WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added new modules and improve ols modules

This commit is contained in:
katagia 2003-12-27 11:21:00 +00:00
parent 58021e0cef
commit 62d35c207a
11 changed files with 1613 additions and 348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

262
lam/lib/account.inc
View File

@ -45,7 +45,7 @@ class cache {
*/
function add_cache($attributes) {
// Check input variable
$allowed_types = array ( 'user', 'group', 'host', '*' );
$allowed_types = array ( 'user', 'group', 'host', 'domain', '*' );
if (!is_array($attributes)) trigger_error(_('Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).'), E_USER_ERROR);
foreach ($attributes as $attribute) {
if (!is_array($attribute)) trigger_error(_('Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).'), E_USER_ERROR);
@ -73,7 +73,7 @@ class cache {
function get_cache($attribute, $objectClass, $singlescope) {
$this->refresh_cache();
// Check input variables
$allowed_types = array ( 'user', 'group', 'host', '*' );
$allowed_types = array ( 'user', 'group', 'host', 'domain', '*' );
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
$line=-1;
for ($i=0; $i<count($_SESSION['ldap']->objectClasses) || $i==-1; $i++) {
@ -139,7 +139,7 @@ class cache {
function in_cache($value, $attribute, $singlescope) {
$this->refresh_cache();
// Check input variables
$allowed_types = array ( 'user', 'group', 'host', '*' );
$allowed_types = array ( 'user', 'group', 'host', 'domain', '*' );
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
// Create list of all allowed attributes
for ($i=0; $i<count($this->ldap->objectClasses); $i++ ) {
@ -235,7 +235,7 @@ class cache {
* made without refrehing the complete cache
*/
function update_cache($dn, $attributes, $singlescope) {
$allowed_types = array ( 'user', 'group', 'host', '*' );
$allowed_types = array ( 'user', 'group', 'host', 'domain', '*' );
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
// Everything seems to be OK, start processing data
$this->refresh_cache();
@ -247,213 +247,44 @@ class cache {
}
}
}
/* Main-Module. Contains basic module functions have to be loaded first
* It also chooses which page to show.
*/
class main {
// This variable stores the number of the current displayed page
var $current_page;
// This variable os set to the pagename of a subpage if it should be displayed
var $subpage;
// name of accountContainer so we can read other classes in accuontArray
var $base;
// Alias Name. This name is shown in the menu instead of main
var $alias;
function main($base) {
$this->current_page = 0;
$this->subpage = '';
/* Create a reference to basearray so we can read all other modules
* php will avaois recousrion itself
*/
$this->base = $base;
$this->alias = _('main');
}
/* This function returns a list with all required modules
/* This function will return the gidNumber to an existing groupname
* gidNumbers are taken from cache-array
*/
function dependencies() {
return array();
}
function module_ready() {
return true;
}
function display_html_attributes($post) {
$function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();';
eval($function);
$modules = $_SESSION[$this->base]->check_attributes();
if (count($modules)!=0) {
$disabled = 'disabled';
for ($i=0; $i<count($modules); $i++) StatusMessage('ERROR', _('Check module'), sprintf(_('Please set up all required attributes on %s page'), $_SESSION[$this->base]->module[$modules[$i]]->alias));
function getgid($groupname) {
$dn_groups = $_SESSION['cache']->get_cache('gidNumber', 'posixGroup', 'group');
$DNs = array_keys($dn_groups);
foreach ($DNs as $DN) {
if (strpos($DN, $groupname))
return $dn_groups[$DN][0];
}
else $disabled = '';
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
echo "<td>" . _('Suffix') . "</td>\n";
echo "<td><select name=\"form_main_suffix\">";
// loop through all suffixes
$function = '$suffix = $_SESSION[$_SESSION[$this->base]->config]->get_'.ucfirst($_SESSION[$this->base]->type).'Suffix();';
eval($function);
foreach ($_SESSION[$_SESSION[$this->base]->ldap]->search_units($suffix) as $suffix) {
if ($_SESSION[$this->base]->dn) {
if ($_SESSION[$this->base]->dn == $suffix) echo "<option selected>$suffix</option>\n";
else echo "<option>$suffix</option>\n";
}
else echo "<option>$suffix</option>\n";
}
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=461\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
// Show fieldset with list of all user profiles
if (count($profilelist)!=0) {
echo "<tr>\n";
echo "<td>" . _("Load profile") . "</td>\n";
echo "<td><select name=\"form_main_selectLoadProfile\">";
foreach ($profilelist as $profile) echo "<option>$profile</option>\n";
echo "</select>\n";
echo "<input name=\"form_main_loadProfile\" type=\"submit\" value=\"" . _('Load Profile') . "\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=421\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
}
echo "<tr>\n";
echo "<td>" . _("Save profile") . "</td>\n";
echo "<td><input name=\"form_main_selectSaveProfile\" type=\"text\" size=\"30\" maxlength=\"50\">\n";
echo "<input name=\"form_main_saveProfile\" type=\"submit\" value=\"" . _('Save profile') . "\" $disabled ></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=457\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td><input name=\"form_main_create\" type=\"submit\" value=\"";
if ($_SESSION[$this->base]->dn_orig!='') echo _('Modify Account');
else echo _('Create Account');
echo "\" $disabled ></td>\n";
echo "</tr>\n";
echo "</table>\n";
return 0;
}
/* This page will be shown if an account
* has been saved
/* This function will return an array with all groupnames
* found in ldap. Groupnames are taken from cache-array.
*/
function display_html_finish($post) {
// Show success message
if ($_SESSION[$this->base]->dn_orig=='') $kind = _('created');
else $kind = _('modified');
$text = sprintf(_('%s has been %s.'), ucfirst($_SESSION[$this->base]->type), $kind);
StatusMessage('INFO', _('LDAP operation successful.'), $text);
// Show rest of page
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
if ($_SESSION[$this->base]->dn_orig=='') {
echo "<td><input name=\"form_main_createagain\" type=\"submit\" value=\"";
echo sprintf(_('Create another %s'), $_SESSION[$this->base]->type);
echo "\"></td>\n";
}
echo "<td><input name=\"form_main_outputpdf\" type=\"submit\" value=\"" . _('Create PDF file') . "\"></td>\n";
echo "<td><input name=\"form_main_backmain\" type=\"submit\" value=\"";
echo sprintf (_('Back to %s list'), $_SESSION[$this->base]->type);
echo "\"></td>\n";
echo "</tr>\n";
echo "</table>\n";
return 0;
function findgroups() {
$dn_groups = $_SESSION['cache']->get_cache('cn', 'posixGroup', 'group');
$DNs = array_keys($dn_groups);
foreach ($DNs as $DN)
$return[] = $dn_groups[$DN][0];
return $return;
}
/* Write variables into object and do some regexp checks
/* This function will return the groupname to an existing gidNumber
* groupnames are taken from cache-array
*/
function proccess_finish($post) {
if ($post['form_main_createagain']) {
// Reset objects
$modules = array_keys($_SESSION[$this->base]->module);
foreach ($modules as $module)
if ($module!='main') unset($_SESSION[$this->base]->module[$module]);
// Reset accountContainer
$_SESSION[$this->base]->dn = '';
$_SESSION[$this->base]->dn_orig = '';
$_SESSION[$this->base]->attributes = array();
$_SESSION[$this->base]->order = array();
$this->current_page = 0;
$this->subpage = '';
// Add all required objects etc.
$_SESSION[$this->base]->new_account();
return 0;
}
if ($post['form_main_backmain']) {
// Return to *-list
// *** fixme unset accountContainer in session
metaRefresh("../lists/list".$_SESSION[$this->base]->type."s.php");
exit;
}
if ($post['form_main_outputpdf']) {
// Create / display PDf-file
$function = 'create'.ucfirst($_SESSION[$this->base]->type).'PDF(array($_SESSION[$this->base]));';
eval($function);
exit;
function getgrnam($gidNumber) {
$dn_groups = $_SESSION['cache']->get_cache('gidNumber', 'posixGroup', 'group');
$DNs = array_keys($dn_groups);
foreach ($DNs as $DN) {
if ($dn_groups[$DN][0]==$gidNumber)
$return = substr($DN, 3, strpos($DN, ',')-3);
}
return $return;
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
// change dn
if ($post['form_main_suffix']!='') $_SESSION[$this->base]->dn = $post['form_main_suffix'];
// load profile
if ($post['form_main_selectLoadProfile'] && $post['form_main_loadProfile']) {
// *** fixme load*Profile must return array in the same way ldap_get_attributes does.
$function = '$newattributes = load'.ucfirst($scope).'Profile($post[\'form_main_selectLoadProfile\']);';
eval($function);
// pass newattributes to each module
$modules = array_keys($_SESSION[$this->base]->module);
foreach ($modules as $module) $_SESSION[$this->base]->module[$module]->load_attributes($newattributes);
return 0;
}
// save account
if ($post['form_main_create']) {
$success = $_SESSION[$this->base]->save_account();
if (is_array($success)) return array($success);
// return name of subpage
return 'finish';
}
// save profile
if ($post['form_main_saveProfile']) {
if ($post['form_main_selectSaveProfile']=='') $errors[] = array('ERROR', _('Save profile'), _('No profilename given.'));
else {
$function = 'save'.ucfirst($scope).'Profile();';
eval($function);
if ($function) $errors[] = array('INFO', _('Save profile'), _('New profile created.'));
else $errors[] = array('ERROR', _('Save profile'), _('Wrong profilename given.'));
}
if (is_array($errors)) return $errors;
else return 0;
}
return 0;
}
// Dummy functions to make module compatible
function load_attributes($attr) {
return 0;
}
// Dummy functions to make module compatible
function save_attributes() {
return array();
}
// Dummy functions to make module compatible
function get_attributes() {
return array();
}
}
@ -467,7 +298,7 @@ class accountContainer {
if (!is_string($type)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
// *** fixme use global variable to determine allowed types
$allowed_types = array ( 'user', 'group', 'host' );
$allowed_types = array ( 'user', 'group', 'host', 'domain' );
if (!in_array($type, $allowed_types)) trigger_error(_('Account type not recognized.'), E_USER_ERROR);
$this->type = $type;
$this->base = $base;
@ -647,8 +478,6 @@ class accountContainer {
}
}
}
}
/* This function return ldap attributes
@ -737,6 +566,7 @@ class accountContainer {
}
}
}
$this->add_attributes($objectClass);
return $return;
}
@ -846,15 +676,20 @@ class accountContainer {
$this->dn_orig = $dn;
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if (isset($attr['objectClass']['count'])) unset($attr['objectClass']['count']);
// Add objects
foreach ($attr['objectClass'] as $objectClass) $this->add_objectClass($objectClass);
// load attributes
foreach ($attr['objectClass'] as $objectClass)
foreach ($attr['objectClass'] as $objectClass) {
$this->add_objectClass($objectClass);
if (isset($this->module[$objectClass])) $this->module[$objectClass]->load_attributes($attr);
}
$this->module['quota'] = new quota($this->base);
$this->module['quota']->load_attributes($attr);
// sortm modules and make all active because all required attributes should be set
$module = array_keys ($this->module);
$modulelist = array();
// *** fixme add modules from config which should be used but not yet in loaded account
// *** fixme how to handle non ldap modules?
// loop until all modules are in order.
// We don't want to loop forever
@ -1006,7 +841,7 @@ class accountContainer {
}
}
foreach ($attributes as $DN)
if (is_array($DN['lamdaemon'])) $this->lamdaemon($DN['lamdaemon']);
if (is_array($DN['lamdaemon']['command'])) $this->lamdaemon($DN['lamdaemon']['command']);
return 0;
}
@ -1020,11 +855,7 @@ class accountContainer {
*/
$towrite = escapeshellarg($_SESSION[$this->config]->scriptServer)." ".escapeshellarg($_SESSION[$this->config]->scriptPath)." ".
escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]);
if (is_array($users)) {
foreach ($users as $user) {
$userstring .= "$user home add\n";
}
}
$userstring = implode ("\n", $commands);
if (function_exists(proc_open)) {
// New Code, requires PHP 4.3
@ -1068,8 +899,7 @@ class accountContainer {
}
/*
// This class keeps all needed values for any account
class account {
// Type : user | group | host
@ -1118,6 +948,7 @@ class account {
* mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes,
* soft inode limit, hard inode limit, grace inode period
*/
/*
// Personal Settings
var $personal_title; // string title of user
var $personal_mail; // string mailaddress of user
@ -1129,7 +960,7 @@ class account {
var $personal_postalAddress; // string postal Address of user
var $personal_employeeType; // string employe type of user
}
*/
/* Return a list of all shells listed in ../config/shells
* Normally ../config/shells is a symbolic link to /etc/shells
@ -1172,12 +1003,13 @@ function replace_umlaut($text) {
function array_delete($values, $array) {
// Loop for every entry and check if it should be removed
if (is_array($array)) {
$return = array();
foreach ($array as $array_value)
if (!@in_array($array_value, $values))
$return[] = $array_value;
return $return;
}
else return 0;
else return array();
}

63
lam/lib/modules/account.inc
View File

@ -22,13 +22,10 @@ $Id$
/*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host
* type: Type of account. Can be user, group, host, domain
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
* External functions which are used
* account.inc:
*/
@ -36,38 +33,33 @@ $Id$
* and funtioncs required to deal with account
* account can only be created when it should be added
* to an array.
* basearray is the same array account should be added
* to. If basearray is not given the constructor tries to
* create an array with account and all other required
* objects.
* Example: $user[] = new account($user);
* $base is the name of account_container in session
*
*/
class account {
// Constructor
function account($base) {
/* Return an error if posixAccount should be created without
* base container
*/
// Get local copy of name of account_container in session
$this->base = $base;
// Do some error checks
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'account\');'), E_USER_ERROR);
$this->base = $base;
// account is only a valid objectClass for users
if ($_SESSION[$this->base]->get_type() != 'host') trigger_error(_('account can only be used for hosts.'), E_USER_WARNING);
// Add Array with all attributes and type
// load attribtues which are used in account objectClass
$this->attributes = $_SESSION[$this->base]->get_module_attributes('account');
$_SESSION[$this->base]->add_attributes ('account');
// Create copy of attributes
$this->orig = $this->attributes ;
// Add objectClass to attributes
$this->attributes['objectClass'][0] = 'account';
// unset userPassword because we handle it separat.
// Set aliasname
$this->alias = _('account');
}
// Variables
// Alias Name. This name is shown in the menu instead of posixAccount
// Alias Name. This name is shown in the menu instead of 'account'
var $alias;
// reference to base-array so we can read other classes in basearray
// name of account_container in session so we can read other classes in account_container
var $base;
// This variable contains all account attributes
var $attributes;
@ -82,16 +74,29 @@ class account {
return array('main');
}
/* This function returns true if all required attributes from other
* modules are set. This is required to prevent undefined states
*/
function module_ready() {
return true;
}
/* This function returns a list of all html-pages in module
* This is usefull for mass upload and pdf-files
* because lam can walk trough all pages itself and do some
* error checkings
*/
function pages() {
return array('attributes');
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
// Load attributes
$this->attributes['description'][0] = $post['form_account_description'];
return 0;
}
@ -99,7 +104,6 @@ class account {
* $attr is an array as it's retured from ldap_get_attributes
*/
function load_attributes($attr) {
// Load attributes which are displayed
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
@ -107,6 +111,7 @@ class account {
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
// load attribtues
foreach ($attributes as $attribute) {
if (isset($this->orig[$attribute])) {
$this->orig[$attribute] = $attr[$attribute];
@ -114,24 +119,25 @@ class account {
for ($i=0; $i<count($this->orig[$attribute]); $i++) $this->orig[$attribute][$i] = utf8_decode ($this->orig[$attribute][$i]);
}
}
// Values are kept as copy so we can compare old attributes with new attributes
// Add objectClass to orig because we don't want to add objectClass if it's already set
$this->orig['objectClass'][0] = 'account';
// Values are kept as copy so we can compare old attributes with new attributes
$this->attributes = $this->orig;
return 0;
}
/* This function returns an array with 3 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
/* This function returns an array with 4 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr), 'lamdaemon' => array(cmds)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* lamdaemon are lamdaemon commands to modify homedir, quotas, ...
*/
function save_attributes() {
// Get easy attributes
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// Return attributes
return $return;
}
@ -158,9 +164,6 @@ class account {
return 0;
}
}
?>

91
lam/lib/modules/inetOrgPerson.inc
View File

@ -22,51 +22,43 @@ $Id$
/*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host
* type: Type of account. Can be user, group, host, domain
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
* External functions which are used
* account.inc:
*/
/* This class contains all inetOrgPerson LDAP attributes
/* This class contains all account LDAP attributes
* and funtioncs required to deal with inetOrgPerson
* inetOrgPerson can only be created when it should be added
* to an array.
* basearray is the same array inetOrgPerson should be added
* to. If basearray is not given the constructor tries to
* create an array with inetOrgPerson and all other required
* objects.
* Example: $user[] = new inetOrgPerson($user);
*
* $base is the name of account_container in session
*/
class inetOrgPerson {
// Constructor
function inetOrgPerson($base) {
/* Return an error if posixAccount should be created without
* base container
*/
// Get local copy of name of account_container in session
$this->base = $base;
// Do some error checks
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR);
$this->base = $base;
// inetOrgPerson is only a valid objectClass for users
if ($_SESSION[$this->base]->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
// Add Array with all attributes and type
if ($_SESSION[$this->base]->type != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
// load attribtues which are used in inetOrgPerson objectClass
$this->attributes = $_SESSION[$this->base]->get_module_attributes('inetOrgPerson');
$_SESSION[$this->base]->add_attributes ('inetOrgPerson');
// Create copy of attributes
$this->orig = $this->attributes ;
// Add objectClass to attributes
$this->attributes['objectClass'][0] = 'inetOrgPerson';
// Set aliasname
$this->alias = _('inetOrgPerson');
}
// Variables
// Alias Name. This name is shown in the menu instead of posixAccount
var $alias;
// reference to base-array so we can read other classes in basearray
// name of account_container in session so we can read other classes in account_container
var $base;
// This variable contains all inetOrgPerson attributes
var $attributes;
@ -82,10 +74,23 @@ class inetOrgPerson {
return array('main');
}
/* This function returns true if all required attributes from other
* modules are set. This is required to prevent undefined states
*/
function module_ready() {
return true;
}
/* This function returns a list of all html-pages in module
* This is usefull for mass upload and pdf-files
* because lam can walk trough all pages itself and do some
* error checkings
*/
function pages() {
return array('attributes');
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
@ -103,30 +108,29 @@ class inetOrgPerson {
$this->attributes['postalAddress'][0] = $post['form_inetOrgPerson_postalAddress'];
$this->attributes['employeeType'][0] = $post['form_inetOrgPerson_employeeType'];
// handle host-attribute in on epice because it's not set by default
if (isset($this->attributes['host'])) {
$host = $post['form_inetOrgPerson_host'];
if ((!$host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $host))
$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'), 'host');
$hosts = explode(" ", $host);
$this->attributes['host'] = array();
foreach ($hosts as $host)
if ($host!="") $this->attributes['host'][] = $host;
}
// Check if givenname is valid
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'][0])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
// Check if surname is valid
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'][0])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'][0])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'][0])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'][0])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'][0])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'][0])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'][0])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'][0])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
// Do some regex-checks and return error if attributes are set to wrong values
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'][0])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'), 'givenname');
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'][0])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'), 'sn');
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'][0])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'), 'telephoneNumber');
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'), 'mobileTelephoneNumber');
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'), 'facsimileTelephoneNumber');
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'][0])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'), 'mail');
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'][0])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'), 'street');
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'][0])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'), 'postalAdress');
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'][0])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'), 'title');
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'][0])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'), 'employeeType');
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'][0])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'), 'personal_postalCode');
// Return error-messages
if (is_array($errors)) return $errors;
return 0;
@ -136,7 +140,6 @@ class inetOrgPerson {
* $attr is an array as it's retured from ldap_get_attributes
*/
function load_attributes($attr) {
// Load attributes which are displayed
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
@ -144,6 +147,7 @@ class inetOrgPerson {
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
// load attribtues
foreach ($attributes as $attribute) {
if (isset($this->orig[$attribute])) {
$this->orig[$attribute] = $attr[$attribute];
@ -151,25 +155,31 @@ class inetOrgPerson {
for ($i=0; $i<count($this->orig[$attribute]); $i++) $this->orig[$attribute][$i] = utf8_decode ($this->orig[$attribute][$i]);
}
}
// Values are kept as copy so we can compare old attributes with new attributes
// Add objectClass to orig because we don't want to add objectClass if it's already set
$this->orig['objectClass'][0] = 'inetOrgPerson';
// Values are kept as copy so we can compare old attributes with new attributes
$this->attributes = $this->orig;
return 0;
}
/* This function returns an array with 3 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
/* This function returns an array with 4 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr), 'lamdaemon' => array(cmds)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* lamdaemon are lamdaemon commands to modify homedir, quotas, ...
*/
function save_attributes() {
// Get easy attributes
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// unset password. First we hanlde userPassword with posixAccount, second we hanlde it completly separat
// because it en/decrypted in session
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
// Return attributes
return $return;
}
@ -262,9 +272,6 @@ class inetOrgPerson {
return 0;
}
}
?>

254
lam/lib/modules/main.inc Normal file
View File

@ -0,0 +1,254 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 Tilo Lutz
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host, domain
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
*/
/* This class contains all account LDAP attributes
* and funtioncs required to deal with account
* account can only be created when it should be added
* to an array.
* $base is the name of account_container in session
*
*/
/* Main-Module. Contains basic module functions have to be loaded first before
* any other module. This module doesn't support any ldap functions
* ldap functions in this module are only dummy functions
* It also chooses which page to show.
*/
class main {
// Constructor
function main($base) {
// Set counter to first page
$this->current_page = 0;
// reset subpage counter
$this->subpage = '';
// Get local copy of name of account_container in session
$this->base = $base;
// Set aliasname
$this->alias = _('main');
}
// Variables
// This variable stores the number of the current displayed page
var $current_page;
// This variable os set to the pagename of a subpage if it should be displayed
var $subpage;
// name of accountContainer so we can read other classes in accuontArray
var $base;
// Alias Name. This name is shown in the menu instead of main
var $alias;
/* This function returns a list with all required modules
*/
function dependencies() {
return array();
}
function module_ready() {
return true;
}
// Dummy functions to make module compatible
function load_attributes($attr) {
return 0;
}
// Dummy functions to make module compatible
function save_attributes() {
return array();
}
// Dummy functions to make module compatible
function get_attributes() {
return array();
}
function display_html_attributes($post) {
// Get list of profiles
$function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();';
eval($function);
$modules = $_SESSION[$this->base]->check_attributes();
if (count($modules)!=0) {
$disabled = 'disabled';
// Show reason why module is disabled
for ($i=0; $i<count($modules); $i++) StatusMessage('ERROR', _('Check module'), sprintf(_('Please set up all required attributes on %s page'), $_SESSION[$this->base]->module[$modules[$i]]->alias));
}
else $disabled = '';
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
echo "<td>" . _('Suffix') . "</td>\n";
echo "<td><select name=\"form_main_suffix\">";
// loop through all suffixes
$function = '$suffix = $_SESSION[$_SESSION[$this->base]->config]->get_'.ucfirst($_SESSION[$this->base]->type).'Suffix();';
eval($function);
foreach ($_SESSION[$_SESSION[$this->base]->ldap]->search_units($suffix) as $suffix) {
if ($_SESSION[$this->base]->dn) {
if ($_SESSION[$this->base]->dn == $suffix) echo "<option selected>$suffix</option>\n";
else echo "<option>$suffix</option>\n";
}
else echo "<option>$suffix</option>\n";
}
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=461\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
// Show fieldset with list of all user profiles
if (count($profilelist)!=0) {
echo "<tr>\n";
echo "<td>" . _("Load profile") . "</td>\n";
echo "<td><select name=\"form_main_selectLoadProfile\">";
foreach ($profilelist as $profile) echo "<option>$profile</option>\n";
echo "</select>\n";
echo "<input name=\"form_main_loadProfile\" type=\"submit\" value=\"" . _('Load Profile') . "\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=421\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
}
echo "<tr>\n";
echo "<td>" . _("Save profile") . "</td>\n";
echo "<td><input name=\"form_main_selectSaveProfile\" type=\"text\" size=\"30\" maxlength=\"50\">\n";
echo "<input name=\"form_main_saveProfile\" type=\"submit\" value=\"" . _('Save profile') . "\" $disabled ></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=457\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td><input name=\"form_main_create\" type=\"submit\" value=\"";
if ($_SESSION[$this->base]->dn_orig!='') echo _('Modify Account');
else echo _('Create Account');
echo "\" $disabled ></td>\n";
echo "</tr>\n";
echo "</table>\n";
return 0;
}
/* This page will be shown if an account
* has been saved
*/
function display_html_finish($post) {
// Show success message
if ($_SESSION[$this->base]->dn_orig=='') $kind = _('created');
else $kind = _('modified');
$text = sprintf(_('%s has been %s.'), ucfirst($_SESSION[$this->base]->type), $kind);
StatusMessage('INFO', _('LDAP operation successful.'), $text);
// Show rest of page
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
if ($_SESSION[$this->base]->dn_orig=='') {
echo "<td><input name=\"form_main_createagain\" type=\"submit\" value=\"";
echo sprintf(_('Create another %s'), $_SESSION[$this->base]->type);
echo "\"></td>\n";
}
echo "<td><input name=\"form_main_outputpdf\" type=\"submit\" value=\"" . _('Create PDF file') . "\"></td>\n";
echo "<td><input name=\"form_main_backmain\" type=\"submit\" value=\"";
echo sprintf (_('Back to %s list'), $_SESSION[$this->base]->type);
echo "\"></td>\n";
echo "</tr>\n";
echo "</table>\n";
return 0;
}
/* Write variables into object and do some regexp checks
*/
function proccess_finish($post) {
if ($post['form_main_createagain']) {
// Reset objects
$modules = array_keys($_SESSION[$this->base]->module);
foreach ($modules as $module)
if ($module!='main') unset($_SESSION[$this->base]->module[$module]);
// Reset accountContainer
$_SESSION[$this->base]->dn = '';
$_SESSION[$this->base]->dn_orig = '';
$_SESSION[$this->base]->attributes = array();
$_SESSION[$this->base]->order = array();
$this->current_page = 0;
$this->subpage = '';
// Add all required objects etc.
$_SESSION[$this->base]->new_account();
return 0;
}
if ($post['form_main_backmain']) {
// Return to *-list
// *** fixme unset accountContainer in session
metaRefresh("../lists/list".$_SESSION[$this->base]->type."s.php");
exit;
}
if ($post['form_main_outputpdf']) {
// Create / display PDf-file
$function = 'create'.ucfirst($_SESSION[$this->base]->type).'PDF(array($_SESSION[$this->base]));';
eval($function);
exit;
}
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
// change dn
if ($post['form_main_suffix']!='') $_SESSION[$this->base]->dn = $post['form_main_suffix'];
// load profile
if ($post['form_main_selectLoadProfile'] && $post['form_main_loadProfile']) {
// *** fixme load*Profile must return array in the same way ldap_get_attributes does.
$function = '$newattributes = load'.ucfirst($scope).'Profile($post[\'form_main_selectLoadProfile\']);';
eval($function);
// pass newattributes to each module
$modules = array_keys($_SESSION[$this->base]->module);
foreach ($modules as $module) $_SESSION[$this->base]->module[$module]->load_attributes($newattributes);
return 0;
}
// save account
if ($post['form_main_create']) {
$success = $_SESSION[$this->base]->save_account();
if (is_array($success)) return array($success);
// return name of subpage
return 'finish';
}
// save profile
if ($post['form_main_saveProfile']) {
if ($post['form_main_selectSaveProfile']=='') $errors[] = array('ERROR', _('Save profile'), _('No profilename given.'));
else {
$function = 'save'.ucfirst($scope).'Profile();';
eval($function);
if ($function) $errors[] = array('INFO', _('Save profile'), _('New profile created.'));
else $errors[] = array('ERROR', _('Save profile'), _('Wrong profilename given.'));
}
if (is_array($errors)) return $errors;
else return 0;
}
return 0;
}
}
?>

133
lam/lib/modules/posixAccount.inc
View File

@ -73,7 +73,7 @@ class posixAccount {
$_SESSION[$this->base]->add_attributes ('posixAccount');
$this->alias = _('posixAccount');
$groups = findgroups(); // list of all groupnames
$groups = $_SESSION[$_SESSION[$this->base]->cache]->findgroups(); // list of all groupnames
if (count($groups)==0) trigger_error(_('No groups found in ldap.'), E_USER_WARNING);
// Make references to attributes which already esists in ldap
@ -159,11 +159,20 @@ class posixAccount {
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
if ($this->orig['uid'][0]!='' && $post['form_posixAccount_uid']!=$this->attributes['uid'][0])
$errors[] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?'));
if ($this->orig['gidNumber'][0]!='' && $_SESSION[$_SESSION[$this->base]->cache]->getgid($post['form_posixAccount_gidNumber'])!=$this->attributes['gidNumber'][0])
$errors[] = array('INFO', _('GID number'), sprintf(_('GID number has changed. To keep file ownership you have to run the following command as root: \'find / -gid %s -uid %s -exec chgrp %s {} \;\''), $this->orig['gidNumber'][0], $this->orig['uidNumber'][0], $_SESSION[$_SESSION[$this->base]->cache]->getgid($post['form_posixAccount_gidNumber'])));
if ($this->orig['uidNumber'][0]!='' && $post['form_posixAccount_uidNumber']!=$this->attributes['uidNumber'][0])
$errors[] = array('INFO', _('UID number'), sprintf(_('UID number has changed. To keep file ownership you have to run the following command as root: \'find / -uid %s -exec chown %s {} \;\''), $this->orig['uidNumber'][0], $this->attributes['uidNumber'][0]));
if (isset($post['form_posixAccount_homeDirectory']) && $this->orig['homeDirectory'][0]!='' && $post['form_posixAccount_homeDirectory']!=$this->attributes['homeDirectory'][0])
$errors[] = array('INFO', _('Home directory'), sprintf(_('Home directory changed. To keep home directory you have to run the following command as root: \'mv %s %s\''), $this->orig['homeDirectory'][0], $this->attributes['homeDirectory'][0]));
// Load attributes
$this->attributes['uid'][0] = $post['form_posixAccount_uid'];
$this->attributes['cn'][0] = $this->attributes['uid'][0];
$this->attributes['uidNumber'][0] = $post['form_posixAccount_uidNumber'];
$this->attributes['gidNumber'][0] = getgrnam($post['form_posixAccount_gidNumber']);
$this->attributes['gidNumber'][0] = $_SESSION[$_SESSION[$this->base]->cache]->getgid($post['form_posixAccount_gidNumber']);
$this->attributes['homeDirectory'][0] = $post['form_posixAccount_homeDirectory'];
$this->attributes['loginShell'][0] = $post['form_posixAccount_loginShell'];
$this->attributes['gecos'][0] = $post['form_posixAccount_gecos'];
@ -247,7 +256,7 @@ class posixAccount {
if (($this->attributes['uid'][0] != $post['form_posixAccount_uid']) && ereg('[A-Z]$', $post['form_posixAccount_uid']))
$errors[] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
// Check if Homedir is valid
$this->attributes['homeDirectory'][0] = str_replace('$group', getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
$this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
if ($this->attributes['uid'][0] != '')
$this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]);
if ($this->attributes['homeDirectory'][0] != $post['form_posixAccount_homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
@ -333,10 +342,6 @@ class posixAccount {
if (isset($post['form_posixAccount_addgroups']) && isset($post['form_posixAccount_addgroups_button'])) { // Add groups to list
// Add new group
$this->groups = @array_merge($this->groups, $post['form_posixAccount_addgroups']);
// remove doubles
$this->groups = @array_flip($this->groups);
array_unique($this->groups);
$this->groups = @array_flip($this->groups);
// sort groups
sort($this->groups);
break;
@ -379,8 +384,9 @@ class posixAccount {
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group');
$DNs = array_keys($dn_groups);
foreach ($DNs as $DN) {
if (in_array($attr['uid'], $dn_groups[$DN]))
$this->groups[] = substr($DN, 3, strpos($DN, ',')-1);
if (in_array($attr['uid'][0], $dn_groups[$DN])) {
$this->groups[] = substr($DN, 3, strpos($DN, ',')-3);
}
}
$this->groups_orig = $this->groups;
return 0;
@ -434,52 +440,76 @@ class posixAccount {
// Remove primary group from additional groups
for ($i=0; $i<count($this->groups); $i++) {
if ($this->groups[$i]==getgrnam($this->attributes['gidNumber'])) unset($this->groups[$i]);
if ($this->groups[$i]==$_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'])) unset($this->groups[$i]);
}
// Set additional group memberships
if (is_array($this->groups)) {
// There are some additional groups defined
if (is_array($this->groups_orig)) {
//There are some old groups.
$add = array_delete($this->groups_orig, $this->groups);
$remove = array_delete($this->groups, $this->groups_orig);
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
if (in_array($dn_cns[$DN], $add)) $return[$DN]['add']['memberUid'] = $this->attributes['uid'];
if (in_array($dn_cns[$DN], $remove)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
if ($this->orig['uid'][0]!='' && $this->attributes['uid'][0]!=$this->orig['uid'][0]) {
// remove old memberships
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group');
$DNs = array_keys($dn_groups);
foreach ($DNs as $DN)
if (in_array($this->orig['uid'][0], $dn_groups[$DN]))
$return[$DN]['remove']['memberUid'][0] = $this->orig['uid'][0];
// Add new memberships
if (is_array($this->groups))
foreach ($this->groups as $group) {
$dn = $_SESSION[$_SESSION[$this->base]->ldap]->in_cache ($group, 'cn', 'group');
$return[$dn]['add']['memberUid'][0] = $this->attributes['uid'][0];
}
// primary group mut also be removed if it has changed after setting additional groups
if (in_array(getgrnam($this->attributes['gidNumber']), $this->groups_orig)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
}
else {
// Add user to every group
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
if (in_array($dn_cns[$DN], $this->groups)) $return[$DN]['add']['memberUid'] = $this->attributes['uid'];
}
}
}
else {
if (is_array($this->groups_orig)) {
//There are some old groups which have to be removed
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
if (in_array($dn_cns[$DN], $this->orig['groups'])) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
if (is_array($this->groups)) {
// There are some additional groups defined
if (is_array($this->groups_orig)) {
//There are some old groups.
$add = array_delete($this->groups_orig, $this->groups);
$remove = array_delete($this->groups, $this->groups_orig);
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
if (is_array($add))
if (in_array($dn_cns[$DN][0], $add)) $return[$DN]['add']['memberUid'] = $this->attributes['uid'];
if (is_array($remove))
if (in_array($dn_cns[$DN][0], $remove)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
}
// primary group mut also be removed if it has changed after setting additional groups
if (in_array($_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber']), $this->groups_orig)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
}
else {
// Add user to every group
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
if (in_array($dn_cns[$DN][0], $this->groups)) $return[$DN]['add']['memberUid'] = $this->attributes['uid'];
}
}
}
else {
if (is_array($this->groups_orig)) {
//There are some old groups which have to be removed
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
if (in_array($dn_cns[$DN][0], $this->orig['groups'])) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
}
}
}
}
if ($this->createhomedir) $return[$_SESSION[$this->base]->dn]['lamdaemon'][] = $this->attributes['uid'][0] . " home add";
if ($this->createhomedir) $return[$_SESSION[$this->base]->dn]['lamdaemon']['command'][] = $this->attributes['uid'][0] . " home add";
return $return;
}
function delete_attributes() {
}
/* This function returns all ldap attributes
* which are part of posixAccount and returns
* also their values.
@ -495,7 +525,7 @@ class posixAccount {
* It will output a complete html-table
*/
function display_html_attributes($post) {
$groups = findgroups(); // list of all groupnames
$groups = $_SESSION[$_SESSION[$this->base]->cache]->findgroups(); // list of all groupnames
$shelllist = getshells(); // list of all valid shells
if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword();
else $password='';
@ -517,10 +547,10 @@ class posixAccount {
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Primary group') . "*</td>\n";
echo "<td><select name=\"form_posixAccount_group\">";
echo "<td><select name=\"form_posixAccount_gidNumber\">";
// loop trough existing groups
foreach ($groups as $group)
if (getgrnam($this->attributes['gidNumber'][0]) == $group) echo "<option selected> $group </option>\n";
if ($_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'][0]) == $group) echo "<option selected> $group </option>\n";
else echo "<option> $group </option>\n";
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=406\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
@ -590,17 +620,18 @@ class posixAccount {
function display_html_group($post) {
// load list with all groups
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uidNumber', 'posixGroup', 'group');
foreach ($dn_groups as $group) $groups[] = $group[0];
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixGroup', 'group');
$DNs = array_keys($dn_groups);
foreach ($DNs as $DN)
$groups[] = substr($DN, 3, strpos($DN, ',')-3);
// sort groups
sort($groups, SORT_STRING);
// remove groups the user is member of from grouplist
$groups = array_delete($this->groups, $groups);
// Remove primary group from grouplist
$groups = array_flip($groups);
if (isset($groups[getgrnam($this->attributes['gidNumber'])])) unset ($groups[getgrnam($this->attributes['gidNumber'])]);
if (isset($groups[$_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'])])) unset ($groups[$_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'])]);
$groups = array_flip($groups);
echo "<table border=0 width=\"100%\">\n<tr>\n";
echo "<td><fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\"><b>" . _("Additional groups") . "</b></legend>\n";
@ -612,7 +643,7 @@ class posixAccount {
if (count($this->groups)!=0) {
echo "<select name=\"form_posixAccount_removegroups[]\" class=\"".$_SESSION[$this->base]->type."edit-bright\" size=15 multiple>\n";
for ($i=0; $i<count($this->groups); $i++)
if ($this->groups[$i]!='') echo "<option> $this->groups[$i] </option>\n";
echo "<option>" . $this->groups[$i] . "</option>\n";
echo "</select>\n";
}
echo "</fieldset></td>\n";
@ -627,7 +658,7 @@ class posixAccount {
if (count($groups)!=0) {
echo "<select name=\"form_posixAccount_addgroups[]\" size=15 multiple class=\"".$_SESSION[$this->base]->type."edit-bright\">\n";
for ($i=0; $i<count($groups); $i++)
if ($groups[$i]!='') echo "<option> $groups[$i] </option>\n";
echo "<option> $groups[$i] </option>\n";
echo "</select>\n";
}
echo "</fieldset></td>\n";

587
lam/lib/modules/posixGroup.inc Normal file
View File

@ -0,0 +1,587 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 Tilo Lutz
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* Session variables which are used:
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
*
* Coockie variables which are used:
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
* External functions which are used
* account.inc: findgroups, incache, get_cache, array_delete, getshells
* ldap.inc: pwd_is_enabled, pwd_hash
*/
/* This class contains all posixGroup LDAP attributes
* and funtioncs required to deal with posixGroup
* posixGroup can only be created when it should be added
* to an array.
* basearray is the same array posixGroup should be added
* to. If basearray is not given the constructor tries to
* create an array with posixGroup and all other required
* objects.
* Example: $user[] = new posixGroup($user);
*
* In container array the following things have to exist:
* account or inetOrgPerson object
* type: 'user' or 'host'
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
*/
class posixGroup {
// Constructor
function posixGroup($base) {
/* Return an error if posixGroup should be created without
* base container
*/
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'posixGroup\');'), E_USER_ERROR);
$this->base = $base;
// posixGroup is only a valid objectClass for user and host
if ($_SESSION[$this->base]->get_type() != 'group') trigger_error(_('posixGroup can only be used for groups.'), E_USER_WARNING);
// Add Array with all attributes and type
$this->attributes = $_SESSION[$this->base]->get_module_attributes('posixGroup');
$_SESSION[$this->base]->add_attributes ('posixGroup');
$this->alias = _('posixGroup');
// Make references to attributes which already esists in ldap
$newattributes = array_keys($this->attributes);
$module = array_keys($_SESSION[$this->base]->module);
// fixme *** do we have to unset module posixAccuont itself
for ($i=0; $i<count($module); $i++) {
foreach ($newattributes as $attribute)
if (isset($_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute]))
$this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute];
}
$this->orig = $this->attributes ;
$this->attributes['objectClass'][0] = 'posixGroup';
$this->changegids=false;
}
// Variables
// Alias Name. This name is shown in the menu instead of posixGroup
var $alias;
// name of accountContainer so we can read other classes in accuontArray
var $base;
// Use a unix password?
var $userPassword_no;
// Lock account?
var $userPassword_lock;
// change gids of users and hosts?
var $changegids;
// This variable contains all inetOrgPerson attributes
var $attributes;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig;
/* $attribute['userPassword'] can't accessed directly because it's enrcypted
* To read / write password function userPassword is needed
* This function will return the unencrypted password when
* called without a variable
* If it's called with a new password, the
* new password will be stored encrypted
*/
function userPassword($newpassword=false) {
if (is_string($newpassword)) {
// Write new password
if ($newpassword!='') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$this->attributes['userPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
}
else $this->attributes['userPassword'][0] = '';
return 0;
}
else {
if ($this->attributes['userPassword'][0]!='') {
// Read existing password if set
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
return $password;
}
else return '';
}
}
/* This function returns a list with all required modules
*/
function dependencies() {
return array('main');
}
function module_ready() {
return true;
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
if ($this->orig['gidNumber'][0]!='' && $post['form_posixGroup_gidNumber']!=$this->attributes['gidNumber'][0])
$errors[] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.'));
// Load attributes
$this->attributes['cn'][0] = $post['form_posixGroup_cn'];
$this->attributes['gidNumber'][0] = $post['form_posixGroup_gidNumber'];
$this->attributes['description'][0] = $post['form_posixGroup_description'];
if ($post['form_posixGroup_userPassword_no']) $this->userPassword_no=true;
else $this->userPassword_no=false;
if ($post['form_posixGroup_userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false;
if ($post['form_posixGroup_changegids']) $this->changegids=true;
else $this->changegids=false;
if (isset($post['form_posixGroup_userPassword'])) {
if ($post['form_posixGroup_userPassword'] != $post['form_posixGroup_userPassword2']) {
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
unset ($post['form_posixGroup_userPassword2']);
}
else $this->userPassword($post['form_posixGroup_userPassword']);
}
if ($post['form_posixGroup_genpass']) $this->userPassword(genpasswd());
// Check if UID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber
$minID = intval($_SESSION[$_SESSION[$this->base]->config]->get_minGID());
$maxID = intval($_SESSION[$_SESSION[$this->base]->config]->get_maxGID());
$dn_gids = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixGroup', '*');
// get_cache will return an array ( dn1 => array(uidnumber1), dn2 => array(uidnumber2), ... )
foreach ($dn_gids as $gid) $gids[] = $gid[0];
if(is_array($gids)) sort ($gids, SORT_NUMERIC);
if ($this->attributes['gidNumber'][0]=='') {
// No id-number given
if ($this->orig['gidNumber'][0]=='') {
// new account -> we have to find a free id-number
if (count($gids)!=0) {
// There are some uids
// Store highest id-number
$id = $gids[count($gids)-1];
// Return minimum allowed id-number if all found id-numbers are too low
if ($id < $minID) $this->attributes['gidNumber'][0] = $minID;
// Return higesht used id-number + 1 if it's still in valid range
if ($id < $maxID) $this->attributes['gidNumber'][0] = $id+1;
/* If this function is still running we have to fid a free id-number between
* the used id-numbers
*/
$i = intval($minID);
while (in_array($i, $gids)) $i++;
if ($i>$maxID)
$errors[] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
else {
$this->attributes['gidNumber'][0] = $i;
$errors[] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
}
}
else $this->attributes['gidNumber'][0] = $minID;
// return minimum allowed id-number if no id-numbers are found
}
else $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
// old account -> return id-number which has been used
}
else {
// Check manual ID
// id-number is out of valid range
if ( ($this->attributes['gidNumber'][0]!=$post['form_posixGroup_gidNumber']) && ($this->attributes['gidNumber'][0] < $minID || $this->attributes['gidNumber'][0] > $maxID)) $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
// $uids is allways an array but not if no entries were found
if (is_array($gids)) {
// id-number is in use and account is a new account
if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
// id-number is in use, account is existing account and id-number is not used by itself
if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]!='' && ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0]) ) {
$errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
$this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
}
}
}
if (($this->attributes['cn'][0] != $post['form_posixGroup_cn']) && ereg('[A-Z]$', $post['form_posixGroup_cn']))
$errors[] = array('WARN', _('Groupname'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
// Check if Username contains only valid characters
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])+$', $this->attributes['cn'][0]))
$errors[] = array('ERROR', _('Groupname'), _('Groupname contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
// Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use
// Set username back to original name if new username is in use
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['cn'][0],'cn', '*')!=false && ($this->orig['cn'][0]!='')) {
$this->attributes['cn'][0] = $this->orig['cn'][0];
}
// Change uid to a new uid until a free uid is found
else while ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['cn'][0], 'cn', '*')) {
// get last character of username
$lastchar = substr($this->attributes['cn'][0], strlen($this->attributes['cn'][0])-1, 1);
// Last character is no number
if ( !ereg('^([0-9])+$', $lastchar))
/* Last character is no number. Therefore we only have to
* add "2" to it.
*/
$this->attributes['cn'][0] = $this->attributes['cn'][0] . '2';
else {
/* Last character is a number -> we have to increase the number until we've
* found a groupname with trailing number which is not in use.
*
* $i will show us were we have to split groupname so we get a part
* with the groupname and a part with the trailing number
*/
$i=strlen($this->attributes['cn'][0])-1;
$mark = false;
// Set $i to the last character which is a number in $account_new->general_username
while (!$mark) {
if (ereg('^([0-9])+$',substr($this->attributes['cn'][0], $i, strlen($this->attributes['cn'][0])-$i))) $i--;
else $mark=true;
}
// increase last number with one
$firstchars = substr($this->attributes['cn'][0], 0, $i+1);
$lastchars = substr($this->attributes['cn'][0], $i+1, strlen($this->attributes['cn'][0])-$i);
// Put username together
$this->attributes['cn'][0] = $firstchars . (intval($lastchars)+1);
}
}
// Show warning if lam has changed username
if ($this->attributes['cn'][0] != $post['form_posixGroup_cn']) {
$errors[] = array('WARN', _('Groupname'), _('Groupname in use. Selected next free groupname.'));
}
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $this->userPassword()))
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
// Return error-messages
if (is_array($errors)) return $errors;
// Go to additional group page when no error did ocour and button was pressed
if ($post['form_posixGroup_adduser']) return 'user';
return 0;
}
/* Write variables into object and do some regexp checks
*/
function proccess_user($post) {
do { // X-Or, only one if() can be true
if (isset($post['form_posixGroup_addusers']) && isset($post['form_posixGroup_addusers_button'])) { // Add groups to list
// Add new user
$this->attributes['memberUid'] = @array_merge($this->attributes['memberUid'], $post['form_posixGroup_addusers']);
// remove doubles
$this->attributes['memberUid'] = @array_flip($this->attributes['memberUid']);
array_unique($this->attributes['memberUid']);
$this->attributes['memberUid'] = @array_flip($this->attributes['memberUid']);
// sort groups
sort($this->attributes['memberUid']);
break;
}
if (isset($post['form_posixGroup_removeusers']) && isset($post['form_posixGroup_removeusers_button'])) { // remove groups from list
$this->attributes['memberUid'] = array_delete($post['form_posixGroup_removeusers'], $this->attributes['memberUid']);
break;
}
} while(0);
if (isset($post['form_posixGroup_adduser_button']) || isset($post['form_posixGroup_removeuser_button'])) return 'user';
if ($post['form_posixGroup_toattributes']) return 'attributes';
return 0;
}
/* This function loads all attributes into the object
* $attr is an array as it's retured from ldap_get_attributes
*/
function load_attributes($attr) {
// Load attributes which are displayed
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->attributes['objectClass'][0] = 'posixGroup';
$this->orig = $this->attributes;
return 0;
}
/* This function returns an array with 3 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes() {
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
// Set unix password
if (count($this->orig['userPassword'])==0) {
// New user or no old password set
if ($this->userPassword_no) {
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
}
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
}
else {
if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0] && $this->userPassword()!='' ) || $this->userPassword_no) {
// Write new password
if ($this->userPassword_no) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
}
else { // No new password but old password
// (un)lock password
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'][0])) {
// Split old password hash in {CRYPT} and password-hash
$i = 0;
while ($this->orig['userPassword'][0]{$i} != '}') $i++;
$passwd = substr($this->orig['userPassword'][0], $i+1 );
$crypt = substr($this->orig['userPassword'][0], 0, $i+1 );
// remove trailing ! from password hash
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
// Write new password
if ($this->userPassword_lock) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt!$passwd");
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt$passwd");
}
}
}
// Remove primary group from users from memberUid
$users_dn = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixAccount', 'user');
$DNs = array_keys($users_dn);
for ($i=0; $i<count($DNs); $i++) {
if ($users_dn[$DNs[$i]][0]==$this->attributes['gidNumber'][0]) {
$thisuser = substr($DNs[$i], 4, strpos($DNs[$i], ",")-4);
if (@in_array($thisuser, $this->attribtues['memberUid'])) {
$this->attribtues['memberUid'] = @array_flip($this->attribtues['memberUid']);
unset($this->attribtues['memberUid'][$thisuser]);
$this->attribtues['memberUid'] = @array_flip($this->attribtues['memberUid']);
}
}
}
// Change gids of users and hosts?
if ($this->changegids) {
// get gidNumber
$line=-1;
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME 'posixAccount'")) $line = $i;
}
if ($line!=-1) {
$result = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixAccount', '*');
$DNs = array_keys($result);
for ($i=0; $i<count($DNs); $i++)
if ($result[$DNs[$i]][0] == $this->orig['gidNumber'][0]) $return[$DNs[$i]]['modify']['gidNumber'][0] = $this->attributes['gidNumber'][0];
}
// change primaryGroupID
$line=-1;
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME 'sambaAccount'")) $line = $i;
}
if ($line!=-1) {
$result = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('primaryGroupID', 'sambaAccount', '*');
$DNs = array_keys($result);
for ($i=0; $i<count($DNs); $i++) {
if ($result[$DNs[$i]][0] == $this->orig['gidNumber'][0]*2+1001 ) $return[$DNs[$i]]['modify']['PrimaryGroupID'][0] = $this->attributes['gidNumber'][0]*2+1001;
}
}
// change sambaPrimaryGroupSID
$line=-1;
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME 'sambaSamAccount'")) $line = $i;
}
if ($line!=-1) {
$result = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('sambaPrimaryGroupSID', 'sambaSamAccount', '*');
$DNs = array_keys($result);
for ($i=0; $i<count($DNs); $i++) {
// Get Domain SID from name
$sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix());
// Get Domain-SID from group SID
$domainSID = substr($result[$DNs[$i]], 0, strrpos($result[$DNs[$i]], "-"));
for ($i=0; $i<count($sambaDomains); $i++ )
if ($domainSID==$sambaDomains[$i]->SID)
$RIDbase = $sambaDomains[$i]->RIDbase;
if ($result[$DNs[$i]][0] == $SID . "-" . $this->orig['gidNumber'][0]*2+1+$RIDbase ) $return[$DNs[$i]]['modify']['sambaPrimaryGroupSID'][0] = $SID . "-" . $this->attributes['gidNumber'][0]*2+1+$RIDbase;
}
}
}
return $return;
}
/* This function returns all ldap attributes
* which are part of posixGroup and returns
* also their values.
*/
function get_attributes() {
$return = $this->attributes;
$return['userPassword'] = $this->userPassword();
return $return;
}
/* This function will create the html-page
* to show a page with all attributes.
* It will output a complete html-table
*/
function display_html_attributes($post) {
if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword();
else $password='';
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
echo '<td>' . _('Groupname') . "*</td>\n";
echo "<td><input name=\"form_posixGroup_cn\" type=\"text\" size=\"20\" maxlength=\"20\" value=\"".$this->attributes['cn'][0]."\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=400\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('GID number') ."</td>\n";
echo "<td><input name=\"form_posixGroup_gidNumber\" type=\"text\" size=\"6\" maxlength=\"6\" value=\"".$this->attributes['gidNumber'][0]."\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=401\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Description') . "</td>\n";
echo "<td><input name=\"form_posixGroup_description\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['description'][0]."\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=404\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Group members') . "</td>\n";
echo "<td><input name=\"form_posixGroup_adduser\" type=\"submit\" value=\"" . _('Edit groups') . "\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=402\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Password') . "</td>\n";
echo "<td><input name=\"form_posixGroup_userPassword\" type=\"password\" size=\"20\" maxlength=\"20\" value=\"$password\"></td>\n";
echo "<td><input name=\"form_posixGroup_genpass\" type=\"submit\" value=\"" . _('Generate password') . "\"></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Repeat password') . "</td>\n";
echo "<td><input name=\"form_posixGroup_userPassword2\" type=\"password\" size=\"20\" maxlength=\"20\" value=\"";
if ($post['form_posixGroup_userPassword2']!='') echo $post['form_posixGroup_userPassword2'];
else echo $password;
echo "\"></td>\n";
echo "<td></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Use no password') . "</td>\n";
echo "<td><input name=\"form_posixGroup_userPassword_no\" type=\"checkbox\"";
if ($this->userPassword_no) echo " checked ";
echo "></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=426\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Lock password') . "</td>\n";
echo "<td><input name=\"form_posixGroup_userPassword_lock\" type=\"checkbox\"";
if ($this->userPassword_lock) echo " checked ";
echo "></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=426\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='') {
echo "<tr>\n";
echo "<td>" . _('Change GID number of users and hosts') . "</td>\n";
echo "<td><input name=\"form_posixGroup_changegids\" type=\"checkbox\"";
if ($this->changegids) echo " checked ";
echo "></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=XXX\" target=\"lamhelp\">" . _('Help-XX') . "</a></td>\n";
echo "</tr>\n";
}
echo "</table>\n";
return 0;
}
function display_html_user($post) {
// load list with all groups
$dn_users = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uid', 'posixAccount', 'user');
foreach ($dn_users as $user) $users[] = $user[0];
// sort groups
sort($users, SORT_STRING);
// remove groups the user is member of from grouplist
$users = array_delete($this->attributes['memberUid'], $users);
// Remove primary group from grouplist
$users_dn = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixAccount', 'user');
$DNs = array_keys($users_dn);
for ($i=0; $i<count($DNs); $i++) {
if ($users_dn[$DNs[$i]][0]==$this->attributes['gidNumber'][0]) {
$thisuser = substr($DNs[$i], 4, strpos($DNs[$i], ",")-4);
if (in_array($thisuser, $users)) {
$users = @array_flip($users);
unset($users[$thisuser]);
$users = @array_flip($users);
}
}
}
// sort users
sort($users);
echo "<table border=0 width=\"100%\">\n<tr>\n";
echo "<td><fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\"><b>" . _("Group members") . "</b></legend>\n";
echo "<table border=0 width=\"100%\">\n<tr>\n";
echo "<td valign=\"top\">";
echo "<fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\">" . _("Selected users") . "</legend>\n";
// Show all groups the user is additional member of
if (count($this->attributes['memberUid'])!=0) {
echo "<select name=\"form_posixGroup_removeusers[]\" class=\"".$_SESSION[$this->base]->type."edit-bright\" size=15 multiple>\n";
foreach ($this->attributes['memberUid'] as $member)
if ($member!='') echo "<option>$member</option>\n";
echo "</select>\n";
}
echo "</fieldset></td>\n";
echo "<td align=\"center\" width=\"10%\"><input type=\"submit\" name=\"form_posixGroup_addusers_button\" value=\"<=\">";
echo " ";
echo "<input type=\"submit\" name=\"form_posixGroup_removeusers_button\" value=\"=>\"><br><br>";
echo "<a href=\""."../help.php?HelpNumber=402\" target=\"lamhelp\">"._('Help')."</a></td>\n";
echo "<td valign=\"top\">\n";
echo "<fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\">" . _('Available users') . "</legend>\n";
// show all groups expect these the user is member of
if (count($users)!=0) {
echo "<select name=\"form_posixGroup_addusers[]\" size=15 multiple class=\"".$_SESSION[$this->base]->type."edit-bright\">\n";
for ($i=0; $i<count($users); $i++)
if ($users[$i]!='') echo "<option> $users[$i] </option>\n";
echo "</select>\n";
}
echo "</fieldset></td>\n";
echo "</tr>\n";
echo "</table>\n";
echo "<input name=\"form_posixGroup_toattributes\" type=\"submit\" value=\""; echo _('Back'); echo "\">\n";
echo "</fieldset>\n";
echo "</td></tr></table>\n";
return 0;
}
}
?>

271
lam/lib/modules/quota.inc Normal file
View File

@ -0,0 +1,271 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 Tilo Lutz
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
class quota {
// Constructor
function quota($base) {
$this->base = $base;
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'quota\');'), E_USER_ERROR);
// quota is only a valid objectClass for user and host
if (!($_SESSION[$this->base]->get_type() == 'user') && !($_SESSION[$this->base]->get_type() == 'group')) trigger_error(_('quota can only be used for users or hosts.'), E_USER_WARNING);
/* Check if ldap conatiner is in array and set type
* users are using inetOrgPerson-, hosts account-container
*/
if (!isset($_SESSION[$this->base]->module['posixAccount']) && $_SESSION[$this->base]->type=='user') $_SESSION[$this->base]->add_objectClass('posixAccount');
if (!isset($_SESSION[$this->base]->module['posixGroup']) && $_SESSION[$this->base]->type=='group') $_SESSION[$this->base]->add_objectClass('posixGroup');
$this->alias = _('quota');
// Get basic quotas for new account
$output_array = $_SESSION[$this->base]->lamdaemon(array("+ quota get " . $_SESSION[$this->base]->type));
// process quotas
if (is_array($output_array)) {
$all_quota = explode(':', $output_array[0]);
for ($j=0; $j<sizeof($all_quota)-1; $j++) {
$single_quota = explode(',', $all_quota[$j]);
// unset not existing quotas from account-object
// collect all existing mountpoints in array
$real_quotas[] = $single_quota[0];
for ($k=0; $k<sizeof($single_quota); $k++)
$this->quota[$j][$k] = $single_quota[$k];
if ($this->quota[$j][4]<time()) $this->quota[$j][4] = '';
else $this->quota[$j][4] = strval(intval(($this->quota[$j][4]-time())/3600)) .' '. _('hours');
if ($this->quota[$j][8]<time()) $this->quota[$j][8] = '';
else $this->quota[$j][8] = strval(intval(($this->quota[$j][8]-time())/3600)) .' '. _('hours');
}
$j=0;
while (isset($this->quota[$j][0]))
// remove invalid quotas
if (!in_array($this->quota[$j][0], $real_quotas)) unset($this->quota[$j]);
else $j++;
// Beautify array, repair index
if (is_array($this->quota)) $this->quota = array_values($this->quota);
}
}
// Variables
// Alias Name. This name is shown in the menu instead of quota
var $alias;
// name of accountContainer so we can read other classes in accuontArray
var $base;
var $quota;
/* This function returns a list with all required modules
*/
function dependencies() {
if ($_SESSION[$this->base]->type=='user') return array('posixAccount');
if ($_SESSION[$this->base]->type=='group') return array('posixGroup');
// return error if unsupported type is used
return -1;
}
function module_ready() {
if (!isset($_SESSION[$_SESSION[$this->base]->config]->scriptPath)) return $false;
if ($_SESSION[$this->base]->type=='user' && $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0]=='') return false;
if ($_SESSION[$this->base]->type=='group' && $_SESSION[$this->base]->module['posixGroup']->attributes['cn'][0]=='') return false;
return true;
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
// Write all general values into $account_new
$i=0;
// loop for every mointpoint with quotas
while ($this->quota[$i][0]) {
$this->quota[$i][2] = $post['form_quota_' . $i . '_2'];
$this->quota[$i][3] = $post['form_quota_' . $i . '_3'];
$this->quota[$i][6] = $post['form_quota_' . $i . '_6'];
$this->quota[$i][7] = $post['form_quota_' . $i . '_7'];
// Check if values are OK and set automatic values. if not error-variable will be set
if (!ereg('^([0-9])*$', $this->quota[$i][2]))
$errors[] = array('ERROR', _('Block soft quota'), _('Block soft quota contains invalid characters. Only natural numbers are allowed'));
if (!ereg('^([0-9])*$', $this->quota[$i][3]))
$errors[] = array('ERROR', _('Block hard quota'), _('Block hard quota contains invalid characters. Only natural numbers are allowed'));
if (!ereg('^([0-9])*$', $this->quota[$i][6]))
$errors[] = array('ERROR', _('Inode soft quota'), _('Inode soft quota contains invalid characters. Only natural numbers are allowed'));
if (!ereg('^([0-9])*$', $this->quota[$i][7]))
$errors[] = array('ERROR', _('Inode hard quota'), _('Inode hard quota contains invalid characters. Only natural numbers are allowed'));
if (intval($this->quota[$i][2]) > intval($this->quota[$i][3]))
$errors[] = array('ERROR', _('Block quota'), _('Block soft quota must be smaller than block hard quota'));
if (intval($this->quota[$i][6]) > intval($this->quota[$i][7]))
$errors[] = array('ERROR', _('Inode quota'), _('Inode soft quota must be smaller than inode hard quota'));
$i++;
}
// Return error-messages
if (is_array($errors)) return $errors;
// Go to additional group page when no error did ocour and button was pressed
return 0;
}
/* This function loads all attributes into the object
* $attr is an array as it's retured from ldap_get_attributes
*/
function load_attributes($attr) {
// Load name
if ($_SESSION[$this->base]->type=='user') $id = $attr['uid'][0];
if ($_SESSION[$this->base]->type=='group') $id = $attr['cn'][0];
// Get quotas
$output_array = $_SESSION[$this->base]->lamdaemon(array("$id quota get " . $_SESSION[$this->base]->type));
// process quotas
if (is_array($output_array)) {
$all_quota = explode(':', $output_array[0]);
for ($j=0; $j<sizeof($all_quota)-1; $j++) {
$single_quota = explode(',', $all_quota[$j]);
// unset not existing quotas from account-object
// collect all existing mountpoints in array
$real_quotas[] = $single_quota[0];
for ($k=0; $k<sizeof($single_quota); $k++)
$this->quota[$j][$k] = $single_quota[$k];
if ($this->quota[$j][4]<time()) $this->quota[$j][4] = '';
else $this->quota[$j][4] = strval(intval(($this->quota[$j][4]-time())/3600)) .' '. _('hours');
if ($this->quota[$j][8]<time()) $this->quota[$j][8] = '';
else $this->quota[$j][8] = strval(intval(($this->quota[$j][8]-time())/3600)) .' '. _('hours');
}
$j=0;
while (isset($this->quota[$j][0]))
// remove invalid quotas
if (!in_array($this->quota[$j][0], $real_quotas)) unset($this->quota[$j]);
else $j++;
// Beautify array, repair index
if (is_array($this->quota)) $this->quota = array_values($this->quota);
}
return 0;
}
/* This function returns an array with 3 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes() {
/* Check wich quotas have changed
* Because we can not send an array to lamdaemon.pl we have to put all
* values in a string. ':' sepraeates the first array, ',' the second
*
* $values->quota[][] First array is an index for every chare with active quotas
* second array Contains values for every share:
* mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes,
* soft inode limit, hard inode limit, grace inode period
*/
$i=0;
while ($this->quota[$i][0]) {
$quotastring = $quotastring . $this->quota[$i][0] . ',' . $this->quota[$i][2] . ',' . $this->quota[$i][3]
. ',' . $this->quota[$i][6] . ',' . $this->quota[$i][7] . ':';
$i++;
}
if ($_SESSION[$this->base]->type=='user') $id = $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0];
if ($_SESSION[$this->base]->type=='group') $id = $_SESSION[$this->base]->module['posixGroup']->attributes['cn'][0];
$return[$_SESSION[$this->base]->dn]['lamdaemon']['command'][] = $id . " quota set " . $_SESSION[$this->base]->type . " $quotastring\n";
return $return;
}
function delete_attributes() {
$i=0;
while ($this->quota[$i][0]) {
$quotastring = $quotastring . $this->quota[$i][0] . ',0,0,0,0:';
$i++;
}
if ($_SESSION[$this->base]->type=='user') $id = $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0];
if ($_SESSION[$this->base]->type=='group') $id = $_SESSION[$this->base]->module['posixGroup']->attributes['cn'][0];
$return[$_SESSION[$this->base]->dn]['lamdaemon']['command'][] = $id . " quota set " . $_SESSION[$this->base]->type . " $quotastring\n";
return $return;
}
/* This function returns all ldap attributes
* which are part of quota and returns
* also their values.
*/
function get_attributes() {
return $this->quota;
}
/* This function will create the html-page
* to show a page with all attributes.
* It will output a complete html-table
*/
function display_html_attributes($post) {
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
echo "<td>" . _('Mountpoint') . "</td>\n";
echo "<td>" . _('Used blocks') . "</td>\n";
echo "<td>" . _('Soft block limit') . "</td>\n";
echo "<td>" . _('Hard block limit') . "</td>\n";
echo "<td>" . _('Grace block period') . "</td>\n";
echo "<td>" . _('Used inodes') . "</td>\n";
echo "<td>" . _('Soft inode limit') . "</td>\n";
echo "<td>" . _('Hard inode limit') . "</td>\n";
echo "<td>" . _('Grace inode period') . "</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td><a href=\"../help.php?HelpNumber=439\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=440\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=441\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=442\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=443\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=444\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=445\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=446\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=447\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
$i=0;
// loop for every mointpoint with enabled quotas
while ($this->quota[$i][0]) {
echo "<tr>\n";
echo "<td>" . $this->quota[$i][0] . "</td>\n";
echo "<td>" . $this->quota[$i][1] . "</td>\n"; // used blocks
echo "<td><input name=\"form_quota_" . $i . "_2\" type=\"text\" size=\"12\" maxlength=\"20\" value=\"" . $this->quota[$i][2] . "\"></td>\n"; // blocks soft limit
echo "<td><input name=\"form_quota_" . $i . "_3\" type=\"text\" size=\"12\" maxlength=\"20\" value=\"" . $this->quota[$i][3] . "\"></td>\n"; // blocks hard limit
echo "<td>" . $this->quota[$i][4] . "</td>\n"; // block grace period
echo "<td>" . $this->quota[$i][5] . "</td>\n"; // used inodes
echo "<td><input name=\"form_quota_" . $i . "_6\" type=\"text\" size=\"12\" maxlength=\"20\" value=\"" . $this->quota[$i][6] . "\"></td>\n"; // inodes soft limit
echo "<td><input name=\"form_quota_" . $i . "_7\" type=\"text\" size=\"12\" maxlength=\"20\" value=\"" . $this->quota[$i][7] . "\"></td>\n"; // inodes hard limit
echo "<td>" . $this->quota[$i][8] . "</td>\n";
echo "</tr>\n"; // inodes grace period
$i++;
}
echo "</table>\n";
return 0;
}
}
?>

14
lam/lib/modules/sambaAccount.inc
View File

@ -209,13 +209,13 @@ class sambaAccount {
if ($post['form_sambaAccount_rid']== _('Administrator')) {
$this->attributes['rid'][0] = "500";
// Do a check if an administrator already exists
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("500", 'rid', 'user'))
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("500", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig)
$errors[] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.'));
}
if ($post['form_sambaAccount_rid']== _('Guest')) {
$this->attributes['rid'][0] = "501";
// Do a check if an administrator already exists
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("501", 'rid', 'user'))
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("501", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig)
$errors[] = array('ERROR', _('Special user'), _('There can be only one guest per domain.'));
}
$this->attributes['smbHome'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['smbHome'][0]);
@ -338,6 +338,12 @@ class sambaAccount {
if ($this->attributes['rid'][0] == "501") $special = true;
if ($this->attributes['rid'][0] == "515") $special = true;
if (!$special) $this->attributes['rid'][0] == $_SESSION[$this->base]->module['posixAccount']->attributes['uidNumber'][0]*2+1000;
$rids = array_keys($this->rids);
$wrid = false;
for ($i=0; $i<count($rids); $i++)
if ($this->attributes['primaryGroupID'][0] == $rids[$i])
$wrid = true;
if (!$wrid) $this->attributes['primaryGroupID'][0] = ($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]*2)+1001;
@ -509,8 +515,8 @@ class sambaAccount {
}
else echo "<option>" . $names[$i] . "</option>";
}
if ($wrid) echo "<option>" . getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
else echo "<option selected>" . getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
if ($wrid) echo "<option>" . $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
else echo "<option selected>" . $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=464\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";

269
lam/lib/modules/sambaGroupMapping.inc Normal file
View File

@ -0,0 +1,269 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 Tilo Lutz
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* Session variables which are used:
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
*
* Coockie variables which are used:
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
* External functions which are used
* account.inc: findgroups, incache, get_cache, array_delete, getshells
* ldap.inc: pwd_is_enabled, pwd_hash
*/
/* This class contains all sambaGroupMapping LDAP attributes
* and funtioncs required to deal with sambaGroupMapping
* sambaGroupMapping can only be created when it should be added
* to an array.
* basearray is the same array sambaGroupMapping should be added
* to. If basearray is not given the constructor tries to
* create an array with sambaGroupMapping and all other required
* objects.
* Example: $user[] = new sambaGroupMapping($user);
*
* In container array the following things have to exist:
* account or inetOrgPerson object
* type: 'user' or 'host'
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
*/
class sambaGroupMapping {
// Constructor
function sambaGroupMapping($base) {
/* Return an error if sambaGroupMapping should be created without
* base container
*/
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'sambaGroupMapping\');'), E_USER_ERROR);
$this->base = $base;
// sambaGroupMapping is only a valid objectClass for user and host
if ($_SESSION[$this->base]->get_type() != 'group') trigger_error(_('sambaGroupMapping can only be used for groups.'), E_USER_WARNING);
// Add Array with all attributes and type
$this->attributes = $_SESSION[$this->base]->get_module_attributes('sambaGroupMapping');
$_SESSION[$this->base]->add_attributes ('sambaGroupMapping');
$this->alias = _('sambaGroupMapping');
// Make references to attributes which already esists in ldap
$newattributes = array_keys($this->attributes);
$module = array_keys($_SESSION[$this->base]->module);
// fixme *** do we have to unset module posixAccuont itself
for ($i=0; $i<count($module); $i++) {
foreach ($newattributes as $attribute)
if (isset($_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute])) $this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute];
}
$this->orig = $this->attributes ;
$this->attributes['objectClass'][0] = 'sambaGroupMapping';
$this->rids = array ( _('Domain Admins') => 512, _('Domain Users') => 513, _('Domain Guests') => 514, _('Domain Computers') => 515, _('Domain Controllers') => 516,
_('Domain Certificate Admins') => 517, _('Domain Schema Admins') => 518, _('Domain Enterprise Admins') => 519, _('Domain Policy Admins') => 520 );
}
// Variables
// Alias Name. This name is shown in the menu instead of sambaGroupMapping
var $alias;
// name of accountContainer so we can read other classes in accuontArray
var $base;
// This variable contains all inetOrgPerson attributes
var $attributes;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig;
// Array of well known rids
var $rids;
/* This function returns a list with all required modules
*/
function dependencies() {
return array('posixGroup');
}
function module_ready() {
if ($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]=='') return false;
return true;
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
// Get Domain SID from name
$sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix());
for ($i=0; $i<count($sambaDomains); $i++ )
if ($post['form_sambaGroupMapping_sambaDomainName'] == $sambaDomains[$i]->name) {
$SID = $sambaDomains[$i]->SID;
$RIDbase = $sambaDomain[$i]->RIDbase;
}
// Load attributes
$this->attributes['displayName'][0] = $post['form_sambaGroupMapping_displayName'];
$this->attributes['sambaGroupType'][0] = 2;
$rids = array_keys($this->rids);
$wrid = false;
for ($i=0; $i<count($rids); $i++) {
if ($post['form_sambaGroupMapping_sambaSID'] == $rids[$i]) {
$wrid = true;
// Get Domain SID
$this->attributes['sambaSID'][0] = $SID."-".$this->rids[$rids[$i]];
// Do a check if special grou pis unique
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-".$this->rids[$rids[$i]], 'sambaSID', 'group'))
$errors[] = array('ERROR', _('Special Group'),sprintf( _('There can be only one group %s.'), $rids[$i]));
}
}
if (!$wrid) $this->attributes['sambaSID'][0] = $SID."-".($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]*2)+$RIDbase+1;
// Return error-messages
if (is_array($errors)) return $errors;
return 0;
}
/* This function loads all attributes into the object
* $attr is an array as it's retured from ldap_get_attributes
*/
function load_attributes($attr) {
// Load attributes which are displayed
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->attributes['objectClass'][0] = 'sambaGroupMapping';
$this->orig = $this->attributes;
return 0;
}
/* This function returns an array with 3 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes() {
// Get Domain SID from name
$sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix());
// Get Domain-SID from group SID
$domainSID = substr($this->attributes['sambaSID'][0], 0, strrpos($this->attributes['sambaSID'][0], "-"));
for ($i=0; $i<count($sambaDomains); $i++ )
if ($domainSID==$sambaDomains[$i]->SID)
$SID = $sambaDomains[$i]->SID;
$names = array_keys($this->rids);
$wrid=false;
for ($i=0; $i<count($names); $i++)
if ($this->attributes['sambaSID'][0]==$SID."-".$this->rids[$names[$i]]) {
$wrid=true;
}
if (!$wrid) $this->attributes['sambaSID'][0] == $SID."-".($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]*2+1+$RIDbase);
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
return $return;
}
/* This function returns all ldap attributes
* which are part of sambaGroupMapping and returns
* also their values.
*/
function get_attributes() {
return $this->attributes;
}
/* This function will create the html-page
* to show a page with all attributes.
* It will output a complete html-table
*/
function display_html_attributes($post) {
// Get Domain SID from name
$sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix());
// Get Domain-SID from group SID
$domainSID = substr($this->attributes['sambaSID'][0], 0, strrpos($this->attributes['sambaSID'][0], "-"));
for ($i=0; $i<count($sambaDomains); $i++ ) {
// List with all valid domains
$sambaDomainNames[] = $sambaDomains[$i]->name;
if ($domainSID==$sambaDomains[$i]->SID) {
$SID = $sambaDomains[$i]->SID;
$sel_domain = $sambaDomains[$i]->name;
}
}
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
echo "<td>" . _("Display name") . "</td>\n";
echo "<td><input name=\"form_sambaGroupMapping_displayName\" type=\"text\" size=\"30\" maxlength=\"50\" value=\"".$this->attributes['displayName'][0]."\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=420\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Special group') . "</td>\n";
echo "<td><select name=\"form_sambaGroupMapping_sambaSID\">";
// Display if group SID should be mapped to a well kown SID
$names = array_keys($this->rids);
$wrid=false;
for ($i=0; $i<count($names); $i++) {
if ($this->attributes['sambaSID'][0]==$SID."-".$this->rids[$names[$i]]) {
echo "<option selected>" . $names[$i] . "</option>";
$wrid=true;
}
else echo "<option>" . $names[$i] . "</option>";
}
if ($wrid) echo "<option>" . $this->attributes['cn'][0] . "</option>";
else echo "<option selected>" . $this->attributes['cn'][0] . "</option>";
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=464\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>" . _('Domain') . "</td>\n";
echo "<td><select name=\"form_sambaGroupMapping_sambaDomainName\">";
foreach ($sambaDomainNames as $domain) {
if ($sel_domain==$domain) echo "<option selected>$domain</option>";
else echo "<option>$domain</option>";
}
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=467\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
echo "</table>\n";
return 0;
}
}
?>

15
lam/lib/modules/sambaSamAccount.inc
View File

@ -216,13 +216,13 @@ class sambaSamAccount {
if ($post['form_sambaSamAccount_sambaSID']== _('Administrator')) {
$this->attributes['sambaSID'][0] = $SID."-500";
// Do a check if an administrator already exists
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-500", 'sambaSID', 'user'))
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-500", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig)
$errors[] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.'));
}
if ($post['form_sambaSamAccount_sambaSID']== _('Guest')) {
$this->attributes['sambaSID'][0] = $SID."-501";
// Do a check if an administrator already exists
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-501", 'sambaSID', 'user'))
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-501", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig)
$errors[] = array('ERROR', _('Special user'), _('There can be only one guest per domain.'));
}
// Check values
@ -349,6 +349,13 @@ class sambaSamAccount {
if ($this->attributes['sambaSID'][0] == $SID."-500") $special = true;
if ($this->attributes['sambaSID'][0] == $SID."-501") $special = true;
if (!$special) $this->attributes['sambaSID'][0] == $SID."-".($_SESSION[$this->base]->module['posixAccount']->attributes['uidNumber'][0]*2+$RIDbase);
$rids = array_keys($this->rids);
$wrid = false;
for ($i=0; $i<count($rids); $i++)
if ($this->attributes['sambaPrimaryGroupSID'][0] == $SID . "-" . $rids[$i])
$wrid = true;
if (!$wrid) $this->attributes['sambaPrimaryGroupSID'][0] = $SID."-".($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]*2)+$RIDbase+1;
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// Set password
@ -525,8 +532,8 @@ class sambaSamAccount {
}
else echo "<option>" . $names[$i] . "</option>";
}
if ($wrid) echo "<option>" . getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
else echo "<option selected>" . getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
if ($wrid) echo "<option>" . $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
else echo "<option selected>" . $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
echo "</select></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=464\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";

2
lam/templates/account/useredit.php.new
View File

@ -40,8 +40,6 @@ $dir = opendir('../../lib/modules');
while ($entry = readdir($dir))
if (is_file('../../lib/modules/'.$entry)) include_once ('../../lib/modules/'.$entry);
// Start session
session_save_path('../../sess');
@session_start();