From 2162935f53bdb03f63886c996a4e4b74e90b745b Mon Sep 17 00:00:00 2001 From: katagia Date: Sat, 20 Dec 2003 19:24:01 +0000 Subject: [PATCH] improved modules. It's nearly possible to create and modify users --- lam/lib/account.inc | 156 ++++++++++++++++++++++++--- lam/lib/modules/inetOrgPerson.inc | 168 ++++++++---------------------- lam/lib/modules/posixAccount.inc | 139 +++--------------------- lam/lib/modules/shadowAccount.inc | 130 ++--------------------- 4 files changed, 209 insertions(+), 384 deletions(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index a6af1688..e7306574 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -242,6 +242,10 @@ class main { return array(); } + function module_ready() { + return true; + } + function display_html_attributes($post) { $function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();'; eval($function); @@ -476,12 +480,12 @@ class accountContainer { $function = '$result = $this->module[$this->order[$this->module[\'main\']->current_page]]->proccess_'.$this->module['main']->subpage.'($post);'; eval ($function); if (is_string($result)) $this->module['main']->subpage = $result; - if (is_int($result)) { - for ($i=0; $iorder); $i++ ) { - if ($post['form_main_'.$this->order[$i]]) $this->module['main']->current_page = $i; - } - $this->module['main']->subpage='attributes'; - } + if (is_int($result)) + for ($i=0; $iorder); $i++ ) + if ($post['form_main_'.$this->order[$i]]) { + $this->module['main']->current_page = $i; + $this->module['main']->subpage='attributes'; + } // Write HTML-Code echo $_SESSION[$this->header2]; @@ -490,7 +494,7 @@ class accountContainer { echo "\n"; echo "\n"; echo "\n"; - echo "
\n"; + echo "type."edit.php\" method=\"post\">\n"; // Display errir-messages if (is_array($result)) for ($i=0; $i\n"; echo ""; - echo "\n"; echo "\n"; echo "\n"; + if (isset($this->attributes['host'])) { + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + } echo "\n"; echo "\n"; echo "\n"; diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc index ca251d07..54e40f83 100644 --- a/lam/lib/modules/posixAccount.inc +++ b/lam/lib/modules/posixAccount.inc @@ -62,82 +62,16 @@ class posixAccount { if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'posixAccount\');'), E_USER_ERROR); $this->base = $base; // posixAccount is only a valid objectClass for user and host - if (!($_SESSION[$this->base]->get_type() == 'user' || $_SESSION[$this->base]->get_type() != 'host')) trigger_error(_('posixAccount can only be used for users or hosts.'), E_USER_WARNING); + if (!($_SESSION[$this->base]->get_type() == 'user') && !($_SESSION[$this->base]->get_type() != 'host')) trigger_error(_('posixAccount can only be used for users or hosts.'), E_USER_WARNING); /* Check if ldap conatiner is in array and set type * users are using inetOrgPerson-, hosts account-container */ if (!isset($_SESSION[$this->base]->module['inetOrgPerson']) && $_SESSION[$this->base]->type=='user') $_SESSION[$this->base]->add_objectClass('inetOrgPerson'); if (!isset($_SESSION[$this->base]->module['account']) && $_SESSION[$this->base]->type=='host') $_SESSION[$this->base]->add_objectClass('account'); - // Add account type to object - $line=-1; - for ($i=0; $ibase]->ldap]->objectClasses) || $i==-1; $i++) { - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'posixAccount'")) $line = $i; - } - // Return error if objectClass isn't found - if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'posixAccount'), E_USER_WARNING); // Add Array with all attributes and type + $this->attributes = $_SESSION[$this->base]->get_module_attributes('posixAccount'); $_SESSION[$this->base]->add_attributes ('posixAccount'); - // create array with must-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad must - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - // create array with may-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad may - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - // Get attributes of subclasses - while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4); - $subclass = substr($string_withtail, 0, strpos($string_withtail, ' ')); - // Add account type to object - for ($i=0; $ibase]->ldap]->objectClasses) || $i==-1; $i++) { - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i; - } - // Return error if objectClass isn't found - // *** fixme, fix error message - if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING); - // create array with must-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad must - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - // create array with may-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad may - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - } $this->alias = _('posixAccount'); // Add attributes which should be cached $_SESSION[$_SESSION[$this->base]->cache]->add_cache(array ('user' => array('cn', 'uid', 'uidNumber'), 'host' => array('cn', 'uid', 'uidNumber'), 'group' => array('cn', 'memberUid'))); @@ -185,6 +119,10 @@ class posixAccount { return -1; } + function module_ready() { + return true; + } + /* Write variables into object and do some regexp checks */ function proccess_attributes($post) { @@ -315,8 +253,8 @@ class posixAccount { } } // Values are kept as copy so we can compare old attributes with new attributes - $this->orig = $this->attributes; $this->attributes['objectClass'][0] = 'posixAccount'; + $this->orig = $this->attributes; // get all additional groupmemberships $dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group'); $DNs = array_keys($dn_groups); @@ -339,52 +277,7 @@ class posixAccount { * modify are attributes which have to been modified in ldap entry */ function save_attributes() { - // Get list of all "easy" attributes - $attr_names = array_keys($this->attributes); - // Get attributes which should be added - for ($i=0; $iorig[$attr_names[$i]]); $j++) { - if (is_array($this->attributes[$attr_names[$i]])) { - if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]])) - if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]); - } - else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]); - } - for ($j=0; $jattributes[$attr_names[$i]]); $j++) { - if (is_array($this->orig[$attr_names[$i]])) { - if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]])) - if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]); - } - else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]); - } - for ($j=0; $jattributes[$attr_names[$i]]); $j++) { - if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) { - if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='') - $notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]); - } - } - } - // create modify wuth add and remove - if (is_array($toadd)) { - $attributes = array_keys($toadd); - for ($i=0; $ibase]->dn]['add'] = $toadd; - if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem; - if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify; - if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged; + $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); // Remove primary group from additional groups for ($i=0; $igroups); $i++) { @@ -512,15 +405,15 @@ class posixAccount { $groups = array_flip($groups); echo "
"; + echo "
type."edit-dark\">type."edit-bright\">"; echo _('Please select page:'); echo "\n"; // Loop for module for ($i=0; $iorder); $i++ ) { - if ($this->order[$i]==$this->order[$this->module['main']->current_page]) { + if ($this->order[$i]==$this->order[$this->module['main']->current_page] || !$this->module[$this->order[$i]]->module_ready() ) { // print disabled button echo "order[$i]."\" type=\"submit\" value=\""; echo $this->module[$this->order[$i]]->alias; @@ -568,7 +572,6 @@ class accountContainer { else $this->attributes[$attribute][$objectClass] = 'MAY'; } } - // Get attributes of subclasses while (strpos($_SESSION[$this->ldap]->objectClasses[$line], "SUP ")) { $string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'SUP ')+4); @@ -579,8 +582,6 @@ class accountContainer { } // Return error if objectClass isn't found if ($line==-1) trigger_error (sprintf(_("objectClass %s required but not defined in ldap."), $objectClass), E_USER_WARNING); - - // create array with must-attributes // Get startposition in string if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) { @@ -631,6 +632,132 @@ class accountContainer { return 0; } + /* This function return ldap attributes which are uses by $objectClass + * Syntax is get_attributes($objectClass) + * Return is an array with all allowed attributes + */ + function get_module_attributes($objectClass) { + // Add account type to object + $line=-1; + for ($i=0; $ildap]->objectClasses) || $i==-1; $i++) { + if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME '$objectClass'")) $line = $i; + } + // Return error if objectClass isn't found + if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), $objectClass), E_USER_WARNING); + if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) { + $string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')+6); + // Now we have a string with all must-attributes + $string = substr($string_withtail, 0, strpos($string_withtail, ')')); + $string = trim($string); + // Ad must + foreach (explode(" $ ", $string) as $attribute) { + $return[$attribute] = ''; + } + } + // create array with may-attributes + // Get startposition in string + if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')) { + $string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')+5); + // Now we have a string with all must-attributes + $string = substr($string_withtail, 0, strpos($string_withtail, ')')); + $string = trim($string); + // Ad may + foreach (explode(" $ ", $string) as $attribute) { + $return[$attribute] = ''; + } + } + // Get attributes of subclasses + while (strpos($_SESSION[$this->ldap]->objectClasses[$line], "SUP ")) { + $string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'SUP ')+4); + $subclass = substr($string_withtail, 0, strpos($string_withtail, ' ')); + // Add account type to object + for ($i=0; $ildap]->objectClasses) || $i==-1; $i++) { + if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i; + } + // Return error if objectClass isn't found + if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), $subclass), E_USER_WARNING); + // create array with must-attributes + // Get startposition in string + if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) { + $string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')+6); + // Now we have a string with all must-attributes + $string = substr($string_withtail, 0, strpos($string_withtail, ')')); + $string = trim($string); + // Ad must + foreach (explode(" $ ", $string) as $attribute) { + $return[$attribute] = ''; + } + } + // create array with may-attributes + // Get startposition in string + if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')) { + $string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')+5); + // Now we have a string with all must-attributes + $string = substr($string_withtail, 0, strpos($string_withtail, ')')); + $string = trim($string); + // Ad may + foreach (explode(" $ ", $string) as $attribute) { + $return[$attribute] = ''; + } + } + } + return $return; + } + + /* This function return ldap attributes which are uses by $objectClass + * Syntax is get_attributes($attributes, $orig) + * Return is an array as needed for $this->saveAccount() + */ + function save_module_attributes($attributes, $orig) { + // Get list of all "easy" attributes + $attr_names = array_keys($attributes); + // Get attributes which should be added + for ($i=0; $idn]['add'] = $toadd; + if (count($torem)!=0) $return[$this->dn]['remove'] = $torem; + if (count($tomodify)!=0) $return[$this->dn]['modify'] = $tomodify; + if (count($notchanged)!=0) $return[$this->dn]['notchanged'] = $notchanged; + return $return; + } + + /* This function checks if all MUST-attribtues are set. * If not it will return an array with all modules * which have to be set first @@ -717,7 +844,7 @@ class accountContainer { * for a new account */ function new_account() { - $modulelist = array('posixAccount', 'shadowAccount'); + $modulelist = array('posixAccount', 'shadowAccount', 'sambaAccount'); // *** fixme add modules from config which should be used but not yet in loaded account foreach ($modulelist as $objectClass) $this->add_objectClass($objectClass); @@ -760,6 +887,7 @@ class accountContainer { $temp = $this->module[$singlemodule]->save_attributes(); // merge changes $DNs = array_keys($temp); + // *** fixme don't include references $attributes = array_merge_recursive($temp, $attributes); for ($i=0; $itype=='group') $search = 'cn'; else $search = 'uid'; diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc index 54832ad3..20d2adaa 100644 --- a/lam/lib/modules/inetOrgPerson.inc +++ b/lam/lib/modules/inetOrgPerson.inc @@ -53,81 +53,14 @@ class inetOrgPerson { if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR); if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR); $this->base = $base; - // posixAccount is only a valid objectClass for user and host + // inetOrgPerson is only a valid objectClass for users if ($_SESSION[$this->base]->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING); - - // Add account type to object - $line=-1; - for ($i=0; $ibase]->ldap]->objectClasses) || $i==-1; $i++) { - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'inetOrgPerson'")) $line = $i; - } - // Return error if objectClass isn't found - if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'inetOrgPerson'), E_USER_WARNING); // Add Array with all attributes and type + $this->attributes = $_SESSION[$this->base]->get_module_attributes('inetOrgPerson'); $_SESSION[$this->base]->add_attributes ('inetOrgPerson'); - // create array with must-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad must - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - // create array with may-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad may - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - // Get attributes of subclasses - while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4); - $subclass = substr($string_withtail, 0, strpos($string_withtail, ' ')); - // Add account type to object - for ($i=0; $ibase]->ldap]->objectClasses) || $i==-1; $i++) { - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i; - } - // Return error if objectClass isn't found - // *** fixme, fix error message - if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING); - - // create array with must-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad must - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - // create array with may-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad may - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - } $this->orig = $this->attributes ; $this->attributes['objectClass'][0] = 'inetOrgPerson'; + // unset userPassword because we handle it separat. if (isset($this->attributes['userPassword'])) unset($this->attributes['userPassword']); $this->alias = _('inetOrgPerson'); // Add attributes which should be cached @@ -150,10 +83,10 @@ class inetOrgPerson { * to compare it with new changed attributes */ var $orig; - /* $attribute['password'] can't accessed directly because it's enrcypted + + /* $attribute['userPassword'] can't accessed directly because it's enrcypted * To read / write password function userPassword is needed - */ - /* This function will return the unencrypted password when + * This function will return the unencrypted password when * called without a variable * If it's called with a new password, the * new password will be stored encrypted @@ -167,12 +100,15 @@ class inetOrgPerson { return 0; } else { - // Read existing password if set - $iv = base64_decode($_COOKIE["IV"]); - $key = base64_decode($_COOKIE["Key"]); - $password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv); - $password = str_replace(chr(00), '', $password); - return $password; + if ($this->attributes['userPassword'][0]!='') { + // Read existing password if set + $iv = base64_decode($_COOKIE["IV"]); + $key = base64_decode($_COOKIE["Key"]); + $password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv); + $password = str_replace(chr(00), '', $password); + return $password; + } + else return ''; } } @@ -182,6 +118,10 @@ class inetOrgPerson { return array('main'); } + function module_ready() { + return true; + } + /* Write variables into object and do some regexp checks */ function proccess_attributes($post) { @@ -189,7 +129,7 @@ class inetOrgPerson { if (($this->attributes['uid'][0] != $post['form_inetOrgPerson_uid']) && ereg('[A-Z]$', $post['form_inetOrgPerson_uid'])) $errors[] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.')); $this->attributes['uid'][0] = $post['form_inetOrgPerson_uid']; - $this->attributes['cn'][0] &= $this->attributes['uid'][0]; + $this->attributes['cn'][0] = $this->attributes['uid'][0]; $this->attributes['description'][0] = $post['form_inetOrgPerson_description']; $this->attributes['sn'][0] = $post['form_inetOrgPerson_sn']; $this->attributes['givenName'][0] = $post['form_inetOrgPerson_givenName']; @@ -203,6 +143,16 @@ class inetOrgPerson { $this->attributes['postalAddress'][0] = $post['form_inetOrgPerson_postalAddress']; $this->attributes['employeeType'][0] = $post['form_inetOrgPerson_employeeType']; + if (isset($this->attributes['host'])) { + $host = $post['form_inetOrgPerson_host']; + if ((!$host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $host)) + $errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.')); + $hosts = explode(" ", $host); + $this->attributes['host'] = array(); + foreach ($hosts as $host) + if ($host!="") $this->attributes['host'][] = $host; + } + if ($post['form_inetOrgPerson_userPassword_no']) $this->userPassword_no=true; else $this->userPassword_no=false; if ($post['form_inetOrgPerson_userPassword_lock']) $this->userPassword_lock=true; @@ -315,53 +265,7 @@ class inetOrgPerson { * remove are attributes which have to be removed from ldap entry */ function save_attributes() { - // Get list of all "easy" attributes - $attr_names = array_keys($this->attributes); - // Get attributes which should be added - for ($i=0; $iorig[$attr_names[$i]]); $j++) { - if (is_array($this->attributes[$attr_names[$i]])) { - if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]])) - if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]); - } - else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]); - } - for ($j=0; $jattributes[$attr_names[$i]]); $j++) { - if (is_array($this->orig[$attr_names[$i]])) { - if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]])) - if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]); - } - else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]); - } - for ($j=0; $jattributes[$attr_names[$i]]); $j++) { - if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) { - if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='') - $notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]); - } - } - } - // create modify wuth add and remove - if (is_array($toadd)) { - $attributes = array_keys($toadd); - for ($i=0; $ibase]->dn]['add'] = $toadd; - if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem; - if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify; - if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged; - + $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); // Set unix password if (count($this->orig['userPassword'])==0) { // New user or no old password set @@ -448,6 +352,16 @@ class inetOrgPerson { echo ">
" . _('Help') . "
" . _('Unix workstations') . "attributes['host'])) + foreach ($this->attributes['host'] as $host) echo $host." "; + echo "\">" . _('Help') . "
" . _('Title') . "attributes['title'][0]."\">
\n\n"; - echo "
"; - echo "" . _("Additional groups") . "\n"; + echo "
base]->type."edit-bright\">"; + echo "base]->type."edit-bright\">" . _("Additional groups") . "\n"; echo "\n\n"; echo "\n"; echo "
"; - echo "
"; - echo "" . _("Selected groups") . "\n"; + echo "
base]->type."edit-bright\">"; + echo "base]->type."edit-bright\">" . _("Selected groups") . "\n"; // Show all groups the user is additional member of if (count($this->groups)!=0) { - echo "base]->type."edit-bright\" size=15 multiple>\n"; for ($i=0; $igroups); $i++) if ($this->groups[$i]!='') echo "\n"; echo "\n"; @@ -531,11 +424,11 @@ class posixAccount { echo "\">

"; echo ""._('Help')."
\n"; - echo "
"; - echo "" . _('Available groups') . "\n"; + echo "
base]->type."edit-bright\">"; + echo "base]->type."edit-bright\">" . _('Available groups') . "\n"; // show all groups expect these the user is member of if (count($groups)!=0) { - echo "base]->type."edit-bright\">\n"; for ($i=0; $i $groups[$i] \n"; echo "\n"; diff --git a/lam/lib/modules/shadowAccount.inc b/lam/lib/modules/shadowAccount.inc index fadbcf1b..2bd2f590 100644 --- a/lam/lib/modules/shadowAccount.inc +++ b/lam/lib/modules/shadowAccount.inc @@ -63,80 +63,9 @@ class shadowAccount { $this->base = $base; // shadowAccount is only a valid objectClass for user and host if (!($_SESSION[$this->base]->get_type() == 'user')) trigger_error(_('shadowAccount can only be used for users.'), E_USER_WARNING); - /* Check if ldap conatiner is in array and set type - * users are using inetOrgPerson-, hosts account-container - */ - if (!isset($_SESSION[$this->base]->module['inetOrgPerson'])) $_SESSION[$this->base]->add_objectClass('inetOrgPerson'); - // Add account type to object - $line=-1; - for ($i=0; $ibase]->ldap]->objectClasses) || $i==-1; $i++) { - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'shadowAccount'")) $line = $i; - } - // Return error if objectClass isn't found - if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'shadowAccount'), E_USER_WARNING); // Add Array with all attributes and type + $this->attributes = $_SESSION[$this->base]->get_module_attributes('shadowAccount'); $_SESSION[$this->base]->add_attributes ('shadowAccount'); - // create array with must-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad must - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - // create array with may-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad may - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - // Get attributes of subclasses - while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4); - $subclass = substr($string_withtail, 0, strpos($string_withtail, ' ')); - // Add account type to object - for ($i=0; $ibase]->ldap]->objectClasses) || $i==-1; $i++) { - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i; - } - // Return error if objectClass isn't found - // *** fixme, fix error message - if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING); - - // create array with must-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad must - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - // create array with may-attributes - // Get startposition in string - if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) { - $string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5); - // Now we have a string with all must-attributes - $string = substr($string_withtail, 0, strpos($string_withtail, ')')); - $string = trim($string); - // Ad may - foreach (explode(" $ ", $string) as $attribute) { - $this->attributes[$attribute] = ''; - } - } - } $this->alias = _('shadowAccount'); // Make references to attributes which already esists in ldap $newattributes = array_keys($this->attributes); @@ -169,6 +98,10 @@ class shadowAccount { return array('inetOrgPerson'); } + function module_ready() { + return true; + } + /* Write variables into object and do some regexp checks */ function proccess_attributes($post) { @@ -177,8 +110,8 @@ class shadowAccount { $this->attributes['shadowMax'][0] = $post['form_shadowAccount_shadowMax']; $this->attributes['shadowWarning'][0] = $post['form_shadowAccount_shadowWarning']; $this->attributes['shadowInactive'][0] = $post['form_shadowAccount_shadowInactive']; - $this->attributes['shadowWarning'][0] = mtime(10, 0, 0, $post['form_shadowAccount_shadowExpire_mon'], - $post['form_shadowAccount_shadowExpire_day'], $post['form_shadowAccount_shadowExpire_yea']); + $this->attributes['shadowExpire'][0] = mktime(10, 0, 0, $post['form_shadowAccount_shadowExpire_mon'], + $post['form_shadowAccount_shadowExpire_day'], $post['form_shadowAccount_shadowExpire_yea'])/3600/24; if ( !ereg('^([0-9])*$', $this->attributes['shadowMin'][0])) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.')); if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0] ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.')); @@ -212,8 +145,8 @@ class shadowAccount { } } // Values are kept as copy so we can compare old attributes with new attributes - $this->orig = $this->attributes; $this->attributes['objectClass'][0] = 'shadowAccount'; + $this->orig = $this->attributes; } @@ -226,52 +159,7 @@ class shadowAccount { * modify are attributes which have to been modified in ldap entry */ function save_attributes() { - // Get list of all "easy" attributes - $attr_names = array_keys($this->attributes); - // Get attributes which should be added - for ($i=0; $iorig[$attr_names[$i]]); $j++) { - if (is_array($this->attributes[$attr_names[$i]])) { - if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]])) - if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]); - } - else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]); - } - for ($j=0; $jattributes[$attr_names[$i]]); $j++) { - if (is_array($this->orig[$attr_names[$i]])) { - if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]])) - if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]); - } - else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]); - } - for ($j=0; $jattributes[$attr_names[$i]]); $j++) { - if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) { - if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='') - $notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]); - } - } - } - // create modify wuth add and remove - if (is_array($toadd)) { - $attributes = array_keys($toadd); - for ($i=0; $ibase]->dn]['add'] = $toadd; - if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem; - if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify; - if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged; + $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); // Set shadowLastchange manual. if ($_SESSION[$this->base]->module['inetOrgPerson']->userPassword()!='' || $_SESSION[$this->base]->module['inetOrgPerson']->userPassword_no)