LDAPAccountManager/lam/lib/modules/posixGroup.inc

911 lines
39 KiB
PHP
Raw Normal View History

<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 Tilo Lutz
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
2005-07-21 10:33:02 +00:00
/**
* Manages Unix accounts for groups.
*
* @package modules
*
* @author Tilo Lutz
* @author Roland Gruber
* @author Michael Duergner
*/
/**
* Manages the object class "posixGroup" for groups.
*
* @package modules
*/
class posixGroup extends baseModule {
// Variables
// Use a unix password?
var $userPassword_nopassword;
// Use invalid password, '*', e.g. * for services
var $userPassword_invalid;
// Lock password
var $userPassword_lock;
// change gids of users and hosts?
var $changegids;
/**
* In this function the LDAP account is built up.
*
* @param array $rawAccounts list of hash arrays (name => value) from user input
* @param array $partialAccounts list of hash arrays (name => value) which are later added to LDAP
* @param array $ids list of IDs for column position (e.g. "posixAccount_uid" => 5)
* @return array list of error messages if any
*/
function build_uploadAccounts($rawAccounts, $ids, &$partialAccounts) {
$error_messages = array();
$needAutoGID = array();
for ($i = 0; $i < sizeof($rawAccounts); $i++) {
2004-09-21 18:32:44 +00:00
if (!in_array("posixGroup", $partialAccounts[$i]['objectClass'])) $partialAccounts[$i]['objectClass'][] = "posixGroup";
// group name
if (get_preg($rawAccounts[$i][$ids['posixGroup_cn']], 'groupname')) {
$partialAccounts[$i]['cn'] = $rawAccounts[$i][$ids['posixGroup_cn']];
}
else {
$errMsg = $this->messages['cn'][3];
array_push($errMsg, array($i));
$error_messages[] = $errMsg;
}
// GID
if ($rawAccounts[$i][$ids['posixGroup_gid']] == "") {
// autoGID
$needAutoGID[] = $i;
}
elseif (get_preg($rawAccounts[$i][$ids['posixGroup_gid']], 'digit')) {
$partialAccounts[$i]['gidNumber'] = $rawAccounts[$i][$ids['posixGroup_gid']];
}
else {
$errMsg = $this->messages['gidNumber'][8];
array_push($errMsg, array($i));
$error_messages[] = $errMsg;
}
// description (UTF-8, no regex check needed)
if ($rawAccounts[$i][$ids['posixGroup_description']] == "") {
$partialAccounts[$i]['description'] = $partialAccounts[$i]['cn'];
}
else {
$partialAccounts[$i]['description'] = $rawAccounts[$i][$ids['posixGroup_description']];
}
// group members
if ($rawAccounts[$i][$ids['posixGroup_members']] != "") {
if (get_preg($rawAccounts[$i][$ids['posixGroup_members']], 'usernameList')) {
$partialAccounts[$i]['memberUid'] = explode(",", $rawAccounts[$i][$ids['posixGroup_members']]);
}
else {
2004-10-03 18:06:57 +00:00
$errMsg = $this->messages['memberUID'][0];
array_push($errMsg, $i);
$error_messages[] =$errMsg;
}
}
// password
if ($rawAccounts[$i][$ids['posixGroup_password']] != "") {
if (get_preg($rawAccounts[$i][$ids['posixGroup_password']], 'password')) {
$partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['posixGroup_password']], true, $this->moduleSettings['posixGroup_pwdHash'][0]);
}
else {
$error_messages[] = $this->messages['userPassword'][1];
}
}
}
// fill in autoGIDs
if (sizeof($needAutoGID) > 0) {
2005-03-25 12:54:04 +00:00
$errorsTemp = array();
$gids = $this->getNextGIDs(sizeof($needAutoGID), $errorsTemp);
if (is_array($gids)) {
for ($i = 0; $i < sizeof($needAutoGID); $i++) {
$partialAccounts[$i]['gidNumber'] = $gids[$i];
}
}
else {
$error_messages[] = $this->messages['gidNumber'][2];
}
}
return $error_messages;
}
function delete_attributes($post) {
2005-07-30 09:01:56 +00:00
$data = $_SESSION['cache']->get_cache('gidNumber', 'posixAccount', 'user');
$DNs = array_keys($data);
$found = false;
for ($i = 0; $i < sizeof($DNs); $i++) {
if ($data[$DNs[$i]][0] == $this->attributes['gidNumber'][0]) {
$found = true;
break;
}
}
if ($found) {
$return[$_SESSION[$this->base]->dn]['errors'][] = $this->messages['primaryGroup'][0];
}
return $return;
}
/* This function will create the html-page
* to show a page with all attributes.
* It will output a complete html-table
*/
2005-02-16 21:00:19 +00:00
function display_html_attributes(&$post) {
// check password format if called the first time
if (!isset($this->userPassword_invalid)) {
if ($this->attributes['userPassword'][0]) {
if ($this->attributes['userPassword'][0] == '*') $this->userPassword_invalid = true;
else $this->userPassword_invalid = false;
if (pwd_is_enabled($this->attributes['userPassword'][0])) $this->userPassword_lock = false;
else $this->userPassword_lock = true;
}
else $this->userPassword_nopassword = true;
}
$return[] = array(
2005-06-18 16:12:01 +00:00
0 => array('kind' => 'text', 'text' => _("Group name").'*'),
1 => array('kind' => 'input', 'name' => 'cn', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['cn'][0]),
2 => array('kind' => 'help', 'value' => 'cn'));
$return[] = array(
0 => array('kind' => 'text', 'text' => _('GID number').'*'),
1 => array('kind' => 'input', 'name' => 'gidNumber', 'type' => 'text', 'size' => '6', 'maxlength' => '6', 'value' => $this->attributes['gidNumber'][0]),
2 => array('kind' => 'help', 'value' => 'gidNumber'));
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Description')),
1 => array('kind' => 'input', 'name' => 'description', 'type' => 'text', 'size' => '30', 'maxlength' => '255', 'value' => $this->attributes['description'][0]),
2 => array ('kind' => 'help', 'value' => 'description'));
$return[] = array(
2005-12-09 14:23:07 +00:00
0 => array('kind' => 'text', 'text' => _("Group members")),
1 => array('kind' => 'input', 'name' => 'form_subpage_posixGroup_user_open', 'type' => 'submit', 'value' => _('Edit members')),
2005-12-09 14:23:07 +00:00
2 => array ('kind' => 'help', 'value' => 'members'));
if ($_SESSION[$this->base]->isNewAccount) {
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Password')),
1 => array('kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]),
2 => array('kind' => 'input', 'name' => 'genpass', 'type' => 'submit', 'value' => _('Generate password')));
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Repeat password')),
1 => array('kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $this->attributes['userPassword'][0]),
2005-12-09 14:23:07 +00:00
2 => array('kind' => 'help', 'value' => 'password'));
}
else {
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Password') ),
1 => array('kind' => 'input', 'name' => 'form_subpage_posixGroup_password_open', 'type' => 'submit', 'value' => _('Change password')));
}
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Set no password')),
1 => array('kind' => 'input', 'name' => 'userPassword_nopassword', 'type' => 'checkbox', 'checked' => $this->userPassword_nopassword),
2005-12-09 14:23:07 +00:00
2 => array('kind' => 'help', 'value' => 'userPassword_no'));
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Invalid password')),
1 => array('kind' => 'input', 'name' => 'userPassword_invalid', 'type' => 'checkbox', 'checked' => $this->userPassword_invalid),
2 => array('kind' => 'help', 'value' => 'userPassword_invalid'));
if ($_SESSION[$this->base]->isNewAccount || isset($this->attributes['userPassword'][0])) {
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Lock password')),
1 => array('kind' => 'input', 'name' => 'userPassword_lock', 'type' => 'checkbox', 'checked' => $this->userPassword_lock),
2 => array('kind' => 'help', 'value' => 'userPassword_lock'));
}
if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='')
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Change GID number of users and hosts')),
1 => array('kind' => 'input', 'name' => 'changegids', 'type' => 'checkbox', 'checked' => $this->changegids, 'value' => true),
2 => array('kind' => 'help', 'value' => 'changegids'));
return $return;
}
2005-04-22 13:33:34 +00:00
/**
* Displays selections to add or remove users from current group.
*
* @param array $post HTTP-POST
* @return array meta HTML output
*/
2005-02-16 21:00:19 +00:00
function display_html_user(&$post) {
2005-04-22 13:33:34 +00:00
// load list with all users
$dn_users = $_SESSION['cache']->get_cache(array('uid', 'gidNumber'), 'posixAccount', 'user');
$users = array();
if (is_array($dn_users)) {
$DNs = array_keys($dn_users);
for ($i = 0; $i < sizeof($DNs); $i++) {
// users who can be added have a uid and gidNumber
if (isset($dn_users[$DNs[$i]]['uid'][0]) && isset($dn_users[$DNs[$i]]['gidNumber'][0]) &&
// are not already member
!in_array($dn_users[$DNs[$i]]['uid'][0], $this->attributes['memberUid']) &&
// and do not have this group as their primary group
!($this->attributes['gidNumber'][0] == $dn_users[$DNs[$i]]['gidNumber'][0])) {
$users[] = $dn_users[$DNs[$i]]['uid'][0];
}
}
}
2005-04-22 13:33:34 +00:00
$return[] = array(
0 => array('kind' => 'fieldset', 'legend' => _("Group members"), 'value' => array (
0 => array(
0 => array('kind' => 'fieldset', 'td' => array ('valign' => 'top'), 'legend' => _("Selected users"), 'value' => array (
0 => array(
0 => array ( 'kind' => 'select', 'name' => 'removeusers', 'size' => '15', 'multiple' => true, 'options' => $this->attributes['memberUid'])))),
1 => array('kind' => 'table', 'value' => array(
0 => array(
2005-04-23 14:25:40 +00:00
0 => array('kind' => 'input', 'type' => 'submit', 'name' => 'addusers_button', 'value' => '<=', 'td' => array('align' => 'center'))),
2005-04-22 13:33:34 +00:00
1 => array(
2005-04-23 14:25:40 +00:00
0 => array('kind' => 'input', 'type' => 'submit', 'name' => 'removeusers_button', 'value' => '=>', 'td' => array('align' => 'center'))),
2005-04-22 13:33:34 +00:00
2 => array(
2005-04-23 14:25:40 +00:00
0 => array('kind' => 'help', 'value' => 'adduser', 'td' => array('align' => 'center'))))),
2005-04-22 13:33:34 +00:00
2 => array('kind' => 'fieldset', 'td' => array('valign' => 'top'), 'legend' => _("Available users"), 'value' => array(
0 => array(
0 => array('kind' => 'select', 'name' => 'addusers', 'size' => '15', 'multiple' => true, 'options' => $users))))
))));
2005-04-22 13:33:34 +00:00
$return[] = array(
0 => array('kind' => 'input', 'name' => 'form_subpage_posixGroup_attributes_back' ,'type' => 'submit', 'value' => _('Back') ),
2005-04-22 13:33:34 +00:00
1 => array('kind' => 'text'),
2 => array('kind' => 'text'));
return $return;
}
/**
* Displays the password changing dialog.
*
* @param array $post HTTP-POST
* @return array meta HTML code
*/
function display_html_password(&$post) {
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Password') ),
1 => array('kind' => 'input', 'name' => 'userPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => ""),
2 => array('kind' => 'help', 'value' => 'password'));
$return[] = array(
0 => array('kind' => 'text', 'text' => _('Repeat password')),
1 => array('kind' => 'input', 'name' => 'userPassword2', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => ""));
$return[] = array(
0 => array('kind' => 'table', 'value' => array(
0 => array(
0 => array('kind' => 'input', 'type' => 'submit', 'value' => _('Submit'), 'name' => 'form_subpage_posixGroup_attributes_submit'),
1 => array('kind' => 'input', 'type' => 'submit', 'value' => _('Back'), 'name' => 'form_subpage_posixGroup_attributes_back'),
2 => array('kind' => 'text')))));
return $return;
}
/**
* Returns meta data that is interpreted by parent class
*
* @return array array with meta data
*/
function get_metaData() {
$return = array();
2004-06-13 19:58:58 +00:00
// manages group accounts
$return["account_types"] = array("group");
if ($this->get_scope() == "group") {
2004-06-11 15:44:49 +00:00
// this is a base module
$return["is_base"] = true;
2004-06-11 15:44:49 +00:00
// LDAP filter
$return["ldap_filter"] = array('or' => "(objectClass=posixGroup)");
}
2004-06-14 16:05:36 +00:00
// alias name
$return["alias"] = _('Unix');
2004-10-06 18:17:22 +00:00
// RDN attribute
$return["RDN"] = array("cn" => "normal");
2004-06-20 17:32:02 +00:00
// module dependencies
$return['dependencies'] = array('depends' => array(), 'conflicts' => array());
2004-07-26 15:15:30 +00:00
// configuration options
$return['config_options']['group'] = array(
2004-11-14 13:50:57 +00:00
array(
0 => array('kind' => 'text', 'text' => '<b>' . _('Minimum GID number') . " *: </b>"),
1 => array('kind' => 'input', 'name' => 'posixGroup_minGID', 'type' => 'text', 'size' => '10', 'maxlength' => '255'),
2 => array('kind' => 'text', 'value' => '&nbsp;'),
3 => array('kind' => 'text', 'text' => '<b>' . _('Maximum GID number') . " *: </b>"),
4 => array('kind' => 'input', 'name' => 'posixGroup_maxGID', 'type' => 'text', 'size' => '10', 'maxlength' => '255'),
5 => array('kind' => 'help', 'value' => 'minMaxGID')),
array(
0 => array('kind' => 'text', 'text' => '<b>' . _("Password hash type") . ': &nbsp;</b>'),
1 => array('kind' => 'select', 'name' => 'posixGroup_pwdHash', 'size' => '1',
'options' => array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"), 'options_selected' => array('SSHA')),
2 => array('kind' => 'text', 'value' => '&nbsp;'),
3 => array('kind' => 'text', 'value' => '&nbsp;'),
4 => array('kind' => 'text', 'value' => '&nbsp;'),
5 => array('kind' => 'help', 'value' => 'pwdHash'))
);
2004-07-26 15:15:30 +00:00
// configuration descriptions
$return['config_descriptions'] = array(
2004-11-14 13:50:57 +00:00
'legend' => _("GID ranges for Unix groups"),
'descriptions' => array(
'posixGroup_minGID' => _("Minimum GID number for Unix groups"),
'posixGroup_maxGID' => _("Maximum GID number for Unix groups"),
'posixGroup_pwdHash' => _("Password hash type for Unix groups"),
)
2004-07-26 15:15:30 +00:00
);
// configuration checks
2004-09-26 14:51:18 +00:00
$return['config_checks']['group']['posixGroup_minGID'] = array (
'type' => 'ext_preg',
'regex' => 'digit',
'required' => true,
2004-09-26 14:56:34 +00:00
'required_message' => $this->messages['gidNumber'][5],
'error_message' => $this->messages['gidNumber'][5]);
2004-09-26 14:51:18 +00:00
$return['config_checks']['group']['posixGroup_maxGID'] = array (
'type' => 'ext_preg',
'regex' => 'digit',
'required' => true,
2004-09-26 14:56:34 +00:00
'required_message' => $this->messages['gidNumber'][6],
'error_message' => $this->messages['gidNumber'][6]);
2004-09-26 14:51:18 +00:00
$return['config_checks']['group']['cmpGID'] = array (
'type' => 'int_greater',
'cmp_name1' => 'posixGroup_maxGID',
'cmp_name2' => 'posixGroup_minGID',
2004-09-26 14:56:34 +00:00
'error_message' => $this->messages['gidNumber'][7]);
// available PDF fields
2004-10-30 16:46:06 +00:00
$return['PDF_fields'] = array(
'cn',
'gidNumber',
'memberUid',
'description'
);
2004-08-28 11:53:40 +00:00
// upload fields
$return['upload_columns'] = array(
array(
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_cn',
'description' => _('Group name'),
'help' => 'cn',
'example' => _('adminstrators'),
'required' => true,
'unique' => true
),
array(
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_gid',
'description' => _('GID number'),
'help' => 'gidNumber',
'example' => '2034'
),
array(
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_description',
'description' => _('Group description'),
'help' => 'description',
'example' => _('Administrators group')
),
array(
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_members',
'description' => _('Group members'),
'help' => 'upload_members',
'example' => _('user01,user02,user03')
),
array(
2004-11-14 13:50:57 +00:00
'name' => 'posixGroup_password',
'description' => _('Group password'),
'help' => 'password',
'example' => _('secret')
)
2004-08-28 11:53:40 +00:00
);
// help Entries
2004-09-26 10:58:36 +00:00
$return['help'] = array(
2004-10-30 16:46:06 +00:00
'cn' => array(
2005-06-18 16:12:01 +00:00
"Headline" => _("Group name"),
"Text" => _("Group name of the group which should be created. Valid characters are: a-z,0-9, .-_. LAM does not allow a number as first character because groupadd also does not allow it. LAM does not allow capital letters A-Z because it can cause several problems. If group name is already used group name will be expanded with a number. The next free number will be used.")
2004-10-30 16:46:06 +00:00
),
'gidNumber' => array(
"Headline" => _("GID number"),
"Text" => _("If empty GID number will be generated automaticly depending on your configuration settings.")
),
'description' => array(
"Headline" => _("Description"),
"Text" => _("Group description. If left empty group name will be used.")
),
'members' => array(
"Headline" => _("Group members"),
2005-12-09 14:23:07 +00:00
"Text" => _("Users who are member of the current group.")
2004-10-30 16:46:06 +00:00
),
'upload_members' => array(
"Headline" => _("Group members"),
2004-11-07 13:25:48 +00:00
"Text" => _("Users who will become member of the current group. User names are separated by semicolons.")
2004-10-30 16:46:06 +00:00
),
'password' => array(
"Headline" => _("Group password"),
"Text" => _("Sets the group password.")
),
'userPassword_no' => array(
"Headline" => _("Use no password"),
"Text" => _("If checked no password will be used.")
),
2005-12-09 14:23:07 +00:00
'userPassword_lock' => array(
"Headline" => _("Account deactivated"),
"Text" => _("If checked account will be deactivated by putting a \"!\" before the encrypted password.")
),
'userPassword_invalid' => array(
"Headline" => _("Invalid password"),
"Text" => _("This will set an invalid password which prevents logins with this account.")
),
2004-10-30 16:46:06 +00:00
'minMaxGID' => array(
"Headline" => _("GID number"),
"Text" => _("These are the minimum and maximum numbers to use for group IDs when creating new group accounts. New group accounts will always get the highest number in use plus one.")
),
'pwdHash' => array(
"Headline" => _("Password hash type"),
"Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
)
2004-09-26 10:58:36 +00:00
);
return $return;
}
/**
* Returns the PDF entries for this module.
*
* @return array list of possible PDF entries
*/
function get_pdfEntries() {
2005-07-15 13:34:29 +00:00
return array(
'posixGroup_cn' => array('<block><key>' . _('Group name') . '</key><value>' . $this->attributes['cn'][0] . '</value></block>'),
'posixGroup_gidNumber' => array('<block><key>' . _('GID number') . '</key><value>' . $this->attributes['gidNumber'][0] . '</value></block>'),
2005-07-15 13:34:29 +00:00
'posixGroup_memberUid' => array('<block><key>' . _('Group members') . '</key><value>' . implode(', ', $this->attributes['memberUid']) . '</value></block>'),
'posixGroup_description' => array('<block><key>' . _('Description') . '</key><value>' . $this->attributes['description'][0] . '</value></block>'));
}
/** This functin will be called when the module will be loaded **/
function init($base) {
// call parent init
parent::init($base);
$this->changegids=false;
}
2004-06-14 16:05:36 +00:00
/** this functin fills the error message array with messages
**/
function load_Messages() {
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
$this->messages['userPassword'][3] = array('ERROR', _('Password'), _('You cannot use this password options at the same time.'));
$this->messages['gidNumber'][0] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.'));
$this->messages['gidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
$this->messages['gidNumber'][3] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
$this->messages['gidNumber'][4] = array('ERROR', _('ID-Number'), _('ID is already in use'));
2004-09-26 14:51:18 +00:00
$this->messages['gidNumber'][5] = array('ERROR', _('Minimum GID number'), _('Minimum GID number is invalid or empty!'));
$this->messages['gidNumber'][6] = array('ERROR', _('Maximum GID number'), _('Maximum GID number is invalid or empty!'));
$this->messages['gidNumber'][7] = array('ERROR', _('Maximum GID number'), _('Maximum GID number must be greater than minimum GID number!'));
2004-10-23 11:11:31 +00:00
$this->messages['gidNumber'][8] = array('ERROR', _('Account %s:') . ' posixGroup_gid', _('GID number has to be a numeric value!'));
2005-06-18 16:12:01 +00:00
$this->messages['cn'][0] = array('WARN', _('Group name'), _('You are using a capital letters. This can cause problems because Windows isn\'t case-sensitive.'));
$this->messages['cn'][1] = array('WARN', _('Group name'), _('Group name in use. Selected next free group name.'));
$this->messages['cn'][2] = array('ERROR', _('Group name'), _('Group name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
$this->messages['cn'][3] = array('ERROR', _('Account %s:') . ' posixGroup_cn', _('Group name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
2004-10-23 11:11:31 +00:00
$this->messages['memberUID'][0] = array('ERROR', _('Account %s:') . ' posixGroup_members', _("This value must be a list of user names separated by semicolons."));
2005-07-30 09:01:56 +00:00
$this->messages['primaryGroup'][0] = array('ERROR', _('Primary group'), _('There are still users who have this group as their primary group.'));
}
/* This functions return true
* if all needed settings are done
*/
function module_complete() {
2005-08-26 08:53:16 +00:00
if (!$_SESSION[$this->base]->isNewAccount) {
// check if account is based on our object class
$objectClasses = $_SESSION[$this->base]->attributes_orig['objectClass'];
if (is_array($objectClasses) && !in_array('posixGroup', $objectClasses)) {
return true;
}
}
if ($this->attributes['cn'][0] == '') return false;
if ($this->attributes['gidNumber'][0] == '') return false;
return true;
}
2005-08-26 08:53:16 +00:00
/**
* Controls if the module button the account page is visible and activated.
*
* @return string status ("enabled", "disabled", "hidden")
*/
function getButtonStatus() {
if (!$_SESSION[$this->base]->isNewAccount) {
// check if account is based on our object class
$objectClasses = $_SESSION[$this->base]->attributes_orig['objectClass'];
if (is_array($objectClasses) && !in_array('posixGroup', $objectClasses)) {
return "disabled";
}
}
return "enabled";
}
/**
* Processes user input of the primary module page.
* It checks if all input values are correct and updates the associated LDAP attributes.
*
* @param array $post HTTP-POST values
* @return array list of info/error messages
*/
2005-03-10 18:35:04 +00:00
function process_attributes(&$post) {
2003-12-30 15:36:30 +00:00
$this->attributes['description'][0] = $post['description'];
if (($post['userPassword_lock'] && $post['userPassword_invalid']) || ($post['userPassword_nopassword'] && $post['userPassword_invalid'])) {
// found invalid password parameter combination
$triggered_messages['userPassword'][] = $this->messages['userPassword'][3];
}
else {
if ($post['userPassword_nopassword']) {
$this->userPassword_nopassword=true;
$this->userPassword_invalid=false;
$this->attributes['userPassword'][0] = '';
$post['userPassword2'] = '';
if ($post['userPassword_lock'])
$this->userPassword_lock=true;
else $this->userPassword_lock=false;
}
else {
$this->userPassword_nopassword=false;
if ($post['userPassword_invalid']) {
$this->userPassword_invalid=true;
$this->userPassword_lock=false;
$post['userPassword2'] = '';
}
else {
$this->userPassword_invalid=false;
if ($post['genpass']) $this->attributes['userPassword'][0] = genpasswd();
elseif ($_SESSION[$this->base]->isNewAccount) {
if ($post['userPassword'] != $post['userPassword2'])
$triggered_messages['userPassword'][] = $this->messages['userPassword'][0];
else $this->attributes['userPassword'][0] = $post['userPassword'];
if (!get_preg($this->attributes['userPassword'][0], 'password'))
$triggered_messages['userPassword'][] = $this->messages['userPassword'][1];
}
if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
2003-12-30 15:36:30 +00:00
}
}
if ($post['changegids']) $this->changegids=true;
else $this->changegids=false;
if ($this->attributes['gidNumber'][0]!=$post['gidNumber'] || ($this->triggered_messages['gidNumber'][0]='ERROR')) {
// Check if GID is valid. If none value was entered, the next useable value will be inserted
2005-09-26 11:57:17 +00:00
// load min and max GID number
$minID = intval($this->moduleSettings['posixGroup_minGID'][0]);
$maxID = intval($this->moduleSettings['posixGroup_maxGID'][0]);
2005-09-26 11:57:17 +00:00
$dn_gids = $_SESSION['cache']->get_cache('gidNumber', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(uidnumber1), dn2 => array(uidnumber2), ... )
if(is_array($dn_gids)) {
foreach ($dn_gids as $gid) $gids[] = $gid[0];
sort ($gids, SORT_NUMERIC);
}
$this->attributes['gidNumber'][0]=$post['gidNumber'];
if ($this->attributes['gidNumber'][0]=='') {
// No id-number given, find free GID
if ($this->orig['gidNumber'][0]=='') {
2005-03-25 12:54:04 +00:00
$newGID = $this->getNextGIDs(1, $triggered_messages);
if (is_array($newGID)) {
$this->attributes['gidNumber'][0] = $newGID[0];
}
else {
$triggered_messages['gidNumber'][] = $this->messages['gidNumber'][3];
}
}
else $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
// old account -> return id-number which has been used
}
else {
// Check manual ID
// id-number is out of valid range
if ( ($this->attributes['gidNumber'][0]!=$post['gidNumber']) && ($this->attributes['gidNumber'][0] < $minID || $this->attributes['gidNumber'][0] > $maxID)) $triggered_messages['gidNumber'][] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
// $uids is allways an array but not if no entries were found
if (is_array($gids)) {
// id-number is in use and account is a new account
if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]=='') $triggered_messages['gidNumber'][] = array('ERROR', _('ID-Number'), _('ID is already in use'));
// id-number is in use, account is existing account and id-number is not used by itself
if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]!='' && ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0]) ) {
$triggered_messages['gidNumber'][] = $this->messages['gidNumber'][4];
$this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
2003-12-30 15:36:30 +00:00
}
}
}
}
if ($this->attributes['cn'][0]!=$post['cn'] || ($this->triggered_messages['cn'][0]='ERROR')) {
$this->attributes['cn'][0] = $post['cn'];
if (($this->attributes['cn'][0] != $post['cn']) && ereg('[A-Z]$', $post['cn']))
$triggered_messages['cn'][] = $this->messages['cn'][0];
// Check if Groupname contains only valid characters
if ( !get_preg($this->attributes['cn'][0],'groupname'))
$triggered_messages['cn'][] = $this->messages['cn'][2];
// Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use
// Set username back to original name if new username is in use
2005-09-26 11:57:17 +00:00
if ($_SESSION['cache']->in_cache($this->attributes['cn'][0],'cn', 'group')!=false && ($this->orig['cn'][0]!='')) {
$this->attributes['cn'][0] = $this->orig['cn'][0];
}
// Change gid to a new gid until a free gid is found
2005-09-26 11:57:17 +00:00
else while ($_SESSION['cache']->in_cache($this->attributes['cn'][0], 'cn', 'group')) {
// get last character of username
$lastchar = substr($this->attributes['cn'][0], strlen($this->attributes['cn'][0])-1, 1);
// Last character is no number
if ( !ereg('^([0-9])+$', $lastchar))
/* Last character is no number. Therefore we only have to
* add "2" to it.
*/
$this->attributes['cn'][0] = $this->attributes['cn'][0] . '2';
else {
/* Last character is a number -> we have to increase the number until we've
* found a groupname with trailing number which is not in use.
*
* $i will show us were we have to split groupname so we get a part
* with the groupname and a part with the trailing number
*/
$i=strlen($this->attributes['cn'][0])-1;
$mark = false;
// Set $i to the last character which is a number in $account_new->general_username
while (!$mark) {
if (ereg('^([0-9])+$',substr($this->attributes['cn'][0], $i, strlen($this->attributes['cn'][0])-$i))) $i--;
else $mark=true;
}
// increase last number with one
$firstchars = substr($this->attributes['cn'][0], 0, $i+1);
$lastchars = substr($this->attributes['cn'][0], $i+1, strlen($this->attributes['cn'][0])-$i);
// Put username together
$this->attributes['cn'][0] = $firstchars . (intval($lastchars)+1);
2004-09-18 18:44:47 +00:00
}
}
// Show warning if lam has changed username
if ($this->attributes['cn'][0] != $post['cn']) {
$triggered_messages['cn'][] = $this->messages['cn'][0];
}
// show info when gidnumber has changed
if (($this->orig['gidNumber'][0]!=$this->attributes['gidNumber'][0]) && $this->orig['gidNumber'][0]!='' && $post['gidNumber']!=$this->attributes['gidNumber'][0])
$triggered_messages['gidNumber'][] = $this->messages['gidNumber'][0];
}
}
2003-12-30 15:36:30 +00:00
// Return error-messages
if (count($triggered_messages)!=0) {
$this->triggered_messages = $triggered_messages;
return $triggered_messages;
2004-09-19 09:50:31 +00:00
}
else $this->triggered_messages = array();
}
2003-12-30 15:36:30 +00:00
2005-04-22 13:33:34 +00:00
/**
* Processes user input of the user selection page.
* It checks if all input values are correct and updates the associated LDAP attributes.
2005-04-22 13:33:34 +00:00
*
* @param array $post HTTP-POST values
* @return array list of info/error messages
2003-12-30 15:36:30 +00:00
*/
2005-03-10 18:35:04 +00:00
function process_user(&$post) {
2005-04-22 13:33:34 +00:00
if (isset($post['addusers']) && isset($post['addusers_button'])) { // Add users to list
// Add new user
$this->attributes['memberUid'] = @array_merge($this->attributes['memberUid'], $post['addusers']);
// remove duplicates
$this->attributes['memberUid'] = @array_flip($this->attributes['memberUid']);
array_unique($this->attributes['memberUid']);
$this->attributes['memberUid'] = @array_flip($this->attributes['memberUid']);
// sort users
sort($this->attributes['memberUid']);
}
2005-04-22 13:33:34 +00:00
elseif (isset($post['removeusers']) && isset($post['removeusers_button'])) { // remove users from list
$this->attributes['memberUid'] = array_delete($post['removeusers'], $this->attributes['memberUid']);
}
}
/**
* Processes user input of the password page.
* It checks if all input values are correct and updates the associated LDAP attributes.
*
* @param array $post HTTP-POST values
* @return array list of info/error messages
*/
function process_password(&$post) {
if ($post['form_subpage_posixGroup_attributes_back']) return;
$messages = array();
if ($post['userPassword'] != $post['userPassword2']) {
$messages['userPassword'][] = $this->messages['userPassword'][0];
if (!get_preg($post['userPassword'], 'password'))
$messages['userPassword'][] = $this->messages['userPassword'][1];
}
else {
$this->attributes['userPassword'][0] = $post['userPassword'];
$this->userPassword_invalid = false;
$this->userPassword_lock = false;
$this->userPassword_nopassword = false;
}
if (sizeof($messages) > 0) return $messages;
}
/* This function returns an array with 3 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes() {
2005-08-26 08:53:16 +00:00
// skip saving if account is based on another structural object class
if (!$_SESSION[$this->base]->isNewAccount && !in_array('posixGroup', $_SESSION[$this->base]->attributes_orig['objectClass'])) {
return array();
}
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// unset password when needed
if (isset($return[$_SESSION[$this->base]->dn]['add']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['add']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
if (isset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['notchanged']['userPassword']);
// Set unix password
if (isset($this->orig['userPassword'][0])) {
// use no password, do nothing
if ($this->userPassword_nopassword) {}
// invalid, use '*' as password
elseif ($this->userPassword_invalid)
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = '*';
// password changed
elseif (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) && $this->attributes['userPassword'][0] != '')
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]);
// lock account if required
elseif ($this->userPassword_lock && (pwd_disable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0]))
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_disable($this->orig['userPassword'][0]);
// unlock password if required
elseif (!$this->userPassword_lock && (pwd_enable($this->orig['userPassword'][0]) != $this->orig['userPassword'][0]))
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_enable($this->orig['userPassword'][0]);
// password has not changed
else
$return[$_SESSION[$this->base]->dn]['notchanged']['userPassword'][0] = $this->orig['userPassword'][0];
}
else {
// New user or no old password set
if ($this->userPassword_nopassword) // use no password
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash('', !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]);
else if ($this->userPassword_invalid) // use '*' as password
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = '*';
else if ($this->attributes['userPassword'][0] != '') // set password if set
$return[$_SESSION[$this->base]->dn]['add']['userPassword'][0] = pwd_hash($this->attributes['userPassword'][0], !$this->userPassword_lock, $this->moduleSettings['posixGroup_pwdHash'][0]);
}
2003-12-30 15:36:30 +00:00
// Remove primary group from users from memberUid
$users_dn = $_SESSION['cache']->get_cache('gidNumber', 'posixAccount', 'user');
if (is_array($users_dn)) {
$DNs = array_keys($users_dn);
for ($i=0; $i<count($DNs); $i++) {
if ($users_dn[$DNs[$i]][0]==$this->attributes['gidNumber'][0]) {
$thisuser = substr($DNs[$i], 4, strpos($DNs[$i], ",")-4);
if (@in_array($thisuser, $this->attribtues['memberUid'])) {
$this->attribtues['memberUid'] = @array_flip($this->attribtues['memberUid']);
unset($this->attribtues['memberUid'][$thisuser]);
$this->attribtues['memberUid'] = @array_flip($this->attribtues['memberUid']);
}
}
}
}
2004-03-14 17:33:05 +00:00
// Change gids of users and hosts?
if ($this->changegids) {
// get gidNumber
$line=-1;
for ($i=0; $i<count($_SESSION['ldap']->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION['ldap']->objectClasses[$i], "NAME 'posixAccount'")) $line = $i;
2004-09-19 08:33:37 +00:00
}
if ($line!=-1) {
$result = $_SESSION['cache']->get_cache('gidNumber', 'posixAccount', array('user', 'host'));
if (is_array($result)) {
$DNs = array_keys($result);
for ($i=0; $i<count($DNs); $i++)
if ($result[$DNs[$i]][0] == $this->orig['gidNumber'][0]) $return[$DNs[$i]]['modify']['gidNumber'][0] = $this->attributes['gidNumber'][0];
}
2004-09-19 08:33:37 +00:00
}
// change primaryGroupID
$line=-1;
for ($i=0; $i<count($_SESSION['ldap']->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION['ldap']->objectClasses[$i], "NAME 'sambaAccount'")) $line = $i;
2004-09-19 08:33:37 +00:00
}
if ($line!=-1) {
$result = $_SESSION['cache']->get_cache('primaryGroupID', 'sambaAccount', array('user', 'host'));
if (is_array($result)) {
$DNs = array_keys($result);
for ($i=0; $i<count($DNs); $i++) {
if ($result[$DNs[$i]][0] == $this->orig['gidNumber'][0]*2+1001 ) $return[$DNs[$i]]['modify']['PrimaryGroupID'][0] = $this->attributes['gidNumber'][0]*2+1001;
}
2004-09-19 08:33:37 +00:00
}
}
// change sambaPrimaryGroupSID
$line=-1;
for ($i=0; $i<count($_SESSION['ldap']->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION['ldap']->objectClasses[$i], "NAME 'sambaSamAccount'")) $line = $i;
}
if ($line!=-1) {
$result = $_SESSION['cache']->get_cache('sambaPrimaryGroupSID', 'sambaSamAccount', array('user', 'host'));
if (is_array($result)) {
$DNs = array_keys($result);
for ($i=0; $i<count($DNs); $i++) {
// Get Domain SID from name
$sambaDomains = search_domains($_SESSION['config']->get_Suffix('domain'));
// Get Domain-SID from group SID
$domainSID = substr($result[$DNs[$i]], 0, strrpos($result[$DNs[$i]], "-"));
for ($i=0; $i<count($sambaDomains); $i++ )
if ($domainSID==$sambaDomains[$i]->SID)
$RIDbase = $sambaDomains[$i]->RIDbase;
if ($result[$DNs[$i]][0] == $SID . "-" . $this->orig['gidNumber'][0]*2+1+$RIDbase ) $return[$DNs[$i]]['modify']['sambaPrimaryGroupSID'][0] = $SID . "-" . $this->attributes['gidNumber'][0]*2+1+$RIDbase;
}
2004-09-19 08:33:37 +00:00
}
}
}
return $return;
2004-09-19 08:33:37 +00:00
}
/**
* Returns one or more free GID numbers.
*
* @param integer $count Number of needed free GIDs.
2005-03-25 12:54:04 +00:00
* @param array $triggered_messages list of error messages where errors can be added
* @return mixed Null if no GIDs are free else an array of free GIDs.
*/
2005-03-25 12:54:04 +00:00
function getNextGIDs($count, &$triggered_messages) {
$ret = array();
$minID = intval($this->moduleSettings['posixGroup_minGID'][0]);
$maxID = intval($this->moduleSettings['posixGroup_maxGID'][0]);
$dn_gids = $_SESSION['cache']->get_cache('gidNumber', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(gidnumber1), dn2 => array(gidnumber2), ... )
$gids = array();
if(is_array($dn_gids)) {
foreach ($dn_gids as $gid) {
2005-09-27 12:34:04 +00:00
if (($gid[0] <= $maxID) && ($gid[0] >= $minID)) $gids[] = $gid[0]; // ignore GIDs > maxID and GIDs < minID
}
sort ($gids, SORT_NUMERIC);
}
for ($i = 0; $i < $count; $i++) {
if (count($gids) != 0) {
// there already are some GIDs
// store highest id-number
$id = $gids[count($gids)-1];
// Return minimum allowed id-number if all found id-numbers are too low
if ($id < $minID) {
$ret[] = $minID;
$gids[] = $minID;
}
// return highest used id-number + 1 if it's still in valid range
elseif ($id < $maxID) {
$ret[] = $id + 1;
$gids[] = $id + 1;
}
// find free numbers between existing ones
else {
$k = intval($minID);
while (in_array($k, $gids)) $k++;
if ($k > $maxID) return null;
else {
$ret[] = $k;
$gids[] = $k;
sort ($gids, SORT_NUMERIC);
}
// show warning message
$triggered_messages['gidNumber'][] = $this->messages['gidNumber'][2];
}
}
else {
// return minimum allowed id-number if no id-numbers are found
$ret[] = $minID;
$gids[] = $minID;
}
}
return $ret;
}
}
?>