diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 84cca40f..77d5a8eb 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -45,7 +45,7 @@ class cache { */ function add_cache($attributes) { // Check input variable - $allowed_types = array ( 'user', 'group', 'host', '*' ); + $allowed_types = array ( 'user', 'group', 'host', 'domain', '*' ); if (!is_array($attributes)) trigger_error(_('Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).'), E_USER_ERROR); foreach ($attributes as $attribute) { if (!is_array($attribute)) trigger_error(_('Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).'), E_USER_ERROR); @@ -73,7 +73,7 @@ class cache { function get_cache($attribute, $objectClass, $singlescope) { $this->refresh_cache(); // Check input variables - $allowed_types = array ( 'user', 'group', 'host', '*' ); + $allowed_types = array ( 'user', 'group', 'host', 'domain', '*' ); if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR); $line=-1; for ($i=0; $iobjectClasses) || $i==-1; $i++) { @@ -139,7 +139,7 @@ class cache { function in_cache($value, $attribute, $singlescope) { $this->refresh_cache(); // Check input variables - $allowed_types = array ( 'user', 'group', 'host', '*' ); + $allowed_types = array ( 'user', 'group', 'host', 'domain', '*' ); if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR); // Create list of all allowed attributes for ($i=0; $ildap->objectClasses); $i++ ) { @@ -235,7 +235,7 @@ class cache { * made without refrehing the complete cache */ function update_cache($dn, $attributes, $singlescope) { - $allowed_types = array ( 'user', 'group', 'host', '*' ); + $allowed_types = array ( 'user', 'group', 'host', 'domain', '*' ); if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR); // Everything seems to be OK, start processing data $this->refresh_cache(); @@ -247,213 +247,44 @@ class cache { } } - } - -/* Main-Module. Contains basic module functions have to be loaded first -* It also chooses which page to show. -*/ -class main { - // This variable stores the number of the current displayed page - var $current_page; - // This variable os set to the pagename of a subpage if it should be displayed - var $subpage; - // name of accountContainer so we can read other classes in accuontArray - var $base; - // Alias Name. This name is shown in the menu instead of main - var $alias; - - function main($base) { - $this->current_page = 0; - $this->subpage = ''; - /* Create a reference to basearray so we can read all other modules - * php will avaois recousrion itself - */ - $this->base = $base; - $this->alias = _('main'); - } - - /* This function returns a list with all required modules + /* This function will return the gidNumber to an existing groupname + * gidNumbers are taken from cache-array */ - function dependencies() { - return array(); - } - - function module_ready() { - return true; - } - - function display_html_attributes($post) { - $function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();'; - eval($function); - $modules = $_SESSION[$this->base]->check_attributes(); - if (count($modules)!=0) { - $disabled = 'disabled'; - for ($i=0; $ibase]->module[$modules[$i]]->alias)); + function getgid($groupname) { + $dn_groups = $_SESSION['cache']->get_cache('gidNumber', 'posixGroup', 'group'); + $DNs = array_keys($dn_groups); + foreach ($DNs as $DN) { + if (strpos($DN, $groupname)) + return $dn_groups[$DN][0]; } - else $disabled = ''; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - // Show fieldset with list of all user profiles - if (count($profilelist)!=0) { - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - } - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - - echo "
" . _('Suffix') . "" . _('Help') . "
" . _("Load profile") . "\n"; - echo "" . _('Help') . "
" . _("Save profile") . "\n"; - echo "" . _('Help') . "
base]->dn_orig!='') echo _('Modify Account'); - else echo _('Create Account'); - echo "\" $disabled >
\n"; - return 0; } - /* This page will be shown if an account - * has been saved + /* This function will return an array with all groupnames + * found in ldap. Groupnames are taken from cache-array. */ - function display_html_finish($post) { - // Show success message - if ($_SESSION[$this->base]->dn_orig=='') $kind = _('created'); - else $kind = _('modified'); - $text = sprintf(_('%s has been %s.'), ucfirst($_SESSION[$this->base]->type), $kind); - StatusMessage('INFO', _('LDAP operation successful.'), $text); - - // Show rest of page - echo "\n"; - echo "\n"; - if ($_SESSION[$this->base]->dn_orig=='') { - echo "\n"; - } - echo "\n"; - echo "\n"; - echo "\n"; - echo "
base]->type); - echo "\">base]->type); - echo "\">
\n"; - return 0; + function findgroups() { + $dn_groups = $_SESSION['cache']->get_cache('cn', 'posixGroup', 'group'); + $DNs = array_keys($dn_groups); + foreach ($DNs as $DN) + $return[] = $dn_groups[$DN][0]; + return $return; } - /* Write variables into object and do some regexp checks + + /* This function will return the groupname to an existing gidNumber + * groupnames are taken from cache-array */ - function proccess_finish($post) { - if ($post['form_main_createagain']) { - // Reset objects - $modules = array_keys($_SESSION[$this->base]->module); - foreach ($modules as $module) - if ($module!='main') unset($_SESSION[$this->base]->module[$module]); - // Reset accountContainer - $_SESSION[$this->base]->dn = ''; - $_SESSION[$this->base]->dn_orig = ''; - $_SESSION[$this->base]->attributes = array(); - $_SESSION[$this->base]->order = array(); - $this->current_page = 0; - $this->subpage = ''; - // Add all required objects etc. - $_SESSION[$this->base]->new_account(); - return 0; - } - if ($post['form_main_backmain']) { - // Return to *-list - // *** fixme unset accountContainer in session - metaRefresh("../lists/list".$_SESSION[$this->base]->type."s.php"); - exit; - } - if ($post['form_main_outputpdf']) { - // Create / display PDf-file - $function = 'create'.ucfirst($_SESSION[$this->base]->type).'PDF(array($_SESSION[$this->base]));'; - eval($function); - exit; + function getgrnam($gidNumber) { + $dn_groups = $_SESSION['cache']->get_cache('gidNumber', 'posixGroup', 'group'); + $DNs = array_keys($dn_groups); + foreach ($DNs as $DN) { + if ($dn_groups[$DN][0]==$gidNumber) + $return = substr($DN, 3, strpos($DN, ',')-3); } + return $return; } - /* Write variables into object and do some regexp checks - */ - function proccess_attributes($post) { - // change dn - if ($post['form_main_suffix']!='') $_SESSION[$this->base]->dn = $post['form_main_suffix']; - // load profile - if ($post['form_main_selectLoadProfile'] && $post['form_main_loadProfile']) { - // *** fixme load*Profile must return array in the same way ldap_get_attributes does. - $function = '$newattributes = load'.ucfirst($scope).'Profile($post[\'form_main_selectLoadProfile\']);'; - eval($function); - // pass newattributes to each module - $modules = array_keys($_SESSION[$this->base]->module); - foreach ($modules as $module) $_SESSION[$this->base]->module[$module]->load_attributes($newattributes); - return 0; - } - // save account - if ($post['form_main_create']) { - $success = $_SESSION[$this->base]->save_account(); - if (is_array($success)) return array($success); - // return name of subpage - return 'finish'; - } - // save profile - if ($post['form_main_saveProfile']) { - if ($post['form_main_selectSaveProfile']=='') $errors[] = array('ERROR', _('Save profile'), _('No profilename given.')); - else { - $function = 'save'.ucfirst($scope).'Profile();'; - eval($function); - if ($function) $errors[] = array('INFO', _('Save profile'), _('New profile created.')); - else $errors[] = array('ERROR', _('Save profile'), _('Wrong profilename given.')); - } - if (is_array($errors)) return $errors; - else return 0; - } - return 0; - } - - // Dummy functions to make module compatible - function load_attributes($attr) { - return 0; - } - - // Dummy functions to make module compatible - function save_attributes() { - return array(); - } - - // Dummy functions to make module compatible - function get_attributes() { - return array(); - } - - } @@ -467,7 +298,7 @@ class accountContainer { if (!is_string($type)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR); if (!is_string($base)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR); // *** fixme use global variable to determine allowed types - $allowed_types = array ( 'user', 'group', 'host' ); + $allowed_types = array ( 'user', 'group', 'host', 'domain' ); if (!in_array($type, $allowed_types)) trigger_error(_('Account type not recognized.'), E_USER_ERROR); $this->type = $type; $this->base = $base; @@ -647,8 +478,6 @@ class accountContainer { } } } - - } /* This function return ldap attributes @@ -737,6 +566,7 @@ class accountContainer { } } } + $this->add_attributes($objectClass); return $return; } @@ -846,15 +676,20 @@ class accountContainer { $this->dn_orig = $dn; $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry); if (isset($attr['objectClass']['count'])) unset($attr['objectClass']['count']); - // Add objects - foreach ($attr['objectClass'] as $objectClass) $this->add_objectClass($objectClass); // load attributes - foreach ($attr['objectClass'] as $objectClass) + foreach ($attr['objectClass'] as $objectClass) { + $this->add_objectClass($objectClass); if (isset($this->module[$objectClass])) $this->module[$objectClass]->load_attributes($attr); + } + $this->module['quota'] = new quota($this->base); + $this->module['quota']->load_attributes($attr); + + // sortm modules and make all active because all required attributes should be set $module = array_keys ($this->module); $modulelist = array(); // *** fixme add modules from config which should be used but not yet in loaded account + // *** fixme how to handle non ldap modules? // loop until all modules are in order. // We don't want to loop forever @@ -1006,7 +841,7 @@ class accountContainer { } } foreach ($attributes as $DN) - if (is_array($DN['lamdaemon'])) $this->lamdaemon($DN['lamdaemon']); + if (is_array($DN['lamdaemon']['command'])) $this->lamdaemon($DN['lamdaemon']['command']); return 0; } @@ -1020,11 +855,7 @@ class accountContainer { */ $towrite = escapeshellarg($_SESSION[$this->config]->scriptServer)." ".escapeshellarg($_SESSION[$this->config]->scriptPath)." ". escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]); - if (is_array($users)) { - foreach ($users as $user) { - $userstring .= "$user home add\n"; - } - } + $userstring = implode ("\n", $commands); if (function_exists(proc_open)) { // New Code, requires PHP 4.3 @@ -1068,8 +899,7 @@ class accountContainer { } - - +/* // This class keeps all needed values for any account class account { // Type : user | group | host @@ -1118,6 +948,7 @@ class account { * mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes, * soft inode limit, hard inode limit, grace inode period */ +/* // Personal Settings var $personal_title; // string title of user var $personal_mail; // string mailaddress of user @@ -1129,7 +960,7 @@ class account { var $personal_postalAddress; // string postal Address of user var $personal_employeeType; // string employe type of user } - +*/ /* Return a list of all shells listed in ../config/shells * Normally ../config/shells is a symbolic link to /etc/shells @@ -1172,12 +1003,13 @@ function replace_umlaut($text) { function array_delete($values, $array) { // Loop for every entry and check if it should be removed if (is_array($array)) { + $return = array(); foreach ($array as $array_value) if (!@in_array($array_value, $values)) $return[] = $array_value; return $return; } - else return 0; + else return array(); } diff --git a/lam/lib/modules/account.inc b/lam/lib/modules/account.inc index d520fe00..926af994 100644 --- a/lam/lib/modules/account.inc +++ b/lam/lib/modules/account.inc @@ -22,13 +22,10 @@ $Id$ /* * Variables in basearray which are no objects: -* type: Type of account. Can be user, group, host +* type: Type of account. Can be user, group, host, domain * attributes: List of all attributes, how to get them and are theiy required or optional * dn: current DN without uid= or cn= * dn_orig: old DN if account was loaded with uid= or cn= - -* External functions which are used -* account.inc: */ @@ -36,38 +33,33 @@ $Id$ * and funtioncs required to deal with account * account can only be created when it should be added * to an array. -* basearray is the same array account should be added -* to. If basearray is not given the constructor tries to -* create an array with account and all other required -* objects. -* Example: $user[] = new account($user); +* $base is the name of account_container in session * */ class account { // Constructor function account($base) { - /* Return an error if posixAccount should be created without - * base container - */ + // Get local copy of name of account_container in session + $this->base = $base; + // Do some error checks if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR); if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'account\');'), E_USER_ERROR); - $this->base = $base; - // account is only a valid objectClass for users if ($_SESSION[$this->base]->get_type() != 'host') trigger_error(_('account can only be used for hosts.'), E_USER_WARNING); - // Add Array with all attributes and type + // load attribtues which are used in account objectClass $this->attributes = $_SESSION[$this->base]->get_module_attributes('account'); - $_SESSION[$this->base]->add_attributes ('account'); + // Create copy of attributes $this->orig = $this->attributes ; + // Add objectClass to attributes $this->attributes['objectClass'][0] = 'account'; - // unset userPassword because we handle it separat. + // Set aliasname $this->alias = _('account'); } // Variables - // Alias Name. This name is shown in the menu instead of posixAccount + // Alias Name. This name is shown in the menu instead of 'account' var $alias; - // reference to base-array so we can read other classes in basearray + // name of account_container in session so we can read other classes in account_container var $base; // This variable contains all account attributes var $attributes; @@ -82,16 +74,29 @@ class account { return array('main'); } + /* This function returns true if all required attributes from other + * modules are set. This is required to prevent undefined states + */ function module_ready() { return true; } + + /* This function returns a list of all html-pages in module + * This is usefull for mass upload and pdf-files + * because lam can walk trough all pages itself and do some + * error checkings + */ + function pages() { + return array('attributes'); + } + + /* Write variables into object and do some regexp checks */ function proccess_attributes($post) { // Load attributes $this->attributes['description'][0] = $post['form_account_description']; - return 0; } @@ -99,7 +104,6 @@ class account { * $attr is an array as it's retured from ldap_get_attributes */ function load_attributes($attr) { - // Load attributes which are displayed // unset count entries unset ($attr['count']); $attributes = array_keys($attr); @@ -107,6 +111,7 @@ class account { // unset double entries for ($i=0; $iorig[$attribute])) { $this->orig[$attribute] = $attr[$attribute]; @@ -114,24 +119,25 @@ class account { for ($i=0; $iorig[$attribute]); $i++) $this->orig[$attribute][$i] = utf8_decode ($this->orig[$attribute][$i]); } } - // Values are kept as copy so we can compare old attributes with new attributes + // Add objectClass to orig because we don't want to add objectClass if it's already set $this->orig['objectClass'][0] = 'account'; + // Values are kept as copy so we can compare old attributes with new attributes $this->attributes = $this->orig; return 0; } - - - /* This function returns an array with 3 entries: - * array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) + /* This function returns an array with 4 entries: + * array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr), 'lamdaemon' => array(cmds)), DN2 .... ) * DN is the DN to change. It may be possible to change several DNs, * e.g. create a new user and add him to some groups via attribute memberUid * add are attributes which have to be added to ldap entry * remove are attributes which have to be removed from ldap entry + * lamdaemon are lamdaemon commands to modify homedir, quotas, ... */ function save_attributes() { + // Get easy attributes $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); - + // Return attributes return $return; } @@ -158,9 +164,6 @@ class account { return 0; } - } - - ?> diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc index a65a25f7..e2633887 100644 --- a/lam/lib/modules/inetOrgPerson.inc +++ b/lam/lib/modules/inetOrgPerson.inc @@ -22,51 +22,43 @@ $Id$ /* * Variables in basearray which are no objects: -* type: Type of account. Can be user, group, host +* type: Type of account. Can be user, group, host, domain * attributes: List of all attributes, how to get them and are theiy required or optional * dn: current DN without uid= or cn= * dn_orig: old DN if account was loaded with uid= or cn= - -* External functions which are used -* account.inc: */ -/* This class contains all inetOrgPerson LDAP attributes +/* This class contains all account LDAP attributes * and funtioncs required to deal with inetOrgPerson * inetOrgPerson can only be created when it should be added * to an array. -* basearray is the same array inetOrgPerson should be added -* to. If basearray is not given the constructor tries to -* create an array with inetOrgPerson and all other required -* objects. -* Example: $user[] = new inetOrgPerson($user); -* +* $base is the name of account_container in session */ class inetOrgPerson { // Constructor function inetOrgPerson($base) { - /* Return an error if posixAccount should be created without - * base container - */ + // Get local copy of name of account_container in session + $this->base = $base; + // Do some error checks if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR); if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR); - $this->base = $base; - // inetOrgPerson is only a valid objectClass for users - if ($_SESSION[$this->base]->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING); - // Add Array with all attributes and type + if ($_SESSION[$this->base]->type != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING); + // load attribtues which are used in inetOrgPerson objectClass $this->attributes = $_SESSION[$this->base]->get_module_attributes('inetOrgPerson'); - $_SESSION[$this->base]->add_attributes ('inetOrgPerson'); + // Create copy of attributes $this->orig = $this->attributes ; + // Add objectClass to attributes $this->attributes['objectClass'][0] = 'inetOrgPerson'; + // Set aliasname $this->alias = _('inetOrgPerson'); } // Variables // Alias Name. This name is shown in the menu instead of posixAccount var $alias; - // reference to base-array so we can read other classes in basearray + // name of account_container in session so we can read other classes in account_container var $base; // This variable contains all inetOrgPerson attributes var $attributes; @@ -82,10 +74,23 @@ class inetOrgPerson { return array('main'); } + /* This function returns true if all required attributes from other + * modules are set. This is required to prevent undefined states + */ function module_ready() { return true; } + /* This function returns a list of all html-pages in module + * This is usefull for mass upload and pdf-files + * because lam can walk trough all pages itself and do some + * error checkings + */ + function pages() { + return array('attributes'); + } + + /* Write variables into object and do some regexp checks */ function proccess_attributes($post) { @@ -103,30 +108,29 @@ class inetOrgPerson { $this->attributes['postalAddress'][0] = $post['form_inetOrgPerson_postalAddress']; $this->attributes['employeeType'][0] = $post['form_inetOrgPerson_employeeType']; + // handle host-attribute in on epice because it's not set by default if (isset($this->attributes['host'])) { $host = $post['form_inetOrgPerson_host']; if ((!$host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $host)) - $errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.')); + $errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'), 'host'); $hosts = explode(" ", $host); $this->attributes['host'] = array(); foreach ($hosts as $host) if ($host!="") $this->attributes['host'][] = $host; } - // Check if givenname is valid - if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'][0])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters')); - // Check if surname is valid - if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'][0])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters')); - - if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'][0])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!')); - if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!')); - if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!')); - if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'][0])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!')); - if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'][0])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!')); - if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'][0])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!')); - if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'][0])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!')); - if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'][0])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!')); - if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'][0])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!')); + // Do some regex-checks and return error if attributes are set to wrong values + if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'][0])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'), 'givenname'); + if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'][0])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'), 'sn'); + if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'][0])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'), 'telephoneNumber'); + if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'), 'mobileTelephoneNumber'); + if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'), 'facsimileTelephoneNumber'); + if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'][0])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'), 'mail'); + if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'][0])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'), 'street'); + if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'][0])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'), 'postalAdress'); + if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'][0])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'), 'title'); + if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'][0])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'), 'employeeType'); + if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'][0])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'), 'personal_postalCode'); // Return error-messages if (is_array($errors)) return $errors; return 0; @@ -136,7 +140,6 @@ class inetOrgPerson { * $attr is an array as it's retured from ldap_get_attributes */ function load_attributes($attr) { - // Load attributes which are displayed // unset count entries unset ($attr['count']); $attributes = array_keys($attr); @@ -144,6 +147,7 @@ class inetOrgPerson { // unset double entries for ($i=0; $iorig[$attribute])) { $this->orig[$attribute] = $attr[$attribute]; @@ -151,25 +155,31 @@ class inetOrgPerson { for ($i=0; $iorig[$attribute]); $i++) $this->orig[$attribute][$i] = utf8_decode ($this->orig[$attribute][$i]); } } - // Values are kept as copy so we can compare old attributes with new attributes + // Add objectClass to orig because we don't want to add objectClass if it's already set $this->orig['objectClass'][0] = 'inetOrgPerson'; + // Values are kept as copy so we can compare old attributes with new attributes $this->attributes = $this->orig; return 0; } - /* This function returns an array with 3 entries: - * array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) + /* This function returns an array with 4 entries: + * array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr), 'lamdaemon' => array(cmds)), DN2 .... ) * DN is the DN to change. It may be possible to change several DNs, * e.g. create a new user and add him to some groups via attribute memberUid * add are attributes which have to be added to ldap entry * remove are attributes which have to be removed from ldap entry + * lamdaemon are lamdaemon commands to modify homedir, quotas, ... */ function save_attributes() { + // Get easy attributes $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); + // unset password. First we hanlde userPassword with posixAccount, second we hanlde it completly separat + // because it en/decrypted in session if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword'])) unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']); + // Return attributes return $return; } @@ -262,9 +272,6 @@ class inetOrgPerson { return 0; } - } - - ?> diff --git a/lam/lib/modules/main.inc b/lam/lib/modules/main.inc new file mode 100644 index 00000000..c2437cec --- /dev/null +++ b/lam/lib/modules/main.inc @@ -0,0 +1,254 @@ +current_page = 0; + // reset subpage counter + $this->subpage = ''; + // Get local copy of name of account_container in session + $this->base = $base; + // Set aliasname + $this->alias = _('main'); + } + + + // Variables + + // This variable stores the number of the current displayed page + var $current_page; + // This variable os set to the pagename of a subpage if it should be displayed + var $subpage; + // name of accountContainer so we can read other classes in accuontArray + var $base; + // Alias Name. This name is shown in the menu instead of main + var $alias; + + /* This function returns a list with all required modules + */ + function dependencies() { + return array(); + } + + function module_ready() { + return true; + } + + // Dummy functions to make module compatible + function load_attributes($attr) { + return 0; + } + + // Dummy functions to make module compatible + function save_attributes() { + return array(); + } + + // Dummy functions to make module compatible + function get_attributes() { + return array(); + } + + function display_html_attributes($post) { + // Get list of profiles + $function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();'; + eval($function); + $modules = $_SESSION[$this->base]->check_attributes(); + if (count($modules)!=0) { + $disabled = 'disabled'; + // Show reason why module is disabled + for ($i=0; $ibase]->module[$modules[$i]]->alias)); + } + else $disabled = ''; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + // Show fieldset with list of all user profiles + if (count($profilelist)!=0) { + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + } + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "
" . _('Suffix') . "" . _('Help') . "
" . _("Load profile") . "\n"; + echo "" . _('Help') . "
" . _("Save profile") . "\n"; + echo "" . _('Help') . "
base]->dn_orig!='') echo _('Modify Account'); + else echo _('Create Account'); + echo "\" $disabled >
\n"; + return 0; + } + + + /* This page will be shown if an account + * has been saved + */ + function display_html_finish($post) { + // Show success message + if ($_SESSION[$this->base]->dn_orig=='') $kind = _('created'); + else $kind = _('modified'); + $text = sprintf(_('%s has been %s.'), ucfirst($_SESSION[$this->base]->type), $kind); + StatusMessage('INFO', _('LDAP operation successful.'), $text); + + // Show rest of page + echo "\n"; + echo "\n"; + if ($_SESSION[$this->base]->dn_orig=='') { + echo "\n"; + } + echo "\n"; + echo "\n"; + echo "\n"; + echo "
base]->type); + echo "\">base]->type); + echo "\">
\n"; + return 0; + } + + /* Write variables into object and do some regexp checks + */ + function proccess_finish($post) { + if ($post['form_main_createagain']) { + // Reset objects + $modules = array_keys($_SESSION[$this->base]->module); + foreach ($modules as $module) + if ($module!='main') unset($_SESSION[$this->base]->module[$module]); + // Reset accountContainer + $_SESSION[$this->base]->dn = ''; + $_SESSION[$this->base]->dn_orig = ''; + $_SESSION[$this->base]->attributes = array(); + $_SESSION[$this->base]->order = array(); + $this->current_page = 0; + $this->subpage = ''; + // Add all required objects etc. + $_SESSION[$this->base]->new_account(); + return 0; + } + if ($post['form_main_backmain']) { + // Return to *-list + // *** fixme unset accountContainer in session + metaRefresh("../lists/list".$_SESSION[$this->base]->type."s.php"); + exit; + } + if ($post['form_main_outputpdf']) { + // Create / display PDf-file + $function = 'create'.ucfirst($_SESSION[$this->base]->type).'PDF(array($_SESSION[$this->base]));'; + eval($function); + exit; + } + } + + /* Write variables into object and do some regexp checks + */ + function proccess_attributes($post) { + // change dn + if ($post['form_main_suffix']!='') $_SESSION[$this->base]->dn = $post['form_main_suffix']; + // load profile + if ($post['form_main_selectLoadProfile'] && $post['form_main_loadProfile']) { + // *** fixme load*Profile must return array in the same way ldap_get_attributes does. + $function = '$newattributes = load'.ucfirst($scope).'Profile($post[\'form_main_selectLoadProfile\']);'; + eval($function); + // pass newattributes to each module + $modules = array_keys($_SESSION[$this->base]->module); + foreach ($modules as $module) $_SESSION[$this->base]->module[$module]->load_attributes($newattributes); + return 0; + } + // save account + if ($post['form_main_create']) { + $success = $_SESSION[$this->base]->save_account(); + if (is_array($success)) return array($success); + // return name of subpage + return 'finish'; + } + // save profile + if ($post['form_main_saveProfile']) { + if ($post['form_main_selectSaveProfile']=='') $errors[] = array('ERROR', _('Save profile'), _('No profilename given.')); + else { + $function = 'save'.ucfirst($scope).'Profile();'; + eval($function); + if ($function) $errors[] = array('INFO', _('Save profile'), _('New profile created.')); + else $errors[] = array('ERROR', _('Save profile'), _('Wrong profilename given.')); + } + if (is_array($errors)) return $errors; + else return 0; + } + return 0; + } + + } + +?> diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc index 49138166..4d02c2ec 100644 --- a/lam/lib/modules/posixAccount.inc +++ b/lam/lib/modules/posixAccount.inc @@ -73,7 +73,7 @@ class posixAccount { $_SESSION[$this->base]->add_attributes ('posixAccount'); $this->alias = _('posixAccount'); - $groups = findgroups(); // list of all groupnames + $groups = $_SESSION[$_SESSION[$this->base]->cache]->findgroups(); // list of all groupnames if (count($groups)==0) trigger_error(_('No groups found in ldap.'), E_USER_WARNING); // Make references to attributes which already esists in ldap @@ -159,11 +159,20 @@ class posixAccount { /* Write variables into object and do some regexp checks */ function proccess_attributes($post) { + if ($this->orig['uid'][0]!='' && $post['form_posixAccount_uid']!=$this->attributes['uid'][0]) + $errors[] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?')); + if ($this->orig['gidNumber'][0]!='' && $_SESSION[$_SESSION[$this->base]->cache]->getgid($post['form_posixAccount_gidNumber'])!=$this->attributes['gidNumber'][0]) + $errors[] = array('INFO', _('GID number'), sprintf(_('GID number has changed. To keep file ownership you have to run the following command as root: \'find / -gid %s -uid %s -exec chgrp %s {} \;\''), $this->orig['gidNumber'][0], $this->orig['uidNumber'][0], $_SESSION[$_SESSION[$this->base]->cache]->getgid($post['form_posixAccount_gidNumber']))); + if ($this->orig['uidNumber'][0]!='' && $post['form_posixAccount_uidNumber']!=$this->attributes['uidNumber'][0]) + $errors[] = array('INFO', _('UID number'), sprintf(_('UID number has changed. To keep file ownership you have to run the following command as root: \'find / -uid %s -exec chown %s {} \;\''), $this->orig['uidNumber'][0], $this->attributes['uidNumber'][0])); + if (isset($post['form_posixAccount_homeDirectory']) && $this->orig['homeDirectory'][0]!='' && $post['form_posixAccount_homeDirectory']!=$this->attributes['homeDirectory'][0]) + $errors[] = array('INFO', _('Home directory'), sprintf(_('Home directory changed. To keep home directory you have to run the following command as root: \'mv %s %s\''), $this->orig['homeDirectory'][0], $this->attributes['homeDirectory'][0])); + // Load attributes $this->attributes['uid'][0] = $post['form_posixAccount_uid']; $this->attributes['cn'][0] = $this->attributes['uid'][0]; $this->attributes['uidNumber'][0] = $post['form_posixAccount_uidNumber']; - $this->attributes['gidNumber'][0] = getgrnam($post['form_posixAccount_gidNumber']); + $this->attributes['gidNumber'][0] = $_SESSION[$_SESSION[$this->base]->cache]->getgid($post['form_posixAccount_gidNumber']); $this->attributes['homeDirectory'][0] = $post['form_posixAccount_homeDirectory']; $this->attributes['loginShell'][0] = $post['form_posixAccount_loginShell']; $this->attributes['gecos'][0] = $post['form_posixAccount_gecos']; @@ -247,7 +256,7 @@ class posixAccount { if (($this->attributes['uid'][0] != $post['form_posixAccount_uid']) && ereg('[A-Z]$', $post['form_posixAccount_uid'])) $errors[] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.')); // Check if Homedir is valid - $this->attributes['homeDirectory'][0] = str_replace('$group', getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]); + $this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]); if ($this->attributes['uid'][0] != '') $this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]); if ($this->attributes['homeDirectory'][0] != $post['form_posixAccount_homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.')); @@ -333,10 +342,6 @@ class posixAccount { if (isset($post['form_posixAccount_addgroups']) && isset($post['form_posixAccount_addgroups_button'])) { // Add groups to list // Add new group $this->groups = @array_merge($this->groups, $post['form_posixAccount_addgroups']); - // remove doubles - $this->groups = @array_flip($this->groups); - array_unique($this->groups); - $this->groups = @array_flip($this->groups); // sort groups sort($this->groups); break; @@ -379,8 +384,9 @@ class posixAccount { $dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group'); $DNs = array_keys($dn_groups); foreach ($DNs as $DN) { - if (in_array($attr['uid'], $dn_groups[$DN])) - $this->groups[] = substr($DN, 3, strpos($DN, ',')-1); + if (in_array($attr['uid'][0], $dn_groups[$DN])) { + $this->groups[] = substr($DN, 3, strpos($DN, ',')-3); + } } $this->groups_orig = $this->groups; return 0; @@ -434,52 +440,76 @@ class posixAccount { // Remove primary group from additional groups for ($i=0; $igroups); $i++) { - if ($this->groups[$i]==getgrnam($this->attributes['gidNumber'])) unset($this->groups[$i]); + if ($this->groups[$i]==$_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'])) unset($this->groups[$i]); } // Set additional group memberships - if (is_array($this->groups)) { - // There are some additional groups defined - if (is_array($this->groups_orig)) { - //There are some old groups. - $add = array_delete($this->groups_orig, $this->groups); - $remove = array_delete($this->groups, $this->groups_orig); - $dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group'); - // get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... ) - $DNs = array_keys($dn_cns); - foreach ($DNs as $DN) { - if (in_array($dn_cns[$DN], $add)) $return[$DN]['add']['memberUid'] = $this->attributes['uid']; - if (in_array($dn_cns[$DN], $remove)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid']; + if ($this->orig['uid'][0]!='' && $this->attributes['uid'][0]!=$this->orig['uid'][0]) { + // remove old memberships + $dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group'); + $DNs = array_keys($dn_groups); + foreach ($DNs as $DN) + if (in_array($this->orig['uid'][0], $dn_groups[$DN])) + $return[$DN]['remove']['memberUid'][0] = $this->orig['uid'][0]; + // Add new memberships + if (is_array($this->groups)) + foreach ($this->groups as $group) { + $dn = $_SESSION[$_SESSION[$this->base]->ldap]->in_cache ($group, 'cn', 'group'); + $return[$dn]['add']['memberUid'][0] = $this->attributes['uid'][0]; } - // primary group mut also be removed if it has changed after setting additional groups - if (in_array(getgrnam($this->attributes['gidNumber']), $this->groups_orig)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid']; - } - else { - // Add user to every group - $dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group'); - // get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... ) - $DNs = array_keys($dn_cns); - foreach ($DNs as $DN) { - if (in_array($dn_cns[$DN], $this->groups)) $return[$DN]['add']['memberUid'] = $this->attributes['uid']; - } - } } else { - if (is_array($this->groups_orig)) { - //There are some old groups which have to be removed - $dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group'); - // get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... ) - $DNs = array_keys($dn_cns); - foreach ($DNs as $DN) { - if (in_array($dn_cns[$DN], $this->orig['groups'])) $return[$DN]['remove']['memberUid'] = $this->attributes['uid']; + if (is_array($this->groups)) { + // There are some additional groups defined + if (is_array($this->groups_orig)) { + //There are some old groups. + $add = array_delete($this->groups_orig, $this->groups); + $remove = array_delete($this->groups, $this->groups_orig); + $dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group'); + // get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... ) + $DNs = array_keys($dn_cns); + foreach ($DNs as $DN) { + if (is_array($add)) + if (in_array($dn_cns[$DN][0], $add)) $return[$DN]['add']['memberUid'] = $this->attributes['uid']; + if (is_array($remove)) + if (in_array($dn_cns[$DN][0], $remove)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid']; + } + // primary group mut also be removed if it has changed after setting additional groups + if (in_array($_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber']), $this->groups_orig)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid']; + } + else { + // Add user to every group + $dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group'); + // get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... ) + $DNs = array_keys($dn_cns); + foreach ($DNs as $DN) { + if (in_array($dn_cns[$DN][0], $this->groups)) $return[$DN]['add']['memberUid'] = $this->attributes['uid']; + } + } + } + else { + if (is_array($this->groups_orig)) { + //There are some old groups which have to be removed + $dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group'); + // get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... ) + $DNs = array_keys($dn_cns); + foreach ($DNs as $DN) { + if (in_array($dn_cns[$DN][0], $this->orig['groups'])) $return[$DN]['remove']['memberUid'] = $this->attributes['uid']; + } } } } - if ($this->createhomedir) $return[$_SESSION[$this->base]->dn]['lamdaemon'][] = $this->attributes['uid'][0] . " home add"; + + if ($this->createhomedir) $return[$_SESSION[$this->base]->dn]['lamdaemon']['command'][] = $this->attributes['uid'][0] . " home add"; return $return; } + function delete_attributes() { + + } + + /* This function returns all ldap attributes * which are part of posixAccount and returns * also their values. @@ -495,7 +525,7 @@ class posixAccount { * It will output a complete html-table */ function display_html_attributes($post) { - $groups = findgroups(); // list of all groupnames + $groups = $_SESSION[$_SESSION[$this->base]->cache]->findgroups(); // list of all groupnames $shelllist = getshells(); // list of all valid shells if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword(); else $password=''; @@ -517,10 +547,10 @@ class posixAccount { echo "\n"; echo "\n"; echo "" . _('Primary group') . "*\n"; - echo ""; // loop trough existing groups foreach ($groups as $group) - if (getgrnam($this->attributes['gidNumber'][0]) == $group) echo "\n"; + if ($_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'][0]) == $group) echo "\n"; else echo "\n"; echo "\n"; echo "" . _('Help') . "\n"; @@ -590,17 +620,18 @@ class posixAccount { function display_html_group($post) { // load list with all groups - $dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uidNumber', 'posixGroup', 'group'); - foreach ($dn_groups as $group) $groups[] = $group[0]; + $dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixGroup', 'group'); + $DNs = array_keys($dn_groups); + foreach ($DNs as $DN) + $groups[] = substr($DN, 3, strpos($DN, ',')-3); // sort groups sort($groups, SORT_STRING); // remove groups the user is member of from grouplist $groups = array_delete($this->groups, $groups); // Remove primary group from grouplist $groups = array_flip($groups); - if (isset($groups[getgrnam($this->attributes['gidNumber'])])) unset ($groups[getgrnam($this->attributes['gidNumber'])]); + if (isset($groups[$_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'])])) unset ($groups[$_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'])]); $groups = array_flip($groups); - echo "\n\n"; echo "\n"; @@ -627,7 +658,7 @@ class posixAccount { if (count($groups)!=0) { echo "\n"; } echo "\n"; diff --git a/lam/lib/modules/posixGroup.inc b/lam/lib/modules/posixGroup.inc new file mode 100644 index 00000000..a7a21550 --- /dev/null +++ b/lam/lib/modules/posixGroup.inc @@ -0,0 +1,587 @@ +add_objectClass(\'posixGroup\');'), E_USER_ERROR); + $this->base = $base; + // posixGroup is only a valid objectClass for user and host + if ($_SESSION[$this->base]->get_type() != 'group') trigger_error(_('posixGroup can only be used for groups.'), E_USER_WARNING); + // Add Array with all attributes and type + $this->attributes = $_SESSION[$this->base]->get_module_attributes('posixGroup'); + $_SESSION[$this->base]->add_attributes ('posixGroup'); + $this->alias = _('posixGroup'); + // Make references to attributes which already esists in ldap + $newattributes = array_keys($this->attributes); + $module = array_keys($_SESSION[$this->base]->module); + // fixme *** do we have to unset module posixAccuont itself + for ($i=0; $ibase]->module[$module[$i]]->attributes[$attribute])) + $this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute]; + } + $this->orig = $this->attributes ; + $this->attributes['objectClass'][0] = 'posixGroup'; + $this->changegids=false; + } + + // Variables + // Alias Name. This name is shown in the menu instead of posixGroup + var $alias; + // name of accountContainer so we can read other classes in accuontArray + var $base; + // Use a unix password? + var $userPassword_no; + // Lock account? + var $userPassword_lock; + // change gids of users and hosts? + var $changegids; + + // This variable contains all inetOrgPerson attributes + var $attributes; + /* If an account was loaded all attributes are kept in this array + * to compare it with new changed attributes + */ + var $orig; + + /* $attribute['userPassword'] can't accessed directly because it's enrcypted + * To read / write password function userPassword is needed + * This function will return the unencrypted password when + * called without a variable + * If it's called with a new password, the + * new password will be stored encrypted + */ + function userPassword($newpassword=false) { + if (is_string($newpassword)) { + // Write new password + if ($newpassword!='') { + $iv = base64_decode($_COOKIE["IV"]); + $key = base64_decode($_COOKIE["Key"]); + $this->attributes['userPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv)); + } + else $this->attributes['userPassword'][0] = ''; + return 0; + } + else { + if ($this->attributes['userPassword'][0]!='') { + // Read existing password if set + $iv = base64_decode($_COOKIE["IV"]); + $key = base64_decode($_COOKIE["Key"]); + $password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv); + $password = str_replace(chr(00), '', $password); + return $password; + } + else return ''; + } + } + + /* This function returns a list with all required modules + */ + function dependencies() { + return array('main'); + } + + function module_ready() { + return true; + } + + /* Write variables into object and do some regexp checks + */ + function proccess_attributes($post) { + if ($this->orig['gidNumber'][0]!='' && $post['form_posixGroup_gidNumber']!=$this->attributes['gidNumber'][0]) + $errors[] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.')); + + // Load attributes + $this->attributes['cn'][0] = $post['form_posixGroup_cn']; + $this->attributes['gidNumber'][0] = $post['form_posixGroup_gidNumber']; + $this->attributes['description'][0] = $post['form_posixGroup_description']; + if ($post['form_posixGroup_userPassword_no']) $this->userPassword_no=true; + else $this->userPassword_no=false; + if ($post['form_posixGroup_userPassword_lock']) $this->userPassword_lock=true; + else $this->userPassword_lock=false; + if ($post['form_posixGroup_changegids']) $this->changegids=true; + else $this->changegids=false; + + if (isset($post['form_posixGroup_userPassword'])) { + if ($post['form_posixGroup_userPassword'] != $post['form_posixGroup_userPassword2']) { + $errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); + unset ($post['form_posixGroup_userPassword2']); + } + else $this->userPassword($post['form_posixGroup_userPassword']); + } + if ($post['form_posixGroup_genpass']) $this->userPassword(genpasswd()); + + // Check if UID is valid. If none value was entered, the next useable value will be inserted + // load min and may uidNumber + $minID = intval($_SESSION[$_SESSION[$this->base]->config]->get_minGID()); + $maxID = intval($_SESSION[$_SESSION[$this->base]->config]->get_maxGID()); + $dn_gids = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixGroup', '*'); + // get_cache will return an array ( dn1 => array(uidnumber1), dn2 => array(uidnumber2), ... ) + foreach ($dn_gids as $gid) $gids[] = $gid[0]; + if(is_array($gids)) sort ($gids, SORT_NUMERIC); + if ($this->attributes['gidNumber'][0]=='') { + // No id-number given + if ($this->orig['gidNumber'][0]=='') { + // new account -> we have to find a free id-number + if (count($gids)!=0) { + // There are some uids + // Store highest id-number + $id = $gids[count($gids)-1]; + // Return minimum allowed id-number if all found id-numbers are too low + if ($id < $minID) $this->attributes['gidNumber'][0] = $minID; + // Return higesht used id-number + 1 if it's still in valid range + if ($id < $maxID) $this->attributes['gidNumber'][0] = $id+1; + /* If this function is still running we have to fid a free id-number between + * the used id-numbers + */ + $i = intval($minID); + while (in_array($i, $gids)) $i++; + if ($i>$maxID) + $errors[] = array('ERROR', _('ID-Number'), _('No free ID-Number!')); + else { + $this->attributes['gidNumber'][0] = $i; + $errors[] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.')); + } + } + else $this->attributes['gidNumber'][0] = $minID; + // return minimum allowed id-number if no id-numbers are found + } + else $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0]; + // old account -> return id-number which has been used + } + else { + // Check manual ID + // id-number is out of valid range + if ( ($this->attributes['gidNumber'][0]!=$post['form_posixGroup_gidNumber']) && ($this->attributes['gidNumber'][0] < $minID || $this->attributes['gidNumber'][0] > $maxID)) $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID)); + // $uids is allways an array but not if no entries were found + if (is_array($gids)) { + // id-number is in use and account is a new account + if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use')); + // id-number is in use, account is existing account and id-number is not used by itself + if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]!='' && ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0]) ) { + $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use')); + $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0]; + } + } + } + + if (($this->attributes['cn'][0] != $post['form_posixGroup_cn']) && ereg('[A-Z]$', $post['form_posixGroup_cn'])) + $errors[] = array('WARN', _('Groupname'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.')); + // Check if Username contains only valid characters + if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])+$', $this->attributes['cn'][0])) + $errors[] = array('ERROR', _('Groupname'), _('Groupname contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !')); + + // Create automatic useraccount with number if original user already exists + // Reset name to original name if new name is in use + // Set username back to original name if new username is in use + if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['cn'][0],'cn', '*')!=false && ($this->orig['cn'][0]!='')) { + $this->attributes['cn'][0] = $this->orig['cn'][0]; + } + // Change uid to a new uid until a free uid is found + else while ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['cn'][0], 'cn', '*')) { + // get last character of username + $lastchar = substr($this->attributes['cn'][0], strlen($this->attributes['cn'][0])-1, 1); + // Last character is no number + if ( !ereg('^([0-9])+$', $lastchar)) + /* Last character is no number. Therefore we only have to + * add "2" to it. + */ + $this->attributes['cn'][0] = $this->attributes['cn'][0] . '2'; + else { + /* Last character is a number -> we have to increase the number until we've + * found a groupname with trailing number which is not in use. + * + * $i will show us were we have to split groupname so we get a part + * with the groupname and a part with the trailing number + */ + $i=strlen($this->attributes['cn'][0])-1; + $mark = false; + // Set $i to the last character which is a number in $account_new->general_username + while (!$mark) { + if (ereg('^([0-9])+$',substr($this->attributes['cn'][0], $i, strlen($this->attributes['cn'][0])-$i))) $i--; + else $mark=true; + } + // increase last number with one + $firstchars = substr($this->attributes['cn'][0], 0, $i+1); + $lastchars = substr($this->attributes['cn'][0], $i+1, strlen($this->attributes['cn'][0])-$i); + // Put username together + $this->attributes['cn'][0] = $firstchars . (intval($lastchars)+1); + } + } + + // Show warning if lam has changed username + if ($this->attributes['cn'][0] != $post['form_posixGroup_cn']) { + $errors[] = array('WARN', _('Groupname'), _('Groupname in use. Selected next free groupname.')); + } + + if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $this->userPassword())) + $errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); + + // Return error-messages + if (is_array($errors)) return $errors; + // Go to additional group page when no error did ocour and button was pressed + if ($post['form_posixGroup_adduser']) return 'user'; + return 0; + } + + /* Write variables into object and do some regexp checks + */ + function proccess_user($post) { + do { // X-Or, only one if() can be true + if (isset($post['form_posixGroup_addusers']) && isset($post['form_posixGroup_addusers_button'])) { // Add groups to list + // Add new user + $this->attributes['memberUid'] = @array_merge($this->attributes['memberUid'], $post['form_posixGroup_addusers']); + // remove doubles + $this->attributes['memberUid'] = @array_flip($this->attributes['memberUid']); + array_unique($this->attributes['memberUid']); + $this->attributes['memberUid'] = @array_flip($this->attributes['memberUid']); + // sort groups + sort($this->attributes['memberUid']); + break; + } + if (isset($post['form_posixGroup_removeusers']) && isset($post['form_posixGroup_removeusers_button'])) { // remove groups from list + $this->attributes['memberUid'] = array_delete($post['form_posixGroup_removeusers'], $this->attributes['memberUid']); + break; + } + } while(0); + if (isset($post['form_posixGroup_adduser_button']) || isset($post['form_posixGroup_removeuser_button'])) return 'user'; + if ($post['form_posixGroup_toattributes']) return 'attributes'; + return 0; + } + + + /* This function loads all attributes into the object + * $attr is an array as it's retured from ldap_get_attributes + */ + function load_attributes($attr) { + // Load attributes which are displayed + // unset count entries + unset ($attr['count']); + $attributes = array_keys($attr); + foreach ($attributes as $attribute) unset ($attr[$attribute]['count']); + // unset double entries + for ($i=0; $iattributes[$attribute])) { + // decode as unicode + $this->attributes[$attribute] = $attr[$attribute]; + for ($i=0; $iattributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]); + } + } + // Values are kept as copy so we can compare old attributes with new attributes + $this->attributes['objectClass'][0] = 'posixGroup'; + $this->orig = $this->attributes; + + return 0; + } + + + + /* This function returns an array with 3 entries: + * array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) + * DN is the DN to change. It may be possible to change several DNs, + * e.g. create a new user and add him to some groups via attribute memberUid + * add are attributes which have to be added to ldap entry + * remove are attributes which have to be removed from ldap entry + * modify are attributes which have to been modified in ldap entry + */ + function save_attributes() { + $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); + + if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword'])) + unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']); + // Set unix password + if (count($this->orig['userPassword'])==0) { + // New user or no old password set + if ($this->userPassword_no) { + $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock); + } + else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock)); + } + else { + if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0] && $this->userPassword()!='' ) || $this->userPassword_no) { + // Write new password + if ($this->userPassword_no) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock); + else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock)); + } + else { // No new password but old password + // (un)lock password + if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'][0])) { + // Split old password hash in {CRYPT} and password-hash + $i = 0; + while ($this->orig['userPassword'][0]{$i} != '}') $i++; + $passwd = substr($this->orig['userPassword'][0], $i+1 ); + $crypt = substr($this->orig['userPassword'][0], 0, $i+1 ); + // remove trailing ! from password hash + if ($passwd{0} == '!') $passwd = substr($passwd, 1); + // Write new password + if ($this->userPassword_lock) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt!$passwd"); + else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt$passwd"); + } + } + } + + // Remove primary group from users from memberUid + $users_dn = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixAccount', 'user'); + $DNs = array_keys($users_dn); + for ($i=0; $iattributes['gidNumber'][0]) { + $thisuser = substr($DNs[$i], 4, strpos($DNs[$i], ",")-4); + if (@in_array($thisuser, $this->attribtues['memberUid'])) { + $this->attribtues['memberUid'] = @array_flip($this->attribtues['memberUid']); + unset($this->attribtues['memberUid'][$thisuser]); + $this->attribtues['memberUid'] = @array_flip($this->attribtues['memberUid']); + } + } + } + + // Change gids of users and hosts? + if ($this->changegids) { + // get gidNumber + $line=-1; + for ($i=0; $ildap]->objectClasses) || $i==-1; $i++) { + if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME 'posixAccount'")) $line = $i; + } + if ($line!=-1) { + $result = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixAccount', '*'); + $DNs = array_keys($result); + for ($i=0; $iorig['gidNumber'][0]) $return[$DNs[$i]]['modify']['gidNumber'][0] = $this->attributes['gidNumber'][0]; + } + // change primaryGroupID + $line=-1; + for ($i=0; $ildap]->objectClasses) || $i==-1; $i++) { + if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME 'sambaAccount'")) $line = $i; + } + if ($line!=-1) { + $result = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('primaryGroupID', 'sambaAccount', '*'); + $DNs = array_keys($result); + for ($i=0; $iorig['gidNumber'][0]*2+1001 ) $return[$DNs[$i]]['modify']['PrimaryGroupID'][0] = $this->attributes['gidNumber'][0]*2+1001; + } + } + // change sambaPrimaryGroupSID + $line=-1; + for ($i=0; $ildap]->objectClasses) || $i==-1; $i++) { + if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME 'sambaSamAccount'")) $line = $i; + } + if ($line!=-1) { + $result = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('sambaPrimaryGroupSID', 'sambaSamAccount', '*'); + $DNs = array_keys($result); + for ($i=0; $ibase]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix()); + // Get Domain-SID from group SID + $domainSID = substr($result[$DNs[$i]], 0, strrpos($result[$DNs[$i]], "-")); + for ($i=0; $iSID) + $RIDbase = $sambaDomains[$i]->RIDbase; + if ($result[$DNs[$i]][0] == $SID . "-" . $this->orig['gidNumber'][0]*2+1+$RIDbase ) $return[$DNs[$i]]['modify']['sambaPrimaryGroupSID'][0] = $SID . "-" . $this->attributes['gidNumber'][0]*2+1+$RIDbase; + } + } + } + + return $return; + } + + + /* This function returns all ldap attributes + * which are part of posixGroup and returns + * also their values. + */ + function get_attributes() { + $return = $this->attributes; + $return['userPassword'] = $this->userPassword(); + return $return; + } + + /* This function will create the html-page + * to show a page with all attributes. + * It will output a complete html-table + */ + function display_html_attributes($post) { + if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword(); + else $password=''; + echo "
base]->type."edit-bright\">"; echo "base]->type."edit-bright\">" . _("Additional groups") . "\n"; @@ -612,7 +643,7 @@ class posixAccount { if (count($this->groups)!=0) { echo "\n"; } echo "
\n"; + echo "\n"; + echo '\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='') { + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + } + echo "
' . _('Groupname') . "*attributes['cn'][0]."\">" . _('Help') . "
" . _('GID number') ."attributes['gidNumber'][0]."\">" . _('Help') . "
" . _('Description') . "attributes['description'][0]."\">" . _('Help') . "
" . _('Group members') . "" . _('Help') . "
" . _('Password') . "
" . _('Repeat password') . "
" . _('Use no password') . "userPassword_no) echo " checked "; + echo ">" . _('Help') . "
" . _('Lock password') . "userPassword_lock) echo " checked "; + echo ">" . _('Help') . "
" . _('Change GID number of users and hosts') . "changegids) echo " checked "; + echo ">" . _('Help-XX') . "
\n"; + return 0; + } + + function display_html_user($post) { + // load list with all groups + $dn_users = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uid', 'posixAccount', 'user'); + foreach ($dn_users as $user) $users[] = $user[0]; + // sort groups + sort($users, SORT_STRING); + // remove groups the user is member of from grouplist + $users = array_delete($this->attributes['memberUid'], $users); + // Remove primary group from grouplist + $users_dn = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixAccount', 'user'); + $DNs = array_keys($users_dn); + for ($i=0; $iattributes['gidNumber'][0]) { + $thisuser = substr($DNs[$i], 4, strpos($DNs[$i], ",")-4); + if (in_array($thisuser, $users)) { + $users = @array_flip($users); + unset($users[$thisuser]); + $users = @array_flip($users); + } + } + } + // sort users + sort($users); + + echo "\n\n"; + echo "
base]->type."edit-bright\">"; + echo "base]->type."edit-bright\">" . _("Group members") . "\n"; + echo "\n\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "
"; + echo "
base]->type."edit-bright\">"; + echo "base]->type."edit-bright\">" . _("Selected users") . "\n"; + // Show all groups the user is additional member of + if (count($this->attributes['memberUid'])!=0) { + echo "\n"; + } + echo "
"; + echo " "; + echo "\">

"; + echo ""._('Help')."		\n"; + echo "
base]->type."edit-bright\">"; + echo "base]->type."edit-bright\">" . _('Available users') . "\n"; + // show all groups expect these the user is member of + if (count($users)!=0) { + echo "\n"; + } + echo "
\n"; + echo "\n"; + echo "
\n"; + echo "
\n"; + return 0; + } + + } + +?> diff --git a/lam/lib/modules/quota.inc b/lam/lib/modules/quota.inc new file mode 100644 index 00000000..5083bfb3 --- /dev/null +++ b/lam/lib/modules/quota.inc @@ -0,0 +1,271 @@ +base = $base; + if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR); + if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'quota\');'), E_USER_ERROR); + // quota is only a valid objectClass for user and host + if (!($_SESSION[$this->base]->get_type() == 'user') && !($_SESSION[$this->base]->get_type() == 'group')) trigger_error(_('quota can only be used for users or hosts.'), E_USER_WARNING); + /* Check if ldap conatiner is in array and set type + * users are using inetOrgPerson-, hosts account-container + */ + if (!isset($_SESSION[$this->base]->module['posixAccount']) && $_SESSION[$this->base]->type=='user') $_SESSION[$this->base]->add_objectClass('posixAccount'); + if (!isset($_SESSION[$this->base]->module['posixGroup']) && $_SESSION[$this->base]->type=='group') $_SESSION[$this->base]->add_objectClass('posixGroup'); + $this->alias = _('quota'); + + // Get basic quotas for new account + $output_array = $_SESSION[$this->base]->lamdaemon(array("+ quota get " . $_SESSION[$this->base]->type)); + // process quotas + if (is_array($output_array)) { + $all_quota = explode(':', $output_array[0]); + for ($j=0; $jquota[$j][$k] = $single_quota[$k]; + if ($this->quota[$j][4]quota[$j][4] = ''; + else $this->quota[$j][4] = strval(intval(($this->quota[$j][4]-time())/3600)) .' '. _('hours'); + if ($this->quota[$j][8]quota[$j][8] = ''; + else $this->quota[$j][8] = strval(intval(($this->quota[$j][8]-time())/3600)) .' '. _('hours'); + } + $j=0; + while (isset($this->quota[$j][0])) + // remove invalid quotas + if (!in_array($this->quota[$j][0], $real_quotas)) unset($this->quota[$j]); + else $j++; + // Beautify array, repair index + if (is_array($this->quota)) $this->quota = array_values($this->quota); + } + } + + // Variables + // Alias Name. This name is shown in the menu instead of quota + var $alias; + // name of accountContainer so we can read other classes in accuontArray + var $base; + + var $quota; + + /* This function returns a list with all required modules + */ + function dependencies() { + if ($_SESSION[$this->base]->type=='user') return array('posixAccount'); + if ($_SESSION[$this->base]->type=='group') return array('posixGroup'); + // return error if unsupported type is used + return -1; + } + + function module_ready() { + if (!isset($_SESSION[$_SESSION[$this->base]->config]->scriptPath)) return $false; + if ($_SESSION[$this->base]->type=='user' && $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0]=='') return false; + if ($_SESSION[$this->base]->type=='group' && $_SESSION[$this->base]->module['posixGroup']->attributes['cn'][0]=='') return false; + return true; + } + + /* Write variables into object and do some regexp checks + */ + function proccess_attributes($post) { + // Write all general values into $account_new + $i=0; + // loop for every mointpoint with quotas + while ($this->quota[$i][0]) { + $this->quota[$i][2] = $post['form_quota_' . $i . '_2']; + $this->quota[$i][3] = $post['form_quota_' . $i . '_3']; + $this->quota[$i][6] = $post['form_quota_' . $i . '_6']; + $this->quota[$i][7] = $post['form_quota_' . $i . '_7']; + // Check if values are OK and set automatic values. if not error-variable will be set + if (!ereg('^([0-9])*$', $this->quota[$i][2])) + $errors[] = array('ERROR', _('Block soft quota'), _('Block soft quota contains invalid characters. Only natural numbers are allowed')); + if (!ereg('^([0-9])*$', $this->quota[$i][3])) + $errors[] = array('ERROR', _('Block hard quota'), _('Block hard quota contains invalid characters. Only natural numbers are allowed')); + if (!ereg('^([0-9])*$', $this->quota[$i][6])) + $errors[] = array('ERROR', _('Inode soft quota'), _('Inode soft quota contains invalid characters. Only natural numbers are allowed')); + if (!ereg('^([0-9])*$', $this->quota[$i][7])) + $errors[] = array('ERROR', _('Inode hard quota'), _('Inode hard quota contains invalid characters. Only natural numbers are allowed')); + if (intval($this->quota[$i][2]) > intval($this->quota[$i][3])) + $errors[] = array('ERROR', _('Block quota'), _('Block soft quota must be smaller than block hard quota')); + if (intval($this->quota[$i][6]) > intval($this->quota[$i][7])) + $errors[] = array('ERROR', _('Inode quota'), _('Inode soft quota must be smaller than inode hard quota')); + $i++; + } + + // Return error-messages + if (is_array($errors)) return $errors; + // Go to additional group page when no error did ocour and button was pressed + return 0; + } + + + /* This function loads all attributes into the object + * $attr is an array as it's retured from ldap_get_attributes + */ + function load_attributes($attr) { + // Load name + if ($_SESSION[$this->base]->type=='user') $id = $attr['uid'][0]; + if ($_SESSION[$this->base]->type=='group') $id = $attr['cn'][0]; + // Get quotas + $output_array = $_SESSION[$this->base]->lamdaemon(array("$id quota get " . $_SESSION[$this->base]->type)); + // process quotas + if (is_array($output_array)) { + $all_quota = explode(':', $output_array[0]); + for ($j=0; $jquota[$j][$k] = $single_quota[$k]; + if ($this->quota[$j][4]quota[$j][4] = ''; + else $this->quota[$j][4] = strval(intval(($this->quota[$j][4]-time())/3600)) .' '. _('hours'); + if ($this->quota[$j][8]quota[$j][8] = ''; + else $this->quota[$j][8] = strval(intval(($this->quota[$j][8]-time())/3600)) .' '. _('hours'); + } + $j=0; + while (isset($this->quota[$j][0])) + // remove invalid quotas + if (!in_array($this->quota[$j][0], $real_quotas)) unset($this->quota[$j]); + else $j++; + // Beautify array, repair index + if (is_array($this->quota)) $this->quota = array_values($this->quota); + } + return 0; + } + + + + /* This function returns an array with 3 entries: + * array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) + * DN is the DN to change. It may be possible to change several DNs, + * e.g. create a new user and add him to some groups via attribute memberUid + * add are attributes which have to be added to ldap entry + * remove are attributes which have to be removed from ldap entry + * modify are attributes which have to been modified in ldap entry + */ + function save_attributes() { + /* Check wich quotas have changed + * Because we can not send an array to lamdaemon.pl we have to put all + * values in a string. ':' sepraeates the first array, ',' the second + * + * $values->quota[][] First array is an index for every chare with active quotas + * second array Contains values for every share: + * mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes, + * soft inode limit, hard inode limit, grace inode period + */ + + $i=0; + while ($this->quota[$i][0]) { + $quotastring = $quotastring . $this->quota[$i][0] . ',' . $this->quota[$i][2] . ',' . $this->quota[$i][3] + . ',' . $this->quota[$i][6] . ',' . $this->quota[$i][7] . ':'; + $i++; + } + + if ($_SESSION[$this->base]->type=='user') $id = $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0]; + if ($_SESSION[$this->base]->type=='group') $id = $_SESSION[$this->base]->module['posixGroup']->attributes['cn'][0]; + $return[$_SESSION[$this->base]->dn]['lamdaemon']['command'][] = $id . " quota set " . $_SESSION[$this->base]->type . " $quotastring\n"; + + return $return; + } + + function delete_attributes() { + $i=0; + while ($this->quota[$i][0]) { + $quotastring = $quotastring . $this->quota[$i][0] . ',0,0,0,0:'; + $i++; + } + if ($_SESSION[$this->base]->type=='user') $id = $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0]; + if ($_SESSION[$this->base]->type=='group') $id = $_SESSION[$this->base]->module['posixGroup']->attributes['cn'][0]; + $return[$_SESSION[$this->base]->dn]['lamdaemon']['command'][] = $id . " quota set " . $_SESSION[$this->base]->type . " $quotastring\n"; + return $return; + } + + + /* This function returns all ldap attributes + * which are part of quota and returns + * also their values. + */ + function get_attributes() { + return $this->quota; + } + + /* This function will create the html-page + * to show a page with all attributes. + * It will output a complete html-table + */ + function display_html_attributes($post) { + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + $i=0; + // loop for every mointpoint with enabled quotas + while ($this->quota[$i][0]) { + echo "\n"; + echo "\n"; + echo "\n"; // used blocks + echo "\n"; // blocks soft limit + echo "\n"; // blocks hard limit + echo "\n"; // block grace period + echo "\n"; // used inodes + echo "\n"; // inodes soft limit + echo "\n"; // inodes hard limit + echo "\n"; + echo "\n"; // inodes grace period + $i++; + } + + echo "
" . _('Mountpoint') . "" . _('Used blocks') . "" . _('Soft block limit') . "" . _('Hard block limit') . "" . _('Grace block period') . "" . _('Used inodes') . "" . _('Soft inode limit') . "" . _('Hard inode limit') . "" . _('Grace inode period') . "
" . _('Help') . "" . _('Help') . "" . _('Help') . "" . _('Help') . "" . _('Help') . "" . _('Help') . "" . _('Help') . "" . _('Help') . "" . _('Help') . "
" . $this->quota[$i][0] . "" . $this->quota[$i][1] . "quota[$i][2] . "\">quota[$i][3] . "\">" . $this->quota[$i][4] . "" . $this->quota[$i][5] . "quota[$i][6] . "\">quota[$i][7] . "\">" . $this->quota[$i][8] . "
\n"; + return 0; + } + + + + } + + + +?> \ No newline at end of file diff --git a/lam/lib/modules/sambaAccount.inc b/lam/lib/modules/sambaAccount.inc index 55c071b7..0c251f89 100644 --- a/lam/lib/modules/sambaAccount.inc +++ b/lam/lib/modules/sambaAccount.inc @@ -209,13 +209,13 @@ class sambaAccount { if ($post['form_sambaAccount_rid']== _('Administrator')) { $this->attributes['rid'][0] = "500"; // Do a check if an administrator already exists - if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("500", 'rid', 'user')) + if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("500", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig) $errors[] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.')); } if ($post['form_sambaAccount_rid']== _('Guest')) { $this->attributes['rid'][0] = "501"; // Do a check if an administrator already exists - if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("501", 'rid', 'user')) + if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("501", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig) $errors[] = array('ERROR', _('Special user'), _('There can be only one guest per domain.')); } $this->attributes['smbHome'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['smbHome'][0]); @@ -338,6 +338,12 @@ class sambaAccount { if ($this->attributes['rid'][0] == "501") $special = true; if ($this->attributes['rid'][0] == "515") $special = true; if (!$special) $this->attributes['rid'][0] == $_SESSION[$this->base]->module['posixAccount']->attributes['uidNumber'][0]*2+1000; + $rids = array_keys($this->rids); + $wrid = false; + for ($i=0; $iattributes['primaryGroupID'][0] == $rids[$i]) + $wrid = true; + if (!$wrid) $this->attributes['primaryGroupID'][0] = ($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]*2)+1001; @@ -509,8 +515,8 @@ class sambaAccount { } else echo ""; } - if ($wrid) echo ""; - else echo ""; + if ($wrid) echo ""; + else echo ""; echo "\n"; echo "" . _('Help') . "\n"; echo "\n"; diff --git a/lam/lib/modules/sambaGroupMapping.inc b/lam/lib/modules/sambaGroupMapping.inc new file mode 100644 index 00000000..438a77f0 --- /dev/null +++ b/lam/lib/modules/sambaGroupMapping.inc @@ -0,0 +1,269 @@ +add_objectClass(\'sambaGroupMapping\');'), E_USER_ERROR); + $this->base = $base; + // sambaGroupMapping is only a valid objectClass for user and host + if ($_SESSION[$this->base]->get_type() != 'group') trigger_error(_('sambaGroupMapping can only be used for groups.'), E_USER_WARNING); + // Add Array with all attributes and type + $this->attributes = $_SESSION[$this->base]->get_module_attributes('sambaGroupMapping'); + $_SESSION[$this->base]->add_attributes ('sambaGroupMapping'); + $this->alias = _('sambaGroupMapping'); + // Make references to attributes which already esists in ldap + $newattributes = array_keys($this->attributes); + $module = array_keys($_SESSION[$this->base]->module); + // fixme *** do we have to unset module posixAccuont itself + for ($i=0; $ibase]->module[$module[$i]]->attributes[$attribute])) $this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute]; + } + $this->orig = $this->attributes ; + $this->attributes['objectClass'][0] = 'sambaGroupMapping'; + $this->rids = array ( _('Domain Admins') => 512, _('Domain Users') => 513, _('Domain Guests') => 514, _('Domain Computers') => 515, _('Domain Controllers') => 516, + _('Domain Certificate Admins') => 517, _('Domain Schema Admins') => 518, _('Domain Enterprise Admins') => 519, _('Domain Policy Admins') => 520 ); + } + + // Variables + // Alias Name. This name is shown in the menu instead of sambaGroupMapping + var $alias; + // name of accountContainer so we can read other classes in accuontArray + var $base; + + // This variable contains all inetOrgPerson attributes + var $attributes; + /* If an account was loaded all attributes are kept in this array + * to compare it with new changed attributes + */ + var $orig; + // Array of well known rids + var $rids; + + /* This function returns a list with all required modules + */ + function dependencies() { + return array('posixGroup'); + } + + function module_ready() { + if ($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]=='') return false; + return true; + } + + /* Write variables into object and do some regexp checks + */ + function proccess_attributes($post) { + // Get Domain SID from name + $sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix()); + for ($i=0; $iname) { + $SID = $sambaDomains[$i]->SID; + $RIDbase = $sambaDomain[$i]->RIDbase; + } + + // Load attributes + $this->attributes['displayName'][0] = $post['form_sambaGroupMapping_displayName']; + $this->attributes['sambaGroupType'][0] = 2; + + $rids = array_keys($this->rids); + $wrid = false; + for ($i=0; $iattributes['sambaSID'][0] = $SID."-".$this->rids[$rids[$i]]; + // Do a check if special grou pis unique + if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-".$this->rids[$rids[$i]], 'sambaSID', 'group')) + $errors[] = array('ERROR', _('Special Group'),sprintf( _('There can be only one group %s.'), $rids[$i])); + } + } + if (!$wrid) $this->attributes['sambaSID'][0] = $SID."-".($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]*2)+$RIDbase+1; + + + + // Return error-messages + if (is_array($errors)) return $errors; + return 0; + } + + + /* This function loads all attributes into the object + * $attr is an array as it's retured from ldap_get_attributes + */ + function load_attributes($attr) { + // Load attributes which are displayed + // unset count entries + unset ($attr['count']); + $attributes = array_keys($attr); + foreach ($attributes as $attribute) unset ($attr[$attribute]['count']); + // unset double entries + for ($i=0; $iattributes[$attribute])) { + // decode as unicode + $this->attributes[$attribute] = $attr[$attribute]; + for ($i=0; $iattributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]); + } + } + // Values are kept as copy so we can compare old attributes with new attributes + $this->attributes['objectClass'][0] = 'sambaGroupMapping'; + $this->orig = $this->attributes; + return 0; + } + + + + /* This function returns an array with 3 entries: + * array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) + * DN is the DN to change. It may be possible to change several DNs, + * e.g. create a new user and add him to some groups via attribute memberUid + * add are attributes which have to be added to ldap entry + * remove are attributes which have to be removed from ldap entry + * modify are attributes which have to been modified in ldap entry + */ + function save_attributes() { + // Get Domain SID from name + $sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix()); + // Get Domain-SID from group SID + $domainSID = substr($this->attributes['sambaSID'][0], 0, strrpos($this->attributes['sambaSID'][0], "-")); + for ($i=0; $iSID) + $SID = $sambaDomains[$i]->SID; + $names = array_keys($this->rids); + $wrid=false; + for ($i=0; $iattributes['sambaSID'][0]==$SID."-".$this->rids[$names[$i]]) { + $wrid=true; + } + if (!$wrid) $this->attributes['sambaSID'][0] == $SID."-".($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]*2+1+$RIDbase); + $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); + + return $return; + } + + + /* This function returns all ldap attributes + * which are part of sambaGroupMapping and returns + * also their values. + */ + function get_attributes() { + return $this->attributes; + } + + /* This function will create the html-page + * to show a page with all attributes. + * It will output a complete html-table + */ + function display_html_attributes($post) { + // Get Domain SID from name + $sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix()); + // Get Domain-SID from group SID + $domainSID = substr($this->attributes['sambaSID'][0], 0, strrpos($this->attributes['sambaSID'][0], "-")); + for ($i=0; $iname; + if ($domainSID==$sambaDomains[$i]->SID) { + $SID = $sambaDomains[$i]->SID; + $sel_domain = $sambaDomains[$i]->name; + } + } + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "
" . _("Display name") . "attributes['displayName'][0]."\">" . _('Help') . "
" . _('Special group') . "" . _('Help') . "
" . _('Domain') . "" . _('Help') . "
\n"; + return 0; + } + + + } + +?> diff --git a/lam/lib/modules/sambaSamAccount.inc b/lam/lib/modules/sambaSamAccount.inc index 10f2f528..932e9de5 100644 --- a/lam/lib/modules/sambaSamAccount.inc +++ b/lam/lib/modules/sambaSamAccount.inc @@ -216,13 +216,13 @@ class sambaSamAccount { if ($post['form_sambaSamAccount_sambaSID']== _('Administrator')) { $this->attributes['sambaSID'][0] = $SID."-500"; // Do a check if an administrator already exists - if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-500", 'sambaSID', 'user')) + if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-500", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig) $errors[] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.')); } if ($post['form_sambaSamAccount_sambaSID']== _('Guest')) { $this->attributes['sambaSID'][0] = $SID."-501"; // Do a check if an administrator already exists - if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-501", 'sambaSID', 'user')) + if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-501", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig) $errors[] = array('ERROR', _('Special user'), _('There can be only one guest per domain.')); } // Check values @@ -349,6 +349,13 @@ class sambaSamAccount { if ($this->attributes['sambaSID'][0] == $SID."-500") $special = true; if ($this->attributes['sambaSID'][0] == $SID."-501") $special = true; if (!$special) $this->attributes['sambaSID'][0] == $SID."-".($_SESSION[$this->base]->module['posixAccount']->attributes['uidNumber'][0]*2+$RIDbase); + $rids = array_keys($this->rids); + $wrid = false; + for ($i=0; $iattributes['sambaPrimaryGroupSID'][0] == $SID . "-" . $rids[$i]) + $wrid = true; + if (!$wrid) $this->attributes['sambaPrimaryGroupSID'][0] = $SID."-".($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]*2)+$RIDbase+1; + $return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig); // Set password @@ -525,8 +532,8 @@ class sambaSamAccount { } else echo ""; } - if ($wrid) echo ""; - else echo ""; + if ($wrid) echo ""; + else echo ""; echo "\n"; echo "" . _('Help') . "\n"; echo "\n"; diff --git a/lam/templates/account/useredit.php.new b/lam/templates/account/useredit.php.new index c246079d..d5143c05 100644 --- a/lam/templates/account/useredit.php.new +++ b/lam/templates/account/useredit.php.new @@ -40,8 +40,6 @@ $dir = opendir('../../lib/modules'); while ($entry = readdir($dir)) if (is_file('../../lib/modules/'.$entry)) include_once ('../../lib/modules/'.$entry); - - // Start session session_save_path('../../sess'); @session_start();