WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

checked useredit.php 

fixed many many samba issues.
samba 2.2 functions not checked all yet.
This commit is contained in:
katagia 2003-09-18 13:54:02 +00:00
parent 9cbf79ceac
commit 35ff466d26
4 changed files with 666 additions and 540 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

703
lam/lib/account.inc
View File

@ -116,297 +116,6 @@ function array_delete($values, $array) { // This function will return all values
function checkglobal($values, $type, $values_old=false) { // This functions checks all global account parameters $values is class account(), $type=user|host|group
// If all values are OK an array of class account is returned. Else an error-string is returned
$return = new account();
$return->general_dn = $values->general_dn;
switch ($type) {
case 'user' :
// Check if Homedir is valid
$return->general_homedir = str_replace('$group', $values->general_group, $values->general_homedir);
if ($values->general_username != '')
$return->general_homedir = str_replace('$user', $values->general_username, $return->general_homedir);
if ($return->general_homedir != $values->general_homedir) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $return->general_homedir ))
$errors[] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
// Check if givenname is valid
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $values->general_givenname)) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
// Check if surname is valid
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $values->general_surname)) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
if ( ($values->general_gecos=='') || ($values->general_gecos==' ')) {
$return->general_gecos = replace_umlaut($values->general_givenname) . " " . replace_umlaut($values->general_surname) ;
$errors[] = array('INFO', _('Gecos'), _('Inserted sur- and given name in gecos-field.'));
}
if ($values->general_group=='') $errors[] = array('ERROR', _('Primary group'), _('No primary group defined!'));
// Check if Username contains only valid characters
if ( !ereg('^([a-z]|[0-9]|[.]|[-]|[_])*$', $values->general_username))
$errors[] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, 0-9 and .-_ !'));
// Check if user already exists
if (isset($values->general_groupadd) && in_array($values->general_group, $values->general_groupadd)) {
$return->general_groupadd = $values->general_groupadd;
for ($i=0; $i<count($values->general_groupadd); $i++ )
if ($values->general_groupadd[$i] == $values->general_group) {
unset ($return->general_groupadd[$i]);
$return->general_groupadd = array_values($return->general_groupadd);
}
}
$return->general_username = $values->general_username;
$return->general_dn = $values->general_dn;
// Create automatic useraccount with number if original user already exists
while ($temp = ldapexists($return, $type, $values_old)) {
// get last character of username
$lastchar = substr($return->general_username, strlen($return->general_username)-1, 1);
// Last character is no number
if ( !ereg('^([0-9])+$', $lastchar))
$return->general_username = $return->general_username . '2';
else {
$i=strlen($return->general_username)-1;
$mark = false;
while (!$mark) {
if (ereg('^([0-9])+$',substr($return->general_username, $i, strlen($return->general_username)-$i))) $i--;
else $mark=true;
}
// increase last number with one
$firstchars = substr($return->general_username, 0, $i+1);
$lastchars = substr($return->general_username, $i+1, strlen($return->general_username)-$i);
$return->general_username = $firstchars . (intval($lastchars)+1);
}
}
if ($values->general_username != $return->general_username) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.'));
break;
case 'group' :
// Check if Groupname contains only valid characters
if ( !ereg('^([a-z]|[0-9]|[.]|[-]|[_])*$', $values->general_username))
$errors[] = array('ERROR', _('Groupname'), _('Groupname contains invalid characters. Valid characters are: a-z, 0-9 and .-_ !'));
if ($values->general_gecos=='') {
$return->general_gecos = $values->general_username ;
$errors[] = array('INFO', _('Gecos'), _('Inserted groupname in gecos-field.'));
}
// Check if user already exists
$return->general_username = $values->general_username;
// Create automatic groupaccount with number if original user already exists
while ($temp = ldapexists($return, $type, $values_old)) {
// get last character of username
$lastchar = substr($return->general_username, strlen($return->general_username)-1, 1);
// Last character is no number
if ( !ereg('^([0-9])+$', $lastchar))
$return->general_username = $return->general_username . '2';
else {
$i=strlen($return->general_username)-1;
$mark = false;
while (!$mark) {
if (ereg('^([0-9])+$',substr($return->general_username, $i, strlen($return->general_username)-$i))) $i--;
else $mark=true;
}
// increase last number with one
$firstchars = substr($return->general_username, 0, $i+1);
$lastchars = substr($return->general_username, $i+1, strlen($return->general_username)-$i);
$return->general_username = $firstchars . (intval($lastchars)+1);
}
}
if ($values->general_username != $return->general_username) $errors[] = array('WARN', _('Groupname'), _('Groupname already in use. Selected next free groupname.'));
break;
case 'host' :
if ( substr($values->general_username, strlen($values->general_username)-1, strlen($values->general_username)) != '$' ) {
$values->general_username = $values->general_username . '$';
$errors[] = array('WARN', _('Host name'), _('Added $ to hostname.'));
}
$return->general_username = $values->general_username;
// Check if Hostname contains only valid characters
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[$])*$', $values->general_username))
$errors[] = array('ERROR', _('Host name'), _('Hostname contains invalid characters. Valid characters are: a-z, 0-9 and .-_ !'));
// Check if Hostname already exists
$return->general_homedir = '/dev/null';
$return->general_shell = '/bin/false';
// Check if user already exists
if ($values->general_gecos=='') {
$return->general_gecos = $values->general_username;
$errors[] = array('INFO', _('Gecos'), _('Inserted hostname in gecos-field.'));
}
// Create automatic groupaccount with number if original user already exists
while ($temp = ldapexists($return, $type, $values_old)) {
// get last character of username
$return->general_username = substr($return->general_username, 0, $return->general_username-1);
$lastchar = substr($return->general_username, strlen($return->general_username)-2, 1);
// Last character is no number
if ( !ereg('^([0-9])+$', $lastchar))
$return->general_username = $return->general_username . '2';
else {
$i=strlen($return->general_username)-3;
$mark = false;
while (!$mark) {
if (ereg('^([0-9])+$',substr($return->general_username, $i, strlen($return->general_username)-1))) $i--;
else $mark=true;
}
// increase last number with one
$firstchars = substr($return->general_username, 0, $i+1);
$lastchars = substr($return->general_username, $i+1, strlen($return->general_username)-$i);
$return->general_username = $firstchars . (intval($lastchars)+1). '$';
}
$return->general_username = $return->general_username . "$";
}
if ($values->general_username != $return->general_username) $errors[] = array('WARN', _('Host name'), _('Hostname already in use. Selected next free hostname.'));
break;
}
// Check if UID is valid. If none value was entered, the next useable value will be inserted
$return->general_uidNumber = checkid($values, $type, $values_old);
if (is_string($return->general_uidNumber)) { // true if checkid has returned an error
$errors[] = array('ERROR', _('ID-Number'), $return->general_uidNumber);
unset($return->general_uidNumber);
}
// Check if Name-length is OK. minLength=3, maxLength=20
if ( !ereg('.{3,20}', $values->general_username)) $errors[] = array('ERROR', _('Name'), _('Name must contain between 3 and 20 characters.'));
// Check if Name starts with letter
if ( !ereg('^([a-z]|[A-Z]).*$', $values->general_username))
$errors[] = array('ERROR', _('Name'), _('Name contains invalid characters. First character must be a letter'));
// Return values and errors
if (!$errors) return array($return);
else return array($return, $errors);
}
function checkunix($values, $type) { // This function checks all unix account paramters
if ($values->unix_password != '') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
}
if ($type=='user' && !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $values->unix_password))
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
if ( !ereg('^([0-9])*$', $values->unix_pwdminage)) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
if ( $values->unix_pwdminage > $values->unix_pwdmaxage ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
if ( !ereg('^([0-9]*)$', $values->unix_pwdmaxage)) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'));
if ( !ereg('^(([-][1])|([0-9]*))$', $values->unix_pwdallowlogin))
$errors[] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'));
if ( !ereg('^([0-9]*)$', $values->unix_pwdwarn)) $errors[] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'));
if ((!$values->unix_host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $values->unix_host))
$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
return $errors;
}
function checksamba($values, $type) { // This function checks all samba account paramters
$return = new account();
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ($values->smb_password != '') {
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
if ($values->smb_useunixpwd) {
if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
}
$values->smb_password = $values->unix_password;
}
switch ($type) {
case 'user' :
$return->smb_scriptPath = str_replace('$user', $values->general_username, $values->smb_scriptPath);
if ($values->smb_scriptPath != $return->smb_scriptPath) $errors[] = array('INFO', _('Script path'), _('Inserted username in scriptpath.'));
$return->smb_scriptPath = str_replace('$group', $values->general_group, $return->smb_scriptPath);
if ($values->smb_scriptPath != $return->smb_scriptPath) $errors[] = array('INFO', _('Script path'), _('Inserted groupname in scriptpath.'));
$return->smb_profilePath = str_replace('$user', $values->general_username, $values->smb_profilePath);
if ($values->smb_profilePath != $return->smb_profilePath) $errors[] = array('INFO', _('Profile path'), _('Inserted username in profilepath.'));
$return->smb_profilePath = str_replace('$group', $return->general_group, $return->smb_profilePath);
if ($values->smb_profilePath != $return->smb_profilePath) $errors[] = array('INFO', _('Profile path'), _('Inserted groupname in profilepath.'));
$return->smb_smbhome = str_replace('$user', $values->general_username, $values->smb_smbhome);
if ($values->smb_smbhome != $return->smb_smbhome) $errors[] = array('INFO', _('Home path'), _('Inserted username in Home Path.'));
$return->smb_smbhome = str_replace('$group', $return->general_group, $return->smb_smbhome);
if ($values->smb_smbhome != $return->smb_smbhome) $errors[] = array('INFO', _('Home path'), _('Inserted groupname in HomePath.'));
if ( (!$return->smb_smbhome=='') && (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+)+$', $return->smb_smbhome)))
$errors[] = array('ERROR', _('Home path'), _('Home path is invalid.'));
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$',
$values->smb_password)) $errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
if ( (!$return->smb_scriptPath=='') && (!ereg('^([/])*([a-z]|[0-9]|[.]|[-]|[_]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+([a-z]|[0-9]|[.]|[-]|[_]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])*'.
'([/]([a-z]|[0-9]|[.]|[-]|[_]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+([a-z]|[0-9]|[.]|[-]|[_]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])*)*$', $return->smb_scriptPath)))
$errors[] = array('ERROR', _('Script path'), _('Script path is invalid!'));
if ( (!$return->smb_profilePath=='') && (!ereg('^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*)*$', $return->smb_profilePath))
&& (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+)+$', $return->smb_profilePath)))
$errors[] = array('ERROR', _('Profile path'), _('Profile path is invalid!'));
if ((!$values->smb_smbuserworkstations=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $values->smb_smbuserworkstations))
$errors[] = array('ERROR', _('Samba workstations'), _('Samba workstations are invalid!'));
$return->smb_flagsW = 0;
if ((!$values->smb_domain=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[-])+$', $values->smb_domain))
$errors[] = array('ERROR', _('Domain name'), _('Domain name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.'));
if ($values->smb_useunixpwd) $return->smb_useunixpwd = 1; else $return->smb_useunixpwd = 0;
if ($values->smb_password) {
// Encrypt password
$return->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $values->smb_password,
MCRYPT_MODE_ECB, $iv));
}
else $return->smb_password = "";
break;
case 'host' :
$return->smb_password = $values->unix_password;
$return->smb_flagsW = 1;
if ((!$values->smb_domain=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[-])+$', $values->smb_domain))
$errors[] = array('ERROR', _('Domain name'), _('Domain name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.'));
if ($values->smb_useunixpwd) $return->smb_useunixpwd = 1; else $return->smb_useunixpwd = 0;
if ($values->smb_password) {
// Encrypt password
$return->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $values->smb_password,
MCRYPT_MODE_ECB, $iv));
}
else $return->smb_password = "";
break;
case 'group' :
if (($values->smb_displayName=='') && isset($values->general_gecos)) {
$return->smb_displayName = $values->general_gecos;
$errors[] = array('INFO', _('Display name'), _('Inserted gecos-field as display name.'));
}
break;
}
// Return values and errors
if (!$errors) return array($return);
else return array($return, $errors);
}
function checkquota($values) { // This function checks all quota paramters
$return = $values;
$i=0;
while ($values->quota[$i][0]) {
if (!$values->quota[$i][2]) $return->quota[$i][2] = 0;
else if (!ereg('^([0-9])*$', $values->quota[$i][2]))
$errors[] = array('ERROR', _('Block soft quota'), _('Block soft quota contains invalid characters. Only natural numbers are allowed'));
if (!$values->quota[$i][3]) $return->quota[$i][3] = 0;
else if (!ereg('^([0-9])*$', $values->quota[$i][3]))
$errors[] = array('ERROR', _('Block hard quota'), _('Block hard quota contains invalid characters. Only natural numbers are allowed'));
if (!$values->quota[$i][6]) $return->quota[$i][6] = 0;
else if (!ereg('^([0-9])*$', $values->quota[$i][6]))
$errors[] = array('ERROR', _('Inode soft quota'), _('Inode soft quota contains invalid characters. Only natural numbers are allowed'));
if (!$values->quota[$i][7]) $return->quota[$i][7] = 0;
else if (!ereg('^([0-9])*$', $values->quota[$i][7]))
$errors[] = array('ERROR', _('Inode hard quota'), _('Inode hard quota contains invalid characters. Only natural numbers are allowed'));
$return->quota[$i][2] = $values->quota[$i][2];
$return->quota[$i][3] = $values->quota[$i][3];
$return->quota[$i][6] = $values->quota[$i][6];
$return->quota[$i][7] = $values->quota[$i][7];
$i++;
}
// Return values and errors
if (!isset($errors)) return array($return);
else return array($return, $errors);
}
function checkpersonal($values) {
$return = new account();
$return = $values;
// Return values and errors
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/])*$', $values->personal_telephoneNumber)) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/])*$', $values->personal_mobileTelephoneNumber)) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/])*$', $values->personal_facsimileTelephoneNumber)) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $values->personal_mail)) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $values->personal_street)) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $values->personal_postalAddress)) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $values->personal_title)) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $values->personal_employeeType)) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $values->personal_postalCode)) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
if (!isset($errors)) return array($return, '');
else return array($return, $errors);
}
function genpasswd() { // This function will return a password with max. 8 characters
// Allowed Characters to generate passwords
$LCase = 'abcdefghjkmnpqrstuvwxyz';
@ -461,6 +170,9 @@ function RndInt($Format){
*/
function getquotas($type,$user='+') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
// $type = user or group
// $user = user or groupname if no user or groupname is defined,
// an array with all quota-enabled partitions is returned in this case all returned values are 0 exept mointpoint[x][0]
$return = new account();
$ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get ';
@ -483,6 +195,10 @@ function getquotas($type,$user='+') { // Whis function will return the quotas fr
}
function setquotas($values,$type,$values_old=false) { // Whis function will set the quotas from the specified user.
// $values = object account with quotas which should be set
// $type: user or group
// $values_old = object account if set values and values_old will be compared. Quota will only be changed
// if values differ
$ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$values->general_username.' quota set ';
if ($type=='user') $towrite = $towrite.'u ';
@ -496,31 +212,33 @@ function setquotas($values,$type,$values_old=false) { // Whis function will set
$i++;
}
if ($i!=0) exec($_SESSION['config']->scriptPath." $towrite", $vals);
//if ($i!=0) exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
}
function remquotas($user, $type) { // Whis function will remove the quotas from the specified user.
// $user = username of which quta should be deleted
// $type = user or group
$ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota set ';
if ($type=='user') $towrite = $towrite.'u ';
else $towrite = $towrite.'g ';
exec($_SESSION['config']->scriptPath." $towrite", $vals);
//exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
}
function addhomedir($user) { // Create Homedirectory
// $user = username
// all other needed vars are taken from remotesystem getusrnam
$ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add';
exec($_SESSION['config']->scriptPath." $towrite", $vals);
//exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
}
function remhomedir($user) { // Remove Homedirectory
// $user = username
// all other needed vars are taken from remotesystem getusrnam
$ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem';
exec($_SESSION['config']->scriptPath." $towrite", $vals);
//exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
}
function ldapreload($type) { // This function will load an array th cache ldap-requests
@ -667,8 +385,6 @@ function checkid($values, $type, $values_old=false) { // if value is empty will
$keys = $_SESSION['userDN'];
unset ($keys[0]);
$keys = array_values($keys);
//foreach ($keys as $key)
// $ids[] = $_SESSION['userDN'][$key]['uidNumber'];
break;
case 'group':
ldapreload('group');
@ -678,8 +394,6 @@ function checkid($values, $type, $values_old=false) { // if value is empty will
$keys = $_SESSION['groupDN'];
unset ($keys[0]);
$keys = array_values($keys);
//foreach ($keys as $key)
// $ids[] = $_SESSION['groupDN'][$key]['gidNumber'];
break;
case 'host':
ldapreload('host');
@ -689,8 +403,6 @@ function checkid($values, $type, $values_old=false) { // if value is empty will
$keys = $_SESSION['hostDN'];
unset ($keys[0]);
$keys = array_values($keys);
//foreach ($keys as $key)
// $ids[] = $_SESSION['hostDN'][$key]['uidNumber'];
break;
}
if ($values->general_uidNumber=='') {
@ -749,17 +461,20 @@ function smbflag($values) { // Creates te attribute attrFlags
function loaduser($dn) { // Will load all needed values from an existing account
$return = new account();
$return->type='user';
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
$return->general_dn = ldap_get_dn($_SESSION['ldap']->server(), $entry);
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if (isset($attr['uid'][0])) $return->general_username = $attr['uid'][0];
if (isset($attr['uidNumber'][0])) $return->general_uidNumber = $attr['uidNumber'][0];
if (isset($attr['homeDirectory'][0])) $return->general_homedir = $attr['homeDirectory'][0];
if (isset($attr['shadowLastChange'][0])) $return->unix_shadowLastChange = $attr['shadowLastChange'][0];
if (isset($attr['loginShell'][0])) $return->general_shell = $attr['loginShell'][0];
if (isset($attr['gecos'][0])) $return->general_gecos = $attr['gecos'][0];
if (isset($attr['description'][0])) $return->general_gecos = $attr['description'][0];
// get groupname
if (isset($attr['gidNumber'][0])) {
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "objectclass=PosixGroup", array('gidNumber', 'cn'));
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
@ -769,6 +484,8 @@ function loaduser($dn) { // Will load all needed values from an existing account
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
}
}
// get all additional groupmemberships
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "objectclass=PosixGroup", array('memberUid', 'cn'));
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
while ($entry) {
@ -777,11 +494,14 @@ function loaduser($dn) { // Will load all needed values from an existing account
if (($id==$return->general_username) && ($attr2['cn'][0]!=$return->general_group)) $return->general_groupadd[]=$attr2['cn'][0];
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
}
if (isset($attr['shadowMin'][0])) $return->unix_pwdminage = $attr['shadowMin'][0];
if (isset($attr['shadowMax'][0])) $return->unix_pwdmaxage = $attr['shadowMax'][0];
if (isset($attr['shadowWarning'][0])) $return->unix_pwdwarn = $attr['shadowWarning'][0];
if (isset($attr['shadowInactive'][0])) $return->unix_pwdallowlogin = $attr['shadowInactive'][0];
if (isset($attr['shadowExpire'][0])) $return->unix_pwdexpire = $attr['shadowExpire'][0]*86400;
// load hosts
$i=0;
while (isset($attr['host'][$i])) {
if ($i==0) $return->unix_host = $attr['host'][$i];
@ -789,50 +509,13 @@ function loaduser($dn) { // Will load all needed values from an existing account
$i++;
}
$i=0;
while (isset($attr['objectClass'][$i])) {
$return->general_objectClass[$i] = $attr['objectClass'][$i];
$i++;
}
if ($_SESSION['config']->samba3 == 'yes') {
if (in_array('sambaSamAccount', $attr['objectClass'])) $load=3;
else $load=2;
}
else {
if (in_array('sambaSamAccount', $attr['objectClass'])) $load=3;
else $load=2;
}
if ($load==3) {
if (isset($attr['sambaAcctFlags'][0])) {
if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true;
if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flagsX=true;
}
if (isset($attr['sambaPwdCanChange'][0])) $return->smb_pwdcanchange = $attr['sambaPwdCanChange'][0];
if (isset($attr['sambaPwdMustChange'][0])) $return->smb_pwdmustchange = $attr['sambaPwdMustChange'][0];
if (isset($attr['sambaHomePath'][0])) $return->smb_smbhome = utf8_decode($attr['sambaHomePath'][0]);
if (isset($attr['sambaHomeDrive'][0])) $return->smb_homedrive = $attr['sambaHomeDrive'][0];
if (isset($attr['sambaLogonScript'][0])) $return->smb_scriptPath = utf8_decode($attr['sambaLogonScript'][0]);
if (isset($attr['sambaProfilePath'][0])) $return->smb_profilePath = $attr['sambaProfilePath'][0];
if (isset($attr['sambaUserWorkstations'][0])) $return->smb_smbuserworkstations = $attr['sambaUserWorkstations'][0];
if (isset($attr['sambaDomainName'][0])) $return->smb_domain = $attr['sambaDomainName'][0];
if (isset($attr['sambaNTPassword'][0])) $return->smb_password = $attr['sambaNTPassword'][0];
}
else {
if (isset($attr['acctFlags'][0])) {
if (strrpos($attr['acctFlags'][0], 'W')) $return->smb_flagsW=true;
if (strrpos($attr['acctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['acctFlags'][0], 'X')) $return->smb_flagsX=true;
}
if (isset($attr['ntPassword'][0])) $return->smb_password = $attr['ntPassword'][0];
if (isset($attr['smbHome'][0])) $return->smb_smbhome = utf8_decode($attr['smbHome'][0]);
if (isset($attr['pwdCanChange'][0])) $return->smb_pwdcanchange = $attr['pwdCanChange'][0];
if (isset($attr['pwdMustChange'][0])) $return->smb_pwdmustchange = $attr['pwdMustChange'][0];
if (isset($attr['homeDrive'][0])) $return->smb_homedrive = $attr['homeDrive'][0];
if (isset($attr['scriptPath'][0])) $return->smb_scriptPath = utf8_decode($attr['scriptPath'][0]);
if (isset($attr['profilePath'][0])) $return->smb_profilePath = $attr['profilePath'][0];
if (isset($attr['userWorkstations'][0])) $return->smb_smbuserworkstations = $attr['userWorkstations'][0];
if (isset($attr['domain'][0])) $return->smb_domain = $attr['domain'][0];
}
// load personal settings
if (isset($attr['givenName'][0])) $return->general_givenname = utf8_decode($attr['givenName'][0]);
if (isset($attr['sn'][0])) $return->general_surname = utf8_decode($attr['sn'][0]);
if (isset($attr['title'][0])) $return->personal_title = utf8_decode($attr['title'][0]);
@ -847,7 +530,8 @@ function loaduser($dn) { // Will load all needed values from an existing account
if (isset($attr['employeeType'][0])) $return->personal_employeeType = utf8_decode($attr['employeeType'][0]);
if (substr(str_replace('{CRYPT}', '',$attr['userPassword'][0]),0,1) == '!' ) $return->unix_deactivated=true;
if (isset($attr['userPassword'][0])) $return->unix_password = $attr['userPassword'][0];
$return->type='user';
// load quotas
if ($_SESSION['config']->scriptServer) {
$values = getquotas('user',$return->general_username);
if (is_object($values)) {
@ -855,6 +539,72 @@ function loaduser($dn) { // Will load all needed values from an existing account
if ($val) $return->$key = $val;
}
}
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
if (in_array('sambaSamAccount', $attr['objectClass'])) {
if (isset($attr['sambaAcctFlags'][0])) {
if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true;
if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flagsX=true;
}
if (isset($attr['sambaPwdCanChange'][0])) $return->smb_pwdcanchange = $attr['sambaPwdCanChange'][0];
if (isset($attr['sambaPwdMustChange'][0])) $return->smb_pwdmustchange = $attr['sambaPwdMustChange'][0];
if (isset($attr['sambaHomePath'][0])) $return->smb_smbhome = utf8_decode($attr['sambaHomePath'][0]);
if (isset($attr['sambaHomeDrive'][0])) $return->smb_homedrive = $attr['sambaHomeDrive'][0];
if (isset($attr['sambaLogonScript'][0])) $return->smb_scriptPath = utf8_decode($attr['sambaLogonScript'][0]);
if (isset($attr['sambaProfilePath'][0])) $return->smb_profilePath = $attr['sambaProfilePath'][0];
if (isset($attr['sambaUserWorkstations'][0])) $return->smb_smbuserworkstations = $attr['sambaUserWorkstations'][0];
if (isset($attr['sambaDomainName'][0])) $return->smb_domain = $attr['sambaDomainName'][0];
if (isset($attr['sambaNTPassword'][0])) $return->smb_password = $attr['sambaNTPassword'][0];
if (isset($attr['sambaDomainName'][0])) {
if ($_SESSION['config']->samba3=='yes') {
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
for ($i=0; $i<sizeof($samba3domains); $i++)
if ($attr['sambaDomainName'][0] == $samba3domains[$i]->name) $return->smb_domain = $samba3domains[$i];
}
else {
$return->smb_domain = $attr['sambaDomainName'];
}
}
if (isset($attr['sambaPrimaryGroupSID'][0])) {
if ($_SESSION['config']->samba3=='yes')
$return->smb_mapgroup = $attr['sambaPrimaryGroupSID'][0];
else $return->smb_mapgroup = 2*$attr['gidNumber'][0]+1001;
}
// return value to prevent loaded values to be overwritten from old samba 2.2 attributes
if ($_SESSION['config']->samba3 == 'yes') return $return;
}
if (in_array('sambaAccount', $attr['objectClass'])) {
if (isset($attr['acctFlags'][0])) {
if (strrpos($attr['acctFlags'][0], 'W')) $return->smb_flagsW=true;
if (strrpos($attr['acctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['acctFlags'][0], 'X')) $return->smb_flagsX=true;
}
if (isset($attr['ntPassword'][0])) $return->smb_password = $attr['ntPassword'][0];
if (isset($attr['smbHome'][0])) $return->smb_smbhome = utf8_decode($attr['smbHome'][0]);
if (isset($attr['pwdCanChange'][0])) $return->smb_pwdcanchange = $attr['pwdCanChange'][0];
if (isset($attr['pwdMustChange'][0])) $return->smb_pwdmustchange = $attr['pwdMustChange'][0];
if (isset($attr['homeDrive'][0])) $return->smb_homedrive = $attr['homeDrive'][0];
if (isset($attr['scriptPath'][0])) $return->smb_scriptPath = utf8_decode($attr['scriptPath'][0]);
if (isset($attr['profilePath'][0])) $return->smb_profilePath = $attr['profilePath'][0];
if (isset($attr['userWorkstations'][0])) $return->smb_smbuserworkstations = $attr['userWorkstations'][0];
if (isset($attr['domain'][0])) {
if ($_SESSION['config']->samba3=='yes') {
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
for ($i=0; $i<sizeof($samba3domains); $i++)
if ($attr['domain'][0] == $samba3domains[$i]->name) $return->smb_domain = $samba3domains[$i];
}
else $return->smb_domain = $attr['domain'][0];
}
if (isset($attr['primaryGroupID'][0])) {
if ($_SESSION['config']->samba3=='yes')
$return->smb_mapgroup = $return->smb_domain->SID. '-' . (2*$attr['primaryGroupID'][0]+1);
else $return->smb_mapgroup = $attr['primaryGroupID'][0];
}
}
return $return;
}
@ -887,6 +637,8 @@ function loadhost($dn) { // Will load all needed values from an existing account
}
}
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
// load samba3 attributes
if (in_array('sambaSamAccount', $attr['objectClass'])) {
if (isset($attr['sambaAcctFlags'][0])) {
@ -894,17 +646,20 @@ function loadhost($dn) { // Will load all needed values from an existing account
if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flagsX=true;
}
if (isset($attr['sambaPwdCanChange'][0])) $return->smb_pwdcanchange = $attr['sambaPwdCanChange'][0];
if (isset($attr['sambaPwdMustChange'][0])) $return->smb_pwdmustchange = $attr['sambaPwdMustChange'][0];
if (isset($attr['sambaSID'][0])) { // Samba3 Samba 2.0 don't have any objects 4 groups
$return->smb_mapgroup = $attr['sambaSID'][0];
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
// extract SID from sambaSID to find domain
$temp = explode('-', $attr['sambaSID'][0]);
$SID = $temp[0].'-'.$temp[1].'-'.$temp[2].'-'.$temp[3].'-'.$temp[4].'-'.$temp[5].'-'.$temp[6];
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
for ($i=0; $i<sizeof($samba3domains); $i++)
if ($SID == $samba3domains[$i]->SID) $return->smb_domain = $samba3domains[$i];
if (isset($attr['sambaDomainName'][0])) {
if ($_SESSION['config']->samba3=='yes') {
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
for ($i=0; $i<sizeof($samba3domains); $i++)
if ($attr['sambaDomainName'][0] == $samba3domains[$i]->name) $return->smb_domain = $samba3domains[$i];
}
else {
$return->smb_domain = $attr['sambaDomainName'];
}
}
if (isset($attr['sambaPrimaryGroupSID'][0])) {
if ($_SESSION['config']->samba3=='yes')
$return->smb_mapgroup = $attr['sambaPrimaryGroupSID'][0];
else $return->smb_mapgroup = 2*$attr['gidNumber'][0]+1001;
}
// return value to prevent loaded values to be overwritten from old samba 2.2 attributes
if ($_SESSION['config']->samba3 == 'yes') return $return;
@ -916,9 +671,19 @@ function loadhost($dn) { // Will load all needed values from an existing account
if (strrpos($attr['acctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['acctFlags'][0], 'X')) $return->smb_flagsX=true;
}
if (isset($attr['domain'][0])) $return->smb_domain = $attr['domain'][0];
if (isset($attr['pwdCanChange'][0])) $return->smb_pwdcanchange = $attr['pwdCanChange'][0];
if (isset($attr['pwdMustChange'][0])) $return->smb_pwdmustchange = $attr['pwdMustChange'][0];
if (isset($attr['domain'][0])) {
if ($_SESSION['config']->samba3=='yes') {
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
for ($i=0; $i<sizeof($samba3domains); $i++)
if ($attr['domain'][0] == $samba3domains[$i]->name) $return->smb_domain = $samba3domains[$i];
}
else $return->smb_domain = $attr['domain'][0];
}
if (isset($attr['primaryGroupID'][0])) {
if ($_SESSION['config']->samba3=='yes')
$return->smb_mapgroup = $return->smb_domain->SID. '-' . (2*$attr['primaryGroupID'][0]+1);
else $return->smb_mapgroup = $attr['primaryGroupID'][0];
}
}
return $return;
}
@ -977,12 +742,15 @@ function createuser($values) { // Will create the LDAP-Account
// 2 == Account already exists at different location
// 1 == Account has been created
// 4 == Error while creating Account
// values stored in shadowExpire, days since 1.1.1970
if ($values->unix_pwdexpire) {
$date = $values->unix_pwdexpire / 86400 ;
settype($date, 'integer');
}
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
// decrypt password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
@ -1001,18 +769,19 @@ function createuser($values) { // Will create the LDAP-Account
$attr['objectClass'][1] = 'shadowAccount';
if ($_SESSION['config']->samba3 == 'yes') {
$attr['objectClass'][2] = 'sambaSamAccount';
$attr['sambaNTPassword'] = exec('../../lib/createntlm.pl nt ' . $values->smb_password);
$attr['sambaLMPassword'] = exec('../../lib/createntlm.pl lm ' . $values->smb_password);
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
else {
$attr['sambaNTPassword'] = exec('../../lib/createntlm.pl nt ' . $values->smb_password);
$attr['sambaLMPassword'] = exec('../../lib/createntlm.pl lm ' . $values->smb_password);
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
$attr['sambaSID'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
if ($values->smb_mapgroup!='') $attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_req
else $attr['sambaPrimaryGroupSID'] = $_SESSION['account']->smb_domain->SID . "-".
(2 * $_SESSION['account']->general_uidNumber + $values->smb_domain->RIDbase +1);
$attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_req
if ($values->smb_pwdcanchange!='') $attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
else $attr['sambaPwdCanChange'] = time(); // sambaAccount_may
if ($values->smb_pwdmustchange!='') $attr['sambaPwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
@ -1026,16 +795,18 @@ function createuser($values) { // Will create the LDAP-Account
if ($values->smb_smbuserworkstations!='') $attr['sambaUserWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
if ($values->smb_domain!='') $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
}
else {
else {
$attr['objectClass'][2] = 'sambaAccount';
$attr['ntPassword'] = exec('../../lib/createntlm.pl nt ' . $values->smb_password);
$attr['lmPassword'] = exec('../../lib/createntlm.pl lm ' . $values->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
else {
$attr['ntPassword'] = exec('../../lib/createntlm.pl nt ' . $values->smb_password);
$attr['lmPassword'] = exec('../../lib/createntlm.pl lm ' . $values->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['primaryGroupID'] = $values->smb_mapgroup; // sambaAccount_req
if ($values->smb_pwdcanchange!='') $attr['pwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
@ -1053,7 +824,7 @@ function createuser($values) { // Will create the LDAP-Account
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
}
$attr['objectClass'][3] = 'inetOrgPerson';
#$attr['objectClass'][4] = 'account';
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
$attr['uid'] = $values->general_username; // posixAccount_req
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
@ -1074,8 +845,9 @@ function createuser($values) { // Will create the LDAP-Account
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
$attr['loginShell'] = $values->general_shell; // posixAccount_may
$attr['gecos'] = $values->general_gecos; // posixAccount_may
$attr['description'] = $values->general_gecos; // posixAccount_may sambaAccount_may
$attr['gecos'] = utf8_encode($values->general_gecos); // posixAccount_may
$attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
$values->unix_host = str_replace(' ', '', $values->unix_host);
$hosts = explode (',', $values->unix_host);
@ -1160,7 +932,22 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
}
if ($values->general_group != $values_old->general_group) {
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
$change = false;
if ($_SESSION['config']->samba3 == 'yes') {
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-512') $found=true;
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-513') $found=true;
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-514') $found=true;
if (!$found) $attr['sambaPrimaryGroupSID'] = $_SESSION['account']->smb_domain->SID . "-".
(2 * getgid($_SESSION['account']->general_group) + $values->smb_domain->RIDbase+1);
}
else {
if ($values->smb_mapgroup== '512') $found=true;
if ($values->smb_mapgroup== '513') $found=true;
if ($values->smb_mapgroup== '514') $found=true;
if (!$found) $attr['primaryGroupID'] = (2 * getgid($_SESSION['account']->general_group) + 1001);
}
}
if ($values->general_homedir != $values_old->general_homedir)
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
// posixAccount_may shadowAccount_may
@ -1179,6 +966,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
}
if ($_SESSION['config']->samba3 == 'yes') {
if ($values->smb_password_no) {
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
@ -1208,9 +996,9 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
if (($values->smb_domain->name=='') && ($values->smb_domain->name!=$values_old->smb_domain->name)) $attr_rem['sambaDomainName'] = $values_old->smb_domain->name; // sambaAccount_may
if (($values->smb_mapgroup!='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_may
if (($values->smb_mapgroup=='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr_rem['sambaPrimaryGroupSID'] = $values_old->smb_mapgroup;
if ($values->general_gecos != $values_old->general_gecos) $attr['displayName'] = utf8_encode($values->general_gecos); // sambaAccount_may
if ($values->smb_displayName != $values_old->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
}
else {
else {
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
@ -1239,17 +1027,14 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
if (($values->smb_mapgroup!='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr['primaryGroupID'] = $values->smb_mapgroup; // sambaAccount_may
if (($values->smb_mapgroup=='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr_rem['primaryGroupID'] = $values_old->smb_mapgroup;
if ($values->general_gecos != $values_old->general_gecos) $attr['displayName'] = utf8_encode($values->general_gecos); // sambaAccount_may
//if ($_SESSION['config']->samba3 == 'yes') $attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_req
// else $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($values->smb_displayName != $values_old->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
}
if ($values->general_shell != $values_old->general_shell)
$attr['loginShell'] = $values->general_shell; // posixAccount_may
if ($values->general_gecos != $values_old->general_gecos) {
$attr['gecos'] = ($values->general_gecos); // posixAccount_may
$attr['gecos'] = utf8_encode($values->general_gecos); // posixAccount_may
$attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may
print ($attr['gecos']);
}
if (($values->unix_host != $values_old->unix_host)) {
@ -1322,31 +1107,125 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
if ($values->general_givenname!=$values_old->general_givenname) $attr['givenName'] = utf8_encode($values->general_givenname);
if ($values->general_surname!=$values_old->general_surname) $attr['sn'] = utf8_encode($values->general_surname);
if ( (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) ||
(!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) ||
(!in_array('inetOrgPerson', $_SESSION['account_old']->general_objectClass)) ||
(($_SESSION['config']->samba3 =='yes') && (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass))) ||
(($_SESSION['config']->samba3 !='yes') && (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)))) {
// Add missing objectclasses to group
if (!in_array('posixAccount', $values->general_objectClass)) {
$attr['objectClass'] = $values->general_objectClass;
$attr['objectClass'][] = 'posixAccount';
}
if (!in_array('shadowAccount', $values->general_objectClass)) {
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
$attr['objectClass'][] = 'shadowAccount';
}
// Add or convert samba attributes & object to samba 3
if (($_SESSION['config']->samba3 == 'yes') && (!in_array('sambaSamAccount', $values->general_objectClass))) {
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
$attr['objectClass'][] = 'sambaSamAccount';
// unset old sambaAccount objectClass
for ($i=0; $i<count($attr['objectClass']); $i++)
if ($attr['objectClass'][$i]=='sambaAccount') unset($attr['objectClass'][$i]);
$attr['objectClass'] = array_values($attr['objectClass']);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if (isset($attr_old['lmPassword'][0])) $attr['sambaLMPassword'] = $attr_old['lmPassword'][0];
if (isset($attr_old['ntPassword'][0])) $attr['sambaNTPassword'] = $attr_old['ntPassword'][0];
if (isset($attr_old['pwdLastSet'][0])) $attr['sambaPwdLastSet'] = $attr_old['pwdLastSet'][0];
if (isset($attr_old['logonTime'][0])) $attr['sambaLogonTime'] = $attr_old['logonTime'][0];
if (isset($attr_old['logoffTime'][0])) $attr['sambaLogoffTime'] = $attr_old['logoffTime'][0];
if (isset($attr_old['kickoffTime'][0])) $attr['sambaKickoffTime'] = $attr_old['kickoffTime'][0];
if (isset($attr_old['pwdCanChange'][0])) $attr['sambaPwdCanChange'] = $attr_old['pwdCanChange'][0];
if (isset($attr_old['pwdMustChange'][0])) $attr['sambaPwdMustChange'] = $attr_old['pwdMustChange'][0];
if (isset($attr_old['smbHome'][0])) $attr['sambaHomePath'] = $attr_old['smbHome'][0];
if (isset($attr_old['homeDrive'][0])) $attr['sambaHomeDrive'] = $attr_old['homeDrive'][0];
if (isset($attr_old['scriptPath'][0])) $attr['sambaLogonScript'] = $attr_old['scriptPath'][0];
if (isset($attr_old['profilePath'][0])) $attr['sambaProfilePath'] = $attr_old['profilePath'][0];
if (isset($attr_old['userWorkstations'][0])) $attr['sambaUserWorkstations'] = $attr_old['userWorkstations'][0];
// Values used from account object
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
$attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
$attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
$attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
$attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_req
// remove old attributes
if (in_array('sambaAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaAccount';
if (isset($attr_old['lmPassword'][0])) $attr_rem['lmPassword'] = $attr_old['lmPassword'][0];
if (isset($attr_old['ntPassword'][0])) $attr_rem['ntPassword'] = $attr_old['ntPassword'][0];
if (isset($attr_old['pwdLastSet'][0])) $attr_rem['pwdLastSet'] = $attr_old['pwdLastSet'][0];
if (isset($attr_old['logonTime'][0])) $attr_rem['logonTime'] = $attr_old['logonTime'][0];
if (isset($attr_old['kickoffTime'][0])) $attr_rem['kickoffTime'] = $attr_old['kickoffTime'][0];
if (isset($attr_old['pwdCanChange'][0])) $attr_rem['pwdCanChange'] = $attr_old['pwdCanChange'][0];
if (isset($attr_old['pwdMustChange'][0])) $attr_rem['pwdMustChange'] = $attr_old['pwdMustChange'][0];
if (isset($attr_old['smbHome'][0])) $attr_rem['smbHome'] = $attr_old['smbHome'][0];
if (isset($attr_old['acctFlags'][0])) $attr_rem['acctFlags'] = $attr_old['acctFlags'][0];
if (isset($attr_old['homeDrive'][0])) $attr_rem['homeDrive'] = $attr_old['homeDrive'][0];
if (isset($attr_old['scriptPath'][0])) $attr_rem['scriptPath'] = $attr_old['scriptPath'][0];
if (isset($attr_old['profilePath'][0])) $attr_rem['profilePath'] = $attr_old['profilePath'][0];
if (isset($attr_old['userWorkstations'][0])) $attr_rem['userWorkstations'] = $attr_old['userWorkstations'][0];
if (isset($attr_old['primaryGroupID'][0])) $attr_rem['primaryGroupID'] = $attr_old['primaryGroupID'][0];
if (isset($attr_old['domain'][0])) $attr_rem['domain'] = $attr_old['domain'][0];
if (isset($attr_old['rid'][0])) $attr_rem['rid'] = $attr_old['rid'][0];
}
// Add or convert samba attributes & object to samba 2.2
if (($_SESSION['config']->samba3 == 'no') && (!in_array('sambaAccount', $values->general_objectClass))) {
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
$attr['objectClass'][] = 'sambaAccount';
// unset old sambaAccount objectClass
for ($i=0; $i<count($attr['objectClass']); $i++)
if ($attr['objectClass'][$i]=='sambaSamAccount') unset($attr['objectClass'][$i]);
$attr['objectClass'] = array_values($attr['objectClass']);
// Set correct values for new objectclass
// Load old samba-values not stored in account object
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if (isset($attr_old['sambaLMPassword'][0])) $attr['lmPassword'] = $attr_old['sambaLMPassword'][0];
if (isset($attr_old['sambaNTPassword'][0])) $attr['ntPassword'] = $attr_old['sambaNTPassword'][0];
if (isset($attr_old['sambaPwdLastSet'][0])) $attr['pwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
if (isset($attr_old['sambaLogonTime'][0])) $attr['logonTime'] = $attr_old['sambaLogonTime'][0];
if (isset($attr_old['sambaLogoffTime'][0])) $attr['logoffTime'] = $attr_old['sambaLogoffTime'][0];
if (isset($attr_old['sambaKickoffTime'][0])) $attr['kickoffTime'] = $attr_old['sambaKickoffTime'][0];
if (isset($attr_old['sambaPwdCanChange'][0])) $attr['pwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
if (isset($attr_old['sambaPwdMustChange'][0])) $attr['pwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
if (isset($attr_old['sambaHomePath'][0])) $attr['smbHome'] = $attr_old['sambaHomePath'][0];
if (isset($attr_old['sambaHomeDrive'][0])) $attr['homeDrive'] = $attr_old['sambaHomeDrive'][0];
if (isset($attr_old['sambaLogonScript'][0])) $attr['scriptPath'] = $attr_old['sambaLogonScript'][0];
if (isset($attr_old['sambaProfilePath'][0])) $attr['profilePath'] = $attr_old['sambaProfilePath'][0];
if (isset($attr_old['sambaUserWorkstations'][0])) $attr['userWorkstations'] = $attr_old['sambaUserWorkstations'][0];
// Values used from account object
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
$attr['primaryGroupID'] = $values->smb_mapgroup; // sambaAccount_req
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
// remove old attributes
if (in_array('sambaSamAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaSamAccount';
if (isset($attr_old['sambaLMPassword'][0])) $attr_rem['sambaLMPassword'] = $attr_old['sambaLMPassword'][0];
if (isset($attr_old['sambaNTPassword'][0])) $attr_rem['sambaNTPassword'] = $attr_old['sambaNTPassword'][0];
if (isset($attr_old['sambaPwdLastSet'][0])) $attr_rem['sambaPwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
if (isset($attr_old['sambaLogonTime'][0])) $attr_rem['sambaLogonTime'] = $attr_old['sambaLogonTime'][0];
if (isset($attr_old['sambaKickoffTime'][0])) $attr_rem['sambaKickoffTime'] = $attr_old['sambaKickoffTime'][0];
if (isset($attr_old['sambaPwdCanChange'][0])) $attr_rem['sambaPwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
if (isset($attr_old['sambaPwdMustChange'][0])) $attr_rem['sambaPwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
if (isset($attr_old['sambaHomePath'][0])) $attr_rem['sambaHomePath'] = $attr_old['sambaHomePAth'][0];
if (isset($attr_old['sambaAcctFlags'][0])) $attr_rem['sambaAcctFlags'] = $attr_old['sambaAcctFlags'][0];
if (isset($attr_old['sambaHomeDrive'][0])) $attr_rem['sambaHomeDrive'] = $attr_old['sambaHomeDrive'][0];
if (isset($attr_old['sambaLogonScript'][0])) $attr_rem['sambaLogonScript'] = $attr_old['sambaLogonScript'][0];
if (isset($attr_old['sambaProfilePath'][0])) $attr_rem['sambaProfilePath'] = $attr_old['sambaProfilePath'][0];
if (isset($attr_old['sambaUserWorkstations'][0])) $attr_rem['sambaUserWorkstations'] = $attr_old['sambaUserWorkstations'][0];
if (isset($attr_old['sambaPrimaryGroupID'][0])) $attr_rem['sambaPrimaryGroupID'] = $attr_old['sambaPrimaryGroupID'][0];
if (isset($attr_old['sambaDomainName'][0])) $attr_rem['sambaDomainName'] = $attr_old['sambaDomainName'][0];
if (isset($attr_old['sambaSID'][0])) $attr_rem['sambaSID'] = $attr_old['sambaSID'][0];
}
$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixAccount");
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
// remove "count" from array
unset($attr_old['count']);
for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
$keys = array_keys($attr_old);
for ($i=0; $i < sizeof($keys); $i++)
unset($attr_old[$keys[$i]]['count']);
unset ($attr_old['objectClass']);
$attr_old['objectClass'][0] = 'posixAccount';
$attr_old['objectClass'][1] = 'shadowAccount';
$attr_old['objectClass'][2] = 'inetOrgPerson';
if ($_SESSION['config']->samba3 !='yes') $attr_old['objectClass'][3] = 'sambaSamAccount';
else $attr_old['objectClass'][3] = 'sambaAccount';
$success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
if ($success) $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
else return 5;
}
if ($attr_rem) {
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
@ -1371,7 +1250,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
}
if (!$success) return 5;
// Write Groupmemberchips
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), 'objectClass=PosixGroup', array('memberUid', 'cn'));
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), 'objectClass=PosixGroup', array('memberUid', 'cn'));
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
while ($entry) {
$modifygroup=0;
@ -1496,8 +1375,20 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
}
if ($values->general_group != $values_old->general_group) {
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
if ($_SESSION['config']->samba3 == 'yes') $attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req
else $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
$change = false;
if ($_SESSION['config']->samba3 == 'yes') {
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-512') $found=true;
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-513') $found=true;
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-514') $found=true;
if (!$found) $attr['sambaPrimaryGroupSID'] = $_SESSION['account']->smb_domain->SID . "-".
(2 * getgid($_SESSION['account']->general_group) + $values->smb_domain->RIDbase+1);
}
else {
if ($values->smb_mapgroup== '512') $found=true;
if ($values->smb_mapgroup== '513') $found=true;
if ($values->smb_mapgroup== '514') $found=true;
if (!$found) $attr['primaryGroupID'] = (2 * getgid($_SESSION['account']->general_group) + 1001);
}
}
// Lock unix password if Account should be disbaled
@ -1515,7 +1406,7 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
$attr['objectClass'] = $values->general_objectClass;
$attr['objectClass'][] = 'posixAccount';
}
if (!in_array('posixAccount', $values->general_objectClass)) {
if (!in_array('shadowAccount', $values->general_objectClass)) {
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
$attr['objectClass'][] = 'shadowAccount';
}

148
lam/templates/account/groupedit.php
View File

@ -156,15 +156,27 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
if ($_POST['f_smb_domain'] == $domain->name)
$_SESSION['account']->smb_domain = $domain;
$_SESSION['account']->smb_displayName = $_POST['f_smb_displayName'];
switch ($_POST['f_smb_mapgroup']) {
case '*'._('Domain Guests'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '514'; break;
case '*'._('Domain Users'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '513'; break;
case '*'._('Domain Admins'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '512'; break;
case $_SESSION['account']->general_username:
$_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-".
(2 * getgid($_SESSION['account']->general_username) + $_SESSION['account']->smb_domain->RIDbase +1);
break;
}
if ($_SESSION['config']->samba3 == 'yes')
switch ($_POST['f_smb_mapgroup']) {
case '*'._('Domain Guests'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '514'; break;
case '*'._('Domain Users'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '513'; break;
case '*'._('Domain Admins'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '512'; break;
case $_SESSION['account']->general_username:
$_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-".
(2 * getgid($_SESSION['account']->general_username) + $_SESSION['account']->smb_domain->RIDbase +1);
break;
}
else
switch ($_POST['f_smb_mapgroup']) {
case '*'._('Domain Guests'): $_SESSION['account']->smb_mapgroup = '514'; break;
case '*'._('Domain Users'): $_SESSION['account']->smb_mapgroup = '513'; break;
case '*'._('Domain Admins'): $_SESSION['account']->smb_mapgroup = '512'; break;
case $_SESSION['account']->general_username:
$_SESSION['account']->smb_mapgroup = (2 * getgid($_SESSION['account']->general_username) + 1001);
break;
}
// Check if value is set
if (($_SESSION['account']->smb_displayName=='') && isset($_SESSION['account']->general_gecos)) {
$_SESSION['account']->smb_displayName = $_SESSION['account']->general_gecos;
@ -181,12 +193,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$_SESSION['account']->quota[$i][3] = $_POST['f_quota_'.$i.'_3'];
$_SESSION['account']->quota[$i][6] = $_POST['f_quota_'.$i.'_6'];
$_SESSION['account']->quota[$i][7] = $_POST['f_quota_'.$i.'_7'];
$i++;
}
// Check if values are OK and set automatic values. if not error-variable will be set
$i=0;
while ($_SESSION['account']->quota[$i][0]) {
// Check if values are OK and set automatic values. if not error-variable will be set
if (!ereg('^([0-9])*$', $_SESSION['account']->quota[$i][2]))
$errors[] = array('ERROR', _('Block soft quota'), _('Block soft quota contains invalid characters. Only natural numbers are allowed'));
if (!ereg('^([0-9])*$', $_SESSION['account']->quota[$i][3]))
@ -197,7 +204,6 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$errors[] = array('ERROR', _('Inode hard quota'), _('Inode hard quota contains invalid characters. Only natural numbers are allowed'));
$i++;
}
break;
case 'final':
@ -439,42 +445,82 @@ switch ($select_local) { // Select which part of page will be loaded
"</td>\n<td><a href=\"../help.php?HelpNumber=420\" target=\"lamhelp\">"._('Help')."</a></td>\n</tr>\n<tr>\n<td>";
echo _('Windows groupname');
echo "</td>\n<td><select name=\"f_smb_mapgroup\">";
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-".
(2 * $_SESSION['account']->uidNumber) + $values->smb_domain->RIDbase +1) {
echo '<option selected> ';
echo $_SESSION['account']->general_username;
echo "</option>\n"; }
else {
echo '<option> ';
echo $_SESSION['account']->general_username;
echo "</option>\n";
if ($_SESSION['config']->samba3=='yes') {
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-".
(2 * getgid($_SESSION['account']->general_username) + $values->smb_domain->RIDbase+1)) {
echo '<option selected> ';
echo $_SESSION['account']->general_username;
echo "</option>\n"; }
else {
echo '<option> ';
echo $_SESSION['account']->general_username;
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '514' ) {
echo '<option selected> *';
echo _('Domain Guests');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Guests');
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '513' ) {
echo '<option selected> *';
echo _('Domain Users');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Users');
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '512' ) {
echo '<option selected> *';
echo _('Domain Admins');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Admins');
echo "</option>\n";
}
}
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '514' ) {
echo '<option selected> *';
echo _('Domain Guests');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Guests');
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '513' ) {
echo '<option selected> *';
echo _('Domain Users');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Users');
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '512' ) {
echo '<option selected> *';
echo _('Domain Admins');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Admins');
echo "</option>\n";
else {
if ( $_SESSION['account']->smb_mapgroup == (2 * getgid($_SESSION['account']->general_username) +1001)) {
echo '<option selected> ';
echo $_SESSION['account']->general_username;
echo "</option>\n"; }
else {
echo '<option> ';
echo $_SESSION['account']->general_username;
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == '514' ) {
echo '<option selected> *';
echo _('Domain Guests');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Guests');
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == '513' ) {
echo '<option selected> *';
echo _('Domain Users');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Users');
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == '512' ) {
echo '<option selected> *';
echo _('Domain Admins');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Admins');
echo "</option>\n";
}
}
echo "</select></td>\n<td>".
'<a href="../help.php?HelpNumber=464" target="lamhelp">'._('Help').'</a>'.

2
lam/templates/account/hostedit.php
View File

@ -100,7 +100,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
}
// Create automatic Hostname with number if original user already exists
// Reset name to original name if new name is in use
if (ldapexists($_SESSION['account'], 'group', $_SESSION['account_old']) && is_object($_SESSION['account_old']))
if (ldapexists($_SESSION['account'], 'host', $_SESSION['account_old']) && is_object($_SESSION['account_old']))
$_SESSION['account']->general_username = $_SESSION['account_old']->general_username;
while ($temp = ldapexists($_SESSION['account'], 'host', $_SESSION['account_old'])) {
// get last character of username

353
lam/templates/account/useredit.php
View File

@ -52,6 +52,7 @@ if (isset($_GET['DN'])) {
$_SESSION['account'] ->type = 'user';
$_SESSION['account']->smb_flagsW = 0;
if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']);
$_SESSION['account_old'] = false;
}
}
else if (count($_POST)==0) { // Startcondition. useredit.php was called from outside
@ -59,6 +60,7 @@ else if (count($_POST)==0) { // Startcondition. useredit.php was called from out
$_SESSION['account'] ->type = 'user';
$_SESSION['account']->smb_flagsW = 0;
if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']);
$_SESSION['account_old'] = false;
}
@ -85,15 +87,72 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$_SESSION['account']->general_homedir = $_POST['f_general_homedir'];
$_SESSION['account']->general_shell = $_POST['f_general_shell'];
$_SESSION['account']->general_gecos = $_POST['f_general_gecos'];
// Check if values are OK and set automatic values. if not error-variable will be set
if ($_SESSION['account_old']) list($values, $errors) = checkglobal($_SESSION['account'], $_SESSION['account']->type, $_SESSION['account_old']); // account.inc
else list($values, $errors) = checkglobal($_SESSION['account'], $_SESSION['account']->type); // account.inc
if (is_object($values)) {
while (list($key, $val) = each($values)) // Set only defined values
if (isset($val)) $_SESSION['account']->$key = $val;
}
}
// Check if Homedir is valid
$_SESSION['account']->general_homedir = str_replace('$group', $_SESSION['account']->general_group, $_SESSION['account']->general_homedir);
if ($_SESSION['account']->general_username != '')
$_SESSION['account']->general_homedir = str_replace('$user', $_SESSION['account']->general_username, $_SESSION['account']->general_homedir);
if ($_SESSION['account']->general_homedir != $_POST['f_general_homedir']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $_SESSION['account']->general_homedir ))
$errors[] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
// Check if givenname is valid
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $_SESSION['account']->general_givenname)) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
// Check if surname is valid
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $_SESSION['account']->general_surname)) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
if ( ($_SESSION['account']->general_gecos=='') || ($_SESSION['account']->general_gecos==' ')) {
$_SESSION['account']->general_gecos = $_SESSION['account']->general_givenname . " " . $_SESSION['account']->general_surname ;
$errors[] = array('INFO', _('Gecos'), _('Inserted sur- and given name in gecos-field.'));
}
if ($_SESSION['account']->general_group=='') $errors[] = array('ERROR', _('Primary group'), _('No primary group defined!'));
// Check if Username contains only valid characters
if ( !ereg('^([a-z]|[0-9]|[.]|[-]|[_])*$', $_SESSION['account']->general_username))
$errors[] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, 0-9 and .-_ !'));
// Check if user already exists
if (isset($_SESSION['account']->general_groupadd) && in_array($_SESSION['account']->general_group, $_SESSION['account']->general_groupadd)) {
for ($i=0; $i<count($_SESSION['account']->general_groupadd); $i++ )
if ($_SESSION['account']->general_groupadd[$i] == $_SESSION['account']->general_group) {
unset ($_SESSION['account']->general_groupadd[$i]);
$_SESSION['account']->general_groupadd = array_values($_SESSION['account']->general_groupadd);
}
}
// Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use
if (ldapexists($_SESSION['account'], 'user', $_SESSION['account_old']) && is_object($_SESSION['account_old']))
$_SESSION['account']->general_username = $_SESSION['account_old']->general_username;
while ($temp = ldapexists($_SESSION['account'], 'user', $_SESSION['account_old'])) {
// get last character of username
$lastchar = substr($_SESSION['account']->general_username, strlen($_SESSION['account']->general_username)-1, 1);
// Last character is no number
if ( !ereg('^([0-9])+$', $lastchar))
$_SESSION['account']->general_username = $_SESSION['account']->general_username . '2';
else {
$i=strlen($_SESSION['account']->general_username)-1;
$mark = false;
while (!$mark) {
if (ereg('^([0-9])+$',substr($_SESSION['account']->general_username, $i, strlen($_SESSION['account']->general_username)-$i))) $i--;
else $mark=true;
}
// increase last number with one
$firstchars = substr($_SESSION['account']->general_username, 0, $i+1);
$lastchars = substr($_SESSION['account']->general_username, $i+1, strlen($_SESSION['account']->general_username)-$i);
$_SESSION['account']->general_username = $firstchars . (intval($lastchars)+1);
}
}
if ($_SESSION['account']->general_username != $_POST['f_general_username']) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.'));
// Check if UID is valid. If none value was entered, the next useable value will be inserted
$_SESSION['account']->general_uidNumber = checkid($_SESSION['account'], 'user', $_SESSION['account_old']);
if (is_string($_SESSION['account']->general_uidNumber)) { // true if checkid has returned an error
$errors[] = array('ERROR', _('ID-Number'), $_SESSION['account']->general_uidNumber);
unset($_SESSION['account']->general_uidNumber);
}
// Check if Name-length is OK. minLength=3, maxLength=20
if ( !ereg('.{3,20}', $_SESSION['account']->general_username)) $errors[] = array('ERROR', _('Name'), _('Name must contain between 3 and 20 characters.'));
// Check if Name starts with letter
if ( !ereg('^([a-z]|[A-Z]).*$', $_SESSION['account']->general_username))
$errors[] = array('ERROR', _('Name'), _('Name contains invalid characters. First character must be a letter'));
}
break;
case 'unix':
// Write all general values into $_SESSION['account']
@ -124,18 +183,28 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$select_local = 'unix';
}
// Check if values are OK and set automatic values. if not error-variable will be set
else $errors = checkunix($_SESSION['account'], $_SESSION['account']->type); // account.inc
else { // $errors = checkunix($_SESSION['account'], $_SESSION['account']->type); // account.inc
if ($_SESSION['account']->unix_password != '') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($_SESSION['account']->unix_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
}
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $password))
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
if ( !ereg('^([0-9])*$', $_SESSION['account']->unix_pwdminage)) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
if ( $_SESSION['account']->unix_pwdminage > $_SESSION['account']->unix_pwdmaxage ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
if ( !ereg('^([0-9]*)$', $_SESSION['account']->unix_pwdmaxage)) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'));
if ( !ereg('^(([-][1])|([0-9]*))$', $_SESSION['account']->unix_pwdallowlogin))
$errors[] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'));
if ( !ereg('^([0-9]*)$', $_SESSION['account']->unix_pwdwarn)) $errors[] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'));
if ((!$_SESSION['account']->unix_host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $_SESSION['account']->unix_host))
$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
}
break;
case 'samba':
// Write all general values into $_SESSION['account']
if ($_POST['f_smb_password']) {
// Encrypt password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$_SESSION['account']->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), $_POST['f_smb_password'],
MCRYPT_MODE_ECB, base64_decode($_COOKIE['IV'])));
}
else $_SESSION['account']->smb_password = "";
$_SESSION['account']->smb_pwdcanchange = mktime($_POST['f_smb_pwdcanchange_s'], $_POST['f_smb_pwdcanchange_m'], $_POST['f_smb_pwdcanchange_h'],
$_POST['f_smb_pwdcanchange_mon'], $_POST['f_smb_pwdcanchange_day'], $_POST['f_smb_pwdcanchange_yea']);
$_SESSION['account']->smb_pwdmustchange = mktime($_POST['f_smb_pwdmustchange_s'], $_POST['f_smb_pwdmustchange_m'], $_POST['f_smb_pwdmustchange_h'],
@ -149,6 +218,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$_SESSION['account']->smb_smbuserworkstations = $_POST['f_smb_smbuserworkstations'];
$_SESSION['account']->smb_smbhome = stripslashes($_POST['f_smb_smbhome']);
$_SESSION['account']->smb_profilePath = stripslashes($_POST['f_smb_profilePath']);
$_SESSION['account']->smb_displayName = $_POST['f_smb_displayName'];
if ($_POST['f_smb_flagsW']) $_SESSION['account']->smb_flagsW = true;
else $_SESSION['account']->smb_flagsW = false;
if ($_POST['f_smb_flagsD']) $_SESSION['account']->smb_flagsD = true;
@ -168,36 +238,76 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
else $_SESSION['account']->smb_domain = '';
}
switch ($_POST['f_smb_mapgroup']) {
case '*'._('Domain Guests'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '514'; break;
case '*'._('Domain Users'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '513'; break;
case '*'._('Domain Admins'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '512'; break;
case $_SESSION['account']->general_group:
if ($_SESSION['config']->samba3 == 'yes')
$_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-".
(2 * getgid($_SESSION['account']->general_group) + $_SESSION['account']->smb_domain->RIDbase +1);
else $_SESSION['account']->smb_mapgroup = (2 * getgid($_SESSION['account']->general_group) + 1001);
break;
case $_SESSION['account']->general_username:
if ($_SESSION['config']->samba3 == 'yes')
$_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-".
(2 * $_SESSION['account']->general_uidNumber + $_SESSION['account']->smb_domain->RIDbase +1);
else $_SESSION['account']->smb_mapgroup = (2 * $_SESSION['account']->general_uidNumber + 1001);
break;
if ($_SESSION['config']->samba3 == 'yes')
switch ($_POST['f_smb_mapgroup']) {
case '*'._('Domain Guests'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '514'; break;
case '*'._('Domain Users'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '513'; break;
case '*'._('Domain Admins'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '512'; break;
case $_SESSION['account']->general_group:
$_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-".
(2 * getgid($_SESSION['account']->general_group) + $_SESSION['account']->smb_domain->RIDbase +1);
break;
}
else
switch ($_POST['f_smb_mapgroup']) {
case '*'._('Domain Guests'): $_SESSION['account']->smb_mapgroup = '514'; break;
case '*'._('Domain Users'): $_SESSION['account']->smb_mapgroup = '513'; break;
case '*'._('Domain Admins'): $_SESSION['account']->smb_mapgroup = '512'; break;
case $_SESSION['account']->general_group:
$_SESSION['account']->smb_mapgroup = (2 * getgid($_SESSION['account']->general_group) + 1001);
break;
}
$smb_password = $_POST['f_smb_password'];
// Decrypt unix-password if needed password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if (($values->smb_useunixpwd) &&($values->unix_password != '')) {
$smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($_SESSION['account']->unix_password), MCRYPT_MODE_ECB, $iv);
$smb_password = str_replace(chr(00), '', $smb_password);
}
// Reset password if reset button was pressed. Button only vissible if account should be modified
// Check if values are OK and set automatic values. if not error-variable will be set
list($values, $errors) = checksamba($_SESSION['account'], $_SESSION['account']->type); // account.inc
if (is_object($values)) {
while (list($key, $val) = each($values)) // Set only defined values
if (isset($val)) $_SESSION['account']->$key = $val;
// Check values
$_SESSION['account']->smb_scriptPath = str_replace('$user', $_SESSION['account']->general_username, $_SESSION['account']->smb_scriptPath);
$_SESSION['account']->smb_scriptPath = str_replace('$group', $_SESSION['account']->general_group, $_SESSION['account']->smb_scriptPath);
if ($_SESSION['account']->smb_scriptPath != $_POST['f_smb_scriptpath']) $errors[] = array('INFO', _('Script path'), _('Inserted user- or groupname in scriptpath.'));
$_SESSION['account']->smb_profilePath = str_replace('$user', $_SESSION['account']->general_username, $_SESSION['account']->smb_profilePath);
$_SESSION['account']->smb_profilePath = str_replace('$group', $_SESSION['account']->general_group, $_SESSION['account']->smb_profilePath);
if ($_SESSION['account']->smb_profilePath != $_POST['f_smb_profilePath']) $errors[] = array('INFO', _('Profile path'), _('Inserted user- or groupname in profilepath.'));
$_SESSION['account']->smb_smbhome = str_replace('$user', $_SESSION['account']->general_username, $_SESSION['account']->smb_smbhome);
$_SESSION['account']->smb_smbhome = str_replace('$group', $_SESSION['account']->general_group, $_SESSION['account']->smb_smbhome);
if ($_SESSION['account']->smb_smbhome != $_POST['f_smb_smbhome']) $errors[] = array('INFO', _('Home path'), _('Inserted user- or groupname in HomePath.'));
if ( (!$_SESSION['account']->smb_smbhome=='') && (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+)+$', $_SESSION['account']->smb_smbhome)))
$errors[] = array('ERROR', _('Home path'), _('Home path is invalid.'));
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$',
$smb_password)) $errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
if ( (!$_SESSION['account']->smb_scriptPath=='') && (!ereg('^([/])*([a-z]|[0-9]|[.]|[-]|[_]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+([a-z]|[0-9]|[.]|[-]|[_]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])*'.
'([/]([a-z]|[0-9]|[.]|[-]|[_]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+([a-z]|[0-9]|[.]|[-]|[_]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])*)*$', $_SESSION['account']->smb_scriptPath)))
$errors[] = array('ERROR', _('Script path'), _('Script path is invalid!'));
if ( (!$_SESSION['account']->smb_profilePath=='') && (!ereg('^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*)*$', $_SESSION['account']->smb_profilePath))
&& (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+)+$', $_SESSION['account']->smb_profilePath)))
$errors[] = array('ERROR', _('Profile path'), _('Profile path is invalid!'));
if ((!$_SESSION['account']->smb_smbuserworkstations=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $_SESSION['account']->smb_smbuserworkstations))
$errors[] = array('ERROR', _('Samba workstations'), _('Samba workstations are invalid!'));
if ((!$_SESSION['account']->smb_domain=='') && (!is_object($_SESSION['account']->smb_domain)) && !ereg('^([a-z]|[A-Z]|[0-9]|[-])+$', $_SESSION['account']->smb_domain))
$errors[] = array('ERROR', _('Domain name'), _('Domain name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.'));
if ($_SESSION['account']->smb_useunixpwd) $_SESSION['account']->smb_useunixpwd = 1; else $_SESSION['account']->smb_useunixpwd = 0;
if (($_SESSION['account']->smb_displayName=='') && isset($_SESSION['account']->general_gecos)) {
$_SESSION['account']->smb_displayName = $_SESSION['account']->general_gecos;
$errors[] = array('INFO', _('Display name'), _('Inserted gecos-field as display name.'));
}
if ($_POST['respass']) {
$_SESSION['account']->unix_password_no=true;
$_SESSION['account']->smb_password_no=true;
$select_local = 'samba';
if ($smb_password!='') {
// Encrypt password
$_SESSION['account']->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $smb_password,
MCRYPT_MODE_ECB, $iv));
}
break;
case 'quota':
// Write all general values into $_SESSION['account']
@ -207,16 +317,19 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$_SESSION['account']->quota[$i][3] = $_POST['f_quota_'.$i.'_3'];
$_SESSION['account']->quota[$i][6] = $_POST['f_quota_'.$i.'_6'];
$_SESSION['account']->quota[$i][7] = $_POST['f_quota_'.$i.'_7'];
// Check if values are OK and set automatic values. if not error-variable will be set
if (!ereg('^([0-9])*$', $_SESSION['account']->quota[$i][2]))
$errors[] = array('ERROR', _('Block soft quota'), _('Block soft quota contains invalid characters. Only natural numbers are allowed'));
if (!ereg('^([0-9])*$', $_SESSION['account']->quota[$i][3]))
$errors[] = array('ERROR', _('Block hard quota'), _('Block hard quota contains invalid characters. Only natural numbers are allowed'));
if (!ereg('^([0-9])*$', $_SESSION['account']->quota[$i][6]))
$errors[] = array('ERROR', _('Inode soft quota'), _('Inode soft quota contains invalid characters. Only natural numbers are allowed'));
if (!ereg('^([0-9])*$', $_SESSION['account']->quota[$i][7]))
$errors[] = array('ERROR', _('Inode hard quota'), _('Inode hard quota contains invalid characters. Only natural numbers are allowed'));
$i++;
}
// Check if values are OK and set automatic values. if not error-variable will be set
list($values, $errors) = checkquota($_SESSION['account'], $_SESSION['account']->type); // account.inc
if (is_object($values)) {
while (list($key, $val) = each($values)) // Set only defined values
if (isset($val)) $_SESSION['account']->$key = $val;
}
// Check which part Site should be displayed next
break;
case 'personal':
// Write all general values into $_SESSION['account']
$_SESSION['account']->personal_title = $_POST['f_personal_title'];
@ -229,12 +342,17 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$_SESSION['account']->personal_postalAddress = $_POST['f_personal_postalAddress'];
$_SESSION['account']->personal_employeeType = $_POST['f_personal_employeeType'];
// Check if values are OK and set automatic values. if not error-variable will be set
list($values, $errors) = checkpersonal($_SESSION['account'], $_SESSION['account']->type); // account.inc
if (is_object($values)) {
while (list($key, $val) = each($values)) // Set only defined values
if (isset($val)) $_SESSION['account']->$key = $val;
}
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/])*$', $_SESSION['account']->personal_telephoneNumber)) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/])*$', $_SESSION['account']->personal_mobileTelephoneNumber)) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/])*$', $_SESSION['account']->personal_facsimileTelephoneNumber)) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $_SESSION['account']->personal_mail)) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $_SESSION['account']->personal_street)) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $_SESSION['account']->personal_postalAddress)) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $_SESSION['account']->personal_title)) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $_SESSION['account']->personal_employeeType)) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $_SESSION['account']->personal_postalCode)) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
break;
case 'final':
// Write all general values into $_SESSION['account']
if ($_POST['f_final_changegids']) $_SESSION['final_changegids'] = $_POST['f_final_changegids'] ;
@ -314,6 +432,22 @@ do { // X-Or, only one if() can be true
while (list($key, $val) = each($values)) // Set only defined values
if (isset($val)) $_SESSION['account']->$key = $val;
}
// insert autoreplace values
$_SESSION['account']->general_homedir = str_replace('$group', $_SESSION['account']->general_group, $_SESSION['account']->general_homedir);
if ($_SESSION['account']->general_username != '')
$_SESSION['account']->general_homedir = str_replace('$user', $_SESSION['account']->general_username, $_SESSION['account']->general_homedir);
$_SESSION['account']->smb_scriptPath = str_replace('$group', $_SESSION['account']->general_group, $_SESSION['account']->smb_scriptPath);
if ($_SESSION['account']->general_username != '')
$_SESSION['account']->smb_scriptPath = str_replace('$user', $_SESSION['account']->general_username, $_SESSION['account']->smb_scriptPath);
$_SESSION['account']->smb_profilePath = str_replace('$group', $_SESSION['account']->general_group, $_SESSION['account']->smb_profilePath);
if ($_SESSION['account']->general_username != '')
$_SESSION['account']->smb_profilePath = str_replace('$user', $_SESSION['account']->general_username, $_SESSION['account']->smb_profilePath);
$_SESSION['account']->smb_smbhome = str_replace('$group', $_SESSION['account']->general_group, $_SESSION['account']->smb_smbhome);
if ($_SESSION['account']->general_username != '')
$_SESSION['account']->smb_smbhome = str_replace('$user', $_SESSION['account']->general_username, $_SESSION['account']->smb_smbhome);
// select general page after group has been loaded
$select_local='general';
break;
@ -345,7 +479,7 @@ if ($select_local != 'pdf') {
}
}
// print_r($_SESSION['account']);
print_r($_SESSION['account']);
// print_r($_POST);
switch ($select_local) { // Select which part of page will be loaded
@ -602,6 +736,10 @@ switch ($select_local) { // Select which part of page will be loaded
echo "<fieldset class=\"useredit-bright\"><legend class=\"useredit-bright\"><b>";
echo _("Samba properties");
echo "</b></legend>\n<table border=0 width=\"100%\">\n<tr>\n<td>";
echo _("Display name");
echo "</td>\n<td>".
"<input name=\"f_smb_displayName\" type=\"text\" size=\"30\" maxlength=\"50\" value=\"".$_SESSION['account']->smb_displayName."\">".
"</td>\n<td><a href=\"../help.php?HelpNumber=420\" target=\"lamhelp\">"._('Help')."</a></td>\n</tr>\n<tr>\n<td>";
echo _('Samba password');
echo '</td>'."\n".'<td><input name="f_smb_password" type="text" size="20" maxlength="20" value="' . $password . '">'.
'</td></tr>'."\n".'<tr><td>';
@ -698,7 +836,7 @@ switch ($select_local) { // Select which part of page will be loaded
echo '</td>'."\n".'<td><select name="f_smb_mapgroup" >';
if ($_SESSION['config']->samba3=='yes') {
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-".
(2 * getgid($_SESSION['account']->general_group) + $values->smb_domain->RIDbase)) {
(2 * getgid($_SESSION['account']->general_group) + $values->smb_domain->RIDbase+1)) {
echo '<option selected> ';
echo $_SESSION['account']->general_group;
echo "</option>\n"; }
@ -707,19 +845,6 @@ switch ($select_local) { // Select which part of page will be loaded
echo $_SESSION['account']->general_group;
echo "</option>\n";
}
}
else {
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-".
(2 * getgid($_SESSION['account']->general_group) +1000)) {
echo '<option selected> ';
echo $_SESSION['account']->general_group;
echo "</option>\n"; }
else {
echo '<option> ';
echo $_SESSION['account']->general_group;
echo "</option>\n";
}
}
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '514' ) {
echo '<option selected> *';
echo _('Domain Guests');
@ -747,6 +872,45 @@ switch ($select_local) { // Select which part of page will be loaded
echo _('Domain Admins');
echo "</option>\n";
}
}
else {
if ( $_SESSION['account']->smb_mapgroup == (2 * getgid($_SESSION['account']->general_group) +1001)) {
echo '<option selected> ';
echo $_SESSION['account']->general_group;
echo "</option>\n"; }
else {
echo '<option> ';
echo $_SESSION['account']->general_group;
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == '514' ) {
echo '<option selected> *';
echo _('Domain Guests');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Guests');
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == '513' ) {
echo '<option selected> *';
echo _('Domain Users');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Users');
echo "</option>\n";
}
if ( $_SESSION['account']->smb_mapgroup == '512' ) {
echo '<option selected> *';
echo _('Domain Admins');
echo "</option>\n"; }
else {
echo '<option> *';
echo _('Domain Admins');
echo "</option>\n";
}
}
echo '</select></td>'."\n".'<td>'.
'<a href="help.php?HelpNumber=464" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
@ -909,7 +1073,7 @@ switch ($select_local) { // Select which part of page will be loaded
if ($_SESSION['account_old']) echo _('Modify');
else echo _('Create');
echo "</b></legend>\n";
echo "<table border=0 width=\"100%\"><tr><td>";
echo "<table border=0 width=\"100%\">";
if (($_SESSION['account_old']) && ($_SESSION['account']->general_uidNumber != $_SESSION['account_old']->general_uidNumber)) {
echo '<tr>';
StatusMessage ('INFO', _('UID-number has changed. You have to run the following command as root in order to change existing file-permissions:'),
@ -922,36 +1086,61 @@ switch ($select_local) { // Select which part of page will be loaded
'mv ' . $_SESSION['account_old' ]->general_homedir . ' ' . $_SESSION['account']->general_homedir);
echo '</tr>'."\n";
}
$disabled = "";
if ($_SESSION['config']->samba3 == 'yes') {
if (!isset($_SESSION['account']->smb_domain)) { // Samba page nit viewd; can not create group because if missing options
$disabled = "disabled";
echo "<tr>";
StatusMessage("ERROR", _("Samba Options not set!"), _("Please check settings on samba page."));
echo "</tr>";
}
}
else {
$found = false;
if (strstr($_SESSION['account']->smb_scriptPath, '$group')) $found = true;
if (strstr($_SESSION['account']->smb_scriptPath, '$user')) $found = true;
if (strstr($_SESSION['account']->smb_profilePath, '$group')) $found = true;
if (strstr($_SESSION['account']->smb_profilePath, '$user')) $found = true;
if (strstr($_SESSION['account']->smb_smbhome, '$group')) $found = true;
if (strstr($_SESSION['account']->smb_smbhome, '$user')) $found = true;
if ($found) { // Samba page nit viewd; can not create group because if missing options
$disabled = "disabled";
echo "<tr>";
StatusMessage("ERROR", _("Samba Options not set!"), _("Please check settings on samba page."));
echo "</tr>";
}
}
if (isset($_SESSION['account_old']->general_objectClass)) {
if (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) {
echo '<tr>';
StatusMessage('WARN', _('ObjectClass posixAccount not found.'), _('Have to recreate entry.'));
StatusMessage('WARN', _('ObjectClass posixAccount not found.'), _('Have to add objectClass posixAccount.'));
echo "</tr>\n";
}
if (!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) {
echo '<tr>';
StatusMessage('WARN', _('ObjectClass shadowAccount.'), _('Have to recreate entry.'));
echo "</tr>\n";
}
if (!in_array('inetOrgPerson', $_SESSION['account_old']->general_objectClass)) {
echo '<tr>';
StatusMessage('WARN', _('ObjectClass inetOrgPerson not found.'), _('Have to recreate entry.'));
StatusMessage('WARN', _('ObjectClass shadowAccount.'), _('Have to add objectClass shadowAccount.'));
echo "</tr>\n";
}
if ($_SESSION['config']->samba3 == 'yes') {
if (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass)) {
echo '<tr>';
StatusMessage('WARN', _('ObjectClass sambaSamAccount not found.'), _('Have to recreate entry.'));
StatusMessage('WARN', _('ObjectClass sambaSamAccount not found.'), _('Have to add objectClass sambaSamAccount. USer with sambaAccount will be updated.'));
echo "</tr>\n";
}}
else
if (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)) {
echo '<tr>';
StatusMessage('WARN', _('ObjectClass sambaAccount not found.'), _('Have to recreate entry.'));
StatusMessage('WARN', _('ObjectClass sambaAccount not found.'), _('Have to add objectClass sambaAccount. User with sambaSamAccount will be set back to sambaAccount.'));
echo "</tr>\n";
}
}
echo '<input name="create" type="submit" value="';
echo "<tr><td><input name=\"create\" $disabled type=\"submit\" value=\"";
if ($_SESSION['account_old']) echo _('Modify Account');
else echo _('Create Account');
echo '">'."\n";
@ -978,7 +1167,7 @@ switch ($select_local) { // Select which part of page will be loaded
break;
case 'backmain':
// unregister sessionvar and select which list should be shown
echo '<tr><td><a href="lists/listusers.php">';
echo '<tr><td><a href="../lists/listusers.php">';
echo _('Please press here if meta-refresh didn\'t work.');
echo "</a></td></tr>\n";
if (isset($_SESSION['shelllist'])) unset($_SESSION['shelllist']);