2003-12-19 12:45:23 +00:00
< ? php
/*
$Id $
This code is part of LDAP Account Manager ( http :// www . sourceforge . net / projects / lam )
Copyright ( C ) 2003 Tilo Lutz
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*/
/* Session variables which are used :
* $_SESSION [ 'cacheAttributes' ] : This variable contains a list of attributes and their scope which should be cached
*
* Coockie variables which are used :
* $_COOKIE [ " IV " ], $_COOKIE [ " Key " ] : Needed to en / decrypt passwords .
*
* Variables in basearray which are no objects :
* type : Type of account . Can be user , group , host
* attributes : List of all attributes , how to get them and are theiy required or optional
* dn : current DN without uid = or cn =
* dn_orig : old DN if account was loaded with uid = or cn =
* External functions which are used
* account . inc : findgroups , incache , get_cache , array_delete , getshells
* ldap . inc : pwd_is_enabled , pwd_hash
*/
/* This class contains all shadowAccount LDAP attributes
* and funtioncs required to deal with shadowAccount
* shadowAccount can only be created when it should be added
* to an array .
* basearray is the same array shadowAccount should be added
* to . If basearray is not given the constructor tries to
* create an array with shadowAccount and all other required
* objects .
* Example : $user [] = new shadowAccount ( $user );
*
* In container array the following things have to exist :
* account or inetOrgPerson object
* type : 'user' or 'host'
* 'attributes' : this is a list of arrays with all ldap attributes wich are allowed for this account
*/
2004-06-08 18:54:37 +00:00
class shadowAccount extends baseModule {
2004-06-13 19:58:58 +00:00
2004-07-04 15:18:53 +00:00
/**
* Creates a new shadowAccount object .
*
* @ param string $scope account type ( user , group , host )
*/
function shadowAccount ( $scope ) {
// error messages for input checks
$this -> messages [ 'shadowMin' ] = array ( 'ERROR' , _ ( 'Password minage' ), _ ( 'Password minage must be are natural number.' ));
$this -> messages [ 'shadowMax' ] = array ( 'ERROR' , _ ( 'Password maxage' ), _ ( 'Password maxage must be are natural number.' ));
$this -> messages [ 'inactive' ] = array ( 'ERROR' , _ ( 'Password Expire' ), _ ( 'Password expire must be are natural number or -1.' ));
$this -> messages [ 'shadowWarning' ] = array ( 'ERROR' , _ ( 'Password warn' ), _ ( 'Password warn must be are natural number.' ));
$this -> messages [ 'shadow_cmp' ] = array ( 'ERROR' , _ ( 'Password maxage' ), _ ( 'Password maxage must bigger as Password Minage.' ));
// call parent constructor
parent :: baseModule ( $scope );
}
2004-06-13 19:58:58 +00:00
/**
* Returns meta data that is interpreted by parent class
*
* @ return array array with meta data
*/
function get_metaData () {
$return = array ();
// manages user accounts
$return [ " account_types " ] = array ( " user " );
2004-06-14 16:05:36 +00:00
// alias name
$return [ " alias " ] = _ ( 'Shadow' );
2004-06-20 17:32:02 +00:00
// module dependencies
$return [ 'dependencies' ] = array ( 'depends' => array ( 'posixAccount' ), 'conflicts' => array ());
2004-07-04 15:18:53 +00:00
// lists for expiration date
$day = array (); $mon = array (); $year = array ();
for ( $i = 1 ; $i <= 31 ; $i ++ ) $day [] = $i ;
for ( $i = 1 ; $i <= 12 ; $i ++ ) $mon [] = $i ;
for ( $i = 2003 ; $i <= 2030 ; $i ++ ) $year [] = $i ;
$return [ 'profile_options' ] = array (
// password warning
array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Password warn' )),
1 => array ( 'kind' => 'input' , 'name' => 'shadowAccount_shadowWarning' , 'type' => 'text' , 'size' => '4' , 'maxlength' => '4' , 'value' => " " ),
2 => array ( 'kind' => 'help' , 'value' => 'TODO' )),
// password expiration
array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Password expire' )),
1 => array ( 'kind' => 'input' , 'name' => 'shadowAccount_shadowInactive' , 'type' => 'text' , 'size' => '4' , 'maxlength' => '4' , 'value' => " " ),
2 => array ( 'kind' => 'help' , 'value' => 'TODO' )),
// minimum password age
array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Minimum password age' )),
1 => array ( 'kind' => 'input' , 'name' => 'shadowAccount_shadowMin' , 'type' => 'text' , 'size' => '5' , 'maxlength' => '5' , 'value' => " " ),
2 => array ( 'kind' => 'help' , 'value' => 'TODO' )),
// maximum password age
array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Maximum password age' )),
1 => array ( 'kind' => 'input' , 'name' => 'shadowAccount_shadowMax' , 'type' => 'text' , 'size' => '5' , 'maxlength' => '5' , 'value' => " " ),
2 => array ( 'kind' => 'help' , 'value' => 'TODO' )),
// expiration date
array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Expire day' )),
1 => array ( 'kind' => 'table' , 'value' => array (
0 => array (
0 => array ( 'kind' => 'select' , 'name' => 'shadowAccount_shadowExpire_day' ,
'options' => $day , 'options_selectd' => " " ),
1 => array ( 'kind' => 'select' , 'name' => 'shadowAccount_shadowExpire_mon' ,
'options' => $mon , 'options_selectd' => " " ),
2 => array ( 'kind' => 'select' , 'name' => 'shadowAccount_shadowExpire_yea' ,
'options' => $year , 'options_selectd' => " " )
)
)),
2 => array ( 'kind' => 'help' , 'value' => 'TODO' ))
);
2004-07-13 14:51:28 +00:00
// profile checks
$return [ 'profile_checks' ][ 'shadowAccount_shadowMin' ] = array ( 'type' => 'regex' , 'regex' => $this -> regex_number ,
'error_message' => $this -> messages [ 'shadowMin' ]);
$return [ 'profile_checks' ][ 'shadowAccount_shadowMax' ] = array ( 'type' => 'regex' , 'regex' => $this -> regex_number ,
'error_message' => $this -> messages [ 'shadowMax' ]);
$return [ 'profile_checks' ][ 'shadowAccount_cmp' ] = array ( 'type' => 'int_greater' , 'cmp_name1' => 'shadowAccount_shadowMax' ,
'cmp_name2' => 'shadowAccount_shadowMin' , 'error_message' => $this -> messages [ 'shadow_cmp' ]);
$return [ 'profile_checks' ][ 'shadowAccount_shadowInactive' ] = array ( 'type' => 'regex' , 'regex' => $this -> regex_inactive ,
'error_message' => $this -> messages [ 'inactive' ]);
$return [ 'profile_checks' ][ 'shadowAccount_shadowWarning' ] = array ( 'type' => 'regex' , 'regex' => $this -> regex_number ,
'error_message' => $this -> messages [ 'shadowWarning' ]);
2004-08-17 15:16:17 +00:00
// available PDF fields
$return [ 'PDF_fields' ] = array ( 'shadowLastChange' ,
'shadowWarning' ,
'shadowInactive' ,
'shadowExpire' ,
'shadowFlag' ,
'description' );
2004-09-08 17:39:06 +00:00
// help Entries
$return [ 'help' ] = array ( 'shadowWarning' => array ( " ext " => " FALSE " , " Headline " => _ ( " Password warn " ), " Text " => _ ( " Days before password is to expire that user is warned of pending password expiration. If set value must be 0<. " ) . ' ' . _ ( " Can be left empty. " )),
'shadowInactive' => array ( " ext " => " FALSE " , " Headline " => _ ( " Password expire " ), " Text " => _ ( " Number of days a user can login even his password has expired. -1=always. " ) . ' ' . _ ( " Can be left empty. " )),
'shadowMin' => array ( " ext " => " FALSE " , " Headline " => _ ( " Minimum password age " ), " Text " => _ ( " Number of days a user has to wait until he \ 's allowed to change his password again. If set value must be 0<. " ) . ' ' . _ ( " Can be left empty. " )),
'shadowMax' => array ( " ext " => " FALSE " , " Headline " => _ ( " Maximum password age " ), " Text " => _ ( " Number of days after a user has to change his password again. If set value must be 0<. " ) . ' ' . _ ( " Can be left empty. " )),
'shadowExpire' => array ( " ext " => " FALSE " , " Headline " => _ ( " Expire date " ), " Text " => _ ( " Account expire date. Format: DD-MM-YYYY " )));
2004-06-13 19:58:58 +00:00
return $return ;
}
2003-12-19 12:45:23 +00:00
// Constructor
2004-06-08 18:54:37 +00:00
function init ( $base ) {
2004-09-01 20:53:06 +00:00
// call parent init
parent :: init ( $base );
2003-12-19 12:45:23 +00:00
// Add Array with all attributes and type
2003-12-20 19:24:01 +00:00
$this -> attributes = $_SESSION [ $this -> base ] -> get_module_attributes ( 'shadowAccount' );
2003-12-19 12:45:23 +00:00
$_SESSION [ $this -> base ] -> add_attributes ( 'shadowAccount' );
// Make references to attributes which already esists in ldap
$newattributes = array_keys ( $this -> attributes );
$module = array_keys ( $_SESSION [ $this -> base ] -> module );
for ( $i = 0 ; $i < count ( $module ); $i ++ ) {
foreach ( $newattributes as $attribute )
if ( isset ( $_SESSION [ $this -> base ] -> module [ $module [ $i ]] -> attributes [ $attribute ])) $this -> attributes [ $attribute ] =& $_SESSION [ $this -> base ] -> module [ $module [ $i ]] -> attributes [ $attribute ];
}
$this -> orig = $this -> attributes ;
$this -> attributes [ 'objectClass' ][ 0 ] = 'shadowAccount' ;
}
// Variables
// This variable contains all inetOrgPerson attributes
var $attributes ;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig ;
2004-07-04 15:18:53 +00:00
/** regular expression for numeric values */
var $regex_number = '^([0-9])*$' ;
/** regular expression for shasowInactive */
var $regex_inactive = '^(([-][1])|([0-9]*))$' ;
/** list of possible error messages */
var $messages = array ();
2003-12-30 15:36:30 +00:00
2003-12-20 19:24:01 +00:00
function module_ready () {
return true ;
}
2004-02-09 18:11:01 +00:00
/* This functions return true
* if all needed settings are done
*/
function module_complete () {
if ( ! $this -> module_ready ()) return false ;
return true ;
}
2003-12-30 15:36:30 +00:00
/* This function returns a list of all html - pages in module
* This is usefull for mass upload and pdf - files
* because lam can walk trough all pages itself and do some
* error checkings
2003-12-19 12:45:23 +00:00
*/
2003-12-30 15:36:30 +00:00
function pages () {
return array ( 'attributes' );
2003-12-19 12:45:23 +00:00
}
2004-01-27 19:07:31 +00:00
/*
*/
2004-09-08 18:26:00 +00:00
/* function get_help ( $id ) {
2004-01-27 19:07:31 +00:00
switch ( $id ) {
2004-09-08 17:39:06 +00:00
case 'shadowWarning' :
return array ( " ext " => " FALSE " , " Headline " => _ ( " Password warn " ), " Text " => _ ( " Days before password is to expire that user is warned of pending password expiration. If set value must be 0<. " ) . ' ' . _ ( " Can be left empty. " ));
break ;
case 'shadowInactive' :
return array ( " ext " => " FALSE " , " Headline " => _ ( " Password expire " ), " Text " => _ ( " Number of days a user can login even his password has expired. -1=always. " ) . ' ' . _ ( " Can be left empty. " ));
break ;
case 'shadowMin' :
return array ( " ext " => " FALSE " , " Headline " => _ ( " Minimum password age " ), " Text " => _ ( " Number of days a user has to wait until he \ 's allowed to change his password again. If set value must be 0<. " ) . ' ' . _ ( " Can be left empty. " ));
break ;
case 'shadowMax' :
return array ( " ext " => " FALSE " , " Headline " => _ ( " Maximum password age " ), " Text " => _ ( " Number of days after a user has to change his password again. If set value must be 0<. " ) . ' ' . _ ( " Can be left empty. " ));
break ;
case 'shadowExpire' :
return array ( " ext " => " FALSE " , " Headline " => _ ( " Expire date " ), " Text " => _ ( " Account expire date. Format: DD-MM-YYYY " ));
2004-01-27 19:07:31 +00:00
break ;
}
2004-09-08 17:39:06 +00:00
return false ;
2004-09-08 18:26:00 +00:00
} */
2004-01-27 19:07:31 +00:00
2003-12-30 15:36:30 +00:00
/* This function returns all ldap attributes
* which are part of shadowAccount and returns
* also their values .
*/
function get_attributes () {
return $this -> attributes ;
}
2003-12-19 12:45:23 +00:00
/* This function loads all attributes into the object
* $attr is an array as it ' s retured from ldap_get_attributes
*/
function load_attributes ( $attr ) {
// Load attributes which are displayed
// unset count entries
unset ( $attr [ 'count' ]);
$attributes = array_keys ( $attr );
foreach ( $attributes as $attribute ) unset ( $attr [ $attribute ][ 'count' ]);
// unset double entries
for ( $i = 0 ; $i < count ( $attr ); $i ++ )
if ( isset ( $attr [ $i ])) unset ( $attr [ $i ]);
foreach ( $attributes as $attribute ) {
if ( isset ( $this -> attributes [ $attribute ])) {
// decode as unicode
$this -> attributes [ $attribute ] = $attr [ $attribute ];
2003-12-30 17:09:15 +00:00
for ( $i = 0 ; $i < count ( $this -> attributes [ $attribute ]); $i ++ ) {
$this -> attributes [ $attribute ][ $i ] = utf8_decode ( $this -> attributes [ $attribute ][ $i ]);
$this -> orig [ $attribute ][ $i ] = utf8_decode ( $this -> attributes [ $attribute ][ $i ]);
}
2003-12-19 12:45:23 +00:00
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this -> attributes [ 'objectClass' ][ 0 ] = 'shadowAccount' ;
}
/* This function returns an array with 3 entries :
* array ( DN1 ( 'add' => array ( $attr ), 'remove' => array ( $attr ), 'modify' => array ( $attr )), DN2 .... )
* DN is the DN to change . It may be possible to change several DNs ,
* e . g . create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes () {
2003-12-20 19:24:01 +00:00
$return = $_SESSION [ $this -> base ] -> save_module_attributes ( $this -> attributes , $this -> orig );
2003-12-19 12:45:23 +00:00
// Set shadowLastchange manual.
2003-12-21 14:52:23 +00:00
if (( $_SESSION [ $this -> base ] -> module [ 'posixAccount' ] -> orig [ 'userPassword' ][ 0 ] != $_SESSION [ $this -> base ] -> module [ 'posixAccount' ] -> attributes [ 'userPassword' ][ 0 ] && $_SESSION [ $this -> base ] -> module [ 'posixAccount' ] -> userPassword () != '' ) || $_SESSION [ $this -> base ] -> module [ 'posixAccount' ] -> userPassword_no )
2003-12-20 21:42:52 +00:00
$return [ $_SESSION [ $this -> base ] -> dn ][ 'modify' ][ 'shadowLastChange' ] = array ( intval ( time () / 3600 / 24 ));
2003-12-19 12:45:23 +00:00
return $return ;
}
2003-12-30 15:36:30 +00:00
function delete_attributes ( $post ) {
2004-01-10 11:47:48 +00:00
return 0 ;
2003-12-30 15:36:30 +00:00
}
2003-12-19 12:45:23 +00:00
2003-12-30 15:36:30 +00:00
/* Write variables into object and do some regexp checks
2003-12-19 12:45:23 +00:00
*/
2004-01-27 19:07:31 +00:00
function proccess_attributes ( $post , $profile = false ) {
2003-12-30 15:36:30 +00:00
// Load attributes
$this -> attributes [ 'shadowMin' ][ 0 ] = $post [ 'shadowMin' ];
$this -> attributes [ 'shadowMax' ][ 0 ] = $post [ 'shadowMax' ];
$this -> attributes [ 'shadowWarning' ][ 0 ] = $post [ 'shadowWarning' ];
$this -> attributes [ 'shadowInactive' ][ 0 ] = $post [ 'shadowInactive' ];
$this -> attributes [ 'shadowExpire' ][ 0 ] = intval ( mktime ( 10 , 0 , 0 , $post [ 'shadowExpire_mon' ],
$post [ 'shadowExpire_day' ], $post [ 'shadowExpire_yea' ]) / 3600 / 24 );
2004-07-04 15:18:53 +00:00
if ( ! ereg ( $this -> regex_number , $this -> attributes [ 'shadowMin' ][ 0 ])) $errors [ 'shadowMin' ][] = $this -> messages [ 'shadowMin' ];
if ( ! ereg ( $this -> regex_number , $this -> attributes [ 'shadowMax' ][ 0 ])) $errors [ 'shadowMax' ][] = $this -> messages [ 'shadowMax' ];
if ( $this -> attributes [ 'shadowMin' ][ 0 ] > $this -> attributes [ 'shadowMax' ][ 0 ]) $errors [ 'shadowMin' ][] = $this -> messages [ 'shadow_cmp' ];
if ( ! ereg ( $this -> regex_inactive , $this -> attributes [ 'shadowInactive' ][ 0 ])) $errors [ 'shadowInactive' ][] = $this -> messages [ 'inactive' ];
if ( ! ereg ( $this -> regex_number , $this -> attributes [ 'shadowWarning' ][ 0 ])) $errors [ 'shadowWarning' ][] = $this -> messages [ 'shadowWarning' ];
2003-12-30 15:36:30 +00:00
if ( is_array ( $errors )) return $errors ;
return 0 ;
2003-12-19 12:45:23 +00:00
}
/* This function will create the html - page
* to show a page with all attributes .
* It will output a complete html - table
*/
2004-01-27 19:07:31 +00:00
function display_html_attributes ( $post , $profile = false ) {
2003-12-19 12:45:23 +00:00
// Use dd-mm-yyyy format of date because it's easier to read for humans
$date = getdate ( $this -> attributes [ 'shadowExpire' ][ 0 ] * 3600 * 24 );
2004-01-27 19:07:31 +00:00
$return [] = array ( 0 => array ( 'kind' => 'text' , 'text' => _ ( 'Password warn' ) ),
1 => array ( 'kind' => 'input' , 'name' => 'shadowWarning' , 'type' => 'text' , 'size' => '4' , 'maxlength' => '4' , 'value' => $this -> attributes [ 'shadowWarning' ][ 0 ] ),
2 => array ( 'kind' => 'help' , 'value' => 'shadowWarning' ));
$return [] = array ( 0 => array ( 'kind' => 'text' , 'text' => _ ( 'Password expire' ) ),
1 => array ( 'kind' => 'input' , 'name' => 'shadowInactive' , 'type' => 'text' , 'size' => '4' , 'maxlength' => '4' , 'value' => $this -> attributes [ 'shadowInactive' ][ 0 ] ),
2 => array ( 'kind' => 'help' , 'value' => 'shadowInactive' ));
$return [] = array ( 0 => array ( 'kind' => 'text' , 'text' => _ ( 'Minimum password age' ) ),
1 => array ( 'kind' => 'input' , 'name' => 'shadowMin' , 'type' => 'text' , 'size' => '5' , 'maxlength' => '5' , 'value' => $this -> attributes [ 'shadowMin' ][ 0 ] ),
2 => array ( 'kind' => 'help' , 'value' => 'shadowMin' ));
2004-07-04 15:18:53 +00:00
$return [] = array ( 0 => array ( 'kind' => 'text' , 'text' => _ ( 'Maximum password age' ) ),
1 => array ( 'kind' => 'input' , 'name' => 'shadowMax' , 'type' => 'text' , 'size' => '5' , 'maxlength' => '5' , 'value' => $this -> attributes [ 'shadowMax' ][ 0 ] ),
2 => array ( 'kind' => 'help' , 'value' => 'shadowMax' ));
2004-01-27 19:07:31 +00:00
for ( $i = 1 ; $i <= 31 ; $i ++ ) $mday [] = $i ;
for ( $i = 1 ; $i <= 12 ; $i ++ ) $mon [] = $i ;
for ( $i = 2003 ; $i <= 2030 ; $i ++ ) $year [] = $i ;
$return [] = array ( 0 => array ( 'kind' => 'text' , 'text' => _ ( 'Expire day' ) ),
1 => array ( 'kind' => 'table' , 'value' => array ( 0 => array ( 0 => array ( 'kind' => 'select' , 'name' => 'shadowExpire_day' ,
'options' => $mday , 'options_selectd' => $date [ 'mday' ]),
1 => array ( 'kind' => 'select' , 'name' => 'shadowExpire_mon' ,
'options' => $mon , 'options_selectd' => $date [ 'mon' ]),
2 => array ( 'kind' => 'select' , 'name' => 'shadowExpire_yea' ,
'options' => $year , 'options_selectd' => $date [ 'year' ])))),
2 => array ( 'kind' => 'help' , 'value' => 'shadowExpire' ));
return $return ;
2003-12-19 12:45:23 +00:00
}
2003-12-30 15:36:30 +00:00
function display_html_delete ( $post ) {
return 0 ;
}
2003-12-19 12:45:23 +00:00
2004-08-17 15:16:17 +00:00
/*
* ( non - PHPDoc )
* @ see baseModule #get_pdfEntries
*/
2004-05-29 19:20:28 +00:00
function get_pdfEntries ( $account_type = " user " ) {
return array ( 'shadowAccount_shadowLastChange' => array ( '<block><key>' . _ ( 'Last shadow password change' ) . '</key><value>' . $this -> attributes [ 'shadowLastChange' ][ 0 ] . '</value></block>' ),
'shadowAccount_shadowWarning' => array ( '<block><key>' . _ ( 'Password warn' ) . '</key><value>' . $this -> attributes [ 'shadowWarn' ][ 0 ] . '</value><block>' ),
'shadowAccount_shadowInactive' => array ( '<block><key>' . _ ( 'Account inactive' ) . '</key><value>' . $this -> attributes [ 'shadowInactive' ][ 0 ] . '</value></block>' ),
'shadowAccount_shadowExpire' => array ( '<block><key>' . _ ( 'Password expire' ) . '</key><value>' . date ( 'd. m. Y' , $this -> attributes [ 'shadowExpire' ][ 0 ]) . '</value></block>' ),
'shadowAccount_shadowFlag' => array ( '<block><key>' . _ ( 'Shadow flag' ) . '</key><value>' . $this -> attributes [ 'shadowFlag' ][ 0 ] . '</value></bock>' ),
'shadowAccount_description' => array ( '<block><key>' . _ ( 'Description' ) . '</key><value>' . $this -> attributes [ 'description' ][ 0 ] . '</value></block>' ));
2004-05-24 21:39:57 +00:00
}
2004-03-14 17:33:05 +00:00
2004-03-09 12:03:39 +00:00
}
2003-12-19 12:45:23 +00:00
?>