WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
LDAPAccountManager/lam/lib/modules/posixAccount.inc

3465 lines
142 KiB
PHP
Raw Normal View History

added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
<?php
/*
added basic upload functions
2004-10-16 14:28:06 +00:00
$Id$
removed $post parameter
2006-08-13 12:58:19 +00:00
new homepage
2009-10-27 18:47:12 +00:00
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright updates
2006-03-03 17:30:35 +00:00
Copyright (C) 2003 - 2006 Tilo Lutz
support K5KEY
2016-01-02 12:16:14 +00:00
Copyright (C) 2005 - 2016 Roland Gruber
removed $post parameter
2006-08-13 12:58:19 +00:00
added basic upload functions
2004-10-16 14:28:06 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
removed $post parameter
2006-08-13 12:58:19 +00:00
added basic upload functions
2004-10-16 14:28:06 +00:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
removed $post parameter
2006-08-13 12:58:19 +00:00
added basic upload functions
2004-10-16 14:28:06 +00:00
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
*/
PHPDoc updates
2005-07-21 10:33:02 +00:00
/**
* Manages Unix accounts for users and hosts.
*
* @package modules
*
* @author Tilo Lutz
* @author Roland Gruber
* @author Michael Duergner
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
* @author Thomas Manninger
PHPDoc updates
2005-07-21 10:33:02 +00:00
*/
/**
* Manages the object class "posixAccount" for users and hosts.
*
* @package modules
*/
first step for adding central password service
2009-10-08 20:16:02 +00:00
class posixAccount extends baseModule implements passwordService {
all modules now extend the baseModule, implemented meta data for is_base_module()
2004-06-08 18:54:37 +00:00
changed Unix password management
2006-09-03 12:41:22 +00:00
// Variables
PHPDoc update
2012-07-15 12:05:47 +00:00
/** delimiter for lamdaemon commands */
support users and groups with spaces in their name
2009-12-12 17:22:14 +00:00
private static $SPLIT_DELIMITER = "###x##y##x###";
responsive self service
2015-08-09 07:22:01 +00:00
changed Unix password management
2006-09-03 12:41:22 +00:00
/* These two variables keep an array of groups the user is also member of. */
PHPDoc update
2012-07-15 12:05:47 +00:00
/** current group list */
changed to public/private
2007-10-13 17:28:37 +00:00
private $groups;
PHPDoc update
2012-07-15 12:05:47 +00:00
/** original group list */
changed to public/private
2007-10-13 17:28:37 +00:00
private $groups_orig;
use less cache functions
2009-11-26 10:48:05 +00:00
manage group of names
2011-10-06 20:03:45 +00:00
/* list of group of names that the user is member of */
PHPDoc update
2012-07-15 12:05:47 +00:00
/** current group of names list */
fixed postModify
2011-12-14 19:11:33 +00:00
private $gonList = array();
PHPDoc update
2012-07-15 12:05:47 +00:00
/** original group of names list */
fixed postModify
2011-12-14 19:11:33 +00:00
private $gonList_orig = array();
PHPDoc update
2012-07-15 12:05:47 +00:00
/** lamdaemon servers */
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
private $lamdaemonServers = array();
PHPDoc update
2012-07-15 12:05:47 +00:00
/** cache for group objects */
use less cache functions
2009-11-26 10:48:05 +00:00
private $groupCache = null;
PHPDoc update
2012-07-15 12:05:47 +00:00
/** cache for group of names objects */
manage group of names
2011-10-06 20:03:45 +00:00
private $gonCache = null;
PHPDoc update
2012-07-15 12:05:47 +00:00
/** clear text password */
readded support for user password in PDF
2010-03-08 18:26:06 +00:00
private $clearTextPassword;
replaced caching
2010-11-23 21:12:13 +00:00
/** caches the list of known UIDs */
private $cachedUIDList = null;
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
/** caches the list of known user names */
private $cachedUserNameList = null;
responsive self service
2015-08-09 07:22:01 +00:00
suggested user names must be in lower case, replace umlauts
2013-06-17 18:38:42 +00:00
/** replacements for common umlauts */
private $umlautReplacements = array(
'ä' => 'ae', 'Ä' => 'Ae', 'ö' => 'oe', 'Ö' => 'Oe', 'ü' => 'ue', 'Ü' => 'Ue',
'ß' => 'ss', 'é' => 'e', 'è' => 'e', 'ô' => 'o', 'ç' => 'c'
);
changed Unix password management
2006-09-03 12:41:22 +00:00
support Samba 4
2013-08-18 12:24:53 +00:00
/**
* Creates a new windowsPosixGroup object.
*
* @param string $scope account type (user, group, host)
*/
public function __construct($scope) {
// call parent constructor
parent::__construct($scope);
// make optional if needed
optional posixAccount object class
2016-05-09 18:10:14 +00:00
$this->autoAddObjectClasses = !$this->isOptional() && !$this->skipObjectClass();
support Samba 4
2013-08-18 12:24:53 +00:00
}
responsive self service
2015-08-09 07:22:01 +00:00
fixed error handling
2006-05-18 08:50:51 +00:00
/**
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
* This function fills the error message array with messages.
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
**/
function load_Messages() {
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
// error messages for input checks
$this->messages['minUID'][0] = array('ERROR', _('Users') . ': &nbsp;' . _('Minimum UID number'), _("Minimum UID number is invalid!"));
$this->messages['maxUID'][0] = array('ERROR', _('Users') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number is invalid!"));
$this->messages['minMachine'][0] = array('ERROR', _('Hosts') . ': &nbsp;' . _('Minimum UID number'), _("Minimum UID number is invalid!"));
$this->messages['maxMachine'][0] = array('ERROR', _('Hosts') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number is invalid!"));
$this->messages['cmp_UID'][0] = array('ERROR', _('Users') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number must be greater than minimum UID number!"));
$this->messages['cmp_Machine'][0] = array('ERROR', _('Hosts') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number must be greater than minimum UID number!"));
translation update
2004-10-25 18:40:18 +00:00
$this->messages['cmp_both'][0] = array('ERROR', _('UID ranges for Unix accounts'), _("The UID ranges for users and hosts overlap! This is a problem because LAM uses the highest UID in use + 1 for new accounts. Please set the minimum UID to equal values or use independent ranges."));
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
$this->messages['homeDirectory'][0] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
$this->messages['homeDirectory'][1] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
added messages for upload
2004-10-17 18:29:39 +00:00
$this->messages['homeDirectory'][2] = array('ERROR', _('Account %s:') . ' posixAccount_homedir', _('Homedirectory contains invalid characters.'));
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
$this->messages['homeDirectory'][3] = array('INFO', _('Home directory'), _('Home directory changed. To keep home directory you have to run the following command as root: \'mv %s %s\''));
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
$this->messages['uidNumber'][1] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
$this->messages['uidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
$this->messages['uidNumber'][3] = array('ERROR', _('ID-Number'), _('ID is already in use'));
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
$this->messages['uidNumber'][4] = array('ERROR', _('Account %s:') . ' posixAccount_uid', _('UID must be a number. It has to be inside the UID range which is defined in your configuration profile.'));
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
$this->messages['uidNumber'][5] = array('INFO', _('UID number'), _('UID number has changed. To keep file ownership you have to run the following command as root: \'find / -uid %s -exec chown %s {} \;\''));
readded missing messages
2010-02-08 16:23:32 +00:00
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password fields.'));
allow §° in passwords
2013-01-13 10:40:47 +00:00
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are:') . ' a-z, A-Z, 0-9 and #*,.;:_-+!%&/|?{[()]}=@$ §°!');
$this->messages['userPassword'][4] = array('ERROR', _('Account %s:') . ' posixAccount_password', _('Password contains invalid characters. Valid characters are:') . ' a-z, A-Z, 0-9 and #*,.;:_-+!%&/|?{[()]}=@$ §°!');
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
$this->messages['uid'][0] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?'));
typo
2010-06-03 19:38:56 +00:00
$this->messages['uid'][1] = array('WARN', _('User name'), _('You are using capital letters. This can cause problems because Windows is not case-sensitive.'));
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
$this->messages['uid'][2] = array('ERROR', _('User name'), _('User name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
typo
2010-06-03 19:38:56 +00:00
$this->messages['uid'][3] = array('WARN', _('Host name'), _('You are using capital letters. This can cause problems because Windows is not case-sensitive.'));
moved host naming convention checks to Samba module
2009-02-01 16:24:37 +00:00
$this->messages['uid'][4] = array('ERROR', _('Host name'), _('Host name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
$this->messages['uid'][5] = array('WARN', _('User name'), _('User name in use. Selected next free user name.'));
$this->messages['uid'][6] = array('WARN', _('Host name'), _('Host name in use. Selected next free host name.'));
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
$this->messages['uid'][7] = array('ERROR', _('Account %s:') . ' posixAccount_userName', _('User name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
$this->messages['uid'][8] = array('ERROR', _('Account %s:') . ' posixAccount_hostName', _('Host name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
suggest free user name in file upload if already exists
2012-09-23 17:59:14 +00:00
$this->messages['uid'][9] = array('ERROR', _('Account %s:') . ' posixAccount_userName', _('User name already exists!') . ' ' . _('You might want to use %s instead of %s.'));
$this->messages['uid'][10] = array('ERROR', _('Account %s:') . ' posixAccount_hostName', _('Host name already exists!') . ' ' . _('You might want to use %s instead of %s.'));
added messages for upload
2004-10-17 18:29:39 +00:00
$this->messages['gidNumber'][0] = array('ERROR', _('Account %s:') . ' posixAccount_group', _('LAM was unable to find a group with this name!'));
$this->messages['gidNumber'][1] = array('ERROR', _('Account %s:') . ' posixAccount_group', _('This GID number is invalid! Please provide either a number or a group name.'));
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
$this->messages['gidNumber'][2] = array('INFO', _('GID number'), _('GID number has changed. To keep file ownership you have to run the following command as root: \'find / -gid %s -uid %s -exec chgrp %s {} \;\''));
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
$this->messages['gecos'][0] = array('ERROR', _('Account %s:') . ' posixAccount_gecos', _('This gecos value is invalid!'));
added messages for upload
2004-10-17 18:29:39 +00:00
$this->messages['shell'][0] = array('ERROR', _('Account %s:') . ' posixAccount_shell', _('This login shell is invalid!'));
fixed message
2010-08-15 16:22:50 +00:00
$this->messages['passwordDisabled'][0] = array('ERROR', _('Account %s:') . ' posixAccount_passwordDisabled', _('This value can only be "true" or "false".'));
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
$this->messages['cn'][0] = array('ERROR', _('Common name'), _('Please enter a valid common name!'));
typo
2013-11-09 13:25:45 +00:00
$this->messages['cn'][1] = array('ERROR', _('Account %s:') . ' posixAccount_cn', _('Please enter a valid common name!'));
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
$this->messages['sambaIDPoolDN'][0] = array('ERROR', _('Samba ID pool DN'), _('This is not a valid DN!'));
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
$this->messages['windowsIDPoolDN'][0] = array('ERROR', _('Windows domain info DN'), _('This is not a valid DN!'));
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
}
made can_manage() abstract in baseModule to save memory
2014-04-20 13:00:42 +00:00
/**
* Returns true if this module can manage accounts of the current type, otherwise false.
responsive self service
2015-08-09 07:22:01 +00:00
*
made can_manage() abstract in baseModule to save memory
2014-04-20 13:00:42 +00:00
* @return boolean true if module fits
*/
public function can_manage() {
return in_array($this->get_scope(), array('user', 'host'));
}
all modules now extend the baseModule, implemented meta data for is_base_module()
2004-06-08 18:54:37 +00:00
/**
* Returns meta data that is interpreted by parent class
*
* @return array array with meta data
responsive self service
2015-08-09 07:22:01 +00:00
*
documented meta data in PHPDoc
2008-02-03 14:28:28 +00:00
* @see baseModule::get_metaData()
all modules now extend the baseModule, implemented meta data for is_base_module()
2004-06-08 18:54:37 +00:00
*/
function get_metaData() {
$return = array();
added icons for modules
2007-11-19 18:42:03 +00:00
// icon
$return['icon'] = 'tux.png';
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
// user specific data
all modules now extend the baseModule, implemented meta data for is_base_module()
2004-06-08 18:54:37 +00:00
if ($this->get_scope() == "user") {
added meta data for get_ldap_filter()
2004-06-11 15:44:49 +00:00
// LDAP filter
$return["ldap_filter"] = array('or' => "(objectClass=posixAccount)", 'and' => "(!(uid=*$))");
moved dependencies to meta data
2004-06-20 17:32:02 +00:00
// module dependencies
fixed unneeded dependencies
2005-04-04 15:57:35 +00:00
$return['dependencies'] = array('depends' => array(), 'conflicts' => array());
moved dependencies to meta data
2004-06-20 17:32:02 +00:00
}
elseif ($this->get_scope() == "host") {
fixed LDAP filter for account lists
2009-10-06 17:00:43 +00:00
// LDAP filter
$return["ldap_filter"] = array('or' => "(objectClass=posixAccount)");
moved dependencies to meta data
2004-06-20 17:32:02 +00:00
// module dependencies
fixed unneeded dependencies
2005-04-04 15:57:35 +00:00
$return['dependencies'] = array('depends' => array(), 'conflicts' => array());
all modules now extend the baseModule, implemented meta data for is_base_module()
2004-06-08 18:54:37 +00:00
}
moved get_alias() to baseModule
2004-06-14 16:05:36 +00:00
// alias name
$return["alias"] = _("Unix");
added getRDNAttributes()
2004-10-06 18:17:22 +00:00
// RDN attributes
allow uid as RDN attribute for inetOrgPerson
2007-07-03 15:43:52 +00:00
$return["RDN"] = array("uid" => "high", "cn" => "low");
added fix for wrong spelled object classes
2006-04-05 15:48:27 +00:00
// managed object classes
$return['objectClasses'] = array('posixAccount');
added alias handling
2006-05-01 16:13:10 +00:00
// LDAP aliases
added userid alias
2006-05-01 16:18:16 +00:00
$return['LDAPaliases'] = array('commonName' => 'cn', 'userid' => 'uid');
new attribute loading mechanism
2006-05-13 08:55:31 +00:00
// managed attributes
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$return['attributes'] = array('uid', 'uidNumber', 'gidNumber', $this->getHomedirAttrName(),
$this->getPasswordAttrName(), 'loginShell', 'gecos', 'INFO.userPasswordClearText');
support Samba 4
2013-08-18 12:24:53 +00:00
if ($this->manageCn()) {
$return['attributes'][] = 'cn';
}
no self service for hosts
2006-08-03 18:01:34 +00:00
if ($this->get_scope() == "user") {
// self service search attributes
$return['selfServiceSearchAttributes'] = array('uid');
// self service field settings
Allow to sync Unix password with Windows password
2016-06-26 08:15:45 +00:00
$return['selfServiceFieldSettings'] = array(
'password' => _('Password'),
'cn' => _('Common name'),
'loginShell' => _('Login shell'),
'syncWindowsPassword' => _('Sync Unix password with Windows password')
);
read only fields for self service
2012-08-18 15:55:43 +00:00
// possible self service read-only fields
$return['selfServiceReadOnlyFields'] = array('cn', 'loginShell');
added config options for self service
2006-11-21 17:37:12 +00:00
// self service configuration settings
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$selfServiceContainer = new htmlTable();
support CRYPT-SHA512
2012-08-26 17:54:31 +00:00
$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
changes in self service
2011-03-23 17:52:45 +00:00
array('SSHA'), _("Password hash type")));
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
$selfServiceContainer->addElement(new htmlHelpLink('pwdHash', get_class($this)), true);
$selfServiceContainer->addElement(new htmlTableExtendedInputTextarea('posixAccount_shells', implode("\r\n", $this->getShells()), 30, 4, _('Login shells')));
$loginShellsHelp = new htmlHelpLink('loginShells', get_class($this));
$loginShellsHelp->alignment = htmlElement::ALIGN_TOP;
$selfServiceContainer->addElement($loginShellsHelp, true);
revert PHP version
2015-05-19 18:18:01 +00:00
if (version_compare(phpversion(), '5.4.26') >= 0) {
$selfServiceContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_useOldPwd', false, _('Password change with old password')));
$selfServiceContainer->addElement(new htmlHelpLink('useOldPwd', get_class($this)), true);
}
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return['selfServiceSettings'] = $selfServiceContainer;
no self service for hosts
2006-08-03 18:01:34 +00:00
}
added syntax check for profiles
2004-07-02 16:09:44 +00:00
// profile checks
implemented profile loading
2005-01-16 12:41:38 +00:00
$return['profile_checks']['posixAccount_homeDirectory'] = array('type' => 'ext_preg', 'regex' => 'homeDirectory',
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
'error_message' => $this->messages['homeDirectory'][0]);
implemented profile loading
2005-01-16 12:41:38 +00:00
// profile mappings
$return['profile_mappings'] = array(
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
'posixAccount_homeDirectory' => $this->getHomedirAttrName(),
implemented profile loading
2005-01-16 12:41:38 +00:00
'posixAccount_loginShell' => 'loginShell'
);
added basic upload functions
2004-10-16 14:28:06 +00:00
// upload
$return['upload_preDepends'] = array('inetOrgPerson');
// user specific upload options
added isLoggedIn()
2014-10-25 19:17:53 +00:00
if (($this->get_scope() == 'user') && isLoggedIn()) {
added basic upload functions
2004-10-16 14:28:06 +00:00
$return['upload_columns'] = array(
array(
'name' => 'posixAccount_userName',
'description' => _('User name'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'uid',
added basic upload functions
2004-10-16 14:28:06 +00:00
'example' => _('smiller'),
'required' => true,
'unique' => true
),
array(
'name' => 'posixAccount_uid',
'description' => _('UID number'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'uidNumber',
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
'example' => '1234'
added basic upload functions
2004-10-16 14:28:06 +00:00
),
array(
'name' => 'posixAccount_group',
'description' => _('Primary group'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'group_upload',
added basic upload functions
2004-10-16 14:28:06 +00:00
'example' => _('users'),
'required' => true
),
array(
'name' => 'posixAccount_additionalGroups',
'description' => _('Additional groups'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'addgroup_upload',
added basic upload functions
2004-10-16 14:28:06 +00:00
'example' => _('group01,group02')
),
array(
'name' => 'posixAccount_homedir',
'description' => _('Home directory'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'homeDirectory_upload',
added basic upload functions
2004-10-16 14:28:06 +00:00
'example' => _('/home/smiller'),
fix for upload
2010-12-05 13:29:53 +00:00
'default' => '/home/{posixAccount_userName}'
added basic upload functions
2004-10-16 14:28:06 +00:00
),
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
array(
'name' => 'posixAccount_createHomeDir',
'description' => _('Create home directory'),
'help' => 'createhomedir',
'example' => 'localhost',
'values' => $_SESSION['config']->get_scriptServers()
),
added basic upload functions
2004-10-16 14:28:06 +00:00
array(
'name' => 'posixAccount_shell',
'description' => _('Login shell'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'loginShell',
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
'example' => '/bin/bash',
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
'values' => implode(", ", $this->getShells()),
added basic upload functions
2004-10-16 14:28:06 +00:00
'default' => '/bin/bash'
),
array(
'name' => 'posixAccount_password',
'description' => _('Password'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'userPassword',
added basic upload functions
2004-10-16 14:28:06 +00:00
'example' => _('secret')
),
array(
'name' => 'posixAccount_passwordDisabled',
'description' => _('Lock password'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'userPassword_lock',
translation update
2004-10-24 20:36:02 +00:00
'example' => 'false',
added basic upload functions
2004-10-16 14:28:06 +00:00
'values' => 'true, false',
'default' => 'false'
),
);
support Samba 4
2013-08-18 12:24:53 +00:00
if ($this->manageCn()) {
array_unshift($return['upload_columns'], array(
'name' => 'posixAccount_cn',
'description' => _('Common name'),
'help' => 'cn',
'example' => _('Steve Miller')
));
}
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
$return['upload_columns'][] = array(
'name' => 'posixAccount_gecos',
'description' => _('Gecos'),
'help' => 'gecos',
'example' => _('Steve Miller,Room 2.14,123-123-1234,123-123-1234')
);
}
quick (un)lock for users
2012-04-09 13:20:24 +00:00
if (self::areGroupOfNamesActive()) {
manage group of names
2011-10-06 20:03:45 +00:00
$return['upload_columns'][] = array(
'name' => 'posixAccount_gon',
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
'description' => _('Groups of names'),
manage group of names
2011-10-06 20:03:45 +00:00
'help' => 'addgroup_upload',
'example' => _('group01,group02')
);
}
added basic upload functions
2004-10-16 14:28:06 +00:00
}
// host specific upload options
more private class variables
2007-10-04 16:45:05 +00:00
elseif ($this->get_scope() == 'host') {
added basic upload functions
2004-10-16 14:28:06 +00:00
$return['upload_columns'] = array(
array(
'name' => 'posixAccount_hostName',
'description' => _('Host name'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'uid',
added basic upload functions
2004-10-16 14:28:06 +00:00
'example' => _('pc01$'),
'required' => true,
'unique' => true
),
array(
'name' => 'posixAccount_uid',
'description' => _('UID number'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'uidNumber',
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
'example' => '1234'
added basic upload functions
2004-10-16 14:28:06 +00:00
),
array(
'name' => 'posixAccount_group',
'description' => _('Primary group'),
fixed help entries
2005-06-02 20:30:18 +00:00
'help' => 'group_upload',
added basic upload functions
2004-10-16 14:28:06 +00:00
'example' => _('machines'),
'required' => true
),
);
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
$return['upload_columns'][] = array(
'name' => 'posixAccount_gecos',
'description' => _('Gecos'),
'help' => 'gecos',
'example' => _('pc01,Room 2.34')
responsive self service
2015-08-09 07:22:01 +00:00
);
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
}
added basic upload functions
2004-10-16 14:28:06 +00:00
}
PHPDoc coments added; refactored some things by using the meta array;
2004-08-17 15:16:17 +00:00
// available PDF fields
fixed host name labels
2013-03-16 17:12:00 +00:00
if ($this->get_scope() == 'host') {
$return['PDF_fields'] = array('uid' => _('Host name'));
}
else {
$return['PDF_fields'] = array('uid' => _('User name'));
}
$return['PDF_fields'] = array_merge($return['PDF_fields'], array(
implemented descriptive PDF fields
2010-04-05 12:38:23 +00:00
'uidNumber' => _('UID number'),
'gidNumber' => _('GID number'),
'primaryGroup' => _('Primary group'),
'additionalGroups' => _('Additional groups'),
'homeDirectory' => _('Home directory'),
'loginShell' => _('Login shell'),
'userPassword' => _('Password')
fixed host name labels
2013-03-16 17:12:00 +00:00
));
support Samba 4
2013-08-18 12:24:53 +00:00
if ($this->manageCn()) {
$return['PDF_fields']['cn'] = _('Common name');
}
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
$return['PDF_fields']['gecos'] = _('Gecos');
}
quick (un)lock for users
2012-04-09 13:20:24 +00:00
if (self::areGroupOfNamesActive()) {
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
$return['PDF_fields']['gon'] = _('Groups of names');
manage group of names
2011-10-06 20:03:45 +00:00
}
help added as this->meta info
2004-09-08 14:41:57 +00:00
// help Entries
added scope for config help entries, moved some Posix group entries to module
2004-10-02 18:45:11 +00:00
$return['help'] = array(
support Samba 4
2013-08-18 12:24:53 +00:00
'autoAdd' => array(
"Headline" => _("Automatically add this extension"),
"Text" => _("This will enable the extension automatically if this profile is loaded.")
),
added htmlAccordion and option to specify user name suggestion format
2013-03-24 18:39:08 +00:00
'userNameSuggestion' => array(
"Headline" => _("User name suggestion"),
"Text" => _("LAM will suggest a user name based on e.g. first and last name. Here you can specify the suggestion. %sn% will be replaced by the last name. @givenname@ will be replaced by the first character of first name. Only attributes of tab Personal may be used.")
. '<br>' . _('Common examples are "@givenname@%sn%" or "%givenname%.%sn%".')
),
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
'hiddenOptions' => array(
"Headline" => _("Hidden options"),
"Text" => _("The selected options will not be managed inside LAM. You can use this to reduce the number of displayed input fields.")
),
allow to add a user as memberuid in his primary group
2008-03-15 19:12:19 +00:00
'primaryGroupAsSecondary' => array(
'Headline' => _('Set primary group as memberUid'),
'Text' => _('Usually, users are not added to groups as memberUid if they have this group as primary group. If your application ignores primary groups then you can select this option to override this behaviour.')
),
*** empty log message ***
2004-10-30 16:46:06 +00:00
'minMaxUser' => array(
'Headline' => _('UID number'),
'Text' => _('These are the minimum and maximum numbers to use for user IDs when creating new user accounts. The range should be different from that of machines. New user accounts will always get the highest number in use plus one.')
),
'minMaxHost' => array(
'Headline' => _('UID number'),
moved host naming convention checks to Samba module
2009-02-01 16:24:37 +00:00
'Text' => _('These are the minimum and maximum numbers to use for machine IDs when creating new accounts for hosts. The range should be different from that of users. New host accounts will always get the highest number in use plus one.')
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'pwdHash' => array(
"Headline" => _("Password hash type"),
support CRYPT-SHA512
2012-08-26 17:54:31 +00:00
"Text" => _("LAM supports CRYPT, CRYPT-SHA512, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
support K5KEY
2016-01-02 12:16:14 +00:00
. ' ' . _('K5KEY is only needed if you use Kerberos with smbk5pwd.')
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'uidNumber' => array(
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("UID number"), 'attr' => 'uidNumber',
*** empty log message ***
2004-10-30 16:46:06 +00:00
"Text" => _("If empty UID number will be generated automaticly.")
),
fixed help entries
2005-06-02 20:30:18 +00:00
'group_upload' => array(
"Headline" => _("Primary group"),
"Text" => _("The primary group for this account. You can insert a GID number or a group name.")
),
'addgroup_upload' => array(
"Headline" => _("Additional groups"),
"Text" => _("Here you can enter a list of additional group memberships. The group names are separated by commas.")
),
'homeDirectory_upload' => array(
fixed help
2013-11-23 13:22:31 +00:00
"Headline" => _("Home directory"), 'attr' => $this->getHomedirAttrName(),
fixed help entries
2005-06-02 20:30:18 +00:00
"Text" => _("Please enter the path to the user's home directory.")
),
added missing help entry for deleting homedirs
2005-08-30 16:05:16 +00:00
'deletehomedir' => array(
"Headline" => _("Home directory"),
"Text" => _("Activating this checkbox will remove the user's home directory.")
),
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
'createhomedir' => array(
"Headline" => _("Home directory"),
"Text" => _("This will create the user's home directory on the specified server.")
),
clear sudo entries on delete
2014-01-14 18:08:13 +00:00
'deleteSudoers' => array(
"Headline" => _("Delete sudo rights"),
"Text" => _("Deletes the user from all existing sudo rights.")
),
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
'uidCheckSuffix' => array (
"Headline" => _("Suffix for UID/user name check"),
"Text" => _("LAM checks if the entered user name and UID are unique. Here you can enter the LDAP suffix that is used to search for duplicates. By default the account type suffix is used. You only need to change this if you use multiple server profiles with different OUs but need unique user names or UIDs.")
),
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
'loginShells' => array(
"Headline" => _("Login shells"),
"Text" => _("This is the list of valid login shells.")
),
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
'uidGenerator' => array (
"Headline" => _("UID generator"),
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
"Text" => _("LAM will automatically suggest UID/GID numbers. You can either use a fixed range of numbers or an LDAP entry with object class \"sambaUnixIdPool\" or \"msSFU30DomainInfo\".")
support magic numbers for UID/GID
2016-03-28 09:06:04 +00:00
. ' ' . _('Magic number will set a fixed value that must match your server configuration.')
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
),
'sambaIDPoolDN' => array (
"Headline" => _("Samba ID pool DN"),
"Text" => _("Please enter the DN of the LDAP entry with object class \"sambaUnixIdPool\".")
),
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
'windowsIDPoolDN' => array (
"Headline" => _("Windows domain info DN"),
"Text" => _("Please enter the DN of the LDAP entry with object class \"msSFU30DomainInfo\".")
),
support magic numbers for UID/GID
2016-03-28 09:06:04 +00:00
'magicNumber' => array(
"Headline" => _("Magic number"),
"Text" => _("Please enter the magic number you configured on server side.")
),
optional posixAccount object class
2016-05-09 18:10:14 +00:00
'noObjectClass' => array(
"Headline" => _("Do not add object class"),
"Text" => _("This will not add the posixAccount object class to the account.")
),
*** empty log message ***
2004-10-30 16:46:06 +00:00
'user' => array(
'uid' => array(
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("User name"), 'attr' => 'uid',
translation update
2012-03-10 19:43:57 +00:00
"Text" => _("User name of the user who should be created. Valid characters are: a-z,A-Z,0-9, @.-_. If user name is already used user name will be expanded with a number. The next free number will be used.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'gecos' => array(
"Headline" => _("Gecos"),
added auto value for GECOS in upload
2005-06-07 18:28:28 +00:00
"Text" => _("User description. If left empty first and last name will be used.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'gidNumber' => array(
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Primary group"), 'attr' => 'gidNumber',
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
"Text" => _("The primary group the user should be member of.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'homeDirectory' => array(
fixed help
2013-11-23 13:22:31 +00:00
"Headline" => _("Home directory"), 'attr' => $this->getHomedirAttrName(),
translation update
2009-12-08 21:29:19 +00:00
"Text" => _('$user and $group will be replaced with user name and primary group name.')
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
moved password fields to subpage (task #114875)
2005-05-03 14:46:06 +00:00
'userPassword' => array(
"Headline" => _("Password"),
"Text" => _("Please enter the password which you want to set for this account.")
),
fixed help entries
2005-06-02 20:30:18 +00:00
'userPassword_lock' => array(
"Headline" => _("Account deactivated"),
"Text" => _("If checked account will be deactivated by putting a \"!\" before the encrypted password.")
),
*** empty log message ***
2004-10-30 16:46:06 +00:00
'loginShell' => array(
"Headline" => _("Login shell"),
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
"Text" => _("To disable login use /bin/false.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'addgroup' => array(
"Headline" => _("Additional groups"),
"Text" => _("Hold the CTRL-key to (de)select multiple groups."). ' '. _("Can be left empty.")
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
),
'cn' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Common name"), 'attr' => 'cn',
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
"Text" => _("This is the natural name of the user. If empty, the first and last name or user name is used.")
support password change with old password
2015-03-01 16:48:25 +00:00
),
'useOldPwd' => array (
"Headline" => _('Password change with old password'),
"Text" => _('Sends the old password together with the new password when the user sets a new password.')
*** empty log message ***
2004-10-30 16:46:06 +00:00
)
),
'host' => array(
'uid' => array(
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Host name"), 'attr' => 'uid',
changed help, LAM already allows users/groups with number prefixes
2009-11-24 16:03:07 +00:00
"Text" => _("Host name of the host which should be created. Valid characters are: a-z,A-Z,0-9, .-_$. Host names are always ending with $. If last character is not $ it will be added. If host name is already used host name will be expanded with a number. The next free number will be used.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'gecos' => array(
"Headline" => _("Gecos"),
"Text" => _("Host description. If left empty host name will be used.")
),
'gidNumber' => array(
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Primary group"), 'attr' => 'gidNumber',
fixed help entries
2005-06-02 20:30:18 +00:00
"Text" => _("The primary group the host should be member of.")
),
'description' => array (
"Headline" => _("Description"),
"Text" => _("Host description. If left empty host name will be used.")
added missing help entries
2007-01-03 16:29:25 +00:00
),
'cn' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Common name"), 'attr' => 'cn',
added missing help entries
2007-01-03 16:29:25 +00:00
"Text" => _("This is the natural name of the host. If empty, the host name will be used.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
)
)
);
added scope for config help entries, moved some Posix group entries to module
2004-10-02 18:45:11 +00:00
all modules now extend the baseModule, implemented meta data for is_base_module()
2004-06-08 18:54:37 +00:00
return $return;
}
PhpDoc fixes
2007-11-03 14:17:19 +00:00
/**
* Initializes the module after it became part of an accountContainer
*
* @param string $base the name of the accountContainer object ($_SESSION[$base])
*/
all modules now extend the baseModule, implemented meta data for is_base_module()
2004-06-08 18:54:37 +00:00
function init($base) {
moved var $base to baseModule, added init() to baseModule, removed several checks from modules init() function
2004-09-01 20:53:06 +00:00
// call parent init
parent::init($base);
fixed additional group handling
2005-10-08 14:35:30 +00:00
$this->groups = array();
$this->groups_orig = array();
use less cache functions
2009-11-26 10:48:05 +00:00
$groups = $this->findGroups(); // list of all groupnames
better error handling if no Unix groups exist
2005-04-12 19:38:32 +00:00
if (count($groups)==0) {
StatusMessage("ERROR", _('No Unix groups found in LDAP! Please create one first.'), '');
return;
}
manage group of names
2011-10-06 20:03:45 +00:00
$this->gonList = array();
$this->gonList_orig = array();
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
changed Unix password management
2006-09-03 12:41:22 +00:00
/**
* This functions is used to check if all settings for this module have been made.
*
* @return boolean true, if settings are complete
fixed many little problems in modules. Too many to count. Added a new function to all modules
2004-02-09 18:11:01 +00:00
*/
function module_complete() {
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if (!$this->skipObjectClass() && (!isset($this->attributes['objectClass']) || !in_array('posixAccount', $this->attributes['objectClass']))) {
support Samba 4
2013-08-18 12:24:53 +00:00
// no checks if object class is not set
return true;
}
fixed some PHP notices
2007-10-05 18:09:49 +00:00
if (!isset($this->attributes['uid'][0]) || ($this->attributes['uid'][0] == '')) return false;
if (!isset($this->attributes['uidNumber'][0]) || ($this->attributes['uidNumber'][0] == '')) return false;
if (!isset($this->attributes['gidNumber'][0]) || ($this->attributes['gidNumber'][0] == '')) return false;
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
if (!isset($this->attributes[$this->getHomedirAttrName()][0]) || ($this->attributes[$this->getHomedirAttrName()][0] == '')) return false;
fixed some PHP notices
2007-10-05 18:09:49 +00:00
if (!isset($this->attributes['loginShell'][0]) || ($this->attributes['loginShell'][0] == '')) return false;
fixed many little problems in modules. Too many to count. Added a new function to all modules
2004-02-09 18:11:01 +00:00
return true;
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
new attribute loading mechanism
2006-05-13 08:55:31 +00:00
/**
* This function loads all needed LDAP attributes.
removed $post parameter
2006-08-13 12:58:19 +00:00
*
new attribute loading mechanism
2006-05-13 08:55:31 +00:00
* @param array $attr list of attributes
*/
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
function load_attributes($attr) {
replaced load_ldap_attributes with parent class function call
2005-04-16 13:41:17 +00:00
parent::load_attributes($attr);
use type filters when searching for groups (bug 165)
2014-02-26 20:02:50 +00:00
$typeSettings = $_SESSION['config']->get_typeSettings();
get group names by cn attribute, not DN
2005-09-04 16:53:43 +00:00
// get additional group memberships
use type filters when searching for groups (bug 165)
2014-02-26 20:02:50 +00:00
if (!isset($attr['uid'][0])) {
return;
}
$groupFilter = '(&(objectClass=posixGroup)(memberUid=' . $attr['uid'][0] . '))';
if (!empty($typeSettings['filter_group'])) {
$typeFilter = $typeSettings['filter_group'];
if (strpos($typeFilter, '(') !== 0) {
$typeFilter = '(' . $typeFilter . ')';
}
$groupFilter = '(&' . $groupFilter . $typeFilter . ')';
}
$groupList = searchLDAPByFilter($groupFilter, array('cn'), array('group'));
replaced caching
2010-11-23 21:12:13 +00:00
for ($i = 0; $i < sizeof($groupList); $i++) {
$this->groups[] = $groupList[$i]['cn'][0];
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
}
fixed additional group handling
2005-10-08 14:35:30 +00:00
$this->groups_orig = $this->groups;
manage group of names
2011-10-06 20:03:45 +00:00
// get additional group of names memberships
quick (un)lock for users
2012-04-09 13:20:24 +00:00
if (self::areGroupOfNamesActive()) {
use type filters when searching for groups (bug 165)
2014-02-26 20:02:50 +00:00
$types = array('gon', 'group');
$gonList = array();
foreach ($types as $type) {
support groupOfMembers
2015-05-23 13:34:08 +00:00
$gonFilter = '(|(&(objectClass=groupOfNames)(member=' . $this->getAccountContainer()->dn_orig . '))(&(objectClass=groupOfMembers)(member=' . $this->getAccountContainer()->dn_orig . '))(&(objectClass=groupOfUniqueNames)(uniqueMember=' . $this->getAccountContainer()->dn_orig . ')))';
use type filters when searching for groups (bug 165)
2014-02-26 20:02:50 +00:00
if (!empty($typeSettings['filter_' . $type])) {
$typeFilter = $typeSettings['filter_' . $type];
if (strpos($typeFilter, '(') !== 0) {
$typeFilter = '(' . $typeFilter . ')';
}
$gonFilter = '(&' . $gonFilter . $typeFilter . ')';
}
$gonListPart = searchLDAPByFilter($gonFilter, array('dn'), array($type));
$gonList = array_merge($gonList, $gonListPart);
}
manage group of names
2011-10-06 20:03:45 +00:00
$this->gonList_orig = array();
for ($i = 0; $i < sizeof($gonList); $i++) {
$this->gonList_orig[] = $gonList[$i]['dn'];
}
better logging
2013-04-11 17:40:34 +00:00
$this->gonList_orig = array_values(array_unique($this->gonList_orig));
manage group of names
2011-10-06 20:03:45 +00:00
$this->gonList = $this->gonList_orig;
}
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
changed Unix password management
2006-09-03 12:41:22 +00:00
/**
* Returns a list of modifications which have to be made to the LDAP account.
*
* @return array list of modifications
* <br>This function returns an array with 3 entries:
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
*/
function save_attributes() {
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if (!$this->skipObjectClass() && (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass']))) {
support Samba 4
2013-08-18 12:24:53 +00:00
// skip saving if the extension was not added/modified
return array();
}
support SASL as password hash
2015-02-11 16:57:38 +00:00
// get default changes
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
// add information about clear text password and password status change
refactored dn building code to fix problems with multiple RDN values
2011-10-15 09:46:13 +00:00
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordClearText'][0] = $this->clearTextPassword;
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$pwdAttrName = $this->getPasswordAttrName();
if (isset($this->orig[$pwdAttrName][0]) && isset($this->attributes[$pwdAttrName][0])) {
if ((pwd_is_enabled($this->orig[$pwdAttrName][0]) && pwd_is_enabled($this->attributes[$pwdAttrName][0]))
|| (!pwd_is_enabled($this->orig[$pwdAttrName][0]) && !pwd_is_enabled($this->attributes[$pwdAttrName][0]))) {
responsive self service
2015-08-09 07:22:01 +00:00
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'unchanged';
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
}
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
elseif (pwd_is_enabled($this->orig[$pwdAttrName][0])) {
refactored dn building code to fix problems with multiple RDN values
2011-10-15 09:46:13 +00:00
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'locked';
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
}
else {
refactored dn building code to fix problems with multiple RDN values
2011-10-15 09:46:13 +00:00
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'unlocked';
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
}
}
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if ($this->skipObjectClass() || in_array('posixAccount', $this->attributes['objectClass'])) {
support Samba 4
2013-08-18 12:24:53 +00:00
// Remove primary group from additional groups
if (!isset($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0])
|| ($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0] != 'true')) {
for ($i=0; $i<count($this->groups); $i++) {
if ($this->groups[$i] == $this->getGroupName($this->attributes['gidNumber'][0])) {
unset($this->groups[$i]);
}
use less cache functions
2009-11-26 10:48:05 +00:00
}
allow to add a user as memberuid in his primary group
2008-03-15 19:12:19 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
else {
// add user as memberuid in primary group
if (!in_array($this->getGroupName($this->attributes['gidNumber'][0]), $this->groups)) {
$this->groups[] = $this->getGroupName($this->attributes['gidNumber'][0]);
}
}
responsive self service
2015-08-09 07:22:01 +00:00
support Samba 4
2013-08-18 12:24:53 +00:00
// Set additional group memberships
if (isset($this->orig['uid'][0]) && ($this->orig['uid'][0] != '') && ($this->attributes['uid'][0] != $this->orig['uid'][0])) {
// find affected groups
$groupList = searchLDAPByAttribute('memberUid', $this->orig['uid'][0], 'posixGroup', array('dn'), array('group'));
for ($i = 0; $i < sizeof($groupList); $i++) {
// replace old user name with new one
$return[$groupList[$i]['dn']]['remove']['memberUid'][] = $this->orig['uid'][0];
$return[$groupList[$i]['dn']]['add']['memberUid'][] = $this->attributes['uid'][0];
}
}
else {
// update groups.
$add = array_delete($this->groups_orig, $this->groups);
$remove = array_delete($this->groups, $this->groups_orig);
$groupList = searchLDAPByAttribute('cn', '*', 'posixGroup', array('cn', 'dn'), array('group'));
$dn2cn = array();
for ($i = 0; $i < sizeof($groupList); $i++) {
$cn2dn[$groupList[$i]['cn'][0]] = $groupList[$i]['dn'];
}
for ($i = 0; $i < sizeof($add); $i++) {
if (isset($cn2dn[$add[$i]])) {
$return[$cn2dn[$add[$i]]]['add']['memberUid'][] = $this->attributes['uid'][0];
}
}
for ($i = 0; $i < sizeof($remove); $i++) {
if (isset($cn2dn[$remove[$i]])) {
$return[$cn2dn[$remove[$i]]]['remove']['memberUid'][] = $this->attributes['uid'][0];
}
}
allow to add a user as memberuid in his primary group
2008-03-15 19:12:19 +00:00
}
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
elseif (in_array('posixAccount', $this->orig['objectClass']) && !empty($this->orig['uid'][0])) {
// Unix extension was removed, clean group memberships
replaced caching
2010-11-23 21:12:13 +00:00
$groupList = searchLDAPByAttribute('memberUid', $this->orig['uid'][0], 'posixGroup', array('dn'), array('group'));
for ($i = 0; $i < sizeof($groupList); $i++) {
support Samba 4
2013-08-18 12:24:53 +00:00
// remove user name
replaced caching
2010-11-23 21:12:13 +00:00
$return[$groupList[$i]['dn']]['remove']['memberUid'][] = $this->orig['uid'][0];
added two new objects in account.inc for new modules
2003-12-12 00:51:23 +00:00
}
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
inetOrgPerson and posixAccount version should be near finish. Design may be improved. A small part of module-handling should work now.
2003-12-15 15:11:44 +00:00
return $return;
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
/**
PHPDoc update
2012-07-15 12:05:47 +00:00
* Runs the postmodify actions.
responsive self service
2015-08-09 07:22:01 +00:00
*
added $attributes argument to pre/postModifyActions
2009-05-21 16:33:50 +00:00
* @see baseModule::postModifyActions()
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
*
added $attributes argument to pre/postModifyActions
2009-05-21 16:33:50 +00:00
* @param boolean $newAccount
* @param array $attributes LDAP attributes of this entry
allow messages in postModifyActions()
2012-01-04 19:08:19 +00:00
* @return array array which contains status messages. Each entry is an array containing the status message parameters.
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
*/
added $attributes argument to pre/postModifyActions
2009-05-21 16:33:50 +00:00
public function postModifyActions($newAccount, $attributes) {
allow messages in postModifyActions()
2012-01-04 19:08:19 +00:00
$messages = array();
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
// create home directories if needed
if (sizeof($this->lamdaemonServers) > 0) {
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
$server = null;
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
$temp = explode(":", $lamdaemonServers[$i]);
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$server = $temp[0];
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
if (isset($temp[1])) {
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
if (!in_array($temp[1], $this->lamdaemonServers)) {
continue;
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
}
}
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
elseif (!in_array($temp[0], $this->lamdaemonServers)) {
continue;
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
}
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$result = lamdaemon(
implode(
support subclassing
2012-08-23 16:28:13 +00:00
self::$SPLIT_DELIMITER,
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
array(
$this->attributes['uid'][0],
"home",
"add",
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$this->attributes[$this->getHomedirAttrName()][0],
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
"0".$_SESSION['config']->get_scriptRights(),
$this->attributes['uidNumber'][0],
$this->attributes['gidNumber'][0])
),
$server);
// lamdaemon results
if (is_array($result)) {
$singleresult = explode(",", $result[0]);
if (($singleresult[0] == 'ERROR') || ($singleresult[0] == 'INFO') || ($singleresult[0] == 'WARN')) {
allow messages in postModifyActions()
2012-01-04 19:08:19 +00:00
$messages[] = $singleresult;
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
}
else {
allow messages in postModifyActions()
2012-01-04 19:08:19 +00:00
$messages[] = array('ERROR', $result[0]);
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
}
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
}
}
}
move homedir via lamdaemon
2014-05-22 19:26:10 +00:00
// move home directory if needed
if (!empty($this->orig[$this->getHomedirAttrName()][0]) && !empty($this->attributes[$this->getHomedirAttrName()][0])
&& ($this->orig[$this->getHomedirAttrName()][0] != $this->attributes[$this->getHomedirAttrName()][0])) {
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
if (empty($lamdaemonServers[$i])) {
continue;
}
$temp = explode(":", $lamdaemonServers[$i]);
$server = $temp[0];
$result = lamdaemon(
implode(
self::$SPLIT_DELIMITER,
array(
$this->attributes['uid'][0],
"home",
"move",
$this->orig[$this->getHomedirAttrName()][0],
$this->attributes['uidNumber'][0],
$this->attributes[$this->getHomedirAttrName()][0])
),
$server);
// lamdaemon results
if (is_array($result)) {
$singleresult = explode(",", $result[0]);
if (($singleresult[0] == 'ERROR') || ($singleresult[0] == 'INFO') || ($singleresult[0] == 'WARN')) {
$messages[] = $singleresult;
}
}
}
}
Lamdaemon: update group of home directory if user's primary group changes
2015-05-22 17:22:01 +00:00
// set new group on homedirectory
if (!empty($this->orig[$this->getHomedirAttrName()][0]) && !empty($this->attributes[$this->getHomedirAttrName()][0])
&& ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0])) {
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
if (empty($lamdaemonServers[$i])) {
continue;
}
$temp = explode(":", $lamdaemonServers[$i]);
$server = $temp[0];
$result = lamdaemon(
implode(
self::$SPLIT_DELIMITER,
array(
$this->attributes['uid'][0],
"home",
"chgrp",
$this->orig[$this->getHomedirAttrName()][0],
$this->attributes['uidNumber'][0],
$this->attributes['gidNumber'][0])
),
$server);
// lamdaemon results
if (is_array($result)) {
$singleresult = explode(",", $result[0]);
if (($singleresult[0] == 'ERROR') || ($singleresult[0] == 'INFO') || ($singleresult[0] == 'WARN')) {
$messages[] = $singleresult;
}
}
}
}
manage group of names
2011-10-06 20:03:45 +00:00
// set group of names
quick (un)lock for users
2012-04-09 13:20:24 +00:00
if (self::areGroupOfNamesActive()) {
manage group of names
2011-10-06 20:03:45 +00:00
$gons = $this->findGroupOfNames();
$toAdd = array_values(array_diff($this->gonList, $this->gonList_orig));
$toRem = array_values(array_diff($this->gonList_orig, $this->gonList));
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
update group of names entries if DN changes
2012-05-20 13:16:13 +00:00
// update groups if DN changed
if (isset($this->getAccountContainer()->dn_orig) && ($this->getAccountContainer()->dn_orig != $this->getAccountContainer()->finalDN)) {
added option to auto-sync with group of names
2015-06-07 16:52:16 +00:00
// update owner/member/uniqueMember attributes
update owner attribute on dn change
2013-05-24 18:30:30 +00:00
$types = $_SESSION['config']->get_ActiveTypes();
if (in_array('gon', $types)) {
$gonTypes[] = 'gon';
}
if (in_array('group', $types)) {
$gonTypes[] = 'group';
}
added option to auto-sync with group of names
2015-06-07 16:52:16 +00:00
$searchAttrs = array('member', 'uniqueMember', 'owner');
foreach ($searchAttrs as $searchAttr) {
$ownerGroups = searchLDAPByAttribute($searchAttr, $this->getAccountContainer()->dn_orig, null, array('dn', $searchAttr), $gonTypes);
for ($i = 0; $i < sizeof($ownerGroups); $i++) {
$found = false;
$newOwners = $ownerGroups[$i][$searchAttr];
for ($o = 0; $o < sizeof($newOwners); $o++) {
if ($newOwners[$o] == $this->getAccountContainer()->dn_orig) {
$newOwners[$o] = $this->getAccountContainer()->finalDN;
$found = true;
break;
}
update owner attribute on dn change
2013-05-24 18:30:30 +00:00
}
added option to auto-sync with group of names
2015-06-07 16:52:16 +00:00
if ($found) {
$success = @ldap_mod_replace($_SESSION['ldap']->server(), $ownerGroups[$i]['dn'], array($searchAttr => $newOwners));
if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $ownerGroups[$i]['dn'] . ' (' . ldap_error($_SESSION['ldap']->server())) . ').';
$messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $ownerGroups[$i]['dn']), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
}
update owner attribute on dn change
2013-05-24 18:30:30 +00:00
}
}
}
update group of names entries if DN changes
2012-05-20 13:16:13 +00:00
}
// add groups
manage group of names
2011-10-06 20:03:45 +00:00
for ($i = 0; $i < sizeof($toAdd); $i++) {
if (isset($gons[$toAdd[$i]])) {
$attrName = 'member';
if (in_array('groupOfUniqueNames', $gons[$toAdd[$i]]['objectclass'])) {
$attrName = 'uniqueMember';
}
$success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array($attrName => array($this->getAccountContainer()->finalDN)));
if (!$success) {
better LDAP error messages
2013-10-16 17:37:17 +00:00
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
manage group of names
2011-10-06 20:03:45 +00:00
}
better logging
2013-04-11 17:40:34 +00:00
else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]);
}
manage group of names
2011-10-06 20:03:45 +00:00
}
}
update group of names entries if DN changes
2012-05-20 13:16:13 +00:00
// remove groups
manage group of names
2011-10-06 20:03:45 +00:00
for ($i = 0; $i < sizeof($toRem); $i++) {
if (isset($gons[$toRem[$i]])) {
$attrName = 'member';
if (in_array('groupOfUniqueNames', $gons[$toRem[$i]]['objectclass'])) {
$attrName = 'uniqueMember';
}
$success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array($attrName => array($this->getAccountContainer()->dn_orig)));
if (!$success) {
better LDAP error messages
2013-10-16 17:37:17 +00:00
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . ').');
$messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
manage group of names
2011-10-06 20:03:45 +00:00
}
better logging
2013-04-11 17:40:34 +00:00
else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]);
}
manage group of names
2011-10-06 20:03:45 +00:00
}
}
}
allow messages in postModifyActions()
2012-01-04 19:08:19 +00:00
return $messages;
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
}
responsive self service
2015-08-09 07:22:01 +00:00
removed $post parameter
2006-08-13 12:58:19 +00:00
/**
* Additional LDAP operations on delete.
*
* @return List of LDAP operations, same as for save_attributes()
*/
function delete_attributes() {
improved support for config of modules
2003-12-30 15:36:30 +00:00
$return = array();
// remove memberUids if set
replaced caching
2010-11-23 21:12:13 +00:00
$groups = searchLDAPByAttribute('memberUid', $this->attributes['uid'][0], 'posixGroup', array('dn'), array('group'));
for ($i = 0; $i < sizeof($groups); $i++) {
$return[$groups[$i]['dn']]['remove']['memberUid'][] = $this->attributes['uid'][0];
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
delete group of names memberships
2013-01-09 20:11:14 +00:00
// remove from group of names
$dn = $this->getAccountContainer()->dn_orig;
$gonTypes = array('group');
$types = $_SESSION['config']->get_ActiveTypes();
if (in_array('gon', $types)) {
$gonTypes[] = 'gon';
}
$gons = searchLDAPByFilter('(|(member=' . $dn . ')(uniqueMember=' . $dn . '))', array('member', 'uniqueMember'), $gonTypes);
for ($i = 0; $i < sizeof($gons); $i++) {
if (isset($gons[$i]['member'])) {
$return[$gons[$i]['dn']]['remove']['member'][] = $dn;
}
elseif (isset($gons[$i]['uniquemember'])) {
$return[$gons[$i]['dn']]['remove']['uniqueMember'][] = $dn;
}
}
improved support for config of modules
2003-12-30 15:36:30 +00:00
return $return;
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
inetOrgPerson and posixAccount version should be near finish. Design may be improved. A small part of module-handling should work now.
2003-12-15 15:11:44 +00:00
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
/**
* Allows the module to run commands before the LDAP entry is deleted.
responsive self service
2015-08-09 07:22:01 +00:00
*
redirect to list after successful deletion
2010-11-26 20:16:14 +00:00
* @return array Array which contains status messages. Each entry is an array containing the status message parameters.
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
*/
function preDeleteActions() {
redirect to list after successful deletion
2010-11-26 20:16:14 +00:00
$return = array();
clear sudo entries on delete
2014-01-14 18:08:13 +00:00
// delete home directory
if (isset($_POST['deletehomedir']) && ($_POST['deletehomedir'] == 'on')) {
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
// get list of lamdaemon servers
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
$temp = explode(":", $lamdaemonServers[$i]);
$lamdaemonServers[$i] = $temp[0];
}
// try to delete directory on all servers
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
provide all data for homedirs via arguments
2010-08-30 20:04:21 +00:00
$result = lamdaemon(
implode(
support subclassing
2012-08-23 16:28:13 +00:00
self::$SPLIT_DELIMITER,
provide all data for homedirs via arguments
2010-08-30 20:04:21 +00:00
array(
$this->attributes['uid'][0],
"home",
"rem",
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$this->attributes[$this->getHomedirAttrName()][0],
provide all data for homedirs via arguments
2010-08-30 20:04:21 +00:00
$this->attributes['uidNumber'][0]
)
),
$lamdaemonServers[$i]);
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
// lamdaemon results
if (is_array($result)) {
foreach ($result as $singleresult) {
$singleresult = explode(",", $singleresult);
if (is_array($singleresult)) {
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
if (($singleresult[0] == 'ERROR') || ($singleresult[0] == 'WARN') || ($singleresult[0] == 'INFO')) {
redirect to list after successful deletion
2010-11-26 20:16:14 +00:00
$return[] = $singleresult;
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
}
}
}
}
}
}
clear sudo entries on delete
2014-01-14 18:08:13 +00:00
// delete sudo rights
if (isset($_POST['deleteSudoers']) && ($_POST['deleteSudoers'] == 'on')) {
$result = searchLDAPByAttribute('sudoUser', $this->attributes['uid'][0], 'sudoRole', array('dn'), array('sudo'));
foreach ($result as $attrs) {
$dn = $attrs['dn'];
$success = @ldap_mod_del($_SESSION['ldap']->server(), $dn, array('sudoUser' => array($this->attributes['uid'][0])));
if (!$success) {
$return[] = array('ERROR', getDefaultLDAPErrorString($_SESSION['ldap']->server()));
}
}
}
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
return $return;
}
responsive self service
2015-08-09 07:22:01 +00:00
no longer allow integer results from process_..., updated documentation
2005-09-07 12:58:34 +00:00
/**
* Processes user input of the primary module page.
* It checks if all input values are correct and updates the associated LDAP attributes.
*
* @return array list of info/error messages
improved support for config of modules
2003-12-30 15:36:30 +00:00
*/
removed $post parameter
2006-08-13 12:58:19 +00:00
function process_attributes() {
fixed error handling
2006-05-18 08:50:51 +00:00
$errors = array();
support Samba 4
2013-08-18 12:24:53 +00:00
if (isset($_POST['addObjectClass'])) {
if (!isset($this->attributes['objectClass'])) {
$this->attributes['objectClass'] = array();
}
if (!in_array('posixAccount', $this->attributes['objectClass'])) {
$this->attributes['objectClass'][] = 'posixAccount';
}
return $errors;
}
if (isset($_POST['remObjectClass'])) {
$this->attributes['objectClass'] = array_delete(array('posixAccount'), $this->attributes['objectClass']);
$attrs = $this->getManagedAttributes();
foreach ($attrs as $name) {
if (isset($this->attributes[$name])) {
unset($this->attributes[$name]);
}
}
return $errors;
}
// skip processing if object class is not set
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if ($this->isOptional() && !$this->skipObjectClass() && (!isset($this->attributes['objectClass']) || !in_array('posixAccount', $this->attributes['objectClass']))) {
support Samba 4
2013-08-18 12:24:53 +00:00
return $errors;
}
use less cache functions
2009-11-26 10:48:05 +00:00
$groups = $this->findGroups(); // list of all groupnames
better error handling if no Unix groups exist
2005-04-12 19:38:32 +00:00
if (count($groups)==0) {
use less cache functions
2009-11-26 10:48:05 +00:00
// abort if no groups were found
return array();
better error handling if no Unix groups exist
2005-04-12 19:38:32 +00:00
}
fixed wildcard replacement if user already existed
2011-05-22 17:19:14 +00:00
if (isset($_POST['loginShell'])) {
$this->attributes['loginShell'][0] = $_POST['loginShell'];
}
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
if (isset($_POST['gecos'])) $this->attributes['gecos'][0] = $_POST['gecos'];
}
trim some input fields to prevent copy+paste errors
2013-05-25 12:47:07 +00:00
if (isset($this->orig['uid'][0]) && ($this->orig['uid'][0] != '') && (trim($_POST['uid']) != $this->attributes['uid'][0])) {
removed grouping of error messages
2006-08-16 17:42:35 +00:00
$errors[] = $this->messages['uid'][0];
use less cache functions
2009-11-26 10:48:05 +00:00
}
fixed PHP notices
2010-07-23 11:08:57 +00:00
if (isset($this->orig['gidNumber'][0]) && ($this->orig['gidNumber'][0] != '') && ($_POST['gidNumber'] != $this->attributes['gidNumber'][0])) {
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
$errorMessage = $this->messages['gidNumber'][2];
$errorMessage[] = array($this->orig['gidNumber'][0], $this->orig['uidNumber'][0], $_POST['gidNumber']);
removed grouping of error messages
2006-08-16 17:42:35 +00:00
$errors[] = $errorMessage;
switch primary group in additional group memberships (RFE 108)
2013-10-23 17:26:00 +00:00
if ($this->isBooleanConfigOptionSet('posixAccount_primaryGroupAsSecondary') && !empty($this->attributes['gidNumber'][0])) {
// change primary group in $this->groups
$oldGroupName = $this->getGroupName($this->attributes['gidNumber'][0]);
$newGroupName = $this->getGroupName($_POST['gidNumber']);
if (!empty($oldGroupName) && !empty($newGroupName)) {
$this->groups = array_delete(array($oldGroupName), $this->groups);
$this->groups[] = $newGroupName;
}
}
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
}
trim some input fields to prevent copy+paste errors
2013-05-25 12:47:07 +00:00
if (isset($this->orig['uidNumber'][0]) && $this->orig['uidNumber'][0]!='' && trim($_POST['uidNumber'])!=$this->attributes['uidNumber'][0]) {
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
$errorMessage = $this->messages['uidNumber'][5];
$errorMessage[] = array($this->orig['uidNumber'][0], $_POST['uidNumber']);
removed grouping of error messages
2006-08-16 17:42:35 +00:00
$errors[] = $errorMessage;
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
}
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$homedirAttrName = $this->getHomedirAttrName();
if (isset($_POST['homeDirectory']) && isset($this->orig[$homedirAttrName][0]) && ($this->orig[$homedirAttrName][0] != '') && ($_POST['homeDirectory'] != $this->attributes[$homedirAttrName][0])) {
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
$errorMessage = $this->messages['homeDirectory'][3];
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$errorMessage[] = array($this->orig[$homedirAttrName][0], $_POST['homeDirectory']);
removed grouping of error messages
2006-08-16 17:42:35 +00:00
$errors[] = $errorMessage;
removed obsolete function dynamicMessage()
2006-08-15 16:32:33 +00:00
}
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
// get list of DNS names or IPs
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
$temp = explode(":", $lamdaemonServers[$i]);
if (isset($temp[1])) $lamdaemonServers[$i] = $temp[1];
else $lamdaemonServers[$i] = $temp[0];
}
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$this->lamdaemonServers = array();
for ($h = 0; $h < sizeof($lamdaemonServers); $h++) {
if (isset($_POST['createhomedir_' . $h]) && ($_POST['createhomedir_' . $h] = 'on')) {
$this->lamdaemonServers[] = $lamdaemonServers[$h];
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
}
}
fixed wildcard replacement if user already existed
2011-05-22 17:19:14 +00:00
if (isset($_POST['homeDirectory'])) {
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$this->attributes[$homedirAttrName][0] = $_POST['homeDirectory'];
fixed wildcard replacement if user already existed
2011-05-22 17:19:14 +00:00
}
fixed password handling in sambaAccount module changed error code handling
2004-10-16 19:51:36 +00:00
// Load attributes
use new meta HTML classes
2010-09-25 18:48:51 +00:00
if (isset($_POST['lockPassword'])) {
quick (un)lock for users
2012-04-09 13:20:24 +00:00
$this->lock();
changed Unix password management
2006-09-03 12:41:22 +00:00
}
use new meta HTML classes
2010-09-25 18:48:51 +00:00
if (isset($_POST['unlockPassword'])) {
quick (un)lock for users
2012-04-09 13:20:24 +00:00
$this->unlock();
changed Unix password management
2006-09-03 12:41:22 +00:00
}
use new meta HTML classes
2010-09-25 18:48:51 +00:00
if (isset($_POST['removePassword'])) {
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
unset($this->attributes[$this->getPasswordAttrName()]);
changed Unix password management
2006-09-03 12:41:22 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
if ($this->manageCn()) {
allow multiple cn values
2014-04-21 19:21:47 +00:00
$this->processMultiValueInputTextField('cn', $errors, 'cn');
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
}
trim some input fields to prevent copy+paste errors
2013-05-25 12:47:07 +00:00
$this->attributes['uidNumber'][0] = trim($_POST['uidNumber']);
use less cache functions
2009-11-26 10:48:05 +00:00
$this->attributes['gidNumber'][0] = $_POST['gidNumber'];
fixed check for uppercase user names (3416180)
2011-10-01 19:23:09 +00:00
if ($this->get_scope()=='user') {
if (($this->attributes['uid'][0] != $_POST['uid']) && !get_preg($_POST['uid'], '!upper')) {
$errors[] = $this->messages['uid'][1];
}
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
if ( !get_preg($this->attributes[$homedirAttrName][0], 'homeDirectory' )) {
fixed check for uppercase user names (3416180)
2011-10-01 19:23:09 +00:00
$errors[] = $this->messages['homeDirectory'][0];
}
}
trim some input fields to prevent copy+paste errors
2013-05-25 12:47:07 +00:00
$this->attributes['uid'][0] = trim($_POST['uid']);
fixed password handling in sambaAccount module changed error code handling
2004-10-16 19:51:36 +00:00
// Check if UID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber
more private class variables
2007-10-04 16:45:05 +00:00
if ($this->get_scope()=='user') {
fixed password handling in sambaAccount module changed error code handling
2004-10-16 19:51:36 +00:00
$minID = intval($this->moduleSettings['posixAccount_minUID'][0]);
$maxID = intval($this->moduleSettings['posixAccount_maxUID'][0]);
}
more private class variables
2007-10-04 16:45:05 +00:00
if ($this->get_scope()=='host') {
fixed password handling in sambaAccount module changed error code handling
2004-10-16 19:51:36 +00:00
$minID = intval($this->moduleSettings['posixAccount_minMachine'][0]);
$maxID = intval($this->moduleSettings['posixAccount_maxMachine'][0]);
}
replaced caching
2010-11-23 21:12:13 +00:00
$uids = $this->getUIDs();
fixed password handling in sambaAccount module changed error code handling
2004-10-16 19:51:36 +00:00
if ($this->attributes['uidNumber'][0]=='') {
// No id-number given
fixed PHP notices
2011-01-09 14:45:12 +00:00
if (!isset($this->orig['uidNumber'][0]) || ($this->orig['uidNumber'][0] == '')) {
fixed password handling in sambaAccount module changed error code handling
2004-10-16 19:51:36 +00:00
// new account -> we have to find a free id-number
fixed error handling
2006-05-18 08:50:51 +00:00
$newUID = $this->getNextUIDs(1, $errors);
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
if (is_array($newUID)) {
$this->attributes['uidNumber'][0] = $newUID[0];
}
else {
removed grouping of error messages
2006-08-16 17:42:35 +00:00
$errors[] = $this->messages['uidNumber'][3];
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
}
fixed password handling in sambaAccount module changed error code handling
2004-10-16 19:51:36 +00:00
else $this->attributes['uidNumber'][0] = $this->orig['uidNumber'][0];
// old account -> return id-number which has been used
}
else {
do not check UID/GID for existing accounts
2008-07-17 19:25:30 +00:00
// check manual ID
if ($this->getAccountContainer()->isNewAccount || !isset($this->orig['uidNumber'][0]) || ($this->orig['uidNumber'][0] != $this->attributes['uidNumber'][0])) {
// check range
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
if (($this->get_scope() == 'user') && (!isset($this->moduleSettings['posixAccount_uidGeneratorUsers']) || ($this->moduleSettings['posixAccount_uidGeneratorUsers'][0] == 'range'))) {
fixed error message about uidNumber range when using Samba ID pool
2013-04-10 19:04:43 +00:00
if (!is_numeric($this->attributes['uidNumber'][0]) || ($this->attributes['uidNumber'][0] < $minID) || ($this->attributes['uidNumber'][0] > $maxID)) {
$errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
}
}
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
if (($this->get_scope() == 'host') && (!isset($this->moduleSettings['posixAccount_uidGeneratorHosts']) || ($this->moduleSettings['posixAccount_uidGeneratorHosts'][0] == 'range'))) {
fixed error message about uidNumber range when using Samba ID pool
2013-04-10 19:04:43 +00:00
if (!is_numeric($this->attributes['uidNumber'][0]) || ($this->attributes['uidNumber'][0] < $minID) || ($this->attributes['uidNumber'][0] > $maxID)) {
$errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
}
}
replaced caching
2010-11-23 21:12:13 +00:00
// id-number is in use and account is a new account
if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
// id-number is in use, account is existing account and id-number is not used by itself
if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]!='' && ($this->orig['uidNumber'][0] != $this->attributes['uidNumber'][0]) ) {
$errors[] = $this->messages['uidNumber'][3];
$this->attributes['uidNumber'][0] = $this->orig['uidNumber'][0];
improved support for config of modules
2003-12-30 15:36:30 +00:00
}
}
fixed password handling in sambaAccount module changed error code handling
2004-10-16 19:51:36 +00:00
}
changed Unix password management
2006-09-03 12:41:22 +00:00
// Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use
// Set username back to original name if new username is in use
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
if ($this->userNameExists($this->attributes['uid'][0]) && isset($this->orig['uid'][0]) && ($this->orig['uid'][0]!='')) {
added generated default user name
2010-01-31 18:37:28 +00:00
$this->attributes['uid'][0] = $this->orig['uid'][0];
}
else {
// Change uid to a new uid until a free uid is found
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
while ($this->userNameExists($this->attributes['uid'][0])) {
suggest free user name in file upload if already exists
2012-09-23 17:59:14 +00:00
$this->attributes['uid'][0] = $this->getNextUserName($this->attributes['uid'][0]);
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
changed Unix password management
2006-09-03 12:41:22 +00:00
}
set default user/common name earlier
2010-03-14 15:42:49 +00:00
// Show warning if LAM has changed username
trim some input fields to prevent copy+paste errors
2013-05-25 12:47:07 +00:00
if ($this->attributes['uid'][0] != trim($_POST['uid'])) {
more private class variables
2007-10-04 16:45:05 +00:00
if ($this->get_scope()=='user') $errors[] = $this->messages['uid'][5];
if ($this->get_scope()=='host') $errors[] = $this->messages['uid'][6];
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
fixed wildcard replacement if user already existed
2011-05-22 17:19:14 +00:00
if ($this->get_scope()=='user') {
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$this->attributes[$homedirAttrName][0] = str_replace('$group', $this->getGroupName($this->attributes['gidNumber'][0]), $this->attributes[$homedirAttrName][0]);
fixed wildcard replacement if user already existed
2011-05-22 17:19:14 +00:00
if ($this->attributes['uid'][0] != '') {
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$this->attributes[$homedirAttrName][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes[$homedirAttrName][0]);
fixed wildcard replacement if user already existed
2011-05-22 17:19:14 +00:00
}
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
if ($this->attributes[$homedirAttrName][0] != $_POST['homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
fixed wildcard replacement if user already existed
2011-05-22 17:19:14 +00:00
// Check if Username contains only valid characters
if (!get_preg($this->attributes['uid'][0], 'username'))
$errors[] = $this->messages['uid'][2];
}
if ($this->get_scope()=='host') {
// Check if Hostname contains only valid characters
if (!get_preg($this->attributes['uid'][0], 'hostname'))
$errors[] = $this->messages['uid'][4];
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
if (!isset($this->attributes[$homedirAttrName][0])) {
$this->attributes[$homedirAttrName][0] = '/dev/null';
fixed wildcard replacement if user already existed
2011-05-22 17:19:14 +00:00
}
if (!isset($this->attributes['loginShell'][0])) {
$this->attributes['loginShell'][0] = '/bin/false';
}
}
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$attributeList = array($homedirAttrName);
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
$attributeList[] = 'gecos';
}
removed input_check() function
2006-05-21 19:45:57 +00:00
for ($i = 0; $i < sizeof($attributeList); $i++) {
if (isset($this->attributes[$attributeList[$i]][0])) {
$value = $this->attributes[$attributeList[$i]][0];
$replacedValue = $this->checkASCII($value);
if ($value != $replacedValue) {
$this->attributes[$attributeList[$i]][0] = $replacedValue;
removed grouping of error messages
2006-08-16 17:42:35 +00:00
$errors[] = array('WARN', $attributeList[$i], _('Changed value because only ASCII characters are allowed.'));
removed input_check() function
2006-05-21 19:45:57 +00:00
}
}
}
support SASL as password hash
2015-02-11 16:57:38 +00:00
if ($this->get_scope() == 'user') {
// set SASL password for new and renamed users
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')
&& ($this->getAccountContainer()->isNewAccount || ($this->attributes['uid'][0] != $this->orig['uid'][0]))) {
$this->attributes[$this->getPasswordAttrName()][0] = '{SASL}' . $this->attributes['uid'][0];
}
support K5KEY
2016-01-02 12:16:14 +00:00
// set K5KEY password for new users
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'K5KEY')) {
$this->attributes[$this->getPasswordAttrName()][0] = pwd_hash('x', true, $this->moduleSettings['posixAccount_pwdHash'][0]);
}
support SASL as password hash
2015-02-11 16:57:38 +00:00
}
changed subpage handling; fixed another magic_quotes_gpc bug
2005-09-01 15:20:15 +00:00
// Return error-messages
fixed error handling
2006-05-18 08:50:51 +00:00
return $errors;
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
improved support for config of modules
2003-12-30 15:36:30 +00:00
removed input_check() function
2006-05-21 19:45:57 +00:00
/**
* Checks if an attribute contains only ASCII charaters and replaces invalid characters.
*
* @param string $attribute attribute value
* @return string attribute value with replaced non-ASCII characters
*/
function checkASCII($attribute) {
suggested user names must be in lower case, replace umlauts
2013-06-17 18:38:42 +00:00
if ($attribute == null) {
return '';
removed input_check() function
2006-05-21 19:45:57 +00:00
}
suggested user names must be in lower case, replace umlauts
2013-06-17 18:38:42 +00:00
// replace special characters
$attribute = str_replace(array_keys($this->umlautReplacements), array_values($this->umlautReplacements), $attribute);
removed input_check() function
2006-05-21 19:45:57 +00:00
// remove remaining UTF-8 characters
for ($c = 0; $c < strlen($attribute); $c++) {
if (ord($attribute[$c]) > 127) {
fixed checkASCII and gecos in upload (2103936)
2008-09-16 17:11:44 +00:00
$attribute = str_replace($attribute[$c], "", $attribute);
$c--;
removed input_check() function
2006-05-21 19:45:57 +00:00
}
}
return $attribute;
}
no longer allow integer results from process_..., updated documentation
2005-09-07 12:58:34 +00:00
/**
* Processes user input of the group selection page.
* It checks if all input values are correct and updates the associated LDAP attributes.
*
* @return array list of info/error messages
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
*/
removed $post parameter
2006-08-13 12:58:19 +00:00
function process_group() {
manage group of names
2011-10-06 20:03:45 +00:00
// Unix groups
added option to auto-sync with group of names
2015-05-31 08:46:44 +00:00
if ($this->isBooleanConfigOptionSet('posixGroup_autoSyncGon')) {
$this->syncGonToGroups();
}
elseif (!$this->isBooleanConfigOptionSet('posixAccount_hideposixGroups')) {
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (isset($_POST['addgroups']) && isset($_POST['addgroups_button'])) { // Add groups to list
// add new group
$this->groups = @array_merge($this->groups, $_POST['addgroups']);
}
elseif (isset($_POST['removegroups']) && isset($_POST['removegroups_button'])) { // remove groups from list
$this->groups = array_delete($_POST['removegroups'], $this->groups);
}
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
manage group of names
2011-10-06 20:03:45 +00:00
// group of names
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (self::areGroupOfNamesActive() && !$this->isBooleanConfigOptionSet('posixAccount_hidegon')) {
manage group of names
2011-10-06 20:03:45 +00:00
if (isset($_POST['addgons']) && isset($_POST['addgons_button'])) { // Add groups to list
// add new group
$this->gonList = @array_merge($this->gonList, $_POST['addgons']);
}
elseif (isset($_POST['removegons']) && isset($_POST['removegons_button'])) { // remove groups from list
$this->gonList = array_delete($_POST['removegons'], $this->gonList);
}
}
removed grouping of error messages
2006-08-16 17:42:35 +00:00
return array();
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
/**
* Processes user input of the homedir check page.
* It checks if all input values are correct and updates the associated LDAP attributes.
*
* @return array list of info/error messages
*/
function process_homedir() {
$return = array();
// get list of lamdaemon servers
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
$temp = explode(":", $lamdaemonServers[$i]);
$server = $temp[0];
if (isset($_POST['form_subpage_' . get_class($this) . '_homedir_create_' . $i])) {
$result = lamdaemon(
implode(
support subclassing
2012-08-23 16:28:13 +00:00
self::$SPLIT_DELIMITER,
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
array(
$this->attributes['uid'][0],
"home",
"add",
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$this->attributes[$this->getHomedirAttrName()][0],
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
"0".$_SESSION['config']->get_scriptRights(),
$this->attributes['uidNumber'][0],
$this->attributes['gidNumber'][0])
),
$server);
// lamdaemon results
if (is_array($result)) {
foreach ($result as $singleresult) {
$singleresult = explode(",", $singleresult);
if (is_array($singleresult)) {
if (($singleresult[0] == 'ERROR') || ($singleresult[0] == 'WARN') || ($singleresult[0] == 'INFO')) {
$return[] = $singleresult;
}
}
}
}
}
elseif (isset($_POST['form_subpage_' . get_class($this) . '_homedir_delete_' . $i])) {
$result = lamdaemon(
implode(
support subclassing
2012-08-23 16:28:13 +00:00
self::$SPLIT_DELIMITER,
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
array(
$this->attributes['uid'][0],
"home",
"rem",
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$this->attributes[$this->getHomedirAttrName()][0],
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$this->attributes['uidNumber'][0]
)
),
$server);
// lamdaemon results
if (is_array($result)) {
foreach ($result as $singleresult) {
$singleresult = explode(",", $singleresult);
if (is_array($singleresult)) {
if (($singleresult[0] == 'ERROR') || ($singleresult[0] == 'WARN') || ($singleresult[0] == 'INFO')) {
$return[] = $singleresult;
}
}
}
}
}
}
return $return;
}
PhpDoc fixes
2007-11-03 14:17:19 +00:00
/**
* Returns the HTML meta data for the main account page.
responsive self service
2015-08-09 07:22:01 +00:00
*
use new meta HTML classes
2010-09-26 11:12:59 +00:00
* @return htmlElement HTML meta data
PhpDoc fixes
2007-11-03 14:17:19 +00:00
*/
removed $post parameter
2006-08-13 12:58:19 +00:00
function display_html_attributes() {
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return = new htmlTable();
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if (!$this->isOptional() || $this->skipObjectClass() || (isset($this->attributes['objectClass']) && in_array('posixAccount', $this->attributes['objectClass']))) {
support Samba 4
2013-08-18 12:24:53 +00:00
$groupList = $this->findGroups(); // list of all group names
$groups = array();
for ($i = 0; $i < sizeof($groupList); $i++) {
$groups[$groupList[$i][1]] = $groupList[$i][0];
}
if (count($groups)==0) {
$return->addElement(new htmlStatusMessage("ERROR", _('No Unix groups found in LDAP! Please create one first.')));
return $return;
}
$shelllist = $this->getShells(); // list of all valid shells
responsive self service
2015-08-09 07:22:01 +00:00
support Samba 4
2013-08-18 12:24:53 +00:00
// set default values
fill default user name from AD module
2013-12-28 10:48:31 +00:00
if (empty($this->attributes['uid'][0])) {
if ($this->getAccountContainer()->getAccountModule('inetOrgPerson') != null) {
// fill default value for user ID with first/last name
$attrs = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes();
$this->attributes['uid'][0] = $this->getUserNameSuggestion($attrs);
earlier check for duplicate user names
2014-02-06 17:34:56 +00:00
if (!empty($this->attributes['uid'][0]) && $this->userNameExists($this->attributes['uid'][0])) {
while ($this->userNameExists($this->attributes['uid'][0])) {
$this->attributes['uid'][0] = $this->getNextUserName($this->attributes['uid'][0]);
}
$msg = new htmlStatusMessage($this->messages['uid'][5][0], $this->messages['uid'][5][1], $this->messages['uid'][5][2]);
$msg->colspan = 10;
$return->addElement($msg, true);
}
fill default user name from AD module
2013-12-28 10:48:31 +00:00
}
elseif ($this->getAccountContainer()->getAccountModule('windowsUser') != null) {
// fill default value for user ID with AD user name
$attrs = $this->getAccountContainer()->getAccountModule('windowsUser')->getAttributes();
if (!empty($attrs['userPrincipalName'][0])) {
$parts = explode('@', $attrs['userPrincipalName'][0]);
$this->attributes['uid'][0] = $parts[0];
}
}
support Samba 4
2013-08-18 12:24:53 +00:00
}
if ($this->manageCn() && (!isset($this->attributes['cn'][0]) || ($this->attributes['cn'][0] == ''))) {
// set a default value for common name
fixed PHP notices for hosts
2016-01-09 19:20:28 +00:00
if (($this->get_scope() == 'host') && isset($_POST['uid'])) {
if (substr($_POST['uid'], -1, 1) == '$') {
$this->attributes['cn'][0] = substr($_POST['uid'], 0, strlen($_POST['uid']) - 1);
}
else {
$this->attributes['cn'][0] = $_POST['uid'];
}
set default user/common name earlier
2010-03-14 15:42:49 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
elseif ($this->getAccountContainer()->getAccountModule('inetOrgPerson') != null) {
$attrs = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes();
if ($attrs['givenName'][0]) {
$this->attributes['cn'][0] = $attrs['givenName'][0] . " " . $attrs['sn'][0];
}
elseif ($attrs['sn'][0]) {
$this->attributes['cn'][0] = $attrs['sn'][0];
}
else {
$this->attributes['cn'][0] = $_POST['uid'];
}
set default user/common name earlier
2010-03-14 15:42:49 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
elseif (isset($_POST['uid'])) {
set default user/common name earlier
2010-03-14 15:42:49 +00:00
$this->attributes['cn'][0] = $_POST['uid'];
}
}
responsive self service
2015-08-09 07:22:01 +00:00
support Samba 4
2013-08-18 12:24:53 +00:00
$userName = '';
if (isset($this->attributes['uid'][0])) $userName = $this->attributes['uid'][0];
$uidLabel = _("User name");
if ($this->get_scope() == 'host') {
$uidLabel = _("Host name");
}
$uidInput = new htmlTableExtendedInputField($uidLabel, 'uid', $userName, 'uid');
$uidInput->setRequired(true);
$uidInput->setFieldMaxLength(100);
$return->addElement($uidInput, true);
if ($this->manageCn()) {
allow multiple cn values
2014-04-21 19:21:47 +00:00
$this->addMultiValueInputTextField($return, 'cn', _("Common name"));
support Samba 4
2013-08-18 12:24:53 +00:00
}
$uidNumber = '';
if (isset($this->attributes['uidNumber'][0])) $uidNumber = $this->attributes['uidNumber'][0];
$uidNumberInput = new htmlTableExtendedInputField(_('UID number'), 'uidNumber', $uidNumber, 'uidNumber');
$uidNumberInput->setFieldMaxLength(20);
$uidNumberInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
$return->addElement($uidNumberInput, true);
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
$gecos = '';
if (isset($this->attributes['gecos'][0])) $gecos = $this->attributes['gecos'][0];
$return->addElement(new htmlTableExtendedInputField(_('Gecos'), 'gecos', $gecos, 'gecos'), true);
set default user/common name earlier
2010-03-14 15:42:49 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
$primaryGroup = array();
if (isset($this->attributes['gidNumber'][0])) {
$primaryGroup[] = $this->attributes['gidNumber'][0];
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
$gidNumberSelect = new htmlTableExtendedSelect('gidNumber', $groups, $primaryGroup, _('Primary group'), 'gidNumber');
$gidNumberSelect->setHasDescriptiveElements(true);
$return->addElement($gidNumberSelect, true);
responsive self service
2015-08-09 07:22:01 +00:00
support Samba 4
2013-08-18 12:24:53 +00:00
if ($this->get_scope()=='user') {
// additional groups
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegon') || !$this->isBooleanConfigOptionSet('posixAccount_hideposixGroups')) {
$return->addElement(new htmlOutputText(_('Additional groups')));
$return->addElement(new htmlAccountPageButton(get_class($this), 'group', 'open', _('Edit groups')));
$return->addElement(new htmlHelpLink('addgroup'), true);
}
// home directory
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$homeDir = isset($this->attributes[$this->getHomedirAttrName()][0]) ? $this->attributes[$this->getHomedirAttrName()][0] : '';
$homedirInput = new htmlTableExtendedInputField(_('Home directory'), 'homeDirectory', $homeDir, 'homeDirectory');
support Samba 4
2013-08-18 12:24:53 +00:00
$homedirInput->setRequired(true);
$return->addElement($homedirInput, true);
if (($_SESSION['config']->get_scriptPath() != null) && ($_SESSION['config']->get_scriptPath() != '')) {
if ($this->getAccountContainer()->isNewAccount) {
// get list of lamdaemon servers
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
$temp = explode(":", $lamdaemonServers[$i]);
if (isset($temp[1])) $lamdaemonServers[$i] = $temp[1];
else $lamdaemonServers[$i] = $temp[0];
}
$homeDirLabel = new htmlOutputText(_('Create home directory'));
$homeDirLabel->alignment = htmlElement::ALIGN_TOP;
$return->addElement($homeDirLabel);
$homeServerContainer = new htmlTable();
for ($h = 0; $h < sizeof($lamdaemonServers); $h++) {
$homeServerContainer->addElement(new htmlTableExtendedInputCheckbox('createhomedir_' . $h, in_array($lamdaemonServers[$h], $this->lamdaemonServers), $lamdaemonServers[$h], null, false), true);
}
$return->addElement($homeServerContainer);
$homeDirHelp = new htmlHelpLink('createhomedir');
$homeDirHelp->alignment = htmlElement::ALIGN_TOP;
$return->addElement($homeDirHelp, true);
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
else {
$return->addElement(new htmlOutputText(''));
$return->addElement(new htmlAccountPageButton(get_class($this), 'homedir', 'open', _('Check home directories')), true);
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
}
$selectedShell = array();
if (isset($this->attributes['loginShell'][0])) {
$selectedShell = array($this->attributes['loginShell'][0]);
}
$return->addElement(new htmlTableExtendedSelect('loginShell', $shelllist, $selectedShell, _('Login shell'), 'loginShell'), true);
}
// password buttons
allow to set single account types read-only
2014-01-15 20:48:52 +00:00
if (checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes[$this->getPasswordAttrName()][0])) {
support Samba 4
2013-08-18 12:24:53 +00:00
$return->addElement(new htmlOutputText(_('Password')));
$pwdContainer = new htmlTable();
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
if (pwd_is_enabled($this->attributes[$this->getPasswordAttrName()][0])) {
support Samba 4
2013-08-18 12:24:53 +00:00
$pwdContainer->addElement(new htmlButton('lockPassword', _('Lock password')));
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
}
else {
support Samba 4
2013-08-18 12:24:53 +00:00
$pwdContainer->addElement(new htmlButton('unlockPassword', _('Unlock password')));
use preDeleteActions() and postModifyActions() for lamdaemon
2007-02-25 13:55:26 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
$pwdContainer->addElement(new htmlButton('removePassword', _('Remove password')));
$pwdContainer->colspan = 2;
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$return->addElement($pwdContainer, true);
fixed homedir creation
2005-10-21 13:48:30 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
// remove button
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if ($this->isOptional() && !$this->skipObjectClass()) {
support Samba 4
2013-08-18 12:24:53 +00:00
$return->addElement(new htmlSpacer(null, '20px'), true);
$remButton = new htmlButton('remObjectClass', _('Remove Unix extension'));
$remButton->colspan = 5;
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$return->addElement($remButton, true);
fixed PHP notices
2011-01-09 14:45:12 +00:00
}
enable host passwords (RFE 1754069)
2007-11-10 15:16:55 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
else {
// add button
$return->addElement(new htmlButton('addObjectClass', _('Add Unix extension')));
enable host passwords (RFE 1754069)
2007-11-10 15:16:55 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
return $return;
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
PhpDoc fixes
2007-11-03 14:17:19 +00:00
/**
* Displays the delete homedir option for the delete page.
*
use new meta HTML classes
2010-09-26 11:12:59 +00:00
* @return htmlElement meta HTML code
PhpDoc fixes
2007-11-03 14:17:19 +00:00
*/
removed $post parameter
2006-08-13 12:58:19 +00:00
function display_html_delete() {
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return = null;
better error handling and no longer depend on ssh2 module
2010-05-14 12:57:00 +00:00
if ($this->get_scope() == 'user' && ($_SESSION['config']->get_scriptPath() != null)) {
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return = new htmlTable();
clear sudo entries on delete
2014-01-14 18:08:13 +00:00
$return->addElement(new htmlTableExtendedInputCheckbox('deletehomedir', true, _('Delete home directory'), 'deletehomedir'), true);
}
if (($this->get_scope() == 'user') && in_array('sudo', $_SESSION['config']->get_ActiveTypes())) {
fixed problem in delete view
2014-04-06 16:39:51 +00:00
if ($return == null) {
$return = new htmlTable();
}
clear sudo entries on delete
2014-01-14 18:08:13 +00:00
$return->addElement(new htmlTableExtendedInputCheckbox('deleteSudoers', true, _('Delete sudo rights'), 'deleteSudoers'), true);
improved support for config of modules
2003-12-30 15:36:30 +00:00
}
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
return $return;
}
improved support for config of modules
2003-12-30 15:36:30 +00:00
fixed group selection
2005-04-23 14:26:22 +00:00
/**
* Displays the group selection.
*
use new meta HTML classes
2010-09-26 11:12:59 +00:00
* @return htmlElement meta HTML code
fixed group selection
2005-04-23 14:26:22 +00:00
*/
removed $post parameter
2006-08-13 12:58:19 +00:00
function display_html_group() {
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return = new htmlTable();
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (!$this->isBooleanConfigOptionSet('posixAccount_hideposixGroups')) {
// load list with all groups
$groups = $this->findGroups();
for ($i = 0; $i < sizeof($groups); $i++) {
$groups[$i] = $groups[$i][1];
}
// remove groups the user is member of from grouplist
$groups = array_delete($this->groups, $groups);
// Remove primary group from grouplist
$group = $this->getGroupName($this->attributes['gidNumber'][0]);
$groups = array_flip($groups);
unset ($groups[$group]);
$groups = array_flip($groups);
responsive self service
2015-08-09 07:22:01 +00:00
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
$unixContainer = new htmlTable();
$unixContainer->alignment = htmlElement::ALIGN_TOP;
$unixContainer->addElement(new htmlSubTitle(_("Unix groups")), true);
added option to auto-sync with group of names
2015-05-31 08:46:44 +00:00
if ($this->isBooleanConfigOptionSet('posixGroup_autoSyncGon')) {
$this->syncGonToGroups();
foreach ($this->groups as $group) {
$unixContainer->addElement(new htmlOutputText($group), true);
}
}
responsive self service
2015-08-09 07:22:01 +00:00
else {
added option to auto-sync with group of names
2015-05-31 08:46:44 +00:00
$unixContainer->addElement(new htmlOutputText(_("Selected groups")));
$unixContainer->addElement(new htmlOutputText(''));
$unixContainer->addElement(new htmlOutputText(_("Available groups")));
$unixContainer->addNewLine();
responsive self service
2015-08-09 07:22:01 +00:00
added option to auto-sync with group of names
2015-05-31 08:46:44 +00:00
$remSelect = new htmlSelect('removegroups', $this->groups, null, 15);
$remSelect->setMultiSelect(true);
$remSelect->setTransformSingleSelect(false);
$unixContainer->addElement($remSelect);
$buttonContainer = new htmlTable();
$buttonContainer->addElement(new htmlButton('addgroups_button', 'back.gif', true), true);
$buttonContainer->addElement(new htmlButton('removegroups_button', 'forward.gif', true), true);
$buttonContainer->addElement(new htmlHelpLink('addgroup'));
$unixContainer->addElement($buttonContainer);
$addSelect = new htmlSelect('addgroups', $groups, null, 15);
$addSelect->setMultiSelect(true);
$addSelect->setTransformSingleSelect(false);
$unixContainer->addElement($addSelect, true);
}
responsive self service
2015-08-09 07:22:01 +00:00
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
$return->addElement($unixContainer);
}
manage group of names
2011-10-06 20:03:45 +00:00
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (self::areGroupOfNamesActive() && !$this->isBooleanConfigOptionSet('posixAccount_hidegon')) {
if (!$this->isBooleanConfigOptionSet('posixAccount_hideposixGroups')) {
$return->addElement(new htmlSpacer('100px', null));
}
responsive self service
2015-08-09 07:22:01 +00:00
manage group of names
2011-10-06 20:03:45 +00:00
$gons = $this->findGroupOfNames();
responsive self service
2015-08-09 07:22:01 +00:00
manage group of names
2011-10-06 20:03:45 +00:00
$gonContainer = new htmlTable();
$gonContainer->alignment = htmlElement::ALIGN_TOP;
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
$gonContainer->addElement(new htmlSubTitle(_("Groups of names")), true);
manage group of names
2011-10-06 20:03:45 +00:00
$gonContainer->addElement(new htmlOutputText(_("Selected groups")));
$gonContainer->addElement(new htmlOutputText(''));
$gonContainer->addElement(new htmlOutputText(_("Available groups")));
$gonContainer->addNewLine();
responsive self service
2015-08-09 07:22:01 +00:00
manage group of names
2011-10-06 20:03:45 +00:00
$selectedGons = array();
for ($i = 0; $i < sizeof($this->gonList); $i++) {
if (isset($gons[$this->gonList[$i]])) {
$selectedGons[$gons[$this->gonList[$i]]['cn'][0]] = $this->gonList[$i];
}
}
$availableGons = array();
foreach ($gons as $dn => $attr) {
if (!in_array($dn, $this->gonList)) {
$availableGons[$attr['cn'][0]] = $dn;
}
}
responsive self service
2015-08-09 07:22:01 +00:00
manage group of names
2011-10-06 20:03:45 +00:00
$remGonSelect = new htmlSelect('removegons', $selectedGons, null, 15);
$remGonSelect->setMultiSelect(true);
$remGonSelect->setTransformSingleSelect(false);
$remGonSelect->setHasDescriptiveElements(true);
$gonContainer->addElement($remGonSelect);
$buttonGonContainer = new htmlTable();
$buttonGonContainer->addElement(new htmlButton('addgons_button', 'back.gif', true), true);
$buttonGonContainer->addElement(new htmlButton('removegons_button', 'forward.gif', true), true);
$buttonGonContainer->addElement(new htmlHelpLink('addgroup'));
$gonContainer->addElement($buttonGonContainer);
$addGonSelect = new htmlSelect('addgons', $availableGons, null, 15);
$addGonSelect->setMultiSelect(true);
$addGonSelect->setHasDescriptiveElements(true);
$addGonSelect->setTransformSingleSelect(false);
$gonContainer->addElement($addGonSelect);
$gonContainer->addNewLine();
$return->addElement($gonContainer);
}
responsive self service
2015-08-09 07:22:01 +00:00
manage group of names
2011-10-06 20:03:45 +00:00
$return->addNewLine();
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
$backGroup = new htmlGroup();
$backGroup->colspan = 10;
$backGroup->addElement(new htmlSpacer(null, '10px'), true);
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$backButton = new htmlAccountPageButton(get_class($this), 'attributes', 'back', _('Back'));
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
$backGroup->addElement($backButton);
$return->addElement($backGroup);
initial support for pseudo html.
2004-01-18 12:52:52 +00:00
return $return;
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
}
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
/**
* Displays the delete homedir option for the homedir page.
*
* @return htmlElement meta HTML code
*/
function display_html_homedir() {
$return = new htmlTable();
$return->addElement(new htmlOutputText(_('Home directory')));
$return->addElement(new htmlSpacer('5px', null));
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$return->addElement(new htmlOutputText($this->attributes[$this->getHomedirAttrName()][0]), true);
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$return->addElement(new htmlSpacer(null, '10px'), true);
$homeServerContainer = new htmlTable();
$homeServerContainer->colspan = 5;
// get list of lamdaemon servers
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
$temp = explode(":", $lamdaemonServers[$i]);
$server = $temp[0];
$label = $temp[0];
if (isset($temp[1])) {
$label = $temp[1];
}
$result = lamdaemon(
implode(
support subclassing
2012-08-23 16:28:13 +00:00
self::$SPLIT_DELIMITER,
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
array(
$this->attributes['uid'][0],
"home",
"check",
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$this->attributes[$this->getHomedirAttrName()][0])
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
),
$server);
// lamdaemon results
if (is_array($result)) {
$returnValue = trim($result[0]);
if ($returnValue == 'ok') {
$homeServerContainer->addElement(new htmlOutputText($label));
$homeServerContainer->addElement(new htmlSpacer('5px', null));
$homeServerContainer->addElement(new htmlImage('../../graphics/pass.png', 16, 16));
$homeServerContainer->addElement(new htmlSpacer('5px', null));
$homeServerContainer->addElement(new htmlAccountPageButton(get_class($this), 'homedir', 'delete_' . $i, _('Delete')));
}
elseif ($returnValue == 'missing') {
$homeServerContainer->addElement(new htmlOutputText($label));
$homeServerContainer->addElement(new htmlSpacer('5px', null));
$homeServerContainer->addElement(new htmlImage('../../graphics/fail.png', 16, 16));
$homeServerContainer->addElement(new htmlSpacer('5px', null));
$homeServerContainer->addElement(new htmlAccountPageButton(get_class($this), 'homedir', 'create_' . $i, _('Create')));
}
fix for invalid status messages
2012-02-22 22:52:15 +00:00
elseif (trim($returnValue) != '') {
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$messageParams = explode(",", $returnValue);
if (isset($messageParams[2])) {
fix for invalid status messages
2012-02-22 22:52:15 +00:00
$message = new htmlStatusMessage($messageParams[0], htmlspecialchars($messageParams[1]), htmlspecialchars($messageParams[2]));
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
}
fix for invalid status messages
2012-02-22 22:44:18 +00:00
elseif (($messageParams[0] == 'ERROR') || ($messageParams[0] == 'WARN') || ($messageParams[0] == 'INFO')) {
fix for invalid status messages
2012-02-22 22:52:15 +00:00
$message = new htmlStatusMessage($messageParams[0], htmlspecialchars($messageParams[1]));
}
else {
$message = new htmlStatusMessage('WARN', htmlspecialchars($messageParams[0]));
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
}
$message->colspan = 5;
$homeServerContainer->addElement($message, true);
}
$homeServerContainer->addNewLine();
}
}
$return->addElement($homeServerContainer, true);
$return->addElement(new htmlSpacer(null, '10px'), true);
$return->addElement(new htmlAccountPageButton(get_class($this), 'attributes', 'back', _('Back')));
return $return;
}
documentation update
2004-09-19 08:34:14 +00:00
/**
* Returns a list of elements for the account profiles.
*
* @return profile elements
*/
made get_profileOptions() non-static
2004-04-03 14:47:33 +00:00
function get_profileOptions() {
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return = new htmlTable();
use less cache functions
2009-11-26 10:48:05 +00:00
$groupList = $this->findGroups();
$groups = array();
for ($i = 0; $i < sizeof($groupList); $i++) {
$groups[] = $groupList[$i][1];
}
more private class variables
2007-10-04 16:45:05 +00:00
if ($this->get_scope() == 'user') {
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
$shelllist = $this->getShells(); // list of all valid shells
implemented profile options for user accounts
2004-04-04 13:48:21 +00:00
// primary Unix group
fixed meta HTML
2010-09-30 18:58:11 +00:00
$return->addElement(new htmlTableExtendedSelect('posixAccount_primaryGroup', $groups, array(), _('Primary group'), 'gidNumber'), true);
implemented profile options for user accounts
2004-04-04 13:48:21 +00:00
// additional group memberships
fixed meta HTML
2010-09-30 18:58:11 +00:00
$addGroupSelect = new htmlTableExtendedSelect('posixAccount_additionalGroup', $groups, array(), _('Additional groups'), 'addgroup', 10);
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$addGroupSelect->setMultiSelect(true);
manage group of names
2011-10-06 20:03:45 +00:00
$addGroupSelect->setTransformSingleSelect(false);
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return->addElement($addGroupSelect, true);
manage group of names
2011-10-06 20:03:45 +00:00
// group of names
quick (un)lock for users
2012-04-09 13:20:24 +00:00
if (self::areGroupOfNamesActive()) {
manage group of names
2011-10-06 20:03:45 +00:00
$gons = $this->findGroupOfNames();
$gonList = array();
foreach ($gons as $dn => $attr) {
$gonList[$attr['cn'][0]] = $dn;
}
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
$gonSelect = new htmlTableExtendedSelect('posixAccount_gon', $gonList, array(), _('Groups of names'), 'addgroup', 10);
manage group of names
2011-10-06 20:03:45 +00:00
$gonSelect->setHasDescriptiveElements(true);
$gonSelect->setMultiSelect(true);
$gonSelect->setTransformSingleSelect(false);
$return->addElement($gonSelect, true);
}
implemented profile options for user accounts
2004-04-04 13:48:21 +00:00
// home directory
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return->addElement(new htmlTableExtendedInputField(_('Home directory'), 'posixAccount_homeDirectory', '/home/$user', 'homeDirectory'), true);
implemented profile options for user accounts
2004-04-04 13:48:21 +00:00
// login shell
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return->addElement(new htmlTableExtendedSelect('posixAccount_loginShell', $shelllist, array("/bin/bash"), _('Login shell'), 'loginShell'), true);
added profile option for lamdaemon
2008-08-10 19:53:13 +00:00
// lamdaemon settings
better error handling and no longer depend on ssh2 module
2010-05-14 12:57:00 +00:00
if (($_SESSION['config']->get_scriptPath() != null)) {
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$homeDirLabel = new htmlOutputText(_('Create home directory'));
$homeDirLabel->alignment = htmlElement::ALIGN_TOP;
$return->addElement($homeDirLabel);
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
$temp = explode(":", $lamdaemonServers[$i]);
if (isset($temp[1])) $lamdaemonServers[$i] = $temp[1];
else $lamdaemonServers[$i] = $temp[0];
}
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$homeServerContainer = new htmlTable();
for ($h = 0; $h < sizeof($lamdaemonServers); $h++) {
$homeServerContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_createHomedir_' . $h, in_array($lamdaemonServers[$h], $this->lamdaemonServers), $lamdaemonServers[$h], null, false), true);
}
$return->addElement($homeServerContainer);
$homeDirHelp = new htmlHelpLink('createhomedir');
$homeDirHelp->alignment = htmlElement::ALIGN_TOP;
$return->addElement($homeDirHelp, true);
added profile option for lamdaemon
2008-08-10 19:53:13 +00:00
}
added scope for config help entries, moved some Posix group entries to module
2004-10-02 18:45:11 +00:00
}
more private class variables
2007-10-04 16:45:05 +00:00
elseif ($this->get_scope() == 'host') {
added scope for config help entries, moved some Posix group entries to module
2004-10-02 18:45:11 +00:00
// primary Unix group
use new meta HTML classes
2010-09-25 18:48:51 +00:00
$return->addElement(new htmlTableExtendedSelect('posixAccount_primaryGroup', $groups, array(), _('Primary group'), 'gidNumber'));
implemented profile options for user accounts
2004-04-04 13:48:21 +00:00
}
support Samba 4
2013-08-18 12:24:53 +00:00
if ($this->isOptional()) {
$return->addElement(new htmlTableExtendedInputCheckbox('posixAccount_addExt', false, _('Automatically add this extension'), 'autoAdd'), true);
}
added dummy getProfileOptions() functions
2004-03-09 12:03:39 +00:00
return $return;
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
}
implemented profile loading
2005-01-16 12:41:38 +00:00
/**
* Loads the values of an account profile into internal variables.
*
* @param array $profile hash array with profile values (identifier => value)
*/
function load_profile($profile) {
// profile mappings in meta data
parent::load_profile($profile);
// special profile options
// GID
if (isset($profile['posixAccount_primaryGroup'][0])) {
use less cache functions
2009-11-26 10:48:05 +00:00
$gid = $this->getGID($profile['posixAccount_primaryGroup'][0]);
if ($gid != null) {
implemented profile loading
2005-01-16 12:41:38 +00:00
$this->attributes['gidNumber'][0] = $gid;
}
}
// other group memberships
if (isset($profile['posixAccount_additionalGroup'][0])) {
$this->groups = $profile['posixAccount_additionalGroup'];
}
manage group of names
2011-10-06 20:03:45 +00:00
// group of names
if (isset($profile['posixAccount_gon'][0])) {
$this->gonList = $profile['posixAccount_gon'];
}
added profile option for lamdaemon
2008-08-10 19:53:13 +00:00
// lamdaemon
if (($this->get_scope() == 'user') && $this->getAccountContainer()->isNewAccount) {
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
$temp = explode(":", $lamdaemonServers[$i]);
if (isset($temp[1])) $lamdaemonServers[$i] = $temp[1];
else $lamdaemonServers[$i] = $temp[0];
added profile option for lamdaemon
2008-08-10 19:53:13 +00:00
}
allow to manage homedirs after account creation
2011-05-07 08:59:50 +00:00
$this->lamdaemonServers = array();
for ($h = 0; $h < sizeof($lamdaemonServers); $h++) {
if (isset($profile['posixAccount_createHomedir_' . $h][0]) && ($profile['posixAccount_createHomedir_' . $h][0] == 'true')) {
$this->lamdaemonServers[] = $lamdaemonServers[$h];
}
added profile option for lamdaemon
2008-08-10 19:53:13 +00:00
}
}
support Samba 4
2013-08-18 12:24:53 +00:00
// add extension
if (isset($profile['posixAccount_addExt'][0]) && ($profile['posixAccount_addExt'][0] == "true")) {
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if (!$this->skipObjectClass() && !in_array('posixAccount', $this->attributes['objectClass'])) {
support Samba 4
2013-08-18 12:24:53 +00:00
$this->attributes['objectClass'][] = 'posixAccount';
}
}
implemented profile loading
2005-01-16 12:41:38 +00:00
}
code cleanup: removed obsolete parameter from get_pdfentries() and updated PHPDoc comments
2005-10-09 18:05:32 +00:00
/**
added $pdfKeys to get_pdfEntries
2015-01-07 17:16:35 +00:00
* Returns a list of possible PDF entries for this account.
*
* @param array $pdfKeys list of PDF keys that are included in document
* @return list of PDF entries (array(<PDF key> => <PDF lines>))
*/
function get_pdfEntries($pdfKeys) {
fixed host name labels
2013-03-16 17:12:00 +00:00
$uidLabel = _('User name');
if ($this->get_scope() == 'host') {
$uidLabel = _('Host name');
}
sort PDF output
2014-07-17 19:34:51 +00:00
$additionalGroups = array();
if (!empty($this->groups)) {
$additionalGroups = $this->groups;
natcasesort($additionalGroups);
}
added addPDFKeyValue()
2015-03-11 20:50:37 +00:00
$return = array();
$this->addPDFKeyValue($return, 'primaryGroup', _('Primary group'), $this->getGroupName($this->attributes['gidNumber'][0]));
$this->addPDFKeyValue($return, 'additionalGroups', _('Additional groups'), implode(", ", $additionalGroups));
reduced PDF code
2013-05-07 19:18:21 +00:00
$this->addSimplePDFField($return, 'uid', $uidLabel);
$this->addSimplePDFField($return, 'cn', _('Common name'));
$this->addSimplePDFField($return, 'uidNumber', _('UID number'));
$this->addSimplePDFField($return, 'gidNumber', _('GID number'));
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$this->addSimplePDFField($return, 'homeDirectory', _('Home directory'), $this->getHomedirAttrName());
reduced PDF code
2013-05-07 19:18:21 +00:00
$this->addSimplePDFField($return, 'loginShell', _('Login shell'));
$this->addSimplePDFField($return, 'gecos', _('Gecos'));
quick (un)lock for users
2012-04-09 13:20:24 +00:00
if (self::areGroupOfNamesActive()) {
manage group of names
2011-10-06 20:03:45 +00:00
$allGons = $this->findGroupOfNames();
$gons = array();
for ($i = 0; $i < sizeof($this->gonList); $i++) {
if (isset($allGons[$this->gonList[$i]])) {
$gons[] = $allGons[$this->gonList[$i]]['cn'][0];
}
}
sort PDF output
2014-07-17 19:34:51 +00:00
natcasesort($gons);
added addPDFKeyValue()
2015-03-11 20:50:37 +00:00
$this->addPDFKeyValue($return, 'gon', _('Groups of names'), implode(", ", $gons));
manage group of names
2011-10-06 20:03:45 +00:00
}
readded support for user password in PDF
2010-03-08 18:26:06 +00:00
if (isset($this->clearTextPassword)) {
added addPDFKeyValue()
2015-03-11 20:50:37 +00:00
$this->addPDFKeyValue($return, 'userPassword', _('Password'), $this->clearTextPassword);
readded support for user password in PDF
2010-03-08 18:26:06 +00:00
}
added clear text password to upload PDF files
2012-02-05 13:04:57 +00:00
else if (isset($this->attributes['INFO.userPasswordClearText'])) {
added addPDFKeyValue()
2015-03-11 20:50:37 +00:00
$this->addPDFKeyValue($return, 'userPassword', _('Password'), $this->attributes['INFO.userPasswordClearText']);
added clear text password to upload PDF files
2012-02-05 13:04:57 +00:00
}
changed Unix password management
2006-09-03 12:41:22 +00:00
return $return;
dummy implemenation of get_pdfEntries added for each module class;account,inetOrgPerson and posixAccount partially implemented
2004-05-24 21:39:57 +00:00
}
added check_profileOptions() dummy
2004-03-14 17:33:05 +00:00
support magic numbers for UID/GID
2016-03-28 09:06:04 +00:00
/**
* Returns a list of elements for the configuration.
*
* @param array $scopes account types (user, group, host)
* @param array $allScopes list of all modules and active scopes
* @return array configuration elements
*/
function get_configOptions($scopes, $allScopes) {
$return = array();
if (in_array('user', $scopes)) {
// user options
$configUserContainer = new htmlTable();
$configUserContainer->addElement(new htmlSubTitle(_("Users")), true);
$generatorOptions = array(
_('Fixed range') => 'range',
_('Samba ID pool') => 'sambaPool',
_('Windows domain info') => 'windowsDomain',
_('Magic number') => 'magicNumber'
);
$uidGeneratorSelect = new htmlTableExtendedSelect('posixAccount_uidGeneratorUsers', $generatorOptions, array('range'), _('UID generator'), 'uidGenerator');
$uidGeneratorSelect->setHasDescriptiveElements(true);
$uidGeneratorSelect->setTableRowsToHide(array(
'range' => array('posixAccount_sambaIDPoolDNUsers', 'posixAccount_windowsIDPoolDNUsers', 'posixAccount_magicNumberUser'),
'sambaPool' => array('posixAccount_minUID', 'posixAccount_maxUID', 'posixAccount_windowsIDPoolDNUsers', 'posixAccount_magicNumberUser'),
'windowsDomain' => array('posixAccount_minUID', 'posixAccount_maxUID', 'posixAccount_sambaIDPoolDNUsers', 'posixAccount_magicNumberUser'),
'magicNumber' => array('posixAccount_minUID', 'posixAccount_maxUID', 'posixAccount_windowsIDPoolDNUsers', 'posixAccount_sambaIDPoolDNUsers')
));
$uidGeneratorSelect->setTableRowsToShow(array(
'range' => array('posixAccount_minUID', 'posixAccount_maxUID'),
'sambaPool' => array('posixAccount_sambaIDPoolDNUsers'),
'windowsDomain' => array('posixAccount_windowsIDPoolDNUsers'),
'magicNumber' => array('posixAccount_magicNumberUser')
));
$configUserContainer->addElement($uidGeneratorSelect, true);
$uidUsersGeneratorDN = new htmlTableExtendedInputField(_('Samba ID pool DN'), 'posixAccount_sambaIDPoolDNUsers', null, 'sambaIDPoolDN');
$uidUsersGeneratorDN->setRequired(true);
$configUserContainer->addElement($uidUsersGeneratorDN, true);
$uidUsersGeneratorWinDN = new htmlTableExtendedInputField(_('Windows domain info DN'), 'posixAccount_windowsIDPoolDNUsers', null, 'windowsIDPoolDN');
$uidUsersGeneratorWinDN->setRequired(true);
$configUserContainer->addElement($uidUsersGeneratorWinDN, true);
$minUid = new htmlTableExtendedInputField(_('Minimum UID number'), 'posixAccount_minUID', null, 'minMaxUser');
$minUid->setRequired(true);
$configUserContainer->addElement($minUid, true);
$maxUid = new htmlTableExtendedInputField(_('Maximum UID number'), 'posixAccount_maxUID', null, 'minMaxUser');
$maxUid->setRequired(true);
$configUserContainer->addElement($maxUid, true);
$magicNumberUser = new htmlTableExtendedInputField(_('Magic number'), 'posixAccount_magicNumberUser', null, 'magicNumber');
$magicNumberUser->setRequired(true);
$configUserContainer->addElement($magicNumberUser, true);
$configUserContainer->addElement(new htmlTableExtendedInputField(_('Suffix for UID/user name check'), 'posixAccount_uidCheckSuffixUser', '', 'uidCheckSuffix'), true);
$return[] = $configUserContainer;
}
// host options
if (in_array('host', $scopes)) {
$configHostContainer = new htmlTable();
$configHostContainer->addElement(new htmlSubTitle(_("Hosts")), true);
$uidHostGeneratorSelect = new htmlTableExtendedSelect('posixAccount_uidGeneratorHosts', $generatorOptions, array('range'), _('UID generator'), 'uidGenerator');
$uidHostGeneratorSelect->setHasDescriptiveElements(true);
$uidHostGeneratorSelect->setTableRowsToHide(array(
'range' => array('posixAccount_sambaIDPoolDNHosts', 'posixAccount_windowsIDPoolDNHosts', 'posixAccount_magicNumberHost'),
'sambaPool' => array('posixAccount_minMachine', 'posixAccount_maxMachine', 'posixAccount_windowsIDPoolDNHosts', 'posixAccount_magicNumberHost'),
'windowsDomain' => array('posixAccount_minMachine', 'posixAccount_maxMachine', 'posixAccount_sambaIDPoolDNHosts', 'posixAccount_magicNumberHost'),
'magicNumber' => array('posixAccount_minMachine', 'posixAccount_maxMachine', 'posixAccount_windowsIDPoolDNHosts', 'posixAccount_sambaIDPoolDNHosts')
));
$uidHostGeneratorSelect->setTableRowsToShow(array(
'range' => array('posixAccount_minMachine', 'posixAccount_maxMachine'),
'sambaPool' => array('posixAccount_sambaIDPoolDNHosts'),
'windowsDomain' => array('posixAccount_windowsIDPoolDNHosts'),
'magicNumber' => array('posixAccount_magicNumberHost')
));
$configHostContainer->addElement($uidHostGeneratorSelect, true);
$uidHostsGeneratorDN = new htmlTableExtendedInputField(_('Samba ID pool DN'), 'posixAccount_sambaIDPoolDNHosts', null, 'sambaIDPoolDN');
$uidHostsGeneratorDN->setRequired(true);
$configHostContainer->addElement($uidHostsGeneratorDN, true);
$uidHostsGeneratorWinDN = new htmlTableExtendedInputField(_('Windows domain info DN'), 'posixAccount_windowsIDPoolDNHosts', null, 'windowsIDPoolDN');
$uidHostsGeneratorWinDN->setRequired(true);
$configHostContainer->addElement($uidHostsGeneratorWinDN, true);
$minUid = new htmlTableExtendedInputField(_('Minimum UID number'), 'posixAccount_minMachine', null, 'minMaxHost');
$minUid->setRequired(true);
$configHostContainer->addElement($minUid, true);
$maxUid = new htmlTableExtendedInputField(_('Maximum UID number'), 'posixAccount_maxMachine', null, 'minMaxHost');
$maxUid->setRequired(true);
$configHostContainer->addElement($maxUid, true);
$magicNumberHost = new htmlTableExtendedInputField(_('Magic number'), 'posixAccount_magicNumberHost', null, 'magicNumber');
$magicNumberHost->setRequired(true);
$configHostContainer->addElement($magicNumberHost, true);
$configHostContainer->addElement(new htmlTableExtendedInputField(_('Suffix for UID/user name check'), 'posixAccount_uidCheckSuffixHost', '', 'uidCheckSuffix'), true);
$return[] = $configHostContainer;
}
// common options
$configOptionsContainer = new htmlTable();
$configOptionsContainer->addElement(new htmlSubTitle(_('Options')), true);
$configOptionsContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
array('SSHA'), _("Password hash type"), 'pwdHash'), true);
$configOptionsContainer->addElement(new htmlTableExtendedInputTextarea('posixAccount_shells', implode("\r\n", $this->getShells()), 30, 4, _('Login shells'), 'loginShells'), true);
$hiddenOptionsContainer = new htmlGroup();
$hiddenOptionsContainer->colspan = 5;
$hiddenOptionsContainerHead = new htmlTable();
$hiddenOptionsContainerHead->addElement(new htmlOutputText(_('Hidden options')));
$hiddenOptionsContainerHead->addElement(new htmlHelpLink('hiddenOptions'));
$hiddenOptionsContainer->addElement($hiddenOptionsContainerHead);
$configContainerOptions = new htmlTable();
$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_hidegecos', false, _('Gecos'), null, false));
if (isset($_SESSION['conf_config'])) {
$confActiveGONModules = array_merge($_SESSION['conf_config']->get_AccountModules('group'), $_SESSION['conf_config']->get_AccountModules('gon'));
if (in_array('groupOfNames', $confActiveGONModules) || in_array('groupOfMembers', $confActiveGONModules) || in_array('groupOfUniqueNames', $confActiveGONModules)) {
$configContainerOptions->addElement(new htmlOutputText(' '));
$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_hidegon', false, _('Groups of names'), null, false));
$configContainerOptions->addElement(new htmlOutputText(' '));
$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_hideposixGroups', false, _('Unix groups'), null, false));
}
}
$hiddenOptionsContainer->addElement($configContainerOptions);
$configOptionsContainer->addElement($hiddenOptionsContainer, true);
$advancedOptions = new htmlTable();
$advancedOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'), true);
optional posixAccount object class
2016-05-09 18:10:14 +00:00
$isWindows = array_key_exists('windowsUser', $allScopes);
if ($isWindows) {
$advancedOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_noObjectClass', false, _('Do not add object class'), 'noObjectClass'), true);
}
support magic numbers for UID/GID
2016-03-28 09:06:04 +00:00
$advancedOptions->addElement(new htmlTableExtendedInputField(_('User name suggestion'), 'posixAccount_userNameSuggestion', '@givenname@%sn%', 'userNameSuggestion'));
$advancedOptionsAccordion = new htmlAccordion('posixAccountAdvancedOptions', array(_('Advanced options') => $advancedOptions), false);
$advancedOptionsAccordion->colspan = 5;
$configOptionsContainer->addElement($advancedOptionsAccordion);
$return[] = $configOptionsContainer;
return $return;
}
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
/**
* Checks input values of module settings.
*
* @param array $scopes list of account types which are used
* @param array $options hash array containing the settings (array('option' => array('value')))
* @return array list of error messages
*/
config option check may change settings
2012-11-25 10:57:15 +00:00
function check_configOptions($scopes, &$options) {
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
$return = array();
// user settings
if (in_array('user', $scopes)) {
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
if ($options['posixAccount_uidGeneratorUsers'][0] == 'range') {
// min/maxUID are required, check if they are numeric
if (!isset($options['posixAccount_minUID'][0]) || !preg_match('/^[0-9]+$/', $options['posixAccount_minUID'][0])) {
$return[] = $this->messages['minUID'][0];
}
if (!isset($options['posixAccount_maxUID'][0]) || !preg_match('/^[0-9]+$/', $options['posixAccount_maxUID'][0])) {
$return[] = $this->messages['maxUID'][0];
}
// minUID < maxUID
if (isset($options['posixAccount_minUID'][0]) && isset($options['posixAccount_maxUID'][0])) {
if ($options['posixAccount_minUID'][0] > $options['posixAccount_maxUID'][0]) {
$return[] = $this->messages['cmp_UID'][0];
}
}
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
}
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
elseif ($options['posixAccount_uidGeneratorUsers'][0] == 'sambaPool') {
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
if (!isset($options['posixAccount_sambaIDPoolDNUsers'][0]) || !get_preg($options['posixAccount_sambaIDPoolDNUsers'][0], 'dn')) {
$return[] = $this->messages['sambaIDPoolDN'][0];
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
}
}
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
elseif ($options['posixAccount_uidGeneratorUsers'][0] == 'windowsDomain') {
if (!isset($options['posixAccount_windowsIDPoolDNUsers'][0]) || !get_preg($options['posixAccount_windowsIDPoolDNUsers'][0], 'dn')) {
$return[] = $this->messages['windowsIDPoolDN'][0];
}
}
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
}
// host settings
if (in_array('host', $scopes)) {
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
if ($options['posixAccount_uidGeneratorHosts'][0] == 'range') {
// min/maxUID are required, check if they are numeric
if (!isset($options['posixAccount_minMachine'][0]) || !preg_match('/^[0-9]+$/', $options['posixAccount_minMachine'][0])) {
$return[] = $this->messages['minMachine'][0];
}
if (!isset($options['posixAccount_maxMachine'][0]) || !preg_match('/^[0-9]+$/', $options['posixAccount_maxMachine'][0])) {
$return[] = $this->messages['maxMachine'][0];
}
// minUID < maxUID
if (isset($options['posixAccount_minMachine'][0]) && isset($options['posixAccount_maxMachine'][0])) {
if ($options['posixAccount_minMachine'][0] > $options['posixAccount_maxMachine'][0]) {
$return[] = $this->messages['cmp_Machine'][0];
}
}
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
}
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
elseif ($options['posixAccount_uidGeneratorHosts'][0] == 'sambaPool') {
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
if (!isset($options['posixAccount_sambaIDPoolDNHosts'][0]) || !get_preg($options['posixAccount_sambaIDPoolDNHosts'][0], 'dn')) {
$return[] = $this->messages['sambaIDPoolDN'][0];
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
}
}
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
elseif ($options['posixAccount_uidGeneratorHosts'][0] == 'windowsDomain') {
if (!isset($options['posixAccount_windowsIDPoolDNHosts'][0]) || !get_preg($options['posixAccount_windowsIDPoolDNHosts'][0], 'dn')) {
$return[] = $this->messages['windowsIDPoolDN'][0];
}
}
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
}
// check if user and host ranges overlap
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
if (in_array('user', $scopes) && ($options['posixAccount_uidGeneratorUsers'][0] == 'range')
&& in_array('host', $scopes) && ($options['posixAccount_uidGeneratorHosts'][0] == 'range')) {
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
if (isset($options['posixAccount_minUID'][0]) && isset($options['posixAccount_maxUID'][0]) &&
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
isset($options['posixAccount_minMachine'][0]) && isset($options['posixAccount_maxMachine'][0])) {
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
if (($options['posixAccount_minMachine'][0] > $options['posixAccount_minUID'][0]) &&
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
($options['posixAccount_minMachine'][0] < $options['posixAccount_maxUID'][0])) {
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
$return[] = $this->messages['cmp_both'][0];
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
}
if (($options['posixAccount_minUID'][0] > $options['posixAccount_minMachine'][0]) &&
fixed smaller bus. I hope password handling is now ok
2004-10-12 13:34:00 +00:00
($options['posixAccount_minUID'][0] < $options['posixAccount_maxMachine'][0])) {
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
$return[] = $this->messages['cmp_both'][0];
moved min/maxUID settings for users and hosts to posixAccount module
2004-08-01 09:39:24 +00:00
}
}
}
return $return;
fixed syntax error
2004-10-30 17:00:34 +00:00
}
/**
added basic upload functions
2004-10-16 14:28:06 +00:00
* In this function the LDAP account is built up.
*
* @param array $rawAccounts list of hash arrays (name => value) from user input
* @param array $ids list of IDs for column position (e.g. "posixAccount_uid" => 5)
PHPDoc update
2012-07-15 12:05:47 +00:00
* @param array $partialAccounts list of hash arrays (name => value) which are later added to LDAP
allow to selected modules for file upload
2010-02-15 20:21:44 +00:00
* @param array $selectedModules list of selected account modules
added basic upload functions
2004-10-16 14:28:06 +00:00
* @return array list of error messages if any
*/
allow to selected modules for file upload
2010-02-15 20:21:44 +00:00
function build_uploadAccounts($rawAccounts, $ids, &$partialAccounts, $selectedModules) {
fixed error handling
2006-05-18 08:50:51 +00:00
$errors = array();
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$pwdAttrName = $this->getPasswordAttrName();
$homedirAttrName = $this->getHomedirAttrName();
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
$needAutoUID = array();
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
// get list of existing users
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
$existingUsers = $this->getUserNames();
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
// get list of existing groups
use less cache functions
2009-11-26 10:48:05 +00:00
$groupList = $this->findGroups();
$groupMap = array();
for ($i = 0; $i < sizeof($groupList); $i++) {
$groupMap[$groupList[$i][1]] = $groupList[$i][0];
}
$existingGroups = array_keys($groupMap);
manage group of names
2011-10-06 20:03:45 +00:00
// get list of existing group of names
quick (un)lock for users
2012-04-09 13:20:24 +00:00
if (self::areGroupOfNamesActive()) {
manage group of names
2011-10-06 20:03:45 +00:00
$gons = $this->findGroupOfNames();
$gonList = array();
foreach ($gons as $dn => $attr) {
$gonList[] = $attr['cn'][0];
}
}
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
// check input
performance fixes
2014-09-21 15:06:11 +00:00
foreach ($rawAccounts as $i => $rawAccount) {
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if (!$this->skipObjectClass() && !in_array("posixAccount", $partialAccounts[$i]['objectClass'])) {
$partialAccounts[$i]['objectClass'][] = "posixAccount";
}
added basic upload functions
2004-10-16 14:28:06 +00:00
// UID
performance fixes
2014-09-21 15:06:11 +00:00
if ($rawAccount[$ids['posixAccount_uid']] == "") {
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
// autoUID
$needAutoUID[] = $i;
added basic upload functions
2004-10-16 14:28:06 +00:00
}
performance fixes
2014-09-21 15:06:11 +00:00
elseif (get_preg($rawAccount[$ids['posixAccount_uid']], 'digit')) {
support msSFU30DomainInfo
2015-06-07 07:04:02 +00:00
if (($this->get_scope() == 'user') && ($this->moduleSettings['posixAccount_uidGeneratorUsers'][0] == 'range')) {
performance fixes
2014-09-21 15:06:11 +00:00
if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minUID'][0]) &&
($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxUID'][0])) {
$partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]);
added error message for wrong uid numbers in file upload
2006-09-23 09:50:29 +00:00
}
else {
$errMsg = $this->messages['uidNumber'][4];
array_push($errMsg, array($i));
$errors[] = $errMsg;
}
fixed upload for hosts
2004-11-01 11:49:43 +00:00
}
support msSFU30DomainInfo
2015-06-07 07:04:02 +00:00
elseif (($this->get_scope() == 'host') && ($this->moduleSettings['posixAccount_uidGeneratorHosts'][0] == 'range')) {
performance fixes
2014-09-21 15:06:11 +00:00
if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minMachine'][0]) &&
($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxMachine'][0])) {
$partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]);
added error message for wrong uid numbers in file upload
2006-09-23 09:50:29 +00:00
}
else {
$errMsg = $this->messages['uidNumber'][4];
array_push($errMsg, array($i));
$errors[] = $errMsg;
}
fixed upload for hosts
2004-11-01 11:49:43 +00:00
}
added basic upload functions
2004-10-16 14:28:06 +00:00
}
else {
added messages for upload
2004-10-17 18:29:39 +00:00
$errMsg = $this->messages['uidNumber'][4];
added basic upload functions
2004-10-16 14:28:06 +00:00
array_push($errMsg, array($i));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
added basic upload functions
2004-10-16 14:28:06 +00:00
}
// GID number
performance fixes
2014-09-21 15:06:11 +00:00
if (get_preg($rawAccount[$ids['posixAccount_group']], 'digit')) {
$partialAccounts[$i]['gidNumber'] = $rawAccount[$ids['posixAccount_group']];
added basic upload functions
2004-10-16 14:28:06 +00:00
}
performance fixes
2014-09-21 15:06:11 +00:00
if (get_preg($rawAccount[$ids['posixAccount_group']], 'groupname')) {
$gid = $groupMap[$rawAccount[$ids['posixAccount_group']]];
added messages for upload
2004-10-17 18:29:39 +00:00
if (is_numeric($gid)) {
$partialAccounts[$i]['gidNumber'] = $gid;
}
else {
$errMsg = $this->messages['gidNumber'][0];
array_push($errMsg, array($i));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
added messages for upload
2004-10-17 18:29:39 +00:00
}
added basic upload functions
2004-10-16 14:28:06 +00:00
}
else {
added messages for upload
2004-10-17 18:29:39 +00:00
$errMsg = $this->messages['gidNumber'][1];
added basic upload functions
2004-10-16 14:28:06 +00:00
array_push($errMsg, array($i));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
added basic upload functions
2004-10-16 14:28:06 +00:00
}
added auto value for GECOS in upload
2005-06-07 18:28:28 +00:00
// GECOS
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
performance fixes
2014-09-21 15:06:11 +00:00
if ($rawAccount[$ids['posixAccount_gecos']] != "") {
if (get_preg($rawAccount[$ids['posixAccount_gecos']], 'gecos')) {
$partialAccounts[$i]['gecos'] = $this->checkASCII($rawAccount[$ids['posixAccount_gecos']]);
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
}
else {
$errMsg = $this->messages['gecos'][0];
array_push($errMsg, array($i));
$errors[] = $errMsg;
}
added auto value for GECOS in upload
2005-06-07 18:28:28 +00:00
}
else {
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
$gecos = "";
performance fixes
2014-09-21 15:06:11 +00:00
if (($rawAccount[$ids['inetOrgPerson_firstName']] != "") && ($rawAccount[$ids['inetOrgPerson_lastName']] != "")) {
$gecos = $rawAccount[$ids['inetOrgPerson_firstName']] . " " . $rawAccount[$ids['inetOrgPerson_lastName']];
if ($rawAccount[$ids['inetOrgPerson_telephone']] != "") {
$gecos = $gecos . ",," . $rawAccount[$ids['inetOrgPerson_telephone']]; // double "," because room is unknown
if ($rawAccount[$ids['inetOrgPerson_fax']] != "") {
$gecos = $gecos . "," . $rawAccount[$ids['inetOrgPerson_fax']];
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
}
added auto value for GECOS in upload
2005-06-07 18:28:28 +00:00
}
}
allow to hide gecos, posix groups and group of names
2013-03-24 10:03:35 +00:00
if ($gecos != "") {
$partialAccounts[$i]['gecos'] = $this->checkASCII($gecos);
}
fixed checkASCII and gecos in upload (2103936)
2008-09-16 17:11:44 +00:00
}
added basic upload functions
2004-10-16 14:28:06 +00:00
}
// user specific attributes
more private class variables
2007-10-04 16:45:05 +00:00
if ($this->get_scope() == 'user') {
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
// additional groups
performance fixes
2014-09-21 15:06:11 +00:00
if ($rawAccount[$ids['posixAccount_additionalGroups']] != "") {
$groups = explode(",", $rawAccount[$ids['posixAccount_additionalGroups']]);
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
for ($g = 0; $g < sizeof($groups); $g++) {
if (!in_array($groups[$g], $existingGroups)) {
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = array('ERROR', _('Unable to find group in LDAP.'), $groups[$g]);
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
}
}
}
manage group of names
2011-10-06 20:03:45 +00:00
// group of names
performance fixes
2014-09-21 15:06:11 +00:00
if (self::areGroupOfNamesActive() && ($rawAccount[$ids['posixAccount_gon']] != "")) {
$groups = explode(",", $rawAccount[$ids['posixAccount_gon']]);
manage group of names
2011-10-06 20:03:45 +00:00
for ($g = 0; $g < sizeof($groups); $g++) {
if (!in_array($groups[$g], $gonList)) {
translation update
2011-10-30 18:07:36 +00:00
$errors[] = array('ERROR', _('Unable to find group in LDAP.'), $groups[$g]);
manage group of names
2011-10-06 20:03:45 +00:00
}
}
}
added basic upload functions
2004-10-16 14:28:06 +00:00
// user name
performance fixes
2014-09-21 15:06:11 +00:00
if (in_array($rawAccount[$ids['posixAccount_userName']], $existingUsers)) {
$userName = $rawAccount[$ids['posixAccount_userName']];
suggest free user name in file upload if already exists
2012-09-23 17:59:14 +00:00
while (in_array($userName, $existingUsers)) {
$userName = $this->getNextUserName($userName);
}
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
$errMsg = $this->messages['uid'][9];
performance fixes
2014-09-21 15:06:11 +00:00
array_push($errMsg, array($i, $userName, $rawAccount[$ids['posixAccount_userName']]));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
}
performance fixes
2014-09-21 15:06:11 +00:00
elseif (get_preg($rawAccount[$ids['posixAccount_userName']], 'username')) {
$partialAccounts[$i]['uid'] = $rawAccount[$ids['posixAccount_userName']];
added basic upload functions
2004-10-16 14:28:06 +00:00
}
else {
added messages for upload
2004-10-17 18:29:39 +00:00
$errMsg = $this->messages['uid'][7];
added basic upload functions
2004-10-16 14:28:06 +00:00
array_push($errMsg, array($i));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
added basic upload functions
2004-10-16 14:28:06 +00:00
}
// home directory
performance fixes
2014-09-21 15:06:11 +00:00
if ($rawAccount[$ids['posixAccount_homedir']] == "") {
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$partialAccounts[$i][$homedirAttrName] = '/home/' . $partialAccounts[$i]['uid'];
added basic upload functions
2004-10-16 14:28:06 +00:00
}
performance fixes
2014-09-21 15:06:11 +00:00
elseif (get_preg($rawAccount[$ids['posixAccount_homedir']], 'homeDirectory')) {
$partialAccounts[$i][$homedirAttrName] = $rawAccount[$ids['posixAccount_homedir']];
added basic upload functions
2004-10-16 14:28:06 +00:00
}
else {
added messages for upload
2004-10-17 18:29:39 +00:00
$errMsg = $this->messages['homeDirectory'][2];
added basic upload functions
2004-10-16 14:28:06 +00:00
array_push($errMsg, array($i));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
added basic upload functions
2004-10-16 14:28:06 +00:00
}
// login shell
performance fixes
2014-09-21 15:06:11 +00:00
if ($rawAccount[$ids['posixAccount_shell']] == "") {
added basic upload functions
2004-10-16 14:28:06 +00:00
$partialAccounts[$i]['loginShell'] = '/bin/bash';
}
performance fixes
2014-09-21 15:06:11 +00:00
elseif (in_array($rawAccount[$ids['posixAccount_shell']], $this->getShells())) {
$partialAccounts[$i]['loginShell'] = $rawAccount[$ids['posixAccount_shell']];
added basic upload functions
2004-10-16 14:28:06 +00:00
}
else {
added messages for upload
2004-10-17 18:29:39 +00:00
$errMsg = $this->messages['shell'][0];
added basic upload functions
2004-10-16 14:28:06 +00:00
array_push($errMsg, array($i));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
added basic upload functions
2004-10-16 14:28:06 +00:00
}
$pwd_enabled = true;
// password enabled/disabled
performance fixes
2014-09-21 15:06:11 +00:00
if ($rawAccount[$ids['posixAccount_passwordDisabled']] == "") {
added basic upload functions
2004-10-16 14:28:06 +00:00
$pwd_enabled = true;
}
performance fixes
2014-09-21 15:06:11 +00:00
elseif (in_array($rawAccount[$ids['posixAccount_passwordDisabled']], array('true', 'false'))) {
if ($rawAccount[$ids['posixAccount_passwordDisabled']] == 'true') $pwd_enabled = false;
added basic upload functions
2004-10-16 14:28:06 +00:00
else $pwd_enabled = true;
}
else {
added messages for upload
2004-10-17 18:29:39 +00:00
$errMsg = $this->messages['passwordDisabled'][0];
added basic upload functions
2004-10-16 14:28:06 +00:00
array_push($errMsg, array($i));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
added basic upload functions
2004-10-16 14:28:06 +00:00
}
// password
support SASL as password hash
2015-02-11 16:57:38 +00:00
// set SASL passwords
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
$partialAccounts[$i][$pwdAttrName] = '{SASL}' . $partialAccounts[$i]['uid'];
added basic upload functions
2004-10-16 14:28:06 +00:00
}
support K5KEY
2016-01-02 12:16:14 +00:00
// set K5KEY password
elseif (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'K5KEY')) {
$partialAccounts[$i][$pwdAttrName] = pwd_hash('x', true, $this->moduleSettings['posixAccount_pwdHash'][0]);
}
support SASL as password hash
2015-02-11 16:57:38 +00:00
// set normal password
else {
if (($rawAccount[$ids['posixAccount_password']] != "") && (get_preg($rawAccount[$ids['posixAccount_password']], 'password'))) {
$partialAccounts[$i][$pwdAttrName] = pwd_hash($rawAccount[$ids['posixAccount_password']], $pwd_enabled, $this->moduleSettings['posixAccount_pwdHash'][0]);
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccount[$ids['posixAccount_password']]; // for custom scripts etc.
}
elseif ($rawAccount[$ids['posixAccount_password']] != "") {
$errMsg = $this->messages['userPassword'][4];
$errMsg[2] = str_replace('%', '%%', $errMsg[2]); // double "%" because of later sprintf
array_push($errMsg, array($i));
$errors[] = $errMsg;
}
added basic upload functions
2004-10-16 14:28:06 +00:00
}
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
// cn
support Samba 4
2013-08-18 12:24:53 +00:00
if ($this->manageCn()) {
performance fixes
2014-09-21 15:06:11 +00:00
if ($rawAccount[$ids['posixAccount_cn']] != "") {
if (get_preg($rawAccount[$ids['posixAccount_cn']], 'cn')) {
$partialAccounts[$i]['cn'] = $rawAccount[$ids['posixAccount_cn']];
support Samba 4
2013-08-18 12:24:53 +00:00
}
else {
$errMsg = $this->messages['cn'][1];
array_push($errMsg, array($i));
$errors[] = $errMsg;
}
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
}
else {
support Samba 4
2013-08-18 12:24:53 +00:00
if ($partialAccounts[$i]['givenName']) {
$partialAccounts[$i]['cn'] = $partialAccounts[$i]['givenName'] . " " . $partialAccounts[$i]['sn'];
}
elseif ($partialAccounts[$i]['sn']) {
$partialAccounts[$i]['cn'] = $partialAccounts[$i]['sn'];
}
else {
$partialAccounts[$i]['cn'] = $partialAccounts[$i]['uid'];
}
made inetOrgPerson independent from posixAccount
2005-06-19 09:38:44 +00:00
}
}
added basic upload functions
2004-10-16 14:28:06 +00:00
}
// host specific attributes
more private class variables
2007-10-04 16:45:05 +00:00
elseif ($this->get_scope() == 'host') {
added basic upload functions
2004-10-16 14:28:06 +00:00
// host name
performance fixes
2014-09-21 15:06:11 +00:00
if (in_array($rawAccount[$ids['posixAccount_hostName']], $existingUsers)) {
$userName = $rawAccount[$ids['posixAccount_hostName']];
suggest free user name in file upload if already exists
2012-09-23 17:59:14 +00:00
while (in_array($userName, $existingUsers)) {
$userName = $this->getNextUserName($userName);
}
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
$errMsg = $this->messages['uid'][10];
performance fixes
2014-09-21 15:06:11 +00:00
array_push($errMsg, array($i, $userName, $rawAccount[$ids['posixAccount_hostName']]));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
upload: check for existing users and groups
2005-06-08 21:02:01 +00:00
}
performance fixes
2014-09-21 15:06:11 +00:00
elseif (get_preg($rawAccount[$ids['posixAccount_hostName']], 'hostname')) {
$partialAccounts[$i]['uid'] = $rawAccount[$ids['posixAccount_hostName']];
$partialAccounts[$i]['cn'] = $rawAccount[$ids['posixAccount_hostName']];
added basic upload functions
2004-10-16 14:28:06 +00:00
}
else {
added messages for upload
2004-10-17 18:29:39 +00:00
$errMsg = $this->messages['uid'][8];
added basic upload functions
2004-10-16 14:28:06 +00:00
array_push($errMsg, array($i));
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $errMsg;
added basic upload functions
2004-10-16 14:28:06 +00:00
}
added more upload columns
2004-11-05 16:53:38 +00:00
// description
performance fixes
2014-09-21 15:06:11 +00:00
if (isset($ids['posixAccount_description']) && isset($rawAccount[$ids['posixAccount_description']]) && ($rawAccount[$ids['posixAccount_description']] != '')) {
$partialAccounts[$i]['description'] = $rawAccount[$ids['posixAccount_description']];
added more upload columns
2004-11-05 16:53:38 +00:00
}
else {
performance fixes
2014-09-21 15:06:11 +00:00
$partialAccounts[$i]['description'] = $rawAccount[$ids['posixAccount_hostName']];
added more upload columns
2004-11-05 16:53:38 +00:00
}
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$partialAccounts[$i][$homedirAttrName] = '/dev/null';
added basic upload functions
2004-10-16 14:28:06 +00:00
$partialAccounts[$i]['loginShell'] = '/bin/false';
}
}
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
// fill in autoUIDs
if (sizeof($needAutoUID) > 0) {
$errorsTemp = array();
$uids = $this->getNextUIDs(sizeof($needAutoUID), $errorsTemp);
if (is_array($uids)) {
performance fixes
2014-09-21 15:06:11 +00:00
foreach ($needAutoUID as $i => $index) {
$partialAccounts[$index]['uidNumber'] = $uids[$i];
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
}
}
else {
fixed error handling
2006-05-18 08:50:51 +00:00
$errors[] = $this->messages['uidNumber'][2];
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
}
}
fixed error handling
2006-05-18 08:50:51 +00:00
return $errors;
added basic upload functions
2004-10-16 14:28:06 +00:00
}
removed $post parameter
2006-08-13 12:58:19 +00:00
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
/**
* This function executes one post upload action.
*
* @param array $data array containing one account in each element
* @param array $ids array(<column_name> => <column number>)
* @param array $failed list of accounts which were not created successfully
* @param array $temp variable to store temporary data between two post actions
fixed homedir creation on file upload
2010-12-16 17:59:04 +00:00
* @param array $accounts list of LDAP entries
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
* @return array current status
* <br> array (
* <br> 'status' => 'finished' | 'inProgress'
* <br> 'progress' => 0..100
* <br> 'errors' => array (<array of parameters for StatusMessage>)
* <br> )
*/
fixed homedir creation on file upload
2010-12-16 17:59:04 +00:00
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
allow to set single account types read-only
2014-01-15 20:48:52 +00:00
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
added new security model
2007-12-30 16:08:54 +00:00
die();
}
fixed PHP notices for hosts
2016-01-09 19:20:28 +00:00
if ($this->get_scope() != 'user') {
return array(
'status' => 'finished',
'progress' => 100,
'errors' => array()
);
}
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
// on first call generate list of ldap operations
if (!isset($temp['counter'])) {
file upload: add users to groups
2004-10-24 09:50:02 +00:00
$temp['groups'] = array();
manage group of names
2011-10-06 20:03:45 +00:00
$temp['dn_gon'] = array();
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
$temp['createHomes'] = array();
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
$temp['counter'] = 0;
$col = $ids['posixAccount_additionalGroups'];
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
$col_home = $ids['posixAccount_createHomeDir'];
use less cache functions
2009-11-26 10:48:05 +00:00
// get list of existing groups
$groupList = $this->findGroups();
$groupMap = array();
for ($i = 0; $i < sizeof($groupList); $i++) {
$groupMap[$groupList[$i][0]] = $groupList[$i][1];
}
manage group of names
2011-10-06 20:03:45 +00:00
// get list of existing group of names
quick (un)lock for users
2012-04-09 13:20:24 +00:00
if (self::areGroupOfNamesActive()) {
manage group of names
2011-10-06 20:03:45 +00:00
$gonList = $this->findGroupOfNames();
$gonMap = array();
foreach ($gonList as $dn => $attr) {
$gonMap[$attr['cn'][0]] = $dn;
}
}
performance fixes
2014-09-21 18:09:44 +00:00
foreach ($data as $i => $dataRow) {
file upload: add users to groups
2004-10-24 09:50:02 +00:00
if (in_array($i, $failed)) continue; // ignore failed accounts
performance fixes
2014-09-21 18:09:44 +00:00
if ($dataRow[$col] != "") {
$groups = explode(",", $dataRow[$col]);
allow to add a user as memberuid in his primary group
2008-03-15 19:12:19 +00:00
if (isset($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0])
&& ($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0] == 'true')) {
performance fixes
2014-09-21 18:09:44 +00:00
if (get_preg($dataRow[$ids['posixAccount_group']], 'digit')) {
if (!in_array($groupMap[$dataRow[$ids['posixAccount_group']]], $groups)) {
$groups[] = $groupMap[$dataRow[$ids['posixAccount_group']]];
allow to add a user as memberuid in his primary group
2008-03-15 19:12:19 +00:00
}
}
else {
performance fixes
2014-09-21 18:09:44 +00:00
if (!in_array($groupMap[$dataRow[$ids['posixAccount_group']]], $groups)) {
$groups[] = $dataRow[$ids['posixAccount_group']];
allow to add a user as memberuid in his primary group
2008-03-15 19:12:19 +00:00
}
}
}
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
for ($g = 0; $g < sizeof($groups); $g++) {
file upload: add users to groups
2004-10-24 09:50:02 +00:00
if (!in_array($groups[$g], $temp['groups'])) $temp['groups'][] = $groups[$g];
performance fixes
2014-09-21 18:09:44 +00:00
$temp['members'][$groups[$g]][] = $dataRow[$ids['posixAccount_userName']];
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
}
}
performance fixes
2014-09-21 18:09:44 +00:00
if (isset($ids['posixAccount_gon']) && ($dataRow[$ids['posixAccount_gon']] != "")) {
$gons = explode(",", $dataRow[$ids['posixAccount_gon']]);
manage group of names
2011-10-06 20:03:45 +00:00
$memberAttr = 'member';
for ($g = 0; $g < sizeof($gons); $g++) {
if (in_array('groupOfUniqueNames', $gonList[$gonMap[$gons[$g]]]['objectclass'])) {
$memberAttr = 'uniqueMember';
}
$temp['dn_gon'][$gonMap[$gons[$g]]][$memberAttr][] = $accounts[$i]['dn'];
}
}
performance fixes
2014-09-21 18:09:44 +00:00
if ($dataRow[$col_home] != "") {
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
$temp['createHomes'][] = $i;
}
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
}
manage group of names
2011-10-06 20:03:45 +00:00
$temp['dn_gon_keys'] = array_keys($temp['dn_gon']);
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
return array(
'status' => 'inProgress',
'progress' => 0,
'errors' => array()
);
}
file upload: add users to groups
2004-10-24 09:50:02 +00:00
// get DNs of groups
elseif (!isset($temp['dn'])) {
$temp['dn'] = array();
replaced caching
2010-11-23 21:12:13 +00:00
$ldapEntries = searchLDAPByAttribute('cn', '*', 'posixGroup', array('dn', 'cn'), array('group'));
for ($i = 0; $i < sizeof($ldapEntries); $i++) {
$temp['dn'][$ldapEntries[$i]['cn'][0]] = $ldapEntries[$i]['dn'];
file upload: add users to groups
2004-10-24 09:50:02 +00:00
}
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
return array(
'status' => 'inProgress',
'progress' => 0,
'errors' => array()
);
file upload: add users to groups
2004-10-24 09:50:02 +00:00
}
// add users to groups
elseif ($temp['counter'] < sizeof($temp['groups'])) {
if (isset($temp['dn'][$temp['groups'][$temp['counter']]])) {
use ->server()
2007-07-08 10:51:01 +00:00
$success = @ldap_mod_add($_SESSION['ldap']->server(), $temp['dn'][$temp['groups'][$temp['counter']]], array('memberUID' => $temp['members'][$temp['groups'][$temp['counter']]]));
file upload: add users to groups
2004-10-24 09:50:02 +00:00
$errors = array();
if (!$success) {
$errors[] = array(
"ERROR",
_("LAM was unable to modify group memberships for group: %s"),
better LDAP error messages
2013-10-16 17:37:17 +00:00
getDefaultLDAPErrorString($_SESSION['ldap']->server()),
file upload: add users to groups
2004-10-24 09:50:02 +00:00
array($temp['groups'][$temp['counter']])
);
}
$temp['counter']++;
return array (
'status' => 'inProgress',
manage group of names
2011-10-06 20:03:45 +00:00
'progress' => ($temp['counter'] * 100) / (sizeof($temp['groups']) + sizeof($temp['createHomes']) + sizeof($temp['dn_gon'])),
file upload: add users to groups
2004-10-24 09:50:02 +00:00
'errors' => $errors
);
}
else {
$temp['counter']++;
return array (
'status' => 'inProgress',
manage group of names
2011-10-06 20:03:45 +00:00
'progress' => ($temp['counter'] * 100) / (sizeof($temp['groups'] + sizeof($temp['createHomes']) + sizeof($temp['dn_gon']))),
file upload: add users to groups
2004-10-24 09:50:02 +00:00
'errors' => array(array('ERROR', _('Unable to find group in LDAP.'), $temp['groups'][$temp['counter']]))
);
}
}
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
// create home directories
elseif ($temp['counter'] < (sizeof($temp['groups']) + sizeof($temp['createHomes']))) {
$pos = $temp['createHomes'][$temp['counter'] - sizeof($temp['groups'])];
fixed homedir creation on file upload
2010-12-16 17:59:04 +00:00
$result = lamdaemon(
implode(
support subclassing
2012-08-23 16:28:13 +00:00
self::$SPLIT_DELIMITER,
fixed homedir creation on file upload
2010-12-16 17:59:04 +00:00
array(
$data[$pos][$ids['posixAccount_userName']],
"home",
"add",
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$accounts[$pos][$this->getHomedirAttrName()],
fixed homedir creation on file upload
2010-12-16 17:59:04 +00:00
"0".$_SESSION['config']->get_scriptRights(),
$accounts[$pos]['uidNumber'],
$accounts[$pos]['gidNumber'],
)
),
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
$data[$pos][$ids['posixAccount_createHomeDir']]);
$errors = array();
if (($result != false) && (sizeof($result) == 1)) {
$parts = explode(",", $result[0]);
responsive self service
2015-08-09 07:22:01 +00:00
if (in_array($parts[0], array('ERROR', 'WARN'))) {
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
$errors[] = $parts;
}
}
$temp['counter']++;
return array (
'status' => 'inProgress',
manage group of names
2011-10-06 20:03:45 +00:00
'progress' => ($temp['counter'] * 100) / (sizeof($temp['groups']) + sizeof($temp['createHomes']) + sizeof($temp['dn_gon'])),
'errors' => $errors
);
}
// add users to group of names
elseif ($temp['counter'] < (sizeof($temp['groups']) + sizeof($temp['createHomes']) + sizeof($temp['dn_gon']))) {
$gonDn = $temp['dn_gon_keys'][$temp['counter'] - sizeof($temp['groups']) - sizeof($temp['createHomes'])];
$gonAttr = $temp['dn_gon'][$gonDn];
$success = @ldap_mod_add($_SESSION['ldap']->server(), $gonDn, $gonAttr);
$errors = array();
if (!$success) {
$errors[] = array(
"ERROR",
translation update
2011-10-30 18:07:36 +00:00
_("LAM was unable to modify group memberships for group: %s"),
better LDAP error messages
2013-10-16 17:37:17 +00:00
getDefaultLDAPErrorString($_SESSION['ldap']->server()),
manage group of names
2011-10-06 20:03:45 +00:00
array($temp['groups'][$temp['counter']])
);
}
$temp['counter']++;
$errors = array();
return array (
'status' => 'inProgress',
'progress' => ($temp['counter'] * 100) / (sizeof($temp['groups']) + sizeof($temp['createHomes']) + sizeof($temp['dn_gon'])),
allow to create homedirs in upload
2007-07-09 19:03:19 +00:00
'errors' => $errors
);
}
manage group of names
2011-10-06 20:03:45 +00:00
// all modifications are done
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
else {
file upload: add users to groups
2004-10-24 09:50:02 +00:00
return array (
'status' => 'finished',
'progress' => 100,
'errors' => array()
);
translation update and changes in file upload
2004-10-23 11:54:44 +00:00
}
}
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
/**
* Returns one or more free UID numbers.
*
* @param integer $count Number of needed free UIDs.
fixed error handling
2006-05-18 08:50:51 +00:00
* @param array $errors list of error messages where errors can be added
removed $post parameter
2006-08-13 12:58:19 +00:00
* @return mixed Null if no UIDs are free else an array of free UIDs.
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
*/
fixed error handling
2006-05-18 08:50:51 +00:00
function getNextUIDs($count, &$errors) {
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
// check if UIDs should be taken from Samba pool entry
if (($this->get_scope() == 'user') && isset($this->moduleSettings['posixAccount_uidGeneratorUsers']) && ($this->moduleSettings['posixAccount_uidGeneratorUsers'][0] == 'sambaPool')) {
return $this->getNextSambaPoolUIDs($count, $errors);
}
if (($this->get_scope() == 'host') && isset($this->moduleSettings['posixAccount_uidGeneratorHosts']) && ($this->moduleSettings['posixAccount_uidGeneratorHosts'][0] == 'sambaPool')) {
return $this->getNextSambaPoolUIDs($count, $errors);
}
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
// check if UIDs should be taken from domain info pool entry
if (($this->get_scope() == 'user') && isset($this->moduleSettings['posixAccount_uidGeneratorUsers']) && ($this->moduleSettings['posixAccount_uidGeneratorUsers'][0] == 'windowsDomain')) {
return $this->getNextDomainInfoUIDs($count, $errors);
}
if (($this->get_scope() == 'host') && isset($this->moduleSettings['posixAccount_uidGeneratorHosts']) && ($this->moduleSettings['posixAccount_uidGeneratorHosts'][0] == 'windowsDomain')) {
return $this->getNextDomainInfoUIDs($count, $errors);
}
support magic numbers for UID/GID
2016-03-28 09:06:04 +00:00
// check if a magic number should be used
if (($this->get_scope() == 'user') && isset($this->moduleSettings['posixAccount_uidGeneratorUsers']) && ($this->moduleSettings['posixAccount_uidGeneratorUsers'][0] == 'magicNumber')) {
$return = array();
for ($i = 0; $i < $count; $i++) {
$return[] = $this->moduleSettings['posixAccount_magicNumberUser'][0];
}
return $return;
}
if (($this->get_scope() == 'host') && isset($this->moduleSettings['posixAccount_uidGeneratorHosts']) && ($this->moduleSettings['posixAccount_uidGeneratorHosts'][0] == 'magicNumber')) {
$return = array();
for ($i = 0; $i < $count; $i++) {
$return[] = $this->moduleSettings['posixAccount_magicNumberHost'][0];
}
return $return;
}
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
$ret = array();
more private class variables
2007-10-04 16:45:05 +00:00
if ($this->get_scope() == "user") {
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
$minID = intval($this->moduleSettings['posixAccount_minUID'][0]);
$maxID = intval($this->moduleSettings['posixAccount_maxUID'][0]);
}
else {
$minID = intval($this->moduleSettings['posixAccount_minMachine'][0]);
$maxID = intval($this->moduleSettings['posixAccount_maxMachine'][0]);
}
replaced caching
2010-11-23 21:12:13 +00:00
$uidList = $this->getUIDs();
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
$uids = array();
performance fixes
2014-09-21 15:06:11 +00:00
foreach ($uidList as $uid) {
if (($uid <= $maxID) && ($uid >= $minID)) $uids[] = $uid; // ignore UIDs > maxID and UIDs < minID
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
}
for ($i = 0; $i < $count; $i++) {
if (count($uids) != 0) {
// there already are some uids
// store highest id-number
$id = $uids[count($uids)-1];
// Return minimum allowed id-number if all found id-numbers are too low
if ($id < $minID) {
$ret[] = $minID;
$uids[] = $minID;
}
// return highest used id-number + 1 if it's still in valid range
elseif ($id < $maxID) {
$ret[] = $id + 1;
$uids[] = $id + 1;
}
// find free numbers between existing ones
else {
$k = intval($minID);
while (in_array($k, $uids)) $k++;
if ($k > $maxID) return null;
else {
$ret[] = $k;
$uids[] = $k;
sort ($uids, SORT_NUMERIC);
}
// show warning message
removed grouping of error messages
2006-08-16 17:42:35 +00:00
$errors[] = $this->messages['uidNumber'][2];
put autoUID generation in extra function
2005-03-25 14:21:07 +00:00
}
}
else {
// return minimum allowed id-number if no id-numbers are found
$ret[] = $minID;
$uids[] = $minID;
}
}
return $ret;
}
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
/**
* Gets the free UID numbers from an Samba pool entry in LDAP.
responsive self service
2015-08-09 07:22:01 +00:00
*
support Samba Unix Id pool for UID/GID generation
2013-02-17 13:19:50 +00:00
* @param integer $count number of needed free UIDs.
* @param array $errors list of error messages where errors can be added
* @return mixed null if no UIDs are free else an array of free UIDs
*/
private function getNextSambaPoolUIDs($count, &$errors) {
if ($this->get_scope() == 'user') {
$dn = $this->moduleSettings['posixAccount_sambaIDPoolDNUsers'][0];
}
else {
$dn = $this->moduleSettings['posixAccount_sambaIDPoolDNHosts'][0];
}
$attrs = ldapGetDN($dn, array('uidNumber'));
if (isset($attrs['uidnumber'][0]) && ($attrs['uidnumber'][0] != '')) {
$newValue = $attrs['uidnumber'][0] + $count;
$ldapHandle = $_SESSION['ldap']->server();
ldap_modify($ldapHandle, $dn, array('uidnumber' => array($newValue)));
logNewMessage(LOG_DEBUG, 'Updated Samba ID pool ' . $dn . ' with UID number ' . $newValue . ' and LDAP code ' . ldap_errno($ldapHandle));
if (ldap_errno($ldapHandle) != 0) {
logNewMessage(LOG_NOTICE, 'Updating Samba ID pool ' . $dn . ' with UID number ' . $newValue . ' failed. ' . ldap_error($ldapHandle));
return null;
}
$result = array();
for ($i = 0; $i < $count; $i++) {
$result[] = $attrs['uidnumber'][0] + $i;
}
return $result;
}
return null;
}
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
/**
* Gets the free UID numbers from a domain info entry in LDAP.
responsive self service
2015-08-09 07:22:01 +00:00
*
support msSFU30DomainInfo
2015-06-07 06:34:24 +00:00
* @param integer $count number of needed free UIDs.
* @param array $errors list of error messages where errors can be added
* @return mixed null if no UIDs are free else an array of free UIDs
*/
private function getNextDomainInfoUIDs($count, &$errors) {
if ($this->get_scope() == 'user') {
$dn = $this->moduleSettings['posixAccount_windowsIDPoolDNUsers'][0];
}
else {
$dn = $this->moduleSettings['posixAccount_windowsIDPoolDNHosts'][0];
}
$attrs = ldapGetDN($dn, array('msSFU30MaxUidNumber'));
if (!empty($attrs['mssfu30maxuidnumber'][0])) {
$newValue = $attrs['mssfu30maxuidnumber'][0] + $count;
$ldapHandle = $_SESSION['ldap']->server();
ldap_modify($ldapHandle, $dn, array('mssfu30maxuidnumber' => array($newValue)));
logNewMessage(LOG_DEBUG, 'Updated domain info ' . $dn . ' with UID number ' . $newValue . ' and LDAP code ' . ldap_errno($ldapHandle));
if (ldap_errno($ldapHandle) != 0) {
logNewMessage(LOG_NOTICE, 'Updating domain info ' . $dn . ' with UID number ' . $newValue . ' failed. ' . ldap_error($ldapHandle));
return null;
}
$result = array();
for ($i = 0; $i < $count; $i++) {
$result[] = $attrs['mssfu30maxuidnumber'][0] + $i;
}
return $result;
}
return null;
}
added self service
2006-07-29 08:42:34 +00:00
/**
* Returns the meta HTML code for each input field.
* format: array(<field1> => array(<META HTML>), ...)
* It is not possible to display help links.
*
* @param array $fields list of active fields
PHPDoc fix
2011-08-20 17:59:36 +00:00
* @param array $attributes attributes of LDAP account
support forced password changes in self service (bug 3483907)
2012-02-08 17:55:00 +00:00
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
read only fields for self service
2012-08-18 15:55:43 +00:00
* @param array $readOnlyFields list of read-only fields
responsive self service
2015-08-09 07:22:01 +00:00
* @return array list of meta HTML elements (field name => htmlResponsiveRow)
added self service
2006-07-29 08:42:34 +00:00
*/
read only fields for self service
2012-08-18 15:55:43 +00:00
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
added self service
2006-07-29 08:42:34 +00:00
$return = array();
if (in_array('password', $fields)) {
responsive self service
2015-08-09 07:22:01 +00:00
$row = new htmlResponsiveRow();
support password change with old password
2015-03-01 16:48:25 +00:00
if (!empty($this->selfServiceSettings->moduleSettings['posixAccount_useOldPwd']) && ($this->selfServiceSettings->moduleSettings['posixAccount_useOldPwd'][0] == 'true')) {
responsive self service
2015-08-09 07:22:01 +00:00
$pwd0 = new htmlResponsiveInputField(_('Old password'), 'posixAccount_passwordOld');
support password change with old password
2015-03-01 16:48:25 +00:00
$pwd0->setIsPassword(true, true);
responsive self service
2015-08-09 07:22:01 +00:00
$row->add($pwd0, 12);
support password change with old password
2015-03-01 16:48:25 +00:00
}
responsive self service
2015-08-09 07:22:01 +00:00
$pwd1 = new htmlResponsiveInputField($this->getSelfServiceLabel('password', _('New password')), 'posixAccount_password');
added graphical hint if password does not match policy
2014-05-25 17:29:19 +00:00
$pwd1->setIsPassword(true, true);
responsive self service
2015-08-09 07:22:01 +00:00
$row->add($pwd1, 12);
$pwd2 = new htmlResponsiveInputField(_('Reenter password'), 'posixAccount_password2');
fixed self service
2010-07-03 13:17:50 +00:00
$pwd2->setIsPassword(true);
added graphical hint if password values are not equal
2014-05-25 14:37:05 +00:00
$pwd2->setSameValueFieldID('posixAccount_password');
responsive self service
2015-08-09 07:22:01 +00:00
$row->add($pwd2, 12);
$return['password'] = $row;
added self service
2006-07-29 08:42:34 +00:00
}
support forced password changes in self service (bug 3483907)
2012-02-08 17:55:00 +00:00
if ($passwordChangeOnly) {
return $return; // only password fields as long no LDAP content can be read
}
common name for self service
2011-03-23 18:35:57 +00:00
if (in_array('cn', $fields)) {
$cn = '';
if (isset($attributes['cn'][0])) $cn = $attributes['cn'][0];
read only fields for self service
2012-08-18 15:55:43 +00:00
$cnField = new htmlInputField('posixAccount_cn', $cn);
if (in_array('cn', $readOnlyFields)) {
$cnField = new htmlOutputText($cn);
}
responsive self service
2015-08-09 07:22:01 +00:00
$row = new htmlResponsiveRow();
responsive self service
2015-08-09 07:57:56 +00:00
$row->addLabel(new htmlOutputText($this->getSelfServiceLabel('cn', _('Common name'))));
$row->addField($cnField);
responsive self service
2015-08-09 07:22:01 +00:00
$return['cn'] = $row;
common name for self service
2011-03-23 18:35:57 +00:00
}
added login shell to self service
2011-12-14 18:41:59 +00:00
if (in_array('loginShell', $fields)) {
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
$shelllist = $this->getShells(); // list of all valid shells
added login shell to self service
2011-12-14 18:41:59 +00:00
$loginShell = '';
if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0];
read only fields for self service
2012-08-18 15:55:43 +00:00
$loginShellField = new htmlSelect('posixAccount_loginShell', $shelllist, array($loginShell));
if (in_array('loginShell', $readOnlyFields)) {
$loginShellField = new htmlOutputText($loginShell);
}
responsive self service
2015-08-09 07:22:01 +00:00
$row = new htmlResponsiveRow();
responsive self service
2015-08-09 07:57:56 +00:00
$row->addLabel(new htmlOutputText($this->getSelfServiceLabel('loginShell', _('Login shell'))));
$row->addField($loginShellField);
responsive self service
2015-08-09 07:22:01 +00:00
$return['loginShell'] = $row;
added login shell to self service
2011-12-14 18:41:59 +00:00
}
added self service
2006-07-29 08:42:34 +00:00
return $return;
}
/**
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
* Checks if all input values are correct and returns the LDAP attributes which should be changed.
* <br>Return values:
* <br>messages: array of parameters to create status messages
* <br>add: array of attributes to add
* <br>del: array of attributes to remove
* <br>mod: array of attributes to modify
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
responsive self service
2015-08-09 07:22:01 +00:00
*
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
* Calling this method does not require the existence of an enclosing {@link accountContainer}.
added self service
2006-07-29 08:42:34 +00:00
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
support forced password changes in self service (bug 3483907)
2012-02-08 17:55:00 +00:00
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
read only fields for self service
2012-08-18 15:55:43 +00:00
* @param array $readOnlyFields list of read-only fields
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
added self service
2006-07-29 08:42:34 +00:00
*/
read only fields for self service
2012-08-18 15:55:43 +00:00
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
added self service
2006-07-29 08:42:34 +00:00
if (in_array('password', $fields)) {
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
if ($_POST['posixAccount_password'] != $_POST['posixAccount_password2']) {
$return['messages'][] = $this->messages['userPassword'][0];
}
else {
removed $post parameter
2006-08-13 12:58:19 +00:00
if (!get_preg($_POST['posixAccount_password'], 'password')) {
added self service
2006-07-29 08:42:34 +00:00
$return['messages'][] = $this->messages['userPassword'][1];
}
else {
extended password policy
2014-04-17 19:26:08 +00:00
$userName = empty($attributes['uid'][0]) ? null : $attributes['uid'][0];
$additionalAttrs = array();
if (!empty($attributes['sn'][0])) {
$additionalAttrs[] = $attributes['sn'][0];
}
if (!empty($attributes['givenName'][0])) {
$additionalAttrs[] = $attributes['givenName'][0];
}
$pwdPolicyResult = checkPasswordStrength($_POST['posixAccount_password'], $userName, $additionalAttrs);
added password policies
2008-02-14 17:37:02 +00:00
if ($pwdPolicyResult === true) {
support password change with old password
2015-03-01 16:48:25 +00:00
if (empty($this->selfServiceSettings->moduleSettings['posixAccount_useOldPwd']) || ($this->selfServiceSettings->moduleSettings['posixAccount_useOldPwd'][0] != 'true')) {
$return['mod'][$this->getPasswordAttrName()][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]);
}
else {
$return['add'][$this->getPasswordAttrName()][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]);
$return['del'][$this->getPasswordAttrName()][0] = $_POST['posixAccount_passwordOld'];
}
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
$return['info']['userPasswordClearText'][0] = $_POST['posixAccount_password'];
better check of shadowlastchange for self-service
2008-05-15 17:22:32 +00:00
if (isset($attributes['shadowLastChange'][0])) {
added password policies
2008-02-14 17:37:02 +00:00
$return['mod']['shadowLastChange'][0] = intval(time()/3600/24);
}
$_SESSION['selfService_clientPasswordNew'] = $_POST['posixAccount_password'];
}
else {
$return['messages'][] = array('ERROR', $pwdPolicyResult);
set shadowLastChange for self service password changes
2007-07-08 10:21:34 +00:00
}
added self service
2006-07-29 08:42:34 +00:00
}
}
}
}
support password change with old password
2015-03-01 16:48:25 +00:00
// stop processing if only a password change is done
support forced password changes in self service (bug 3483907)
2012-02-08 17:55:00 +00:00
if ($passwordChangeOnly) {
support password change with old password
2015-03-01 16:48:25 +00:00
return $return;
support forced password changes in self service (bug 3483907)
2012-02-08 17:55:00 +00:00
}
Allow to sync Unix password with Windows password
2016-06-26 08:15:45 +00:00
// sync from Windows password
if (in_array('syncWindowsPassword', $fields) && !empty($_POST['windowsUser_unicodePwd'])) {
$password = $_POST['windowsUser_unicodePwd'];
$return['mod']['unixUserPassword'][0] = pwd_hash($password, true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]);
if (isset($attributes['shadowLastChange'][0])) {
$return['mod']['shadowLastChange'][0] = intval(time()/3600/24);
}
}
support password change with old password
2015-03-01 16:48:25 +00:00
// cn
read only fields for self service
2012-08-18 15:55:43 +00:00
if (in_array('cn', $fields) && !in_array('cn', $readOnlyFields)) {
common name for self service
2011-03-23 18:35:57 +00:00
if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) {
if (!get_preg($_POST['posixAccount_cn'], 'cn')) {
$return['messages'][] = $this->messages['cn'][0];
}
do not always change cn and loginShell in self service
2012-02-08 18:09:21 +00:00
else if (!isset($attributes['cn']) || ($attributes['cn'][0] != $_POST['posixAccount_cn'])) {
common name for self service
2011-03-23 18:35:57 +00:00
$return['mod']['cn'][0] = $_POST['posixAccount_cn'];
}
}
else {
$return['messages'][] = $this->messages['cn'][0];
}
}
support password change with old password
2015-03-01 16:48:25 +00:00
// shell
read only fields for self service
2012-08-18 15:55:43 +00:00
if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) {
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
$shelllist = $this->getShells(); // list of all valid shells
do not always change cn and loginShell in self service
2012-02-08 18:09:21 +00:00
if (in_array($_POST['posixAccount_loginShell'], $shelllist)
&& (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) {
added login shell to self service
2011-12-14 18:41:59 +00:00
$return['mod']['loginShell'][0] = $_POST['posixAccount_loginShell'];
}
}
added self service
2006-07-29 08:42:34 +00:00
return $return;
}
responsive self service
2015-08-09 07:22:01 +00:00
first step for adding central password service
2009-10-08 20:16:02 +00:00
/**
* This method specifies if a module manages password attributes.
* @see passwordService::managesPasswordAttributes
*
* @return boolean true if this module manages password attributes
*/
public function managesPasswordAttributes() {
return true;
}
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
/**
* Specifies if this module supports to force that a user must change his password on next login.
responsive self service
2015-08-09 07:22:01 +00:00
*
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return false;
}
responsive self service
2015-08-09 07:22:01 +00:00
first step for adding central password service
2009-10-08 20:16:02 +00:00
/**
added central password service
2009-10-09 18:21:12 +00:00
* This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name.
*
first step for adding central password service
2009-10-08 20:16:02 +00:00
* @param String $password new password
added central password service
2009-10-09 18:21:12 +00:00
* @param $modules list of modules for which the password should be changed
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
* @param boolean $forcePasswordChange force the user to change his password at next login
first step for adding central password service
2009-10-08 20:16:02 +00:00
* @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.'))
added central password service
2009-10-09 18:21:12 +00:00
* @see passwordService::passwordChangeRequested
first step for adding central password service
2009-10-08 20:16:02 +00:00
*/
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
added central password service
2009-10-09 18:21:12 +00:00
if (!in_array(get_class($this), $modules)) {
return array();
}
extended password policy
2014-04-17 19:26:08 +00:00
// check password strength
$user = empty($this->attributes['uid'][0]) ? null : $this->attributes['uid'][0];
$additionalAttrs = array();
if ($this->getAccountContainer()->getAccountModule('inetOrgPerson') != null) {
$attrs = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes();
if (!empty($attrs['sn'][0])) {
$additionalAttrs[] = $attrs['sn'][0];
}
if (!empty($attrs['givenName'][0])) {
$additionalAttrs[] = $attrs['givenName'][0];
}
}
$checkResult = checkPasswordStrength($password, $user, $additionalAttrs);
if ($checkResult !== true) {
return array(array('ERROR', $checkResult));
}
// set new password
readded support for user password in PDF
2010-03-08 18:26:06 +00:00
$this->clearTextPassword = $password;
support SASL as password hash
2015-02-11 16:57:38 +00:00
// set SASL password
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
$this->attributes[$this->getPasswordAttrName()][0] = '{SASL}' . $this->attributes['uid'][0];
}
// set normal password
else {
$this->attributes[$this->getPasswordAttrName()][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
}
first step for adding central password service
2009-10-08 20:16:02 +00:00
return array();
}
responsive self service
2015-08-09 07:22:01 +00:00
use less cache functions
2009-11-26 10:48:05 +00:00
/**
do not use in_cache
2009-11-26 13:32:14 +00:00
* Returns the group ID of the given group.
use less cache functions
2009-11-26 10:48:05 +00:00
*
* @param String $groupname group name
* @return String GID
*/
private function getGID($groupname) {
$results = searchLDAPByAttribute('cn', $groupname, 'posixGroup', array('gidnumber'), array('group'));
if ((sizeof($results) > 0) && isset($results[0]['gidnumber'][0])) {
return $results[0]['gidnumber'][0];
}
return null;
}
responsive self service
2015-08-09 07:22:01 +00:00
use less cache functions
2009-11-26 10:48:05 +00:00
/**
* Returns the group name of the group with the given group ID.
*
* @param String $groupID group ID
* @return String group name
*/
private function getGroupName($groupID) {
$results = searchLDAPByAttribute('gidNumber', $groupID, 'posixGroup', array('cn'), array('group'));
if ((sizeof($results) > 0) && isset($results[0]['cn'][0])) {
return $results[0]['cn'][0];
}
return null;
}
responsive self service
2015-08-09 07:22:01 +00:00
do not use in_cache
2009-11-26 13:32:14 +00:00
/**
* Returns the group DN of the given group.
*
* @param String $groupname group name
* @return String DN
*/
private function getGroupDN($groupname) {
$results = searchLDAPByAttribute('cn', $groupname, 'posixGroup', array('dn'), array('group'));
if ((sizeof($results) > 0) && isset($results[0]['dn'][0])) {
return $results[0]['dn'];
}
return null;
}
responsive self service
2015-08-09 07:22:01 +00:00
use less cache functions
2009-11-26 10:48:05 +00:00
/**
* Finds all existing LDAP groups.
*
replaced caching
2010-11-23 21:12:13 +00:00
* @return array groups array(array(gidnumber, cn), array(gidnumber, cn), ...)
use less cache functions
2009-11-26 10:48:05 +00:00
*/
private function findGroups() {
if ($this->groupCache != null) {
return $this->groupCache;
}
use type filters when searching for groups (bug 165)
2014-02-26 20:02:50 +00:00
$typeSettings = $_SESSION['config']->get_typeSettings();
$filter = '(objectClass=posixGroup)';
support users/groups without correct object class on Windows
2014-05-15 19:30:46 +00:00
if ($this->isWindows()) {
$filter = '(&(objectClass=group)(gidNumber=*))';
}
use type filters when searching for groups (bug 165)
2014-02-26 20:02:50 +00:00
if (!empty($typeSettings['filter_group'])) {
$typeFilter = $typeSettings['filter_group'];
if (strpos($typeFilter, '(') !== 0) {
$typeFilter = '(' . $typeFilter . ')';
}
$filter = '(&' . $filter . $typeFilter . ')';
}
$results = searchLDAPByFilter($filter, array('cn', 'gidnumber'), array('group'));
use less cache functions
2009-11-26 10:48:05 +00:00
$return = array();
for ($i = 0; $i < sizeof($results); $i++) {
if (isset($results[$i]['cn'][0]) && isset($results[$i]['gidnumber'][0])) {
$return[] = array($results[$i]['gidnumber'][0], $results[$i]['cn'][0]);
}
}
$this->groupCache = $return;
return $return;
}
responsive self service
2015-08-09 07:22:01 +00:00
manage group of names
2011-10-06 20:03:45 +00:00
/**
* Finds all existing LDAP group of names.
*
added option to auto-sync with group of names
2015-05-31 08:46:44 +00:00
* @return array groups array(dn => array('cn' => array('groupName'), 'objectclass' => array('top', 'groupOfNames')))
manage group of names
2011-10-06 20:03:45 +00:00
*/
private function findGroupOfNames() {
if ($this->gonCache != null) {
return $this->gonCache;
}
$return = array();
$types = array();
if (in_array('group', $_SESSION['config']->get_ActiveTypes())) {
$types[] = 'group';
}
if (in_array('gon', $_SESSION['config']->get_ActiveTypes())) {
$types[] = 'gon';
}
use type filters when searching for groups (bug 165)
2014-02-26 20:02:50 +00:00
$typeSettings = $_SESSION['config']->get_typeSettings();
manage group of names
2011-10-06 20:03:45 +00:00
if (sizeof($types) > 0) {
use type filters when searching for groups (bug 165)
2014-02-26 20:02:50 +00:00
foreach ($types as $type) {
support groupOfMembers
2015-05-23 13:34:08 +00:00
$filter = '(|(objectClass=groupOfNames)(objectClass=groupOfMembers)(objectClass=groupOfUniqueNames))';
use type filters when searching for groups (bug 165)
2014-02-26 20:02:50 +00:00
if (!empty($typeSettings['filter_' . $type])) {
$typeFilter = $typeSettings['filter_' . $type];
if (strpos($typeFilter, '(') !== 0) {
$typeFilter = '(' . $typeFilter . ')';
}
$filter = '(&' . $filter . $typeFilter . ')';
}
$results = searchLDAPByFilter($filter, array('cn', 'dn', 'objectClass'), array($type));
for ($i = 0; $i < sizeof($results); $i++) {
if (isset($results[$i]['cn'][0]) && isset($results[$i]['dn'])) {
$return[$results[$i]['dn']] = $results[$i];
}
manage group of names
2011-10-06 20:03:45 +00:00
}
}
}
$this->gonCache = $return;
return $return;
}
responsive self service
2015-08-09 07:22:01 +00:00
replaced caching
2010-11-23 21:12:13 +00:00
/**
* Returns a list of existing UID numbers.
*
* @return array list of UID numbers
*/
private function getUIDs() {
if ($this->cachedUIDList != null) {
return $this->cachedUIDList;
}
$this->cachedUIDList = array();
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
$attrs = array('uidNumber');
$filter = '(&(objectClass=posixAccount)(uidNumber=*))';
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if ($this->skipObjectClass()) {
$filter = '(uidNumber=*)';
}
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
$types = $_SESSION['config']->get_ActiveTypes();
// get user UIDs
if (in_array('user', $types)) {
$suffixUsers = $_SESSION['config']->get_Suffix('user');
if (isset($this->moduleSettings['posixAccount_uidCheckSuffixUser'][0]) && ($this->moduleSettings['posixAccount_uidCheckSuffixUser'][0] != '')) {
$suffixUsers = $this->moduleSettings['posixAccount_uidCheckSuffixUser'][0];
}
$result = searchLDAP($suffixUsers, $filter, $attrs);
for ($i = 0; $i < sizeof($result); $i++) {
$this->cachedUIDList[] = $result[$i]['uidnumber'][0];
}
}
// get host UIDs
if (in_array('host', $types)) {
$suffixHosts = $_SESSION['config']->get_Suffix('host');
if (isset($this->moduleSettings['posixAccount_uidCheckSuffixHost'][0]) && ($this->moduleSettings['posixAccount_uidCheckSuffixHost'][0] != '')) {
$suffixHosts = $this->moduleSettings['posixAccount_uidCheckSuffixHost'][0];
}
if ($suffixUsers != $suffixHosts) {
$result = searchLDAP($suffixHosts, $filter, $attrs);
for ($i = 0; $i < sizeof($result); $i++) {
$this->cachedUIDList[] = $result[$i]['uidnumber'][0];
}
}
replaced caching
2010-11-23 21:12:13 +00:00
}
sort($this->cachedUIDList, SORT_NUMERIC);
return $this->cachedUIDList;
}
responsive self service
2015-08-09 07:22:01 +00:00
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
/**
* Checks if the given user name already exists in LDAP.
responsive self service
2015-08-09 07:22:01 +00:00
*
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
* @param String $userName user name
* @return boolean true if already exists
*/
private function userNameExists($userName) {
return in_array($userName, $this->getUserNames());
}
responsive self service
2015-08-09 07:22:01 +00:00
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
/**
* Returns a list of all user names in LDAP.
responsive self service
2015-08-09 07:22:01 +00:00
*
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
* @return array user names
*/
private function getUserNames() {
if ($this->cachedUserNameList != null) {
return $this->cachedUserNameList;
}
$this->cachedUserNameList = array();
$attrs = array('uid');
$filter = '(&(objectClass=posixAccount)(uid=*))';
optional posixAccount object class
2016-05-09 18:10:14 +00:00
if ($this->skipObjectClass()) {
$filter = '(uid=*)';
}
allow to specify alternative suffix for uniqueness check
2012-09-07 16:35:54 +00:00
$types = $_SESSION['config']->get_ActiveTypes();
// get user names
if (in_array('user', $types)) {
$suffixUsers = $_SESSION['config']->get_Suffix('user');
if (isset($this->moduleSettings['posixAccount_uidCheckSuffixUser'][0]) && ($this->moduleSettings['posixAccount_uidCheckSuffixUser'][0] != '')) {
$suffixUsers = $this->moduleSettings['posixAccount_uidCheckSuffixUser'][0];
}
$result = searchLDAP($suffixUsers, $filter, $attrs);
for ($i = 0; $i < sizeof($result); $i++) {
$this->cachedUserNameList[] = $result[$i]['uid'][0];
}
}
// get host UIDs
if (in_array('host', $types)) {
$suffixHosts = $_SESSION['config']->get_Suffix('host');
if (isset($this->moduleSettings['posixAccount_uidCheckSuffixHost'][0]) && ($this->moduleSettings['posixAccount_uidCheckSuffixHost'][0] != '')) {
$suffixHosts = $this->moduleSettings['posixAccount_uidCheckSuffixHost'][0];
}
if ($suffixUsers != $suffixHosts) {
$result = searchLDAP($suffixHosts, $filter, $attrs);
for ($i = 0; $i < sizeof($result); $i++) {
$this->cachedUserNameList[] = $result[$i]['uid'][0];
}
}
}
return $this->cachedUserNameList;
}
responsive self service
2015-08-09 07:22:01 +00:00
manage group of names
2011-10-06 20:03:45 +00:00
/**
* Returns if LAM manages group of names entries.
responsive self service
2015-08-09 07:22:01 +00:00
*
manage group of names
2011-10-06 20:03:45 +00:00
* @return boolean group of names are active
*/
quick (un)lock for users
2012-04-09 13:20:24 +00:00
public static function areGroupOfNamesActive() {
manage group of names
2011-10-06 20:03:45 +00:00
if (!isset($_SESSION['config'])) {
return false;
}
if (in_array('group', $_SESSION['config']->get_ActiveTypes())) {
$groupModules = $_SESSION['config']->get_AccountModules('group');
support groupOfMembers
2015-05-23 13:34:08 +00:00
if (in_array('groupOfNames', $groupModules) || in_array('groupOfMembers', $groupModules) || in_array('groupOfUniqueNames', $groupModules)) {
manage group of names
2011-10-06 20:03:45 +00:00
return true;
}
}
if (in_array('gon', $_SESSION['config']->get_ActiveTypes())) {
$gonModules = $_SESSION['config']->get_AccountModules('gon');
support groupOfMembers
2015-05-23 13:34:08 +00:00
if (in_array('groupOfNames', $gonModules) || in_array('groupOfMembers', $gonModules) || in_array('groupOfUniqueNames', $gonModules)) {
manage group of names
2011-10-06 20:03:45 +00:00
return true;
}
}
return false;
}
responsive self service
2015-08-09 07:22:01 +00:00
easier switching to long user name suggestion
2011-02-20 13:28:32 +00:00
/**
* Returns a suggestion for the user name.
* By deafult this wil be the first character of the first name plus the last name.
*
* @param array $attrs LDAP attributes
* @return String user name
*/
support subclassing
2012-08-23 16:28:13 +00:00
protected function getUserNameSuggestion($attrs) {
added htmlAccordion and option to specify user name suggestion format
2013-03-24 18:39:08 +00:00
$attributes = array_change_key_case($attrs, CASE_LOWER);
$format = '@givenname@%sn%';
if (isset($this->moduleSettings['posixAccount_userNameSuggestion'][0])) {
$format = strtolower($this->moduleSettings['posixAccount_userNameSuggestion'][0]);
}
// search for @key@ wildcards in format string and replace with first character of attribute
$wildcards = array();
if (preg_match_all('/@([^@]|[a-zA-Z_-])+@/', $format, $wildcards) > 0) {
for ($i = 0; $i < sizeof($wildcards[0]); $i++) {
$wc = substr($wildcards[0][$i], 1, strlen($wildcards[0][$i]) - 2);
$value = '';
fixed PHP notice
2013-05-01 12:35:09 +00:00
if (isset($attributes[$wc][0]) && !empty($attributes[$wc][0])) {
added htmlAccordion and option to specify user name suggestion format
2013-03-24 18:39:08 +00:00
$value = $attributes[$wc][0][0];
easier switching to long user name suggestion
2011-02-20 13:28:32 +00:00
}
added htmlAccordion and option to specify user name suggestion format
2013-03-24 18:39:08 +00:00
$format = str_replace('@' . $wc . '@', $value, $format);
easier switching to long user name suggestion
2011-02-20 13:28:32 +00:00
}
added htmlAccordion and option to specify user name suggestion format
2013-03-24 18:39:08 +00:00
}
// search for %key% wildcards in format string and replace with attribute
$wildcards = array();
if (preg_match_all('/%([^%]|[a-zA-Z_-])+%/', $format, $wildcards) > 0) {
for ($i = 0; $i < sizeof($wildcards[0]); $i++) {
$wc = substr($wildcards[0][$i], 1, strlen($wildcards[0][$i]) - 2);
$value = '';
if (isset($attributes[$wc][0])) {
$value = $attributes[$wc][0];
}
$format = str_replace('%' . $wc . '%', $value, $format);
easier switching to long user name suggestion
2011-02-20 13:28:32 +00:00
}
}
filter " ", -, _ in suggested user names
2013-07-21 10:39:46 +00:00
$format = str_replace(array_keys($this->umlautReplacements), array_values($this->umlautReplacements), strtolower($format));
$format = str_replace(array(' ', '_', '-'), array('', '', ''), $format);
return $format;
easier switching to long user name suggestion
2011-02-20 13:28:32 +00:00
}
responsive self service
2015-08-09 07:22:01 +00:00
account quick locking
2012-04-09 18:07:57 +00:00
/**
* Returns if this account can be locked.
* This is the case if a hashed password is set ("{" at the beginning).
*/
public function isLockable() {
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
if (isset($this->attributes[$this->getPasswordAttrName()][0]) && pwd_is_lockable($this->attributes[$this->getPasswordAttrName()][0])) {
account quick locking
2012-04-09 18:07:57 +00:00
return true;
}
return false;
}
responsive self service
2015-08-09 07:22:01 +00:00
quick (un)lock for users
2012-04-09 13:20:24 +00:00
/**
* Returns if the Unix part of the current account is locked.
responsive self service
2015-08-09 07:22:01 +00:00
*
quick (un)lock for users
2012-04-09 13:20:24 +00:00
* @return boolean password is locked
*/
public function isLocked() {
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
return isset($this->attributes[$this->getPasswordAttrName()][0]) && !pwd_is_enabled($this->attributes[$this->getPasswordAttrName()][0]);
quick (un)lock for users
2012-04-09 13:20:24 +00:00
}
responsive self service
2015-08-09 07:22:01 +00:00
quick (un)lock for users
2012-04-09 13:20:24 +00:00
/**
* Locks the user password of this account.
*/
public function lock() {
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$pwdAttrName = $this->getPasswordAttrName();
if (isset($this->attributes[$pwdAttrName][0])) {
$this->attributes[$pwdAttrName][0] = pwd_disable($this->attributes[$pwdAttrName][0]);
account quick locking
2012-04-09 18:07:57 +00:00
}
quick (un)lock for users
2012-04-09 13:20:24 +00:00
}
responsive self service
2015-08-09 07:22:01 +00:00
quick (un)lock for users
2012-04-09 13:20:24 +00:00
/**
* Unlocks the user password of this account.
*/
public function unlock() {
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
$pwdAttrName = $this->getPasswordAttrName();
if (isset($this->attributes[$pwdAttrName][0])) {
$this->attributes[$pwdAttrName][0] = pwd_enable($this->attributes[$pwdAttrName][0]);
account quick locking
2012-04-09 18:07:57 +00:00
}
quick (un)lock for users
2012-04-09 13:20:24 +00:00
}
responsive self service
2015-08-09 07:22:01 +00:00
quick (un)lock for users
2012-04-09 13:20:24 +00:00
/**
* Removes all Unix group memberships from this user.
*/
public function removeFromUnixGroups() {
$this->groups = array();
}
responsive self service
2015-08-09 07:22:01 +00:00
quick (un)lock for users
2012-04-09 13:20:24 +00:00
/**
* Removes all group of names memberships from this user.
*/
public function removeFromGONGroups() {
$this->gonList = array();
}
responsive self service
2015-08-09 07:22:01 +00:00
suggest free user name in file upload if already exists
2012-09-23 17:59:14 +00:00
/**
* Returns the next possible user name based on the given one.
* If the user name does not end with a number then a "2" is added.
* User names with numbers at the end are simply increased by one.
* <br>
responsive self service
2015-08-09 07:22:01 +00:00
* <br>Attention: This user name might still be in use. This needs to be checked separately.
*
suggest free user name in file upload if already exists
2012-09-23 17:59:14 +00:00
* @param String $userName user name
* @return String new user name
*/
protected function getNextUserName($userName) {
if ($this->get_scope()=='host') {
$userName = substr($userName, 0, -1);
}
// get last character of username
$lastchar = substr($userName, strlen($userName) - 1, 1);
// Last character is no number
if ( !preg_match('/^([0-9])+$/', $lastchar)) {
// Last character is no number. Therefore we only have to add "2" to it.
if ($this->get_scope()=='host') {
$userName = $userName . '2$';
}
else {
$userName = $userName . '2';
}
}
else {
/* Last character is a number -> we have to increase the number until we've
* found a groupname with trailing number which is not in use.
*
* $i will show us were we have to split groupname so we get a part
* with the groupname and a part with the trailing number
*/
$i = strlen($userName) - 1;
$mark = false;
// Set $i to the last character which is a number in $account_new->general_username
while (!$mark) {
if (preg_match('/^([0-9])+$/', substr($userName, $i, strlen($userName) - $i))) {
$i--;
}
else {
$mark=true;
}
}
// increase last number with one
$firstchars = substr($userName, 0, $i + 1);
$lastchars = substr($userName, $i + 1, strlen($userName) - $i);
// Put username together
if ($this->get_scope()=='host') {
$userName = $firstchars . (intval($lastchars) + 1) . "$";
}
else {
$userName = $firstchars . (intval($lastchars) + 1);
}
}
return $userName;
}
responsive self service
2015-08-09 07:22:01 +00:00
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
/**
* Returns the list of possible login shells.
responsive self service
2015-08-09 07:22:01 +00:00
*
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
* @return array login shells
*/
private function getShells() {
// self service
added isLoggedIn()
2014-10-25 19:17:53 +00:00
if (!isLoggedIn() && isset($this->selfServiceSettings) && isset($this->selfServiceSettings->moduleSettings['posixAccount_shells'])
moved list of login shells to configuration profiles
2013-02-05 19:10:04 +00:00
&& (sizeof($this->selfServiceSettings->moduleSettings['posixAccount_shells'])) > 0) {
return $this->selfServiceSettings->moduleSettings['posixAccount_shells'];
}
// server profile
if (!isset($this->selfServiceSettings) && isset($this->moduleSettings) && isset($this->moduleSettings['posixAccount_shells'])
&& (sizeof($this->moduleSettings['posixAccount_shells'])) > 0) {
return $this->moduleSettings['posixAccount_shells'];
}
// fall back to default
return array(
'/bin/bash',
'/bin/csh',
'/bin/dash',
'/bin/false',
'/bin/ksh',
'/bin/sh'
);
}
responsive self service
2015-08-09 07:22:01 +00:00
support Samba 4
2013-08-18 12:24:53 +00:00
/**
* Returns if the cn attribute should be managed.
* If Windows modules are active then cn will not be managed.
responsive self service
2015-08-09 07:22:01 +00:00
*
support Samba 4
2013-08-18 12:24:53 +00:00
* @return boolean manage cn attribute
*/
private function manageCn() {
if (isset($_SESSION['config'])) {
$conf = $_SESSION['config'];
if (in_array('windowsUser', $conf->get_AccountModules($this->get_scope()))) {
return false;
}
else {
return true;
}
}
return false;
}
responsive self service
2015-08-09 07:22:01 +00:00
support Samba 4
2013-08-18 12:24:53 +00:00
/**
* Returns if the Unix part can be added and removed.
responsive self service
2015-08-09 07:22:01 +00:00
*
support Samba 4
2013-08-18 12:24:53 +00:00
* @return boolean is optional
*/
private function isOptional() {
return !$this->manageCn();
}
support users/groups without correct object class on Windows
2014-05-15 19:30:46 +00:00
/**
* Returns if the Windows module is active.
responsive self service
2015-08-09 07:22:01 +00:00
*
support users/groups without correct object class on Windows
2014-05-15 19:30:46 +00:00
* @return boolean is Windows
*/
private function isWindows() {
return !$this->manageCn();
}
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
/**
* Returns the password attribute.
* Usually, this is userPassword. If Windows modules are active this is unixUserPassword.
responsive self service
2015-08-09 07:22:01 +00:00
*
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
* @return boolean attribute name
*/
private function getPasswordAttrName() {
$name = 'userPassword';
if (isset($_SESSION['config'])) {
$conf = $_SESSION['config'];
if (in_array('windowsUser', $conf->get_AccountModules($this->get_scope()))) {
return 'unixUserPassword';
}
}
return $name;
}
responsive self service
2015-08-09 07:22:01 +00:00
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
/**
* Returns the home directory attribute.
* Usually, this is homeDirectory. If Windows modules are active this is unixHomeDirectory.
responsive self service
2015-08-09 07:22:01 +00:00
*
support posixAccount/posixGroup on Samba 4
2013-08-18 14:19:37 +00:00
* @return boolean attribute name
*/
private function getHomedirAttrName() {
$name = 'homeDirectory';
if (isset($_SESSION['config'])) {
$conf = $_SESSION['config'];
if (in_array('windowsUser', $conf->get_AccountModules($this->get_scope()))) {
return 'unixHomeDirectory';
}
}
return $name;
}
responsive self service
2015-08-09 07:22:01 +00:00
added option to auto-sync with group of names
2015-05-31 08:46:44 +00:00
/**
* Syncs the group of names with groups.
*/
private function syncGonToGroups() {
$this->groups = array();
$allGons = $this->findGroupOfNames();
foreach ($this->gonList as $dn) {
if (!isset($allGons[$dn])) {
continue;
}
$gon = $this->gonCache[$dn];
if (in_array_ignore_case('posixGroup', $gon['objectclass']) && !empty($gon['cn'])) {
$this->groups[] = $gon['cn'][0];
}
}
}
responsive self service
2015-08-09 07:22:01 +00:00
optional posixAccount object class
2016-05-09 18:10:14 +00:00
/**
* Returns if the object class should not be added.
*
* @return do not add
*/
private function skipObjectClass() {
return $this->isBooleanConfigOptionSet('posixAccount_noObjectClass');
}
added dummy getProfileOptions() functions
2004-03-09 12:03:39 +00:00
}
added new posixAccount module. Not yet usable. It's only a disgn snapshot.
2003-12-09 18:42:50 +00:00
?>