WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Removed little bug when moving groups to another dn. It has worked but an error has shown. 

Improved new module design.
It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
This commit is contained in:
katagia 2003-12-19 12:45:23 +00:00
parent e9cdb7d16a
commit 5782108a0f
6 changed files with 1125 additions and 365 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

568
lam/lib/account.inc
View File

@ -28,9 +28,10 @@ $Id$
*/
class cache {
function cache() {
$this->config = &$_SESSION['config'];
$this->ldap = &$_SESSION['ldap'];
$this->config =& $_SESSION['config'];
$this->ldap =& $_SESSION['ldap'];
$this->time = 0;
$this->attributes = array();
}
var $ldapcache; // This variable contains the cache
@ -43,6 +44,7 @@ class cache {
* syntax of $attributes is array( scope1 => array ( attributes ), scope2 => array ( attributes ), ...)
*/
function add_cache($attributes) {
$this->refresh_cache();
// Check input variable
$allowed_types = array ( 'user', 'group', 'host', '*' );
if (!is_array($attributes)) trigger_error(_('Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).'), E_USER_ERROR);
@ -68,6 +70,7 @@ class cache {
*
*/
function get_cache($attribute, $objectClass, $singlescope) {
$this->refresh_cache();
// Check input variables
$allowed_types = array ( 'user', 'group', 'host', '*' );
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
@ -82,14 +85,16 @@ class cache {
if ($singlescope == '*') $scopes = $allowed_types;
else $scopes = array ( $singlescope );
foreach ($scopes as $scope) {
$DNs = array_keys($this->ldapcache[$scope]);
foreach ($DNs as $dn) {
if (isset($this->ldapcache[$scope][$dn][$attribute]) && in_array($objectClass, $this->ldapcache[$scope][$dn]['objectClass'])) {
// return string if only attribute exists only once
if (count($this->ldapcache[$scope][$dn][$attribute])==1) $return[$dn][] = $this->ldapcache[$scope][$dn][$attribute][0];
else {
// else return array with all attributes
$return[$dn] = $this->ldapcache[$scope][$dn][$attribute];
if (isset($this->ldapcache[$scope])) {
$DNs = array_keys($this->ldapcache[$scope]);
foreach ($DNs as $dn) {
if (isset($this->ldapcache[$scope][$dn][$attribute]) && in_array($objectClass, $this->ldapcache[$scope][$dn]['objectClass'])) {
// return string if only attribute exists only once
if (count($this->ldapcache[$scope][$dn][$attribute])==1) $return[$dn][] = $this->ldapcache[$scope][$dn][$attribute][0];
else {
// else return array with all attributes
$return[$dn] = $this->ldapcache[$scope][$dn][$attribute];
}
}
}
}
@ -102,6 +107,7 @@ class cache {
* $scope is the scope where to search
*/
function in_cache($value, $attribute, $singlescope) {
$this->refresh_cache();
// Check input variables
$allowed_types = array ( 'user', 'group', 'host', '*' );
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
@ -130,12 +136,17 @@ class cache {
$this->refresh_cache();
if ($singlescope == '*') $scopes = $allowed_types;
else $scopes = array ( $singlescope );
//print_r($this->ldapcache);
foreach ($scopes as $scope) {
$DNs = array_keys($this->ldapcache[$scope]);
foreach ($DNs as $dn) {
if (in_array($value, $this->ldapcache[$scope][$dn][$attribute])) {
// Return value if value was found
return $dn;
if (isset($this->ldapcache[$scope])) {
$DNs = array_keys($this->ldapcache[$scope]);
foreach ($DNs as $dn) {
if (is_array($this->ldapcache[$scope][$dn][$attribute])) {
if (in_array($value, $this->ldapcache[$scope][$dn][$attribute])) {
// Return value if value was found
return $dn;
}
}
}
}
}
@ -210,19 +221,19 @@ class main {
var $current_page;
// This variable os set to the pagename of a subpage if it should be displayed
var $subpage;
// reference to base-array so we can read other classes in basearray
// name of accountContainer so we can read other classes in accuontArray
var $base;
// Localized part of HTML-Header
var $header;
// Alias Name. This name is shown in the menu instead of main
var $alias;
function main() {
function main($base) {
$this->current_page = 0;
$this->subpage = '';
/* Create a reference to basearray so we can read all other modules
* php will avaois recousrion itself
*/
$this->base = &$baseobject;
$this->header = &$_SESSION['header'];
$this->base = $base;
$this->alias = _('main');
}
/* This function returns a list with all required modules
@ -231,24 +242,249 @@ class main {
return array();
}
/* This function will process transmitted data
* and decides which page show next.
*/
function main_continue() {
// Which data should be processed?
if ($this->subpage=='') $this->subpage='attributes';
$function = '$result = $this->base->module[$this->base->order[$this->current_page]]->process_'.$this->subpage.'($_POST);';
eval ($function);
if (is_string($return)) $this->subpage = $return;
if (is_int($return)) {
for ($i=0; $i<count($this->base->order); $i++ ) {
if ($_POST['form_main_'.$this->base->order[$i]]) $this->current_page = $i;
function display_html_attributes($post) {
$function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();';
eval($function);
$modules = $_SESSION[$this->base]->check_attributes();
if (count($modules)!=0) {
$disabled = 'disabled';
for ($i=0; $i<count($modules); $i++) StatusMessage('ERROR', _('Check module'), sprintf(_('Please set up all required attributes on %s page'), $_SESSION[$this->base]->module[$modules[$i]]->alias));
}
else $disabled = '';
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
echo "<td>" . _('Suffix') . "</td>\n";
echo "<td><select name=\"form_main_suffix\">";
// loop through all suffixes
$function = '$suffix = $_SESSION[$_SESSION[$this->base]->config]->get_'.ucfirst($_SESSION[$this->base]->type).'Suffix();';
eval($function);
foreach ($_SESSION[$_SESSION[$this->base]->ldap]->search_units($suffix) as $suffix) {
if ($_SESSION[$this->base]->dn) {
if ($_SESSION[$this->base]->dn == $suffix) echo "<option selected>$suffix</option>\n";
else echo "<option>$suffix</option>\n";
}
$this->subpage='attributes';
else echo "<option>$suffix</option>\n";
}
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=461\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
// Show fieldset with list of all user profiles
if (count($profilelist)!=0) {
echo "<tr>\n";
echo "<td>" . _("Load profile") . "</td>\n";
echo "<td><select name=\"form_main_selectLoadProfile\">";
foreach ($profilelist as $profile) echo "<option>$profile</option>\n";
echo "</select>\n";
echo "<input name=\"form_main_loadProfile\" type=\"submit\" value=\"" . _('Load Profile') . "\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=421\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
}
echo "<tr>\n";
echo "<td>" . _("Save profile") . "</td>\n";
echo "<td><input name=\"form_main_selectSaveProfile\" type=\"text\" size=\"30\" maxlength=\"50\">\n";
echo "<input name=\"form_main_saveProfile\" type=\"submit\" value=\"" . _('Save profile') . "\" $disabled ></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=457\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td><input name=\"form_main_create\" type=\"submit\" value=\"";
if ($_SESSION[$this->base]->dn_orig!='') echo _('Modify Account');
else echo _('Create Account');
echo "\" $disabled ></td>\n";
echo "</tr>\n";
echo "</table>\n";
return 0;
}
/* This page will be shown if an account
* has been saved
*/
function display_html_finish($post) {
// Show success message
if ($_SESSION[$this->base]->dn_orig=='') $kind = _('created');
else $kind = _('modified');
$text = sprintf(_('%s has been %s.'), ucfirst($_SESSION[$this->base]->type), $kind);
StatusMessage('INFO', _('LDAP operation successful.'), $text);
// Show rest of page
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
if ($_SESSION[$this->base]->dn_orig=='') {
echo "<td><input name=\"form_main_createagain\" type=\"submit\" value=\"";
echo sprintf(_('Create another %s'), $_SESSION[$this->base]->type);
echo "\"></td>\n";
}
echo "<td><input name=\"form_main_outputpdf\" type=\"submit\" value=\"" . _('Create PDF file') . "\"></td>\n";
echo "<td><input name=\"form_main_backmain\" type=\"submit\" value=\"";
echo sprintf (_('Back to %s list'), $_SESSION[$this->base]->type);
echo "\"></td>\n";
echo "</tr>\n";
echo "</table>\n";
return 0;
}
/* Write variables into object and do some regexp checks
*/
function proccess_finish($post) {
if ($post['form_main_createagain']) {
// Reset objects
$modules = array_keys($_SESSION[$this->base]->module);
foreach ($modules as $module)
if ($module!='main') unset($_SESSION[$this->base]->module[$module]);
// Reset accountContainer
$_SESSION[$this->base]->dn = '';
$_SESSION[$this->base]->dn_orig = '';
$_SESSION[$this->base]->attributes = array();
$_SESSION[$this->base]->order = array();
$this->current_page = 0;
$this->subpage = '';
// Add all required objects etc.
$_SESSION[$this->base]->new_account();
return 0;
}
if ($post['form_main_backmain']) {
// Return to *-list
// *** fixme unset accountContainer in session
metaRefresh("../lists/list".$_SESSION[$this->base]->type."s.php");
exit;
}
if ($post['form_main_outputpdf']) {
// Create / display PDf-file
$function = 'create'.ucfirst($_SESSION[$this->base]->type).'PDF(array($_SESSION[$this->base]));';
eval($function);
exit;
}
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
// change dn
if ($post['form_main_suffix']!='') $_SESSION[$this->base]->dn = $post['form_main_suffix'];
// load profile
if ($post['form_main_selectLoadProfile'] && $post['form_main_loadProfile']) {
// *** fixme load*Profile must return array in the same way ldap_get_attributes does.
$function = '$newattributes = load'.ucfirst($scope).'Profile($post[\'form_main_selectLoadProfile\']);';
eval($function);
// pass newattributes to each module
$modules = array_keys($_SESSION[$this->base]->module);
foreach ($modules as $module) $_SESSION[$this->base]->module[$module]->load_attributes($newattributes);
return 0;
}
// save account
if ($post['form_main_create']) {
$success = $_SESSION[$this->base]->save_account();
if (is_array($success)) return array($success);
// return name of subpage
return 'finish';
}
// save profile
if ($post['form_main_saveProfile']) {
if ($post['form_main_selectSaveProfile']=='') $errors[] = array('ERROR', _('Save profile'), _('No profilename given.'));
else {
$function = 'save'.ucfirst($scope).'Profile();';
eval($function);
if ($function) $errors[] = array('INFO', _('Save profile'), _('New profile created.'));
else $errors[] = array('ERROR', _('Save profile'), _('Wrong profilename given.'));
}
if (is_array($errors)) return $errors;
else return 0;
}
return 0;
}
// Dummy functions to make module compatible
function load_attributes($attr) {
return 0;
}
// Dummy functions to make module compatible
function save_attributes() {
return array();
}
// Dummy functions to make module compatible
function get_attributes() {
return array();
}
}
class accountContainer {
// Constructor
function accountContainer($type, $base) {
/* Set the type of account. Valid
* types are: user, group, host
*/
// Check input variable
if (!is_string($type)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
// *** fixme use global variable to determine allowed types
$allowed_types = array ( 'user', 'group', 'host' );
if (!in_array($type, $allowed_types)) trigger_error(_('Account type not recognized.'), E_USER_ERROR);
$this->type = $type;
$this->base = $base;
// Name of variables in session
$this->ldap = 'ldap';
$this->config = 'config';
$this->cache = 'cache';
$this->header2 = 'header';
$this->module['main'] = new main($this->base);
return 0;
}
/* Array of all used attributes
* Syntax is attribute => array ( objectClass => MUST or MAY, ...)
*/
var $attributes;
/* This variale stores the type
* of account. Current unix, group, host are supported
*/
var $type;
var $ldap; // This is a reference to the ldap class in session
var $config; // This is a reference to the config class in session
// Localized part of HTML-Header
var $header2;
var $module; // This is an array with all module objects
// DN of the account
var $dn;
var $dn_orig;
// this are stores the module order
var $order;
// name of accountContainer so we can read other classes in accuontArray
var $base;
/* Get the type of account. Valid
* types are: user, group, host
*/
function get_type() {
return $this->type;
}
/* This function asks $this->module['main']
* what to do next
*/
function continue_main($post) {
if ($this->module['main']->subpage=='') $this->module['main']->subpage='attributes';
$function = '$result = $this->module[$this->order[$this->module[\'main\']->current_page]]->proccess_'.$this->module['main']->subpage.'($post);';
eval ($function);
if (is_string($result)) $this->module['main']->subpage = $result;
if (is_int($result)) {
for ($i=0; $i<count($this->order); $i++ ) {
if ($post['form_main_'.$this->order[$i]]) $this->module['main']->current_page = $i;
}
$this->module['main']->subpage='attributes';
}
// Write HTML-Code
echo $this->header;
echo $_SESSION[$this->header2];
echo "<title>";
echo _("Create new Account");
echo "</title>\n";
@ -266,17 +502,17 @@ class main {
echo _('Please select page:');
echo "</b></legend>\n";
// Loop for module
for ($i=0; $i<count($this->base->order); $i++ ) {
if ($this->base->order[$i]==$this->base->order[$this->current_page]) {
for ($i=0; $i<count($this->order); $i++ ) {
if ($this->order[$i]==$this->order[$this->module['main']->current_page]) {
// print disabled button
echo "<input name=\"form_main_".$this->base->order[$i]."\" type=\"submit\" value=\"";
echo $this->base->module[$this->base->order[$i]]->alias;
echo " disabled\">\n<br>";
echo "<input name=\"form_main_".$this->order[$i]."\" type=\"submit\" value=\"";
echo $this->module[$this->order[$i]]->alias;
echo "\" disabled>\n<br>";
}
else {
// print normal button
echo "<input name=\"form_main_".$this->base->order[$i]."\" type=\"submit\" value=\"";
echo $this->base->module[$this->base->order[$i]]->alias;
echo "<input name=\"form_main_".$this->order[$i]."\" type=\"submit\" value=\"";
echo $this->module[$this->order[$i]]->alias;
echo "\">\n<br>";
}
}
@ -284,68 +520,13 @@ class main {
echo "</fieldset></td></tr>\n";
echo "</table></td>\n<td>";
// display html-code from mdule
$function = '$result = $this->base->module[$this->base->order[$this->current_page]]->display_html_'.$this->subpage.'($_POST);';
$function = '$result = $this->module[$this->order[$this->module[\'main\']->current_page]]->display_html_'.$this->module['main']->subpage.'($post);';
eval ($function);
// Display rest of html-page
echo "</td></tr></table>\n";
echo "</form>\n";
echo "</body>\n";
echo "</html>\n";
}
}
class accountContainer {
// Constructor
function accountContainer($type) {
/* Set the type of account. Valid
* types are: user, group, host
*/
// Check input variable
if (!is_string($type)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
// *** fixme use global variable to determine allowed types
$allowed_types = array ( 'user', 'group', 'host' );
if (!in_array($type, $allowed_types)) trigger_error(_('Account type not recognized.'), E_USER_ERROR);
$this->type = $type;
$this->lampath = &$_SESSION['lampath'];
$this->ldap = &$_SESSION['ldap'];
$this->cache = &$_SESSION['cache'];
$this->module['main'] = new main($this);
return 0;
}
/* Array of all used attributes
* Syntax is attribute => array ( objectClass => MUST or MAY, ...)
*/
var $attributes;
/* This variale stores the type
* of account. Current unix, group, host are supported
*/
var $type;
var $lampath; // reference to lampath from Session
var $ldap; // This is a reference to the ldap class in session
var $module; // This is an array with all module objects
// DN of the account
var $dn;
var $dn_orig;
// this are stores the module order
var $order;
/* Get the type of account. Valid
* types are: user, group, host
*/
function get_type() {
return $this->type;
}
/* This function asks $this->module['main']
* what to do next
*/
function continue_main() {
$this->module['main']->main_continue();
return 0;
}
@ -354,15 +535,15 @@ class accountContainer {
function add_attributes($objectClass) {
// loop through every existing objectlass and select current objectClass
$line=-1;
for ($i=0; $i<count($this->ldap->objectClasses) || $i==-1; $i++) {
if (strpos($this->ldap->objectClasses[$i], "NAME '$objectClass'")) $line = $i;
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME '$objectClass'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("objectClass %s required but not defined in ldap."), $objectClass), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($this->ldap->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MUST (')+6);
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -375,8 +556,8 @@ class accountContainer {
}
// create array with may-attributes
// Get startposition in string
if (strpos($this->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MAY (')+5);
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -389,24 +570,25 @@ class accountContainer {
}
// Get attributes of subclasses
while (strpos($this->ldap->objectClasses[$line], "SUP ")) {
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'SUP ')+4);
while (strpos($_SESSION[$this->ldap]->objectClasses[$line], "SUP ")) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($this->ldap->objectClasses) || $i==-1; $i++) {
if (strpos($this->ldap->objectClasses[$i], "NAME '$subclass'")) $line = $i;
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("objectClass %s required but not defined in ldap."), $objectClass), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($this->ldap->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MUST (')+6);
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
$may = explode(" $ ", $string);
$must = explode(" $ ", $string);
// Ad must
foreach ($must as $attribute) {
if (!isset($this->attributes[$attribute])) $this->attributes[$attribute][$objectClass] = 'MUST';
@ -415,14 +597,14 @@ class accountContainer {
}
// create array with may-attributes
// Get startposition in string
if (strpos($this->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MAY (')+5);
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
$must = explode(" $ ", $string);
$may = explode(" $ ", $string);
// Ad may
foreach ($must as $attribute) {
foreach ($may as $attribute) {
if (!isset($this->attributes[$attribute])) $this->attributes[$attribute][$objectClass] = 'MAY';
else $this->attributes[$attribute][$objectClass] = 'MAY';
}
@ -449,6 +631,28 @@ class accountContainer {
return 0;
}
/* This function checks if all MUST-attribtues are set.
* If not it will return an array with all modules
* which have to be set first
*/
function check_attributes() {
$return = array();
// get named list of attributes
$attributes = array_keys($this->attributes);
for ($i=0; $i<count($attributes); $i++) {
$singleattribute = array_keys ($this->attributes[$attributes[$i]]);
for ($j=0; $j<count($singleattribute); $j++) {
// found attribute which must be set
if ($this->attributes[$attributes[$i]][$singleattribute[$j]]=='MUST') {
// Check if attribute is set
if ($this->module[$singleattribute[$j]]->attributes[$attributes[$i]]=='')
if (!in_array($singleattribute[$j], $return)) $return[] = $singleattribute[$j];
}
}
}
return $return;
}
/* This function adds an objectClass class (module) to accountContainer
*/
function add_objectClass($objectClass) {
@ -460,9 +664,8 @@ class accountContainer {
if ($line==-1) trigger_error (_("objectClass $objectClass required but not defined in ldap."), E_USER_WARNING);
else {
// Add module if it exists
if (file_exists($this->lampath."/lib/modules/".$objectClass.".inc") == 'file') {
include_once ($this->lampath."/lib/modules/".$objectClass.".inc");
$this->module[$objectClass] = new $objectClass($this);
if (class_exists($objectClass)) {
$this->module[$objectClass] = new $objectClass($this->base);
}
else trigger_error (_("objectClass $objectClass required but no module found."), E_USER_WARNING);
}
@ -474,8 +677,8 @@ class accountContainer {
*/
function load_account($dn) {
$search = substr($dn, 0, strpos($dn, ','));
$result = ldap_search($this->ldap->server(), $dn, $search);
$entry = ldap_first_entry($this->ldap->server(), $result);
$result = ldap_search($_SESSION[$this->ldap]->server(), $dn, $search);
$entry = ldap_first_entry($_SESSION[$this->ldap]->server(), $result);
$this->dn = substr($dn, strpos($dn, ',')+1);
$this->dn_orig = $dn;
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
@ -492,19 +695,21 @@ class accountContainer {
// loop until all modules are in order.
// We don't want to loop forever
$remain = count($module) * count($module);
$order = array();
while ( (count($module) != count($modulelist)) && ($remain!=0) ) {
$remain--;
foreach ($module as $moduleitem) {
$required = $this->module[$moduleitem]->dependencies;
$required = $this->module[$moduleitem]->dependencies();
$everything_found = true;
if (is_array($required))
if (is_array($required)) {
foreach ($required as $requireditem)
if (!in_array($reuquireditem, $modulelist)) $everthing_found = false;
if ($everything_found) $modulelist[] = $moduleitem;
}
if ($everything_found && !in_array($moduleitem, $order) ) $order[] = $moduleitem;
}
}
// Write Module-Order in variable
$this->order = $modulelist;
$this->order = $order;
return 0;
}
@ -512,34 +717,131 @@ class accountContainer {
* for a new account
*/
function new_account() {
$modulelist = array();
$modulelist = array('posixAccount', 'shadowAccount');
// *** fixme add modules from config which should be used but not yet in loaded account
$module = array_keys ($this->module);
foreach ($modulelist as $objectClass) $this->add_objectClass($objectClass);
$module = array_keys ($this->module);
// loop until all modules are in order.
// We don't want to loop forever
$remain = count($module) * count($module);
$order = array();
while ( (count($module) != count($modulelist)) && ($remain!=0) ) {
$remain--;
foreach ($module as $moduleitem) {
$required = $this->module[$moduleitem]->dependencies;
$required = $this->module[$moduleitem]->dependencies();
$everything_found = true;
if (is_array($required))
if (is_array($required)) {
foreach ($required as $requireditem)
if (!in_array($reuquireditem, $modulelist)) $everthing_found = false;
if ($everything_found) $modulelist[] = $moduleitem;
}
if ($everything_found && !in_array($moduleitem, $order) ) $order[] = $moduleitem;
}
}
// Write Module-Order in variable
$this->order = $modulelist;
$this->order = $order;
// *** fixme load*Profile must return array in the same way ldap_get_attributes does.
$function = '$newattributes = load'.ucfirst($this->type).'Profile(\'default\');';
eval($function);
// pass newattributes to each module
//foreach ($module as $module2)
// $this->module[$module2]->load_attributes($newattributes);
return 0;
}
/* This function will load an account.
* $dn is the dn of the account which should be loaded
*/
function save_account() {
$module = array_keys ($this->module);
$attributes = array();
// load attributes
foreach ($module as $singlemodule) {
// load changes
$temp = $this->module[$singlemodule]->save_attributes();
// merge changes
$DNs = array_keys($temp);
$attributes = array_merge_recursive($temp, $attributes);
for ($i=0; $i<count($DNs); $i++) {
$ops = array_keys($temp[$DNs[$i]]);
for ($j=0; $j<count($ops); $j++) {
$attrs = array_keys($temp[$DNs[$i]][$ops[$j]]);
for ($k=0; $k<count($attrs); $k++)
$attributes[$DNs[$i]][$ops[$j]][$attrs[$k]] = array_unique($attributes[$DNs[$i]][$ops[$j]][$attrs[$k]]);
}
}
}
// Complete dn with uid or cn=
if ($this->type=='group') $search = 'cn';
else $search = 'uid';
$added = false;
foreach ($attributes as $DN) {
if (isset($DN['modify'][$search][0]) && !$added) {
$attributes[$search.'='.$DN['modify'][$search][0].','.$this->dn] = $attributes[$this->dn];
unset ($attributes[$this->dn]);
$this->dn = $search.'='.$DN['modify'][$search][0].','.$this->dn;
$added = true;
}
if (isset($DN['add'][$search][0]) && !$added) {
$attributes[$search.'='.$DN['add'][$search][0].','.$this->dn] = $attributes[$this->dn];
unset ($attributes[$this->dn]);
$this->dn = $search.'='.$DN['add'][$search][0].','.$this->dn;
$added = true;
}
if (isset($DN['notchanged'][$search][0]) && !$added) {
$attributes[$search.'='.$DN['notchanged'][$search][0].','.$this->dn] = $attributes[$this->dn];
unset ($attributes[$this->dn]);
$this->dn = $search.'='.$DN['notchanged'][$search][0].','.$this->dn;
$added = true;
}
}
// Add old dn if dn hasn't changed
if (!$added) {
$attributes[$this->dn_orig] = $attributes[$this->dn];
unset ($attributes[$this->dn]);
$this->dn = $this->dn_orig;
}
// Add new DN
if ($this->dn != $this->dn_orig) {
// move existing DN
if ($this->dn_orig!='') {
// merge attributes together
$attr = array_merge_recursive($attributes[$this->dn]['add'], $attributes[$this->dn]['notchanged'], $attributes[$this->dn]['modify']);
$success = @ldap_add($_SESSION[$this->ldap]->server(), $this->dn, $attr);
if ($success) {
$success = @ldap_delete($_SESSION[$this->ldap]->server(), $this->dn_orig);
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to delete dn: %s.'), $this->dn_orig));
}
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to create dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $this->dn));
}
// create complete new dn
else {
$attr = array_merge_recursive($attributes[$this->dn]['add'], $attributes[$this->dn]['notchanged'], $attributes[$this->dn]['modify']);
$success = @ldap_add($_SESSION[$this->ldap]->server(), $this->dn, $attributes[$this->dn]['add']);
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to create dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $this->dn));
}
unset($attributes[$this->dn]);
}
$DNs = array_keys($attributes);
for ($i=0; $i<count($DNs); $i++) {
// modify attributes
if (isset($attributes[$DNs[$i]]['modify'])) {
$success = @ldap_mod_replace($_SESSION[$this->ldap]->server(), $DNs[$i], $attributes[$DNs[$i]]['modify']);
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to modify attribtues from dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $DNs[$i]));
}
// add attributes
if (isset($attributes[$DNs[$i]]['add'])) {
$success = @ldap_mod_add($_SESSION[$this->ldap]->server(), $DNs[$i], $attributes[$DNs[$i]]['add']);
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to add attribtues to dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $DNs[$i]));
}
// removce attributes
if (isset($attributes[$DNs[$i]]['remove'])) {
$success = @ldap_mod_del($_SESSION[$this->ldap]->server(), $DNs[$i], $attributes[$DNs[$i]]['remove']);
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to remove attribtues from dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $DNs[$i]));
}
}
// *** fixme Add lamdaemon.pl
return 0;
}
}
@ -629,7 +931,7 @@ function getshells() {
/* This function will replace umlates with ascci-chars
* fixme
* fixme ***
* In order to map all non-ascii characters this function should be changed
*/
function replace_umlaut($text) {
@ -2933,7 +3235,7 @@ function modifygroup($values,$values_old, $uselamdaemon=true) {
for ($i=0; $i<count($attr_rem_keys); $i++) { // Remove attributes which should be deleted from array
if (isset($attr_old[$attr_rem_keys[$i]][0])) unset($attr_old[$attr_rem_keys[$i]]);
}
$attr_keys = array_keys($attr);
$attr_keys = @array_keys($attr);
for ($i=0; $i<count($attr_keys); $i++) { // Add attributes which have changed
$attr_old[$attr_keys[$i]][0] = $attr[$attr_keys[$i]];
}

270
lam/lib/modules/inetOrgPerson.inc
View File

@ -46,35 +46,29 @@ $Id$
class inetOrgPerson {
// Constructor
function inetOrgPerson(&$baseobject) {
function inetOrgPerson($base) {
/* Return an error if posixAccount should be created without
* base container
*/
if (!$baseobject) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
// Check if $baseobject is an array
if (!is_object($baseobject)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR);
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR);
$this->base = $base;
// posixAccount is only a valid objectClass for user and host
if ($baseobject->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
/* Create a reference to basearray so we can read all other modules
* php will avaois recousrion itself
*/
$this->base = &$baseobject;
// Add attributes which should be cached
//$_SESSION['cache']->add_cache(array ('user' => array('cn', 'uid'), 'host' => array('cn', 'uid') ));
if ($_SESSION[$this->base]->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
// Add account type to object
$line=-1;
for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
if (strpos($this->base->ldap->objectClasses[$i], "NAME 'inetOrgPerson'")) $line = $i;
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'inetOrgPerson'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'inetOrgPerson'), E_USER_WARNING);
// Add Array with all attributes and type
$baseobject->add_attributes ('inetOrgPerson');
$_SESSION[$this->base]->add_attributes ('inetOrgPerson');
// create array with must-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -85,8 +79,8 @@ class inetOrgPerson {
}
// create array with may-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -96,12 +90,12 @@ class inetOrgPerson {
}
}
// Get attributes of subclasses
while (strpos($this->base->ldap->objectClasses[$line], "SUP ")) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'SUP ')+4);
while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
if (strpos($this->base->ldap->objectClasses[$i], "NAME '$subclass'")) $line = $i;
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
// *** fixme, fix error message
@ -109,8 +103,8 @@ class inetOrgPerson {
// create array with must-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -121,8 +115,8 @@ class inetOrgPerson {
}
// create array with may-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -133,7 +127,12 @@ class inetOrgPerson {
}
}
$this->orig = $this->attributes ;
$this->attributes['objectClass'][0] = 'inetOrgPerson';
if (isset($this->attributes['userPassword'])) unset($this->attributes['userPassword']);
$this->alias = _('inetOrgPerson');
// Add attributes which should be cached
$_SESSION[$_SESSION[$this->base]->cache]->add_cache(array ('user' => array('uid'), 'host' => array('uid')));
}
// Variables
@ -160,24 +159,21 @@ class inetOrgPerson {
* new password will be stored encrypted
*/
function userPassword($newpassword=false) {
// Read existing password if set
if (!$newpassword) {
if ($this->attributes['userPassword'][0]!='') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
return $password;
}
else return '';
}
// Write new password
else {
if (is_string($newpassword)) {
// Write new password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$this->attributes['userPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
return 0;
}
else {
// Read existing password if set
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
return $password;
}
}
/* This function returns a list with all required modules
@ -188,59 +184,61 @@ class inetOrgPerson {
/* Write variables into object and do some regexp checks
*/
function proccess_attributes() {
function proccess_attributes($post) {
// Load attributes
if (($this->attributes['uid'] != $_POST['form_inetOrgPerson_uid']) && ereg('[A-Z]$', $_POST['form_inetOrgPerson_uid']))
if (($this->attributes['uid'][0] != $post['form_inetOrgPerson_uid']) && ereg('[A-Z]$', $post['form_inetOrgPerson_uid']))
$errors[] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
$this->attributes['uid'] = $_POST['form_inetOrgPerson_uid'];
$this->attributes['cn'] &= $this->attributes['uid'];
$this->attributes['description'] = $_POST['form_inetOrgPerson_description'];
$this->attributes['sn'] = $_POST['form_inetOrgPerson_sn'];
$this->attributes['givenName'] = $_POST['form_inetOrgPerson_givenName'];
$this->attributes['title'] = $_POST['form_inetOrgPerson_title'];
$this->attributes['mail'] = $_POST['form_inetOrgPerson_mail'];
$this->attributes['telephoneNumber'] = $_POST['form_inetOrgPerson_telephoneNumber'];
$this->attributes['mobileTelephoneNumber'] = $_POST['form_inetOrgPerson_mobileTelephoneNumber'];
$this->attributes['facsimileTelephoneNumber'] = $_POST['form_inetOrgPerson_facsimileTelephoneNumber'];
$this->attributes['street'] = $_POST['form_inetOrgPerson_street'];
$this->attributes['postalCode'] = $_POST['form_inetOrgPerson_postalCode'];
$this->attributes['postalAddress'] = $_POST['form_inetOrgPerson_postalAddress'];
$this->attributes['employeeType'] = $_POST['form_inetOrgPerson_employeeType'];
$this->attributes['uid'][0] = $post['form_inetOrgPerson_uid'];
$this->attributes['cn'][0] &= $this->attributes['uid'][0];
$this->attributes['description'][0] = $post['form_inetOrgPerson_description'];
$this->attributes['sn'][0] = $post['form_inetOrgPerson_sn'];
$this->attributes['givenName'][0] = $post['form_inetOrgPerson_givenName'];
$this->attributes['title'][0] = $post['form_inetOrgPerson_title'];
$this->attributes['mail'][0] = $post['form_inetOrgPerson_mail'];
$this->attributes['telephoneNumber'][0] = $post['form_inetOrgPerson_telephoneNumber'];
$this->attributes['mobileTelephoneNumber'][0] = $post['form_inetOrgPerson_mobileTelephoneNumber'];
$this->attributes['facsimileTelephoneNumber'][0] = $post['form_inetOrgPerson_facsimileTelephoneNumber'];
$this->attributes['street'][0] = $post['form_inetOrgPerson_street'];
$this->attributes['postalCode'][0] = $post['form_inetOrgPerson_postalCode'];
$this->attributes['postalAddress'][0] = $post['form_inetOrgPerson_postalAddress'];
$this->attributes['employeeType'][0] = $post['form_inetOrgPerson_employeeType'];
if ($_POST['form_inetOrgPerson_userPassword_no']) $this->userPassword_no=true;
if ($post['form_inetOrgPerson_userPassword_no']) $this->userPassword_no=true;
else $this->userPassword_no=false;
if ($_POST['form_inetOrgPerson_userPassword_lock']) $this->userPassword_lock=true;
if ($post['form_inetOrgPerson_userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
if (isset($_POST['form_inetOrgPerson_userPassword'])) {
if ($_POST['form_inetOrgPerson_userPassword'] != $_POST['form_inetOrgPerson_userPassword2']) {
if (isset($post['form_inetOrgPerson_userPassword'])) {
if ($post['form_inetOrgPerson_userPassword'] != $post['form_inetOrgPerson_userPassword2']) {
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
unset ($_POST['form_inetOrgPerson_userPassword2']);
unset ($post['form_inetOrgPerson_userPassword2']);
}
else $this->userPassword($_POST['form_inetOrgPerson_userPassword']);
else $this->userPassword($post['form_inetOrgPerson_userPassword']);
}
if ($_POST['form_inetOrgPerson_genpass']) $this->userPassword(genpasswd());
if ($post['form_inetOrgPerson_genpass']) $this->userPassword(genpasswd());
// Check if givenname is valid
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'][0])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
// Check if surname is valid
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'][0])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
// Check if Username contains only valid characters
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*$', $this->attributes['uid']))
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])+$', $this->attributes['uid'][0]))
$errors[] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
// Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use
// Set username back to original name if new username is in use
if ($this->base->cache->in_cache($this->attributes['uid'],'uid', '*')!=$this->orig['uid'] && ($this->orig['uid']!='')) $this->attributes['uid'] = $this->orig['uid'];
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['uid'][0],'uid', '*')!=false && ($this->orig['uid'][0]!='')) {
$this->attributes['uid'][0] = $this->orig['uid'][0];
}
// Change uid to a new uid until a free uid is found
while ($this->base->cache->in_cache($this->attributes['uid'], 'uid', '*')) {
else while ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['uid'][0], 'uid', '*')) {
// get last character of username
$lastchar = substr($this->attributes['uid'], strlen($this->attributes['uid'])-1, 1);
$lastchar = substr($this->attributes['uid'][0], strlen($this->attributes['uid'][0])-1, 1);
// Last character is no number
if ( !ereg('^([0-9])+$', $lastchar))
/* Last character is no number. Therefore we only have to
* add "2" to it.
*/
$this->attributes['uid'] = $this->attributes['uid'] . '2';
$this->attributes['uid'][0] = $this->attributes['uid'][0] . '2';
else {
/* Last character is a number -> we have to increase the number until we've
* found a groupname with trailing number which is not in use.
@ -248,34 +246,34 @@ class inetOrgPerson {
* $i will show us were we have to split groupname so we get a part
* with the groupname and a part with the trailing number
*/
$i=strlen($this->attributes['uid'])-1;
$i=strlen($this->attributes['uid'][0])-1;
$mark = false;
// Set $i to the last character which is a number in $account_new->general_username
while (!$mark) {
if (ereg('^([0-9])+$',substr($this->attributes['uid'], $i, strlen($this->attributes['uid'])-$i))) $i--;
while (!$mark) {
if (ereg('^([0-9])+$',substr($this->attributes['uid'][0], $i, strlen($this->attributes['uid'][0])-$i))) $i--;
else $mark=true;
}
// increase last number with one
$firstchars = substr($this->attributes['uid'], 0, $i+1);
$lastchars = substr($this->attributes['uid'], $i+1, strlen($this->attributes['uid'])-$i);
$firstchars = substr($this->attributes['uid'][0], 0, $i+1);
$lastchars = substr($this->attributes['uid'][0], $i+1, strlen($this->attributes['uid'][0])-$i);
// Put username together
$this->attributes['uid'] = $firstchars . (intval($lastchars)+1);
$this->attributes['uid'][0] = $firstchars . (intval($lastchars)+1);
}
}
// Show warning if lam has changed username
if ($this->attributes['uid'] != $_POST['form_inetOrgPerson_uid']) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.'));
if ($this->attributes['uid'][0] != $post['form_inetOrgPerson_uid']) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.'));
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $this->userPassword()))
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'][0])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'][0])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'][0])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'][0])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'][0])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'][0])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'][0])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
// Return error-messages
if (is_array($errors)) return $errors;
return 0;
@ -294,14 +292,15 @@ class inetOrgPerson {
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
if (isset($this->orig[$attribute])) {
$this->orig[$attribute] = $attr[$attribute];
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
for ($i=0; $i<count($this->orig[$attribute]); $i++) $this->orig[$attribute][$i] = utf8_decode ($this->orig[$attribute][$i]);
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->orig = $this->attributes;
$this->orig['objectClass'][0] = 'inetOrgPerson';
$this->attributes = $this->orig;
$this->userPassword(''); // Remove old password so it won't displayed as hash
return 0;
}
@ -316,59 +315,80 @@ class inetOrgPerson {
* remove are attributes which have to be removed from ldap entry
*/
function save_attributes() {
// Get list off all attributes
$attributes = $this->orig;
// Remove attributes which are not as easy to set
unset ($attributes['userPassword']);
// Get list of all "easy" attributes
$attr_names = array_keys($attributes);
foreach ($attr_names as $attr_name) {
if (count($this->attributes[$attr_name])!=0 && count($this->orig[$attr_name])==0) $return[$this->base['dn']]['add'][$attr_name] = $this->attributes[$attr_name];
if (count($this->attributes[$attr_name])!=0 && count($this->orig[$attr_name])!=0) {
// We have to check every single attribute
// Get attributes which should be added
$attributes = array_delete($this->orig[$attr_name], $this->attributes[$attr_name]);
// Encode as unicode
for ($i=0; $i<count($attributes); $i++) $attributes[$i] = utf8_encode ($attributes[$i]);
if (count($attributes)!=0) $return[$this->base['dn']]['add'][$attr_name] = $attributes;
// Get attributes which should be removed
$attributes = array_delete($this->attributes[$attr_name], $this->orig[$attr_name]);
// Encode as unicode
for ($i=0; $i<count($attributes); $i++) $attributes[$i] = utf8_encode ($attributes[$i]);
if (count($attributes)!=0) $return[$this->base['dn']]['remove'][$attr_name] = $attributes;
$attr_names = array_keys($this->attributes);
// Get attributes which should be added
for ($i=0; $i<count($attr_names); $i++) {
for ($j=0; $j<count($this->orig[$attr_names[$i]]); $j++) {
if (is_array($this->attributes[$attr_names[$i]])) {
if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]]))
if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]);
}
else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]])) {
if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]]))
if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) {
if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='')
$notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
}
if (count($this->attributes[$attr_name])==0 && count($this->orig[$attr_name])!=0) $return[$this->base['dn']]['remove'][$attr_name] = $this->orig[$attr_name];
}
// create modify wuth add and remove
if (is_array($toadd)) {
$attributes = array_keys($toadd);
for ($i=0; $i<count($attributes); $i++) {
if (isset($torem[$attributes[$i]])) {
// found modify entry
// Add unchanged attributes
if (isset($notchanged[$attributes[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
$tomodify[$attributes[$i]] = array_merge_recursive($tomodify[$attributes[$i]], $toadd[$attributes[$i]]);
// unset attributes
if (isset($notchanged[$attributes[$i]])) unset($notchanged[$attributes[$i]]);
if (isset($toadd[$attributes[$i]])) unset($toadd[$attributes[$i]]);
if (isset($torem[$attributes[$i]])) unset($torem[$attributes[$i]]);
}
}
}
if (count($toadd)!=0) $return[$_SESSION[$this->base]->dn]['add'] = $toadd;
if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem;
if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify;
if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged;
// Set unix password
if (count($this->orig['userPassword'])==0) {
// New user or no old password set
if ($this->userPassword_no) {
$return[$this->base['dn']]['add']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
}
else $return[$this->base['dn']]['add']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
}
else {
if ($this->userPassword()!='' || $this->userPassword_no) {
// Write new password
$return[$this->base['dn']]['remove']['userPassword'] = utf8_encode($this->orig['userPassword']);
if ($this->userPassword_no) $return[$this->base['dn']]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
else $return[$this->base['dn']]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
if ($this->userPassword_no) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
}
else { // No new password but old password
// (un)lock password
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'])) {
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'][0])) {
// Split old password hash in {CRYPT} and password-hash
$i = 0;
while ($this->orig['userPassword']{$i} != '}') $i++;
$passwd = substr($this->orig['userPassword'], $i+1 );
$crypt = substr($this->orig['userPassword'], 0, $i+1 );
while ($this->orig['userPassword'][0]{$i} != '}') $i++;
$passwd = substr($this->orig['userPassword'][0], $i+1 );
$crypt = substr($this->orig['userPassword'][0], 0, $i+1 );
// remove trailing ! from password hash
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
// Write new password
$return[$this->base['dn']]['remove']['userPassword'] = utf8_encode($this->orig['userPassword']);
if ($this->userPassword_lock) $return[$this->base['dn']]['modify']['userPassword'][0] = utf8_encode("$crypt!$passwd");
else $return[$this->base['dn']]['modify']['userPassword'][0] = utf8_encode("$crypt$passwd");
if ($this->userPassword_lock) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt!$passwd");
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt$passwd");
}
}
}
@ -389,7 +409,7 @@ class inetOrgPerson {
* to show a page with all attributes.
* It will output a complete html-table
*/
function display_html_attributes() {
function display_html_attributes($post) {
echo "<table border=0 width=\"100%\">\n<tr>\n";
echo '<td>' . _('Username') . "*</td>\n";
@ -409,7 +429,7 @@ class inetOrgPerson {
echo "<tr>\n";
echo "<td>" . _('Repeat password') . "</td>\n";
echo "<td><input name=\"form_inetOrgPerson_userPassword2\" type=\"password\" size=\"20\" maxlength=\"20\" value=\"";
if (isset($_POST['form_inetOrgPerson_userPassword2'])) echo $_POST['form_posixAccount_userPassword2'];
if ($post['form_inetOrgPerson_userPassword2']!='') echo $post['form_posixAccount_userPassword2'];
else echo $this->userPassword();
echo "\"></td>\n";
echo "<td></td>\n";
@ -423,8 +443,8 @@ class inetOrgPerson {
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Lock password') . "</td>\n";
echo "<td><input name=\"form_inetOrgPerson_userPassword_no\" type=\"checkbox\"";
if ($this->userPassword_no) echo " checked ";
echo "<td><input name=\"form_inetOrgPerson_userPassword_lock\" type=\"checkbox\"";
if ($this->userPassword_lock) echo " checked ";
echo "></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=426\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";

226
lam/lib/modules/posixAccount.inc
View File

@ -54,37 +54,33 @@ $Id$
*/
class posixAccount {
// Constructor
function posixAccount(&$baseobject) {
function posixAccount($base) {
/* Return an error if posixAccount should be created without
* base container
*/
if (!$baseobject) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
// Check if $baseobject is an array
if (!is_object($baseobject)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'posixAccount\');'), E_USER_ERROR);
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'posixAccount\');'), E_USER_ERROR);
$this->base = $base;
// posixAccount is only a valid objectClass for user and host
if (!($baseobject->get_type() == 'user' || $baseobject->get_type() != 'host')) trigger_error(_('posixAccount can only be used for users or hosts.'), E_USER_WARNING);
/* Create a reference to basearray so we can read all other modules
* php will avaois recousrion itself
*/
$this->base = &$baseobject;
if (!($_SESSION[$this->base]->get_type() == 'user' || $_SESSION[$this->base]->get_type() != 'host')) trigger_error(_('posixAccount can only be used for users or hosts.'), E_USER_WARNING);
/* Check if ldap conatiner is in array and set type
* users are using inetOrgPerson-, hosts account-container
*/
if (!isset($this->base->module['inetOrgPerson']) && $this->base->type=='user') $this->base->add_objectClass('inetOrgPerson');
if (!isset($this->base->module['account']) && $this->base->type=='host') $this->base->add_objectClass('account');
if (!isset($_SESSION[$this->base]->module['inetOrgPerson']) && $_SESSION[$this->base]->type=='user') $_SESSION[$this->base]->add_objectClass('inetOrgPerson');
if (!isset($_SESSION[$this->base]->module['account']) && $_SESSION[$this->base]->type=='host') $_SESSION[$this->base]->add_objectClass('account');
// Add account type to object
$line=-1;
for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
if (strpos($this->base->ldap->objectClasses[$i], "NAME 'posixAccount'")) $line = $i;
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'posixAccount'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'posixAccount'), E_USER_WARNING);
// Add Array with all attributes and type
$baseobject->add_attributes ('posixAccount');
$_SESSION[$this->base]->add_attributes ('posixAccount');
// create array with must-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -95,8 +91,8 @@ class posixAccount {
}
// create array with may-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -106,12 +102,12 @@ class posixAccount {
}
}
// Get attributes of subclasses
while (strpos($this->base->ldap->objectClasses[$line], "SUP ")) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'SUP ')+4);
while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
if (strpos($this->base->ldap->objectClasses[$i], "NAME '$subclass'")) $line = $i;
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
// *** fixme, fix error message
@ -119,8 +115,8 @@ class posixAccount {
// create array with must-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -131,8 +127,8 @@ class posixAccount {
}
// create array with may-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
@ -144,7 +140,7 @@ class posixAccount {
}
$this->alias = _('posixAccount');
// Add attributes which should be cached
$_SESSION['cache']->add_cache(array ('user' => array('cn', 'uid', 'uidNumber'), 'host' => array('cn', 'uid', 'uidNumber'), 'group' => array('cn', 'memberUid')));
$_SESSION[$_SESSION[$this->base]->cache]->add_cache(array ('user' => array('cn', 'uid', 'uidNumber'), 'host' => array('cn', 'uid', 'uidNumber'), 'group' => array('cn', 'memberUid')));
/* Check if at least one group does exist in ldap
*/
$groups = findgroups(); // list of all groupnames
@ -152,19 +148,20 @@ class posixAccount {
// Make references to attributes which already esists in ldap
$newattributes = array_keys($this->attributes);
$module = array_keys($this->base->module);
$module = array_keys($_SESSION[$this->base]->module);
// fixme *** do we have to unset module posixAccuont itself
for ($i=0; $i<count($module); $i++) {
foreach ($newattributes as $attribute)
if (isset($this->base->module[$module[$i]]->attributes[$attribute])) $this->attributes[$attribute] = &$this->base->module[$module[$i]]->attributes[$attribute];
if (isset($_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute])) $this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute];
}
$this->orig = $this->attributes ;
$this->attributes['objectClass'][0] = 'posixAccount';
}
// Variables
// Alias Name. This name is shown in the menu instead of posixAccount
var $alias;
// reference to base-array so we can read other classes in basearray
// name of accountContainer so we can read other classes in accuontArray
var $base;
// This variable contains all inetOrgPerson attributes
@ -182,48 +179,48 @@ class posixAccount {
/* This function returns a list with all required modules
*/
function dependencies() {
if ($this->base['type']=='user') return array('inetOrgPerson');
if ($this->base['type']=='host') return array('account');
if ($_SESSION[$this->base]->type=='user') return array('inetOrgPerson');
if ($_SESSION[$this->base]->type=='host') return array('account');
// return error if unsupported type is used
return -1;
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes() {
function proccess_attributes($post) {
// Load attributes
$this->attributes['uidNumber'] = $_POST['form_posixAccount_uidNumber'];
$this->attributes['gidNumber'] = getgrnam($_POST['form_posixAccount_gidNumber']);
$this->attributes['homeDirectory'] = $_POST['form_posixAccount_homeDirectory'];
$this->attributes['loginShell'] = $_POST['form_posixAccount_loginShell'];
$this->attributes['gecos'] = $_POST['form_posixAccount_gecos'];
$this->attributes['uidNumber'][0] = $post['form_posixAccount_uidNumber'];
$this->attributes['gidNumber'][0] = getgrnam($post['form_posixAccount_gidNumber']);
$this->attributes['homeDirectory'][0] = $post['form_posixAccount_homeDirectory'];
$this->attributes['loginShell'][0] = $post['form_posixAccount_loginShell'];
$this->attributes['gecos'][0] = $post['form_posixAccount_gecos'];
// Check if UID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber
if ($this->base['type']=='user') {
$minID = intval($_SESSION['config']->get_minUID());
$maxID = intval($_SESSION['config']->get_maxUID());
if ($_SESSION[$this->base]['type']=='user') {
$minID = intval($_SESSION[$_SESSION[$this->base]->config]->get_minUID());
$maxID = intval($_SESSION[$_SESSION[$this->base]->config]->get_maxUID());
}
else {
$minID = intval($_SESSION['config']->get_minMachine());
$maxID = intval($_SESSION['config']->get_maxMachine());
$minID = intval($_SESSION[$_SESSION[$this->base]->config]->get_minMachine());
$maxID = intval($_SESSION[$_SESSION[$this->base]->config]->get_maxMachine());
}
$dn_uids = $this->base->cache->get_cache('uidNumber', 'posixAccount', '*');
$dn_uids = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uidNumber', 'posixAccount', '*');
// get_cache will return an array ( dn1 => array(uidnumber1), dn2 => array(uidnumber2), ... )
foreach ($dn_uids as $uid) $uids[] = $uid[0];
if(is_array($uids)) sort ($uids, SORT_NUMERIC);
if ($this->attributes['uidNumber']=='') {
if ($this->attributes['uidNumber'][0]=='') {
// No id-number given
if ($this->orig['uidNumber']=='') {
if ($this->orig['uidNumber'][0]=='') {
// new account -> we have to find a free id-number
if (count($uids)!=0) {
// There are some uids
// Store highest id-number
$id = $uids[count($uids)-1];
// Return minimum allowed id-number if all found id-numbers are too low
if ($id < $minID) $this->attributes['uidNumber'] = $minID;
if ($id < $minID) $this->attributes['uidNumber'][0] = $minID;
// Return higesht used id-number + 1 if it's still in valid range
if ($id < $maxID) $this->attributes['uidNumber'] = $id+1;
if ($id < $maxID) $this->attributes['uidNumber'][0] = $id+1;
/* If this function is still running we have to fid a free id-number between
* the used id-numbers
*/
@ -232,53 +229,53 @@ class posixAccount {
if ($i>$maxID)
$errors[] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
else {
$this->attributes['uidNumber'] = $i;
$this->attributes['uidNumber'][0] = $i;
$errors[] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
}
}
else $this->attributes['uidNumber'] = $minID;
else $this->attributes['uidNumber'][0] = $minID;
// return minimum allowed id-number if no id-numbers are found
}
else $this->attributes['uidNumber'] = $this->orig['uidNumber'];
else $this->attributes['uidNumber'][0] = $this->orig['uidNumber'][0];
// old account -> return id-number which has been used
}
else {
// Check manual ID
// id-number is out of valid range
if ( $this->attributes['uidNumber'] < $minID || $this->attributes['uidNumber'] > $maxID) $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
if ( ($this->attributes['uidNumber'][0]!=$post['form_posixAccount_uidNumber']) && ($this->attributes['uidNumber'][0] < $minID || $this->attributes['uidNumber'][0] > $maxID)) $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
// $uids is allways an array but not if no entries were found
if (is_array($uids)) {
// id-number is in use and account is a new account
if ((in_array($this->attributes['uidNumber'], $uids)) && $this->orig['uidNumber']=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
// id-number is in use, account is existing account and id-number is not used by itself
if ((in_array($this->attributes['uidNumber'], $uids)) && $this->orig['uidNumber']!='' && ($this->orig['uidNumber'] != $this->attributes['uidNumber']) ) {
if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]!='' && ($this->orig['uidNumber'][0] != $this->attributes['uidNumber'][0]) ) {
$errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
$this->attributes['uidNumber'] = $this->orig['uidNumber'];
$this->attributes['uidNumber'][0] = $this->orig['uidNumber'][0];
}
}
}
// Check if Homedir is valid
$this->attributes['homeDirectory'] = str_replace('$group', getgrnam($this->attributes['gidNumber']), $this->attributes['homeDirectory']);
if ($this->attributes['uid'] != '')
$this->attributes['homeDirectory'] = str_replace('$user', $this->attributes['uid'], $this->attributes['homeDirectory']);
if ($this->attributes['homeDirectory'] != $_POST['form_posixAccount_homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $this->attributes['homeDirectory'] ))
$this->attributes['homeDirectory'][0] = str_replace('$group', getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
if ($this->attributes['uid'][0] != '')
$this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]);
if ($this->attributes['homeDirectory'][0] != $post['form_posixAccount_homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $this->attributes['homeDirectory'][0] ))
$errors[] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
// Return error-messages
if (is_array($errors)) return $errors;
// Go to additional group page when no error did ocour and button was pressed
if ($_POST['form_posixAccount_addgroup']) return 'group';
if ($post['form_posixAccount_addgroup']) return 'group';
return 0;
}
/* Write variables into object and do some regexp checks
*/
function process_groups() {
function proccess_group($post) {
do { // X-Or, only one if() can be true
if (isset($_POST['form_posixAccount_addgroups']) && isset($_POST['form_posixAccount_addgroups_button'])) { // Add groups to list
if (isset($post['form_posixAccount_addgroups']) && isset($post['form_posixAccount_addgroups_button'])) { // Add groups to list
// Add new group
$this->groups = @array_merge($this->groups, $_POST['form_posixAccount_addgroups']);
$this->groups = @array_merge($this->groups, $post['form_posixAccount_addgroups']);
// remove doubles
$this->groups = @array_flip($this->groups);
array_unique($this->groups);
@ -287,13 +284,13 @@ class posixAccount {
sort($this->groups);
break;
}
if (isset($_POST['form_posixAccount_removegroups']) && isset($_POST['form_posixAccount_removegroups_button'])) { // remove groups from list
$this->groups = array_delete($_POST['form_posixAccount_removegroups'], $this->groups);
if (isset($post['form_posixAccount_removegroups']) && isset($post['form_posixAccount_removegroups_button'])) { // remove groups from list
$this->groups = array_delete($post['form_posixAccount_removegroups'], $this->groups);
break;
}
} while(0);
if (isset($_POST['form_posixAccount_addgroups_button']) || isset($_POST['form_posixAccount_removegroups_button'])) return 'group';
if ($_POST['form_posixAccount_toattributes']) return 'attributes';
if (isset($post['form_posixAccount_addgroups_button']) || isset($post['form_posixAccount_removegroups_button'])) return 'group';
if ($post['form_posixAccount_toattributes']) return 'attributes';
return 0;
}
@ -319,8 +316,9 @@ class posixAccount {
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->orig = $this->attributes;
$this->attributes['objectClass'][0] = 'posixAccount';
// get all additional groupmemberships
$dn_groups = $this->base->cache->get_cache('memberUid', 'posixGroup', 'group');
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group');
$DNs = array_keys($dn_groups);
foreach ($DNs as $DN) {
if (in_array($attr['uid'], $dn_groups[$DN]))
@ -341,27 +339,52 @@ class posixAccount {
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes() {
// Get list off all attributes
$attributes = $this->orig;
// Get list of all "easy" attributes
$attr_names = array_keys($attributes);
foreach ($attr_names as $attr_name) {
if (count($this->attributes[$attr_name])!=0 && count($this->orig[$attr_name])==0) $return[$this->base['dn']]['add'][$attr_name] = $this->attributes[$attr_name];
if (count($this->attributes[$attr_name])!=0 && count($this->orig[$attr_name])!=0) {
// We have to check every single attribute
// Get attributes which should be added
$attributes = array_delete($this->orig[$attr_name], $this->attributes[$attr_name]);
// Encode as unicode
for ($i=0; $i<count($attributes); $i++) $attributes[$i] = utf8_encode ($attributes[$i]);
if (count($attributes)!=0) $return[$this->base['dn']]['add'][$attr_name] = $attributes;
// Get attributes which should be removed
$attributes = array_delete($this->attributes[$attr_name], $this->orig[$attr_name]);
// Encode as unicode
for ($i=0; $i<count($attributes); $i++) $attributes[$i] = utf8_encode ($attributes[$i]);
if (count($attributes)!=0) $return[$this->base['dn']]['remove'][$attr_name] = $attributes;
$attr_names = array_keys($this->attributes);
// Get attributes which should be added
for ($i=0; $i<count($attr_names); $i++) {
for ($j=0; $j<count($this->orig[$attr_names[$i]]); $j++) {
if (is_array($this->attributes[$attr_names[$i]])) {
if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]]))
if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]);
}
else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]])) {
if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]]))
if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) {
if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='')
$notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
}
if (count($this->attributes[$attr_name])==0 && count($this->orig[$attr_name])!=0) $return[$this->base['dn']]['remove'][$attr_name] = $this->orig[$attr_name];
}
// create modify wuth add and remove
if (is_array($toadd)) {
$attributes = array_keys($toadd);
for ($i=0; $i<count($attributes); $i++) {
if (isset($torem[$attributes[$i]])) {
// found modify entry
// Add unchanged attributes
if (isset($notchanged[$attributes[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
$tomodify[$attributes[$i]] = array_merge_recursive($tomodify[$attributes[$i]], $toadd[$attributes[$i]]);
// unset attributes
if (isset($notchanged[$attributes[$i]])) unset($notchanged[$attributes[$i]]);
if (isset($toadd[$attributes[$i]])) unset($toadd[$attributes[$i]]);
if (isset($torem[$attributes[$i]])) unset($torem[$attributes[$i]]);
}
}
}
if (count($toadd)!=0) $return[$_SESSION[$this->base]->dn]['add'] = $toadd;
if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem;
if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify;
if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged;
// Remove primary group from additional groups
for ($i=0; $i<count($this->groups); $i++) {
@ -375,7 +398,7 @@ class posixAccount {
//There are some old groups.
$add = array_delete($this->groups_orig, $this->groups);
$remove = array_delete($this->groups, $this->groups_orig);
$dn_cns = $this->base->cache->get_cache('cn', 'posixGroup', 'group');
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
@ -387,7 +410,7 @@ class posixAccount {
}
else {
// Add user to every group
$dn_cns = $this->base->cache->get_cache('cn', 'posixGroup', 'group');
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
@ -398,7 +421,7 @@ class posixAccount {
else {
if (is_array($this->groups_orig)) {
//There are some old groups which have to be removed
$dn_cns = $this->base->cache->get_cache('cn', 'posixGroup', 'group');
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
@ -422,13 +445,12 @@ class posixAccount {
* to show a page with all attributes.
* It will output a complete html-table
*/
function display_html_attributes() {
function display_html_attributes($post) {
$groups = findgroups(); // list of all groupnames
$shelllist = getshells(); // list of all valid shells
echo "<table border=0 width=\"100%\">\n<tr>\n";
echo "<td>" . _('UID number') . "</td>\n";
echo "<td><input name=\"form_posixAccout_uidNumber\" type=\"text\" size=\"6\" maxlength=\"6\" value=\"".$this->attributes['uidNumber']."\"></td>\n";
echo "<td>" . _('UID number') ."</td>\n";
echo "<td><input name=\"form_posixAccount_uidNumber\" type=\"text\" size=\"6\" maxlength=\"6\" value=\"".$this->attributes['uidNumber'][0]."\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=401\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
@ -436,12 +458,12 @@ class posixAccount {
echo "<td><select name=\"form_posixAccount_group\">";
// loop trough existing groups
foreach ($groups as $group)
if (getgrnam($this->attributes['gidNumber']) == $group) echo "<option selected> $group </option>\n";
if (getgrnam($this->attributes['gidNumber'][0]) == $group) echo "<option selected> $group </option>\n";
else echo "<option> $group </option>\n";
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=406\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
if ($this->base['type']=='user') {
if ($_SESSION[$this->base]->type=='user') {
echo "<tr>\n";
echo "<td>" . _('Additional groups') . "</td>\n";
echo "<td><input name=\"form_posixAccount_addgroup\" type=\"submit\" value=\"" . _('Edit groups') . "\"></td>\n";
@ -449,23 +471,23 @@ class posixAccount {
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Home directory') . "*</td>\n";
echo "<td><input name=\"form_posixAccount_homeDirectory\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['homeDirectory']."\"></td>\n";
echo "<td><input name=\"form_posixAccount_homeDirectory\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['homeDirectory'][0]."\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=403\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
}
echo "<tr>\n";
echo "<td>" . _('Gecos') . "</td>\n";
echo "<td><input name=\"form_posixAccount_gecos\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['gecos']."\"></td>\n";
echo "<td><input name=\"form_posixAccount_gecos\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['gecos'][0]."\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=404\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
if ($this->base['type']=='user') {
if ($_SESSION[$this->base]->type=='user') {
if (count($shelllist)!=0) {
echo "<tr>\n";
echo "<td>" . _('Login shell') . "*</td>\n";
echo "<td><select name=\"form_posixAccount_loginShell\">";
// loop through shells
foreach ($shelllist as $shell)
if ($this->attributes['loginShell']==trim($shell)) echo "<option selected> $shell </option>\n";
if ($this->attributes['loginShell'][0]==trim($shell)) echo "<option selected> $shell </option>\n";
else echo "<option> $shell </option>\n";
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=405\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
@ -476,9 +498,9 @@ class posixAccount {
return 0;
}
function display_html_group() {
function display_html_group($post) {
// load list with all groups
$dn_groups = $this->base->cache->get_cache('uidNumber', 'posixGroup', 'group');
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uidNumber', 'posixGroup', 'group');
foreach ($dn_groups as $group) $groups[] = $group[0];
// sort groups
sort($groups, SORT_STRING);

348
lam/lib/modules/shadowAccount.inc Normal file
View File

@ -0,0 +1,348 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 Tilo Lutz
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* Session variables which are used:
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
*
* Coockie variables which are used:
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
* External functions which are used
* account.inc: findgroups, incache, get_cache, array_delete, getshells
* ldap.inc: pwd_is_enabled, pwd_hash
*/
/* This class contains all shadowAccount LDAP attributes
* and funtioncs required to deal with shadowAccount
* shadowAccount can only be created when it should be added
* to an array.
* basearray is the same array shadowAccount should be added
* to. If basearray is not given the constructor tries to
* create an array with shadowAccount and all other required
* objects.
* Example: $user[] = new shadowAccount($user);
*
* In container array the following things have to exist:
* account or inetOrgPerson object
* type: 'user' or 'host'
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
*/
class shadowAccount {
// Constructor
function shadowAccount($base) {
/* Return an error if shadowAccount should be created without
* base container
*/
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'shadowAccount\');'), E_USER_ERROR);
$this->base = $base;
// shadowAccount is only a valid objectClass for user and host
if (!($_SESSION[$this->base]->get_type() == 'user')) trigger_error(_('shadowAccount can only be used for users.'), E_USER_WARNING);
/* Check if ldap conatiner is in array and set type
* users are using inetOrgPerson-, hosts account-container
*/
if (!isset($_SESSION[$this->base]->module['inetOrgPerson'])) $_SESSION[$this->base]->add_objectClass('inetOrgPerson');
// Add account type to object
$line=-1;
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'shadowAccount'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'shadowAccount'), E_USER_WARNING);
// Add Array with all attributes and type
$_SESSION[$this->base]->add_attributes ('shadowAccount');
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// Get attributes of subclasses
while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
// *** fixme, fix error message
if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
}
$this->alias = _('shadowAccount');
// Make references to attributes which already esists in ldap
$newattributes = array_keys($this->attributes);
$module = array_keys($_SESSION[$this->base]->module);
// fixme *** do we have to unset module shadowAccount itself
for ($i=0; $i<count($module); $i++) {
foreach ($newattributes as $attribute)
if (isset($_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute])) $this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute];
}
$this->orig = $this->attributes ;
$this->attributes['objectClass'][0] = 'shadowAccount';
}
// Variables
// Alias Name. This name is shown in the menu instead of shadowAccount
var $alias;
// name of accountContainer so we can read other classes in accuontArray
var $base;
// This variable contains all inetOrgPerson attributes
var $attributes;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig;
/* This function returns a list with all required modules
*/
function dependencies() {
return array('inetOrgPerson');
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
// Load attributes
$this->attributes['shadowMin'][0] = $post['form_shadowAccount_shadowMin'];
$this->attributes['shadowMax'][0] = $post['form_shadowAccount_shadowMax'];
$this->attributes['shadowWarning'][0] = $post['form_shadowAccount_shadowWarning'];
$this->attributes['shadowInactive'][0] = $post['form_shadowAccount_shadowInactive'];
$this->attributes['shadowWarning'][0] = mtime(10, 0, 0, $post['form_shadowAccount_shadowExpire_mon'],
$post['form_shadowAccount_shadowExpire_day'], $post['form_shadowAccount_shadowExpire_yea']);
if ( !ereg('^([0-9])*$', $this->attributes['shadowMin'][0])) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0] ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
if ( !ereg('^([0-9]*)$', $this->attributes['shadowMax'][0])) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'));
if ( !ereg('^(([-][1])|([0-9]*))$', $this->attributes['shadowInactive'][0]))
$errors[] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'));
if ( !ereg('^([0-9]*)$', $this->attributes['shadowWarning'][0])) $errors[] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'));
if (is_array($errors)) return $errors;
return 0;
}
/* This function loads all attributes into the object
* $attr is an array as it's retured from ldap_get_attributes
*/
function load_attributes($attr) {
// Load attributes which are displayed
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->orig = $this->attributes;
$this->attributes['objectClass'][0] = 'shadowAccount';
}
/* This function returns an array with 3 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes() {
// Get list of all "easy" attributes
$attr_names = array_keys($this->attributes);
// Get attributes which should be added
for ($i=0; $i<count($attr_names); $i++) {
for ($j=0; $j<count($this->orig[$attr_names[$i]]); $j++) {
if (is_array($this->attributes[$attr_names[$i]])) {
if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]]))
if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]);
}
else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]])) {
if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]]))
if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) {
if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='')
$notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
}
}
// create modify wuth add and remove
if (is_array($toadd)) {
$attributes = array_keys($toadd);
for ($i=0; $i<count($attributes); $i++) {
if (isset($torem[$attributes[$i]])) {
// found modify entry
// Add unchanged attributes
if (isset($notchanged[$attributes[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
$tomodify[$attributes[$i]] = array_merge_recursive($tomodify[$attributes[$i]], $toadd[$attributes[$i]]);
// unset attributes
if (isset($notchanged[$attributes[$i]])) unset($notchanged[$attributes[$i]]);
if (isset($toadd[$attributes[$i]])) unset($toadd[$attributes[$i]]);
if (isset($torem[$attributes[$i]])) unset($torem[$attributes[$i]]);
}
}
}
if (count($toadd)!=0) $return[$_SESSION[$this->base]->dn]['add'] = $toadd;
if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem;
if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify;
if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged;
// Set shadowLastchange manual.
if ($_SESSION[$this->base]->module['inetOrgPerson']->userPassword()!='' || $_SESSION[$this->base]->module['inetOrgPerson']->userPassword_no)
$return[$_SESSION[$this->base]->dn]['modify']['shadowLastChange'] = array(time()/3600/24);
return $return;
}
/* This function returns all ldap attributes
* which are part of shadowAccount and returns
* also their values.
*/
function get_attributes() {
return $this->attributes;
}
/* This function will create the html-page
* to show a page with all attributes.
* It will output a complete html-table
*/
function display_html_attributes($post) {
// Use dd-mm-yyyy format of date because it's easier to read for humans
$date = getdate ($this->attributes['shadowExpire'][0]*3600*24);
echo "<table border=0 width=\"100%\">\n<tr>\n";
echo "<td>" . _('Password warn') . "</td>\n";
echo "<td><input name=\"form_shadowAccount_shadowWarning\" type=\"text\" size=\"4\" maxlength=\"4\" value=\"" . $this->attributes['shadowWarning'][0] . "\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=414\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Password Expire') . "</td>\n";
echo "<td><input name=\"form_shadowAccount_shadowInactive\" type=\"text\" size=\"4\" maxlength=\"4\" value=\"" . $this->attributes['shadowInactive'][0] . "\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=415\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Maximum password age') . "</td>\n";
echo "<td><input name=\"form_shadowAccount_shadowMax\" type=\"text\" size=\"5\" maxlength=\"5\" value=\"" . $this->attributes['shadowMax'][0] . "\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=416\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Minimum password age') . "</td>\n";
echo "<td><input name=\"form_shadowAccount_shadowMin\" type=\"text\" size=\"4\" maxlength=\"4\" value=\"" . $this->attributes['shadowMin'][0] . "\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=417\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Expire date') . "</td>\n";
echo "<td><select name=\"form_shadowAccount_shadowExpire_day\">";
for ( $i=1; $i<=31; $i++ ) {
if ($date['mday']==$i) echo "<option selected>$i</option>";
else echo "<option>$i</option>";
}
echo "</select>\n<select name=\"form_shadowAccount_shadowExpire_mon\">";
for ( $i=1; $i<=12; $i++ ) {
if ($date['mon'] == $i) echo "<option selected>$i</option>";
else echo "<option>$i</option>";
}
echo "</select>\n<select name=\"form_shadowAccount_shadowExpire_yea\">";
for ( $i=2030; $i>=2003; $i-- ) {
if ($date['year']==$i) echo "<option selected>$i</option>";
else echo "<option>$i</option>";
}
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=418\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "</table>\n";
return 0;
}
}
?>

5
lam/templates/account/useredit.php
View File

@ -758,11 +758,6 @@ if (is_array($errors))
// print_r($account_new);
//print_r($account_old);
//$_SESSION['cache'] = new cache();
//$temp = new accountContainer('user');
//$temp->add_objectClass('posixAccount');
//$temp->load_account('uid=julia,ou=people,dc=my-domain,dc=com');
//print_r($temp->module['posixAccount']->attributes);
switch ($select_local) {
/* Select which part of page should be loaded and check values

73
lam/templates/account/useredit.php.new Normal file
View File

@ -0,0 +1,73 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 Tilo Lutz
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
LDAP Account Manager displays table for creating or modifying accounts in LDAP
*/
// include all needed files
include_once('../../lib/account.inc'); // File with all account-funtions
include_once('../../lib/config.inc'); // File with configure-functions
include_once('../../lib/profiles.inc'); // functions to load and save profiles
include_once('../../lib/status.inc'); // Return error-message
include_once('../../lib/pdf.inc'); // Return a pdf-file
include_once('../../lib/ldap.inc'); // LDAP-functions
/* We have to include all modules
* before start session
* *** fixme I would prefer loading them dynamic but
* i don't know how to to this
*/
$dir = opendir('../../lib/modules');
while ($entry = readdir($dir))
if (is_file('../../lib/modules/'.$entry)) include_once ('../../lib/modules/'.$entry);
// Start session
session_save_path('../../sess');
@session_start();
// Redirect to startpage if user is not loged in
if (!isset($_SESSION['loggedIn'])) {
metaRefresh("../login.php");
exit;
}
// Set correct language, codepages, ....
setlanguage();
if (!isset($_SESSION['cache'])) {
$_SESSION['cache'] = new cache();
}
if ($_GET['DN']) {
//load account
$DN = str_replace("\'", '', $_GET['DN']);
$_SESSION['account'] = new accountContainer('user', 'account');
$_SESSION['account']->load_account($DN);
}
else if (count($_POST)==0) {
$_SESSION['account'] = new accountContainer('user', 'account');
$_SESSION['account']->new_account();
}
$_SESSION['account']->continue_main($_POST);
?>