:54:02 +00:00
$samba3domains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ config ] -> get_domainSuffix ());
2003-10-20 17:56:52 +00:00
$i = 0 ;
2003-10-22 13:57:32 +00:00
while ( ! isset ( $return -> smb_domain ) && ( count ( $samba3domains ) > $i )) {
2003-10-20 17:56:52 +00:00
if ( $attr [ 'domain' ][ 0 ] == $samba3domains [ $i ] -> name )
$return -> smb_domain = $samba3domains [ $i ];
else $i ++ ;
}
2003-09-18 13:54:02 +00:00
}
2003-10-20 17:56:52 +00:00
// store smb_domain as string
if ( ! isset ( $return -> smb_domain )) $return -> smb_domain = $attr [ 'domain' ];
2003-09-18 13:54:02 +00:00
}
if ( isset ( $attr [ 'primaryGroupID' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ())
2003-10-20 17:56:52 +00:00
// store "real" SID if we want to save user as samba3 entry
2003-09-18 13:54:02 +00:00
$return -> smb_mapgroup = $return -> smb_domain -> SID . '-' . ( 2 * $attr [ 'primaryGroupID' ][ 0 ] + 1 );
2003-10-20 17:56:52 +00:00
// store "calculated" id if we want to save user as samba2.2 entry
2003-09-18 13:54:02 +00:00
else $return -> smb_mapgroup = $attr [ 'primaryGroupID' ][ 0 ];
}
2003-09-17 16:57:01 +00:00
}
2003-06-01 10:02:44 +00:00
return $return ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will load all needed values from an existing group account
* $dn is the dn ( string ) of the group which should be loaded
* return - value is an account - object
*/
function loadgroup ( $dn ) {
// Create new object
2003-06-01 10:02:44 +00:00
$return = new account ();
2003-10-20 17:56:52 +00:00
// Set type of account
$return -> type = 'group' ;
// Load userattributes from ldap
2003-05-02 15:32:44 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $dn , " objectclass=PosixGroup " );
2003-04-23 15:47:00 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-06-03 14:01:39 +00:00
$return -> general_dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
2003-04-23 15:47:00 +00:00
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-10-20 17:56:52 +00:00
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
// load objectclasses
2003-08-12 19:45:24 +00:00
$i = 0 ;
while ( isset ( $attr [ 'objectClass' ][ $i ])) {
$return -> general_objectClass [ $i ] = $attr [ 'objectClass' ][ $i ];
$i ++ ;
}
2003-10-20 17:56:52 +00:00
// Load Users which are also members of group
2003-09-01 16:04:43 +00:00
$i = 0 ;
while ( isset ( $attr [ 'memberUid' ][ $i ])) {
2003-09-11 16:55:57 +00:00
$return -> unix_memberUid [ $i ] = $attr [ 'memberUid' ][ $i ];
2003-09-01 16:04:43 +00:00
$i ++ ;
}
2003-10-20 17:56:52 +00:00
$return -> general_uidNumber = $attr [ 'gidNumber' ][ 0 ];
$return -> general_username = $attr [ 'cn' ][ 0 ];
2003-09-16 12:44:28 +00:00
if ( isset ( $attr [ 'description' ][ 0 ])) $return -> general_gecos = utf8_decode ( $attr [ 'description' ][ 0 ]);
2003-10-20 17:56:52 +00:00
if ( isset ( $attr [ 'sambaSID' ][ 0 ])) {
// Samba3 Samba 2.2 don't have any objects for groups
2003-08-12 19:45:24 +00:00
$return -> smb_mapgroup = $attr [ 'sambaSID' ][ 0 ];
2003-09-16 12:44:28 +00:00
if ( isset ( $attr [ 'displayName' ][ 0 ])) $return -> smb_displayName = utf8_decode ( $attr [ 'displayName' ][ 0 ]);
// extract SID from sambaSID to find domain
2003-08-12 19:45:24 +00:00
$temp = explode ( '-' , $attr [ 'sambaSID' ][ 0 ]);
$SID = $temp [ 0 ] . '-' . $temp [ 1 ] . '-' . $temp [ 2 ] . '-' . $temp [ 3 ] . '-' . $temp [ 4 ] . '-' . $temp [ 5 ] . '-' . $temp [ 6 ];
$samba3domains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ config ] -> get_domainSuffix ());
2003-10-20 17:56:52 +00:00
$i = 0 ;
2003-10-22 13:57:32 +00:00
while ( ! isset ( $return -> smb_domain ) && ( count ( $samba3domains ) > $i )) {
2003-10-20 17:56:52 +00:00
if ( $SID == $samba3domains [ $i ] -> SID )
$return -> smb_domain = $samba3domains [ $i ];
else $i ++ ;
}
2003-08-12 19:45:24 +00:00
}
2003-06-01 10:02:44 +00:00
return $return ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will create a new user acconut in ldap
* $values is an account - object with all attributes of the user
2003-11-06 10:58:21 +00:00
* if lamdaemon . pl is false no quotas are set . Usefull for massupload and deletion
2003-10-20 17:56:52 +00:00
* return - value is an integer
* 1 == Account has been created
* 2 == Account already exists at different location
* 4 == Error while creating Account
*/
2003-11-06 10:58:21 +00:00
function createuser ( $values , $uselamdaemon = true ) {
2003-10-20 17:56:52 +00:00
// These Objectclasses are needed for an user account
$attr [ 'objectClass' ][ 0 ] = 'posixAccount' ;
$attr [ 'objectClass' ][ 1 ] = 'shadowAccount' ;
$attr [ 'objectClass' ][ 2 ] = 'inetOrgPerson' ;
// Create DN for new user account
2003-06-26 16:26:06 +00:00
$values -> general_dn = 'uid=' . $values -> general_username . ',' . $values -> general_dn ;
2003-10-20 17:56:52 +00:00
// decrypt password because we don't want to store them unencrypted in session
2003-06-15 20:02:33 +00:00
$iv = base64_decode ( $_COOKIE [ " IV " ]);
$key = base64_decode ( $_COOKIE [ " Key " ]);
if ( $values -> unix_password != '' ) {
$values -> unix_password = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256 , $key , base64_decode ( $values -> unix_password ), MCRYPT_MODE_ECB , $iv );
$values -> unix_password = str_replace ( chr ( 00 ), '' , $values -> unix_password );
}
if ( $values -> smb_password != '' ) {
$values -> smb_password = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256 , $key , base64_decode ( $values -> smb_password ), MCRYPT_MODE_ECB , $iv );
$values -> smb_password = str_replace ( chr ( 00 ), '' , $values -> smb_password );
}
2003-04-23 15:47:00 +00:00
2003-10-20 17:56:52 +00:00
// Attributes which are required
$attr [ 'cn' ] = $values -> general_username ;
$attr [ 'uid' ] = $values -> general_username ;
$attr [ 'uidNumber' ] = $values -> general_uidNumber ;
$attr [ 'gidNumber' ] = getgid ( $values -> general_group );
$attr [ 'homeDirectory' ] = $values -> general_homedir ;
$attr [ 'givenName' ] = utf8_encode ( $values -> general_givenname );
$attr [ 'sn' ] = utf8_encode ( $values -> general_surname );
// values stored in shadowExpire, days since 1.1.1970
2003-10-22 13:57:32 +00:00
if ( isset ( $values -> unix_pwdexpire )) $attr [ 'shadowExpire' ] = intval ( $values -> unix_pwdexpire / 86400 ) ;
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
$attr [ 'loginShell' ] = $values -> general_shell ; // posixAccount_may
$attr [ 'gecos' ] = utf8_encode ( replace_umlaut ( $values -> general_gecos )); // posixAccount_may
$attr [ 'description' ] = utf8_encode ( $values -> general_gecos ); // posixAccount_may sambaAccount_may
if ( $values -> unix_pwdminage != '' ) $attr [ 'shadowMin' ] = $values -> unix_pwdminage ; // shadowAccount_may
if ( $values -> unix_pwdmaxage != '' ) $attr [ 'shadowMax' ] = $values -> unix_pwdmaxage ; // shadowAccount_may
if ( $values -> unix_pwdwarn != '' ) $attr [ 'shadowWarning' ] = $values -> unix_pwdwarn ; // shadowAccount_may
if ( $values -> unix_pwdallowlogin != '' ) $attr [ 'shadowInactive' ] = $values -> unix_pwdallowlogin ; // shadowAccount_may
// Set unix password
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccount_may
if ( $values -> unix_password_no ) $values -> unix_password = '' ;
if ( $values -> unix_deactivated ) $attr [ 'userPassword' ] = pwd_hash ( $values -> unix_password , false );
else $attr [ 'userPassword' ] = pwd_hash ( $values -> unix_password );
// explode host-string and save every allowed host as separate attribute
$values -> unix_host = str_replace ( ' ' , '' , $values -> unix_host );
$hosts = explode ( ',' , $values -> unix_host );
$i = 0 ;
while ( isset ( $hosts [ $i ])) {
if ( $hosts [ $i ] != '' ) $attr [ 'host' ][ $i ] = $hosts [ $i ];
$i ++ ;
}
// Samba attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// Add all attributes as samba3 objectclass
$attr [ 'objectClass' ][ 3 ] = 'sambaSamAccount' ;
2003-11-17 16:02:23 +00:00
if ( $values -> smb_flags [ 'N' ]) {
2003-10-20 17:56:52 +00:00
// Don't set samba-passwords
2003-06-26 16:26:06 +00:00
$attr [ 'sambaNTPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'sambaLMPassword' ] = 'NO PASSWORD*****' ;
}
2003-09-18 13:54:02 +00:00
else {
2003-10-23 11:12:04 +00:00
// use escapeshellarg() to make command shell-secure
2003-10-20 17:56:52 +00:00
// Set samba-passwords with external perl-script
2003-10-23 11:12:04 +00:00
$attr [ 'sambaNTPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " nt " . escapeshellarg ( $values -> smb_password ));
$attr [ 'sambaLMPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " lm " . escapeshellarg ( $values -> smb_password ));
2003-09-18 13:54:02 +00:00
}
2003-10-20 17:56:52 +00:00
$attr [ 'sambaPwdLastSet' ] = time ();
// Generate SID
2003-08-10 19:46:21 +00:00
$attr [ 'sambaSID' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase ); // sambaAccount_may
2003-10-20 17:56:52 +00:00
2003-12-06 14:22:54 +00:00
//if ($values->smb_mapgroup!='') $attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_req
ldapreload ( 'group' );
foreach ( $_SESSION [ 'groupDN' ] as $groupname ) {
if ( $groupname [ 'cn' ] == $values -> general_group ) $attr [ 'sambaPrimaryGroupSID' ] = $groupname [ 'sambaSID' ];
}
2003-08-19 17:19:41 +00:00
if ( $values -> smb_pwdcanchange != '' ) $attr [ 'sambaPwdCanChange' ] = $values -> smb_pwdcanchange ; // sambaAccount_may
else $attr [ 'sambaPwdCanChange' ] = time (); // sambaAccount_may
2003-08-19 17:22:44 +00:00
if ( $values -> smb_pwdmustchange != '' ) $attr [ 'sambaPwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
else $attr [ 'sambaPwdMustChange' ] = time () + 1000000000 ; // sambaAccount_may
2003-11-17 16:02:23 +00:00
$attr [ 'sambaAcctFlags' ] = smbflag ( $values -> smb_flags ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
$attr [ 'displayName' ] = $values -> general_gecos ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if ( $values -> smb_smbhome != '' ) $attr [ 'sambaHomePath' ] = utf8_encode ( $values -> smb_smbhome ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if ( $values -> smb_homedrive != '' ) $attr [ 'sambaHomeDrive' ] = $values -> smb_homedrive ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if ( $values -> smb_scriptPath != '' ) $attr [ 'sambaLogonScript' ] = utf8_encode ( $values -> smb_scriptPath ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if ( $values -> smb_profilePath != '' ) $attr [ 'sambaProfilePath' ] = $values -> smb_profilePath ; // sambaAccount_may
if ( $values -> smb_smbuserworkstations != '' ) $attr [ 'sambaUserWorkstations' ] = $values -> smb_smbuserworkstations ; // sambaAccount_may
2003-08-10 19:46:21 +00:00
if ( $values -> smb_domain != '' ) $attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
else {
2003-10-20 17:56:52 +00:00
// Add all attributes as samba2.2 objectclass
$attr [ 'objectClass' ][ 3 ] = 'sambaAccount' ;
2003-11-17 16:02:23 +00:00
if ( $values -> smb_flags [ 'N' ]) {
2003-10-20 17:56:52 +00:00
// Don't set samba-passwords
2003-06-26 16:26:06 +00:00
$attr [ 'ntPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'lmPassword' ] = 'NO PASSWORD*****' ;
}
2003-09-18 13:54:02 +00:00
else {
2003-10-23 11:12:04 +00:00
// use escapeshellarg() to make command shell-secure
2003-10-20 17:56:52 +00:00
// Set samba-passwords with external perl-script
2003-10-23 11:12:04 +00:00
$attr [ 'ntPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " nt " . escapeshellarg ( $values -> smb_password ));
$attr [ 'lmPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " lm " . escapeshellarg ( $values -> smb_password ));
2003-09-18 13:54:02 +00:00
}
2003-10-20 17:56:52 +00:00
$attr [ 'pwdLastSet' ] = time ();
// Generate pseudo SID
2003-06-26 16:26:06 +00:00
$attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 ); // sambaAccount_may
2003-08-16 09:38:17 +00:00
$attr [ 'primaryGroupID' ] = $values -> smb_mapgroup ; // sambaAccount_req
2003-08-19 17:19:41 +00:00
if ( $values -> smb_pwdcanchange != '' ) $attr [ 'pwdCanChange' ] = $values -> smb_pwdcanchange ; // sambaAccount_may
else $attr [ 'pwdCanChange' ] = time (); // sambaAccount_may
if ( $values -> smb_pwdmustchange != '' ) $attr [ 'pwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
else $attr [ 'pwdMustChange' ] = time () + 1000000000 ; // sambaAccount_may
2003-07-11 14:42:28 +00:00
$attr [ 'pwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
2003-11-17 16:02:23 +00:00
$attr [ 'acctFlags' ] = smbflag ( $values -> smbflags ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
$attr [ 'displayName' ] = $values -> general_gecos ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if ( $values -> smb_smbhome != '' ) $attr [ 'smbHome' ] = utf8_encode ( $values -> smb_smbhome ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if ( $values -> smb_homedrive != '' ) $attr [ 'homeDrive' ] = $values -> smb_homedrive ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if ( $values -> smb_scriptPath != '' ) $attr [ 'scriptPath' ] = utf8_encode ( $values -> smb_scriptPath ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if ( $values -> smb_profilePath != '' ) $attr [ 'profilePath' ] = $values -> smb_profilePath ; // sambaAccount_may
if ( $values -> smb_smbuserworkstations != '' ) $attr [ 'userWorkstations' ] = $values -> smb_smbuserworkstations ; // sambaAccount_may
if ( $values -> smb_domain != '' ) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
}
2003-10-20 17:56:52 +00:00
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-09-18 13:54:02 +00:00
2003-10-20 17:56:52 +00:00
// personal attributes
2003-08-14 14:40:01 +00:00
if ( $values -> personal_title != '' ) $attr [ 'title' ] = utf8_encode ( $values -> personal_title );
if ( $values -> personal_mail != '' ) $attr [ 'mail' ] = utf8_encode ( $values -> personal_mail );
if ( $values -> personal_telephoneNumber != '' ) $attr [ 'telephoneNumber' ] = utf8_encode ( $values -> personal_telephoneNumber );
2003-11-12 08:08:15 +00:00
if ( $values -> personal_mobileTelephoneNumber != '' ) $attr [ 'mobileTelephoneNumber' ] = utf8_encode ( $values -> personal_mobileTelephoneNumber );
2003-08-14 14:40:01 +00:00
if ( $values -> personal_facsimileTelephoneNumber != '' ) $attr [ 'facsimileTelephoneNumber' ] = utf8_encode ( $values -> personal_facsimileTelephoneNumber );
if ( $values -> personal_street != '' ) $attr [ 'street' ] = utf8_encode ( $values -> personal_street );
if ( $values -> personal_postalCode != '' ) $attr [ 'postalCode' ] = utf8_encode ( $values -> personal_postalCode );
if ( $values -> personal_postalAddress != '' ) $attr [ 'postalAddress' ] = utf8_encode ( $values -> personal_postalAddress );
if ( $values -> personal_employeeType != '' ) $attr [ 'employeeType' ] = utf8_encode ( $values -> personal_employeeType );
2003-04-23 15:47:00 +00:00
2003-10-20 17:56:52 +00:00
// Create LDAP user account
2003-06-01 10:02:44 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
2003-10-20 17:56:52 +00:00
// Continue if now error did ocour
2003-05-20 21:12:15 +00:00
if ( ! $success ) return 4 ;
2003-10-20 17:56:52 +00:00
2003-11-06 10:58:21 +00:00
if ( $_SESSION [ 'config' ] -> scriptServer && $uselamdaemon ) {
2003-10-20 17:56:52 +00:00
// lamdaemon.pl should be used
// Set quotas if quotas are used
2003-11-06 10:58:21 +00:00
if ( is_array ( $values -> quota )) setquotas ( array ( $values ));
2003-10-20 17:56:52 +00:00
// Create Homedirectory
2003-11-06 10:58:21 +00:00
addhomedir ( array ( $values -> general_username ));
2003-05-20 21:12:15 +00:00
}
2003-10-20 17:56:52 +00:00
2003-05-20 21:12:15 +00:00
// Add User to Additional Groups
2003-11-24 20:32:37 +00:00
if ( isset ( $values -> general_groupadd [ 0 ]))
2003-10-20 17:56:52 +00:00
// Loop for every group
2003-06-01 10:02:44 +00:00
foreach ( $values -> general_groupadd as $group2 ) {
2003-10-20 17:56:52 +00:00
// Search for group in LDAP
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), " (&(objectclass=posixGroup)(cn= $group2 )) " , array ( '' ));
2003-05-20 21:12:15 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-10-20 17:56:52 +00:00
// Get DN
2003-08-19 10:24:22 +00:00
$dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
2003-10-20 17:56:52 +00:00
// Add user to group
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), $dn , array ( 'memberUid' => $values -> general_username ));
2003-05-20 21:12:15 +00:00
if ( ! $success ) return 4 ;
2003-11-13 17:58:51 +00:00
// Add new memberUid to cache-array
2003-11-17 12:10:41 +00:00
ldapreload ( 'group' );
$_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][] = $values -> general_username ;
2003-11-13 17:58:51 +00:00
}
2003-10-20 17:56:52 +00:00
// Add new user to cache-array
2003-08-18 17:41:34 +00:00
if (( isset ( $_SESSION [ 'userDN' ]))) {
$_SESSION [ 'userDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'userDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
}
2003-10-20 17:56:52 +00:00
// Everything is OK, return 1
2003-05-20 21:12:15 +00:00
return 1 ;
}
2003-10-20 17:56:52 +00:00
/* This function will modify a user acconut in ldap
* $values and $values_old are an account - object with all
* attributes of the user .
2003-11-06 10:58:21 +00:00
* if lamdaemon . pl is false no quotas are set . Usefull for massupload and deletion
2003-10-20 17:56:52 +00:00
* Only attributes which have changed will be written
* return - value is an integer
* 2 == Account already exists at different location
* 3 == Account has been modified
* 5 == Error while modifying Account
*/
2003-11-06 10:58:21 +00:00
function modifyuser ( $values , $values_old , $uselamdaemon = true ) { // Will modify the LDAP-Account
2003-10-20 17:56:52 +00:00
// Add missing objectclasses to user
if ( ! in_array ( 'posixAccount' , $values -> general_objectClass )) {
$attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'posixAccount' ;
2003-06-21 12:37:57 +00:00
}
2003-10-20 17:56:52 +00:00
if ( ! in_array ( 'shadowAccount' , $values -> general_objectClass )) {
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'shadowAccount' ;
2003-06-21 12:37:57 +00:00
}
2003-10-20 17:56:52 +00:00
// Create DN for new user account
$values -> general_dn = 'uid=' . $values -> general_username . ',' . $values -> general_dn ;
// decrypt password because we don't want to store them unencrypted in session
$iv = base64_decode ( $_COOKIE [ " IV " ]);
$key = base64_decode ( $_COOKIE [ " Key " ]);
2003-06-15 20:02:33 +00:00
if ( $values -> unix_password != '' ) {
$values -> unix_password = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256 , $key , base64_decode ( $values -> unix_password ), MCRYPT_MODE_ECB , $iv );
$values -> unix_password = str_replace ( chr ( 00 ), '' , $values -> unix_password );
}
if ( $values -> smb_password != '' ) {
$values -> smb_password = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256 , $key , base64_decode ( $values -> smb_password ), MCRYPT_MODE_ECB , $iv );
$values -> smb_password = str_replace ( chr ( 00 ), '' , $values -> smb_password );
}
2003-10-20 17:56:52 +00:00
// Attributes which are required
2003-06-01 10:02:44 +00:00
if ( $values -> general_username != $values_old -> general_username ) {
2003-10-20 17:56:52 +00:00
$attr [ 'cn' ] = $values -> general_username ;
$attr [ 'uid' ] = $values -> general_username ;
2003-05-20 21:12:15 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_uidNumber != $values_old -> general_uidNumber ) {
2003-10-20 17:56:52 +00:00
$attr [ 'uidNumber' ] = $values -> general_uidNumber ;
// Because sambaSid(rid) is related to uidNumber we have to change it if uidNumbaer has changed
if ( $_SESSION [ 'config' ] -> is_samba3 ())
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase );
else $attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 );
2003-05-20 21:12:15 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_group != $values_old -> general_group ) {
2003-10-20 17:56:52 +00:00
$attr [ 'gidNumber' ] = getgid ( $values -> general_group );
// Because primaryGroup(S)ID is related to gidNumber we have to change it if gidNumber has changed
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// We use samba 3 schema
// Change SID only if we don't use a well known SID
2003-12-06 14:22:54 +00:00
ldapreload ( 'group' );
foreach ( $_SESSION [ 'groupDN' ] as $groupname ) {
if ( $groupname [ 'cn' ] == $values -> general_group ) $attr [ 'sambaPrimaryGroupSID' ] = $groupname [ 'sambaSID' ];
}
2003-09-18 13:54:02 +00:00
}
else {
2003-10-20 17:56:52 +00:00
// We use old samba 2.2 schema
// Change SID only if we don't use a well known SID
2003-09-18 13:54:02 +00:00
if ( $values -> smb_mapgroup == '512' ) $found = true ;
if ( $values -> smb_mapgroup == '513' ) $found = true ;
if ( $values -> smb_mapgroup == '514' ) $found = true ;
2003-10-28 18:24:30 +00:00
if ( ! $found ) $attr [ 'primaryGroupID' ] = ( 2 * getgid ( $values -> general_group ) + 1001 );
2003-09-18 13:54:02 +00:00
}
2003-05-20 21:12:15 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_homedir != $values_old -> general_homedir )
2003-10-20 17:56:52 +00:00
$attr [ 'homeDirectory' ] = $values -> general_homedir ;
if ( $values -> general_givenname != $values_old -> general_givenname ) $attr [ 'givenName' ] = utf8_encode ( $values -> general_givenname );
if ( $values -> general_surname != $values_old -> general_surname ) $attr [ 'sn' ] = utf8_encode ( $values -> general_surname );
2003-10-05 10:38:31 +00:00
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
if ( $values -> general_shell != $values_old -> general_shell )
$attr [ 'loginShell' ] = $values -> general_shell ;
if ( $values -> general_gecos != $values_old -> general_gecos ) {
$attr [ 'gecos' ] = utf8_encode ( replace_umlaut ( $values -> general_gecos ));
$attr [ 'description' ] = utf8_encode ( $values -> general_gecos );
2003-10-28 11:23:06 +00:00
}
2003-10-20 17:56:52 +00:00
if (( $values -> unix_pwdminage != $values_old -> unix_pwdminage ) && ( $values -> unix_pwdminage != '' ))
$attr [ 'shadowMin' ] = $values -> unix_pwdminage ; // shadowAccount_may
if (( $values -> unix_pwdminage != $values_old -> unix_pwdminage ) && ( $values -> unix_pwdminage == '' ))
$attr_rem [ 'shadowMin' ] = $values_old -> unix_pwdminage ; // shadowAccount_may
if (( $values -> unix_pwdmaxage != $values_old -> unix_pwdmaxage ) && ( $values -> unix_pwdmaxage != '' ))
$attr [ 'shadowMax' ] = $values -> unix_pwdmaxage ; // shadowAccount_may
if (( $values -> unix_pwdmaxage != $values_old -> unix_pwdmaxage ) && ( $values -> unix_pwdmaxage == '' ))
$attr_rem [ 'shadowMax' ] = $values_old -> unix_pwdmaxage ; // shadowAccount_may
if (( $values -> unix_pwdwarn != $values_old -> unix_pwdwarn ) && ( $values -> unix_pwdwarn != '' ))
$attr [ 'shadowWarning' ] = $values -> unix_pwdwarn ; // shadowAccount_may
2003-10-28 11:23:06 +00:00
if (( $values -> unix_pwdwarn != $values_old -> unix_pwdwarn ) && ( $values -> unix_pwdwarn == '' ))
2003-10-20 17:56:52 +00:00
$attr_rem [ 'shadowWarning' ] = $values_old -> unix_pwdwarn ; // shadowAccount_may
if (( $values -> unix_pwdallowlogin != $values_old -> unix_pwdallowlogin ) && ( $values -> unix_pwdallowlogin != '' ))
$attr [ 'shadowInactive' ] = $values -> unix_pwdallowlogin ; // shadowAccount_may
if (( $values -> unix_pwdallowlogin != $values_old -> unix_pwdallowlogin ) && ( $values -> unix_pwdallowlogin == '' ))
$attr_rem [ 'shadowInactive' ] = $values_old -> unix_pwdallowlogin ; // shadowAccount_may
// Check if shadow expire has changed
2003-10-23 11:12:04 +00:00
if ( $values -> unix_pwdexpire != $values_old -> unix_pwdexpire ) $attr [ 'shadowExpire' ] = intval ( $values -> unix_pwdexpire / 86400 ) ;
2003-10-20 17:56:52 +00:00
// Set unix password
2003-09-24 20:58:34 +00:00
if ( $values -> unix_password == '' ) {
2003-10-20 17:56:52 +00:00
// $values->unix_password=='' means use old password
2003-10-05 10:38:31 +00:00
if ( $values -> unix_deactivated != $values_old -> unix_deactivated ) {
2003-10-20 17:56:52 +00:00
// (de)activate password
// Split old password hash in {CRYPT} and password-hash
2003-10-05 10:38:31 +00:00
$i = 0 ;
while ( $values_old -> unix_password { $i } != '}' ) $i ++ ;
$passwd = substr ( $values_old -> unix_password , $i + 1 );
$crypt = substr ( $values_old -> unix_password , 0 , $i + 1 );
2003-10-20 17:56:52 +00:00
// remove trailing ! from password hash
2003-10-05 10:38:31 +00:00
if ( $passwd { 0 } == '!' ) $passwd = substr ( $passwd , 1 );
2003-10-20 17:56:52 +00:00
// Write new password
2003-10-05 10:38:31 +00:00
if ( $values -> unix_deactivated ) $attr [ 'userPassword' ] = $crypt . '!' . $passwd ;
else $attr [ 'userPassword' ] = $crypt . $passwd ;
2003-09-24 20:58:34 +00:00
}
2003-10-05 10:38:31 +00:00
if ( $values -> unix_password_no ) {
2003-10-20 17:56:52 +00:00
// use no password
2003-10-05 10:38:31 +00:00
if ( $values -> unix_deactivated ) $attr [ 'userPassword' ] = pwd_hash ( '' , false );
else $attr [ 'userPassword' ] = pwd_hash ( '' );
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccount_may
2003-09-24 20:58:34 +00:00
}
}
else {
2003-10-20 17:56:52 +00:00
// Set new password
2003-10-05 10:38:31 +00:00
if ( $values -> unix_password_no ) $values -> unix_password = '' ;
if ( $values -> unix_deactivated ) $attr [ 'userPassword' ] = pwd_hash ( $values -> unix_password , false );
else $attr [ 'userPassword' ] = pwd_hash ( $values -> unix_password );
2003-09-24 20:58:34 +00:00
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccount_may
2003-10-05 10:38:31 +00:00
}
2003-10-20 17:56:52 +00:00
// explode host-string and save every allowed host as separate attribute
if (( $values -> unix_host != $values_old -> unix_host )) {
$values -> unix_host = str_replace ( ' ' , '' , $values -> unix_host );
$host = explode ( ',' , $values -> unix_host );
$values_old -> unix_host = str_replace ( ' ' , '' , $values_old -> unix_host );
$host_old = explode ( ',' , $values_old -> unix_host );
if ( $host [ 0 ] == '' ) $attr_rem [ 'host' ] = $host_old ;
else if ( $host [ 0 ] != '' ) $attr [ 'host' ] = $host ;
}
2003-09-18 13:54:02 +00:00
2003-10-20 17:56:52 +00:00
// Samba attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
if ( ! in_array ( 'sambaSamAccount' , $values -> general_objectClass )) {
// We have to convert sambaAccount Objectclass to sambaSamAccount objectclass
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaSamAccount' ;
// unset old sambaAccount objectClass
for ( $i = 0 ; $i < count ( $attr [ 'objectClass' ]); $i ++ )
if ( $attr [ 'objectClass' ][ $i ] == 'sambaAccount' ) unset ( $attr [ 'objectClass' ][ $i ]);
$attr [ 'objectClass' ] = array_values ( $attr [ 'objectClass' ]);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
// Add new attributed
if ( isset ( $attr_old [ 'lmPassword' ][ 0 ])) $attr [ 'sambaLMPassword' ] = $attr_old [ 'lmPassword' ][ 0 ];
if ( isset ( $attr_old [ 'ntPassword' ][ 0 ])) $attr [ 'sambaNTPassword' ] = $attr_old [ 'ntPassword' ][ 0 ];
if ( isset ( $attr_old [ 'pwdLastSet' ][ 0 ])) $attr [ 'sambaPwdLastSet' ] = $attr_old [ 'pwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'logonTime' ][ 0 ])) $attr [ 'sambaLogonTime' ] = $attr_old [ 'logonTime' ][ 0 ];
if ( isset ( $attr_old [ 'logoffTime' ][ 0 ])) $attr [ 'sambaLogoffTime' ] = $attr_old [ 'logoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'kickoffTime' ][ 0 ])) $attr [ 'sambaKickoffTime' ] = $attr_old [ 'kickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'pwdCanChange' ][ 0 ])) $attr [ 'sambaPwdCanChange' ] = $attr_old [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'pwdMustChange' ][ 0 ])) $attr [ 'sambaPwdMustChange' ] = $attr_old [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'smbHome' ][ 0 ])) $attr [ 'sambaHomePath' ] = $attr_old [ 'smbHome' ][ 0 ];
if ( isset ( $attr_old [ 'homeDrive' ][ 0 ])) $attr [ 'sambaHomeDrive' ] = $attr_old [ 'homeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'scriptPath' ][ 0 ])) $attr [ 'sambaLogonScript' ] = $attr_old [ 'scriptPath' ][ 0 ];
if ( isset ( $attr_old [ 'profilePath' ][ 0 ])) $attr [ 'sambaProfilePath' ] = $attr_old [ 'profilePath' ][ 0 ];
if ( isset ( $attr_old [ 'userWorkstations' ][ 0 ])) $attr [ 'sambaUserWorkstations' ] = $attr_old [ 'userWorkstations' ][ 0 ];
// Values used from account object
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-11-17 16:02:23 +00:00
$attr [ 'sambaAcctFlags' ] = smbflag ( $values -> flags ); // sambaAccount_may
2003-10-20 17:56:52 +00:00
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase ); // sambaAccount_may
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_mapgroup ; // sambaAccount_req
// remove old attributes
if ( in_array ( 'sambaAccount' , $attr_old [ 'objectClass' ])) $attr_rem [ 'objectClass' ] = 'sambaAccount' ;
if ( isset ( $attr_old [ 'lmPassword' ][ 0 ])) $attr_rem [ 'lmPassword' ] = $attr_old [ 'lmPassword' ][ 0 ];
if ( isset ( $attr_old [ 'ntPassword' ][ 0 ])) $attr_rem [ 'ntPassword' ] = $attr_old [ 'ntPassword' ][ 0 ];
if ( isset ( $attr_old [ 'pwdLastSet' ][ 0 ])) $attr_rem [ 'pwdLastSet' ] = $attr_old [ 'pwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'logonTime' ][ 0 ])) $attr_rem [ 'logonTime' ] = $attr_old [ 'logonTime' ][ 0 ];
if ( isset ( $attr_old [ 'kickoffTime' ][ 0 ])) $attr_rem [ 'kickoffTime' ] = $attr_old [ 'kickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'pwdCanChange' ][ 0 ])) $attr_rem [ 'pwdCanChange' ] = $attr_old [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'pwdMustChange' ][ 0 ])) $attr_rem [ 'pwdMustChange' ] = $attr_old [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'smbHome' ][ 0 ])) $attr_rem [ 'smbHome' ] = $attr_old [ 'smbHome' ][ 0 ];
if ( isset ( $attr_old [ 'acctFlags' ][ 0 ])) $attr_rem [ 'acctFlags' ] = $attr_old [ 'acctFlags' ][ 0 ];
if ( isset ( $attr_old [ 'homeDrive' ][ 0 ])) $attr_rem [ 'homeDrive' ] = $attr_old [ 'homeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'scriptPath' ][ 0 ])) $attr_rem [ 'scriptPath' ] = $attr_old [ 'scriptPath' ][ 0 ];
if ( isset ( $attr_old [ 'profilePath' ][ 0 ])) $attr_rem [ 'profilePath' ] = $attr_old [ 'profilePath' ][ 0 ];
if ( isset ( $attr_old [ 'userWorkstations' ][ 0 ])) $attr_rem [ 'userWorkstations' ] = $attr_old [ 'userWorkstations' ][ 0 ];
if ( isset ( $attr_old [ 'primaryGroupID' ][ 0 ])) $attr_rem [ 'primaryGroupID' ] = $attr_old [ 'primaryGroupID' ][ 0 ];
if ( isset ( $attr_old [ 'domain' ][ 0 ])) $attr_rem [ 'domain' ] = $attr_old [ 'domain' ][ 0 ];
if ( isset ( $attr_old [ 'rid' ][ 0 ])) $attr_rem [ 'rid' ] = $attr_old [ 'rid' ][ 0 ];
}
// Set all changed values
2003-11-17 16:02:23 +00:00
if ( $values -> smb_flags [ 'N' ]) {
2003-10-20 17:56:52 +00:00
// use no samba Password
2003-06-26 16:26:06 +00:00
$attr [ 'sambaNTPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'sambaLMPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'sambaPwdLastSet' ] = time (); // sambaAccount_may
}
else
if ( $values -> smb_password != '' ) {
2003-10-23 11:12:04 +00:00
// use escapeshellarg() to make command shell-secure
// Set samba-passwords with external perl-script
$attr [ 'sambaNTPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " nt " . escapeshellarg ( $values -> smb_password ));
$attr [ 'sambaLMPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " lm " . escapeshellarg ( $values -> smb_password ));
2003-06-26 16:26:06 +00:00
$attr [ 'sambaPwdLastSet' ] = time (); // sambaAccount_may
}
2003-10-20 17:56:52 +00:00
// Check which Samba-Attributes have changed
2003-07-11 14:42:28 +00:00
if ( $values -> smb_pwdcanchange != $values_old -> smb_pwdcanchange ) $attr [ 'sambaPwdCanChange' ] = $values -> smb_pwdcanchange ; // sambaAccount_may
if ( $values -> smb_pwdmustchange != $values_old -> smb_pwdmustchange ) $attr [ 'sambaPwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
2003-11-17 16:02:23 +00:00
if ( smbflag ( $values -> smb_flags ) != smbflag ( $values_old -> smb_flags )) $attr [ 'sambaAcctFlags' ] = smbflag ( $values -> smb_flags ); // sambaAccount_may
2003-08-14 12:49:11 +00:00
if (( $values -> smb_smbhome != '' ) && ( $values -> smb_smbhome != $values_old -> smb_smbhome )) $attr [ 'sambaHomePath' ] = utf8_encode ( $values -> smb_smbhome ); // sambaAccount_may
if (( $values -> smb_smbhome == '' ) && ( $values -> smb_smbhome != $values_old -> smb_smbhome )) $attr_rem [ 'sambaHomePath' ] = utf8_encode ( $values_old -> smb_smbhome ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if (( $values -> smb_homedrive != '' ) && ( $values -> smb_homedrive != $values_old -> smb_homedrive )) $attr [ 'sambaHomeDrive' ] = $values -> smb_homedrive ; // sambaAccount_may
if (( $values -> smb_homedrive == '' ) && ( $values -> smb_homedrive != $values_old -> smb_homedrive )) $attr_rem [ 'sambaHomeDrive' ] = $values_old -> smb_homedrive ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if (( $values -> smb_scriptPath != '' ) && ( $values -> smb_scriptPath != $values_old -> smb_scriptPath )) $attr [ 'sambaLogonScript' ] = utf8_encode ( $values -> smb_scriptPath ); // sambaAccount_may
if (( $values -> smb_scriptPath == '' ) && ( $values -> smb_scriptPath != $values_old -> smb_scriptPath )) $attr_rem [ 'sambaLogonScript' ] = utf8_encode ( $values_old -> smb_scriptPath ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if (( $values -> smb_profilePath != '' ) && ( $values -> smb_profilePath != $values_old -> smb_profilePath )) $attr [ 'sambaProfilePath' ] = $values -> smb_profilePath ; // sambaAccount_may
if (( $values -> smb_profilePath == '' ) && ( $values -> smb_profilePath != $values_old -> smb_profilePath )) $attr_rem [ 'sambaProfilePath' ] = $values_old -> smb_profilePath ; // sambaAccount_may
if (( $values -> smb_smbuserworkstations != '' ) && ( $values -> smb_smbuserworkstations != $values_old -> smb_smbuserworkstations )) $attr [ 'sambaUserWorkstations' ] = $values -> smb_smbuserworkstations ; // sambaAccount_may
if (( $values -> smb_smbuserworkstations == '' ) && ( $values -> smb_smbuserworkstations != $values_old -> smb_smbuserworkstations )) $attr_rem [ 'sambaUserWorkstations' ] = $values_old -> smb_smbuserworkstations ; // sambaAccount_may
2003-10-28 18:24:30 +00:00
if ( $values -> smb_domain -> name != $values_old -> smb_domain -> name ) {
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase );
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " .
( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 );
}
2003-12-06 14:22:54 +00:00
if (( $values -> smb_mapgroup != '' ) && ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )) {
ldapreload ( 'group' );
foreach ( $_SESSION [ 'groupDN' ] as $groupname ) {
if ( $groupname [ 'cn' ] == $values -> general_group ) $attr [ 'sambaPrimaryGroupSID' ] = $groupname [ 'sambaSID' ];
}
}
2003-09-18 13:54:02 +00:00
if ( $values -> smb_displayName != $values_old -> smb_displayName ) $attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
else {
2003-10-20 17:56:52 +00:00
// use old samba 2.2 objectclass
if ( ! in_array ( 'sambaAccount' , $values -> general_objectClass )) {
// Add or convert samba attributes & object to samba 2.2
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaAccount' ;
// unset old sambaAccount objectClass
for ( $i = 0 ; $i < count ( $attr [ 'objectClass' ]); $i ++ )
if ( $attr [ 'objectClass' ][ $i ] == 'sambaSamAccount' ) unset ( $attr [ 'objectClass' ][ $i ]);
$attr [ 'objectClass' ] = array_values ( $attr [ 'objectClass' ]);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr_old [ 'sambaLMPassword' ][ 0 ])) $attr [ 'lmPassword' ] = $attr_old [ 'sambaLMPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaNTPassword' ][ 0 ])) $attr [ 'ntPassword' ] = $attr_old [ 'sambaNTPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdLastSet' ][ 0 ])) $attr [ 'pwdLastSet' ] = $attr_old [ 'sambaPwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonTime' ][ 0 ])) $attr [ 'logonTime' ] = $attr_old [ 'sambaLogonTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogoffTime' ][ 0 ])) $attr [ 'logoffTime' ] = $attr_old [ 'sambaLogoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaKickoffTime' ][ 0 ])) $attr [ 'kickoffTime' ] = $attr_old [ 'sambaKickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdCanChange' ][ 0 ])) $attr [ 'pwdCanChange' ] = $attr_old [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdMustChange' ][ 0 ])) $attr [ 'pwdMustChange' ] = $attr_old [ 'sambaPwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomePath' ][ 0 ])) $attr [ 'smbHome' ] = $attr_old [ 'sambaHomePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomeDrive' ][ 0 ])) $attr [ 'homeDrive' ] = $attr_old [ 'sambaHomeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonScript' ][ 0 ])) $attr [ 'scriptPath' ] = $attr_old [ 'sambaLogonScript' ][ 0 ];
if ( isset ( $attr_old [ 'sambaProfilePath' ][ 0 ])) $attr [ 'profilePath' ] = $attr_old [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaUserWorkstations' ][ 0 ])) $attr [ 'userWorkstations' ] = $attr_old [ 'sambaUserWorkstations' ][ 0 ];
// Values used from account object
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-11-17 16:02:23 +00:00
$attr [ 'acctFlags' ] = smbflag ( $values -> smb_flags ); // sambaAccount_may
2003-10-20 17:56:52 +00:00
if ( $values -> smb_domain != '' ) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
$attr [ 'primaryGroupID' ] = $values -> smb_mapgroup ; // sambaAccount_req
$attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 ); // sambaAccount_may
// remove old attributes
if ( in_array ( 'sambaSamAccount' , $attr_old [ 'objectClass' ])) $attr_rem [ 'objectClass' ] = 'sambaSamAccount' ;
if ( isset ( $attr_old [ 'sambaLMPassword' ][ 0 ])) $attr_rem [ 'sambaLMPassword' ] = $attr_old [ 'sambaLMPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaNTPassword' ][ 0 ])) $attr_rem [ 'sambaNTPassword' ] = $attr_old [ 'sambaNTPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdLastSet' ][ 0 ])) $attr_rem [ 'sambaPwdLastSet' ] = $attr_old [ 'sambaPwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonTime' ][ 0 ])) $attr_rem [ 'sambaLogonTime' ] = $attr_old [ 'sambaLogonTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaKickoffTime' ][ 0 ])) $attr_rem [ 'sambaKickoffTime' ] = $attr_old [ 'sambaKickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdCanChange' ][ 0 ])) $attr_rem [ 'sambaPwdCanChange' ] = $attr_old [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdMustChange' ][ 0 ])) $attr_rem [ 'sambaPwdMustChange' ] = $attr_old [ 'sambaPwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomePath' ][ 0 ])) $attr_rem [ 'sambaHomePath' ] = $attr_old [ 'sambaHomePAth' ][ 0 ];
if ( isset ( $attr_old [ 'sambaAcctFlags' ][ 0 ])) $attr_rem [ 'sambaAcctFlags' ] = $attr_old [ 'sambaAcctFlags' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomeDrive' ][ 0 ])) $attr_rem [ 'sambaHomeDrive' ] = $attr_old [ 'sambaHomeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonScript' ][ 0 ])) $attr_rem [ 'sambaLogonScript' ] = $attr_old [ 'sambaLogonScript' ][ 0 ];
if ( isset ( $attr_old [ 'sambaProfilePath' ][ 0 ])) $attr_rem [ 'sambaProfilePath' ] = $attr_old [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaUserWorkstations' ][ 0 ])) $attr_rem [ 'sambaUserWorkstations' ] = $attr_old [ 'sambaUserWorkstations' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPrimaryGroupID' ][ 0 ])) $attr_rem [ 'sambaPrimaryGroupID' ] = $attr_old [ 'sambaPrimaryGroupID' ][ 0 ];
if ( isset ( $attr_old [ 'sambaDomainName' ][ 0 ])) $attr_rem [ 'sambaDomainName' ] = $attr_old [ 'sambaDomainName' ][ 0 ];
if ( isset ( $attr_old [ 'sambaSID' ][ 0 ])) $attr_rem [ 'sambaSID' ] = $attr_old [ 'sambaSID' ][ 0 ];
}
// Set all changed values
2003-11-17 16:02:23 +00:00
if ( $values -> smb_flags [ 'N' ]) {
2003-10-20 17:56:52 +00:00
// use no samba Password
2003-06-26 16:26:06 +00:00
$attr [ 'ntPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'lmPassword' ] = 'NO PASSWORD*****' ;
2003-10-20 17:56:52 +00:00
$attr [ 'pwdLastSet' ] = time ();
2003-04-23 15:47:00 +00:00
}
2003-06-26 16:26:06 +00:00
else
if ( $values -> smb_password != '' ) {
2003-10-23 11:12:04 +00:00
// use escapeshellarg() to make command shell-secure
// Set samba-passwords with external perl-script
$attr [ 'ntPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " nt " . escapeshellarg ( $values -> smb_password ));
$attr [ 'lmPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " lm " . escapeshellarg ( $values -> smb_password ));
2003-06-26 16:26:06 +00:00
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
}
2003-10-20 17:56:52 +00:00
// Check which Samba-Attributes have changed
2003-07-11 14:42:28 +00:00
if ( $values -> smb_pwdcanchange != $values_old -> smb_pwdcanchange ) $attr [ 'pwdCanChange' ] = $values -> smb_pwdcanchange ; // sambaAccount_may
if ( $values -> smb_pwdmustchange != $values_old -> smb_pwdmustchange ) $attr [ 'pwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
2003-11-17 16:02:23 +00:00
if ( smbflag ( $values -> smb_flags ) != smbflag ( $values_old -> smb_flags )) $attr [ 'acctFlags' ] = smbflag ( $values -> smb_flags ); // sambaAccount_may
2003-08-14 12:49:11 +00:00
if (( $values -> smb_smbhome != '' ) && ( $values -> smb_smbhome != $values_old -> smb_smbhome )) $attr [ 'smbHome' ] = utf8_encode ( $values -> smb_smbhome ); // sambaAccount_may
if (( $values -> smb_smbhome == '' ) && ( $values -> smb_smbhome != $values_old -> smb_smbhome )) $attr_rem [ 'smbHome' ] = utf8_encode ( $values_old -> smb_smbhome ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if (( $values -> smb_homedrive != '' ) && ( $values -> smb_homedrive != $values_old -> smb_homedrive )) $attr [ 'homeDrive' ] = $values -> smb_homedrive ; // sambaAccount_may
if (( $values -> smb_homedrive == '' ) && ( $values -> smb_homedrive != $values_old -> smb_homedrive )) $attr_rem [ 'homeDrive' ] = $values_old -> smb_homedrive ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if (( $values -> smb_scriptPath != '' ) && ( $values -> smb_scriptPath != $values_old -> smb_scriptPath )) $attr [ 'scriptPath' ] = utf8_encode ( $values -> smb_scriptPath ); // sambaAccount_may
if (( $values -> smb_scriptPath == '' ) && ( $values -> smb_scriptPath != $values_old -> smb_scriptPath )) $attr_rem [ 'scriptPath' ] = utf8_encode ( $values_old -> smb_scriptPath ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if (( $values -> smb_profilePath != '' ) && ( $values -> smb_profilePath != $values_old -> smb_profilePath )) $attr [ 'profilePath' ] = $values -> smb_profilePath ; // sambaAccount_may
if (( $values -> smb_profilePath == '' ) && ( $values -> smb_profilePath != $values_old -> smb_profilePath )) $attr_rem [ 'profilePath' ] = $values_old -> smb_profilePath ; // sambaAccount_may
if (( $values -> smb_smbuserworkstations != '' ) && ( $values -> smb_smbuserworkstations != $values_old -> smb_smbuserworkstations )) $attr [ 'userWorkstations' ] = $values -> smb_smbuserworkstations ; // sambaAccount_may
if (( $values -> smb_smbuserworkstations == '' ) && ( $values -> smb_smbuserworkstations != $values_old -> smb_smbuserworkstations )) $attr_rem [ 'userWorkstations' ] = $values_old -> smb_smbuserworkstations ; // sambaAccount_may
if (( $values -> smb_domain != '' ) && ( $values -> smb_domain != $values_old -> smb_domain )) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
if (( $values -> smb_domain == '' ) && ( $values -> smb_domain != $values_old -> smb_domain )) $attr_rem [ 'domain' ] = $values_old -> smb_domain ; // sambaAccount_may
2003-08-16 09:38:17 +00:00
if (( $values -> smb_mapgroup != '' ) && ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )) $attr [ 'primaryGroupID' ] = $values -> smb_mapgroup ; // sambaAccount_may
if (( $values -> smb_mapgroup == '' ) && ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )) $attr_rem [ 'primaryGroupID' ] = $values_old -> smb_mapgroup ;
2003-09-18 13:54:02 +00:00
if ( $values -> smb_displayName != $values_old -> smb_displayName ) $attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
2003-10-20 17:56:52 +00:00
// Check which personal attributes have changed
2003-06-01 10:02:44 +00:00
if (( $values -> personal_title != $values_old -> personal_title ) && ( $values -> personal_title != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'title' ] = utf8_encode ( $values -> personal_title );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_title != $values_old -> personal_title ) && ( $values -> personal_title == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'title' ] = utf8_encode ( $values_old -> personal_title );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_mail != $values_old -> personal_mail ) && ( $values -> personal_mail != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'mail' ] = utf8_encode ( $values -> personal_mail );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_mail != $values_old -> personal_mail ) && ( $values -> personal_mail == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'mail' ] = utf8_encode ( $values_old -> personal_mail );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_telephoneNumber != $values_old -> personal_telephoneNumber ) && ( $values -> personal_telephoneNumber != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'telephoneNumber' ] = utf8_encode ( $values -> personal_telephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_telephoneNumber != $values_old -> personal_telephoneNumber ) && ( $values -> personal_telephoneNumber == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'telephoneNumber' ] = utf8_encode ( $values_old -> personal_telephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_mobileTelephoneNumber != $values_old -> personal_mobileTelephoneNumber ) && ( $values -> personal_mobileTelephoneNumber != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'mobileTelephoneNumber' ] = utf8_encode ( $values -> personal_mobileTelephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_mobileTelephoneNumber != $values_old -> personal_mobileTelephoneNumber ) && ( $values -> personal_mobileTelephoneNumber == '' ))
2003-11-12 08:08:15 +00:00
$attr_rem [ 'mobileTelephoneNumber' ] = utf8_encode ( $values_old -> personal_mobileTelephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_facsimileTelephoneNumber != $values_old -> personal_facsimileTelephoneNumber ) && ( $values -> personal_facsimileTelephoneNumber != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'facsimileTelephoneNumber' ] = utf8_encode ( $values -> personal_facsimileTelephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_facsimileTelephoneNumber != $values_old -> personal_facsimileTelephoneNumber ) && ( $values -> personal_facsimileTelephoneNumber == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'facsimileTelephoneNumber' ] = utf8_encode ( $values_old -> personal_facsimileTelephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_street != $values_old -> personal_street ) && ( $values -> personal_street != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'street' ] = utf8_encode ( $values -> personal_street );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_street != $values_old -> personal_street ) && ( $values -> personal_street == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'street' ] = utf8_encode ( $values_old -> personal_street );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_street != $values_old -> personal_street ) && ( $values -> personal_street != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'postalCode' ] = utf8_encode ( $values -> personal_street );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_street != $values_old -> personal_street ) && ( $values -> personal_street == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'postalCode' ] = utf8_encode ( $values_old -> personal_street );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_postalAddress != $values_old -> personal_postalAddress ) && ( $values -> personal_postalAddress != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'postalAddress' ] = utf8_encode ( $values -> personal_postalAddress );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_postalAddress != $values_old -> personal_postalAddress ) && ( $values -> personal_postalAddress == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'postalAddress' ] = utf8_encode ( $values_old -> personal_postalAddress );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_employeeType != $values_old -> personal_employeeType ) && ( $values -> personal_employeeType != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'employeeType' ] = utf8_encode ( $values -> personal_employeeType );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_employeeType != $values_old -> personal_employeeType ) && ( $values -> personal_employeeType == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'employeeType' ] = utf8_encode ( $values_old -> personal_employeeType );
2003-05-20 21:12:15 +00:00
2003-11-09 22:09:22 +00:00
if (( $values -> general_uidNumber != $values_old -> general_uidNumber ) && $_SESSION [ 'config' ] -> scriptServer ) {
// Remove old quotas
remquotas ( array ( $values_old -> general_username ), " user " );
// Remove quotas from $values_old because we have to rewrite them all
unset ( $values_old -> quota );
}
2003-10-20 17:56:52 +00:00
if ( $values -> general_dn != $values_old -> general_dn ) {
// Account should be moved to a new location
// Load old account
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
2003-09-18 13:54:02 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-10-20 17:56:52 +00:00
// remove "count" from array
unset ( $attr_old [ 'count' ]);
for ( $i = 0 ; $i < sizeof ( $attr_old ); $i ++ ) unset ( $attr_old [ $i ]);
$keys = array_keys ( $attr_old );
for ( $i = 0 ; $i < sizeof ( $keys ); $i ++ )
unset ( $attr_old [ $keys [ $i ]][ 'count' ]);
// Change uid to new uid. Else ldap won't create the new entry
2003-10-28 11:23:06 +00:00
//$attr_old['uid'][0] = $values->general_username;
$attr_rem_keys = @ array_keys ( $attr_rem );
for ( $i = 0 ; $i < count ( $attr_rem_keys ); $i ++ ) { // Remove attributes which should be deleted from array
if ( isset ( $attr_old [ $attr_rem_keys [ $i ]][ 0 ])) unset ( $attr_old [ $attr_rem_keys [ $i ]]);
}
$attr_keys = @ array_keys ( $attr );
for ( $i = 0 ; $i < count ( $attr_keys ); $i ++ ) { // Add attributes which have changed
$attr_old [ $attr_keys [ $i ]][ 0 ] = $attr [ $attr_keys [ $i ]];
}
2003-10-20 17:56:52 +00:00
// Create account at new location
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_old );
// remove old account
if ( $success ) $success = ldap_delete ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn );
if ( ! $success ) return 5 ;
// Remove all memberUid entries. The new entries will be added again
// Search for groups which have memberUid set to username
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), " (&(objectClass=PosixGroup)(memberUid= $values_old->general_username )) " , array ( '' ));
2003-09-18 13:54:02 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-10-20 17:56:52 +00:00
// loop for every found group and remove membership
while ( $entry ) {
2003-11-13 17:58:51 +00:00
$dn = ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry );
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), $dn , array ( 'memberUid' => $values_old -> general_username ));
2003-10-20 17:56:52 +00:00
// *** fixme add error-message if memberUid couldn't be deleted
2003-11-13 17:58:51 +00:00
// Remove old memberUid to cache-array
if (( isset ( $_SESSION [ 'groupDN' ]))) {
if ( ! in_array ( $values -> general_username , $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ])) {
$i = 0 ;
for ( $i = 0 ; $i < count ( $dn ); $i ++ ) {
if ( $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][ $i ] == $values -> general_username ) unset ( $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][ $i ]);
$_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][ $i ] = array_values ( $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][ $i ]);
}
}
}
2003-10-20 17:56:52 +00:00
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
2003-09-18 13:54:02 +00:00
}
2003-10-28 11:23:06 +00:00
else { // Just modify, not recreate
if ( $attr ) {
// Change or add new attributes
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
if ( ! $success ) return 5 ;
}
if ( $attr_rem ) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_rem );
if ( ! $success ) return 5 ;
}
2003-10-20 17:56:52 +00:00
}
// Write additional groupmemberchips
// Get a list with all groups
2003-09-18 13:54:02 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), 'objectClass=PosixGroup' , array ( 'memberUid' , 'cn' ));
2003-05-20 21:12:15 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$modifygroup = 0 ;
$attr2 = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-10-20 17:56:52 +00:00
// Remove "count" from array
if ( is_array ( $attr2 [ 'memberUid' ])) array_shift ( $attr2 [ 'memberUid' ]);
array_shift ( $attr2 [ 'cn' ]);
2003-05-20 21:12:15 +00:00
if ( $attr2 [ 'memberUid' ]) {
2003-10-20 17:56:52 +00:00
// Remove user from groups he's not member anymore
if ( @ in_array ( $values -> general_username , $attr2 [ 'memberUid' ]) && !@ in_array ( $attr2 [ 'cn' ][ 0 ], $values -> general_groupadd )) {
2003-11-13 17:58:51 +00:00
$dn = ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry );
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), $dn , array ( 'memberUid' => $values -> general_username ));
2003-10-20 17:56:52 +00:00
if ( ! $success ) return 5 ;
2003-11-13 17:58:51 +00:00
// Remove old memberUid to cache-array
2003-11-17 12:10:41 +00:00
ldapreload ( 'group' );
2003-11-13 17:58:51 +00:00
if (( isset ( $_SESSION [ 'groupDN' ]))) {
2003-11-17 12:10:41 +00:00
for ( $i = 0 ; $i < count ( $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ]); $i ++ ) {
if ( $values -> general_username == $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][ $i ]) {
unset ( $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][ $i ]);
$_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ] = array_values ( $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ]);
2003-11-13 17:58:51 +00:00
}
}
}
2003-05-20 21:12:15 +00:00
}
2003-10-20 17:56:52 +00:00
// Add user to groups
if ( !@ in_array ( $values -> general_username , $attr2 [ 'memberUid' ]) && @ in_array ( $attr2 [ 'cn' ][ 0 ], $values -> general_groupadd )) {
2003-11-13 17:58:51 +00:00
$dn = ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry );
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), $dn , array ( 'memberUid' => $values -> general_username ));
2003-05-31 10:52:15 +00:00
if ( ! $success ) return 5 ;
2003-11-13 17:58:51 +00:00
// Add new memberUid to cache-array
2003-11-17 12:10:41 +00:00
ldapreload ( 'group' );
2003-11-13 17:58:51 +00:00
if (( isset ( $_SESSION [ 'groupDN' ]))) {
2003-11-17 12:10:41 +00:00
if ( is_array ( $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ])) {
if ( ! in_array ( $values -> general_username , $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ])) $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][] = $values -> general_username ;
}
else $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][] = $values -> general_username ;
2003-11-13 17:58:51 +00:00
}
2003-05-20 21:12:15 +00:00
}
}
2003-10-20 17:56:52 +00:00
else {
// Add user to groups
if ( @ in_array ( $attr2 [ 'cn' ][ 0 ], $values -> general_groupadd )) {
2003-11-13 17:58:51 +00:00
$dn = ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry );
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), $dn , array ( 'memberUid' => $values -> general_username ));
2003-05-31 10:52:15 +00:00
if ( ! $success ) return 5 ;
2003-11-13 17:58:51 +00:00
// Add new memberUid to cache-array
2003-11-17 12:10:41 +00:00
ldapreload ( 'group' );
2003-11-13 17:58:51 +00:00
if (( isset ( $_SESSION [ 'groupDN' ]))) {
2003-11-17 12:10:41 +00:00
if ( is_array ( $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ])) {
if ( ! in_array ( $values -> general_username , $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ])) $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][] = $values -> general_username ;
}
else $_SESSION [ 'groupDN' ][ $dn ][ 'memberUid' ][] = $values -> general_username ;
2003-11-13 17:58:51 +00:00
}
2003-05-20 21:12:15 +00:00
}
2003-04-23 15:47:00 +00:00
}
2003-05-20 21:12:15 +00:00
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
// Change quotas if quotas are set and lamdaemon.pl should be used
2003-11-09 22:09:22 +00:00
if ( $_SESSION [ 'config' ] -> scriptServer && is_array ( $values -> quota ) && $uselamdaemon && ( $values -> quota != $values_old -> quota ))
setquotas ( array ( $values ));
2003-10-20 17:56:52 +00:00
//make required changes in cache-array
2003-08-18 17:41:34 +00:00
if (( isset ( $_SESSION [ 'userDN' ]))) {
if ( $values -> general_dn != $values_old -> general_dn ) {
unset ( $_SESSION [ 'userDN' ][ $values_old -> general_dn ]);
}
$_SESSION [ 'userDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'userDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
}
2003-10-20 17:56:52 +00:00
// Return 3 if everything has worked fine
2003-05-20 21:12:15 +00:00
return 3 ;
2003-04-23 15:47:00 +00:00
}
2003-05-20 21:12:15 +00:00
2003-10-20 17:56:52 +00:00
/* This function will create a new host acconut in ldap
* $values is an account - object with all attributes of the host
* return - value is an integer
* 1 == Account has been created
* 2 == Account already exists at different location
* 4 == Error while creating Account
*/
function createhost ( $values ) {
// These Objectclasses are needed for an host account
2003-05-17 11:19:03 +00:00
$attr [ 'objectClass' ][ 0 ] = 'posixAccount' ;
$attr [ 'objectClass' ][ 1 ] = 'shadowAccount' ;
2003-10-20 17:56:52 +00:00
$attr [ 'objectClass' ][ 2 ] = 'account' ;
// Create DN for new host account
$values -> general_dn = 'uid=' . $values -> general_username . ',' . $values -> general_dn ;
// Attributes which are required
$attr [ 'cn' ] = $values -> general_username ;
$attr [ 'uid' ] = $values -> general_username ;
$attr [ 'uidNumber' ] = $values -> general_uidNumber ;
$attr [ 'gidNumber' ] = getgid ( $values -> general_group );
$attr [ 'homeDirectory' ] = " /dev/null " ;
2003-09-17 16:57:01 +00:00
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
$attr [ 'loginShell' ] = " /bin/false " ;
$attr [ 'gecos' ] = utf8_encode ( replace_umlaut ( $values -> general_gecos ));
$attr [ 'description' ] = utf8_encode ( $values -> general_gecos );
// Set unix password
// Samba attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// Add all attributes as samba3 objectclass
$attr [ 'objectClass' ][ 3 ] = 'sambaSamAccount' ;
2003-10-21 15:36:12 +00:00
// "Standard" password for new hosts
$attr [ 'sambaNTPassword' ] = '0CB6948805F797BF2A82807973B89537' ;
$attr [ 'sambaLMPassword' ] = '01FC5A6BE7BC6929AAD3B435B51404EE' ;
2003-06-26 16:26:06 +00:00
$attr [ 'sambaPwdLastSet' ] = time (); // sambaAccount_may
2003-08-10 19:46:21 +00:00
$attr [ 'sambaSID' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase ); // sambaAccount_may
2003-11-17 12:10:41 +00:00
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " -515 " ; // sambaAccount_req
2003-08-10 19:46:21 +00:00
$attr [ 'sambaPwdCanChange' ] = time (); // sambaAccount_may
2003-09-17 16:57:01 +00:00
$attr [ 'sambaPwdMustChange' ] = " 1893452400 " ; // sambaAccount_may // anywhere in year 2030
2003-11-17 16:02:23 +00:00
$attr [ 'sambaAcctFlags' ] = smbflag ( $values -> smb_flags ); // sambaAccount_may
2003-09-17 17:04:43 +00:00
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
2003-06-26 16:26:06 +00:00
}
else {
2003-10-20 17:56:52 +00:00
// Add all attributes as samba2.2 objectclass
$attr [ 'objectClass' ][ 3 ] = 'sambaAccount' ;
2003-10-21 15:36:12 +00:00
// "Standard" password for new hosts
$attr [ 'ntPassword' ] = '0CB6948805F797BF2A82807973B89537' ;
$attr [ 'lmPassword' ] = '01FC5A6BE7BC6929AAD3B435B51404EE' ;
2003-06-26 16:26:06 +00:00
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
$attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 ); // sambaAccount_may
$attr [ 'primaryGroupID' ] = ( 2 * getgid ( $values -> general_group ) + 1001 ); // sambaAccount_req
2003-08-10 19:46:21 +00:00
$attr [ 'pwdCanChange' ] = time (); // sambaAccount_may
2003-09-17 16:57:01 +00:00
$attr [ 'pwdMustChange' ] = " 1893452400 " ; // sambaAccount_may // anywhere in 2030
2003-11-17 16:02:23 +00:00
$attr [ 'acctFlags' ] = smbflag ( $values -> smb_flags ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if ( $values -> smb_domain != '' ) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
}
2003-09-17 16:57:01 +00:00
2003-10-20 17:56:52 +00:00
// Create LDAP user account
2003-06-01 10:02:44 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
2003-10-20 17:56:52 +00:00
// Continue if now error did ocour
2003-05-21 11:10:28 +00:00
if ( ! $success ) return 4 ;
2003-10-20 17:56:52 +00:00
// Add new host to cache-array
2003-08-18 17:41:34 +00:00
if (( isset ( $_SESSION [ 'hostDN' ]))) {
$_SESSION [ 'hostDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'hostDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
}
2003-05-21 11:10:28 +00:00
return 1 ;
}
2003-10-20 17:56:52 +00:00
/* This function will modify a host acconut in ldap
* $values and $values_old are an account - object with all
* attributes of the host .
* Only attributes which have changed will be written
* return - value is an integer
* 2 == Account already exists at different location
* 3 == Account has been modified
* 5 == Error while modifying Account
*/
function modifyhost ( $values , $values_old ) {
// Add missing objectclasses to host
if ( ! in_array ( 'posixAccount' , $values -> general_objectClass )) {
$attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'posixAccount' ;
}
if ( ! in_array ( 'shadowAccount' , $values -> general_objectClass )) {
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'shadowAccount' ;
}
// Create DN for new host account
2003-06-26 16:26:06 +00:00
$values -> general_dn = 'uid=' . $values -> general_username . ',' . $values -> general_dn ;
2003-10-20 17:56:52 +00:00
// Attributes which are required
2003-06-01 10:02:44 +00:00
if ( $values -> general_username != $values_old -> general_username ) {
$attr [ 'cn' ] = $values -> general_username ; // posixAccount_req shadowAccount_req sambaAccount_may
$attr [ 'uid' ] = $values -> general_username ; // posixAccount_req
2003-05-21 11:10:28 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_uidNumber != $values_old -> general_uidNumber ) {
2003-10-20 17:56:52 +00:00
$attr [ 'uidNumber' ] = $values -> general_uidNumber ;
// Because sambaSid(rid) is related to uidNumber we have to change it if uidNumbaer has changed
if ( $_SESSION [ 'config' ] -> is_samba3 ())
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase );
else $attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 );
2003-05-21 11:10:28 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_group != $values_old -> general_group ) {
2003-10-20 17:56:52 +00:00
$attr [ 'gidNumber' ] = getgid ( $values -> general_group );
// Because primaryGroup(S)ID is related to gidNumber we have to change it if gidNumber has changed
if ( $_SESSION [ 'config' ] -> is_samba3 ())
// We use samba 3 schema
2003-10-28 18:24:30 +00:00
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " .
( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 );
2003-10-20 17:56:52 +00:00
else
// We use old samba 2.2 schema
2003-10-28 18:24:30 +00:00
$attr [ 'primaryGroupID' ] = ( 2 * getgid ( $values -> general_group ) + 1001 );
2003-10-05 10:38:31 +00:00
}
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
if ( $values -> general_gecos != $values_old -> general_gecos ) {
$attr [ 'gecos' ] = utf8_encode ( replace_umlaut ( $values -> general_gecos )); // posixAccount_may
$attr [ 'description' ] = utf8_encode ( $values -> general_gecos ); // posixAccount_may sambaAccount_may
2003-09-17 16:57:01 +00:00
}
2003-10-20 17:56:52 +00:00
// Samba attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
if ( ! in_array ( 'sambaSamAccount' , $values -> general_objectClass )) {
// We have to convert sambaAccount Objectclass to sambaSamAccount objectclass
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaSamAccount' ;
// unset old sambaAccount objectClass
for ( $i = 0 ; $i < count ( $attr [ 'objectClass' ]); $i ++ )
if ( $attr [ 'objectClass' ][ $i ] == 'sambaAccount' ) unset ( $attr [ 'objectClass' ][ $i ]);
$attr [ 'objectClass' ] = array_values ( $attr [ 'objectClass' ]);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$return -> general_dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr_old [ 'lmPassword' ][ 0 ])) $attr [ 'sambaLMPassword' ] = $attr_old [ 'lmPassword' ][ 0 ];
if ( isset ( $attr_old [ 'ntPassword' ][ 0 ])) $attr [ 'sambaNTPassword' ] = $attr_old [ 'ntPassword' ][ 0 ];
if ( isset ( $attr_old [ 'pwdLastSet' ][ 0 ])) $attr [ 'sambaPwdLastSet' ] = $attr_old [ 'pwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'logonTime' ][ 0 ])) $attr [ 'sambaLogonTime' ] = $attr_old [ 'logonTime' ][ 0 ];
if ( isset ( $attr_old [ 'logoffTime' ][ 0 ])) $attr [ 'sambaLogoffTime' ] = $attr_old [ 'logoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'kickoffTime' ][ 0 ])) $attr [ 'sambaKickoffTime' ] = $attr_old [ 'kickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'pwdCanChange' ][ 0 ])) $attr [ 'sambaPwdCanChange' ] = $attr_old [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'pwdMustChange' ][ 0 ])) $attr [ 'sambaPwdMustChange' ] = $attr_old [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'smbHome' ][ 0 ])) $attr [ 'sambaHomePath' ] = $attr_old [ 'smbHome' ][ 0 ];
if ( isset ( $attr_old [ 'homeDrive' ][ 0 ])) $attr [ 'sambaHomeDrive' ] = $attr_old [ 'homeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'scriptPath' ][ 0 ])) $attr [ 'sambaLogonScript' ] = $attr_old [ 'scriptPath' ][ 0 ];
if ( isset ( $attr_old [ 'profilePath' ][ 0 ])) $attr [ 'sambaProfilePath' ] = $attr_old [ 'profilePath' ][ 0 ];
if ( isset ( $attr_old [ 'userWorkstations' ][ 0 ])) $attr [ 'sambaUserWorkstations' ] = $attr_old [ 'userWorkstations' ][ 0 ];
// Values used from account object
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-11-17 16:02:23 +00:00
$attr [ 'sambaAcctFlags' ] = smbflag ( $values -> smb_flags ); // sambaAccount_may
2003-10-20 17:56:52 +00:00
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase ); // sambaAccount_may
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " . ( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 ); // sambaAccount_req
// remove old attributes
if ( in_array ( 'sambaAccount' , $attr_old [ 'objectClass' ])) $attr_rem [ 'objectClass' ] = 'sambaAccount' ;
if ( isset ( $attr_old [ 'lmPassword' ][ 0 ])) $attr_rem [ 'lmPassword' ] = $attr_old [ 'lmPassword' ][ 0 ];
if ( isset ( $attr_old [ 'ntPassword' ][ 0 ])) $attr_rem [ 'ntPassword' ] = $attr_old [ 'ntPassword' ][ 0 ];
if ( isset ( $attr_old [ 'pwdLastSet' ][ 0 ])) $attr_rem [ 'pwdLastSet' ] = $attr_old [ 'pwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'logonTime' ][ 0 ])) $attr_rem [ 'logonTime' ] = $attr_old [ 'logonTime' ][ 0 ];
if ( isset ( $attr_old [ 'kickoffTime' ][ 0 ])) $attr_rem [ 'kickoffTime' ] = $attr_old [ 'kickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'pwdCanChange' ][ 0 ])) $attr_rem [ 'pwdCanChange' ] = $attr_old [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'pwdMustChange' ][ 0 ])) $attr_rem [ 'pwdMustChange' ] = $attr_old [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'smbHome' ][ 0 ])) $attr_rem [ 'smbHome' ] = $attr_old [ 'smbHome' ][ 0 ];
if ( isset ( $attr_old [ 'acctFlags' ][ 0 ])) $attr_rem [ 'acctFlags' ] = $attr_old [ 'acctFlags' ][ 0 ];
if ( isset ( $attr_old [ 'homeDrive' ][ 0 ])) $attr_rem [ 'homeDrive' ] = $attr_old [ 'homeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'scriptPath' ][ 0 ])) $attr_rem [ 'scriptPath' ] = $attr_old [ 'scriptPath' ][ 0 ];
if ( isset ( $attr_old [ 'profilePath' ][ 0 ])) $attr_rem [ 'profilePath' ] = $attr_old [ 'profilePath' ][ 0 ];
if ( isset ( $attr_old [ 'userWorkstations' ][ 0 ])) $attr_rem [ 'userWorkstations' ] = $attr_old [ 'userWorkstations' ][ 0 ];
if ( isset ( $attr_old [ 'primaryGroupID' ][ 0 ])) $attr_rem [ 'primaryGroupID' ] = $attr_old [ 'primaryGroupID' ][ 0 ];
if ( isset ( $attr_old [ 'domain' ][ 0 ])) $attr_rem [ 'domain' ] = $attr_old [ 'domain' ][ 0 ];
if ( isset ( $attr_old [ 'rid' ][ 0 ])) $attr_rem [ 'rid' ] = $attr_old [ 'rid' ][ 0 ];
}
2003-09-17 16:57:01 +00:00
// Reset password
2003-11-17 16:02:23 +00:00
if ( $values -> smb_flags [ 'N' ]) {
2003-10-21 15:36:12 +00:00
// "Standard" password for new hosts
$attr [ 'sambaNTPassword' ] = '0CB6948805F797BF2A82807973B89537' ;
$attr [ 'sambaLMPassword' ] = '01FC5A6BE7BC6929AAD3B435B51404EE' ;
2003-06-26 16:26:06 +00:00
$attr [ 'sambaPwdLastSet' ] = time (); // sambaAccount_may
2003-04-23 15:47:00 +00:00
}
2003-10-28 18:24:30 +00:00
if ( $values -> smb_domain -> name != $values_old -> smb_domain -> name ) {
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase );
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " .
( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 );
}
2003-06-26 16:26:06 +00:00
}
2003-09-17 16:57:01 +00:00
else {
2003-10-20 17:56:52 +00:00
// use old samba 2.2 objectclass
if ( ! in_array ( 'sambaAccount' , $values -> general_objectClass )) {
// Add or convert samba attributes & object to samba 2.2
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaAccount' ;
// unset old sambaAccount objectClass
for ( $i = 0 ; $i < count ( $attr [ 'objectClass' ]); $i ++ )
if ( $attr [ 'objectClass' ][ $i ] == 'sambaSamAccount' ) unset ( $attr [ 'objectClass' ][ $i ]);
$attr [ 'objectClass' ] = array_values ( $attr [ 'objectClass' ]);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$return -> general_dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr_old [ 'sambaLMPassword' ][ 0 ])) $attr [ 'lmPassword' ] = $attr_old [ 'sambaLMPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaNTPassword' ][ 0 ])) $attr [ 'ntPassword' ] = $attr_old [ 'sambaNTPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdLastSet' ][ 0 ])) $attr [ 'pwdLastSet' ] = $attr_old [ 'sambaPwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonTime' ][ 0 ])) $attr [ 'logonTime' ] = $attr_old [ 'sambaLogonTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogoffTime' ][ 0 ])) $attr [ 'logoffTime' ] = $attr_old [ 'sambaLogoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaKickoffTime' ][ 0 ])) $attr [ 'kickoffTime' ] = $attr_old [ 'sambaKickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdCanChange' ][ 0 ])) $attr [ 'pwdCanChange' ] = $attr_old [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdMustChange' ][ 0 ])) $attr [ 'pwdMustChange' ] = $attr_old [ 'sambaPwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomePath' ][ 0 ])) $attr [ 'smbHome' ] = $attr_old [ 'sambaHomePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomeDrive' ][ 0 ])) $attr [ 'homeDrive' ] = $attr_old [ 'sambaHomeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonScript' ][ 0 ])) $attr [ 'scriptPath' ] = $attr_old [ 'sambaLogonScript' ][ 0 ];
if ( isset ( $attr_old [ 'sambaProfilePath' ][ 0 ])) $attr [ 'profilePath' ] = $attr_old [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaUserWorkstations' ][ 0 ])) $attr [ 'userWorkstations' ] = $attr_old [ 'sambaUserWorkstations' ][ 0 ];
// Values used from account object
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-11-17 16:02:23 +00:00
$attr [ 'acctFlags' ] = smbflag ( $values -> smb_flags ); // sambaAccount_may
2003-10-20 17:56:52 +00:00
if ( $values -> smb_domain != '' ) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
$attr [ 'primaryGroupID' ] = ( 2 * getgid ( $values -> general_group ) + 1001 ); // sambaAccount_req
$attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 ); // sambaAccount_may
// remove old attributes
if ( in_array ( 'sambaSamAccount' , $attr_old [ 'objectClass' ])) $attr_rem [ 'objectClass' ] = 'sambaSamAccount' ;
if ( isset ( $attr_old [ 'sambaLMPassword' ][ 0 ])) $attr_rem [ 'sambaLMPassword' ] = $attr_old [ 'sambaLMPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaNTPassword' ][ 0 ])) $attr_rem [ 'sambaNTPassword' ] = $attr_old [ 'sambaNTPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdLastSet' ][ 0 ])) $attr_rem [ 'sambaPwdLastSet' ] = $attr_old [ 'sambaPwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonTime' ][ 0 ])) $attr_rem [ 'sambaLogonTime' ] = $attr_old [ 'sambaLogonTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaKickoffTime' ][ 0 ])) $attr_rem [ 'sambaKickoffTime' ] = $attr_old [ 'sambaKickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdCanChange' ][ 0 ])) $attr_rem [ 'sambaPwdCanChange' ] = $attr_old [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdMustChange' ][ 0 ])) $attr_rem [ 'sambaPwdMustChange' ] = $attr_old [ 'sambaPwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomePath' ][ 0 ])) $attr_rem [ 'sambaHomePath' ] = $attr_old [ 'sambaHomePAth' ][ 0 ];
if ( isset ( $attr_old [ 'sambaAcctFlags' ][ 0 ])) $attr_rem [ 'sambaAcctFlags' ] = $attr_old [ 'sambaAcctFlags' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomeDrive' ][ 0 ])) $attr_rem [ 'sambaHomeDrive' ] = $attr_old [ 'sambaHomeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonScript' ][ 0 ])) $attr_rem [ 'sambaLogonScript' ] = $attr_old [ 'sambaLogonScript' ][ 0 ];
if ( isset ( $attr_old [ 'sambaProfilePath' ][ 0 ])) $attr_rem [ 'sambaProfilePath' ] = $attr_old [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaUserWorkstations' ][ 0 ])) $attr_rem [ 'sambaUserWorkstations' ] = $attr_old [ 'sambaUserWorkstations' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPrimaryGroupID' ][ 0 ])) $attr_rem [ 'sambaPrimaryGroupID' ] = $attr_old [ 'sambaPrimaryGroupID' ][ 0 ];
if ( isset ( $attr_old [ 'sambaDomainName' ][ 0 ])) $attr_rem [ 'sambaDomainName' ] = $attr_old [ 'sambaDomainName' ][ 0 ];
if ( isset ( $attr_old [ 'sambaSID' ][ 0 ])) $attr_rem [ 'sambaSID' ] = $attr_old [ 'sambaSID' ][ 0 ];
}
2003-11-17 16:02:23 +00:00
if ( $values -> smb_flags [ 'N' ]) {
2003-10-21 15:36:12 +00:00
// "Standard" password for new hosts
$attr [ 'ntPassword' ] = '0CB6948805F797BF2A82807973B89537' ;
$attr [ 'lmPassword' ] = '01FC5A6BE7BC6929AAD3B435B51404EE' ;
2003-09-17 16:57:01 +00:00
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
}
if ( isset ( $attr_old [ 'sambaSID' ][ 0 ])) $attr_rem [ 'sambaSID' ] = $attr_old [ 'sambaSID' ][ 0 ];
2003-06-26 16:26:06 +00:00
if (( $values -> smb_domain != '' ) && ( $values -> smb_domain != $values_old -> smb_domain )) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
if (( $values -> smb_domain == '' ) && ( $values -> smb_domain != $values_old -> smb_domain )) $attr_rem [ 'domain' ] = $values_old -> smb_domain ; // sambaAccount_may
}
2003-10-20 17:56:52 +00:00
if ( $values -> general_dn != $values_old -> general_dn ) {
// Account should be moved to a new location
// Load old account
2003-08-12 19:45:24 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
2003-06-08 10:33:37 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-06-28 13:14:45 +00:00
// remove "count" from array
unset ( $attr_old [ 'count' ]);
for ( $i = 0 ; $i < sizeof ( $attr_old ); $i ++ ) unset ( $attr_old [ $i ]);
$keys = array_keys ( $attr_old );
for ( $i = 0 ; $i < sizeof ( $keys ); $i ++ )
unset ( $attr_old [ $keys [ $i ]][ 'count' ]);
2003-10-20 17:56:52 +00:00
// Change uid to new uid. Else ldap won't create the new entry
2003-10-28 11:23:06 +00:00
//$attr_old['uid'][0] = $values->general_username;
$attr_rem_keys = @ array_keys ( $attr_rem );
for ( $i = 0 ; $i < count ( $attr_rem_keys ); $i ++ ) { // Remove attributes which should be deleted from array
if ( isset ( $attr_old [ $attr_rem_keys [ $i ]][ 0 ])) unset ( $attr_old [ $attr_rem_keys [ $i ]]);
}
$attr_keys = @ array_keys ( $attr );
for ( $i = 0 ; $i < count ( $attr_keys ); $i ++ ) { // Add attributes which have changed
$attr_old [ $attr_keys [ $i ]][ 0 ] = $attr [ $attr_keys [ $i ]];
}
2003-10-20 17:56:52 +00:00
// Create account at new location
2003-06-08 10:33:37 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_old );
2003-10-20 17:56:52 +00:00
// remove old account
2003-06-08 10:33:37 +00:00
if ( $success ) $success = ldap_delete ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn );
2003-08-12 19:45:24 +00:00
if ( ! $success ) return 5 ;
2003-06-08 10:33:37 +00:00
}
2003-10-28 11:23:06 +00:00
else { // Just modify, not recreate
if ( $attr ) {
// Change or add new attributes
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
if ( ! $success ) return 5 ;
}
if ( $attr_rem ) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_rem );
if ( ! $success ) return 5 ;
}
2003-10-20 17:56:52 +00:00
}
2003-10-28 11:23:06 +00:00
2003-10-20 17:56:52 +00:00
//make required changes in cache-array
2003-08-18 17:41:34 +00:00
if (( isset ( $_SESSION [ 'hostDN' ]))) {
if ( $values -> general_dn != $values_old -> general_dn ) {
unset ( $_SESSION [ 'hostDN' ][ $values_old -> general_dn ]);
}
$_SESSION [ 'hostDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'hostDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
}
2003-10-20 17:56:52 +00:00
// Return 3 if everything has worked fine
2003-05-21 11:10:28 +00:00
return 3 ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will create a new group acconut in ldap
* $values is an account - object with all attributes of the group
2003-11-06 10:58:21 +00:00
* if lamdaemon . pl is false no quotas are set . Usefull for massupload and deletion
2003-10-20 17:56:52 +00:00
* return - value is an integer
* 1 == Account has been created
* 2 == Account already exists at different location
* 4 == Error while creating Account
*/
2003-11-06 10:58:21 +00:00
function creategroup ( $values , $uselamdaemon = true ) {
2003-10-20 17:56:52 +00:00
// These Objectclasses are needed for an user account
2003-06-30 12:06:44 +00:00
$attr [ 'objectClass' ][ 0 ] = 'posixGroup' ;
2003-10-20 17:56:52 +00:00
// Create DN for new user account
$values -> general_dn = 'cn=' . $values -> general_username . ',' . $values -> general_dn ;
// Attributes which are required
2003-06-01 10:02:44 +00:00
$attr [ 'cn' ] = $values -> general_username ;
$attr [ 'gidNumber' ] = $values -> general_uidNumber ;
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
2003-09-16 12:44:28 +00:00
if ( $values -> general_gecos ) $attr [ 'description' ] = utf8_encode ( $values -> general_gecos );
2003-10-20 17:56:52 +00:00
// Samba 3 attributes
2003-10-22 13:57:32 +00:00
// $values->smb_mapgroup is not set if creategroup is called from masscreate.php
if ( $_SESSION [ 'config' ] -> is_samba3 () && isset ( $values -> smb_mapgroup )) {
2003-06-30 12:06:44 +00:00
$attr [ 'sambaSID' ] = $values -> smb_mapgroup ;
2003-08-28 18:37:27 +00:00
$attr [ 'objectClass' ][ 1 ] = 'sambaGroupMapping' ;
2003-06-30 12:06:44 +00:00
$attr [ 'sambaGroupType' ] = '2' ;
2003-09-16 12:44:28 +00:00
if ( $values -> smb_displayName ) $attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName );
2003-06-30 12:06:44 +00:00
}
2003-10-20 17:56:52 +00:00
// Write additional group members
2003-12-15 08:48:25 +00:00
if ( is_array ( $values -> unix_memberUid )) $attr [ 'memberUid' ] = $values -> unix_memberUid ;
2003-10-20 17:56:52 +00:00
// Create LDAP group account
2003-06-01 10:02:44 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
2003-10-20 17:56:52 +00:00
// Continue if now error did ocour
2003-10-17 07:58:43 +00:00
if ( ! $success ) return 4 ;
2003-10-20 17:56:52 +00:00
// lamdaemon.pl should be used. Set quotas if quotas are used
2003-11-06 10:58:21 +00:00
if ( $_SESSION [ 'config' ] -> scriptServer && is_array ( $values -> quota ) && $uselamdaemon ) setquotas ( array ( $values ));
2003-10-20 17:56:52 +00:00
// Add new group to cache-array
2003-10-17 07:58:43 +00:00
if (( isset ( $_SESSION [ 'groupDN' ]))) {
2003-11-13 19:56:10 +00:00
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'memberUid' ] = $values -> unix_memberUid ;
2003-10-17 07:58:43 +00:00
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
2003-12-06 14:22:54 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 () && isset ( $values -> smb_mapgroup ))
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'sambaSID' ] = $values -> smb_mapgroup ;
2003-08-18 11:16:37 +00:00
}
2003-10-17 07:58:43 +00:00
return 1 ;
2003-05-21 11:10:28 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will modify a group acconut in ldap
* $values and $values_old are an account - object with all
* attributes of the group .
2003-11-06 10:58:21 +00:00
* if lamdaemon . pl is false no quotas are set . Usefull for massupload and deletion
2003-10-20 17:56:52 +00:00
* Only attributes which have changed will be written
* return - value is an integer
* 2 == Account already exists at different location
* 3 == Account has been modified
* 5 == Error while modifying Account
*/
2003-11-06 10:58:21 +00:00
function modifygroup ( $values , $values_old , $uselamdaemon = true ) {
2003-10-20 17:56:52 +00:00
// Add missing objectclasses to group
if ( ! in_array ( 'posixGroup' , $values -> general_objectClass )) {
$attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'posixGroup' ;
}
if (( $_SESSION [ 'config' ] -> is_samba3 ()) && ( ! in_array ( 'sambaGroupMapping' , $values -> general_objectClass ))) {
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaGroupMapping' ;
$attr [ 'sambaGroupType' ] = '2' ;
}
// Create DN for new group account
2003-06-26 16:26:06 +00:00
$values -> general_dn = 'cn=' . $values -> general_username . ',' . $values -> general_dn ;
2003-06-15 19:28:15 +00:00
2003-10-20 17:56:52 +00:00
// Attributes which are required
2003-06-01 10:02:44 +00:00
if ( $values -> general_username != $values_old -> general_username ) $attr [ 'cn' ] = $values -> general_username ;
2003-09-17 16:57:01 +00:00
if ( $values -> general_uidNumber != $values_old -> general_uidNumber ) {
2003-10-28 18:24:30 +00:00
$attr [ 'gidNumber' ] = $values -> general_uidNumber ;
2003-10-20 17:56:52 +00:00
// Set correct SID if UID was changed
if ( $_SESSION [ 'config' ] -> is_samba3 ()) $attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase + 1 );
2003-09-17 16:57:01 +00:00
}
2003-09-16 12:44:28 +00:00
if ( $values -> general_gecos != $values_old -> general_gecos ) $attr [ 'description' ] = utf8_encode ( $values -> general_gecos );
2003-09-17 17:04:43 +00:00
if ( $values -> smb_displayName != $values_old -> smb_displayName )
2003-09-16 12:44:28 +00:00
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName );
2003-10-20 17:56:52 +00:00
// Samba 3.0 attributes
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-06-30 12:06:44 +00:00
if ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )
$attr [ 'sambaSID' ] = $values -> smb_mapgroup ;
}
2003-10-20 17:56:52 +00:00
// Write Additional group members
2003-09-01 16:04:43 +00:00
if (( $values -> unix_memberUid != $values_old -> unix_memberUid )) {
2003-09-11 16:55:57 +00:00
if ( count ( $values -> unix_memberUid ) == 0 ) $attr_rem [ 'memberUid' ] = $values_old -> unix_memberUid ;
else $attr [ 'memberUid' ] = $values -> unix_memberUid ;
2003-09-01 16:04:43 +00:00
}
2003-11-09 22:09:22 +00:00
// Rewrite quotas if uidnumbers has changed
if ( $values -> general_uidNumber != $values_old -> general_uidNumber && $_SESSION [ 'config' ] -> scriptServer ) {
// Remove old quotas
remquotas ( array ( $values_old -> general_username ), " user " );
// Remove quotas from $values_old because we have to rewrite them all
unset ( $values_old -> quota );
}
2003-09-01 16:04:43 +00:00
2003-10-20 17:56:52 +00:00
if ( $values -> general_dn != $values_old -> general_dn ) {
// Account should be moved to a new location
// Load old account
2003-08-12 19:45:24 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixGroup " );
2003-05-21 11:10:28 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-06-28 13:14:45 +00:00
// remove "count" from array
unset ( $attr_old [ 'count' ]);
for ( $i = 0 ; $i < sizeof ( $attr_old ); $i ++ ) unset ( $attr_old [ $i ]);
2003-10-28 11:23:06 +00:00
$keys = @ array_keys ( $attr_old );
2003-06-28 13:14:45 +00:00
for ( $i = 0 ; $i < sizeof ( $keys ); $i ++ )
unset ( $attr_old [ $keys [ $i ]][ 'count' ]);
2003-10-20 17:56:52 +00:00
// Change cn to new cn. Else ldap won't create the new entry
2003-10-28 11:23:06 +00:00
//$attr_old['cn'][0] = $values->general_username;
$attr_rem_keys = @ array_keys ( $attr_rem );
for ( $i = 0 ; $i < count ( $attr_rem_keys ); $i ++ ) { // Remove attributes which should be deleted from array
if ( isset ( $attr_old [ $attr_rem_keys [ $i ]][ 0 ])) unset ( $attr_old [ $attr_rem_keys [ $i ]]);
}
2003-12-19 12:45:23 +00:00
$attr_keys = @ array_keys ( $attr );
2003-10-28 11:23:06 +00:00
for ( $i = 0 ; $i < count ( $attr_keys ); $i ++ ) { // Add attributes which have changed
$attr_old [ $attr_keys [ $i ]][ 0 ] = $attr [ $attr_keys [ $i ]];
}
2003-10-20 17:56:52 +00:00
// Create account at new location
2003-06-01 10:02:44 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_old );
2003-10-20 17:56:52 +00:00
// remove old account
if ( $success ) $success = ldap_delete ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn );
2003-08-12 19:45:24 +00:00
if ( ! $success ) return 5 ;
2003-04-23 15:47:00 +00:00
}
2003-10-28 11:23:06 +00:00
else { // Just modify, not recreate
if ( $attr ) {
// Change or add new attributes
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
if ( ! $success ) return 5 ;
}
if ( $attr_rem ) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_rem );
if ( ! $success ) return 5 ;
}
2003-10-20 17:56:52 +00:00
}
2003-10-28 11:23:06 +00:00
2003-10-20 17:56:52 +00:00
// Chnage GIDs of all users which are member of group
if ( $_SESSION [ 'final_changegids' ] == true ) {
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_UserSuffix (), 'gidNumber=' . $values_old -> general_uidNumber , array ( '' ));
2003-05-21 11:10:28 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
2003-06-01 10:02:44 +00:00
$user [ 'gidNumber' ][ 0 ] = $values -> general_uidNumber ;
2003-10-17 09:30:13 +00:00
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ), $user );
2003-10-20 17:56:52 +00:00
if ( ! $success ) return 5 ;
2003-05-21 11:10:28 +00:00
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-04-23 15:47:00 +00:00
}
}
2003-10-20 17:56:52 +00:00
// Change quotas if quotas are set and lamdaemon.pl should be used
2003-11-09 22:09:22 +00:00
if ( $_SESSION [ 'config' ] -> scriptServer && is_array ( $values -> quota ) && $uselamdaemon && ( $values -> quota != $values_old -> quota ))
setquotas ( array ( $values ));
2003-10-20 17:56:52 +00:00
//make required changes in cache-array
if (( isset ( $_SESSION [ 'groupDN' ]))) {
2003-08-18 17:41:34 +00:00
if ( $values -> general_dn != $values_old -> general_dn ) {
unset ( $_SESSION [ 'groupDN' ][ $values_old -> general_dn ]);
}
2003-11-13 17:58:51 +00:00
if ( is_array ( $values -> unix_memberUid )) $_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'memberUid' ] = $values -> unix_memberUid ;
2003-08-18 17:41:34 +00:00
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
2003-12-06 14:22:54 +00:00
if ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'sambaSID' ] = $values -> smb_mapgroup ;
2003-08-18 17:41:34 +00:00
}
2003-10-20 17:56:52 +00:00
// Return 3 if everything has worked fine
2003-05-31 10:52:15 +00:00
return 3 ;
2003-04-23 15:47:00 +00:00
}
2003-05-21 11:10:28 +00:00
2003-10-21 13:40:13 +00:00
?>