2006-01-01 16:30:05 +00:00
< ? php
/*
$Id $
2009-10-27 18:47:12 +00:00
This code is part of LDAP Account Manager ( http :// www . ldap - account - manager . org / )
2013-05-09 15:47:35 +00:00
Copyright ( C ) 2005 - 2013 Roland Gruber
2006-01-01 16:30:05 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*/
/**
* Manages Samba 3 domain entries .
*
* @ package modules
* @ author Roland Gruber
*/
/**
* Manages Samba 3 domain entries .
*
* @ package modules
*/
class sambaDomain extends baseModule {
2006-08-14 17:24:27 +00:00
2006-01-01 16:30:05 +00:00
/**
* Returns meta data that is interpreted by parent class
*
* @ return array array with meta data
2008-02-03 14:28:28 +00:00
*
* @ see baseModule :: get_metaData ()
2006-01-01 16:30:05 +00:00
*/
function get_metaData () {
$return = array ();
2007-11-19 18:42:03 +00:00
// icon
$return [ 'icon' ] = 'samba.png' ;
2006-01-01 16:30:05 +00:00
// manages host accounts
$return [ " account_types " ] = array ( " smbDomain " );
// alias name
$return [ " alias " ] = _ ( " Samba domain " );
// this is a base module
$return [ " is_base " ] = true ;
// RDN attribute
$return [ " RDN " ] = array ( " sambaDomainName " => " high " );
// LDAP filter
$return [ " ldap_filter " ] = array ( 'or' => " (objectClass=sambaDomain) " );
// module dependencies
$return [ 'dependencies' ] = array ( 'depends' => array (), 'conflicts' => array ());
2006-04-05 15:48:27 +00:00
// managed object classes
$return [ 'objectClasses' ] = array ( 'sambaDomain' );
2006-05-13 08:55:31 +00:00
// managed attributes
$return [ 'attributes' ] = array ( 'sambaDomainName' , 'sambaSID' , 'sambaNextRid' , 'sambaNextGroupRid' ,
2006-07-29 15:15:48 +00:00
'sambaNextUserRid' , 'sambaAlgorithmicRidBase' , 'sambaMinPwdLength' , 'sambaPwdHistoryLength' ,
'sambaLogonToChgPwd' , 'sambaForceLogoff' , 'sambaRefuseMachinePwdChange' , 'sambaLockoutThreshold' ,
'sambaMinPwdAge' , 'sambaMaxPwdAge' , 'sambaLockoutDuration' , 'sambaLockoutObservationWindow' );
2006-01-01 16:30:05 +00:00
// help Entries
$return [ 'help' ] = array (
'domainName' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Domain name " ), 'attr' => 'sambaDomainName' ,
2006-01-01 16:30:05 +00:00
" Text " => _ ( " The name of your Windows domain or workgroup. " )
),
'domainSID' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Domain SID " ), 'attr' => 'sambaSID' ,
2006-01-01 16:30:05 +00:00
" Text " => _ ( " The SID of your Samba server. Get it with \" net getlocalsid \" . " )
),
'nextRID' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Next RID " ), 'attr' => 'sambaNextRid' ,
2006-01-01 16:30:05 +00:00
" Text " => _ ( " Next RID to use when creating accounts (only used by Winbind). " )
),
'nextUserRID' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Next user RID " ), 'attr' => 'sambaNextUserRid' ,
2006-01-01 16:30:05 +00:00
" Text " => _ ( " Next RID to use when creating user accounts (only used by Winbind). " )
),
'nextGroupRID' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Next group RID " ), 'attr' => 'sambaNextGroupRid' ,
2006-01-01 16:30:05 +00:00
" Text " => _ ( " Next RID to use when creating group accounts (only used by Winbind). " )
),
2007-01-03 16:29:25 +00:00
'RIDbase' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " RID base " ), 'attr' => 'sambaAlgorithmicRidBase' ,
2006-01-01 16:30:05 +00:00
" Text " => _ ( " Used for calculating RIDs from UID/GID. Do not change if unsure. " )
2006-07-29 15:15:48 +00:00
),
'minPwdLength' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Minimal password length " ), 'attr' => 'sambaMinPwdLength' ,
2006-07-29 15:15:48 +00:00
" Text " => _ ( " Here you can specify the minimum number of characters for a user password. " )
),
'pwdHistLength' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Password history length " ), 'attr' => 'sambaPwdHistoryLength' ,
2006-07-29 15:15:48 +00:00
" Text " => _ ( " This is the number of passwords which are saved to prevent that users reuse old passwords. " )
),
'logonToChgPwd' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Logon for password change " ), 'attr' => 'sambaLogonToChgPwd' ,
2006-07-29 15:15:48 +00:00
" Text " => _ ( " If set then users need to login to change their password. " )
),
'forceLogoff' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Disconnect users outside logon hours " ), 'attr' => 'sambaForceLogoff' ,
2007-05-02 20:32:37 +00:00
" Text " => _ ( " Disconnects users if they are logged in outside logon hours. " )
2006-07-29 15:15:48 +00:00
),
'refuseMachinePwdChange' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Allow machine password changes " ), 'attr' => 'sambaRefuseMachinePwdChange' ,
2006-07-29 15:15:48 +00:00
" Text " => _ ( " Defines if workstations may change their passwords. " )
),
'lockoutThreshold' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Lockout users after bad logon attempts " ), 'attr' => 'sambaLockoutThreshold' ,
2008-04-15 14:31:17 +00:00
" Text " => _ ( " This is the number of bad logon attempts (0 - 999) before the account is deactivated. 0 means unlimited attempts. " )
2006-07-29 15:15:48 +00:00
),
'minPwdAge' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Minimum password age " ), 'attr' => 'sambaMinPwdAge' ,
2006-07-29 15:15:48 +00:00
" Text " => _ ( " Number of seconds after the user is allowed to change his password again. " )
),
'maxPwdAge' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Maximum password age " ), 'attr' => 'sambaMaxPwdAge' ,
2006-07-29 15:15:48 +00:00
" Text " => _ ( " Number of seconds after which the user must change his password. " )
),
'lockoutDuration' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Lockout duration " ), 'attr' => 'sambaLockoutDuration' ,
2006-07-29 15:15:48 +00:00
" Text " => _ ( " This is the time (in minutes) for which the user may not log in after the account was locked. -1 means forever. " )
),
'lockoutObservationWindow' => array (
2012-02-04 15:56:31 +00:00
" Headline " => _ ( " Reset time after lockout " ), 'attr' => 'sambaLockoutObservationWindow' ,
2006-07-29 15:15:48 +00:00
" Text " => _ ( " Number of minutes after which the bad logon attempts are reset. " )
2006-01-01 16:30:05 +00:00
));
// upload fields
$return [ 'upload_columns' ] = array (
array (
'name' => 'sambaDomain_domainName' ,
'description' => _ ( 'Domain name' ),
'help' => 'domainName' ,
'example' => _ ( 'Workgroup' ),
'required' => true
),
array (
'name' => 'sambaDomain_domainSID' ,
'description' => _ ( 'Domain SID' ),
'help' => 'domainSID' ,
'example' => 'S-1-1-22-123-123-123' ,
'required' => true
),
array (
'name' => 'sambaDomain_RIDbase' ,
'description' => _ ( 'RID base' ),
'help' => 'RIDbase' ,
'example' => '1000' ,
'default' => 1000
),
array (
'name' => 'sambaDomain_nextRID' ,
'description' => _ ( 'Next RID' ),
'help' => 'nextRID' ,
'example' => '12345'
),
array (
'name' => 'sambaDomain_nextUserRID' ,
'description' => _ ( 'Next user RID' ),
'help' => 'nextUserRID' ,
'example' => '12345'
),
array (
'name' => 'sambaDomain_nextGroupRID' ,
'description' => _ ( 'Next group RID' ),
'help' => 'nextGroupRID' ,
'example' => '12345'
)
);
// available PDF fields
$return [ 'PDF_fields' ] = array (
2010-04-05 12:38:23 +00:00
'domainName' => _ ( 'Domain name' ),
'domainSID' => _ ( 'Domain SID' ),
'nextRID' => _ ( 'Next RID' ),
'nextUserRID' => _ ( 'Next user RID' ),
'nextGroupRID' => _ ( 'Next group RID' ),
'RIDbase' => _ ( 'RID base' ),
'minPwdLength' => _ ( 'Minimal password length' ),
'pwdHistoryLength' => _ ( 'Password history length' ),
'logonToChgPwd' => _ ( 'Logon for password change' ),
'forceLogoff' => _ ( 'Disconnect users outside logon hours' ),
'refuseMachinePwdChange' => _ ( 'Allow machine password changes' ),
'lockoutThreshold' => _ ( 'Lockout users after bad logon attempts' ),
'minPwdAge' => _ ( 'Minimum password age' ),
'maxPwdAge' => _ ( 'Maximum password age' ),
'lockoutDuration' => _ ( 'Lockout duration' ),
'lockoutObservationWindow' => _ ( 'Reset time after lockout' )
);
2006-01-01 16:30:05 +00:00
return $return ;
}
/**
* This function fills the error message array with messages
*/
function load_Messages () {
$this -> messages [ 'domainName' ][ 0 ] = array ( 'ERROR' , _ ( 'Domain name is invalid!' ));
$this -> messages [ 'domainName' ][ 1 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' sambaDomain_domainName' , _ ( 'Domain name is invalid!' ));
$this -> messages [ 'domainSID' ][ 0 ] = array ( 'ERROR' , _ ( 'Samba 3 domain SID is invalid!' ));
$this -> messages [ 'domainSID' ][ 1 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' sambaDomain_domainSID' , _ ( 'Samba 3 domain SID is invalid!' ));
$this -> messages [ 'nextRID' ][ 0 ] = array ( 'ERROR' , _ ( 'Next RID is not a number!' ));
$this -> messages [ 'nextRID' ][ 1 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' sambaDomain_nextRID' , _ ( 'Next RID is not a number!' ));
$this -> messages [ 'nextUserRID' ][ 0 ] = array ( 'ERROR' , _ ( 'Next user RID is not a number!' ));
$this -> messages [ 'nextUserRID' ][ 1 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' sambaDomain_nextUserRID' , _ ( 'Next user RID is not a number!' ));
$this -> messages [ 'nextGroupRID' ][ 0 ] = array ( 'ERROR' , _ ( 'Next group RID is not a number!' ));
$this -> messages [ 'nextGroupRID' ][ 1 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' sambaDomain_nextGroupRID' , _ ( 'Next group RID is not a number!' ));
$this -> messages [ 'RIDbase' ][ 0 ] = array ( 'ERROR' , _ ( 'Algorithmic RID base is not a number!' ));
$this -> messages [ 'RIDbase' ][ 1 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' sambaDomain_RIDbase' , _ ( 'Algorithmic RID base is not a number!' ));
2010-03-07 15:50:38 +00:00
$this -> messages [ 'pwdAge_cmp' ][ 0 ] = array ( 'ERROR' , _ ( 'Maximum password age' ), _ ( 'Password maximum age must be bigger than password minimum age.' ));
2006-07-29 15:15:48 +00:00
$this -> messages [ 'pwdAgeMin' ][ 0 ] = array ( 'ERROR' , _ ( 'Minimum password age' ), _ ( 'Password minimum age must be are natural number.' ));
$this -> messages [ 'pwdAgeMax' ][ 0 ] = array ( 'ERROR' , _ ( 'Maximum password age' ), _ ( 'Password maximum age must be are natural number.' ));
$this -> messages [ 'lockoutDuration' ][ 0 ] = array ( 'ERROR' , _ ( 'Lockout duration' ), _ ( 'Lockout duration must be are natural number.' ));
$this -> messages [ 'lockoutObservationWindow' ][ 0 ] = array ( 'ERROR' , _ ( 'Reset time after lockout' ), _ ( 'Reset time after lockout must be are natural number.' ));
2007-10-17 17:51:31 +00:00
$this -> messages [ 'lockoutThreshold' ][ 0 ] = array ( 'ERROR' , _ ( 'Lockout users after bad logon attempts' ), _ ( 'Lockout users after bad logon attempts must be between 0 and 999.' ));
2006-01-01 16:30:05 +00:00
}
2006-08-14 17:24:27 +00:00
2006-01-01 16:30:05 +00:00
/**
2007-11-03 14:17:19 +00:00
* Returns the HTML meta data for the main account page .
*
2010-09-26 14:39:50 +00:00
* @ return htmlElement HTML meta data
2007-11-03 14:17:19 +00:00
*/
2006-08-14 17:24:27 +00:00
function display_html_attributes () {
2010-09-26 14:39:50 +00:00
$return = new htmlTable ();
2006-01-01 16:30:05 +00:00
// domain name
2010-09-26 14:39:50 +00:00
$domainName = '' ;
if ( isset ( $this -> attributes [ 'sambaDomainName' ][ 0 ])) {
$domainName = $this -> attributes [ 'sambaDomainName' ][ 0 ];
}
2007-10-03 18:02:10 +00:00
if ( $this -> getAccountContainer () -> isNewAccount ) {
2010-09-26 14:39:50 +00:00
$domainNameInput = new htmlTableExtendedInputField ( _ ( 'Domain name' ), 'domainName' , $domainName , 'domainName' );
$domainNameInput -> setRequired ( true );
$return -> addElement ( $domainNameInput , true );
2006-01-01 16:30:05 +00:00
}
else {
2010-09-26 14:39:50 +00:00
$return -> addElement ( new htmlOutputText ( _ ( 'Domain name' )));
$return -> addElement ( new htmlOutputText ( $domainName ));
$return -> addElement ( new htmlHelpLink ( 'domainName' ), true );
2006-01-01 16:30:05 +00:00
}
// domain SID
2010-09-26 14:39:50 +00:00
$domainSID = '' ;
if ( isset ( $this -> attributes [ 'sambaSID' ][ 0 ])) {
$domainSID = $this -> attributes [ 'sambaSID' ][ 0 ];
}
2007-10-03 18:02:10 +00:00
if ( $this -> getAccountContainer () -> isNewAccount ) {
2010-09-26 14:39:50 +00:00
$domainSIDInput = new htmlTableExtendedInputField ( _ ( 'Domain SID' ), 'domainSID' , $domainSID , 'domainSID' );
$domainSIDInput -> setRequired ( true );
$return -> addElement ( $domainSIDInput , true );
2006-01-01 16:30:05 +00:00
}
else {
2010-09-26 14:39:50 +00:00
$return -> addElement ( new htmlOutputText ( _ ( 'Domain SID' )));
$return -> addElement ( new htmlOutputText ( $domainSID ));
$return -> addElement ( new htmlHelpLink ( 'domainSID' ), true );
2006-01-01 16:30:05 +00:00
}
2006-07-29 15:15:48 +00:00
2010-09-26 14:39:50 +00:00
$return -> addElement ( new htmlSubTitle ( _ ( " Password policy " )), true );
2006-07-29 15:15:48 +00:00
/* group policies */
2006-08-14 17:24:27 +00:00
2006-07-29 15:15:48 +00:00
// minimum password length
2007-10-17 17:51:31 +00:00
$sambaMinPwdLength = '-' ;
if ( isset ( $this -> attributes [ 'sambaMinPwdLength' ][ 0 ])) {
$sambaMinPwdLength = $this -> attributes [ 'sambaMinPwdLength' ][ 0 ];
}
2010-09-26 14:39:50 +00:00
$return -> addElement ( new htmlTableExtendedSelect ( 'minPwdLength' , array ( '-' , 0 , 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 ),
array ( $sambaMinPwdLength ), _ ( 'Minimal password length' ), 'minPwdLength' ), true );
2006-07-29 15:15:48 +00:00
// password history length
2007-10-17 17:51:31 +00:00
$sambaPwdHistoryLength = '-' ;
if ( isset ( $this -> attributes [ 'sambaPwdHistoryLength' ][ 0 ])) {
$sambaPwdHistoryLength = $this -> attributes [ 'sambaPwdHistoryLength' ][ 0 ];
}
2010-09-26 14:39:50 +00:00
$return -> addElement ( new htmlTableExtendedSelect ( 'pwdHistLength' , array ( '-' , 0 , 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 ),
array ( $sambaPwdHistoryLength ), _ ( 'Password history length' ), 'pwdHistLength' ), true );
2007-10-17 17:51:31 +00:00
// logon to change password
$sambaLogonToChgPwd = '-' ;
if ( isset ( $this -> attributes [ 'sambaLogonToChgPwd' ][ 0 ])) {
$sambaLogonToChgPwd = $this -> attributes [ 'sambaLogonToChgPwd' ][ 0 ];
}
2010-09-26 14:39:50 +00:00
$logonPwdChangeSelect = new htmlTableExtendedSelect ( 'logonToChgPwd' , array ( '-' => '-' , _ ( 'Off' ) => '0' , _ ( 'On' ) => '2' ),
array ( $sambaLogonToChgPwd ), _ ( 'Logon for password change' ), 'logonToChgPwd' );
$logonPwdChangeSelect -> setHasDescriptiveElements ( true );
$return -> addElement ( $logonPwdChangeSelect , true );
2006-07-29 15:15:48 +00:00
// force logoff
2007-10-17 17:51:31 +00:00
$sambaForceLogoff = '-' ;
if ( isset ( $this -> attributes [ 'sambaForceLogoff' ][ 0 ])) {
$sambaForceLogoff = $this -> attributes [ 'sambaForceLogoff' ][ 0 ];
}
2010-09-26 14:39:50 +00:00
$forceLogoffSelect = new htmlTableExtendedSelect ( 'forceLogoff' , array ( '-' => '-' , _ ( 'Off' ) => '-1' , _ ( 'On' ) => '0' ),
array ( $sambaForceLogoff ), _ ( 'Disconnect users outside logon hours' ), 'forceLogoff' );
$forceLogoffSelect -> setHasDescriptiveElements ( true );
$return -> addElement ( $forceLogoffSelect , true );
2006-07-29 15:15:48 +00:00
// do not allow machine password change
2007-10-17 17:51:31 +00:00
$sambaRefuseMachinePwdChange = '-' ;
if ( isset ( $this -> attributes [ 'sambaRefuseMachinePwdChange' ][ 0 ])) {
$sambaRefuseMachinePwdChange = $this -> attributes [ 'sambaRefuseMachinePwdChange' ][ 0 ];
}
2010-09-26 14:39:50 +00:00
$refuseMachPwdChange = new htmlTableExtendedSelect ( 'refuseMachinePwdChange' , array ( '-' => '-' , _ ( 'Off' ) => '0' , _ ( 'On' ) => '1' ),
array ( $sambaRefuseMachinePwdChange ), _ ( 'Allow machine password changes' ), 'refuseMachinePwdChange' );
$refuseMachPwdChange -> setHasDescriptiveElements ( true );
$return -> addElement ( $refuseMachPwdChange , true );
2006-07-29 15:15:48 +00:00
// Lockout users after bad logon attempts
2007-10-17 17:51:31 +00:00
$sambaLockoutThreshold = '' ;
if ( isset ( $this -> attributes [ 'sambaLockoutThreshold' ][ 0 ])) {
$sambaLockoutThreshold = $this -> attributes [ 'sambaLockoutThreshold' ][ 0 ];
}
2011-10-19 18:09:08 +00:00
$sambaLockoutThresholdInput = new htmlTableExtendedInputField ( _ ( 'Lockout users after bad logon attempts' ), 'lockoutThreshold' , $sambaLockoutThreshold , 'lockoutThreshold' );
$sambaLockoutThresholdInput -> setValidationRule ( htmlElement :: VALIDATE_NUMERIC );
$return -> addElement ( $sambaLockoutThresholdInput , true );
2006-07-29 15:15:48 +00:00
// Minimum password age
2007-10-17 17:51:31 +00:00
$sambaMinPwdAge = '' ;
if ( isset ( $this -> attributes [ 'sambaMinPwdAge' ][ 0 ])) {
$sambaMinPwdAge = $this -> attributes [ 'sambaMinPwdAge' ][ 0 ];
2010-09-26 14:39:50 +00:00
}
2011-10-19 18:09:08 +00:00
$sambaMinPwdAgeInput = new htmlTableExtendedInputField ( _ ( 'Minimum password age' ), 'minPwdAge' , $sambaMinPwdAge , 'minPwdAge' );
$sambaMinPwdAgeInput -> setValidationRule ( htmlElement :: VALIDATE_NUMERIC );
$return -> addElement ( $sambaMinPwdAgeInput , true );
2006-07-29 15:15:48 +00:00
// Maximum password age
2007-10-17 17:51:31 +00:00
$sambaMaxPwdAge = '' ;
if ( isset ( $this -> attributes [ 'sambaMaxPwdAge' ][ 0 ])) {
$sambaMaxPwdAge = $this -> attributes [ 'sambaMaxPwdAge' ][ 0 ];
}
2011-10-19 18:09:08 +00:00
$sambaMaxPwdAgeInput = new htmlTableExtendedInputField ( _ ( 'Maximum password age' ), 'maxPwdAge' , $sambaMaxPwdAge , 'maxPwdAge' );
2013-08-22 16:44:40 +00:00
$sambaMaxPwdAgeInput -> setValidationRule ( htmlElement :: VALIDATE_NUMERIC_WITH_NEGATIVE );
2011-10-19 18:09:08 +00:00
$return -> addElement ( $sambaMaxPwdAgeInput , true );
2006-07-29 15:15:48 +00:00
// Lockout duration
2007-10-17 17:51:31 +00:00
$sambaLockoutDuration = '' ;
if ( isset ( $this -> attributes [ 'sambaLockoutDuration' ][ 0 ])) {
$sambaLockoutDuration = $this -> attributes [ 'sambaLockoutDuration' ][ 0 ];
}
2011-10-19 18:09:08 +00:00
$sambaLockoutDurationInput = new htmlTableExtendedInputField ( _ ( 'Lockout duration' ), 'lockoutDuration' , $sambaLockoutDuration , 'lockoutDuration' );
$sambaLockoutDurationInput -> setValidationRule ( htmlElement :: VALIDATE_NUMERIC );
$return -> addElement ( $sambaLockoutDurationInput , true );
2006-08-14 17:24:27 +00:00
// Reset time after lockout
2007-10-17 17:51:31 +00:00
$sambaLockoutObservationWindow = '' ;
if ( isset ( $this -> attributes [ 'sambaLockoutObservationWindow' ][ 0 ])) {
$sambaLockoutObservationWindow = $this -> attributes [ 'sambaLockoutObservationWindow' ][ 0 ];
}
2011-10-19 18:09:08 +00:00
$sambaLockoutObservationWindowInput = new htmlTableExtendedInputField ( _ ( 'Reset time after lockout' ), 'lockoutObservationWindow' , $sambaLockoutObservationWindow , 'lockoutObservationWindow' );
$sambaLockoutObservationWindowInput -> setValidationRule ( htmlElement :: VALIDATE_NUMERIC );
$return -> addElement ( $sambaLockoutObservationWindowInput , true );
2006-08-14 17:24:27 +00:00
2010-09-26 14:39:50 +00:00
$return -> addElement ( new htmlSubTitle ( _ ( 'RID settings' )), true );
2006-07-29 15:15:48 +00:00
2006-08-14 17:24:27 +00:00
/* RID settings */
2006-01-01 16:30:05 +00:00
// next RID
2010-09-26 14:39:50 +00:00
$nextRID = '' ;
if ( isset ( $this -> attributes [ 'sambaNextRid' ][ 0 ])) {
$nextRID = $this -> attributes [ 'sambaNextRid' ][ 0 ];
}
2011-10-19 18:09:08 +00:00
$nextRIDInput = new htmlTableExtendedInputField ( _ ( 'Next RID' ), 'nextRID' , $nextRID , 'nextRID' );
$nextRIDInput -> setValidationRule ( htmlElement :: VALIDATE_NUMERIC );
$return -> addElement ( $nextRIDInput , true );
2006-01-01 16:30:05 +00:00
// next user RID
2010-09-26 14:39:50 +00:00
$nextUserRID = '' ;
if ( isset ( $this -> attributes [ 'sambaNextUserRid' ][ 0 ])) {
$nextUserRID = $this -> attributes [ 'sambaNextUserRid' ][ 0 ];
}
2011-10-19 18:09:08 +00:00
$nextUserRIDInput = new htmlTableExtendedInputField ( _ ( 'Next user RID' ), 'nextUserRID' , $nextUserRID , 'nextUserRID' );
$nextUserRIDInput -> setValidationRule ( htmlElement :: VALIDATE_NUMERIC );
$return -> addElement ( $nextUserRIDInput , true );
2006-01-01 16:30:05 +00:00
// next group RID
2010-09-26 14:39:50 +00:00
$nextGroupRID = '' ;
if ( isset ( $this -> attributes [ 'sambaNextGroupRid' ][ 0 ])) {
$nextGroupRID = $this -> attributes [ 'sambaNextGroupRid' ][ 0 ];
}
2011-10-19 18:09:08 +00:00
$nextGroupRIDInput = new htmlTableExtendedInputField ( _ ( 'Next group RID' ), 'nextGroupRID' , $nextGroupRID , 'nextGroupRID' );
$nextGroupRIDInput -> setValidationRule ( htmlElement :: VALIDATE_NUMERIC );
$return -> addElement ( $nextGroupRIDInput , true );
2006-01-01 16:30:05 +00:00
// RID base
if ( ! isset ( $this -> attributes [ 'sambaAlgorithmicRidBase' ][ 0 ])) $this -> attributes [ 'sambaAlgorithmicRidBase' ][ 0 ] = 1000 ;
2007-10-03 18:02:10 +00:00
if ( $this -> getAccountContainer () -> isNewAccount ) {
2010-09-26 14:39:50 +00:00
$ridBaseInput = new htmlTableExtendedInputField ( _ ( 'RID base' ), 'RIDbase' , $this -> attributes [ 'sambaAlgorithmicRidBase' ][ 0 ], 'RIDbase' );
$ridBaseInput -> setRequired ( true );
2011-10-19 18:09:08 +00:00
$ridBaseInput -> setValidationRule ( htmlElement :: VALIDATE_NUMERIC );
2010-09-26 14:39:50 +00:00
$return -> addElement ( $ridBaseInput , true );
2006-01-01 16:30:05 +00:00
}
else {
2010-09-26 14:39:50 +00:00
$return -> addElement ( new htmlOutputText ( _ ( 'RID base' )));
$return -> addElement ( new htmlOutputText ( $this -> attributes [ 'sambaAlgorithmicRidBase' ][ 0 ]));
$return -> addElement ( new htmlHelpLink ( 'RIDbase' ), true );
2006-01-01 16:30:05 +00:00
}
return $return ;
}
/**
* Processes user input of the primary module page .
* It checks if all input values are correct and updates the associated LDAP attributes .
*
* @ return array list of info / error messages
*/
2006-08-14 17:24:27 +00:00
function process_attributes () {
2006-01-01 16:30:05 +00:00
$errors = array ();
2007-10-03 18:02:10 +00:00
if ( $this -> getAccountContainer () -> isNewAccount ) {
2006-01-01 16:30:05 +00:00
// domain SID
2010-04-30 21:08:44 +00:00
$this -> attributes [ 'sambaSID' ][ 0 ] = $_POST [ 'domainSID' ];
2006-01-01 16:30:05 +00:00
if ( ! get_preg ( $_POST [ 'domainSID' ], 'domainSID' )) {
$errors [] = $this -> messages [ 'domainSID' ][ 0 ];
}
else {
$this -> attributes [ 'sambaSID' ][ 0 ] = $_POST [ 'domainSID' ];
}
// RID base
if ( ! get_preg ( $_POST [ 'RIDbase' ], 'digit' ) && ! ( $_POST [ 'RIDbase' ] == '' )) {
$errors [] = $this -> messages [ 'RIDbase' ][ 0 ];
}
else {
$this -> attributes [ 'sambaAlgorithmicRidBase' ][ 0 ] = $_POST [ 'RIDbase' ];
}
// domain name
if ( ! get_preg ( $_POST [ 'domainName' ], 'domainname' ) && ! ( $_POST [ 'domainName' ] == '' )) {
$errors [] = $this -> messages [ 'domainName' ][ 0 ];
}
else {
$this -> attributes [ 'sambaDomainName' ][ 0 ] = $_POST [ 'domainName' ];
}
}
// next RID
if ( ! get_preg ( $_POST [ 'nextRID' ], 'digit' )) {
$errors [] = $this -> messages [ 'nextRID' ][ 0 ];
}
else {
$this -> attributes [ 'sambaNextRid' ][ 0 ] = $_POST [ 'nextRID' ];
}
// next user RID
if ( ! get_preg ( $_POST [ 'nextUserRID' ], 'digit' )) {
$errors [] = $this -> messages [ 'nextUserRID' ][ 0 ];
}
else {
$this -> attributes [ 'sambaNextUserRid' ][ 0 ] = $_POST [ 'nextUserRID' ];
}
// next group RID
if ( ! get_preg ( $_POST [ 'nextGroupRID' ], 'digit' )) {
$errors [] = $this -> messages [ 'nextGroupRID' ][ 0 ];
}
else {
$this -> attributes [ 'sambaNextGroupRid' ][ 0 ] = $_POST [ 'nextGroupRID' ];
}
2006-07-29 15:15:48 +00:00
// minimum password length
if ( $_POST [ 'minPwdLength' ] === '-' ) {
if ( isset ( $this -> attributes [ 'sambaMinPwdLength' ])) unset ( $this -> attributes [ 'sambaMinPwdLength' ][ 0 ]);
}
else {
$this -> attributes [ 'sambaMinPwdLength' ][ 0 ] = $_POST [ 'minPwdLength' ];
}
// password history length
if ( $_POST [ 'pwdHistLength' ] === '-' ) {
if ( isset ( $this -> attributes [ 'sambaPwdHistoryLength' ])) unset ( $this -> attributes [ 'sambaPwdHistoryLength' ][ 0 ]);
}
else {
$this -> attributes [ 'sambaPwdHistoryLength' ][ 0 ] = $_POST [ 'pwdHistLength' ];
}
// logon for password change
if ( $_POST [ 'logonToChgPwd' ] === '-' ) {
if ( isset ( $this -> attributes [ 'sambaLogonToChgPwd' ])) unset ( $this -> attributes [ 'sambaLogonToChgPwd' ][ 0 ]);
}
else {
$this -> attributes [ 'sambaLogonToChgPwd' ][ 0 ] = $_POST [ 'logonToChgPwd' ];
}
// force logoff
if ( $_POST [ 'forceLogoff' ] === '-' ) {
if ( isset ( $this -> attributes [ 'sambaForceLogoff' ])) unset ( $this -> attributes [ 'sambaForceLogoff' ][ 0 ]);
}
else {
$this -> attributes [ 'sambaForceLogoff' ][ 0 ] = $_POST [ 'forceLogoff' ];
}
// do not allow machine password changes
if ( $_POST [ 'refuseMachinePwdChange' ] === '-' ) {
if ( isset ( $this -> attributes [ 'sambaRefuseMachinePwdChange' ])) unset ( $this -> attributes [ 'sambaRefuseMachinePwdChange' ][ 0 ]);
}
else {
$this -> attributes [ 'sambaRefuseMachinePwdChange' ][ 0 ] = $_POST [ 'refuseMachinePwdChange' ];
}
// Lockout users after bad logon attempts
2007-10-17 17:51:31 +00:00
if ( ! isset ( $_POST [ 'lockoutThreshold' ]) || ( $_POST [ 'lockoutThreshold' ] == '' )) {
2006-07-29 15:15:48 +00:00
if ( isset ( $this -> attributes [ 'sambaLockoutThreshold' ])) unset ( $this -> attributes [ 'sambaLockoutThreshold' ][ 0 ]);
}
else {
2007-10-17 17:51:31 +00:00
if ( is_numeric ( $_POST [ 'lockoutThreshold' ]) && ( $_POST [ 'lockoutThreshold' ] >= 0 ) && ( $_POST [ 'lockoutThreshold' ] < 1000 )) {
$this -> attributes [ 'sambaLockoutThreshold' ][ 0 ] = $_POST [ 'lockoutThreshold' ];
}
else {
$errors [] = $this -> messages [ 'lockoutThreshold' ][ 0 ];
}
2006-07-29 15:15:48 +00:00
}
// Minimum password age
if ( ! isset ( $_POST [ 'minPwdAge' ]) || ( $_POST [ 'minPwdAge' ] == '' )) {
2013-08-22 16:44:40 +00:00
if ( isset ( $this -> attributes [ 'sambaMinPwdAge' ])) {
unset ( $this -> attributes [ 'sambaMinPwdAge' ][ 0 ]);
}
2006-07-29 15:15:48 +00:00
}
else {
if ( is_numeric ( $_POST [ 'minPwdAge' ]) && ( $_POST [ 'minPwdAge' ] > - 2 )) {
$this -> attributes [ 'sambaMinPwdAge' ][ 0 ] = $_POST [ 'minPwdAge' ];
}
else {
$errors [] = $this -> messages [ 'pwdAgeMin' ][ 0 ];
}
}
// Maximum password age
if ( ! isset ( $_POST [ 'maxPwdAge' ]) || ( $_POST [ 'maxPwdAge' ] == '' )) {
2013-08-22 16:44:40 +00:00
if ( isset ( $this -> attributes [ 'sambaMaxPwdAge' ])) {
unset ( $this -> attributes [ 'sambaMaxPwdAge' ][ 0 ]);
}
2006-07-29 15:15:48 +00:00
}
else {
if ( ! is_numeric ( $_POST [ 'maxPwdAge' ]) || ( $_POST [ 'maxPwdAge' ] < - 1 )) {
$errors [] = $this -> messages [ 'pwdAgeMax' ][ 0 ];
}
2013-08-22 16:44:40 +00:00
elseif (( $_POST [ 'maxPwdAge' ] > 1 ) && ( $_POST [ 'maxPwdAge' ] < $_POST [ 'minPwdAge' ])) {
2006-07-29 15:15:48 +00:00
$errors [] = $this -> messages [ 'pwdAge_cmp' ][ 0 ];
}
else {
$this -> attributes [ 'sambaMaxPwdAge' ][ 0 ] = $_POST [ 'maxPwdAge' ];
}
}
// Lockout duration
if ( ! isset ( $_POST [ 'lockoutDuration' ]) || ( $_POST [ 'lockoutDuration' ] == '' )) {
if ( isset ( $this -> attributes [ 'sambaLockoutDuration' ])) unset ( $this -> attributes [ 'sambaLockoutDuration' ][ 0 ]);
}
else {
if ( is_numeric ( $_POST [ 'lockoutDuration' ]) && ( $_POST [ 'lockoutDuration' ] > - 2 )) {
$this -> attributes [ 'sambaLockoutDuration' ][ 0 ] = $_POST [ 'lockoutDuration' ];
}
else {
$errors [] = $this -> messages [ 'lockoutDuration' ][ 0 ];
}
}
// Reset time after lockout
if ( ! isset ( $_POST [ 'lockoutObservationWindow' ]) || ( $_POST [ 'lockoutObservationWindow' ] == '' )) {
if ( isset ( $this -> attributes [ 'sambaLockoutObservationWindow' ])) unset ( $this -> attributes [ 'sambaLockoutObservationWindow' ][ 0 ]);
}
else {
if ( is_numeric ( $_POST [ 'lockoutObservationWindow' ]) && ( $_POST [ 'lockoutObservationWindow' ] > - 1 )) {
$this -> attributes [ 'sambaLockoutObservationWindow' ][ 0 ] = $_POST [ 'lockoutObservationWindow' ];
}
else {
$errors [] = $this -> messages [ 'lockoutObservationWindow' ][ 0 ];
}
}
2006-08-16 17:42:35 +00:00
return $errors ;
2006-01-01 16:30:05 +00:00
}
/**
* In this function the LDAP account is built up .
*
* @ param array $rawAccounts list of hash arrays ( name => value ) from user input
* @ param array $ids list of IDs for column position ( e . g . " posixAccount_uid " => 5 )
2012-07-15 12:05:47 +00:00
* @ param array $partialAccounts list of hash arrays ( name => value ) which are later added to LDAP
2010-02-15 20:21:44 +00:00
* @ param array $selectedModules list of selected account modules
2006-01-01 16:30:05 +00:00
* @ return array list of error messages if any
*/
2010-02-15 20:21:44 +00:00
function build_uploadAccounts ( $rawAccounts , $ids , & $partialAccounts , $selectedModules ) {
2006-01-01 16:30:05 +00:00
$messages = array ();
for ( $i = 0 ; $i < sizeof ( $rawAccounts ); $i ++ ) {
// add object class
if ( ! in_array ( " sambaDomain " , $partialAccounts [ $i ][ 'objectClass' ])) $partialAccounts [ $i ][ 'objectClass' ][] = " sambaDomain " ;
// domain name
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_domainName' ]], 'domainname' )) {
$partialAccounts [ $i ][ 'sambaDomainName' ] = $rawAccounts [ $i ][ $ids [ 'sambaDomain_domainName' ]];
}
else {
$errMsg = $this -> messages [ 'domainName' ][ 1 ];
array_push ( $errMsg , array ( $i ));
$messages [] = $errMsg ;
}
// domain SID
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_domainSID' ]], 'domainSID' )) {
$partialAccounts [ $i ][ 'sambaSID' ] = $rawAccounts [ $i ][ $ids [ 'sambaDomain_domainSID' ]];
}
else {
$errMsg = $this -> messages [ 'domainSID' ][ 1 ];
array_push ( $errMsg , array ( $i ));
$messages [] = $errMsg ;
}
// RID base
if ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_RIDbase' ]]) {
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_RIDbase' ]], 'digit' )) {
$partialAccounts [ $i ][ 'sambaAlgorithmicRidBase' ] = $rawAccounts [ $i ][ $ids [ 'sambaDomain_RIDbase' ]];
}
else {
$errMsg = $this -> messages [ 'RIDbase' ][ 1 ];
array_push ( $errMsg , array ( $i ));
$messages [] = $errMsg ;
}
}
else {
$partialAccounts [ $i ][ 'sambaAlgorithmicRidBase' ] = '1000' ;
}
// next RID
if ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_nextRID' ]]) {
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_nextRID' ]], 'digit' )) {
$partialAccounts [ $i ][ 'sambaNextRid' ] = $rawAccounts [ $i ][ $ids [ 'sambaDomain_nextRID' ]];
}
else {
$errMsg = $this -> messages [ 'nextRID' ][ 1 ];
array_push ( $errMsg , array ( $i ));
$messages [] = $errMsg ;
}
}
// next user RID
if ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_nextUserRID' ]]) {
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_nextUserRID' ]], 'digit' )) {
$partialAccounts [ $i ][ 'sambaNextUserRid' ] = $rawAccounts [ $i ][ $ids [ 'sambaDomain_nextUserRID' ]];
}
else {
$errMsg = $this -> messages [ 'nextUserRID' ][ 1 ];
array_push ( $errMsg , array ( $i ));
$messages [] = $errMsg ;
}
}
// next group RID
if ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_nextGroupRID' ]]) {
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'sambaDomain_nextGroupRID' ]], 'digit' )) {
$partialAccounts [ $i ][ 'sambaNextGroupRid' ] = $rawAccounts [ $i ][ $ids [ 'sambaDomain_nextGroupRID' ]];
}
else {
$errMsg = $this -> messages [ 'nextGroupRID' ][ 1 ];
array_push ( $errMsg , array ( $i ));
$messages [] = $errMsg ;
}
}
}
return $messages ;
}
/**
* Returns the PDF entries for this module .
2006-08-14 17:24:27 +00:00
*
2006-01-01 16:30:05 +00:00
* @ return array list of possible PDF entries
*/
function get_pdfEntries () {
$return = array ();
2013-05-09 15:47:35 +00:00
$this -> addSimplePDFField ( $return , 'domainName' , _ ( 'Domain name' ), 'sambaDomainName' );
$this -> addSimplePDFField ( $return , 'domainSID' , _ ( 'Domain SID' ), 'sambaSID' );
$this -> addSimplePDFField ( $return , 'nextRID' , _ ( 'Next RID' ), 'sambaNextRid' );
$this -> addSimplePDFField ( $return , 'nextUserRID' , _ ( 'Next user RID' ), 'sambaNextUserRid' );
$this -> addSimplePDFField ( $return , 'nextGroupRID' , _ ( 'Next group RID' ), 'sambaNextGroupRid' );
$this -> addSimplePDFField ( $return , 'RIDbase' , _ ( 'RID base' ), 'sambaAlgorithmicRidBase' );
$this -> addSimplePDFField ( $return , 'minPwdLength' , _ ( 'Minimal password length' ), 'sambaMinPwdLength' );
$this -> addSimplePDFField ( $return , 'pwdHistoryLength' , _ ( 'Password history length' ), 'sambaPwdHistoryLength' );
$this -> addSimplePDFField ( $return , 'lockoutThreshold' , _ ( 'Lockout users after bad logon attempts' ), 'sambaLockoutThreshold' );
$this -> addSimplePDFField ( $return , 'minPwdAge' , _ ( 'Minimum password age' ), 'sambaMinPwdAge' );
$this -> addSimplePDFField ( $return , 'maxPwdAge' , _ ( 'Maximum password age' ), 'sambaMaxPwdAge' );
$this -> addSimplePDFField ( $return , 'lockoutDuration' , _ ( 'Lockout duration' ), 'sambaLockoutDuration' );
$this -> addSimplePDFField ( $return , 'lockoutObservationWindow' , _ ( 'Reset time after lockout' ), 'sambaLockoutObservationWindow' );
2006-07-29 15:15:48 +00:00
if ( isset ( $this -> attributes [ 'sambaLogonToChgPwd' ])) {
$logonToChgPwd = _ ( 'Off' );
if ( $this -> attributes [ 'sambaPwdHistoryLength' ][ 0 ] == 2 ) $logonToChgPwd = _ ( 'On' );
$return [ 'sambaDomain_logonToChgPwd' ][ 0 ] = '<block><key>' . _ ( 'Logon for password change' ) . '</key><value>' . $logonToChgPwd . '</value></block>' ;
}
if ( isset ( $this -> attributes [ 'sambaForceLogoff' ])) {
$forceLogoff = _ ( 'Off' );
if ( $this -> attributes [ 'sambaForceLogoff' ][ 0 ] == 0 ) $forceLogoff = _ ( 'On' );
$return [ 'sambaDomain_forceLogoff' ][ 0 ] = '<block><key>' . _ ( 'Disconnect users outside logon hours' ) . '</key><value>' . $forceLogoff . '</value></block>' ;
}
if ( isset ( $this -> attributes [ 'sambaRefuseMachinePwdChange' ])) {
$refuseMachinePwdChange = _ ( 'Off' );
if ( $this -> attributes [ 'sambaRefuseMachinePwdChange' ][ 0 ] == 0 ) $refuseMachinePwdChange = _ ( 'On' );
$return [ 'sambaDomain_refuseMachinePwdChange' ][ 0 ] = '<block><key>' . _ ( 'Allow machine password changes' ) . '</key><value>' . $refuseMachinePwdChange . '</value></block>' ;
}
2006-01-01 16:30:05 +00:00
return $return ;
}
}
?>