2003-12-27 11:21:00 +00:00
< ? php
/*
$Id $
This code is part of LDAP Account Manager ( http :// www . sourceforge . net / projects / lam )
Copyright ( C ) 2003 Tilo Lutz
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*/
/* Session variables which are used :
* $_SESSION [ 'cacheAttributes' ] : This variable contains a list of attributes and their scope which should be cached
*
* Coockie variables which are used :
* $_COOKIE [ " IV " ], $_COOKIE [ " Key " ] : Needed to en / decrypt passwords .
*
* Variables in basearray which are no objects :
* type : Type of account . Can be user , group , host
* attributes : List of all attributes , how to get them and are theiy required or optional
* dn : current DN without uid = or cn =
* dn_orig : old DN if account was loaded with uid = or cn =
* External functions which are used
* account . inc : findgroups , incache , get_cache , array_delete , getshells
* ldap . inc : pwd_is_enabled , pwd_hash
*/
/* This class contains all sambaGroupMapping LDAP attributes
* and funtioncs required to deal with sambaGroupMapping
* sambaGroupMapping can only be created when it should be added
* to an array .
* basearray is the same array sambaGroupMapping should be added
* to . If basearray is not given the constructor tries to
* create an array with sambaGroupMapping and all other required
* objects .
* Example : $user [] = new sambaGroupMapping ( $user );
*
* In container array the following things have to exist :
* account or inetOrgPerson object
* type : 'user' or 'host'
* 'attributes' : this is a list of arrays with all ldap attributes wich are allowed for this account
*/
2004-06-08 18:54:37 +00:00
class sambaGroupMapping extends baseModule {
2003-12-27 11:21:00 +00:00
// Constructor
2004-06-08 18:54:37 +00:00
function init ( $base ) {
2003-12-27 11:21:00 +00:00
/* Return an error if sambaGroupMapping should be created without
* base container
*/
if ( ! $base ) trigger_error ( _ ( 'Please create a base object with $var = new accountContainer();' ), E_USER_ERROR );
2004-02-12 12:09:41 +00:00
if ( ! is_string ( $base )) trigger_error ( _ ( 'Please create a new module object in an accountContainer object first.' ), E_USER_ERROR );
2003-12-27 11:21:00 +00:00
$this -> base = $base ;
// sambaGroupMapping is only a valid objectClass for user and host
if ( $_SESSION [ $this -> base ] -> get_type () != 'group' ) trigger_error ( _ ( 'sambaGroupMapping can only be used for groups.' ), E_USER_WARNING );
// Add Array with all attributes and type
$this -> attributes = $_SESSION [ $this -> base ] -> get_module_attributes ( 'sambaGroupMapping' );
$_SESSION [ $this -> base ] -> add_attributes ( 'sambaGroupMapping' );
$this -> alias = _ ( 'sambaGroupMapping' );
// Make references to attributes which already esists in ldap
$newattributes = array_keys ( $this -> attributes );
$module = array_keys ( $_SESSION [ $this -> base ] -> module );
// fixme *** do we have to unset module posixAccuont itself
for ( $i = 0 ; $i < count ( $module ); $i ++ ) {
foreach ( $newattributes as $attribute )
if ( isset ( $_SESSION [ $this -> base ] -> module [ $module [ $i ]] -> attributes [ $attribute ])) $this -> attributes [ $attribute ] =& $_SESSION [ $this -> base ] -> module [ $module [ $i ]] -> attributes [ $attribute ];
}
$this -> orig = $this -> attributes ;
$this -> rids = array ( _ ( 'Domain Admins' ) => 512 , _ ( 'Domain Users' ) => 513 , _ ( 'Domain Guests' ) => 514 , _ ( 'Domain Computers' ) => 515 , _ ( 'Domain Controllers' ) => 516 ,
_ ( 'Domain Certificate Admins' ) => 517 , _ ( 'Domain Schema Admins' ) => 518 , _ ( 'Domain Enterprise Admins' ) => 519 , _ ( 'Domain Policy Admins' ) => 520 );
}
// Variables
// name of accountContainer so we can read other classes in accuontArray
var $base ;
// This variable contains all inetOrgPerson attributes
var $attributes ;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig ;
// Array of well known rids
var $rids ;
2004-02-23 15:59:56 +00:00
function get_alias ( $scope ) {
2003-12-30 15:36:30 +00:00
return _ ( 'sambaGroupMapping' );
}
2004-03-02 19:54:31 +00:00
function can_manage ( $scope ) {
if ( $scope == " group " ) return true ;
else return false ;
}
2003-12-27 11:21:00 +00:00
/* This function returns a list with all required modules
*/
2003-12-30 15:36:30 +00:00
function get_dependencies ( $scope ) {
2004-06-04 11:28:22 +00:00
if ( $scope == 'group' ) return array ( 'depends' => array ( 'posixGroup' ), 'conflicts' => array () );
2003-12-30 15:36:30 +00:00
return - 1 ;
2003-12-27 11:21:00 +00:00
}
function module_ready () {
if ( $_SESSION [ $this -> base ] -> module [ 'posixGroup' ] -> attributes [ 'gidNumber' ][ 0 ] == '' ) return false ;
return true ;
}
2004-02-09 18:11:01 +00:00
/* This functions return true
* if all needed settings are done
*/
function module_complete () {
if ( ! $this -> module_ready ()) return false ;
if ( $this -> attributes [ 'sambaSID' ][ 0 ] == '' ) return false ;
if ( $this -> attributes [ 'sambaGroupType' ][ 0 ] == '' ) return false ;
return true ;
}
2003-12-30 15:36:30 +00:00
/* This function returns a list of all html - pages in module
* This is usefull for mass upload and pdf - files
* because lam can walk trough all pages itself and do some
* error checkings
2003-12-27 11:21:00 +00:00
*/
2003-12-30 15:36:30 +00:00
function pages () {
return array ( 'attributes' );
2003-12-27 11:21:00 +00:00
}
2004-01-27 19:07:31 +00:00
/*
*/
function get_help ( $id ) {
switch ( $id ) {
case " description " :
return array ( " ext " => " FALSE " , " Headline " => _ ( " Description " ),
" Text " => _ ( " Host Description. " ));
break ;
}
return false ;
}
2003-12-30 15:36:30 +00:00
/* This function returns all ldap attributes
* which are part of sambaGroupMapping and returns
* also their values .
*/
function get_attributes () {
return $this -> attributes ;
}
2003-12-27 11:21:00 +00:00
/* This function loads all attributes into the object
* $attr is an array as it ' s retured from ldap_get_attributes
*/
function load_attributes ( $attr ) {
// Load attributes which are displayed
// unset count entries
unset ( $attr [ 'count' ]);
$attributes = array_keys ( $attr );
foreach ( $attributes as $attribute ) unset ( $attr [ $attribute ][ 'count' ]);
// unset double entries
for ( $i = 0 ; $i < count ( $attr ); $i ++ )
if ( isset ( $attr [ $i ])) unset ( $attr [ $i ]);
foreach ( $attributes as $attribute ) {
if ( isset ( $this -> attributes [ $attribute ])) {
// decode as unicode
$this -> attributes [ $attribute ] = $attr [ $attribute ];
2003-12-30 17:09:15 +00:00
for ( $i = 0 ; $i < count ( $this -> attributes [ $attribute ]); $i ++ ) {
$this -> attributes [ $attribute ][ $i ] = utf8_decode ( $this -> attributes [ $attribute ][ $i ]);
$this -> orig [ $attribute ][ $i ] = utf8_decode ( $this -> attributes [ $attribute ][ $i ]);
}
2003-12-27 11:21:00 +00:00
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this -> attributes [ 'objectClass' ][ 0 ] = 'sambaGroupMapping' ;
return 0 ;
}
/* This function returns an array with 3 entries :
* array ( DN1 ( 'add' => array ( $attr ), 'remove' => array ( $attr ), 'modify' => array ( $attr )), DN2 .... )
* DN is the DN to change . It may be possible to change several DNs ,
* e . g . create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes () {
// Get Domain SID from name
$sambaDomains = $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> search_domains ( $_SESSION [ $_SESSION [ $this -> base ] -> config ] -> get_domainSuffix ());
// Get Domain-SID from group SID
$domainSID = substr ( $this -> attributes [ 'sambaSID' ][ 0 ], 0 , strrpos ( $this -> attributes [ 'sambaSID' ][ 0 ], " - " ));
for ( $i = 0 ; $i < count ( $sambaDomains ); $i ++ )
if ( $domainSID == $sambaDomains [ $i ] -> SID )
$SID = $sambaDomains [ $i ] -> SID ;
$names = array_keys ( $this -> rids );
$wrid = false ;
for ( $i = 0 ; $i < count ( $names ); $i ++ )
if ( $this -> attributes [ 'sambaSID' ][ 0 ] == $SID . " - " . $this -> rids [ $names [ $i ]]) {
$wrid = true ;
}
if ( ! $wrid ) $this -> attributes [ 'sambaSID' ][ 0 ] == $SID . " - " . ( $_SESSION [ $this -> base ] -> module [ 'posixGroup' ] -> attributes [ 'gidNumber' ][ 0 ] * 2 + 1 + $RIDbase );
$return = $_SESSION [ $this -> base ] -> save_module_attributes ( $this -> attributes , $this -> orig );
return $return ;
}
2003-12-30 15:36:30 +00:00
function delete_attributes ( $post ) {
2004-01-10 11:47:48 +00:00
return 0 ;
2003-12-30 15:36:30 +00:00
}
2003-12-27 11:21:00 +00:00
2003-12-30 15:36:30 +00:00
/* Write variables into object and do some regexp checks
2003-12-27 11:21:00 +00:00
*/
2004-01-27 19:07:31 +00:00
function proccess_attributes ( $post , $profile = false ) {
2003-12-30 15:36:30 +00:00
// Load attributes
$this -> attributes [ 'displayName' ][ 0 ] = $post [ 'displayName' ];
$this -> attributes [ 'sambaGroupType' ][ 0 ] = 2 ;
2004-01-27 19:07:31 +00:00
if ( ! $profile ) {
// Get Domain SID from name
$sambaDomains = $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> search_domains ( $_SESSION [ $_SESSION [ $this -> base ] -> config ] -> get_domainSuffix ());
for ( $i = 0 ; $i < count ( $sambaDomains ); $i ++ )
if ( $post [ 'sambaDomainName' ] == $sambaDomains [ $i ] -> name ) {
$SID = $sambaDomains [ $i ] -> SID ;
$RIDbase = $sambaDomain [ $i ] -> RIDbase ;
}
// Load attributes
$this -> attributes [ 'displayName' ][ 0 ] = $post [ 'displayName' ];
$this -> attributes [ 'sambaGroupType' ][ 0 ] = 2 ;
$rids = array_keys ( $this -> rids );
$wrid = false ;
for ( $i = 0 ; $i < count ( $rids ); $i ++ ) {
if ( $post [ 'sambaSID' ] == $rids [ $i ]) {
$wrid = true ;
// Get Domain SID
$this -> attributes [ 'sambaSID' ][ 0 ] = $SID . " - " . $this -> rids [ $rids [ $i ]];
// Do a check if special grou pis unique
if ( $_SESSION [ $_SESSION [ $this -> base ] -> cache ] -> in_cache ( $SID . " - " . $this -> rids [ $rids [ $i ]], 'sambaSID' , 'group' ))
$errors [] = array ( 'ERROR' , _ ( 'Special Group' ), sprintf ( _ ( 'There can be only one group %s.' ), $rids [ $i ]), 'sambaSID' );
}
2003-12-30 15:36:30 +00:00
}
2004-01-27 19:07:31 +00:00
if ( ! $wrid ) $this -> attributes [ 'sambaSID' ][ 0 ] = $SID . " - " . ( $_SESSION [ $this -> base ] -> module [ 'posixGroup' ] -> attributes [ 'gidNumber' ][ 0 ] * 2 ) + $RIDbase + 1 ;
2003-12-30 15:36:30 +00:00
}
2004-01-27 19:07:31 +00:00
2003-12-30 15:36:30 +00:00
// Return error-messages
if ( is_array ( $errors )) return $errors ;
return 0 ;
2003-12-27 11:21:00 +00:00
}
/* This function will create the html - page
* to show a page with all attributes .
* It will output a complete html - table
*/
2004-01-27 19:07:31 +00:00
function display_html_attributes ( $post , $profile = false ) {
2003-12-27 11:21:00 +00:00
// Get Domain SID from name
$sambaDomains = $_SESSION [ $_SESSION [ $this -> base ] -> ldap ] -> search_domains ( $_SESSION [ $_SESSION [ $this -> base ] -> config ] -> get_domainSuffix ());
// Get Domain-SID from group SID
$domainSID = substr ( $this -> attributes [ 'sambaSID' ][ 0 ], 0 , strrpos ( $this -> attributes [ 'sambaSID' ][ 0 ], " - " ));
for ( $i = 0 ; $i < count ( $sambaDomains ); $i ++ ) {
// List with all valid domains
$sambaDomainNames [] = $sambaDomains [ $i ] -> name ;
if ( $domainSID == $sambaDomains [ $i ] -> SID ) {
$SID = $sambaDomains [ $i ] -> SID ;
$sel_domain = $sambaDomains [ $i ] -> name ;
}
}
2004-01-27 19:07:31 +00:00
$return [] = array ( 0 => array ( 'kind' => 'text' , 'text' => _ ( 'Display name' ) ),
1 => array ( 'kind' => 'input' , 'name' => 'displayName' , 'type' => 'text' , 'size' => '30' , 'maxlength' => '50' , 'value' => $this -> attributes [ 'displayName' ][ 0 ]),
2 => array ( 'kind' => 'help' , 'value' => 'displayName' ));
if ( ! $profile ) {
$names = array_keys ( $this -> rids );
$wrid = false ;
for ( $i = 0 ; $i < count ( $names ); $i ++ ) {
if ( $this -> attributes [ 'sambaSID' ][ 0 ] == $SID . " - " . $this -> rids [ $names [ $i ]]) {
$selected [] = $names [ $i ];
$wrid = true ;
}
else $options [] = $names [ $i ];
2003-12-27 11:21:00 +00:00
}
2004-01-27 19:07:31 +00:00
if ( $wrid ) $options [] = $_SESSION [ $this -> base ] -> module [ 'posixGroup' ] -> attributes [ 'cn' ][ 0 ];
else $selected [] = $_SESSION [ $this -> base ] -> module [ 'posixGroup' ] -> attributes [ 'cn' ][ 0 ];
$return [] = array ( 0 => array ( 'kind' => 'text' , 'text' => _ ( 'Windows group' ) ),
1 => array ( 'kind' => 'select' , 'name' => 'sambaSID' , 'options' => $options , 'options_selected' => $selected ),
2 => array ( 'kind' => 'help' , 'value' => 'sambaSID' ));
}
$return [] = array ( 0 => array ( 'kind' => 'text' , 'text' => _ ( 'Domain' ) ),
1 => array ( 'kind' => 'select' , 'name' => 'sambaDomainName' , 'options' => $sambaDomainNames , 'options_selected' => array ( $sel_domain ) ),
2 => array ( 'kind' => 'help' , 'value' => 'sambaDomainName' ));
return $return ;
2003-12-27 11:21:00 +00:00
}
2003-12-30 15:36:30 +00:00
function display_html_delete ( $post ) {
return 0 ;
}
2003-12-27 11:21:00 +00:00
2004-04-03 14:47:33 +00:00
function get_profileOptions () {
2004-03-09 12:03:39 +00:00
$return = array ();
2004-04-11 13:07:24 +00:00
// get list of domains
$sambaDomains = $_SESSION [ 'ldap' ] -> search_domains ( $_SESSION [ 'config' ] -> get_domainSuffix ());
$sambaDomainNames = array ();
for ( $i = 0 ; $i < count ( $sambaDomains ); $i ++ ) {
// extract names
$sambaDomainNames [] = $sambaDomains [ $i ] -> name ;
}
// domain
$return [] = array (
0 => array ( 'kind' => 'text' , 'text' => _ ( 'Domain' )),
1 => array ( 'kind' => 'select' , 'name' => 'sambaDomainName' , 'options' => $sambaDomainNames , 'options_selected' => array ()),
2 => array ( 'kind' => 'help' , 'value' => 'sambaDomainName' ));
2004-03-09 12:03:39 +00:00
return $return ;
2003-12-27 11:21:00 +00:00
}
2004-03-14 17:33:05 +00:00
// checks if the values of a new or modified profile are valid
// $scope: the account type (user, group, host, ...)
// $options: a hash array (name => value) containing the options
function check_profileOptions ( $scope , $options ) {
return array ();
}
2004-05-24 21:39:57 +00:00
2004-06-03 14:26:48 +00:00
function get_pdfFields ( $account_type = " user " ) {
return array ( 'gidNumber' ,
'sambaSID' ,
'displayName' ,
'sambaGroupType' ,
'description' );
}
2004-05-24 21:39:57 +00:00
function get_pdfEntries ( $account_type = " User " ) {
2004-05-29 19:20:28 +00:00
return array ( 'sambaGroupMapping_gidNumber' => array ( '<block><key>' . _ ( 'GID number' ) . '</key><value>' . $this -> attributes [ 'gidNumber' ][ 0 ] . '</value></block>' ),
'sambaGroupMapping_sambaSID' => array ( '<block><key>' . _ ( 'Windows group' ) . '</key><value>' . $this -> attributes [ 'sambaSID' ][ 0 ] . '</value></block>' ),
'sambaGroupMapping_displayName' => array ( '<block><key>' . _ ( 'Display name' ) . '</key><value>' . $this -> attributes [ 'displayName' ][ 0 ] . '</value></block>' ),
'sambaGroupMapping_sambaGroupType' => array ( '<block><key>' . _ ( 'Samba group type' ) . '</key><value>' . $this -> attributes [ 'sambaGroupType' ][ 0 ] . '</value></block>' ),
'sambaGroupMapping_description' => array ( '<block><key>' . _ ( 'Description' ) . '</key><value>' . $this -> attributes [ 'description' ][ 0 ] . '</value></block>' ));
2004-05-24 21:39:57 +00:00
}
2004-03-14 17:33:05 +00:00
2004-03-09 12:03:39 +00:00
}
2003-12-27 11:21:00 +00:00
?>