WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added correct headers 

Removed unneeded options for hosts
Hosts weren't useable because password was set wrong. Fixed
This commit is contained in:
katagia 2003-08-10 19:46:21 +00:00
parent 9534e3549e
commit 361bf2e36d
6 changed files with 115 additions and 272 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
lam/lib/account.inc
View File

@ -58,7 +58,7 @@ class account { // This class keeps all needed values for any account
var $smb_profilePath; // string profilePAth (\\server\profilepath) (user)
var $smb_smbuserworkstations; // string comma-separated list of workstations (user)
var $smb_smbhome; // string Home-Share (\\server\home) (user)
var $smb_domain; // string Domain of (user|host)
var $smb_domain; // string Domain of (user|host) or samba3domain-Object
var $smb_flagsW; // string (1|0) account is host? (user|host)
var $smb_flagsD; // string (1|0) account is disabled? (user|host)
var $smb_flagsX; // string (1|0) password doesn'T expire (user|host)
@ -86,6 +86,7 @@ function initvars($type=false,$DN=false) { // This function registers all needes
// if session was started previos, the existing session will be continued
session_save_path('../sess');
@session_start();
setlanguage();
if ($type) {
if (session_is_registered("type2")) session_unregister("type2");
session_register("type2"); // $type2 stores the kind of account (User|Group|Host)
@ -249,7 +250,7 @@ function checkglobal($values, $type, $values_old=false) { // This functions chec
}
$return->general_username = $values->general_username;
// Check if Hostname contents only valid characters
if ( !ereg('^([a-z]|[0-9]|[.]|[-]|[$])*$', $values->general_username))
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[$])*$', $values->general_username))
$errors[] = array('ERROR', _('Host name'), _('Hostname contents invalid characters. Valid characters are: a-z, 0-9 and .-_ !'));
// Check if Hostname already exists
$return->general_homedir = '/dev/null';
@ -291,7 +292,7 @@ function checkglobal($values, $type, $values_old=false) { // This functions chec
// Check if Name-length is OK. minLength=3, maxLength=20
if ( !ereg('.{3,20}', $values->general_username)) $errors[] = array('ERROR', _('Name'), _('Name must content between 3 and 20 characters.'));
// Check if Name starts with letter
if ( !ereg('^[a-z].*$', $values->general_username))
if ( !ereg('^([a-z]|[A-Z]).*$', $values->general_username))
$errors[] = array('ERROR', _('Name'), _('Name contents invalid characters. First character must be a letter'));
// Return values and errors
if (!$errors) return array($return);
@ -572,6 +573,7 @@ function findgroups() { // Will return an array with all Groupnames found in LDA
$group[] = strtok(ldap_dn2ufn(ldap_get_dn($_SESSION['ldap']->server(), $entry)),',');
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
}
sort ($group, SORT_STRING);
return $group;
}
@ -884,8 +886,8 @@ function createuser($values) { // Will create the LDAP-Account
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
$attr['sambaSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['sambaPrimaryGroupSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * getgid($values->general_group) + 1001); // sambaAccount_req
$attr['sambaSID'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
$attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req
$attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
$attr['sambaPwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
$attr['sambaAcctFlags'] = smbflag(values); // sambaAccount_may
@ -895,7 +897,7 @@ function createuser($values) { // Will create the LDAP-Account
if ($values->smb_scriptPath!='') $attr['sambaLogonScript'] = $values->smb_scriptPath; // sambaAccount_may
if ($values->smb_profilePath!='') $attr['sambaProfilePath'] = $values->smb_profilePath; // sambaAccount_may
if ($values->smb_smbuserworkstations!='') $attr['sambaUserWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
if ($values->smb_domain!='') $attr['sambaDomainName'] = $values->smb_domain; // sambaAccount_may
if ($values->smb_domain!='') $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
}
else {
$attr['objectClass'][2] = 'sambaAccount';
@ -921,7 +923,7 @@ function createuser($values) { // Will create the LDAP-Account
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
}
$attr['objectClass'][3] = 'inetOrgPerson';
$attr['objectClass'][4] = 'account';
#$attr['objectClass'][4] = 'account';
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
$attr['uid'] = $values->general_username; // posixAccount_req
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
@ -1012,12 +1014,12 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
}
if ($values->general_uidNumber != $values_old->general_uidNumber) {
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
if ($_SESSION['config']->samba3 == 'yes') $attr['sambaSid'] = $_SESSION[config]->get_domainSID() . "-" . (2 * $values->general_uidNumber + 1000); // sambaAccount_may
if ($_SESSION['config']->samba3 == 'yes') $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
else $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
}
if ($values->general_group != $values_old->general_group) {
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
if ($_SESSION['config']->samba3 == 'yes') $attr['sambaPrimaryGroupSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($_SESSION['config']->samba3 == 'yes') $attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req
else $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
}
if ($values->general_homedir != $values_old->general_homedir)
@ -1063,8 +1065,8 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
if (($values->smb_profilePath=='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr_rem['sambaProfilePath'] = $values_old->smb_profilePath; // sambaAccount_may
if (($values->smb_smbuserworkstations!='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr['sambaUserWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
if (($values->smb_smbuserworkstations=='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr_rem['sambaUserWorkstations'] = $values_old->smb_smbuserworkstations; // sambaAccount_may
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['sambaDomainName'] = $values->smb_domain; // sambaAccount_may
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['sambaDomainName'] = $values_old->smb_domain; // sambaAccount_may
if (($values->smb_domain->name!='') && ($values->smb_domain->name!=$values_old->smb_domain->name)) $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
if (($values->smb_domain->name=='') && ($values->smb_domain->name!=$values_old->smb_domain->name)) $attr_rem['sambaDomainName'] = $values_old->smb_domain->name; // sambaAccount_may
if ($values->general_gecos != $values_old->general_gecos) $attr['displayName'] = $values->general_gecos; // sambaAccount_may
}
else {
@ -1237,53 +1239,33 @@ function createhost($values) { // Will create the LDAP-Account
}
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
// decrypt password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
}
if ($values->smb_password != '') {
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
// All Values need for an host-account
// General Objectclasses
$attr['objectClass'][0] = 'posixAccount';
$attr['objectClass'][1] = 'shadowAccount';
$values->smb_flagsX = 1;
if ($_SESSION['config']->samba3 == 'yes') {
$attr['objectClass'][2] = 'sambaSamAccount';
$attr['sambaNTPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['sambaLMPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
$attr['sambaSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['sambaPrimaryGroupSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($values->smb_pwdcanchange) $attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
if ($values->smb_pwdmustchange) $attr['sambaPwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
$attr['sambaSID'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
$attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req
$attr['sambaPwdCanChange'] = time(); // sambaAccount_may
$attr['sambaPwdMustChange'] = "1893452400"; // sambaAccount_may
$attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_domain!='') $attr['sambaDomainName'] = $values->smb_domain; // sambaAccount_may
if ($values->smb_domain!='') $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
}
else {
$attr['objectClass'][2] = 'sambaAccount';
$attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
$attr['pwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($values->smb_pwdcanchange) $attr['pwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
if ($values->smb_pwdmustchange) $attr['pwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
$attr['pwdCanChange'] = time(); // sambaAccount_may
$attr['pwdMustChange'] = "1893452400"; // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
@ -1296,34 +1278,17 @@ function createhost($values) { // Will create the LDAP-Account
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
// posixAccount_may shadowAccount_may
if ($values->unix_password_no) $values->unix_password = '';
if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
//if ($values->unix_password_no) $values->unix_password = '';
$values->unix_password = '';
if ($values->smb_flagsD) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
$attr['loginShell'] = $values->general_shell; // posixAccount_may
$attr['gecos'] = $values->general_gecos; // posixAccount_may
$attr['description'] = $values->general_gecos; // posixAccount_may sambaAccount_may
if ($values->unix_pwdminage!='') $attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
if ($values->unix_pwdmaxage!='') $attr['shadowMax'] = $values->unix_pwdmaxage; // shadowAccount_may
if ($values->unix_pwdwarn!='') $attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
if ($values->unix_pwdallowlogin!='') $attr['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
if ($date!='') $attr['shadowExpire'] = $date ; // shadowAccount_may
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
if (!$success) return 4;
// Add Host to Additional Groups
if ($values->general_groupadd[0])
foreach ($values->general_groupadd as $group2) {
$result = ldap_search($_SESSION['ldap']->server(), 'cn='.$group2.','.$_SESSION['config']->get_GroupSuffix(), "objectclass=posixGroup", array('memberUid'));
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
$group = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if ($group['memberUid']) array_shift($group['memberUid']);
if (! in_array($values->general_username, $group['memberUid'])) {
$toadd['memberUid'] = $values->general_username;
$success = ldap_mod_add($_SESSION['ldap']->server(), 'cn='.$group2.','.$_SESSION['config']->get_GroupSuffix(), $toadd);
}
if (!$success) return 4;
}
return 1;
}
@ -1332,25 +1297,6 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
// 3 == Account has been modified
// 5 == Error while modifying Account
// Value stored in shadowExpire, days since 1.1.1970
if ($values->unix_pwdexpire) {
$date = $values->unix_pwdexpire / 86400 ;
settype($date, 'integer');
}
if ($values_old->unix_pwdexpire) {
$date_old = $values_old->unix_pwdexpire / 86400 ;
settype($date_old, 'integer');
}
// decrypt password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
}
if ($values->smb_password != '') {
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
if ($values->general_username != $values_old->general_username) {
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
@ -1358,50 +1304,34 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
}
if ($values->general_uidNumber != $values_old->general_uidNumber) {
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
if ($_SESSION['config']->samba3 == 'yes') $attr['sambaSid'] = $_SESSION[config]->get_domainSID() . "-" . (2 * $values->general_uidNumber + 1000); // sambaAccount_may
if ($_SESSION['config']->samba3 == 'yes') $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
else $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
}
if ($values->general_group != $values_old->general_group) {
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
if ($_SESSION['config']->samba3 == 'yes') $attr['sambaPrimaryGroupSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($_SESSION['config']->samba3 == 'yes') $attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req
else $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
}
if ($values->general_homedir != $values_old->general_homedir)
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
// posixAccount_may shadowAccount_may
$password_old = str_replace('{CRYPT}', '',$values_old->unix_password);
if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old));
if ($values->unix_password=='') {
if ($values->unix_password_no) {
$password_old = '';
$attr['shadowLastChange'] = getdays();
}
if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . $password_old;
if ($values->smb_password_no) {
$password_old = '';
$attr['shadowLastChange'] = getdays();
}
if ($values->smb_flagsD) $attr['userPassword'] = '{CRYPT}!' . $password_old;
else $attr['userPassword'] = '{CRYPT}' . $password_old;
}
else {
if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
}
if ($_SESSION['config']->samba3 == 'yes') {
if ($values->smb_password_no) {
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
else
if ($values->smb_password!='') {
$attr['sambaNTPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['sambaLMPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
if ($values->general_gecos != $values_old->general_gecos) $attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
if ($values->smb_pwdmustchange != $values_old->smb_pwdmustchange) $attr['sambaPwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
$attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['sambaDomainName'] = $values->smb_domain; // sambaAccount_may
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['sambaDomainName'] = $values_old->smb_domain; // sambaAccount_may
if (($values->smb_domain->name!='') && ($values->smb_domain->name!=$values_old->smb_domain->name)) $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
if (($values->smb_domain->name=='') && ($values->smb_domain->name!=$values_old->smb_domain->name)) $attr_rem['sambaDomainName'] = $values_old->smb_domain->name; // sambaAccount_may
}
else {
if ($values->smb_password_no) {
@ -1409,45 +1339,18 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
$attr['lmPassword'] = 'NO PASSWORD*****';
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
else
if ($values->smb_password!='') {
$attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
if ($values->general_gecos != $values_old->general_gecos) $attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['pwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
if ($values->smb_pwdmustchange != $values_old->smb_pwdmustchange) $attr['pwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['domain'] = $values->smb_domain; // sambaAccount_may
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
}
if ($values->general_shell != $values_old->general_shell)
$attr['loginShell'] = $values->general_shell; // posixAccount_may
if ($values->general_gecos != $values_old->general_gecos) {
$attr['gecos'] = $values->general_gecos; // posixAccount_may
$attr['description'] = $values->general_gecos; // posixAccount_may sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
}
if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage !=''))
$attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage ==''))
$attr_rem['shadowMin'] = $values_old->unix_pwdminage; // shadowAccount_may
if (($values->unix_pwdmaxage != $values_old->unix_pwdmaxage) && ($values->unix_pwdmaxage !=''))
$attr['shadowMax'] = $values->unix_pwdmaxage; // shadowAccount_may
if (($values->unix_pwdmaxage != $values_old->unix_pwdmaxage) && ($values->unix_pwdmaxage ==''))
$attr_rem['shadowMax'] = $values->unix_pwdmaxage; // shadowAccount_may
if (($values->unix_pwdwarn != $values_old->unix_pwdwarn) && ($values->unix_pwdwarn !=''))
$attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
if (($values->unix_pwdwarn != $values_old->unix_pwdwarn) && ($values->unix_pwdwarn ==''))
$attr_rem['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
if (($values->unix_pwdallowlogin != $values_old->unix_pwdallowlogin) && ($values->unix_pwdallowlogin !=''))
$attr['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
if (($values->unix_pwdallowlogin != $values_old->unix_pwdallowlogin) && ($values->unix_pwdallowlogin ==''))
$attr_rem['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
if (($date != $date_old) && $date) $attr['shadowExpire'] = $date ; // shadowAccount_may
if (($date != $date_old) && !$date) $attr_rem['shadowExpire'] = $date_old ; // shadowAccount_may
if ($attr_rem) {
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
if (!$success) return 5;
@ -1470,36 +1373,6 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
}
if (!$success) return 5;
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), 'objectClass=PosixGroup', array('memberUid', 'cn'));
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
while ($entry) {
$modifygroup=0;
$attr2 = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if ($attr2['memberUid']) {
array_shift($attr2['memberUid']);
foreach ($attr2['memberUid'] as $nam) {
if ( ($nam==$values->general_username) && !in_array($attr2['cn'][0], $values->general_groupadd)) {
$todelete['memberUid'] = $nam;
$success = ldap_mod_del($_SESSION['ldap']->server(), ldap_get_dn($_SESSION['ldap']->server(), $entry) ,$todelete);
if (!$success) return 5;
}
}
if (!in_array($values->general_username, $attr2['memberUid']) && in_array($attr2['cn'][0], $values->general_groupadd) && ($attr2['cn'][0]!=$values->general_group)) {
$toadd['memberUid'] = $attr2['memberUid'];
$toadd['memberUid'][] = $values->general_username;
$success = ldap_mod_replace($_SESSION['ldap']->server(), ldap_get_dn($_SESSION['ldap']->server(), $entry), $toadd);
if (!$success) return 5;
}
}
else {
if (in_array($attr2['cn'][0], $values->general_groupadd) && ($attr2['cn'][0]!=$values->general_group)) {
$toadd['memberUid'] = $values->general_username;
$success = ldap_mod_add($_SESSION['ldap']->server(), ldap_get_dn($_SESSION['ldap']->server(), $entry), $toadd);
if (!$success) return 5;
}
}
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
}
return 3;
}

2
lam/lib/lamdaemon.pl
View File

@ -31,7 +31,7 @@
@admins = ('cn=Manager,dc=my-domain,dc=com');
$server="127.0.0.1"; # IP or DNS of ldap-server
$server_port='389'; # Port used from ldap
$server_ssl='no'; # Use SSL? ************* Not working yet
$server_tls='no'; # Use TLS? ************* Not working yet
$debug=true; # Show debug messages
# Don't change anything below this line

164
lam/templates/account.php
View File

@ -74,7 +74,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
case 'user': $select_local = 'unix'; break;
case 'group': if ($_SESSION['config']->samba3=='yes') $select_local = 'samba';
else $select_local = 'quota'; break;
case 'host': $select_local = 'unix'; break;
case 'host': $select_local = 'samba'; break;
}
}
break;
@ -114,11 +114,6 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
// Check if values are OK and set automatic values. if not error-variable will be set
else $errors = checkunix($_SESSION['account'], $_SESSION['type2']); // account.inc
// Check which part Site should be displayd
// Reset password if reset button was pressed. Button only vissible if account should be modified
if ($_POST['respass']) {
$_SESSION['account']->unix_password_no=true;
$_SESSION['account']->smb_password_no=true;
}
// Check which part Site should be displayed next
if ($_POST['back']) $select_local = 'general';
else if (($_POST['next']) && ($errors=='')) $select_local = 'samba';
@ -151,19 +146,30 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
else $_SESSION['account']->smb_smbhome = "";
if (isset($_POST['f_smb_profilePath'])) $_SESSION['account']->smb_profilePath = stripslashes($_POST['f_smb_profilePath']);
else $_SESSION['account']->smb_profilePath = "";
if (isset($_POST['f_smb_domain'])) $_SESSION['account']->smb_domain = $_POST['f_smb_domain'];
else $_SESSION['account']->smb_domain = false;
if ($_POST['f_smb_flagsW']) $_SESSION['account']->smb_flagsW = $_POST['f_smb_flagsW'];
if ($_POST['f_smb_flagsW']) $_SESSION['account']->smb_flagsW = true;
else $_SESSION['account']->smb_flagsW = false;
if ($_POST['f_smb_flagsD']) $_SESSION['account']->smb_flagsD = $_POST['f_smb_flagsD'];
if ($_POST['f_smb_flagsD']) $_SESSION['account']->smb_flagsD = true;
else $_SESSION['account']->smb_flagsD = false;
if ($_POST['f_smb_flagsX']) $_SESSION['account']->smb_flagsX = $_POST['f_smb_flagsX'];
if ($_POST['f_smb_flagsX']) $_SESSION['account']->smb_flagsX = true;
else $_SESSION['account']->smb_flagsX = false;
if ($_POST['f_smb_mapgroup'] == _('Domain Guests')) $_SESSION['account']->smb_mapgroup = $_SESSION[config]->get_domainSID() . "-" . '514';
if ($_POST['f_smb_mapgroup'] == _('Domain Users')) $_SESSION['account']->smb_mapgroup = $_SESSION[config]->get_domainSID() . "-" . '513';
if ($_POST['f_smb_mapgroup'] == _('Domain Admins')) $_SESSION['account']->smb_mapgroup = $_SESSION[config]->get_domainSID() . "-" . '512';
if (isset($_POST['f_smb_domain'])) $_SESSION['account']->smb_displayName = $_POST['f_smb_domain'];
else $_SESSION['account']->smb_displayName = '';
if ($_SESSION['config']->samba3 == 'yes') {
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
for ($i=0; $i<sizeof($samba3domains); $i++)
if ($_POST['f_smb_domain'] == $samba3domains[$i]->name) {
$_SESSION['account']->smb_domain = $samba3domains[$i];
}
}
else {
if (isset($_POST['f_smb_domain'])) $_SESSION['account']->smb_domain = $_POST['f_smb_domain'];
else $_SESSION['account']->smb_domain = false;
}
// Reset password if reset button was pressed. Button only vissible if account should be modified
// Check if values are OK and set automatic values. if not error-variable will be set
list($values, $errors) = checksamba($_SESSION['account'], $_SESSION['type2']); // account.inc
if (is_object($values)) {
@ -184,6 +190,11 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
case 'host': $select_local = 'final'; break;
}
else $select_local = 'samba';
if ($_POST['respass']) {
$_SESSION['account']->unix_password_no=true;
$_SESSION['account']->smb_password_no=true;
$select_local = 'samba';
}
break;
case 'quota':
// Write all general values into $_SESSION['account']
@ -311,15 +322,13 @@ if ($_POST['save']) $select_local='save';
if ($select_local != 'pdf') {
// Write HTML-Header and part of Table
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"".
"\"http://www.w3.org/TR/html4/loose.dtd\">\n";
echo $_SESSION['header'];
echo "<html><head><title>";
echo _("Create new Account");
echo "</title>\n".
"<link rel=\"stylesheet\" type=\"text/css\" href=\"../style/layout.css\">\n".
"<meta http-equiv=\"pragma\" content=\"no-cache\">\n".
"<meta http-equiv=\"cache-control\" content=\"no-cache\">\n".
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-15\">";
"<meta http-equiv=\"cache-control\" content=\"no-cache\">\n";
}
switch ($select_local) {
@ -389,7 +398,8 @@ if ($select_local != 'pdf') {
if (is_array($errors))
for ($i=0; $i<sizeof($errors); $i++) StatusMessage($errors[$i][0], $errors[$i][1], $errors[$i][2]);
}
//print_r($_SESSION['account']);
// print_r($_SESSION['account']);
//print_r($_POST);
switch ($select_local) { // Select which part of page will be loaded
@ -566,18 +576,6 @@ switch ($select_local) { // Select which part of page will be loaded
echo '</select></td><td>'.
'<a href="help.php?HelpNumber=412" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
echo _('Additional Groupmembership');
echo '</td>'."\n".'<td><select name="f_general_groupadd[]" size="3" multiple>';
foreach ($groups as $group) {
if ($_SESSION['account']->general_groupadd) {
if (in_array($group, $_SESSION['account']->general_groupadd)) echo '<option selected>'.$group. '</option>';
else echo '<option>'.$group. '</option>';
}
else echo '<option>'.$group. '</option>';
}
echo '</select></td>'."\n".'<td>'.
'<a href="help.php?HelpNumber=402" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
echo _('Gecos');
echo '</td><td><input name="f_general_gecos" type="text" size="30" value="' . $_SESSION['account']->general_gecos . '">'.
'</td>'."\n".'<td>'.
@ -666,7 +664,7 @@ switch ($select_local) { // Select which part of page will be loaded
else echo "<option> $i". '</option>';
}
echo '</select><select name="f_unix_pwdexpire_yea">';
for ( $i=2003; $i<=2030; $i++ ) {
for ( $i=2030; $i>=2003; $i-- ) {
if ($date['year']==$i) echo "<option selected> $i". '</option>';
else echo "<option> $i". '</option>';
}
@ -687,19 +685,6 @@ switch ($select_local) { // Select which part of page will be loaded
echo _('Values with * are required');
echo '</td></tr>'."\n".'<tr><td>';
break;
case 'host' :
echo '<input name="f_unix_password_no" type="hidden" value="';
if ($_SESSION['account']->unix_password_no) echo 'checked';
echo '">';
echo '<tr><td>';
echo _('Password');
echo '</td>'."\n".'<td></td>'."\n".'<td>';
if ($_SESSION['account_old']) {
echo '<input name="respass" type="submit" value="';
echo _('Reset Password'); echo '">';
}
echo '</td></tr>';
break;
}
echo '<tr><td>'.
'<input name="back" type="submit" value="'; echo _('back'); echo '">'.
@ -718,6 +703,7 @@ switch ($select_local) { // Select which part of page will be loaded
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($_SESSION['account']->smb_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
}
if ($_SESSION['config']->samba3 == 'yes') $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
switch ( $_SESSION['type2'] ) {
case 'user':
// Set Account is samba-workstation to false
@ -781,7 +767,7 @@ switch ($select_local) { // Select which part of page will be loaded
else echo "<option> $i". '</option>';
}
echo '</select><select name="f_smb_pwdmustchange_yea">';
for ( $i=2003; $i<=2030; $i++ ) {
for ( $i=2030; $i>=2003; $i-- ) {
if ($mustchangedate['year']==$i) echo "<option selected> $i". '</option>';
else echo "<option> $i". '</option>';
}
@ -822,10 +808,21 @@ switch ($select_local) { // Select which part of page will be loaded
'<a href="help.php?HelpNumber=437" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
echo _('Domain');
echo '</td>'."\n".'<td><input name="f_smb_domain" type="text" size="20" maxlength="80" value="' . $_SESSION['account']->smb_domain . '">'.
'</td>'."\n".'<td>'.
'<a href="help.php?HelpNumber=438" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n";
if ($_SESSION['config']->samba3 == 'yes') {
echo '</td><td><select name="f_smb_domain">';
for ($i=0; $i<sizeof($samba3domains); $i++) {
if ($_SESSION['account']->smb_domain->name) {
if ($_SESSION['account']->smb_domain->name == $samba3domains[$i]->name)
echo '<option selected>' . $samba3domains[$i]->name. '</option>';
else echo '<option>' . $samba3domains[$i]->name. '</option>';
}
else echo '<option>' . $samba3domains[$i]->name. '</option>';
}
}
else {
echo '</td>'."\n".'<td><input name="f_smb_domain" type="text" size="20" maxlength="80" value="' . $_SESSION['account']->smb_domain . '">';
}
echo '</td>'."\n".'<td><a href="help.php?HelpNumber=438" target="lamhelp">'._('Help').'</a></td></tr>'."\n";
break;
case 'group':
echo '<tr><td>';
@ -871,51 +868,17 @@ switch ($select_local) { // Select which part of page will be loaded
case 'host':
// set smb_flgasW true because account is host
$_SESSION['account']->smb_flagsW = 1;
echo '<tr><td><input name="f_smb_password_no" type="hidden" value="'.$_SESSION['account']->unix_password_no.'">';
echo _('Password doesn\'t expire.');
echo '</td>'."\n".'<td><input name="f_smb_flagsX" type="checkbox"';
if ($_SESSION['account']->smb_flagsX) echo ' checked ';
echo '></td><td>'.
'<a href="help.php?HelpNumber=429" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
echo _('Host can change Password');
echo '</td>'."\n".'<td><select name="f_smb_pwdcanchange_day">';
for ( $i=1; $i<=31; $i++ ) {
if ($canchangedate['mday']==$i) echo "<option selected> $i". '</option>';
else echo "<option> $i". '</option>';
echo '<input name="f_unix_password_no" type="hidden" value="';
if ($_SESSION['account']->unix_password_no) echo 'checked';
echo '">';
echo '<tr><td>';
echo _('Password');
echo '</td><td>';
if ($_SESSION['account_old']) {
echo '<input name="respass" type="submit" value="';
echo _('Reset password'); echo '">';
}
echo '</select><select name="f_smb_pwdcanchange_mon">';
for ( $i=1; $i<=12; $i++ ) {
if ($canchangedate['mon'] == $i) echo "<option selected> $i". '</option>';
else echo "<option> $i". '</option>';
}
echo '</select><select name="f_smb_pwdcanchange_yea">';
for ( $i=2003; $i<=2030; $i++ ) {
if ($canchangedate['year']==$i) echo "<option selected> $i". '</option>';
else echo "<option> $i". '</option>';
}
echo '</select></td>'."\n".'<td>';
echo '<a href="help.php?HelpNumber=430" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
echo _('Host must change Password');
echo '</td>'."\n".'<td><select name="f_smb_pwdmustchange_day">';
for ( $i=1; $i<=31; $i++ ) {
if ($mustchangedate['mday']==$i) echo "<option selected> $i". '</option>';
else echo "<option> $i". '</option>';
}
echo '</select><select name="f_smb_pwdmustchange_mon">';
for ( $i=1; $i<=12; $i++ ) {
if ($mustchangedate['mon'] == $i) echo "<option selected> $i". '</option>';
else echo "<option> $i". '</option>';
}
echo '</select><select name="f_smb_pwdmustchange_yea">';
for ( $i=2003; $i<=2030; $i++ ) {
if ($mustchangedate['year']==$i) echo "<option selected> $i". '</option>';
else echo "<option> $i". '</option>';
}
echo '</select></td>'."\n".'<td>';
echo '<a href="help.php?HelpNumber=431" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
echo '</td></tr>'."\n".'<tr><td>';
echo _('Account is deactivated');
echo '</td>'."\n".'<td><input name="f_smb_flagsD" type="checkbox"';
if ($_SESSION['account']->smb_flagsD) echo ' checked ';
@ -924,10 +887,21 @@ switch ($select_local) { // Select which part of page will be loaded
'</td></tr>'."\n".'<tr><td>';
echo '</td></tr>'."\n".'<tr><td>';
echo _('Domain');
echo '</td>'."\n".'<td><input name="f_smb_domain" type="text" size="20" maxlength="20" value="' . $_SESSION['account']->smb_domain . '">'.
'</td><td>'.
'<a href="help.php?HelpNumber=460" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n";
if ($_SESSION['config']->samba3 == 'yes') {
echo '</td><td><select name="f_smb_domain">';
for ($i=0; $i<sizeof($samba3domains); $i++) {
if ($_SESSION['account']->smb_domain->name) {
if ($_SESSION['account']->smb_domain->name == $samba3domains[$i]->name)
echo '<option selected>' . $samba3domains[$i]->name. '</option>';
else echo '<option>' . $samba3domains[$i]->name. '</option>';
}
else echo '<option>' . $samba3domains[$i]->name. '</option>';
}
}
else {
echo '</td>'."\n".'<td><input name="f_smb_domain" type="text" size="20" maxlength="80" value="' . $_SESSION['account']->smb_domain . '">';
}
echo '</td>'."\n".'<td><a href="help.php?HelpNumber=460" target="lamhelp">'._('Help').'</a></td></tr>'."\n";
break;
}
echo '<tr><td><input name="back" type="submit" value="'; echo _('back');

5
lam/templates/delete.php
View File

@ -27,16 +27,15 @@ include_once('../lib/account.inc');
include_once('../lib/config.inc');
session_save_path('../sess');
@session_start();
setlanguage();
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'.
'"http://www.w3.org/TR/html4/loose.dtd">'."\n";
echo $_SESSION['header'];
echo '<html><head><title>';
echo _('Delete Account');
echo '</title>'."\n".
'<link rel="stylesheet" type="text/css" href="../style/layout.css">'."\n".
'<meta http-equiv="pragma" content="no-cache">'."\n".
'<meta http-equiv="cache-control" content="no-cache">'."\n".
'<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">'."\n".
'</head>'."\n".
'<body>'."\n".
'<form action="delete.php" method="post">'."\n".

5
lam/templates/masscreate.php
View File

@ -32,6 +32,7 @@ include_once('../lib/pdf.inc'); // Return a pdf-file
session_save_path('../sess');
@session_start();
setlanguage();
$time=time();
if ($_POST['tolist'] && ($_FILES['userfile']['size']>0)) $select = 'list';
@ -49,15 +50,13 @@ if (!$select && $_SESSION['pointer']) $select='create';
if ($select!='pdf') {
// Write HTML-Header and part of Table
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'.
'."http://www.w3.org/TR/html4/loose.dtd">';
echo $_SESSION['header'];
echo '<html><head><title>';
echo _('Create new Accounts');
echo '</title>'.
'<link rel="stylesheet" type="text/css" href="../style/layout.css">'.
'<meta http-equiv="pragma" content="no-cache">'.
'<meta http-equiv="cache-control" content="no-cache">'.
'<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15">';
}
switch ($select) {

6
lam/templates/massdetail.php
View File

@ -29,15 +29,13 @@ include_once('../lib/config.inc'); // File with configure-functions
session_save_path('../sess');
@session_start();
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'.
'"http://www.w3.org/TR/html4/loose.dtd">'.
'<html><head><title>';
echo $_SESSION['account'];
echo '<html><head><title>';
echo _('Create new Accounts');
echo '</title>'.
'<link rel="stylesheet" type="text/css" href="../style/layout.css">'.
'<meta http-equiv="pragma" content="no-cache">'.
'<meta http-equiv="cache-control" content="no-cache">'.
'<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15">'.
'</head><body>'.
'<form enctype="multipart/form-data" action="massdetail.php" method="post">'.
'<table class="massdetail" width="100%">'.