2003-06-01 10:02:44 +00:00
< ? php
2003-04-23 15:47:00 +00:00
/*
$Id $
This code is part of LDAP Account Manager ( http :// www . sourceforge . net / projects / lam )
Copyright ( C ) 2003 Tilo Lutz
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
LDAP Account Manager functions used by account . php
*/
2003-10-19 17:04:49 +00:00
// This class keeps all needed values for any account
class account {
2003-08-16 09:38:17 +00:00
// Type : user | group | host
var $type ;
2003-04-23 15:47:00 +00:00
// General Settings
2003-08-12 19:45:24 +00:00
var $general_objectClass ; // Array, contains old objectclasses of loaded account
2003-06-08 12:12:42 +00:00
var $general_username ; // string Username, Hostname or Groupname
var $general_uidNumber ; // string UIDNumber(user|host) GIDNumber(group) only natural numbers allowed
var $general_surname ; // string Surname (user)
var $general_givenname ; // string Givenname (user)
var $general_dn ; // string DN
var $general_group ; // string Primary group (user|host)
2003-10-19 17:04:49 +00:00
var $general_groupadd ; // array(string) Addititional Groups (user) is member of
2003-06-08 12:12:42 +00:00
var $general_homedir ; // atring Homedirectoy (user) For host it's hardcoded to/dev/null
var $general_shell ; // array(string) list off all valid shells (user) hosts are hard-wired to /bin/false
2003-10-19 17:04:49 +00:00
var $general_gecos ; // string, gecos-field (user|group|host)
2003-04-23 15:47:00 +00:00
// Unix Password Settings
2003-09-11 16:55:57 +00:00
var $unix_memberUid ; // array Stores all users which are member of group but is not primary group (group)
2003-06-08 12:12:42 +00:00
var $unix_password ; // string for unix-password (user|host)
var $unix_password_no ; // string (0|1) set unix-password to none (user|host)
var $unix_pwdwarn ; // string number of days a user is warned before password expires (user|host) value must be a natural number (user|host)
var $unix_pwdallowlogin ; // string number of days a user can login even his password has expired (user) muste be a natural number or 0 or -1 (user|host)
var $unix_pwdmaxage ; // string Number of days after a user has to change his password again Value must be 0<. (user|host)
var $unix_pwdminage ; // string Number of days a user has to wait until he\'s allowed to change his password again. Value must be 0<. (user|host)
2003-07-11 14:42:28 +00:00
var $unix_pwdexpire ; // string days since 1.1.1970 the account expires (user|host)
2003-06-08 12:12:42 +00:00
var $unix_deactivated ; // string (1|0) account deactivated? (user|host)
var $unix_shadowLastChange ; // string, contains the days since 1.1.1970 the password has been changed last time (user|host)
2003-08-03 14:04:18 +00:00
var $unix_host ; // list of unix hosts the user is allowed to log in
2003-04-23 15:47:00 +00:00
// Samba Account
2003-06-08 12:12:42 +00:00
var $smb_password ; // string for samba-password (user|host)
var $smb_password_no ; // string (1|0) set samba-password to none (user|host)
var $smb_useunixpwd ; // string (1|0) use unix-password as samba-password (user|host)
2003-07-13 12:31:12 +00:00
var $smb_pwdcanchange ; // string unix-timestamp user/host is able to change password (user|host)
var $smb_pwdmustchange ; // string unix-timestamp user/host has to change password at next login (user|host)
2003-06-08 12:12:42 +00:00
var $smb_homedrive ; // string Homedrive (C:, D:, ...) (user)
var $smb_scriptPath ; // string ScriptPath (\\server\loginscript) (user)
var $smb_profilePath ; // string profilePAth (\\server\profilepath) (user)
var $smb_smbuserworkstations ; // string comma-separated list of workstations (user)
var $smb_smbhome ; // string Home-Share (\\server\home) (user)
2003-08-10 19:46:21 +00:00
var $smb_domain ; // string Domain of (user|host) or samba3domain-Object
2003-06-08 12:12:42 +00:00
var $smb_flagsW ; // string (1|0) account is host? (user|host)
var $smb_flagsD ; // string (1|0) account is disabled? (user|host)
2003-10-19 17:04:49 +00:00
var $smb_flagsX ; // string (1|0) password doesn't expire (user|host)
2003-06-30 12:06:44 +00:00
var $smb_mapgroup ; // decimal ID for groups
2003-09-16 12:44:28 +00:00
var $smb_displayName ; // string, description, similar to gecos-field.
2003-05-07 16:53:03 +00:00
// Quota Settins
2003-10-20 17:56:52 +00:00
var $quota ; /* array [][] First array is an index for every chare with active quotas
* second array Contains values for every share :
* mountpoint , used blocks , soft block limit , hard block limit , grace block period , used inodes ,
* soft inode limit , hard inode limit , grace inode period
*/
2003-04-23 15:47:00 +00:00
// Personal Settings
2003-06-08 12:12:42 +00:00
var $personal_title ; // string title of user
var $personal_mail ; // string mailaddress of user
var $personal_telephoneNumber ; // string telephonenumber of user
var $personal_mobileTelephoneNumber ; // string mobile umber of user
var $personal_facsimileTelephoneNumber ; // strinf fax-number of user
var $personal_street ; // stirng streetname of user
var $personal_postalCode ; // string postal code of user
var $personal_postalAddress ; // string postal Address of user
var $personal_employeeType ; // string employe type of user
2003-04-23 15:47:00 +00:00
}
2003-06-08 12:12:42 +00:00
2003-10-19 17:04:49 +00:00
/* Return a list of all shells listed in ../ config / shells
* Normally ../ config / shells is a symbolic link to / etc / shells
*/
function getshells () {
// Load shells from file
2003-09-28 13:30:31 +00:00
$shells = file ( $_SESSION [ 'lampath' ] . 'config/shells' );
2003-05-14 21:12:17 +00:00
$i = 0 ;
2003-10-17 07:58:43 +00:00
while ( count ( $shells ) > $i ) {
// remove whitespaces
2003-05-14 21:12:17 +00:00
trim ( $shells [ $i ]);
2003-10-17 07:58:43 +00:00
// remove lineend
$shells [ $i ] = substr ( $shells [ $i ], 0 , strpos ( $shells [ $i ], " \n " ));
2003-10-19 17:04:49 +00:00
// remove comments
2003-10-17 07:58:43 +00:00
if ( $shells [ $i ]{ 0 } == '#' ) unset ( $shells [ $i ]);
2003-05-16 20:00:45 +00:00
else $i ++ ;
2003-05-14 21:12:17 +00:00
}
2003-10-19 17:04:49 +00:00
// $shells is array with all valid shells
2003-05-02 15:32:44 +00:00
return $shells ;
2003-05-01 17:02:57 +00:00
}
2003-04-23 15:47:00 +00:00
2003-10-19 17:04:49 +00:00
/* This function will replace umlates with ascci - chars
* fixme
* In order to map all non - ascii characters this function should be changed
*/
function replace_umlaut ( $text ) {
2003-08-14 12:49:11 +00:00
$aTranslate = array ( " <EFBFBD> " => " ae " , " <EFBFBD> " => " Ae " ,
" <EFBFBD> " => " oe " , " <EFBFBD> " => " Oe " ,
" <EFBFBD> " => " ue " , " <EFBFBD> " => " Ue " ,
" <EFBFBD> " => " ss "
);
return strtr ( $text , $aTranslate );
}
2003-09-11 16:55:57 +00:00
2003-10-19 17:04:49 +00:00
/* This function will return all values from $array without values of $values
* $values , $array and $return are arrays
*/
function array_delete ( $values , $array ) {
// Loop for every entry and check if it should be removed
if ( is_array ( $array )) {
foreach ( $array as $array_value )
if ( !@ in_array ( $array_value , $values ))
$return [] = $array_value ;
return $return ;
}
else return 0 ;
}
2003-09-11 16:55:57 +00:00
2003-10-19 17:04:49 +00:00
// This function will return a password with max. 8 characters
function genpasswd () {
2003-04-23 15:47:00 +00:00
// Allowed Characters to generate passwords
2003-10-19 17:04:49 +00:00
// I'Ve removed characters like l and 1 because they are too similar
2003-04-23 15:47:00 +00:00
$LCase = 'abcdefghjkmnpqrstuvwxyz' ;
2003-05-02 15:32:44 +00:00
$UCase = 'ABCDEFGHJKMNPQRSTUVWXYZ' ;
2003-04-23 15:47:00 +00:00
$Integer = '23456789' ;
// DEFINE CONSTANTS FOR ALGORTTHM
define ( " LEN " , '1' );
$a = RndInt ( 'letter' );
$b = RndInt ( 'letter' );
$c = RndInt ( 'letter' );
$d = RndInt ( 'letter' );
$e = RndInt ( 'number' );
$f = RndInt ( 'number' );
$g = RndInt ( 'letter' );
$h = RndInt ( 'letter' );
// EXTRACT 8 CHARACTERS RANDOMLY FROM TH // E DEFINITION STRINGS
$L1 = substr ( $LCase , $a , LEN );
$L2 = substr ( $LCase , $b , LEN );
$L3 = substr ( $LCase , $h , LEN );
$U1 = substr ( $UCase , $c , LEN );
$U2 = substr ( $UCase , $d , LEN );
$U3 = substr ( $UCase , $g , LEN );
$I1 = substr ( $Integer , $e , LEN );
$I2 = substr ( $Integer , $f , LEN );
// COMBINE THE CHARACTERS AND DISPLAY TH // E NEW PASSWORD
$PW = $L1 . $U2 . $I1 . $L2 . $I2 . $U1 . $U3 . $L3 ;
return $PW ;
}
2003-10-19 17:04:49 +00:00
2003-05-02 16:18:05 +00:00
/* THIS FUNCTION GENERATES A RANDOM NUMBER THAT WILL BE USED TO
* RANDOMLY SELECT CHARACTERS FROM THE STRINGS ABOVE
*/
function RndInt ( $Format ){
switch ( $Format ){
case 'letter' :
$Rnd = rand ( 0 , 23 );
if ( $Rnd > 23 ){
$Rnd = $Rnd - 1 ;
}
break ;
case 'number' :
$Rnd = rand ( 2 , 9 );
if ( $Rnd > 8 ){
$Rnd = $Rnd - 1 ;
}
break ;
}
return $Rnd ;
} // END RndInt() FUNCTION
2003-10-19 17:04:49 +00:00
/* Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
* $type = 'user' or 'group'
* $user = user or groupname . If no user or groupname is defined ,
* an array with all quota - enabled partitions will be returned in this case all returned values are 0 exept mointpoint [ x ][ 0 ]
*/
function getquotas ( $type , $user = '+' ) {
// define new object
2003-06-01 10:02:44 +00:00
$return = new account ();
2003-10-19 17:04:49 +00:00
// get username and password of the current lam-admin
2003-05-13 10:54:53 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
* admin - username , admin - password , account with quotas , 'quota' , operation = 'get' , type = user | group
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-10-23 11:12:04 +00:00
$towrite = escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]) . ' ' . escapeshellarg ( $user ) . ' quota get ' ;
2003-06-01 10:02:44 +00:00
if ( $type == 'user' ) $towrite = $towrite . 'u' ;
2003-05-07 16:53:03 +00:00
else $towrite = $towrite . 'g' ;
2003-10-19 17:04:49 +00:00
/* scriptServer is the IP to remote - host to which lam should connect via ssh
* scriptPath is Path to lamdaemon . pl on remote system
*/
2003-10-23 11:12:04 +00:00
exec ( " perl " . escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " . $towrite , $vals , $status );
2003-10-19 17:04:49 +00:00
/* $vals is a string which contains a two dimensional array .
* We have to recreate it with explode
*
* $return -> quota [][] First array is an index for every chare with active quotas
* second array Contains values for every share :
* mountpoint , used blocks , soft block limit , hard block limit , grace block period , used inodes ,
* soft inode limit , hard inode limit , grace inode period
*/
2003-05-14 21:12:17 +00:00
$vals = explode ( ':' , $vals [ 0 ]);
for ( $i = 0 ; $i < sizeof ( $vals ); $i ++ ) {
2003-05-07 16:53:03 +00:00
$vals2 = explode ( ',' , $vals [ $i ]);
2003-05-14 21:12:17 +00:00
for ( $j = 0 ; $j < sizeof ( $vals2 ); $j ++ ) {
2003-06-01 10:02:44 +00:00
$return -> quota [ $i ][ $j ] = $vals2 [ $j ];
2003-05-07 16:53:03 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $return -> quota [ $i ][ 4 ] < $time ) $return -> quota [ $i ][ 4 ] = '' ;
2003-08-03 13:22:12 +00:00
else $return -> quota [ $i ][ 4 ] = strval (( $return -> quota [ $i ][ 4 ] - $time ) / 3600 ) . ' ' . _ ( 'hours' );
2003-06-01 10:02:44 +00:00
if ( $return -> quota [ $i ][ 8 ] < $time ) $return -> quota [ $i ][ 8 ] = '' ;
2003-08-03 13:22:12 +00:00
else $return -> quota [ $i ][ 8 ] = strval (( $return -> quota [ $i ][ 8 ] - $time ) / 3600 ) . ' ' . _ ( 'hours' );
2003-05-07 16:53:03 +00:00
}
2003-06-01 10:02:44 +00:00
return $return ;
2003-05-07 16:53:03 +00:00
}
2003-10-19 17:04:49 +00:00
/* Whis function will set the quotas from the specified user .
* $values = object account with quotas which should be set
* $values_old = object account if set values and values_old will be compared . Quota will only be changed
* if values differ
*/
function setquotas ( $values , $values_old = false ) {
// get username and password of the current lam-admin
2003-05-13 10:54:53 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
* admin - username , admin - password , account with quotas , 'quota' , operation = 'set' , type = user | group
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-10-23 11:12:04 +00:00
$towrite = escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]) . ' ' . escapeshellarg ( $values -> general_username ) . ' quota set ' ;
2003-10-19 17:04:49 +00:00
if ( $values -> type == 'user' ) $towrite = $towrite . 'u ' ;
2003-05-13 10:54:53 +00:00
else $towrite = $towrite . 'g ' ;
$i = 0 ;
2003-10-19 17:04:49 +00:00
/* Check wich quotas have changed
* Because we can not send an array to lamdaemon . pl we have to put all
* values in a string . ':' sepraeates the first array , ',' the second
*
* $values -> quota [][] First array is an index for every chare with active quotas
* second array Contains values for every share :
* mountpoint , used blocks , soft block limit , hard block limit , grace block period , used inodes ,
* soft inode limit , hard inode limit , grace inode period
*/
2003-06-01 10:02:44 +00:00
while ( $values -> quota [ $i ][ 0 ]) {
if ( $values -> quota [ $i ] != $values_old -> quota [ $i ]) {
2003-10-23 11:12:04 +00:00
$quotastring = $quotastring . $values -> quota [ $i ][ 0 ] . ',' . $values -> quota [ $i ][ 2 ] . ',' . $values -> quota [ $i ][ 3 ]
2003-06-01 10:02:44 +00:00
. ',' . $values -> quota [ $i ][ 6 ] . ',' . $values -> quota [ $i ][ 7 ] . ':' ;
2003-05-13 10:54:53 +00:00
}
2003-05-15 20:59:26 +00:00
$i ++ ;
2003-05-13 10:54:53 +00:00
}
2003-10-23 11:12:04 +00:00
$towrite = $towrite . escapeshellarg ( $quotastring );
2003-10-19 17:04:49 +00:00
/* scriptServer is the IP to remote - host to which lam should connect via ssh
* scriptPath is Path to lamdaemon . pl on remote system
* only run lamdaemon . pl if quotas are really set , $i != 0
*/
2003-10-23 11:12:04 +00:00
if ( $i != 0 ) exec (( " perl " . escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " . $towrite ), $vals );
2003-05-13 10:54:53 +00:00
}
2003-10-19 17:04:49 +00:00
/* Whis function will remove the quotas from the specified user .
* $user = username of which quta should be deleted
* $type = user or group
* Delteing quotas means settings all values to 0 which means no quotas
*/
function remquotas ( $user , $type ) {
// get username and password of the current lam-admin
2003-05-15 20:59:26 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
* admin - username , admin - password , account with quotas , 'quota' , operation = 'rem' , type = user | group
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-10-23 11:12:04 +00:00
$towrite = escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]) . ' ' . escapeshellarg ( $user ) . ' quota rem ' ;
2003-06-01 10:02:44 +00:00
if ( $type == 'user' ) $towrite = $towrite . 'u ' ;
2003-05-15 20:59:26 +00:00
else $towrite = $towrite . 'g ' ;
2003-10-19 17:04:49 +00:00
/* scriptServer is the IP to remote - host to which lam should connect via ssh
* scriptPath is Path to lamdaemon . pl on remote system
*/
2003-10-23 11:12:04 +00:00
exec (( " perl " . escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " . $towrite ), $vals );
2003-05-15 20:59:26 +00:00
}
2003-05-13 10:54:53 +00:00
2003-10-19 17:04:49 +00:00
/* Create Homedirectory
* lamdaemon . pl uses getpwnam on remote system to get homedir path .
* Therefore ldap have to be used on remote system for user accounts
* $user = username
*/
function addhomedir ( $user ) {
// get username and password of the current lam-admin
2003-05-13 10:54:53 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
* admin - username , admin - password , owner of homedir , 'home' , operation = 'add'
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-10-23 11:12:04 +00:00
$towrite = escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]) . ' ' . escapeshellarg ( $user ) . ' home add' ;
2003-10-19 17:04:49 +00:00
/* scriptServer is the IP to remote - host to which lam should connect via ssh
* scriptPath is Path to lamdaemon . pl on remote system
*/
2003-10-23 11:12:04 +00:00
exec (( " perl " . escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " . $towrite ), $vals );
2003-05-13 10:54:53 +00:00
}
2003-10-19 17:04:49 +00:00
/* Remove Homedirectory
* lamdaemon . pl uses getpwnam on remote system to get homedir path .
* Therefore ldap have to be used on remote system for user accounts
* This also means you have to remove the homedirectory before the
* account is removed from ldap
* $user = username
*/
function remhomedir ( $user ) {
// get username and password of the current lam-admin
2003-05-13 10:54:53 +00:00
$ldap_q = $_SESSION [ 'ldap' ] -> decrypt ();
2003-10-19 17:04:49 +00:00
/* $towrite has the following syntax :
* admin - username , admin - password , owner of homedir , 'home' , operation = 'rem'
2003-10-23 11:12:04 +00:00
* use escapeshellarg to make exec () shell - safe
2003-10-19 17:04:49 +00:00
*/
2003-10-23 11:12:04 +00:00
$towrite = escapeshellarg ( $ldap_q [ 0 ]) . ' ' . escapeshellarg ( $ldap_q [ 1 ]) . ' ' . escapeshellarg ( $user ) . ' home rem' ;
2003-10-19 17:04:49 +00:00
/* scriptServer is the IP to remote - host to which lam should connect via ssh
* scriptPath is Path to lamdaemon . pl on remote system
*/
2003-10-23 11:12:04 +00:00
exec (( " perl " . escapeshellarg ( $_SESSION [ 'lampath' ] . " lib/lamdaemon.pl " ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptServer ) . " " . escapeshellarg ( $_SESSION [ 'config' ] -> scriptPath ) . " " . $towrite ), $vals );
2003-05-13 10:54:53 +00:00
}
2003-10-19 17:04:49 +00:00
/* This function maintains the ldap - cache which is used to reduce ldap requests
* If the array is older than $_SESSION [ 'config' ] -> get_cacheTimeoutSec () it will
* be recreated
*
* $type can be user | group | host .
*
* $_SESSION [ 'xxxxDN' ] contains all attributes which are needed very often from
* more than one function
* $_SESSION [ 'xxxx' DN ' ][ 0 ] contains the creation time of the array as unix timestamp .
* All other entries have the following syntax :
* $_SESSION [ 'xxxx' DN ' ][ $dn ][ $attributes ]
* $dn = DN of cached entry
* $attributes = All cached attributes of DN
* The cache contains the following attributes :
* user : cn , uidNumber
* group : cn , gidNumber
* host : cn , uidNumber
*/
function ldapreload ( $type ) {
2003-08-18 11:16:37 +00:00
switch ( $type ) {
case 'user' :
2003-10-19 17:04:49 +00:00
// Do we have to recreate array?
2003-08-18 17:41:34 +00:00
if (( ! isset ( $_SESSION [ 'userDN' ])) || ( $_SESSION [ 'userDN' ][ 0 ] < time () - $_SESSION [ 'config' ] -> get_cacheTimeoutSec ())) {
2003-10-19 17:04:49 +00:00
// Remove old array
2003-08-18 11:16:37 +00:00
if ( isset ( $_SESSION [ 'userDN' ])) unset ( $_SESSION [ 'userDN' ]);
2003-10-19 17:04:49 +00:00
// insert timestamp in array
2003-08-18 11:16:37 +00:00
$_SESSION [ 'userDN' ][ 0 ] = time ();
2003-10-19 17:04:49 +00:00
// Search 4 values which should be cached
2003-08-18 11:16:37 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_UserSuffix (),
2003-10-28 18:24:30 +00:00
'(&(objectClass=posixAccount)(!(uid=*$)))' , array ( 'cn' , 'uidNumber' ), 0 );
2003-10-19 17:04:49 +00:00
// Write search result in array
2003-08-18 11:16:37 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr [ 'cn' ][ 0 ]))
$_SESSION [ 'userDN' ][ $dn ][ 'cn' ] = $attr [ 'cn' ][ 0 ];
if ( isset ( $attr [ 'uidNumber' ][ 0 ]))
$_SESSION [ 'userDN' ][ $dn ][ 'uidNumber' ] = $attr [ 'uidNumber' ][ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
}
break ;
case 'group' :
2003-10-19 17:04:49 +00:00
// Do we have to recreate array?
2003-08-18 17:41:34 +00:00
if (( ! isset ( $_SESSION [ 'groupDN' ])) || ( $_SESSION [ 'groupDN' ][ 0 ] < time () - $_SESSION [ 'config' ] -> get_cacheTimeoutSec ())) {
2003-10-19 17:04:49 +00:00
// Remove old array
2003-08-18 11:16:37 +00:00
if ( isset ( $_SESSION [ 'groupDN' ])) unset ( $_SESSION [ 'groupDN' ]);
2003-10-19 17:04:49 +00:00
// insert timestamp in array
2003-08-18 11:16:37 +00:00
$_SESSION [ 'groupDN' ][ 0 ] = time ();
2003-10-19 17:04:49 +00:00
// Search 4 values which should be cached
2003-08-18 11:16:37 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (),
2003-10-19 17:04:49 +00:00
'objectClass=posixGroup' , array ( 'gidNumber' , 'cn' ), 0 );
// Write search result in array
2003-08-18 11:16:37 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr [ 'gidNumber' ][ 0 ]))
2003-08-18 17:41:34 +00:00
$_SESSION [ 'groupDN' ][ $dn ][ 'uidNumber' ] = $attr [ 'gidNumber' ][ 0 ];
2003-08-18 11:16:37 +00:00
if ( isset ( $attr [ 'cn' ][ 0 ]))
$_SESSION [ 'groupDN' ][ $dn ][ 'cn' ] = $attr [ 'cn' ][ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
}
break ;
case 'host' :
2003-10-19 17:04:49 +00:00
// Do we have to recreate array?
2003-08-18 17:41:34 +00:00
if (( ! isset ( $_SESSION [ 'hostDN' ])) || ( $_SESSION [ 'hostDN' ][ 0 ] < time () - $_SESSION [ 'config' ] -> get_cacheTimeoutSec ())) {
2003-10-19 17:04:49 +00:00
// Remove old array
2003-08-18 11:16:37 +00:00
if ( isset ( $_SESSION [ 'hostDN' ])) unset ( $_SESSION [ 'hostDN' ]);
2003-10-19 17:04:49 +00:00
// insert timestamp in array
2003-08-18 11:16:37 +00:00
$_SESSION [ 'hostDN' ][ 0 ] = time ();
2003-10-19 17:04:49 +00:00
// Search 4 values which should be cached
2003-08-18 11:16:37 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_HostSuffix (),
2003-10-28 18:24:30 +00:00
'(&(objectClass=posixAccount)(uid=*$))' , array ( 'cn' , 'uidNumber' ), 0 );
2003-10-19 17:04:49 +00:00
// Write search result in array
2003-08-18 11:16:37 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr [ 'cn' ][ 0 ]))
$_SESSION [ 'hostDN' ][ $dn ][ 'cn' ] = $attr [ 'cn' ][ 0 ];
if ( isset ( $attr [ 'uidNumber' ][ 0 ]))
$_SESSION [ 'hostDN' ][ $dn ][ 'uidNumber' ] = $attr [ 'uidNumber' ][ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
}
break ;
}
return 0 ;
}
2003-10-19 17:04:49 +00:00
/* This function will search in cache if the DN already exists
* $values is an account - object
* $values_old is an account - object
* $values_old is needed because we don ' t want to raise
* an error if the DN allredy exists but is the original DN
*/
function ldapexists ( $values , $values_old = false ) {
switch ( $values -> type ) {
2003-05-16 20:00:45 +00:00
case 'user' :
2003-10-19 17:04:49 +00:00
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'user' );
2003-10-19 17:04:49 +00:00
// Entry which we search in ldap ',' is needed to ensure the complete username is checked
$search = 'uid=' . $values -> general_username . ',' ;
// Get copy of cache-array
2003-08-18 11:16:37 +00:00
$keys = array_keys ( $_SESSION [ 'userDN' ]);
2003-05-16 20:00:45 +00:00
break ;
case 'group' :
2003-10-19 17:04:49 +00:00
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'group' );
2003-10-19 17:04:49 +00:00
// Entry which we search in ldap ',' is needed to ensure the complete username is checked
$search = 'cn=' . $values -> general_username . ',' ;
// Get copy of cache-array and
2003-08-18 11:16:37 +00:00
$keys = array_keys ( $_SESSION [ 'groupDN' ]);
2003-05-16 20:00:45 +00:00
break ;
case 'host' :
2003-10-19 17:04:49 +00:00
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'host' );
2003-10-19 17:04:49 +00:00
// Entry which we search in ldap ',' is needed to ensure the complete username is checked
$search = 'uid=' . $values -> general_username . ',' ;
// Get copy of cache-array
2003-08-18 11:16:37 +00:00
$keys = array_keys ( $_SESSION [ 'hostDN' ]);
2003-05-16 20:00:45 +00:00
break ;
2003-04-23 15:47:00 +00:00
}
2003-10-19 17:04:49 +00:00
// Remove timestamp stored in [0]
unset ( $keys [ 0 ]);
$keys = array_values ( $keys );
if ( ! $values_old ) {
// Create new account
// Check if entry allready exists
foreach ( $keys as $key )
if ( strstr ( $key , $search )) return sprintf ( _ ( '%s already exists!' ), $values -> type );
}
// edit existing account and don't create a new one
else if ( $values_old -> general_username != $values -> general_username ) {
foreach ( $keys as $key )
if ( strstr ( $key , $search )) return sprintf ( _ ( '%s already exists!' ), $values -> type );
}
2003-04-23 15:47:00 +00:00
return 0 ;
}
2003-10-19 17:04:49 +00:00
/* This function will return an array with all groupnames
* found in ldap . Groupnames are taken from cache - array .
*/
function findgroups () {
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'group' );
2003-10-19 17:04:49 +00:00
// Get copy of cache-array
2003-08-18 18:46:33 +00:00
$groups = $_SESSION [ 'groupDN' ];
2003-10-19 17:04:49 +00:00
// Remove timestamp stored in [0]
2003-08-18 18:46:33 +00:00
unset ( $groups [ 0 ]);
2003-10-19 17:04:49 +00:00
// Create and sort array
2003-08-18 18:46:33 +00:00
foreach ( $groups as $group ) {
$return [] = $group [ 'cn' ];
}
sort ( $return , SORT_STRING );
return $return ;
2003-04-23 15:47:00 +00:00
}
2003-10-19 17:04:49 +00:00
/* This function will return the gidNumber to an existing groupname
* gidNumbers are taken from cache - array
*/
function getgid ( $groupname ) {
// Validate cache-array
2003-08-18 11:16:37 +00:00
ldapreload ( 'group' );
2003-10-19 17:04:49 +00:00
// Get copy of cache-array
2003-08-18 18:46:33 +00:00
$keys = $_SESSION [ 'groupDN' ];
2003-10-19 17:04:49 +00:00
// Remove timestamp stored in [0]
2003-08-18 11:16:37 +00:00
unset ( $keys [ 0 ]);
2003-10-19 17:04:49 +00:00
// Return gidNumber as soon as it's found
2003-08-18 18:46:33 +00:00
foreach ( $keys as $key ) {
if ( $key [ 'cn' ] == $groupname ) return $key [ 'uidNumber' ];
}
2003-10-19 17:04:49 +00:00
// return -1 if groupname isn't found
2003-07-10 12:25:29 +00:00
return - 1 ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will return the groupname to an existing gidNumber
* groupnames are taken from cache - array
*/
function getgrnam ( $gidNumber ) {
// Validate cache-array
ldapreload ( 'group' );
// Get copy of cache-array
$groupDN_local = $_SESSION [ 'groupDN' ];
// Remove timestamp stored in [0]
unset ( $groupDN_local [ 0 ]);
// Now we only have an array with DNs
$groupDN_local = array_keys ( $groupDN_local );
$i = 0 ;
// Loop until we've found the right uidNumber
while ( ! isset ( $return ) && isset ( $_SESSION [ 'groupDN' ][ $groupDN_local [ $i ]][ 'uidNumber' ])) {
if ( $_SESSION [ 'groupDN' ][ $groupDN_local [ $i ]][ 'uidNumber' ] == $gidNumber ) {
// We've found the correct entry. Now we need the groupname
2003-10-22 13:57:32 +00:00
$return = $_SESSION [ 'groupDN' ][ $groupDN_local [ $i ]][ 'cn' ];
2003-10-20 17:56:52 +00:00
}
// Increase loop-variable if entry wasn't found
else $i ++ ;
}
// Set $return to -1 if no group was found
if ( ! isset ( $return )) $return = - 1 ;
return $return ;
}
2003-04-23 15:47:00 +00:00
2003-10-19 17:04:49 +00:00
/* This function will return an unuesed id - number if $values -> general_uidNumber is not set and $values_old is false
* If values_old is true and $values -> general_uidNumber is not set the original id - number is returned
* If $values -> general_uidNumber is set id - number is checked . If it ' s allready in use an error will be reported
* id - numbers are taken from cache - array
* $values and $values_old are account objects
* Return - Values is an integer id - number or an string - error
*/
function checkid ( $values , $values_old = false ) {
switch ( $values -> type ) {
2003-10-20 17:56:52 +00:00
case 'group' :
// Validate cache-array
ldapreload ( 'group' );
// Load all needed variables from session
$minID = intval ( $_SESSION [ 'config' ] -> get_MinGID ());
$maxID = intval ( $_SESSION [ 'config' ] -> get_MaxGID ());
// Get copy of cache-array
$temp = $_SESSION [ 'groupDN' ];
break ;
2003-04-23 15:47:00 +00:00
case 'user' :
2003-10-19 17:04:49 +00:00
/* Validate cache - array
* Because users and hosts are using the same id - numbers we have to merge
* both cache - arrays
*/
2003-09-12 07:16:23 +00:00
ldapreload ( 'user' );
2003-10-17 07:58:43 +00:00
ldapreload ( 'host' );
2003-10-19 17:04:49 +00:00
// Load all needed variables from session
2003-06-05 17:25:52 +00:00
$minID = intval ( $_SESSION [ 'config' ] -> get_minUID ());
$maxID = intval ( $_SESSION [ 'config' ] -> get_maxUID ());
2003-10-19 17:04:49 +00:00
// load and merge arrays
$temp = $_SESSION [ 'userDN' ];
// Remove timestamp stored in [0]
unset ( $temp [ 0 ]);
// put only uidNumbers in array
foreach ( $temp as $key ) $uids [] = $key [ 'uidNumber' ];
$temp = $_SESSION [ 'hostDN' ];
2003-04-23 15:47:00 +00:00
break ;
case 'host' :
2003-10-19 17:04:49 +00:00
/* Validate cache - array
* Because users and hosts are using the same id - numbers we have to merge
* both cache - arrays
*/
2003-10-17 07:58:43 +00:00
ldapreload ( 'user' );
2003-09-12 07:16:23 +00:00
ldapreload ( 'host' );
2003-10-19 17:04:49 +00:00
// Load all needed variables from session
2003-10-20 17:56:52 +00:00
$minID = intval ( $_SESSION [ 'config' ] -> get_minMachine ());
$maxID = intval ( $_SESSION [ 'config' ] -> get_maxMachine ());
2003-10-19 17:04:49 +00:00
// load and merge arrays
$temp = $_SESSION [ 'userDN' ];
// Remove timestamp stored in [0]
unset ( $temp [ 0 ]);
// put only uidNumbers in array
foreach ( $temp as $key ) $uids [] = $key [ 'uidNumber' ];
$temp = $_SESSION [ 'hostDN' ];
2003-04-23 15:47:00 +00:00
break ;
}
2003-10-19 17:04:49 +00:00
// Remove timestamp stored in [0]
unset ( $temp [ 0 ]);
2003-10-28 18:24:30 +00:00
// put only uidNumbers in array. Put only uids in array witch are smaller than maxID
foreach ( $temp as $key ) if ( $key [ 'uidNumber' ] < $maxID ) $uids [] = $key [ 'uidNumber' ];
2003-10-19 17:04:49 +00:00
// sort array with uids
if ( is_array ( $uids )) sort ( $uids , SORT_NUMERIC );
2003-09-11 16:55:57 +00:00
if ( $values -> general_uidNumber == '' ) {
2003-10-19 17:04:49 +00:00
// No id-number given
2003-09-12 07:16:23 +00:00
if ( ! isset ( $values_old -> general_uidNumber )) {
2003-10-19 17:04:49 +00:00
// new account -> we have to find a free id-number
if ( count ( $uids ) != 0 ) {
// There are some uids
// Store highest id-number
$id = $uids [ count ( $uids ) - 1 ];
// Return minimum allowed id-number if all found id-numbers are too low
2003-10-21 13:40:13 +00:00
if ( $id < $minID ) return implode ( ':' , array ( $minID , '' ));
2003-10-20 17:56:52 +00:00
// Return higesht used id-number + 1 if it's still in valid range
2003-10-21 13:40:13 +00:00
if ( $id < $maxID ) return implode ( ':' , array ( $id + 1 , '' ));
2003-10-19 17:04:49 +00:00
/* If this function is still running we have to fid a free id - number between
* the used id - numbers
*/
2003-10-17 16:04:57 +00:00
$i = intval ( $minID );
2003-10-19 17:04:49 +00:00
while ( in_array ( $i , $uids )) $i ++ ;
2003-10-21 13:40:13 +00:00
if ( $i > $maxID ) return implode ( ':' , array ( $values -> general_uidNumber , implode ( ';' , array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'No free ID-Number!' )))));
2003-10-28 11:23:06 +00:00
else return implode ( ':' , array ( $i , implode ( ';' , array ( 'WARN' , _ ( 'ID-Number' ), _ ( 'It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.' )))));
2003-05-20 21:12:15 +00:00
}
2003-10-21 13:40:13 +00:00
else return implode ( ':' , array ( $minID , '' ));
2003-10-19 17:04:49 +00:00
// return minimum allowed id-number if no id-numbers are found
2003-04-23 15:47:00 +00:00
}
2003-10-21 13:40:13 +00:00
else return implode ( ':' , array ( $values_old -> general_uidNumber , '' ));
2003-10-19 17:04:49 +00:00
// old account -> return id-number which has been used
}
else {
// Check manual ID
// id-number is out of valid range
2003-10-21 13:40:13 +00:00
if ( $values -> general_uidNumber < $minID || $values -> general_uidNumber > $maxID ) return implode ( ':' , array ( $values -> general_uidNumber , implode ( ';' , array ( 'ERROR' , _ ( 'ID-Number' ), sprintf ( _ ( 'Please enter a value between %s and %s!' ), $minID , $maxID )))));
2003-10-19 17:04:49 +00:00
// $uids is allways an array but not if no entries were found
if ( is_array ( $uids )) {
// id-number is in use and account is a new account
2003-10-21 13:40:13 +00:00
if (( in_array ( $values -> general_uidNumber , $uids )) && ! $values_old ) return implode ( ':' , array ( $values -> general_uidNumber , implode ( ';' , array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'ID is already in use' )))));
2003-10-19 17:04:49 +00:00
// id-number is in use, account is existing account and id-number is not used by itself
if (( in_array ( $values -> general_uidNumber , $uids )) && $values_old && ( $values_old -> general_uidNumber != $values -> general_uidNumber ) )
2003-10-21 13:40:13 +00:00
return implode ( ':' , array ( $values_old -> general_uidNumber , implode ( ';' , array ( 'ERROR' , _ ( 'ID-Number' ), _ ( 'ID is already in use' )))));
2003-09-11 16:55:57 +00:00
}
2003-10-19 17:04:49 +00:00
// return id-number if everything is OK
2003-10-21 13:40:13 +00:00
return implode ( ':' , array ( $values -> general_uidNumber , '' ));
2003-09-11 16:55:57 +00:00
}
2003-04-23 15:47:00 +00:00
}
2003-10-19 17:04:49 +00:00
// This function will return the days from 1.1.1970 until now
function getdays () {
2003-04-23 15:47:00 +00:00
$days = time () / 86400 ;
settype ( $days , 'integer' );
return $days ;
}
2003-10-19 17:04:49 +00:00
/* This function creates all attributes stored in attrFlags . It ' s the same
* syntax used in smbpasswd
* $values is an account - object
* Return value is a string
*/
function smbflag ( $values ) {
// Start character
2003-04-23 15:47:00 +00:00
$flag = " [ " ;
2003-10-19 17:04:49 +00:00
// Add Options
2003-06-01 10:02:44 +00:00
if ( $values -> smb_flagsW ) $flag = $flag . " W " ; else $flag = $flag . " U " ;
if ( $values -> smb_flagsD ) $flag = $flag . " D " ;
if ( $values -> smb_flagsX ) $flag = $flag . " X " ;
2003-10-19 17:04:49 +00:00
// Expand string to fixed length
2003-05-18 09:45:56 +00:00
$flag = str_pad ( $flag , 12 );
2003-10-19 17:04:49 +00:00
// End character
2003-04-23 15:47:00 +00:00
$flag = $flag . " ] " ;
return $flag ;
}
2003-10-19 17:04:49 +00:00
2003-10-20 17:56:52 +00:00
/* This function will load all needed values from an existing user account
2003-10-19 17:04:49 +00:00
* $dn is the dn ( string ) of the user which should be loaded
* return - value is an account - object
*/
function loaduser ( $dn ) {
// Create new object
2003-06-01 10:02:44 +00:00
$return = new account ();
2003-10-19 17:04:49 +00:00
// Set type of account
2003-09-18 13:54:02 +00:00
$return -> type = 'user' ;
2003-10-19 17:04:49 +00:00
// Load userattributes from ldap
2003-05-02 15:32:44 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $dn , " objectclass=PosixAccount " );
2003-04-23 15:47:00 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-06-28 13:14:45 +00:00
$return -> general_dn = ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-04-23 15:47:00 +00:00
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-09-18 13:54:02 +00:00
2003-10-21 15:36:12 +00:00
// Set user samba flag
2003-10-22 13:57:32 +00:00
$account_new -> smb_flagsW = false ;
2003-10-19 17:04:49 +00:00
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
$return -> general_username = $attr [ 'uid' ][ 0 ];
$return -> general_uidNumber = $attr [ 'uidNumber' ][ 0 ];
$return -> general_homedir = $attr [ 'homeDirectory' ][ 0 ];
2003-07-14 12:27:52 +00:00
if ( isset ( $attr [ 'shadowLastChange' ][ 0 ])) $return -> unix_shadowLastChange = $attr [ 'shadowLastChange' ][ 0 ];
if ( isset ( $attr [ 'loginShell' ][ 0 ])) $return -> general_shell = $attr [ 'loginShell' ][ 0 ];
2003-10-19 17:04:49 +00:00
if ( isset ( $attr [ 'gecos' ][ 0 ])) $return -> general_gecos = utf8_decode ( $attr [ 'gecos' ][ 0 ]);
2003-09-18 13:54:02 +00:00
// get groupname
2003-10-20 17:56:52 +00:00
$return -> general_group = getgrnam ( $attr [ 'gidNumber' ][ 0 ]);
2003-09-18 13:54:02 +00:00
// get all additional groupmemberships
2003-10-19 17:04:49 +00:00
// load all groups which have memberUid set to the username which should be loaded
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), " memberUid= " . $attr [ 'uid' ][ 0 ], array ( 'cn' ));
2003-04-23 15:47:00 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-10-19 17:04:49 +00:00
// loop for every group
2003-04-23 15:47:00 +00:00
while ( $entry ) {
$attr2 = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-10-19 17:04:49 +00:00
// Add groupnames to array
if ( $attr2 [ 'cn' ][ 0 ] != $return -> general_group ) $return -> general_groupadd [] = $attr2 [ 'cn' ][ 0 ];
2003-04-23 15:47:00 +00:00
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
2003-09-18 13:54:02 +00:00
2003-10-19 17:04:49 +00:00
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
2003-07-14 12:27:52 +00:00
if ( isset ( $attr [ 'shadowMin' ][ 0 ])) $return -> unix_pwdminage = $attr [ 'shadowMin' ][ 0 ];
if ( isset ( $attr [ 'shadowMax' ][ 0 ])) $return -> unix_pwdmaxage = $attr [ 'shadowMax' ][ 0 ];
if ( isset ( $attr [ 'shadowWarning' ][ 0 ])) $return -> unix_pwdwarn = $attr [ 'shadowWarning' ][ 0 ];
if ( isset ( $attr [ 'shadowInactive' ][ 0 ])) $return -> unix_pwdallowlogin = $attr [ 'shadowInactive' ][ 0 ];
if ( isset ( $attr [ 'shadowExpire' ][ 0 ])) $return -> unix_pwdexpire = $attr [ 'shadowExpire' ][ 0 ] * 86400 ;
2003-09-18 13:54:02 +00:00
2003-10-19 17:04:49 +00:00
// load hosts attributes if set
2003-08-11 12:40:06 +00:00
$i = 0 ;
while ( isset ( $attr [ 'host' ][ $i ])) {
if ( $i == 0 ) $return -> unix_host = $attr [ 'host' ][ $i ];
else $return -> unix_host = $return -> unix_host . ', ' . $attr [ 'host' ][ $i ];
$i ++ ;
}
2003-09-18 13:54:02 +00:00
2003-10-19 17:04:49 +00:00
// load objectclasses
$i = 0 ;
2003-08-12 19:45:24 +00:00
while ( isset ( $attr [ 'objectClass' ][ $i ])) {
$return -> general_objectClass [ $i ] = $attr [ 'objectClass' ][ $i ];
$i ++ ;
}
2003-09-18 13:54:02 +00:00
// load personal settings
if ( isset ( $attr [ 'givenName' ][ 0 ])) $return -> general_givenname = utf8_decode ( $attr [ 'givenName' ][ 0 ]);
if ( isset ( $attr [ 'sn' ][ 0 ])) $return -> general_surname = utf8_decode ( $attr [ 'sn' ][ 0 ]);
if ( isset ( $attr [ 'title' ][ 0 ])) $return -> personal_title = utf8_decode ( $attr [ 'title' ][ 0 ]);
if ( isset ( $attr [ 'mail' ][ 0 ])) $return -> personal_mail = utf8_decode ( $attr [ 'mail' ][ 0 ]);
if ( isset ( $attr [ 'telephoneNumber' ][ 0 ])) $return -> personal_telephoneNumber = utf8_decode ( $attr [ 'telephoneNumber' ][ 0 ]);
if ( isset ( $attr [ 'mobilemobileTelephoneNumber' ][ 0 ])) $return -> personal_mobileTelephoneNumber = utf8_decode ( $attr [ 'mobilemobileTelephoneNumber' ][ 0 ]);
else if ( isset ( $attr [ 'mobile' ][ 0 ])) $return -> personal_mobileTelephoneNumber = utf8_decode ( $attr [ 'mobile' ][ 0 ]);
if ( isset ( $attr [ 'facsimileTelephoneNumber' ][ 0 ])) $return -> personal_facsimileTelephoneNumber = utf8_decode ( $attr [ 'facsimileTelephoneNumber' ][ 0 ]);
if ( isset ( $attr [ 'street' ][ 0 ])) $return -> personal_street = utf8_decode ( $attr [ 'street' ][ 0 ]);
if ( isset ( $attr [ 'postalCode' ][ 0 ])) $return -> personal_postalCode = utf8_decode ( $attr [ 'postalCode' ][ 0 ]);
if ( isset ( $attr [ 'postalAddress' ][ 0 ])) $return -> personal_postalAddress = utf8_decode ( $attr [ 'postalAddress' ][ 0 ]);
if ( isset ( $attr [ 'employeeType' ][ 0 ])) $return -> personal_employeeType = utf8_decode ( $attr [ 'employeeType' ][ 0 ]);
2003-10-17 16:04:57 +00:00
if ( isset ( $attr [ 'userPassword' ][ 0 ])) {
$return -> unix_password = $attr [ 'userPassword' ][ 0 ];
2003-10-20 17:56:52 +00:00
$return -> unix_deactivated =! pwd_is_enabled ( $attr [ 'userPassword' ][ 0 ]);
2003-10-17 16:04:57 +00:00
}
2003-09-18 13:54:02 +00:00
if ( isset ( $attr [ 'displayName' ][ 0 ])) $return -> smb_displayName = utf8_decode ( $attr [ 'displayName' ][ 0 ]);
2003-10-19 17:04:49 +00:00
// sambaSamAccount (Samba3) is used.
2003-09-18 13:54:02 +00:00
if ( in_array ( 'sambaSamAccount' , $attr [ 'objectClass' ])) {
2003-10-19 17:04:49 +00:00
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
2003-07-14 12:27:52 +00:00
if ( isset ( $attr [ 'sambaAcctFlags' ][ 0 ])) {
2003-10-19 17:04:49 +00:00
// a user is no workstation
$return -> smb_flagsW = false ;
2003-06-26 16:26:06 +00:00
if ( strrpos ( $attr [ 'sambaAcctFlags' ][ 0 ], 'D' )) $return -> smb_flagsD = true ;
if ( strrpos ( $attr [ 'sambaAcctFlags' ][ 0 ], 'X' )) $return -> smb_flagsX = true ;
}
2003-07-14 12:27:52 +00:00
if ( isset ( $attr [ 'sambaPwdCanChange' ][ 0 ])) $return -> smb_pwdcanchange = $attr [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr [ 'sambaPwdMustChange' ][ 0 ])) $return -> smb_pwdmustchange = $attr [ 'sambaPwdMustChange' ][ 0 ];
2003-08-14 12:49:11 +00:00
if ( isset ( $attr [ 'sambaHomePath' ][ 0 ])) $return -> smb_smbhome = utf8_decode ( $attr [ 'sambaHomePath' ][ 0 ]);
2003-07-14 12:27:52 +00:00
if ( isset ( $attr [ 'sambaHomeDrive' ][ 0 ])) $return -> smb_homedrive = $attr [ 'sambaHomeDrive' ][ 0 ];
2003-08-14 12:49:11 +00:00
if ( isset ( $attr [ 'sambaLogonScript' ][ 0 ])) $return -> smb_scriptPath = utf8_decode ( $attr [ 'sambaLogonScript' ][ 0 ]);
2003-07-14 12:27:52 +00:00
if ( isset ( $attr [ 'sambaProfilePath' ][ 0 ])) $return -> smb_profilePath = $attr [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr [ 'sambaUserWorkstations' ][ 0 ])) $return -> smb_smbuserworkstations = $attr [ 'sambaUserWorkstations' ][ 0 ];
if ( isset ( $attr [ 'sambaNTPassword' ][ 0 ])) $return -> smb_password = $attr [ 'sambaNTPassword' ][ 0 ];
2003-09-18 13:54:02 +00:00
if ( isset ( $attr [ 'sambaDomainName' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-19 17:04:49 +00:00
// store smb_domain as samba3domain-Object
2003-09-18 13:54:02 +00:00
$samba3domains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ config ] -> get_domainSuffix ());
2003-10-17 07:58:43 +00:00
$i = 0 ;
2003-10-22 13:57:32 +00:00
while ( ! isset ( $return -> smb_domain ) && ( count ( $samba3domains ) > $i )) {
2003-10-20 17:56:52 +00:00
if ( $attr [ 'sambaDomainName' ][ 0 ] == $samba3domains [ $i ] -> name )
2003-10-17 07:58:43 +00:00
$return -> smb_domain = $samba3domains [ $i ];
else $i ++ ;
}
2003-09-18 13:54:02 +00:00
}
2003-10-19 17:04:49 +00:00
// store smb_domain as string
2003-10-20 17:56:52 +00:00
if ( ! isset ( $return -> smb_domain )) $return -> smb_domain = $attr [ 'sambaDomainName' ];
2003-09-18 13:54:02 +00:00
}
if ( isset ( $attr [ 'sambaPrimaryGroupSID' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ())
2003-10-19 17:04:49 +00:00
// store "real" SID if we want to save user as samba3 entry
2003-09-18 13:54:02 +00:00
$return -> smb_mapgroup = $attr [ 'sambaPrimaryGroupSID' ][ 0 ];
2003-10-19 17:04:49 +00:00
// store "calculated" id if we want to save user as samba2.2 entry
2003-09-18 13:54:02 +00:00
else $return -> smb_mapgroup = 2 * $attr [ 'gidNumber' ][ 0 ] + 1001 ;
}
// return value to prevent loaded values to be overwritten from old samba 2.2 attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) return $return ;
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
2003-10-19 17:04:49 +00:00
// sambaSamAccount (Samba2.2) is used.
2003-09-18 13:54:02 +00:00
if ( in_array ( 'sambaAccount' , $attr [ 'objectClass' ])) {
2003-08-14 12:49:11 +00:00
if ( isset ( $attr [ 'acctFlags' ][ 0 ])) {
2003-10-20 17:56:52 +00:00
// a user is no workstation
2003-10-19 17:04:49 +00:00
$return -> smb_flagsW = false ;
2003-08-14 12:49:11 +00:00
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'D' )) $return -> smb_flagsD = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'X' )) $return -> smb_flagsX = true ;
2003-06-26 16:26:06 +00:00
}
2003-08-14 12:49:11 +00:00
if ( isset ( $attr [ 'ntPassword' ][ 0 ])) $return -> smb_password = $attr [ 'ntPassword' ][ 0 ];
if ( isset ( $attr [ 'smbHome' ][ 0 ])) $return -> smb_smbhome = utf8_decode ( $attr [ 'smbHome' ][ 0 ]);
if ( isset ( $attr [ 'pwdCanChange' ][ 0 ])) $return -> smb_pwdcanchange = $attr [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr [ 'pwdMustChange' ][ 0 ])) $return -> smb_pwdmustchange = $attr [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr [ 'homeDrive' ][ 0 ])) $return -> smb_homedrive = $attr [ 'homeDrive' ][ 0 ];
if ( isset ( $attr [ 'scriptPath' ][ 0 ])) $return -> smb_scriptPath = utf8_decode ( $attr [ 'scriptPath' ][ 0 ]);
if ( isset ( $attr [ 'profilePath' ][ 0 ])) $return -> smb_profilePath = $attr [ 'profilePath' ][ 0 ];
if ( isset ( $attr [ 'userWorkstations' ][ 0 ])) $return -> smb_smbuserworkstations = $attr [ 'userWorkstations' ][ 0 ];
2003-09-18 13:54:02 +00:00
if ( isset ( $attr [ 'domain' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-19 17:04:49 +00:00
// store smb_domain as samba3domain-Object
2003-09-18 13:54:02 +00:00
$samba3domains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ config ] -> get_domainSuffix ());
2003-10-20 17:56:52 +00:00
$i = 0 ;
2003-10-22 13:57:32 +00:00
while ( ! isset ( $return -> smb_domain ) && ( count ( $samba3domains ) > $i )) {
2003-10-20 17:56:52 +00:00
if ( $attr [ 'domain' ][ 0 ] == $samba3domains [ $i ] -> name )
$return -> smb_domain = $samba3domains [ $i ];
else $i ++ ;
}
2003-09-18 13:54:02 +00:00
}
2003-10-20 17:56:52 +00:00
// store smb_domain as string
if ( ! isset ( $return -> smb_domain )) $return -> smb_domain = $attr [ 'domain' ];
2003-09-18 13:54:02 +00:00
}
if ( isset ( $attr [ 'primaryGroupID' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ())
2003-10-19 17:04:49 +00:00
// store "real" SID if we want to save user as samba3 entry
2003-09-18 13:54:02 +00:00
$return -> smb_mapgroup = $return -> smb_domain -> SID . '-' . ( 2 * $attr [ 'primaryGroupID' ][ 0 ] + 1 );
2003-10-19 17:04:49 +00:00
// store "calculated" id if we want to save user as samba2.2 entry
2003-09-18 13:54:02 +00:00
else $return -> smb_mapgroup = $attr [ 'primaryGroupID' ][ 0 ];
2003-06-05 11:36:54 +00:00
}
}
2003-06-01 10:02:44 +00:00
return $return ;
2003-04-23 15:47:00 +00:00
}
2003-10-19 17:04:49 +00:00
2003-10-20 17:56:52 +00:00
/* This function will load all needed values from an existing host account
* $dn is the dn ( string ) of the host which should be loaded
* return - value is an account - object
*/
function loadhost ( $dn ) {
// Create new object
2003-06-01 10:02:44 +00:00
$return = new account ();
2003-10-20 17:56:52 +00:00
// Set type of account
2003-09-17 16:57:01 +00:00
$return -> type = 'host' ;
2003-10-20 17:56:52 +00:00
// Load hostattributes from ldap
2003-05-02 15:32:44 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $dn , " objectclass=PosixAccount " );
2003-04-23 15:47:00 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-06-03 14:01:39 +00:00
$return -> general_dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
2003-04-23 15:47:00 +00:00
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-10-20 17:56:52 +00:00
2003-10-21 13:40:13 +00:00
// Set host samba flags
2003-10-22 13:57:32 +00:00
$return -> smb_flagsW = true ;
$return -> smb_flagsX = true ;
2003-10-20 17:56:52 +00:00
// load objectclasses
2003-08-12 19:45:24 +00:00
$i = 0 ;
while ( isset ( $attr [ 'objectClass' ][ $i ])) {
$return -> general_objectClass [ $i ] = $attr [ 'objectClass' ][ $i ];
$i ++ ;
}
2003-10-20 17:56:52 +00:00
$return -> general_username = $attr [ 'uid' ][ 0 ];
$return -> general_uidNumber = $attr [ 'uidNumber' ][ 0 ];
2003-08-14 12:49:11 +00:00
if ( isset ( $attr [ 'gecos' ][ 0 ])) $return -> general_gecos = utf8_decode ( $attr [ 'gecos' ][ 0 ]);
2003-09-17 16:57:01 +00:00
// Get Groupname
2003-10-20 17:56:52 +00:00
$return -> general_group = getgrnam ( $attr [ 'gidNumber' ][ 0 ]);
2003-09-18 13:54:02 +00:00
2003-10-20 17:56:52 +00:00
// sambaSamAccount (Samba3) is used.
2003-09-17 16:57:01 +00:00
if ( in_array ( 'sambaSamAccount' , $attr [ 'objectClass' ])) {
2003-10-20 17:56:52 +00:00
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
2003-07-14 12:27:52 +00:00
if ( isset ( $attr [ 'sambaAcctFlags' ][ 0 ])) {
2003-10-20 17:56:52 +00:00
// we load a workstation
$return -> smb_flagsW = true ;
2003-06-26 16:26:06 +00:00
if ( strrpos ( $attr [ 'sambaAcctFlags' ][ 0 ], 'X' )) $return -> smb_flagsX = true ;
2003-10-20 17:56:52 +00:00
// Because the "D"-Flag is ignored for hosts it has been removed
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
if ( isset ( $attr [ 'sambaDomainName' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// store smb_domain as samba3domain-Object
2003-09-18 13:54:02 +00:00
$samba3domains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ config ] -> get_domainSuffix ());
2003-10-20 17:56:52 +00:00
$i = 0 ;
2003-10-22 13:57:32 +00:00
while ( ! isset ( $return -> smb_domain ) && ( count ( $samba3domains ) > $i )) {
2003-10-20 17:56:52 +00:00
if ( $attr [ 'sambaDomainName' ][ 0 ] == $samba3domains [ $i ] -> name )
$return -> smb_domain = $samba3domains [ $i ];
else $i ++ ;
}
2003-09-18 13:54:02 +00:00
}
2003-10-20 17:56:52 +00:00
// store smb_domain as string
if ( ! isset ( $return -> smb_domain )) $return -> smb_domain = $attr [ 'sambaDomainName' ];
2003-09-18 13:54:02 +00:00
}
if ( isset ( $attr [ 'sambaPrimaryGroupSID' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ())
2003-10-20 17:56:52 +00:00
// store "real" SID if we want to save user as samba3 entry
2003-09-18 13:54:02 +00:00
$return -> smb_mapgroup = $attr [ 'sambaPrimaryGroupSID' ][ 0 ];
2003-10-20 17:56:52 +00:00
// store "calculated" id if we want to save user as samba2.2 entry
2003-09-18 13:54:02 +00:00
else $return -> smb_mapgroup = 2 * $attr [ 'gidNumber' ][ 0 ] + 1001 ;
2003-09-17 16:57:01 +00:00
}
// return value to prevent loaded values to be overwritten from old samba 2.2 attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) return $return ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
// sambaSamAccount (Samba2.2) is used.
2003-09-17 16:57:01 +00:00
if ( in_array ( 'sambaAccount' , $attr [ 'objectClass' ])) {
if ( isset ( $attr [ 'acctFlags' ][ 0 ])) {
2003-10-20 17:56:52 +00:00
// we load a workstation
$return -> smb_flagsW = true ;
2003-09-17 16:57:01 +00:00
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'X' )) $return -> smb_flagsX = true ;
2003-10-20 17:56:52 +00:00
// Because the "D"-Flag is ignored for hosts it has been removed
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
if ( isset ( $attr [ 'domain' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// store smb_domain as samba3domain-Object
2003-09-18 13:54:02 +00:00
$samba3domains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ config ] -> get_domainSuffix ());
2003-10-20 17:56:52 +00:00
$i = 0 ;
2003-10-22 13:57:32 +00:00
while ( ! isset ( $return -> smb_domain ) && ( count ( $samba3domains ) > $i )) {
2003-10-20 17:56:52 +00:00
if ( $attr [ 'domain' ][ 0 ] == $samba3domains [ $i ] -> name )
$return -> smb_domain = $samba3domains [ $i ];
else $i ++ ;
}
2003-09-18 13:54:02 +00:00
}
2003-10-20 17:56:52 +00:00
// store smb_domain as string
if ( ! isset ( $return -> smb_domain )) $return -> smb_domain = $attr [ 'domain' ];
2003-09-18 13:54:02 +00:00
}
if ( isset ( $attr [ 'primaryGroupID' ][ 0 ])) {
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ())
2003-10-20 17:56:52 +00:00
// store "real" SID if we want to save user as samba3 entry
2003-09-18 13:54:02 +00:00
$return -> smb_mapgroup = $return -> smb_domain -> SID . '-' . ( 2 * $attr [ 'primaryGroupID' ][ 0 ] + 1 );
2003-10-20 17:56:52 +00:00
// store "calculated" id if we want to save user as samba2.2 entry
2003-09-18 13:54:02 +00:00
else $return -> smb_mapgroup = $attr [ 'primaryGroupID' ][ 0 ];
}
2003-09-17 16:57:01 +00:00
}
2003-06-01 10:02:44 +00:00
return $return ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will load all needed values from an existing group account
* $dn is the dn ( string ) of the group which should be loaded
* return - value is an account - object
*/
function loadgroup ( $dn ) {
// Create new object
2003-06-01 10:02:44 +00:00
$return = new account ();
2003-10-20 17:56:52 +00:00
// Set type of account
$return -> type = 'group' ;
// Load userattributes from ldap
2003-05-02 15:32:44 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $dn , " objectclass=PosixGroup " );
2003-04-23 15:47:00 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-06-03 14:01:39 +00:00
$return -> general_dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
2003-04-23 15:47:00 +00:00
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-10-20 17:56:52 +00:00
/* Write attributes into $return .
* Some values don ' t have to be set . These are only loaded if they are set
*/
// load objectclasses
2003-08-12 19:45:24 +00:00
$i = 0 ;
while ( isset ( $attr [ 'objectClass' ][ $i ])) {
$return -> general_objectClass [ $i ] = $attr [ 'objectClass' ][ $i ];
$i ++ ;
}
2003-10-20 17:56:52 +00:00
// Load Users which are also members of group
2003-09-01 16:04:43 +00:00
$i = 0 ;
while ( isset ( $attr [ 'memberUid' ][ $i ])) {
2003-09-11 16:55:57 +00:00
$return -> unix_memberUid [ $i ] = $attr [ 'memberUid' ][ $i ];
2003-09-01 16:04:43 +00:00
$i ++ ;
}
2003-10-20 17:56:52 +00:00
$return -> general_uidNumber = $attr [ 'gidNumber' ][ 0 ];
$return -> general_username = $attr [ 'cn' ][ 0 ];
2003-09-16 12:44:28 +00:00
if ( isset ( $attr [ 'description' ][ 0 ])) $return -> general_gecos = utf8_decode ( $attr [ 'description' ][ 0 ]);
2003-10-20 17:56:52 +00:00
if ( isset ( $attr [ 'sambaSID' ][ 0 ])) {
// Samba3 Samba 2.2 don't have any objects for groups
2003-08-12 19:45:24 +00:00
$return -> smb_mapgroup = $attr [ 'sambaSID' ][ 0 ];
2003-09-16 12:44:28 +00:00
if ( isset ( $attr [ 'displayName' ][ 0 ])) $return -> smb_displayName = utf8_decode ( $attr [ 'displayName' ][ 0 ]);
// extract SID from sambaSID to find domain
2003-08-12 19:45:24 +00:00
$temp = explode ( '-' , $attr [ 'sambaSID' ][ 0 ]);
$SID = $temp [ 0 ] . '-' . $temp [ 1 ] . '-' . $temp [ 2 ] . '-' . $temp [ 3 ] . '-' . $temp [ 4 ] . '-' . $temp [ 5 ] . '-' . $temp [ 6 ];
$samba3domains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ config ] -> get_domainSuffix ());
2003-10-20 17:56:52 +00:00
$i = 0 ;
2003-10-22 13:57:32 +00:00
while ( ! isset ( $return -> smb_domain ) && ( count ( $samba3domains ) > $i )) {
2003-10-20 17:56:52 +00:00
if ( $SID == $samba3domains [ $i ] -> SID )
$return -> smb_domain = $samba3domains [ $i ];
else $i ++ ;
}
2003-08-12 19:45:24 +00:00
}
2003-06-01 10:02:44 +00:00
return $return ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will create a new user acconut in ldap
* $values is an account - object with all attributes of the user
* return - value is an integer
* 1 == Account has been created
* 2 == Account already exists at different location
* 4 == Error while creating Account
*/
function createuser ( $values ) {
// These Objectclasses are needed for an user account
$attr [ 'objectClass' ][ 0 ] = 'posixAccount' ;
$attr [ 'objectClass' ][ 1 ] = 'shadowAccount' ;
$attr [ 'objectClass' ][ 2 ] = 'inetOrgPerson' ;
// Create DN for new user account
2003-06-26 16:26:06 +00:00
$values -> general_dn = 'uid=' . $values -> general_username . ',' . $values -> general_dn ;
2003-10-20 17:56:52 +00:00
// decrypt password because we don't want to store them unencrypted in session
2003-06-15 20:02:33 +00:00
$iv = base64_decode ( $_COOKIE [ " IV " ]);
$key = base64_decode ( $_COOKIE [ " Key " ]);
if ( $values -> unix_password != '' ) {
$values -> unix_password = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256 , $key , base64_decode ( $values -> unix_password ), MCRYPT_MODE_ECB , $iv );
$values -> unix_password = str_replace ( chr ( 00 ), '' , $values -> unix_password );
}
if ( $values -> smb_password != '' ) {
$values -> smb_password = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256 , $key , base64_decode ( $values -> smb_password ), MCRYPT_MODE_ECB , $iv );
$values -> smb_password = str_replace ( chr ( 00 ), '' , $values -> smb_password );
}
2003-04-23 15:47:00 +00:00
2003-10-20 17:56:52 +00:00
// Attributes which are required
$attr [ 'cn' ] = $values -> general_username ;
$attr [ 'uid' ] = $values -> general_username ;
$attr [ 'uidNumber' ] = $values -> general_uidNumber ;
$attr [ 'gidNumber' ] = getgid ( $values -> general_group );
$attr [ 'homeDirectory' ] = $values -> general_homedir ;
$attr [ 'givenName' ] = utf8_encode ( $values -> general_givenname );
$attr [ 'sn' ] = utf8_encode ( $values -> general_surname );
// values stored in shadowExpire, days since 1.1.1970
2003-10-22 13:57:32 +00:00
if ( isset ( $values -> unix_pwdexpire )) $attr [ 'shadowExpire' ] = intval ( $values -> unix_pwdexpire / 86400 ) ;
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
$attr [ 'loginShell' ] = $values -> general_shell ; // posixAccount_may
$attr [ 'gecos' ] = utf8_encode ( replace_umlaut ( $values -> general_gecos )); // posixAccount_may
$attr [ 'description' ] = utf8_encode ( $values -> general_gecos ); // posixAccount_may sambaAccount_may
if ( $values -> unix_pwdminage != '' ) $attr [ 'shadowMin' ] = $values -> unix_pwdminage ; // shadowAccount_may
if ( $values -> unix_pwdmaxage != '' ) $attr [ 'shadowMax' ] = $values -> unix_pwdmaxage ; // shadowAccount_may
if ( $values -> unix_pwdwarn != '' ) $attr [ 'shadowWarning' ] = $values -> unix_pwdwarn ; // shadowAccount_may
if ( $values -> unix_pwdallowlogin != '' ) $attr [ 'shadowInactive' ] = $values -> unix_pwdallowlogin ; // shadowAccount_may
// Set unix password
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccount_may
if ( $values -> unix_password_no ) $values -> unix_password = '' ;
if ( $values -> unix_deactivated ) $attr [ 'userPassword' ] = pwd_hash ( $values -> unix_password , false );
else $attr [ 'userPassword' ] = pwd_hash ( $values -> unix_password );
// explode host-string and save every allowed host as separate attribute
$values -> unix_host = str_replace ( ' ' , '' , $values -> unix_host );
$hosts = explode ( ',' , $values -> unix_host );
$i = 0 ;
while ( isset ( $hosts [ $i ])) {
if ( $hosts [ $i ] != '' ) $attr [ 'host' ][ $i ] = $hosts [ $i ];
$i ++ ;
}
// Samba attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// Add all attributes as samba3 objectclass
$attr [ 'objectClass' ][ 3 ] = 'sambaSamAccount' ;
2003-06-26 16:26:06 +00:00
if ( $values -> smb_password_no ) {
2003-10-20 17:56:52 +00:00
// Don't set samba-passwords
2003-06-26 16:26:06 +00:00
$attr [ 'sambaNTPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'sambaLMPassword' ] = 'NO PASSWORD*****' ;
}
2003-09-18 13:54:02 +00:00
else {
2003-10-23 11:12:04 +00:00
// use escapeshellarg() to make command shell-secure
2003-10-20 17:56:52 +00:00
// Set samba-passwords with external perl-script
2003-10-23 11:12:04 +00:00
$attr [ 'sambaNTPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " nt " . escapeshellarg ( $values -> smb_password ));
$attr [ 'sambaLMPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " lm " . escapeshellarg ( $values -> smb_password ));
2003-09-18 13:54:02 +00:00
}
2003-10-20 17:56:52 +00:00
$attr [ 'sambaPwdLastSet' ] = time ();
// Generate SID
2003-08-10 19:46:21 +00:00
$attr [ 'sambaSID' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase ); // sambaAccount_may
2003-10-20 17:56:52 +00:00
2003-09-20 07:59:19 +00:00
if ( $values -> smb_mapgroup != '' ) $attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_mapgroup ; // sambaAccount_req
2003-08-19 17:19:41 +00:00
if ( $values -> smb_pwdcanchange != '' ) $attr [ 'sambaPwdCanChange' ] = $values -> smb_pwdcanchange ; // sambaAccount_may
else $attr [ 'sambaPwdCanChange' ] = time (); // sambaAccount_may
2003-08-19 17:22:44 +00:00
if ( $values -> smb_pwdmustchange != '' ) $attr [ 'sambaPwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
else $attr [ 'sambaPwdMustChange' ] = time () + 1000000000 ; // sambaAccount_may
2003-10-17 07:58:43 +00:00
$attr [ 'sambaAcctFlags' ] = smbflag ( $values ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
$attr [ 'displayName' ] = $values -> general_gecos ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if ( $values -> smb_smbhome != '' ) $attr [ 'sambaHomePath' ] = utf8_encode ( $values -> smb_smbhome ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if ( $values -> smb_homedrive != '' ) $attr [ 'sambaHomeDrive' ] = $values -> smb_homedrive ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if ( $values -> smb_scriptPath != '' ) $attr [ 'sambaLogonScript' ] = utf8_encode ( $values -> smb_scriptPath ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if ( $values -> smb_profilePath != '' ) $attr [ 'sambaProfilePath' ] = $values -> smb_profilePath ; // sambaAccount_may
if ( $values -> smb_smbuserworkstations != '' ) $attr [ 'sambaUserWorkstations' ] = $values -> smb_smbuserworkstations ; // sambaAccount_may
2003-08-10 19:46:21 +00:00
if ( $values -> smb_domain != '' ) $attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
else {
2003-10-20 17:56:52 +00:00
// Add all attributes as samba2.2 objectclass
$attr [ 'objectClass' ][ 3 ] = 'sambaAccount' ;
2003-06-26 16:26:06 +00:00
if ( $values -> smb_password_no ) {
2003-10-20 17:56:52 +00:00
// Don't set samba-passwords
2003-06-26 16:26:06 +00:00
$attr [ 'ntPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'lmPassword' ] = 'NO PASSWORD*****' ;
}
2003-09-18 13:54:02 +00:00
else {
2003-10-23 11:12:04 +00:00
// use escapeshellarg() to make command shell-secure
2003-10-20 17:56:52 +00:00
// Set samba-passwords with external perl-script
2003-10-23 11:12:04 +00:00
$attr [ 'ntPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " nt " . escapeshellarg ( $values -> smb_password ));
$attr [ 'lmPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " lm " . escapeshellarg ( $values -> smb_password ));
2003-09-18 13:54:02 +00:00
}
2003-10-20 17:56:52 +00:00
$attr [ 'pwdLastSet' ] = time ();
// Generate pseudo SID
2003-06-26 16:26:06 +00:00
$attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 ); // sambaAccount_may
2003-08-16 09:38:17 +00:00
$attr [ 'primaryGroupID' ] = $values -> smb_mapgroup ; // sambaAccount_req
2003-08-19 17:19:41 +00:00
if ( $values -> smb_pwdcanchange != '' ) $attr [ 'pwdCanChange' ] = $values -> smb_pwdcanchange ; // sambaAccount_may
else $attr [ 'pwdCanChange' ] = time (); // sambaAccount_may
if ( $values -> smb_pwdmustchange != '' ) $attr [ 'pwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
else $attr [ 'pwdMustChange' ] = time () + 1000000000 ; // sambaAccount_may
2003-07-11 14:42:28 +00:00
$attr [ 'pwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
2003-10-17 09:30:13 +00:00
$attr [ 'acctFlags' ] = smbflag ( $values ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
$attr [ 'displayName' ] = $values -> general_gecos ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if ( $values -> smb_smbhome != '' ) $attr [ 'smbHome' ] = utf8_encode ( $values -> smb_smbhome ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if ( $values -> smb_homedrive != '' ) $attr [ 'homeDrive' ] = $values -> smb_homedrive ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if ( $values -> smb_scriptPath != '' ) $attr [ 'scriptPath' ] = utf8_encode ( $values -> smb_scriptPath ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if ( $values -> smb_profilePath != '' ) $attr [ 'profilePath' ] = $values -> smb_profilePath ; // sambaAccount_may
if ( $values -> smb_smbuserworkstations != '' ) $attr [ 'userWorkstations' ] = $values -> smb_smbuserworkstations ; // sambaAccount_may
if ( $values -> smb_domain != '' ) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
}
2003-10-20 17:56:52 +00:00
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-09-18 13:54:02 +00:00
2003-10-20 17:56:52 +00:00
// personal attributes
2003-08-14 14:40:01 +00:00
if ( $values -> personal_title != '' ) $attr [ 'title' ] = utf8_encode ( $values -> personal_title );
if ( $values -> personal_mail != '' ) $attr [ 'mail' ] = utf8_encode ( $values -> personal_mail );
if ( $values -> personal_telephoneNumber != '' ) $attr [ 'telephoneNumber' ] = utf8_encode ( $values -> personal_telephoneNumber );
if ( $values -> personal_mobileTelephoneNumber != '' ) $attr [ 'mobilemobileTelephoneNumber' ] = utf8_encode ( $values -> personal_mobileTelephoneNumber );
if ( $values -> personal_facsimileTelephoneNumber != '' ) $attr [ 'facsimileTelephoneNumber' ] = utf8_encode ( $values -> personal_facsimileTelephoneNumber );
if ( $values -> personal_street != '' ) $attr [ 'street' ] = utf8_encode ( $values -> personal_street );
if ( $values -> personal_postalCode != '' ) $attr [ 'postalCode' ] = utf8_encode ( $values -> personal_postalCode );
if ( $values -> personal_postalAddress != '' ) $attr [ 'postalAddress' ] = utf8_encode ( $values -> personal_postalAddress );
if ( $values -> personal_employeeType != '' ) $attr [ 'employeeType' ] = utf8_encode ( $values -> personal_employeeType );
2003-04-23 15:47:00 +00:00
2003-10-20 17:56:52 +00:00
// Create LDAP user account
2003-06-01 10:02:44 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
2003-10-20 17:56:52 +00:00
// Continue if now error did ocour
2003-05-20 21:12:15 +00:00
if ( ! $success ) return 4 ;
2003-10-20 17:56:52 +00:00
2003-05-20 21:12:15 +00:00
if ( $_SESSION [ 'config' ] -> scriptServer ) {
2003-10-20 17:56:52 +00:00
// lamdaemon.pl should be used
// Set quotas if quotas are used
2003-10-19 17:04:49 +00:00
if ( is_array ( $values -> quota )) setquotas ( $values );
2003-10-20 17:56:52 +00:00
// Create Homedirectory
2003-06-01 10:02:44 +00:00
addhomedir ( $values -> general_username );
2003-05-20 21:12:15 +00:00
}
2003-10-20 17:56:52 +00:00
2003-05-20 21:12:15 +00:00
// Add User to Additional Groups
2003-06-08 19:08:29 +00:00
if ( $values -> general_groupadd [ 0 ])
2003-10-20 17:56:52 +00:00
// Loop for every group
2003-06-01 10:02:44 +00:00
foreach ( $values -> general_groupadd as $group2 ) {
2003-10-20 17:56:52 +00:00
// Search for group in LDAP
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), " (&(objectclass=posixGroup)(cn= $group2 )) " , array ( '' ));
2003-05-20 21:12:15 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-10-20 17:56:52 +00:00
// Get DN
2003-08-19 10:24:22 +00:00
$dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
2003-10-20 17:56:52 +00:00
// Add user to group
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), $dn , array ( 'memberUid' => $values -> general_username ));
2003-05-20 21:12:15 +00:00
if ( ! $success ) return 4 ;
}
2003-10-20 17:56:52 +00:00
// Add new user to cache-array
2003-08-18 17:41:34 +00:00
if (( isset ( $_SESSION [ 'userDN' ]))) {
$_SESSION [ 'userDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'userDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
}
2003-10-20 17:56:52 +00:00
// Everything is OK, return 1
2003-05-20 21:12:15 +00:00
return 1 ;
}
2003-10-20 17:56:52 +00:00
/* This function will modify a user acconut in ldap
* $values and $values_old are an account - object with all
* attributes of the user .
* Only attributes which have changed will be written
* return - value is an integer
* 2 == Account already exists at different location
* 3 == Account has been modified
* 5 == Error while modifying Account
*/
2003-06-01 10:02:44 +00:00
function modifyuser ( $values , $values_old ) { // Will modify the LDAP-Account
2003-10-20 17:56:52 +00:00
// Add missing objectclasses to user
if ( ! in_array ( 'posixAccount' , $values -> general_objectClass )) {
$attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'posixAccount' ;
2003-06-21 12:37:57 +00:00
}
2003-10-20 17:56:52 +00:00
if ( ! in_array ( 'shadowAccount' , $values -> general_objectClass )) {
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'shadowAccount' ;
2003-06-21 12:37:57 +00:00
}
2003-10-20 17:56:52 +00:00
// Create DN for new user account
$values -> general_dn = 'uid=' . $values -> general_username . ',' . $values -> general_dn ;
// decrypt password because we don't want to store them unencrypted in session
$iv = base64_decode ( $_COOKIE [ " IV " ]);
$key = base64_decode ( $_COOKIE [ " Key " ]);
2003-06-15 20:02:33 +00:00
if ( $values -> unix_password != '' ) {
$values -> unix_password = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256 , $key , base64_decode ( $values -> unix_password ), MCRYPT_MODE_ECB , $iv );
$values -> unix_password = str_replace ( chr ( 00 ), '' , $values -> unix_password );
}
if ( $values -> smb_password != '' ) {
$values -> smb_password = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256 , $key , base64_decode ( $values -> smb_password ), MCRYPT_MODE_ECB , $iv );
$values -> smb_password = str_replace ( chr ( 00 ), '' , $values -> smb_password );
}
2003-10-20 17:56:52 +00:00
// Attributes which are required
2003-06-01 10:02:44 +00:00
if ( $values -> general_username != $values_old -> general_username ) {
2003-10-20 17:56:52 +00:00
$attr [ 'cn' ] = $values -> general_username ;
$attr [ 'uid' ] = $values -> general_username ;
2003-05-20 21:12:15 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_uidNumber != $values_old -> general_uidNumber ) {
2003-10-20 17:56:52 +00:00
$attr [ 'uidNumber' ] = $values -> general_uidNumber ;
// Because sambaSid(rid) is related to uidNumber we have to change it if uidNumbaer has changed
if ( $_SESSION [ 'config' ] -> is_samba3 ())
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase );
else $attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 );
2003-05-20 21:12:15 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_group != $values_old -> general_group ) {
2003-10-20 17:56:52 +00:00
$attr [ 'gidNumber' ] = getgid ( $values -> general_group );
// Because primaryGroup(S)ID is related to gidNumber we have to change it if gidNumber has changed
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// We use samba 3 schema
// Change SID only if we don't use a well known SID
2003-10-28 18:24:30 +00:00
if ( $values -> smb_mapgroup == $values -> smb_domain -> SID . '-512' ) $found = true ;
if ( $values -> smb_mapgroup == $values -> smb_domain -> SID . '-513' ) $found = true ;
if ( $values -> smb_mapgroup == $values -> smb_domain -> SID . '-514' ) $found = true ;
if ( ! $found ) $attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " .
( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 );
2003-09-18 13:54:02 +00:00
}
else {
2003-10-20 17:56:52 +00:00
// We use old samba 2.2 schema
// Change SID only if we don't use a well known SID
2003-09-18 13:54:02 +00:00
if ( $values -> smb_mapgroup == '512' ) $found = true ;
if ( $values -> smb_mapgroup == '513' ) $found = true ;
if ( $values -> smb_mapgroup == '514' ) $found = true ;
2003-10-28 18:24:30 +00:00
if ( ! $found ) $attr [ 'primaryGroupID' ] = ( 2 * getgid ( $values -> general_group ) + 1001 );
2003-09-18 13:54:02 +00:00
}
2003-05-20 21:12:15 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_homedir != $values_old -> general_homedir )
2003-10-20 17:56:52 +00:00
$attr [ 'homeDirectory' ] = $values -> general_homedir ;
if ( $values -> general_givenname != $values_old -> general_givenname ) $attr [ 'givenName' ] = utf8_encode ( $values -> general_givenname );
if ( $values -> general_surname != $values_old -> general_surname ) $attr [ 'sn' ] = utf8_encode ( $values -> general_surname );
2003-10-05 10:38:31 +00:00
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
if ( $values -> general_shell != $values_old -> general_shell )
$attr [ 'loginShell' ] = $values -> general_shell ;
if ( $values -> general_gecos != $values_old -> general_gecos ) {
$attr [ 'gecos' ] = utf8_encode ( replace_umlaut ( $values -> general_gecos ));
$attr [ 'description' ] = utf8_encode ( $values -> general_gecos );
2003-10-28 11:23:06 +00:00
}
2003-10-20 17:56:52 +00:00
if (( $values -> unix_pwdminage != $values_old -> unix_pwdminage ) && ( $values -> unix_pwdminage != '' ))
$attr [ 'shadowMin' ] = $values -> unix_pwdminage ; // shadowAccount_may
if (( $values -> unix_pwdminage != $values_old -> unix_pwdminage ) && ( $values -> unix_pwdminage == '' ))
$attr_rem [ 'shadowMin' ] = $values_old -> unix_pwdminage ; // shadowAccount_may
if (( $values -> unix_pwdmaxage != $values_old -> unix_pwdmaxage ) && ( $values -> unix_pwdmaxage != '' ))
$attr [ 'shadowMax' ] = $values -> unix_pwdmaxage ; // shadowAccount_may
if (( $values -> unix_pwdmaxage != $values_old -> unix_pwdmaxage ) && ( $values -> unix_pwdmaxage == '' ))
$attr_rem [ 'shadowMax' ] = $values_old -> unix_pwdmaxage ; // shadowAccount_may
if (( $values -> unix_pwdwarn != $values_old -> unix_pwdwarn ) && ( $values -> unix_pwdwarn != '' ))
$attr [ 'shadowWarning' ] = $values -> unix_pwdwarn ; // shadowAccount_may
2003-10-28 11:23:06 +00:00
if (( $values -> unix_pwdwarn != $values_old -> unix_pwdwarn ) && ( $values -> unix_pwdwarn == '' ))
2003-10-20 17:56:52 +00:00
$attr_rem [ 'shadowWarning' ] = $values_old -> unix_pwdwarn ; // shadowAccount_may
if (( $values -> unix_pwdallowlogin != $values_old -> unix_pwdallowlogin ) && ( $values -> unix_pwdallowlogin != '' ))
$attr [ 'shadowInactive' ] = $values -> unix_pwdallowlogin ; // shadowAccount_may
if (( $values -> unix_pwdallowlogin != $values_old -> unix_pwdallowlogin ) && ( $values -> unix_pwdallowlogin == '' ))
$attr_rem [ 'shadowInactive' ] = $values_old -> unix_pwdallowlogin ; // shadowAccount_may
// Check if shadow expire has changed
2003-10-23 11:12:04 +00:00
if ( $values -> unix_pwdexpire != $values_old -> unix_pwdexpire ) $attr [ 'shadowExpire' ] = intval ( $values -> unix_pwdexpire / 86400 ) ;
2003-10-20 17:56:52 +00:00
// Set unix password
2003-09-24 20:58:34 +00:00
if ( $values -> unix_password == '' ) {
2003-10-20 17:56:52 +00:00
// $values->unix_password=='' means use old password
2003-10-05 10:38:31 +00:00
if ( $values -> unix_deactivated != $values_old -> unix_deactivated ) {
2003-10-20 17:56:52 +00:00
// (de)activate password
// Split old password hash in {CRYPT} and password-hash
2003-10-05 10:38:31 +00:00
$i = 0 ;
while ( $values_old -> unix_password { $i } != '}' ) $i ++ ;
$passwd = substr ( $values_old -> unix_password , $i + 1 );
$crypt = substr ( $values_old -> unix_password , 0 , $i + 1 );
2003-10-20 17:56:52 +00:00
// remove trailing ! from password hash
2003-10-05 10:38:31 +00:00
if ( $passwd { 0 } == '!' ) $passwd = substr ( $passwd , 1 );
2003-10-20 17:56:52 +00:00
// Write new password
2003-10-05 10:38:31 +00:00
if ( $values -> unix_deactivated ) $attr [ 'userPassword' ] = $crypt . '!' . $passwd ;
else $attr [ 'userPassword' ] = $crypt . $passwd ;
2003-09-24 20:58:34 +00:00
}
2003-10-05 10:38:31 +00:00
if ( $values -> unix_password_no ) {
2003-10-20 17:56:52 +00:00
// use no password
2003-10-05 10:38:31 +00:00
if ( $values -> unix_deactivated ) $attr [ 'userPassword' ] = pwd_hash ( '' , false );
else $attr [ 'userPassword' ] = pwd_hash ( '' );
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccount_may
2003-09-24 20:58:34 +00:00
}
}
else {
2003-10-20 17:56:52 +00:00
// Set new password
2003-10-05 10:38:31 +00:00
if ( $values -> unix_password_no ) $values -> unix_password = '' ;
if ( $values -> unix_deactivated ) $attr [ 'userPassword' ] = pwd_hash ( $values -> unix_password , false );
else $attr [ 'userPassword' ] = pwd_hash ( $values -> unix_password );
2003-09-24 20:58:34 +00:00
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccount_may
2003-10-05 10:38:31 +00:00
}
2003-10-20 17:56:52 +00:00
// explode host-string and save every allowed host as separate attribute
if (( $values -> unix_host != $values_old -> unix_host )) {
$values -> unix_host = str_replace ( ' ' , '' , $values -> unix_host );
$host = explode ( ',' , $values -> unix_host );
$values_old -> unix_host = str_replace ( ' ' , '' , $values_old -> unix_host );
$host_old = explode ( ',' , $values_old -> unix_host );
if ( $host [ 0 ] == '' ) $attr_rem [ 'host' ] = $host_old ;
else if ( $host [ 0 ] != '' ) $attr [ 'host' ] = $host ;
}
2003-09-18 13:54:02 +00:00
2003-10-20 17:56:52 +00:00
// Samba attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
if ( ! in_array ( 'sambaSamAccount' , $values -> general_objectClass )) {
// We have to convert sambaAccount Objectclass to sambaSamAccount objectclass
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaSamAccount' ;
// unset old sambaAccount objectClass
for ( $i = 0 ; $i < count ( $attr [ 'objectClass' ]); $i ++ )
if ( $attr [ 'objectClass' ][ $i ] == 'sambaAccount' ) unset ( $attr [ 'objectClass' ][ $i ]);
$attr [ 'objectClass' ] = array_values ( $attr [ 'objectClass' ]);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
// Add new attributed
if ( isset ( $attr_old [ 'lmPassword' ][ 0 ])) $attr [ 'sambaLMPassword' ] = $attr_old [ 'lmPassword' ][ 0 ];
if ( isset ( $attr_old [ 'ntPassword' ][ 0 ])) $attr [ 'sambaNTPassword' ] = $attr_old [ 'ntPassword' ][ 0 ];
if ( isset ( $attr_old [ 'pwdLastSet' ][ 0 ])) $attr [ 'sambaPwdLastSet' ] = $attr_old [ 'pwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'logonTime' ][ 0 ])) $attr [ 'sambaLogonTime' ] = $attr_old [ 'logonTime' ][ 0 ];
if ( isset ( $attr_old [ 'logoffTime' ][ 0 ])) $attr [ 'sambaLogoffTime' ] = $attr_old [ 'logoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'kickoffTime' ][ 0 ])) $attr [ 'sambaKickoffTime' ] = $attr_old [ 'kickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'pwdCanChange' ][ 0 ])) $attr [ 'sambaPwdCanChange' ] = $attr_old [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'pwdMustChange' ][ 0 ])) $attr [ 'sambaPwdMustChange' ] = $attr_old [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'smbHome' ][ 0 ])) $attr [ 'sambaHomePath' ] = $attr_old [ 'smbHome' ][ 0 ];
if ( isset ( $attr_old [ 'homeDrive' ][ 0 ])) $attr [ 'sambaHomeDrive' ] = $attr_old [ 'homeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'scriptPath' ][ 0 ])) $attr [ 'sambaLogonScript' ] = $attr_old [ 'scriptPath' ][ 0 ];
if ( isset ( $attr_old [ 'profilePath' ][ 0 ])) $attr [ 'sambaProfilePath' ] = $attr_old [ 'profilePath' ][ 0 ];
if ( isset ( $attr_old [ 'userWorkstations' ][ 0 ])) $attr [ 'sambaUserWorkstations' ] = $attr_old [ 'userWorkstations' ][ 0 ];
// Values used from account object
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
$attr [ 'sambaAcctFlags' ] = smbflag ( $values ); // sambaAccount_may
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase ); // sambaAccount_may
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_mapgroup ; // sambaAccount_req
// remove old attributes
if ( in_array ( 'sambaAccount' , $attr_old [ 'objectClass' ])) $attr_rem [ 'objectClass' ] = 'sambaAccount' ;
if ( isset ( $attr_old [ 'lmPassword' ][ 0 ])) $attr_rem [ 'lmPassword' ] = $attr_old [ 'lmPassword' ][ 0 ];
if ( isset ( $attr_old [ 'ntPassword' ][ 0 ])) $attr_rem [ 'ntPassword' ] = $attr_old [ 'ntPassword' ][ 0 ];
if ( isset ( $attr_old [ 'pwdLastSet' ][ 0 ])) $attr_rem [ 'pwdLastSet' ] = $attr_old [ 'pwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'logonTime' ][ 0 ])) $attr_rem [ 'logonTime' ] = $attr_old [ 'logonTime' ][ 0 ];
if ( isset ( $attr_old [ 'kickoffTime' ][ 0 ])) $attr_rem [ 'kickoffTime' ] = $attr_old [ 'kickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'pwdCanChange' ][ 0 ])) $attr_rem [ 'pwdCanChange' ] = $attr_old [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'pwdMustChange' ][ 0 ])) $attr_rem [ 'pwdMustChange' ] = $attr_old [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'smbHome' ][ 0 ])) $attr_rem [ 'smbHome' ] = $attr_old [ 'smbHome' ][ 0 ];
if ( isset ( $attr_old [ 'acctFlags' ][ 0 ])) $attr_rem [ 'acctFlags' ] = $attr_old [ 'acctFlags' ][ 0 ];
if ( isset ( $attr_old [ 'homeDrive' ][ 0 ])) $attr_rem [ 'homeDrive' ] = $attr_old [ 'homeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'scriptPath' ][ 0 ])) $attr_rem [ 'scriptPath' ] = $attr_old [ 'scriptPath' ][ 0 ];
if ( isset ( $attr_old [ 'profilePath' ][ 0 ])) $attr_rem [ 'profilePath' ] = $attr_old [ 'profilePath' ][ 0 ];
if ( isset ( $attr_old [ 'userWorkstations' ][ 0 ])) $attr_rem [ 'userWorkstations' ] = $attr_old [ 'userWorkstations' ][ 0 ];
if ( isset ( $attr_old [ 'primaryGroupID' ][ 0 ])) $attr_rem [ 'primaryGroupID' ] = $attr_old [ 'primaryGroupID' ][ 0 ];
if ( isset ( $attr_old [ 'domain' ][ 0 ])) $attr_rem [ 'domain' ] = $attr_old [ 'domain' ][ 0 ];
if ( isset ( $attr_old [ 'rid' ][ 0 ])) $attr_rem [ 'rid' ] = $attr_old [ 'rid' ][ 0 ];
}
// Set all changed values
2003-06-26 16:26:06 +00:00
if ( $values -> smb_password_no ) {
2003-10-20 17:56:52 +00:00
// use no samba Password
2003-06-26 16:26:06 +00:00
$attr [ 'sambaNTPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'sambaLMPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'sambaPwdLastSet' ] = time (); // sambaAccount_may
}
else
if ( $values -> smb_password != '' ) {
2003-10-23 11:12:04 +00:00
// use escapeshellarg() to make command shell-secure
// Set samba-passwords with external perl-script
$attr [ 'sambaNTPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " nt " . escapeshellarg ( $values -> smb_password ));
$attr [ 'sambaLMPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " lm " . escapeshellarg ( $values -> smb_password ));
2003-06-26 16:26:06 +00:00
$attr [ 'sambaPwdLastSet' ] = time (); // sambaAccount_may
}
2003-10-20 17:56:52 +00:00
// Check which Samba-Attributes have changed
2003-07-11 14:42:28 +00:00
if ( $values -> smb_pwdcanchange != $values_old -> smb_pwdcanchange ) $attr [ 'sambaPwdCanChange' ] = $values -> smb_pwdcanchange ; // sambaAccount_may
if ( $values -> smb_pwdmustchange != $values_old -> smb_pwdmustchange ) $attr [ 'sambaPwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
2003-10-17 09:30:13 +00:00
if ( smbflag ( $values ) != smbflag ( $values_old )) $attr [ 'sambaAcctFlags' ] = smbflag ( $values ); // sambaAccount_may
2003-08-14 12:49:11 +00:00
if (( $values -> smb_smbhome != '' ) && ( $values -> smb_smbhome != $values_old -> smb_smbhome )) $attr [ 'sambaHomePath' ] = utf8_encode ( $values -> smb_smbhome ); // sambaAccount_may
if (( $values -> smb_smbhome == '' ) && ( $values -> smb_smbhome != $values_old -> smb_smbhome )) $attr_rem [ 'sambaHomePath' ] = utf8_encode ( $values_old -> smb_smbhome ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if (( $values -> smb_homedrive != '' ) && ( $values -> smb_homedrive != $values_old -> smb_homedrive )) $attr [ 'sambaHomeDrive' ] = $values -> smb_homedrive ; // sambaAccount_may
if (( $values -> smb_homedrive == '' ) && ( $values -> smb_homedrive != $values_old -> smb_homedrive )) $attr_rem [ 'sambaHomeDrive' ] = $values_old -> smb_homedrive ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if (( $values -> smb_scriptPath != '' ) && ( $values -> smb_scriptPath != $values_old -> smb_scriptPath )) $attr [ 'sambaLogonScript' ] = utf8_encode ( $values -> smb_scriptPath ); // sambaAccount_may
if (( $values -> smb_scriptPath == '' ) && ( $values -> smb_scriptPath != $values_old -> smb_scriptPath )) $attr_rem [ 'sambaLogonScript' ] = utf8_encode ( $values_old -> smb_scriptPath ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if (( $values -> smb_profilePath != '' ) && ( $values -> smb_profilePath != $values_old -> smb_profilePath )) $attr [ 'sambaProfilePath' ] = $values -> smb_profilePath ; // sambaAccount_may
if (( $values -> smb_profilePath == '' ) && ( $values -> smb_profilePath != $values_old -> smb_profilePath )) $attr_rem [ 'sambaProfilePath' ] = $values_old -> smb_profilePath ; // sambaAccount_may
if (( $values -> smb_smbuserworkstations != '' ) && ( $values -> smb_smbuserworkstations != $values_old -> smb_smbuserworkstations )) $attr [ 'sambaUserWorkstations' ] = $values -> smb_smbuserworkstations ; // sambaAccount_may
if (( $values -> smb_smbuserworkstations == '' ) && ( $values -> smb_smbuserworkstations != $values_old -> smb_smbuserworkstations )) $attr_rem [ 'sambaUserWorkstations' ] = $values_old -> smb_smbuserworkstations ; // sambaAccount_may
2003-10-28 18:24:30 +00:00
if ( $values -> smb_domain -> name != $values_old -> smb_domain -> name ) {
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase );
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " .
( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 );
}
2003-08-16 09:38:17 +00:00
if (( $values -> smb_mapgroup != '' ) && ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )) $attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_mapgroup ; // sambaAccount_may
if (( $values -> smb_mapgroup == '' ) && ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )) $attr_rem [ 'sambaPrimaryGroupSID' ] = $values_old -> smb_mapgroup ;
2003-09-18 13:54:02 +00:00
if ( $values -> smb_displayName != $values_old -> smb_displayName ) $attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
else {
2003-10-20 17:56:52 +00:00
// use old samba 2.2 objectclass
if ( ! in_array ( 'sambaAccount' , $values -> general_objectClass )) {
// Add or convert samba attributes & object to samba 2.2
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaAccount' ;
// unset old sambaAccount objectClass
for ( $i = 0 ; $i < count ( $attr [ 'objectClass' ]); $i ++ )
if ( $attr [ 'objectClass' ][ $i ] == 'sambaSamAccount' ) unset ( $attr [ 'objectClass' ][ $i ]);
$attr [ 'objectClass' ] = array_values ( $attr [ 'objectClass' ]);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr_old [ 'sambaLMPassword' ][ 0 ])) $attr [ 'lmPassword' ] = $attr_old [ 'sambaLMPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaNTPassword' ][ 0 ])) $attr [ 'ntPassword' ] = $attr_old [ 'sambaNTPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdLastSet' ][ 0 ])) $attr [ 'pwdLastSet' ] = $attr_old [ 'sambaPwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonTime' ][ 0 ])) $attr [ 'logonTime' ] = $attr_old [ 'sambaLogonTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogoffTime' ][ 0 ])) $attr [ 'logoffTime' ] = $attr_old [ 'sambaLogoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaKickoffTime' ][ 0 ])) $attr [ 'kickoffTime' ] = $attr_old [ 'sambaKickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdCanChange' ][ 0 ])) $attr [ 'pwdCanChange' ] = $attr_old [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdMustChange' ][ 0 ])) $attr [ 'pwdMustChange' ] = $attr_old [ 'sambaPwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomePath' ][ 0 ])) $attr [ 'smbHome' ] = $attr_old [ 'sambaHomePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomeDrive' ][ 0 ])) $attr [ 'homeDrive' ] = $attr_old [ 'sambaHomeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonScript' ][ 0 ])) $attr [ 'scriptPath' ] = $attr_old [ 'sambaLogonScript' ][ 0 ];
if ( isset ( $attr_old [ 'sambaProfilePath' ][ 0 ])) $attr [ 'profilePath' ] = $attr_old [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaUserWorkstations' ][ 0 ])) $attr [ 'userWorkstations' ] = $attr_old [ 'sambaUserWorkstations' ][ 0 ];
// Values used from account object
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
$attr [ 'acctFlags' ] = smbflag ( $values ); // sambaAccount_may
if ( $values -> smb_domain != '' ) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
$attr [ 'primaryGroupID' ] = $values -> smb_mapgroup ; // sambaAccount_req
$attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 ); // sambaAccount_may
// remove old attributes
if ( in_array ( 'sambaSamAccount' , $attr_old [ 'objectClass' ])) $attr_rem [ 'objectClass' ] = 'sambaSamAccount' ;
if ( isset ( $attr_old [ 'sambaLMPassword' ][ 0 ])) $attr_rem [ 'sambaLMPassword' ] = $attr_old [ 'sambaLMPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaNTPassword' ][ 0 ])) $attr_rem [ 'sambaNTPassword' ] = $attr_old [ 'sambaNTPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdLastSet' ][ 0 ])) $attr_rem [ 'sambaPwdLastSet' ] = $attr_old [ 'sambaPwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonTime' ][ 0 ])) $attr_rem [ 'sambaLogonTime' ] = $attr_old [ 'sambaLogonTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaKickoffTime' ][ 0 ])) $attr_rem [ 'sambaKickoffTime' ] = $attr_old [ 'sambaKickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdCanChange' ][ 0 ])) $attr_rem [ 'sambaPwdCanChange' ] = $attr_old [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdMustChange' ][ 0 ])) $attr_rem [ 'sambaPwdMustChange' ] = $attr_old [ 'sambaPwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomePath' ][ 0 ])) $attr_rem [ 'sambaHomePath' ] = $attr_old [ 'sambaHomePAth' ][ 0 ];
if ( isset ( $attr_old [ 'sambaAcctFlags' ][ 0 ])) $attr_rem [ 'sambaAcctFlags' ] = $attr_old [ 'sambaAcctFlags' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomeDrive' ][ 0 ])) $attr_rem [ 'sambaHomeDrive' ] = $attr_old [ 'sambaHomeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonScript' ][ 0 ])) $attr_rem [ 'sambaLogonScript' ] = $attr_old [ 'sambaLogonScript' ][ 0 ];
if ( isset ( $attr_old [ 'sambaProfilePath' ][ 0 ])) $attr_rem [ 'sambaProfilePath' ] = $attr_old [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaUserWorkstations' ][ 0 ])) $attr_rem [ 'sambaUserWorkstations' ] = $attr_old [ 'sambaUserWorkstations' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPrimaryGroupID' ][ 0 ])) $attr_rem [ 'sambaPrimaryGroupID' ] = $attr_old [ 'sambaPrimaryGroupID' ][ 0 ];
if ( isset ( $attr_old [ 'sambaDomainName' ][ 0 ])) $attr_rem [ 'sambaDomainName' ] = $attr_old [ 'sambaDomainName' ][ 0 ];
if ( isset ( $attr_old [ 'sambaSID' ][ 0 ])) $attr_rem [ 'sambaSID' ] = $attr_old [ 'sambaSID' ][ 0 ];
}
// Set all changed values
2003-06-26 16:26:06 +00:00
if ( $values -> smb_password_no ) {
2003-10-20 17:56:52 +00:00
// use no samba Password
2003-06-26 16:26:06 +00:00
$attr [ 'ntPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'lmPassword' ] = 'NO PASSWORD*****' ;
2003-10-20 17:56:52 +00:00
$attr [ 'pwdLastSet' ] = time ();
2003-04-23 15:47:00 +00:00
}
2003-06-26 16:26:06 +00:00
else
if ( $values -> smb_password != '' ) {
2003-10-23 11:12:04 +00:00
// use escapeshellarg() to make command shell-secure
// Set samba-passwords with external perl-script
$attr [ 'ntPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " nt " . escapeshellarg ( $values -> smb_password ));
$attr [ 'lmPassword' ] = exec ( escapeshellarg ( $_SESSION [ 'lampath' ] . 'lib/createntlm.pl' ) . " lm " . escapeshellarg ( $values -> smb_password ));
2003-06-26 16:26:06 +00:00
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
}
2003-10-20 17:56:52 +00:00
// Check which Samba-Attributes have changed
2003-07-11 14:42:28 +00:00
if ( $values -> smb_pwdcanchange != $values_old -> smb_pwdcanchange ) $attr [ 'pwdCanChange' ] = $values -> smb_pwdcanchange ; // sambaAccount_may
if ( $values -> smb_pwdmustchange != $values_old -> smb_pwdmustchange ) $attr [ 'pwdMustChange' ] = $values -> smb_pwdmustchange ; // sambaAccount_may
2003-10-17 09:30:13 +00:00
if ( smbflag ( $values ) != smbflag ( $values_old )) $attr [ 'acctFlags' ] = smbflag ( $values ); // sambaAccount_may
2003-08-14 12:49:11 +00:00
if (( $values -> smb_smbhome != '' ) && ( $values -> smb_smbhome != $values_old -> smb_smbhome )) $attr [ 'smbHome' ] = utf8_encode ( $values -> smb_smbhome ); // sambaAccount_may
if (( $values -> smb_smbhome == '' ) && ( $values -> smb_smbhome != $values_old -> smb_smbhome )) $attr_rem [ 'smbHome' ] = utf8_encode ( $values_old -> smb_smbhome ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if (( $values -> smb_homedrive != '' ) && ( $values -> smb_homedrive != $values_old -> smb_homedrive )) $attr [ 'homeDrive' ] = $values -> smb_homedrive ; // sambaAccount_may
if (( $values -> smb_homedrive == '' ) && ( $values -> smb_homedrive != $values_old -> smb_homedrive )) $attr_rem [ 'homeDrive' ] = $values_old -> smb_homedrive ; // sambaAccount_may
2003-08-14 12:49:11 +00:00
if (( $values -> smb_scriptPath != '' ) && ( $values -> smb_scriptPath != $values_old -> smb_scriptPath )) $attr [ 'scriptPath' ] = utf8_encode ( $values -> smb_scriptPath ); // sambaAccount_may
if (( $values -> smb_scriptPath == '' ) && ( $values -> smb_scriptPath != $values_old -> smb_scriptPath )) $attr_rem [ 'scriptPath' ] = utf8_encode ( $values_old -> smb_scriptPath ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
if (( $values -> smb_profilePath != '' ) && ( $values -> smb_profilePath != $values_old -> smb_profilePath )) $attr [ 'profilePath' ] = $values -> smb_profilePath ; // sambaAccount_may
if (( $values -> smb_profilePath == '' ) && ( $values -> smb_profilePath != $values_old -> smb_profilePath )) $attr_rem [ 'profilePath' ] = $values_old -> smb_profilePath ; // sambaAccount_may
if (( $values -> smb_smbuserworkstations != '' ) && ( $values -> smb_smbuserworkstations != $values_old -> smb_smbuserworkstations )) $attr [ 'userWorkstations' ] = $values -> smb_smbuserworkstations ; // sambaAccount_may
if (( $values -> smb_smbuserworkstations == '' ) && ( $values -> smb_smbuserworkstations != $values_old -> smb_smbuserworkstations )) $attr_rem [ 'userWorkstations' ] = $values_old -> smb_smbuserworkstations ; // sambaAccount_may
if (( $values -> smb_domain != '' ) && ( $values -> smb_domain != $values_old -> smb_domain )) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
if (( $values -> smb_domain == '' ) && ( $values -> smb_domain != $values_old -> smb_domain )) $attr_rem [ 'domain' ] = $values_old -> smb_domain ; // sambaAccount_may
2003-08-16 09:38:17 +00:00
if (( $values -> smb_mapgroup != '' ) && ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )) $attr [ 'primaryGroupID' ] = $values -> smb_mapgroup ; // sambaAccount_may
if (( $values -> smb_mapgroup == '' ) && ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )) $attr_rem [ 'primaryGroupID' ] = $values_old -> smb_mapgroup ;
2003-09-18 13:54:02 +00:00
if ( $values -> smb_displayName != $values_old -> smb_displayName ) $attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
2003-06-26 16:26:06 +00:00
}
2003-09-18 13:54:02 +00:00
2003-10-20 17:56:52 +00:00
// Check which personal attributes have changed
2003-06-01 10:02:44 +00:00
if (( $values -> personal_title != $values_old -> personal_title ) && ( $values -> personal_title != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'title' ] = utf8_encode ( $values -> personal_title );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_title != $values_old -> personal_title ) && ( $values -> personal_title == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'title' ] = utf8_encode ( $values_old -> personal_title );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_mail != $values_old -> personal_mail ) && ( $values -> personal_mail != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'mail' ] = utf8_encode ( $values -> personal_mail );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_mail != $values_old -> personal_mail ) && ( $values -> personal_mail == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'mail' ] = utf8_encode ( $values_old -> personal_mail );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_telephoneNumber != $values_old -> personal_telephoneNumber ) && ( $values -> personal_telephoneNumber != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'telephoneNumber' ] = utf8_encode ( $values -> personal_telephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_telephoneNumber != $values_old -> personal_telephoneNumber ) && ( $values -> personal_telephoneNumber == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'telephoneNumber' ] = utf8_encode ( $values_old -> personal_telephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_mobileTelephoneNumber != $values_old -> personal_mobileTelephoneNumber ) && ( $values -> personal_mobileTelephoneNumber != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'mobileTelephoneNumber' ] = utf8_encode ( $values -> personal_mobileTelephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_mobileTelephoneNumber != $values_old -> personal_mobileTelephoneNumber ) && ( $values -> personal_mobileTelephoneNumber == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'mobilemobileTelephoneNumber' ] = utf8_encode ( $values_old -> personal_mobileTelephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_facsimileTelephoneNumber != $values_old -> personal_facsimileTelephoneNumber ) && ( $values -> personal_facsimileTelephoneNumber != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'facsimileTelephoneNumber' ] = utf8_encode ( $values -> personal_facsimileTelephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_facsimileTelephoneNumber != $values_old -> personal_facsimileTelephoneNumber ) && ( $values -> personal_facsimileTelephoneNumber == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'facsimileTelephoneNumber' ] = utf8_encode ( $values_old -> personal_facsimileTelephoneNumber );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_street != $values_old -> personal_street ) && ( $values -> personal_street != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'street' ] = utf8_encode ( $values -> personal_street );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_street != $values_old -> personal_street ) && ( $values -> personal_street == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'street' ] = utf8_encode ( $values_old -> personal_street );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_street != $values_old -> personal_street ) && ( $values -> personal_street != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'postalCode' ] = utf8_encode ( $values -> personal_street );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_street != $values_old -> personal_street ) && ( $values -> personal_street == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'postalCode' ] = utf8_encode ( $values_old -> personal_street );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_postalAddress != $values_old -> personal_postalAddress ) && ( $values -> personal_postalAddress != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'postalAddress' ] = utf8_encode ( $values -> personal_postalAddress );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_postalAddress != $values_old -> personal_postalAddress ) && ( $values -> personal_postalAddress == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'postalAddress' ] = utf8_encode ( $values_old -> personal_postalAddress );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_employeeType != $values_old -> personal_employeeType ) && ( $values -> personal_employeeType != '' ))
2003-08-14 14:40:01 +00:00
$attr [ 'employeeType' ] = utf8_encode ( $values -> personal_employeeType );
2003-06-01 10:02:44 +00:00
if (( $values -> personal_employeeType != $values_old -> personal_employeeType ) && ( $values -> personal_employeeType == '' ))
2003-08-14 14:40:01 +00:00
$attr_rem [ 'employeeType' ] = utf8_encode ( $values_old -> personal_employeeType );
2003-05-20 21:12:15 +00:00
2003-10-20 17:56:52 +00:00
if ( $values -> general_dn != $values_old -> general_dn ) {
// Account should be moved to a new location
// Load old account
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
2003-09-18 13:54:02 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-10-20 17:56:52 +00:00
// remove "count" from array
unset ( $attr_old [ 'count' ]);
for ( $i = 0 ; $i < sizeof ( $attr_old ); $i ++ ) unset ( $attr_old [ $i ]);
$keys = array_keys ( $attr_old );
for ( $i = 0 ; $i < sizeof ( $keys ); $i ++ )
unset ( $attr_old [ $keys [ $i ]][ 'count' ]);
// Change uid to new uid. Else ldap won't create the new entry
2003-10-28 11:23:06 +00:00
//$attr_old['uid'][0] = $values->general_username;
$attr_rem_keys = @ array_keys ( $attr_rem );
for ( $i = 0 ; $i < count ( $attr_rem_keys ); $i ++ ) { // Remove attributes which should be deleted from array
if ( isset ( $attr_old [ $attr_rem_keys [ $i ]][ 0 ])) unset ( $attr_old [ $attr_rem_keys [ $i ]]);
}
$attr_keys = @ array_keys ( $attr );
for ( $i = 0 ; $i < count ( $attr_keys ); $i ++ ) { // Add attributes which have changed
$attr_old [ $attr_keys [ $i ]][ 0 ] = $attr [ $attr_keys [ $i ]];
}
2003-10-20 17:56:52 +00:00
// Create account at new location
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_old );
// remove old account
if ( $success ) $success = ldap_delete ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn );
if ( ! $success ) return 5 ;
// Remove all memberUid entries. The new entries will be added again
// Search for groups which have memberUid set to username
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), " (&(objectClass=PosixGroup)(memberUid= $values_old->general_username )) " , array ( '' ));
2003-09-18 13:54:02 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2003-10-20 17:56:52 +00:00
// loop for every found group and remove membership
while ( $entry ) {
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ) , array ( 'memberUid' => $values_old -> general_username ));
// *** fixme add error-message if memberUid couldn't be deleted
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
2003-09-18 13:54:02 +00:00
}
2003-10-28 11:23:06 +00:00
else { // Just modify, not recreate
if ( $attr ) {
// Change or add new attributes
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
if ( ! $success ) return 5 ;
}
if ( $attr_rem ) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_rem );
if ( ! $success ) return 5 ;
}
2003-10-20 17:56:52 +00:00
}
// Write additional groupmemberchips
// Get a list with all groups
2003-09-18 13:54:02 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), 'objectClass=PosixGroup' , array ( 'memberUid' , 'cn' ));
2003-05-20 21:12:15 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$modifygroup = 0 ;
$attr2 = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-10-20 17:56:52 +00:00
// Remove "count" from array
if ( is_array ( $attr2 [ 'memberUid' ])) array_shift ( $attr2 [ 'memberUid' ]);
array_shift ( $attr2 [ 'cn' ]);
2003-05-20 21:12:15 +00:00
if ( $attr2 [ 'memberUid' ]) {
2003-10-20 17:56:52 +00:00
// Remove user from groups he's not member anymore
if ( @ in_array ( $values -> general_username , $attr2 [ 'memberUid' ]) && !@ in_array ( $attr2 [ 'cn' ][ 0 ], $values -> general_groupadd )) {
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ) , array ( 'memberUid' => $values -> general_username ));
if ( ! $success ) return 5 ;
2003-05-20 21:12:15 +00:00
}
2003-10-20 17:56:52 +00:00
// Add user to groups
if ( !@ in_array ( $values -> general_username , $attr2 [ 'memberUid' ]) && @ in_array ( $attr2 [ 'cn' ][ 0 ], $values -> general_groupadd )) {
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ) , array ( 'memberUid' => $values -> general_username ));
2003-05-31 10:52:15 +00:00
if ( ! $success ) return 5 ;
2003-05-20 21:12:15 +00:00
}
}
2003-10-20 17:56:52 +00:00
else {
// Add user to groups
if ( @ in_array ( $attr2 [ 'cn' ][ 0 ], $values -> general_groupadd )) {
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ) , array ( 'memberUid' => $values -> general_username ));
2003-05-31 10:52:15 +00:00
if ( ! $success ) return 5 ;
2003-05-20 21:12:15 +00:00
}
2003-04-23 15:47:00 +00:00
}
2003-05-20 21:12:15 +00:00
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
// Change quotas if quotas are set and lamdaemon.pl should be used
2003-10-19 17:04:49 +00:00
if ( $_SESSION [ 'config' ] -> scriptServer && is_array ( $values -> quota ) ) setquotas ( $values , $values_old );
2003-10-20 17:56:52 +00:00
//make required changes in cache-array
2003-08-18 17:41:34 +00:00
if (( isset ( $_SESSION [ 'userDN' ]))) {
if ( $values -> general_dn != $values_old -> general_dn ) {
unset ( $_SESSION [ 'userDN' ][ $values_old -> general_dn ]);
}
$_SESSION [ 'userDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'userDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
}
2003-10-20 17:56:52 +00:00
// Return 3 if everything has worked fine
2003-05-20 21:12:15 +00:00
return 3 ;
2003-04-23 15:47:00 +00:00
}
2003-05-20 21:12:15 +00:00
2003-10-20 17:56:52 +00:00
/* This function will create a new host acconut in ldap
* $values is an account - object with all attributes of the host
* return - value is an integer
* 1 == Account has been created
* 2 == Account already exists at different location
* 4 == Error while creating Account
*/
function createhost ( $values ) {
// These Objectclasses are needed for an host account
2003-05-17 11:19:03 +00:00
$attr [ 'objectClass' ][ 0 ] = 'posixAccount' ;
$attr [ 'objectClass' ][ 1 ] = 'shadowAccount' ;
2003-10-20 17:56:52 +00:00
$attr [ 'objectClass' ][ 2 ] = 'account' ;
// Create DN for new host account
$values -> general_dn = 'uid=' . $values -> general_username . ',' . $values -> general_dn ;
// Attributes which are required
$attr [ 'cn' ] = $values -> general_username ;
$attr [ 'uid' ] = $values -> general_username ;
$attr [ 'uidNumber' ] = $values -> general_uidNumber ;
$attr [ 'gidNumber' ] = getgid ( $values -> general_group );
$attr [ 'homeDirectory' ] = " /dev/null " ;
2003-09-17 16:57:01 +00:00
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
$attr [ 'loginShell' ] = " /bin/false " ;
$attr [ 'gecos' ] = utf8_encode ( replace_umlaut ( $values -> general_gecos ));
$attr [ 'description' ] = utf8_encode ( $values -> general_gecos );
// Set unix password
// Samba attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
// Add all attributes as samba3 objectclass
$attr [ 'objectClass' ][ 3 ] = 'sambaSamAccount' ;
2003-10-21 15:36:12 +00:00
// "Standard" password for new hosts
$attr [ 'sambaNTPassword' ] = '0CB6948805F797BF2A82807973B89537' ;
$attr [ 'sambaLMPassword' ] = '01FC5A6BE7BC6929AAD3B435B51404EE' ;
2003-06-26 16:26:06 +00:00
$attr [ 'sambaPwdLastSet' ] = time (); // sambaAccount_may
2003-08-10 19:46:21 +00:00
$attr [ 'sambaSID' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase ); // sambaAccount_may
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " . ( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 ); // sambaAccount_req
$attr [ 'sambaPwdCanChange' ] = time (); // sambaAccount_may
2003-09-17 16:57:01 +00:00
$attr [ 'sambaPwdMustChange' ] = " 1893452400 " ; // sambaAccount_may // anywhere in year 2030
2003-06-26 16:26:06 +00:00
$attr [ 'sambaAcctFlags' ] = smbflag ( $values ); // sambaAccount_may
2003-09-17 17:04:43 +00:00
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
2003-06-26 16:26:06 +00:00
}
else {
2003-10-20 17:56:52 +00:00
// Add all attributes as samba2.2 objectclass
$attr [ 'objectClass' ][ 3 ] = 'sambaAccount' ;
2003-10-21 15:36:12 +00:00
// "Standard" password for new hosts
$attr [ 'ntPassword' ] = '0CB6948805F797BF2A82807973B89537' ;
$attr [ 'lmPassword' ] = '01FC5A6BE7BC6929AAD3B435B51404EE' ;
2003-06-26 16:26:06 +00:00
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
$attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 ); // sambaAccount_may
$attr [ 'primaryGroupID' ] = ( 2 * getgid ( $values -> general_group ) + 1001 ); // sambaAccount_req
2003-08-10 19:46:21 +00:00
$attr [ 'pwdCanChange' ] = time (); // sambaAccount_may
2003-09-17 16:57:01 +00:00
$attr [ 'pwdMustChange' ] = " 1893452400 " ; // sambaAccount_may // anywhere in 2030
2003-06-26 16:26:06 +00:00
$attr [ 'acctFlags' ] = smbflag ( $values ); // sambaAccount_may
if ( $values -> smb_domain != '' ) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
}
2003-09-17 16:57:01 +00:00
2003-10-20 17:56:52 +00:00
// Create LDAP user account
2003-06-01 10:02:44 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
2003-10-20 17:56:52 +00:00
// Continue if now error did ocour
2003-05-21 11:10:28 +00:00
if ( ! $success ) return 4 ;
2003-10-20 17:56:52 +00:00
// Add new host to cache-array
2003-08-18 17:41:34 +00:00
if (( isset ( $_SESSION [ 'hostDN' ]))) {
$_SESSION [ 'hostDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'hostDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
}
2003-05-21 11:10:28 +00:00
return 1 ;
}
2003-10-20 17:56:52 +00:00
/* This function will modify a host acconut in ldap
* $values and $values_old are an account - object with all
* attributes of the host .
* Only attributes which have changed will be written
* return - value is an integer
* 2 == Account already exists at different location
* 3 == Account has been modified
* 5 == Error while modifying Account
*/
function modifyhost ( $values , $values_old ) {
// Add missing objectclasses to host
if ( ! in_array ( 'posixAccount' , $values -> general_objectClass )) {
$attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'posixAccount' ;
}
if ( ! in_array ( 'shadowAccount' , $values -> general_objectClass )) {
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'shadowAccount' ;
}
// Create DN for new host account
2003-06-26 16:26:06 +00:00
$values -> general_dn = 'uid=' . $values -> general_username . ',' . $values -> general_dn ;
2003-10-20 17:56:52 +00:00
// Attributes which are required
2003-06-01 10:02:44 +00:00
if ( $values -> general_username != $values_old -> general_username ) {
$attr [ 'cn' ] = $values -> general_username ; // posixAccount_req shadowAccount_req sambaAccount_may
$attr [ 'uid' ] = $values -> general_username ; // posixAccount_req
2003-05-21 11:10:28 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_uidNumber != $values_old -> general_uidNumber ) {
2003-10-20 17:56:52 +00:00
$attr [ 'uidNumber' ] = $values -> general_uidNumber ;
// Because sambaSid(rid) is related to uidNumber we have to change it if uidNumbaer has changed
if ( $_SESSION [ 'config' ] -> is_samba3 ())
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase );
else $attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 );
2003-05-21 11:10:28 +00:00
}
2003-06-01 10:02:44 +00:00
if ( $values -> general_group != $values_old -> general_group ) {
2003-10-20 17:56:52 +00:00
$attr [ 'gidNumber' ] = getgid ( $values -> general_group );
// Because primaryGroup(S)ID is related to gidNumber we have to change it if gidNumber has changed
if ( $_SESSION [ 'config' ] -> is_samba3 ())
// We use samba 3 schema
2003-10-28 18:24:30 +00:00
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " .
( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 );
2003-10-20 17:56:52 +00:00
else
// We use old samba 2.2 schema
2003-10-28 18:24:30 +00:00
$attr [ 'primaryGroupID' ] = ( 2 * getgid ( $values -> general_group ) + 1001 );
2003-10-05 10:38:31 +00:00
}
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
if ( $values -> general_gecos != $values_old -> general_gecos ) {
$attr [ 'gecos' ] = utf8_encode ( replace_umlaut ( $values -> general_gecos )); // posixAccount_may
$attr [ 'description' ] = utf8_encode ( $values -> general_gecos ); // posixAccount_may sambaAccount_may
2003-09-17 16:57:01 +00:00
}
2003-10-20 17:56:52 +00:00
// Samba attributes
2003-09-20 10:15:24 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-10-20 17:56:52 +00:00
if ( ! in_array ( 'sambaSamAccount' , $values -> general_objectClass )) {
// We have to convert sambaAccount Objectclass to sambaSamAccount objectclass
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaSamAccount' ;
// unset old sambaAccount objectClass
for ( $i = 0 ; $i < count ( $attr [ 'objectClass' ]); $i ++ )
if ( $attr [ 'objectClass' ][ $i ] == 'sambaAccount' ) unset ( $attr [ 'objectClass' ][ $i ]);
$attr [ 'objectClass' ] = array_values ( $attr [ 'objectClass' ]);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$return -> general_dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr_old [ 'lmPassword' ][ 0 ])) $attr [ 'sambaLMPassword' ] = $attr_old [ 'lmPassword' ][ 0 ];
if ( isset ( $attr_old [ 'ntPassword' ][ 0 ])) $attr [ 'sambaNTPassword' ] = $attr_old [ 'ntPassword' ][ 0 ];
if ( isset ( $attr_old [ 'pwdLastSet' ][ 0 ])) $attr [ 'sambaPwdLastSet' ] = $attr_old [ 'pwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'logonTime' ][ 0 ])) $attr [ 'sambaLogonTime' ] = $attr_old [ 'logonTime' ][ 0 ];
if ( isset ( $attr_old [ 'logoffTime' ][ 0 ])) $attr [ 'sambaLogoffTime' ] = $attr_old [ 'logoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'kickoffTime' ][ 0 ])) $attr [ 'sambaKickoffTime' ] = $attr_old [ 'kickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'pwdCanChange' ][ 0 ])) $attr [ 'sambaPwdCanChange' ] = $attr_old [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'pwdMustChange' ][ 0 ])) $attr [ 'sambaPwdMustChange' ] = $attr_old [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'smbHome' ][ 0 ])) $attr [ 'sambaHomePath' ] = $attr_old [ 'smbHome' ][ 0 ];
if ( isset ( $attr_old [ 'homeDrive' ][ 0 ])) $attr [ 'sambaHomeDrive' ] = $attr_old [ 'homeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'scriptPath' ][ 0 ])) $attr [ 'sambaLogonScript' ] = $attr_old [ 'scriptPath' ][ 0 ];
if ( isset ( $attr_old [ 'profilePath' ][ 0 ])) $attr [ 'sambaProfilePath' ] = $attr_old [ 'profilePath' ][ 0 ];
if ( isset ( $attr_old [ 'userWorkstations' ][ 0 ])) $attr [ 'sambaUserWorkstations' ] = $attr_old [ 'userWorkstations' ][ 0 ];
// Values used from account object
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
$attr [ 'sambaAcctFlags' ] = smbflag ( $values ); // sambaAccount_may
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase ); // sambaAccount_may
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " . ( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 ); // sambaAccount_req
// remove old attributes
if ( in_array ( 'sambaAccount' , $attr_old [ 'objectClass' ])) $attr_rem [ 'objectClass' ] = 'sambaAccount' ;
if ( isset ( $attr_old [ 'lmPassword' ][ 0 ])) $attr_rem [ 'lmPassword' ] = $attr_old [ 'lmPassword' ][ 0 ];
if ( isset ( $attr_old [ 'ntPassword' ][ 0 ])) $attr_rem [ 'ntPassword' ] = $attr_old [ 'ntPassword' ][ 0 ];
if ( isset ( $attr_old [ 'pwdLastSet' ][ 0 ])) $attr_rem [ 'pwdLastSet' ] = $attr_old [ 'pwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'logonTime' ][ 0 ])) $attr_rem [ 'logonTime' ] = $attr_old [ 'logonTime' ][ 0 ];
if ( isset ( $attr_old [ 'kickoffTime' ][ 0 ])) $attr_rem [ 'kickoffTime' ] = $attr_old [ 'kickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'pwdCanChange' ][ 0 ])) $attr_rem [ 'pwdCanChange' ] = $attr_old [ 'pwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'pwdMustChange' ][ 0 ])) $attr_rem [ 'pwdMustChange' ] = $attr_old [ 'pwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'smbHome' ][ 0 ])) $attr_rem [ 'smbHome' ] = $attr_old [ 'smbHome' ][ 0 ];
if ( isset ( $attr_old [ 'acctFlags' ][ 0 ])) $attr_rem [ 'acctFlags' ] = $attr_old [ 'acctFlags' ][ 0 ];
if ( isset ( $attr_old [ 'homeDrive' ][ 0 ])) $attr_rem [ 'homeDrive' ] = $attr_old [ 'homeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'scriptPath' ][ 0 ])) $attr_rem [ 'scriptPath' ] = $attr_old [ 'scriptPath' ][ 0 ];
if ( isset ( $attr_old [ 'profilePath' ][ 0 ])) $attr_rem [ 'profilePath' ] = $attr_old [ 'profilePath' ][ 0 ];
if ( isset ( $attr_old [ 'userWorkstations' ][ 0 ])) $attr_rem [ 'userWorkstations' ] = $attr_old [ 'userWorkstations' ][ 0 ];
if ( isset ( $attr_old [ 'primaryGroupID' ][ 0 ])) $attr_rem [ 'primaryGroupID' ] = $attr_old [ 'primaryGroupID' ][ 0 ];
if ( isset ( $attr_old [ 'domain' ][ 0 ])) $attr_rem [ 'domain' ] = $attr_old [ 'domain' ][ 0 ];
if ( isset ( $attr_old [ 'rid' ][ 0 ])) $attr_rem [ 'rid' ] = $attr_old [ 'rid' ][ 0 ];
}
2003-09-17 16:57:01 +00:00
// Reset password
2003-06-26 16:26:06 +00:00
if ( $values -> smb_password_no ) {
2003-10-21 15:36:12 +00:00
// "Standard" password for new hosts
$attr [ 'sambaNTPassword' ] = '0CB6948805F797BF2A82807973B89537' ;
$attr [ 'sambaLMPassword' ] = '01FC5A6BE7BC6929AAD3B435B51404EE' ;
2003-06-26 16:26:06 +00:00
$attr [ 'sambaPwdLastSet' ] = time (); // sambaAccount_may
2003-04-23 15:47:00 +00:00
}
2003-10-28 18:24:30 +00:00
if ( $values -> smb_domain -> name != $values_old -> smb_domain -> name ) {
$attr [ 'sambaDomainName' ] = $values -> smb_domain -> name ; // sambaAccount_may
$attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase );
$attr [ 'sambaPrimaryGroupSID' ] = $values -> smb_domain -> SID . " - " .
( 2 * getgid ( $values -> general_group ) + $values -> smb_domain -> RIDbase + 1 );
}
2003-06-26 16:26:06 +00:00
}
2003-09-17 16:57:01 +00:00
else {
2003-10-20 17:56:52 +00:00
// use old samba 2.2 objectclass
if ( ! in_array ( 'sambaAccount' , $values -> general_objectClass )) {
// Add or convert samba attributes & object to samba 2.2
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaAccount' ;
// unset old sambaAccount objectClass
for ( $i = 0 ; $i < count ( $attr [ 'objectClass' ]); $i ++ )
if ( $attr [ 'objectClass' ][ $i ] == 'sambaSamAccount' ) unset ( $attr [ 'objectClass' ][ $i ]);
$attr [ 'objectClass' ] = array_values ( $attr [ 'objectClass' ]);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$return -> general_dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( isset ( $attr_old [ 'sambaLMPassword' ][ 0 ])) $attr [ 'lmPassword' ] = $attr_old [ 'sambaLMPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaNTPassword' ][ 0 ])) $attr [ 'ntPassword' ] = $attr_old [ 'sambaNTPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdLastSet' ][ 0 ])) $attr [ 'pwdLastSet' ] = $attr_old [ 'sambaPwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonTime' ][ 0 ])) $attr [ 'logonTime' ] = $attr_old [ 'sambaLogonTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogoffTime' ][ 0 ])) $attr [ 'logoffTime' ] = $attr_old [ 'sambaLogoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaKickoffTime' ][ 0 ])) $attr [ 'kickoffTime' ] = $attr_old [ 'sambaKickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdCanChange' ][ 0 ])) $attr [ 'pwdCanChange' ] = $attr_old [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdMustChange' ][ 0 ])) $attr [ 'pwdMustChange' ] = $attr_old [ 'sambaPwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomePath' ][ 0 ])) $attr [ 'smbHome' ] = $attr_old [ 'sambaHomePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomeDrive' ][ 0 ])) $attr [ 'homeDrive' ] = $attr_old [ 'sambaHomeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonScript' ][ 0 ])) $attr [ 'scriptPath' ] = $attr_old [ 'sambaLogonScript' ][ 0 ];
if ( isset ( $attr_old [ 'sambaProfilePath' ][ 0 ])) $attr [ 'profilePath' ] = $attr_old [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaUserWorkstations' ][ 0 ])) $attr [ 'userWorkstations' ] = $attr_old [ 'sambaUserWorkstations' ][ 0 ];
// Values used from account object
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName ); // sambaAccount_may
$attr [ 'acctFlags' ] = smbflag ( $values ); // sambaAccount_may
if ( $values -> smb_domain != '' ) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
$attr [ 'primaryGroupID' ] = ( 2 * getgid ( $values -> general_group ) + 1001 ); // sambaAccount_req
$attr [ 'rid' ] = ( 2 * $values -> general_uidNumber + 1000 ); // sambaAccount_may
// remove old attributes
if ( in_array ( 'sambaSamAccount' , $attr_old [ 'objectClass' ])) $attr_rem [ 'objectClass' ] = 'sambaSamAccount' ;
if ( isset ( $attr_old [ 'sambaLMPassword' ][ 0 ])) $attr_rem [ 'sambaLMPassword' ] = $attr_old [ 'sambaLMPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaNTPassword' ][ 0 ])) $attr_rem [ 'sambaNTPassword' ] = $attr_old [ 'sambaNTPassword' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdLastSet' ][ 0 ])) $attr_rem [ 'sambaPwdLastSet' ] = $attr_old [ 'sambaPwdLastSet' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonTime' ][ 0 ])) $attr_rem [ 'sambaLogonTime' ] = $attr_old [ 'sambaLogonTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaKickoffTime' ][ 0 ])) $attr_rem [ 'sambaKickoffTime' ] = $attr_old [ 'sambaKickoffTime' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdCanChange' ][ 0 ])) $attr_rem [ 'sambaPwdCanChange' ] = $attr_old [ 'sambaPwdCanChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPwdMustChange' ][ 0 ])) $attr_rem [ 'sambaPwdMustChange' ] = $attr_old [ 'sambaPwdMustChange' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomePath' ][ 0 ])) $attr_rem [ 'sambaHomePath' ] = $attr_old [ 'sambaHomePAth' ][ 0 ];
if ( isset ( $attr_old [ 'sambaAcctFlags' ][ 0 ])) $attr_rem [ 'sambaAcctFlags' ] = $attr_old [ 'sambaAcctFlags' ][ 0 ];
if ( isset ( $attr_old [ 'sambaHomeDrive' ][ 0 ])) $attr_rem [ 'sambaHomeDrive' ] = $attr_old [ 'sambaHomeDrive' ][ 0 ];
if ( isset ( $attr_old [ 'sambaLogonScript' ][ 0 ])) $attr_rem [ 'sambaLogonScript' ] = $attr_old [ 'sambaLogonScript' ][ 0 ];
if ( isset ( $attr_old [ 'sambaProfilePath' ][ 0 ])) $attr_rem [ 'sambaProfilePath' ] = $attr_old [ 'sambaProfilePath' ][ 0 ];
if ( isset ( $attr_old [ 'sambaUserWorkstations' ][ 0 ])) $attr_rem [ 'sambaUserWorkstations' ] = $attr_old [ 'sambaUserWorkstations' ][ 0 ];
if ( isset ( $attr_old [ 'sambaPrimaryGroupID' ][ 0 ])) $attr_rem [ 'sambaPrimaryGroupID' ] = $attr_old [ 'sambaPrimaryGroupID' ][ 0 ];
if ( isset ( $attr_old [ 'sambaDomainName' ][ 0 ])) $attr_rem [ 'sambaDomainName' ] = $attr_old [ 'sambaDomainName' ][ 0 ];
if ( isset ( $attr_old [ 'sambaSID' ][ 0 ])) $attr_rem [ 'sambaSID' ] = $attr_old [ 'sambaSID' ][ 0 ];
}
2003-09-17 16:57:01 +00:00
if ( $values -> smb_password_no ) {
2003-10-21 15:36:12 +00:00
// "Standard" password for new hosts
$attr [ 'ntPassword' ] = '0CB6948805F797BF2A82807973B89537' ;
$attr [ 'lmPassword' ] = '01FC5A6BE7BC6929AAD3B435B51404EE' ;
2003-09-17 16:57:01 +00:00
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
}
if ( isset ( $attr_old [ 'sambaSID' ][ 0 ])) $attr_rem [ 'sambaSID' ] = $attr_old [ 'sambaSID' ][ 0 ];
2003-06-26 16:26:06 +00:00
if (( $values -> smb_domain != '' ) && ( $values -> smb_domain != $values_old -> smb_domain )) $attr [ 'domain' ] = $values -> smb_domain ; // sambaAccount_may
if (( $values -> smb_domain == '' ) && ( $values -> smb_domain != $values_old -> smb_domain )) $attr_rem [ 'domain' ] = $values_old -> smb_domain ; // sambaAccount_may
}
2003-10-20 17:56:52 +00:00
if ( $values -> general_dn != $values_old -> general_dn ) {
// Account should be moved to a new location
// Load old account
2003-08-12 19:45:24 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixAccount " );
2003-06-08 10:33:37 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-06-28 13:14:45 +00:00
// remove "count" from array
unset ( $attr_old [ 'count' ]);
for ( $i = 0 ; $i < sizeof ( $attr_old ); $i ++ ) unset ( $attr_old [ $i ]);
$keys = array_keys ( $attr_old );
for ( $i = 0 ; $i < sizeof ( $keys ); $i ++ )
unset ( $attr_old [ $keys [ $i ]][ 'count' ]);
2003-10-20 17:56:52 +00:00
// Change uid to new uid. Else ldap won't create the new entry
2003-10-28 11:23:06 +00:00
//$attr_old['uid'][0] = $values->general_username;
$attr_rem_keys = @ array_keys ( $attr_rem );
for ( $i = 0 ; $i < count ( $attr_rem_keys ); $i ++ ) { // Remove attributes which should be deleted from array
if ( isset ( $attr_old [ $attr_rem_keys [ $i ]][ 0 ])) unset ( $attr_old [ $attr_rem_keys [ $i ]]);
}
$attr_keys = @ array_keys ( $attr );
for ( $i = 0 ; $i < count ( $attr_keys ); $i ++ ) { // Add attributes which have changed
$attr_old [ $attr_keys [ $i ]][ 0 ] = $attr [ $attr_keys [ $i ]];
}
2003-10-20 17:56:52 +00:00
// Create account at new location
2003-06-08 10:33:37 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_old );
2003-10-20 17:56:52 +00:00
// remove old account
2003-06-08 10:33:37 +00:00
if ( $success ) $success = ldap_delete ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn );
2003-08-12 19:45:24 +00:00
if ( ! $success ) return 5 ;
2003-06-08 10:33:37 +00:00
}
2003-10-28 11:23:06 +00:00
else { // Just modify, not recreate
if ( $attr ) {
// Change or add new attributes
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
if ( ! $success ) return 5 ;
}
if ( $attr_rem ) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_rem );
if ( ! $success ) return 5 ;
}
2003-10-20 17:56:52 +00:00
}
2003-10-28 11:23:06 +00:00
2003-10-20 17:56:52 +00:00
//make required changes in cache-array
2003-08-18 17:41:34 +00:00
if (( isset ( $_SESSION [ 'hostDN' ]))) {
if ( $values -> general_dn != $values_old -> general_dn ) {
unset ( $_SESSION [ 'hostDN' ][ $values_old -> general_dn ]);
}
$_SESSION [ 'hostDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'hostDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
}
2003-10-20 17:56:52 +00:00
// Return 3 if everything has worked fine
2003-05-21 11:10:28 +00:00
return 3 ;
2003-04-23 15:47:00 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will create a new group acconut in ldap
* $values is an account - object with all attributes of the group
* return - value is an integer
* 1 == Account has been created
* 2 == Account already exists at different location
* 4 == Error while creating Account
*/
function creategroup ( $values ) {
// These Objectclasses are needed for an user account
2003-06-30 12:06:44 +00:00
$attr [ 'objectClass' ][ 0 ] = 'posixGroup' ;
2003-10-20 17:56:52 +00:00
// Create DN for new user account
$values -> general_dn = 'cn=' . $values -> general_username . ',' . $values -> general_dn ;
// Attributes which are required
2003-06-01 10:02:44 +00:00
$attr [ 'cn' ] = $values -> general_username ;
$attr [ 'gidNumber' ] = $values -> general_uidNumber ;
2003-10-20 17:56:52 +00:00
/* Write unix attributes into $attr array
* Some values don ' t have to be set . These are only loaded if they are set
*/
2003-09-16 12:44:28 +00:00
if ( $values -> general_gecos ) $attr [ 'description' ] = utf8_encode ( $values -> general_gecos );
2003-10-20 17:56:52 +00:00
// Samba 3 attributes
2003-10-22 13:57:32 +00:00
// $values->smb_mapgroup is not set if creategroup is called from masscreate.php
if ( $_SESSION [ 'config' ] -> is_samba3 () && isset ( $values -> smb_mapgroup )) {
2003-06-30 12:06:44 +00:00
$attr [ 'sambaSID' ] = $values -> smb_mapgroup ;
2003-08-28 18:37:27 +00:00
$attr [ 'objectClass' ][ 1 ] = 'sambaGroupMapping' ;
2003-06-30 12:06:44 +00:00
$attr [ 'sambaGroupType' ] = '2' ;
2003-09-16 12:44:28 +00:00
if ( $values -> smb_displayName ) $attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName );
2003-06-30 12:06:44 +00:00
}
2003-10-20 17:56:52 +00:00
// Write additional group members
2003-10-19 17:04:49 +00:00
if ( is_array ( $values -> unix_memberUid )) foreach ( $values -> unix_memberUid as $user )
2003-10-07 17:52:51 +00:00
$attr [ 'memberUid' ][] = $user ;
2003-10-20 17:56:52 +00:00
// Create LDAP group account
2003-06-01 10:02:44 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
2003-10-20 17:56:52 +00:00
// Continue if now error did ocour
2003-10-17 07:58:43 +00:00
if ( ! $success ) return 4 ;
2003-10-20 17:56:52 +00:00
// lamdaemon.pl should be used. Set quotas if quotas are used
2003-10-19 17:04:49 +00:00
if ( $_SESSION [ 'config' ] -> scriptServer && is_array ( $values -> quota )) setquotas ( $values );
2003-10-20 17:56:52 +00:00
// Add new group to cache-array
2003-10-17 07:58:43 +00:00
if (( isset ( $_SESSION [ 'groupDN' ]))) {
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
2003-08-18 11:16:37 +00:00
}
2003-10-17 07:58:43 +00:00
return 1 ;
2003-05-21 11:10:28 +00:00
}
2003-10-20 17:56:52 +00:00
/* This function will modify a group acconut in ldap
* $values and $values_old are an account - object with all
* attributes of the group .
* Only attributes which have changed will be written
* return - value is an integer
* 2 == Account already exists at different location
* 3 == Account has been modified
* 5 == Error while modifying Account
*/
function modifygroup ( $values , $values_old ) {
// Add missing objectclasses to group
if ( ! in_array ( 'posixGroup' , $values -> general_objectClass )) {
$attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'posixGroup' ;
}
if (( $_SESSION [ 'config' ] -> is_samba3 ()) && ( ! in_array ( 'sambaGroupMapping' , $values -> general_objectClass ))) {
if ( ! isset ( $attr [ 'objectClass' ])) $attr [ 'objectClass' ] = $values -> general_objectClass ;
$attr [ 'objectClass' ][] = 'sambaGroupMapping' ;
$attr [ 'sambaGroupType' ] = '2' ;
}
// Create DN for new group account
2003-06-26 16:26:06 +00:00
$values -> general_dn = 'cn=' . $values -> general_username . ',' . $values -> general_dn ;
2003-06-15 19:28:15 +00:00
2003-10-20 17:56:52 +00:00
// Attributes which are required
2003-06-01 10:02:44 +00:00
if ( $values -> general_username != $values_old -> general_username ) $attr [ 'cn' ] = $values -> general_username ;
2003-09-17 16:57:01 +00:00
if ( $values -> general_uidNumber != $values_old -> general_uidNumber ) {
2003-10-28 18:24:30 +00:00
$attr [ 'gidNumber' ] = $values -> general_uidNumber ;
2003-10-20 17:56:52 +00:00
// Set correct SID if UID was changed
if ( $_SESSION [ 'config' ] -> is_samba3 ()) $attr [ 'sambaSid' ] = $values -> smb_domain -> SID . " - " . ( 2 * $values -> general_uidNumber + $values -> smb_domain -> RIDbase + 1 );
2003-09-17 16:57:01 +00:00
}
2003-09-16 12:44:28 +00:00
if ( $values -> general_gecos != $values_old -> general_gecos ) $attr [ 'description' ] = utf8_encode ( $values -> general_gecos );
2003-09-17 17:04:43 +00:00
if ( $values -> smb_displayName != $values_old -> smb_displayName )
2003-09-16 12:44:28 +00:00
$attr [ 'displayName' ] = utf8_encode ( $values -> smb_displayName );
2003-10-20 17:56:52 +00:00
// Samba 3.0 attributes
2003-10-22 13:57:32 +00:00
if ( $_SESSION [ 'config' ] -> is_samba3 ()) {
2003-06-30 12:06:44 +00:00
if ( $values -> smb_mapgroup != $values_old -> smb_mapgroup )
$attr [ 'sambaSID' ] = $values -> smb_mapgroup ;
}
2003-10-20 17:56:52 +00:00
// Write Additional group members
2003-09-01 16:04:43 +00:00
if (( $values -> unix_memberUid != $values_old -> unix_memberUid )) {
2003-09-11 16:55:57 +00:00
if ( count ( $values -> unix_memberUid ) == 0 ) $attr_rem [ 'memberUid' ] = $values_old -> unix_memberUid ;
else $attr [ 'memberUid' ] = $values -> unix_memberUid ;
2003-09-01 16:04:43 +00:00
}
2003-10-20 17:56:52 +00:00
if ( $values -> general_dn != $values_old -> general_dn ) {
// Account should be moved to a new location
// Load old account
2003-08-12 19:45:24 +00:00
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn , " objectclass=PosixGroup " );
2003-05-21 11:10:28 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr_old = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-06-28 13:14:45 +00:00
// remove "count" from array
unset ( $attr_old [ 'count' ]);
for ( $i = 0 ; $i < sizeof ( $attr_old ); $i ++ ) unset ( $attr_old [ $i ]);
2003-10-28 11:23:06 +00:00
$keys = @ array_keys ( $attr_old );
2003-06-28 13:14:45 +00:00
for ( $i = 0 ; $i < sizeof ( $keys ); $i ++ )
unset ( $attr_old [ $keys [ $i ]][ 'count' ]);
2003-10-20 17:56:52 +00:00
// Change cn to new cn. Else ldap won't create the new entry
2003-10-28 11:23:06 +00:00
//$attr_old['cn'][0] = $values->general_username;
$attr_rem_keys = @ array_keys ( $attr_rem );
for ( $i = 0 ; $i < count ( $attr_rem_keys ); $i ++ ) { // Remove attributes which should be deleted from array
if ( isset ( $attr_old [ $attr_rem_keys [ $i ]][ 0 ])) unset ( $attr_old [ $attr_rem_keys [ $i ]]);
}
$attr_keys = array_keys ( $attr );
for ( $i = 0 ; $i < count ( $attr_keys ); $i ++ ) { // Add attributes which have changed
$attr_old [ $attr_keys [ $i ]][ 0 ] = $attr [ $attr_keys [ $i ]];
}
2003-10-20 17:56:52 +00:00
// Create account at new location
2003-06-01 10:02:44 +00:00
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_old );
2003-10-20 17:56:52 +00:00
// remove old account
if ( $success ) $success = ldap_delete ( $_SESSION [ 'ldap' ] -> server (), $values_old -> general_dn );
2003-08-12 19:45:24 +00:00
if ( ! $success ) return 5 ;
2003-04-23 15:47:00 +00:00
}
2003-10-28 11:23:06 +00:00
else { // Just modify, not recreate
if ( $attr ) {
// Change or add new attributes
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr );
if ( ! $success ) return 5 ;
}
if ( $attr_rem ) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), $values -> general_dn , $attr_rem );
if ( ! $success ) return 5 ;
}
2003-10-20 17:56:52 +00:00
}
2003-10-28 11:23:06 +00:00
2003-10-20 17:56:52 +00:00
// Chnage GIDs of all users which are member of group
if ( $_SESSION [ 'final_changegids' ] == true ) {
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_UserSuffix (), 'gidNumber=' . $values_old -> general_uidNumber , array ( '' ));
2003-05-21 11:10:28 +00:00
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
2003-06-01 10:02:44 +00:00
$user [ 'gidNumber' ][ 0 ] = $values -> general_uidNumber ;
2003-10-17 09:30:13 +00:00
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ), $user );
2003-10-20 17:56:52 +00:00
if ( ! $success ) return 5 ;
2003-05-21 11:10:28 +00:00
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
2003-04-23 15:47:00 +00:00
}
}
2003-10-20 17:56:52 +00:00
// Change quotas if quotas are set and lamdaemon.pl should be used
2003-10-19 17:04:49 +00:00
if ( $_SESSION [ 'config' ] -> scriptServer && is_array ( $values -> quota )) setquotas ( $values , $values_old );
2003-10-20 17:56:52 +00:00
//make required changes in cache-array
if (( isset ( $_SESSION [ 'groupDN' ]))) {
2003-08-18 17:41:34 +00:00
if ( $values -> general_dn != $values_old -> general_dn ) {
unset ( $_SESSION [ 'groupDN' ][ $values_old -> general_dn ]);
}
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'cn' ] = $values -> general_username ;
$_SESSION [ 'groupDN' ][ $values -> general_dn ][ 'uidNumber' ] = $values -> general_uidNumber ;
}
2003-10-20 17:56:52 +00:00
// Return 3 if everything has worked fine
2003-05-31 10:52:15 +00:00
return 3 ;
2003-04-23 15:47:00 +00:00
}
2003-05-21 11:10:28 +00:00
2003-10-21 13:40:13 +00:00
?>