2003-12-09 18:42:50 +00:00
< ? php
/*
$Id $
This code is part of LDAP Account Manager ( http :// www . sourceforge . net / projects / lam )
Copyright ( C ) 2003 Tilo Lutz
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*/
2003-12-12 00:51:23 +00:00
/* Session variables which are used :
* $_SESSION [ 'cacheAttributes' ] : This variable contains a list of attributes and their scope which should be cached
2003-12-09 18:42:50 +00:00
*
2003-12-12 00:51:23 +00:00
* Coockie variables which are used :
* $_COOKIE [ " IV " ], $_COOKIE [ " Key " ] : Needed to en / decrypt passwords .
*
* Variables in basearray which are no objects :
* type : Type of account . Can be user , group , host
* attributes : List of all attributes , how to get them and are theiy required or optional
* dn : current DN without uid = or cn =
* dn_orig : old DN if account was loaded with uid = or cn =
2003-12-09 18:42:50 +00:00
* External functions which are used
2003-12-15 15:11:44 +00:00
* account . inc : findgroups , incache , get_cache , array_delete , getshells
2003-12-12 00:51:23 +00:00
* ldap . inc : pwd_is_enabled , pwd_hash
*/
2003-12-09 18:42:50 +00:00
/* This class contains all posixAccount LDAP attributes
* and funtioncs required to deal with posixAccount
* posixAccount can only be created when it should be added
* to an array .
* basearray is the same array posixAccount should be added
* to . If basearray is not given the constructor tries to
* create an array with posixAccount and all other required
* objects .
* Example : $user [] = new posixAccount ( $user );
*
* In container array the following things have to exist :
* account or inetOrgPerson object
* type : 'user' or 'host'
* 'attributes' : this is a list of arrays with all ldap attributes wich are allowed for this account
*/
class posixAccount {
// Constructor
2003-12-19 12:45:23 +00:00
function posixAccount ( $base ) {
2003-12-09 18:42:50 +00:00
/* Return an error if posixAccount should be created without
* base container
*/
2003-12-19 12:45:23 +00:00
if ( ! $base ) trigger_error ( _ ( 'Please create a base object with $var = new accountContainer();' ), E_USER_ERROR );
if ( ! is_string ( $base )) trigger_error ( _ ( 'Please create a new module object with $accountContainer->add_objectClass(\'posixAccount\');' ), E_USER_ERROR );
$this -> base = $base ;
2003-12-09 18:42:50 +00:00
// posixAccount is only a valid objectClass for user and host
2003-12-19 12:45:23 +00:00
if ( ! ( $_SESSION [ $this -> base ] -> get_type () == 'user' || $_SESSION [ $this -> base ] -> get_type () != 'host' )) trigger_error ( _ ( 'posixAccount can only be used for users or hosts.' ), E_USER_WARNING );
2003-12-09 18:42:50 +00:00
/* Check if ldap conatiner is in array and set type
* users are using inetOrgPerson - , hosts account - container
*/
2003-12-19 12:45:23 +00:00
if ( ! isset ( $_SESSION [ $this -> base ] -> module [ 'inetOrgPerson' ]) && $_SESSION [ $this -> base ] -> type == 'user' ) $_SESSION [ $this -> base ] -> add_objectClass ( 'inetOrgPerson' );
if ( ! isset ( $_SESSION [ $this -> base ] -> module [ 'account' ]) && $_SESSION [ $this -> base ] -> type == 'host' ) $_SESSION [ $this -> base ] -> add_objectClass ( 'account' );
2003-12-15 15:11:44 +00:00
// Add account type to object
$line =- 1 ;
2003-12-19 12:45:23 +00:00
for ( $i = 0 ; $i < count ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $i ], " NAME 'posixAccount' " )) $line = $i ;
2003-12-15 15:11:44 +00:00
}
// Return error if objectClass isn't found
if ( $line ==- 1 ) trigger_error ( sprintf ( _ ( " ObjectClass %s required but not defined in ldap. " ), 'posixAccount' ), E_USER_WARNING );
// Add Array with all attributes and type
2003-12-19 12:45:23 +00:00
$_SESSION [ $this -> base ] -> add_attributes ( 'posixAccount' );
2003-12-15 15:11:44 +00:00
// create array with must-attributes
// Get startposition in string
2003-12-19 12:45:23 +00:00
if ( strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], 'MUST (' )) {
$string_withtail = substr ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], 'MUST (' ) + 6 );
2003-12-15 15:11:44 +00:00
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
// Ad must
foreach ( explode ( " $ " , $string ) as $attribute ) {
$this -> attributes [ $attribute ] = '' ;
}
2003-12-09 18:42:50 +00:00
}
2003-12-15 15:11:44 +00:00
// create array with may-attributes
// Get startposition in string
2003-12-19 12:45:23 +00:00
if ( strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], 'MAY (' )) {
$string_withtail = substr ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], 'MAY (' ) + 5 );
2003-12-15 15:11:44 +00:00
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
// Ad may
foreach ( explode ( " $ " , $string ) as $attribute ) {
$this -> attributes [ $attribute ] = '' ;
}
}
// Get attributes of subclasses
2003-12-19 12:45:23 +00:00
while ( strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], " SUP " )) {
$string_withtail = substr ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], 'SUP ' ) + 4 );
2003-12-15 15:11:44 +00:00
$subclass = substr ( $string_withtail , 0 , strpos ( $string_withtail , ' ' ));
// Add account type to object
2003-12-19 12:45:23 +00:00
for ( $i = 0 ; $i < count ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses ) || $i ==- 1 ; $i ++ ) {
if ( strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $i ], " NAME ' $subclass ' " )) $line = $i ;
2003-12-15 15:11:44 +00:00
}
// Return error if objectClass isn't found
// *** fixme, fix error message
if ( $line ==- 1 ) trigger_error ( _ ( " objectClass objectClass required but not defined in ldap. " ), E_USER_WARNING );
// create array with must-attributes
// Get startposition in string
2003-12-19 12:45:23 +00:00
if ( strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], 'MUST (' )) {
$string_withtail = substr ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], 'MUST (' ) + 6 );
2003-12-15 15:11:44 +00:00
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
// Ad must
foreach ( explode ( " $ " , $string ) as $attribute ) {
$this -> attributes [ $attribute ] = '' ;
}
2003-12-12 00:51:23 +00:00
}
2003-12-15 15:11:44 +00:00
// create array with may-attributes
// Get startposition in string
2003-12-19 12:45:23 +00:00
if ( strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], 'MAY (' )) {
$string_withtail = substr ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], strpos ( $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> objectClasses [ $line ], 'MAY (' ) + 5 );
2003-12-15 15:11:44 +00:00
// Now we have a string with all must-attributes
$string = substr ( $string_withtail , 0 , strpos ( $string_withtail , ')' ));
$string = trim ( $string );
// Ad may
foreach ( explode ( " $ " , $string ) as $attribute ) {
$this -> attributes [ $attribute ] = '' ;
}
2003-12-12 00:51:23 +00:00
}
}
2003-12-15 15:11:44 +00:00
$this -> alias = _ ( 'posixAccount' );
// Add attributes which should be cached
2003-12-19 12:45:23 +00:00
$_SESSION [ $_SESSION [ $this -> base ] -> cache ] -> add_cache ( array ( 'user' => array ( 'cn' , 'uid' , 'uidNumber' ), 'host' => array ( 'cn' , 'uid' , 'uidNumber' ), 'group' => array ( 'cn' , 'memberUid' )));
2003-12-09 18:42:50 +00:00
/* Check if at least one group does exist in ldap
*/
$groups = findgroups (); // list of all groupnames
2003-12-15 15:11:44 +00:00
if ( count ( $groups ) == 0 ) trigger_error ( _ ( 'No groups found in ldap.' ), E_USER_WARNING );
// Make references to attributes which already esists in ldap
$newattributes = array_keys ( $this -> attributes );
2003-12-19 12:45:23 +00:00
$module = array_keys ( $_SESSION [ $this -> base ] -> module );
2003-12-15 15:11:44 +00:00
// fixme *** do we have to unset module posixAccuont itself
for ( $i = 0 ; $i < count ( $module ); $i ++ ) {
foreach ( $newattributes as $attribute )
2003-12-19 12:45:23 +00:00
if ( isset ( $_SESSION [ $this -> base ] -> module [ $module [ $i ]] -> attributes [ $attribute ])) $this -> attributes [ $attribute ] =& $_SESSION [ $this -> base ] -> module [ $module [ $i ]] -> attributes [ $attribute ];
2003-12-15 15:11:44 +00:00
}
$this -> orig = $this -> attributes ;
2003-12-19 12:45:23 +00:00
$this -> attributes [ 'objectClass' ][ 0 ] = 'posixAccount' ;
2003-12-09 18:42:50 +00:00
}
// Variables
// Alias Name. This name is shown in the menu instead of posixAccount
var $alias ;
2003-12-19 12:45:23 +00:00
// name of accountContainer so we can read other classes in accuontArray
2003-12-12 00:51:23 +00:00
var $base ;
2003-12-09 18:42:50 +00:00
2003-12-15 15:11:44 +00:00
// This variable contains all inetOrgPerson attributes
var $attributes ;
2003-12-09 18:42:50 +00:00
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig ;
2003-12-15 15:11:44 +00:00
/* These two variables keep an array of groups the
* user is also member of .
*/
var $groups ;
var $groups_orig ;
2003-12-09 18:42:50 +00:00
2003-12-12 00:51:23 +00:00
/* This function returns a list with all required modules
*/
function dependencies () {
2003-12-19 12:45:23 +00:00
if ( $_SESSION [ $this -> base ] -> type == 'user' ) return array ( 'inetOrgPerson' );
if ( $_SESSION [ $this -> base ] -> type == 'host' ) return array ( 'account' );
2003-12-12 00:51:23 +00:00
// return error if unsupported type is used
return - 1 ;
}
2003-12-09 18:42:50 +00:00
/* Write variables into object and do some regexp checks
*/
2003-12-19 12:45:23 +00:00
function proccess_attributes ( $post ) {
2003-12-09 18:42:50 +00:00
// Load attributes
2003-12-19 12:45:23 +00:00
$this -> attributes [ 'uidNumber' ][ 0 ] = $post [ 'form_posixAccount_uidNumber' ];
$this -> attributes [ 'gidNumber' ][ 0 ] = getgrnam ( $post [ 'form_posixAccount_gidNumber' ]);
$this -> attributes [ 'homeDirectory' ][ 0 ] = $post [ 'form_posixAccount_homeDirectory' ];
$this -> attributes [ 'loginShell' ][ 0 ] = $post [ 'form_posixAccount_loginShell' ];
$this -> attributes [ 'gecos' ][ 0 ] = $post [ 'form_posixAccount_gecos' ];
2003-12-09 18:42:50 +00:00
// Check if UID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber
2003-12-19 12:45:23 +00:00
if ( $_SESSION [ $this -> base ][ 'type' ] == 'user' ) {
$minID = intval ( $_SESSION [ $_SESSION [ $this -> base ] -> config ] -> get_minUID ());
$maxID = intval ( $_SESSION [ $_SESSION [ $this -> base ] -> config ] -> get_maxUID ());
2003-12-09 18:42:50 +00:00
}
else {
2003-12-19 12:45:23 +00:00
$minID = intval ( $_SESSION [ $_SESSION [ $this -> base ] -> config ] -> get_minMachine ());
$maxID = intval ( $_SESSION [ $_SESSION [ $this -> base ] -> config ] -> get_maxMachine ());
2003-12-09 18:42:50 +00:00
}
2003-12-19 12:45:23 +00:00
$dn_uids = $_SESSION [ $_SESSION [ $this -> base ] -> cache ] -> get_cache ( 'uidNumber' , 'posixAccount' , '*' );
2003-12-15 15:11:44 +00:00
// get_cache will return an array ( dn1 => array(uidnumber1), dn2 => array(uidnumber2), ... )
2003-12-12 00:51:23 +00:00
foreach ( $dn_uids as $uid ) $uids [] = $uid [ 0 ];
2003-12-09 18:42:50 +00:00
if ( is_array ( $uids )) sort ( $uids , SORT_NUMERIC );
2003-12-19 12:45:23 +00:00
if ( $this -> attributes [ 'uidNumber' ][ 0 ] == '' ) {
2003-12-09 18:42:50 +00:00
// No id-number given
2003-12-19 12:45:23 +00:00
if ( $this -> orig [ 'uidNumber' ][ 0 ] == '' ) {
2003-12-09 18:42:50 +00:00
// new account -> we have to find a free id-number
if ( count ( $uids ) != 0 ) {
// There are some uids
// Store highest id-number
$id = $uids [ count ( $uids ) - 1 ];
// Return minimum allowed id-number if all found id-numbers are too low
2003-12-19 12:45:23 +00:00
if ( $id < $minID ) $this -> attributes [ 'uidNumber' ][ 0 ] = $minID ;
2003-12-09 18:42:50 +00:00
// Return higesht used id-number + 1 if it's still in valid range
2003-12-19 12:45:23 +00:00
if ( $id < $maxID ) $this -> attributes [ 'uidNumber' ][ 0 ] = $id + 1 ;
2003-12-09 18:42:50 +00:00
/* If this function is still running we have to fid a free id - number between
* the used id - numbers
*/
$i = intval ( $minID );
while ( in_array ( $i , $uids )) $i ++ ;
if ( $i > $maxID )
2003-12-15 15:11:44 +00:00
$errors [] = array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'No free ID-Number!' ));
2003-12-09 18:42:50 +00:00
else {
2003-12-19 12:45:23 +00:00
$this -> attributes [ 'uidNumber' ][ 0 ] = $i ;
2003-12-09 18:42:50 +00:00
$errors [] = array ( 'WARN' , _ ( 'ID-Number' ), _ ( 'It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.' ));
}
}
2003-12-19 12:45:23 +00:00
else $this -> attributes [ 'uidNumber' ][ 0 ] = $minID ;
2003-12-09 18:42:50 +00:00
// return minimum allowed id-number if no id-numbers are found
}
2003-12-19 12:45:23 +00:00
else $this -> attributes [ 'uidNumber' ][ 0 ] = $this -> orig [ 'uidNumber' ][ 0 ];
2003-12-09 18:42:50 +00:00
// old account -> return id-number which has been used
}
else {
// Check manual ID
// id-number is out of valid range
2003-12-19 12:45:23 +00:00
if ( ( $this -> attributes [ 'uidNumber' ][ 0 ] != $post [ 'form_posixAccount_uidNumber' ]) && ( $this -> attributes [ 'uidNumber' ][ 0 ] < $minID || $this -> attributes [ 'uidNumber' ][ 0 ] > $maxID )) $errors [] = array ( 'ERROR' , _ ( 'ID-Number' ), sprintf ( _ ( 'Please enter a value between %s and %s!' ), $minID , $maxID ));
2003-12-09 18:42:50 +00:00
// $uids is allways an array but not if no entries were found
if ( is_array ( $uids )) {
// id-number is in use and account is a new account
2003-12-19 12:45:23 +00:00
if (( in_array ( $this -> attributes [ 'uidNumber' ][ 0 ], $uids )) && $this -> orig [ 'uidNumber' ][ 0 ] == '' ) $errors [] = array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'ID is already in use' ));
2003-12-09 18:42:50 +00:00
// id-number is in use, account is existing account and id-number is not used by itself
2003-12-19 12:45:23 +00:00
if (( in_array ( $this -> attributes [ 'uidNumber' ][ 0 ], $uids )) && $this -> orig [ 'uidNumber' ][ 0 ] != '' && ( $this -> orig [ 'uidNumber' ][ 0 ] != $this -> attributes [ 'uidNumber' ][ 0 ]) ) {
2003-12-09 18:42:50 +00:00
$errors [] = array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'ID is already in use' ));
2003-12-19 12:45:23 +00:00
$this -> attributes [ 'uidNumber' ][ 0 ] = $this -> orig [ 'uidNumber' ][ 0 ];
2003-12-09 18:42:50 +00:00
}
}
}
// Check if Homedir is valid
2003-12-19 12:45:23 +00:00
$this -> attributes [ 'homeDirectory' ][ 0 ] = str_replace ( '$group' , getgrnam ( $this -> attributes [ 'gidNumber' ][ 0 ]), $this -> attributes [ 'homeDirectory' ][ 0 ]);
if ( $this -> attributes [ 'uid' ][ 0 ] != '' )
$this -> attributes [ 'homeDirectory' ][ 0 ] = str_replace ( '$user' , $this -> attributes [ 'uid' ][ 0 ], $this -> attributes [ 'homeDirectory' ][ 0 ]);
if ( $this -> attributes [ 'homeDirectory' ][ 0 ] != $post [ 'form_posixAccount_homeDirectory' ]) $errors [] = array ( 'INFO' , _ ( 'Home directory' ), _ ( 'Replaced $user or $group in homedir.' ));
if ( ! ereg ( '^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$' , $this -> attributes [ 'homeDirectory' ][ 0 ] ))
2003-12-09 18:42:50 +00:00
$errors [] = array ( 'ERROR' , _ ( 'Home directory' ), _ ( 'Homedirectory contains invalid characters.' ));
2003-12-12 00:51:23 +00:00
// Return error-messages
if ( is_array ( $errors )) return $errors ;
// Go to additional group page when no error did ocour and button was pressed
2003-12-19 12:45:23 +00:00
if ( $post [ 'form_posixAccount_addgroup' ]) return 'group' ;
2003-12-12 00:51:23 +00:00
return 0 ;
2003-12-09 18:42:50 +00:00
}
2003-12-12 00:51:23 +00:00
/* Write variables into object and do some regexp checks
*/
2003-12-19 12:45:23 +00:00
function proccess_group ( $post ) {
2003-12-12 00:51:23 +00:00
do { // X-Or, only one if() can be true
2003-12-19 12:45:23 +00:00
if ( isset ( $post [ 'form_posixAccount_addgroups' ]) && isset ( $post [ 'form_posixAccount_addgroups_button' ])) { // Add groups to list
2003-12-12 00:51:23 +00:00
// Add new group
2003-12-19 12:45:23 +00:00
$this -> groups = @ array_merge ( $this -> groups , $post [ 'form_posixAccount_addgroups' ]);
2003-12-12 00:51:23 +00:00
// remove doubles
$this -> groups = @ array_flip ( $this -> groups );
array_unique ( $this -> groups );
$this -> groups = @ array_flip ( $this -> groups );
// sort groups
sort ( $this -> groups );
break ;
}
2003-12-19 12:45:23 +00:00
if ( isset ( $post [ 'form_posixAccount_removegroups' ]) && isset ( $post [ 'form_posixAccount_removegroups_button' ])) { // remove groups from list
$this -> groups = array_delete ( $post [ 'form_posixAccount_removegroups' ], $this -> groups );
2003-12-12 00:51:23 +00:00
break ;
}
} while ( 0 );
2003-12-19 12:45:23 +00:00
if ( isset ( $post [ 'form_posixAccount_addgroups_button' ]) || isset ( $post [ 'form_posixAccount_removegroups_button' ])) return 'group' ;
if ( $post [ 'form_posixAccount_toattributes' ]) return 'attributes' ;
2003-12-12 00:51:23 +00:00
return 0 ;
}
2003-12-09 18:42:50 +00:00
/* This function loads all attributes into the object
* $attr is an array as it ' s retured from ldap_get_attributes
*/
function load_attributes ( $attr ) {
2003-12-12 00:51:23 +00:00
// Load attributes which are displayed
2003-12-15 15:11:44 +00:00
// unset count entries
unset ( $attr [ 'count' ]);
$attributes = array_keys ( $attr );
foreach ( $attributes as $attribute ) unset ( $attr [ $attribute ][ 'count' ]);
// unset double entries
for ( $i = 0 ; $i < count ( $attr ); $i ++ )
if ( isset ( $attr [ $i ])) unset ( $attr [ $i ]);
foreach ( $attributes as $attribute ) {
if ( isset ( $this -> attributes [ $attribute ])) {
// decode as unicode
$this -> attributes [ $attribute ] = $attr [ $attribute ];
for ( $i = 0 ; $i < count ( $this -> attributes [ $attribute ]); $i ++ ) $this -> attributes [ $attribute ][ $i ] = utf8_decode ( $this -> attributes [ $attribute ][ $i ]);
}
2003-12-12 00:51:23 +00:00
}
2003-12-15 15:11:44 +00:00
// Values are kept as copy so we can compare old attributes with new attributes
$this -> orig = $this -> attributes ;
2003-12-19 12:45:23 +00:00
$this -> attributes [ 'objectClass' ][ 0 ] = 'posixAccount' ;
2003-12-12 00:51:23 +00:00
// get all additional groupmemberships
2003-12-19 12:45:23 +00:00
$dn_groups = $_SESSION [ $_SESSION [ $this -> base ] -> cache ] -> get_cache ( 'memberUid' , 'posixGroup' , 'group' );
2003-12-12 00:51:23 +00:00
$DNs = array_keys ( $dn_groups );
foreach ( $DNs as $DN ) {
if ( in_array ( $attr [ 'uid' ], $dn_groups [ $DN ]))
$this -> groups [] = substr ( $DN , 3 , strpos ( $DN , ',' ) - 1 );
}
2003-12-15 15:11:44 +00:00
$this -> groups_orig = $this -> groups ;
2003-12-12 00:51:23 +00:00
return 0 ;
2003-12-09 18:42:50 +00:00
}
2003-12-12 00:51:23 +00:00
2003-12-09 18:42:50 +00:00
/* This function returns an array with 3 entries :
2003-12-12 00:51:23 +00:00
* array ( DN1 ( 'add' => array ( $attr ), 'remove' => array ( $attr ), 'modify' => array ( $attr )), DN2 .... )
* DN is the DN to change . It may be possible to change several DNs ,
* e . g . create a new user and add him to some groups via attribute memberUid
2003-12-09 18:42:50 +00:00
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes () {
2003-12-12 00:51:23 +00:00
// Get list of all "easy" attributes
2003-12-19 12:45:23 +00:00
$attr_names = array_keys ( $this -> attributes );
// Get attributes which should be added
for ( $i = 0 ; $i < count ( $attr_names ); $i ++ ) {
for ( $j = 0 ; $j < count ( $this -> orig [ $attr_names [ $i ]]); $j ++ ) {
if ( is_array ( $this -> attributes [ $attr_names [ $i ]])) {
if ( ! in_array ( $this -> orig [ $attr_names [ $i ]][ $j ], $this -> attributes [ $attr_names [ $i ]]))
if ( $this -> orig [ $attr_names [ $i ]][ $j ] != '' ) $torem [ $attr_names [ $i ]][] = utf8_encode ( $this -> orig [ $attr_names [ $i ]][ $j ]);
}
else if ( $this -> orig [ $attr_names [ $i ]][ $j ] != '' ) $torem [ $attr_names [ $i ]][] = utf8_encode ( $this -> orig [ $attr_names [ $i ]][ $j ]);
}
for ( $j = 0 ; $j < count ( $this -> attributes [ $attr_names [ $i ]]); $j ++ ) {
if ( is_array ( $this -> orig [ $attr_names [ $i ]])) {
if ( ! in_array ( $this -> attributes [ $attr_names [ $i ]][ $j ], $this -> orig [ $attr_names [ $i ]]))
if ( $this -> attributes [ $attr_names [ $i ]][ $j ] != '' ) $toadd [ $attr_names [ $i ]][] = utf8_encode ( $this -> attributes [ $attr_names [ $i ]][ $j ]);
}
else if ( $this -> attributes [ $attr_names [ $i ]][ $j ] != '' ) $toadd [ $attr_names [ $i ]][] = utf8_encode ( $this -> attributes [ $attr_names [ $i ]][ $j ]);
}
for ( $j = 0 ; $j < count ( $this -> attributes [ $attr_names [ $i ]]); $j ++ ) {
if ( is_array ( $this -> orig [ $attr_names [ $i ]]) && is_array ( $this -> attributes [ $attr_names [ $i ]])) {
if (( $this -> attributes [ $attr_names [ $i ]][ $j ] == $this -> orig [ $attr_names [ $i ]][ $j ]) && $this -> attributes [ $attr_names [ $i ]][ $j ] != '' )
$notchanged [ $attr_names [ $i ]][] = utf8_encode ( $this -> attributes [ $attr_names [ $i ]][ $j ]);
}
}
}
// create modify wuth add and remove
if ( is_array ( $toadd )) {
$attributes = array_keys ( $toadd );
for ( $i = 0 ; $i < count ( $attributes ); $i ++ ) {
if ( isset ( $torem [ $attributes [ $i ]])) {
// found modify entry
// Add unchanged attributes
if ( isset ( $notchanged [ $attributes [ $i ]])) $tomodify [ $attributes [ $i ]] = $notchanged [ $attributes [ $i ]];
$tomodify [ $attributes [ $i ]] = array_merge_recursive ( $tomodify [ $attributes [ $i ]], $toadd [ $attributes [ $i ]]);
// unset attributes
if ( isset ( $notchanged [ $attributes [ $i ]])) unset ( $notchanged [ $attributes [ $i ]]);
if ( isset ( $toadd [ $attributes [ $i ]])) unset ( $toadd [ $attributes [ $i ]]);
if ( isset ( $torem [ $attributes [ $i ]])) unset ( $torem [ $attributes [ $i ]]);
}
2003-12-15 15:11:44 +00:00
}
2003-12-12 00:51:23 +00:00
}
2003-12-19 12:45:23 +00:00
if ( count ( $toadd ) != 0 ) $return [ $_SESSION [ $this -> base ] -> dn ][ 'add' ] = $toadd ;
if ( count ( $torem ) != 0 ) $return [ $_SESSION [ $this -> base ] -> dn ][ 'remove' ] = $torem ;
if ( count ( $tomodify ) != 0 ) $return [ $_SESSION [ $this -> base ] -> dn ][ 'modify' ] = $tomodify ;
if ( count ( $notchanged ) != 0 ) $return [ $_SESSION [ $this -> base ] -> dn ][ 'notchanged' ] = $notchanged ;
2003-12-15 15:11:44 +00:00
// Remove primary group from additional groups
for ( $i = 0 ; $i < count ( $this -> groups ); $i ++ ) {
if ( $this -> groups [ $i ] == getgrnam ( $this -> attributes [ 'gidNumber' ])) unset ( $this -> groups [ $i ]);
2003-12-12 00:51:23 +00:00
}
2003-12-15 15:11:44 +00:00
2003-12-12 00:51:23 +00:00
// Set additional group memberships
if ( is_array ( $this -> groups )) {
// There are some additional groups defined
2003-12-15 15:11:44 +00:00
if ( is_array ( $this -> groups_orig )) {
2003-12-12 00:51:23 +00:00
//There are some old groups.
2003-12-15 15:11:44 +00:00
$add = array_delete ( $this -> groups_orig , $this -> groups );
$remove = array_delete ( $this -> groups , $this -> groups_orig );
2003-12-19 12:45:23 +00:00
$dn_cns = $_SESSION [ $_SESSION [ $this -> base ] -> cache ] -> get_cache ( 'cn' , 'posixGroup' , 'group' );
2003-12-15 15:11:44 +00:00
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
2003-12-12 00:51:23 +00:00
$DNs = array_keys ( $dn_cns );
foreach ( $DNs as $DN ) {
2003-12-15 15:11:44 +00:00
if ( in_array ( $dn_cns [ $DN ], $add )) $return [ $DN ][ 'add' ][ 'memberUid' ] = $this -> attributes [ 'uid' ];
if ( in_array ( $dn_cns [ $DN ], $remove )) $return [ $DN ][ 'remove' ][ 'memberUid' ] = $this -> attributes [ 'uid' ];
2003-12-12 00:51:23 +00:00
}
2003-12-15 15:11:44 +00:00
// primary group mut also be removed if it has changed after setting additional groups
if ( in_array ( getgrnam ( $this -> attributes [ 'gidNumber' ]), $this -> groups_orig )) $return [ $DN ][ 'remove' ][ 'memberUid' ] = $this -> attributes [ 'uid' ];
2003-12-12 00:51:23 +00:00
}
else {
// Add user to every group
2003-12-19 12:45:23 +00:00
$dn_cns = $_SESSION [ $_SESSION [ $this -> base ] -> cache ] -> get_cache ( 'cn' , 'posixGroup' , 'group' );
2003-12-15 15:11:44 +00:00
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
2003-12-12 00:51:23 +00:00
$DNs = array_keys ( $dn_cns );
foreach ( $DNs as $DN ) {
2003-12-15 15:11:44 +00:00
if ( in_array ( $dn_cns [ $DN ], $this -> groups )) $return [ $DN ][ 'add' ][ 'memberUid' ] = $this -> attributes [ 'uid' ];
2003-12-12 00:51:23 +00:00
}
}
}
else {
2003-12-15 15:11:44 +00:00
if ( is_array ( $this -> groups_orig )) {
2003-12-12 00:51:23 +00:00
//There are some old groups which have to be removed
2003-12-19 12:45:23 +00:00
$dn_cns = $_SESSION [ $_SESSION [ $this -> base ] -> cache ] -> get_cache ( 'cn' , 'posixGroup' , 'group' );
2003-12-15 15:11:44 +00:00
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
2003-12-12 00:51:23 +00:00
$DNs = array_keys ( $dn_cns );
foreach ( $DNs as $DN ) {
2003-12-15 15:11:44 +00:00
if ( in_array ( $dn_cns [ $DN ], $this -> orig [ 'groups' ])) $return [ $DN ][ 'remove' ][ 'memberUid' ] = $this -> attributes [ 'uid' ];
2003-12-12 00:51:23 +00:00
}
}
}
2003-12-15 15:11:44 +00:00
return $return ;
2003-12-09 18:42:50 +00:00
}
2003-12-15 15:11:44 +00:00
2003-12-09 18:42:50 +00:00
/* This function returns all ldap attributes
* which are part of posixAccount and returns
* also their values .
*/
function get_attributes () {
2003-12-15 15:11:44 +00:00
return $this -> attributes ;
2003-12-09 18:42:50 +00:00
}
/* This function will create the html - page
* to show a page with all attributes .
* It will output a complete html - table
*/
2003-12-19 12:45:23 +00:00
function display_html_attributes ( $post ) {
2003-12-09 18:42:50 +00:00
$groups = findgroups (); // list of all groupnames
$shelllist = getshells (); // list of all valid shells
echo " <table border=0 width= \" 100% \" > \n <tr> \n " ;
2003-12-19 12:45:23 +00:00
echo " <td> " . _ ( 'UID number' ) . " </td> \n " ;
echo " <td><input name= \" form_posixAccount_uidNumber \" type= \" text \" size= \" 6 \" maxlength= \" 6 \" value= \" " . $this -> attributes [ 'uidNumber' ][ 0 ] . " \" ></td> \n " ;
2003-12-09 18:42:50 +00:00
echo " <td><a href= \" ../help.php?HelpNumber=401 \" target= \" lamhelp \" > " . _ ( 'Help' ) . " </a></td> \n " ;
echo " </tr> \n " ;
echo " <tr> \n " ;
echo " <td> " . _ ( 'Primary group' ) . " *</td> \n " ;
echo " <td><select name= \" form_posixAccount_group \" > " ;
// loop trough existing groups
foreach ( $groups as $group )
2003-12-19 12:45:23 +00:00
if ( getgrnam ( $this -> attributes [ 'gidNumber' ][ 0 ]) == $group ) echo " <option selected> $group </option> \n " ;
2003-12-09 18:42:50 +00:00
else echo " <option> $group </option> \n " ;
echo " </select></td> \n " ;
echo " <td><a href= \" ../help.php?HelpNumber=406 \" target= \" lamhelp \" > " . _ ( 'Help' ) . " </a></td> \n " ;
echo " </tr> \n " ;
2003-12-19 12:45:23 +00:00
if ( $_SESSION [ $this -> base ] -> type == 'user' ) {
2003-12-09 18:42:50 +00:00
echo " <tr> \n " ;
echo " <td> " . _ ( 'Additional groups' ) . " </td> \n " ;
echo " <td><input name= \" form_posixAccount_addgroup \" type= \" submit \" value= \" " . _ ( 'Edit groups' ) . " \" ></td> \n " ;
echo " <td><a href= \" ../help.php?HelpNumber=402 \" target= \" lamhelp \" > " . _ ( 'Help' ) . " </a></td> \n " ;
echo " </tr> \n " ;
echo " <tr> \n " ;
echo " <td> " . _ ( 'Home directory' ) . " *</td> \n " ;
2003-12-19 12:45:23 +00:00
echo " <td><input name= \" form_posixAccount_homeDirectory \" type= \" text \" size= \" 30 \" maxlength= \" 255 \" value= \" " . $this -> attributes [ 'homeDirectory' ][ 0 ] . " \" ></td> \n " ;
2003-12-09 18:42:50 +00:00
echo " <td><a href= \" ../help.php?HelpNumber=403 \" target= \" lamhelp \" > " . _ ( 'Help' ) . " </a></td> \n " ;
echo " </tr> \n " ;
}
echo " <tr> \n " ;
echo " <td> " . _ ( 'Gecos' ) . " </td> \n " ;
2003-12-19 12:45:23 +00:00
echo " <td><input name= \" form_posixAccount_gecos \" type= \" text \" size= \" 30 \" maxlength= \" 255 \" value= \" " . $this -> attributes [ 'gecos' ][ 0 ] . " \" ></td> \n " ;
2003-12-09 18:42:50 +00:00
echo " <td><a href= \" ../help.php?HelpNumber=404 \" target= \" lamhelp \" > " . _ ( 'Help' ) . " </a></td> \n " ;
echo " </tr> \n " ;
2003-12-19 12:45:23 +00:00
if ( $_SESSION [ $this -> base ] -> type == 'user' ) {
2003-12-09 18:42:50 +00:00
if ( count ( $shelllist ) != 0 ) {
echo " <tr> \n " ;
echo " <td> " . _ ( 'Login shell' ) . " *</td> \n " ;
echo " <td><select name= \" form_posixAccount_loginShell \" > " ;
// loop through shells
foreach ( $shelllist as $shell )
2003-12-19 12:45:23 +00:00
if ( $this -> attributes [ 'loginShell' ][ 0 ] == trim ( $shell )) echo " <option selected> $shell </option> \n " ;
2003-12-09 18:42:50 +00:00
else echo " <option> $shell </option> \n " ;
echo " </select></td> \n " ;
echo " <td><a href= \" ../help.php?HelpNumber=405 \" target= \" lamhelp \" > " . _ ( 'Help' ) . " </a></td> \n " ;
echo " </tr> \n " ;
}
}
echo " </table> \n " ;
return 0 ;
}
2003-12-19 12:45:23 +00:00
function display_html_group ( $post ) {
2003-12-09 18:42:50 +00:00
// load list with all groups
2003-12-19 12:45:23 +00:00
$dn_groups = $_SESSION [ $_SESSION [ $this -> base ] -> cache ] -> get_cache ( 'uidNumber' , 'posixGroup' , 'group' );
2003-12-12 00:51:23 +00:00
foreach ( $dn_groups as $group ) $groups [] = $group [ 0 ];
2003-12-09 18:42:50 +00:00
// sort groups
sort ( $groups , SORT_STRING );
// remove groups the user is member of from grouplist
$groups = array_delete ( $this -> groups , $groups );
// Remove primary group from grouplist
$groups = array_flip ( $groups );
2003-12-15 15:11:44 +00:00
if ( isset ( $groups [ getgrnam ( $this -> attributes [ 'gidNumber' ])])) unset ( $groups [ getgrnam ( $this -> attributes [ 'gidNumber' ])]);
2003-12-09 18:42:50 +00:00
$groups = array_flip ( $groups );
echo " <table border=0 width= \" 100% \" > \n <tr> \n " ;
echo " <td><fieldset class= \" useredit-bright \" > " ;
echo " <legend class= \" useredit-bright \" ><b> " . _ ( " Additional groups " ) . " </b></legend> \n " ;
echo " <table border=0 width= \" 100% \" > \n <tr> \n " ;
echo " <td valign= \" top \" > " ;
echo " <fieldset class= \" useredit-bright \" > " ;
echo " <legend class= \" useredit-bright \" > " . _ ( " Selected groups " ) . " </legend> \n " ;
// Show all groups the user is additional member of
if ( count ( $this -> groups ) != 0 ) {
echo " <select name= \" form_posixAccount_removegroups[] \" class= \" useredit-bright \" size=15 multiple> \n " ;
for ( $i = 0 ; $i < count ( $this -> groups ); $i ++ )
if ( $this -> groups [ $i ] != '' ) echo " <option> $this->groups [ $i ] </option> \n " ;
echo " </select> \n " ;
}
echo " </fieldset></td> \n " ;
echo " <td align= \" center \" width= \" 10% \" ><input type= \" submit \" name= \" form_posixAccount_addgroups_button \" value= \" <= \" > " ;
echo " " ;
echo " <input type= \" submit \" name= \" form_posixAccount_removegroups_button \" value= \" => \" ><br><br> " ;
echo " <a href= \" " . " ../help.php?HelpNumber=402 \" target= \" lamhelp \" > " . _ ( 'Help' ) . " </a></td> \n " ;
echo " <td valign= \" top \" > \n " ;
echo " <fieldset class= \" useredit-bright \" > " ;
echo " <legend class= \" useredit-bright \" > " . _ ( 'Available groups' ) . " </legend> \n " ;
// show all groups expect these the user is member of
if ( count ( $groups ) != 0 ) {
echo " <select name= \" form_posixAccount_addgroups[] \" size=15 multiple class= \" useredit-bright \" > \n " ;
for ( $i = 0 ; $i < count ( $groups ); $i ++ )
if ( $groups [ $i ] != '' ) echo " <option> $groups[$i] </option> \n " ;
echo " </select> \n " ;
}
echo " </fieldset></td> \n " ;
echo " </tr> \n " ;
echo " </table> \n " ;
2003-12-12 00:51:23 +00:00
echo " <input name= \" form_posixAccount_toattributes \" type= \" submit \" value= \" " ; echo _ ( 'Back' ); echo " \" > \n " ;
2003-12-09 18:42:50 +00:00
echo " </fieldset> \n " ;
echo " </td></tr></table> \n " ;
return 0 ;
}
}
?>