Added new modules and improve ols modules
This commit is contained in:
parent
58021e0cef
commit
62d35c207a
|
@ -45,7 +45,7 @@ class cache {
|
|||
*/
|
||||
function add_cache($attributes) {
|
||||
// Check input variable
|
||||
$allowed_types = array ( 'user', 'group', 'host', '*' );
|
||||
$allowed_types = array ( 'user', 'group', 'host', 'domain', '*' );
|
||||
if (!is_array($attributes)) trigger_error(_('Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).'), E_USER_ERROR);
|
||||
foreach ($attributes as $attribute) {
|
||||
if (!is_array($attribute)) trigger_error(_('Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).'), E_USER_ERROR);
|
||||
|
@ -73,7 +73,7 @@ class cache {
|
|||
function get_cache($attribute, $objectClass, $singlescope) {
|
||||
$this->refresh_cache();
|
||||
// Check input variables
|
||||
$allowed_types = array ( 'user', 'group', 'host', '*' );
|
||||
$allowed_types = array ( 'user', 'group', 'host', 'domain', '*' );
|
||||
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
|
||||
$line=-1;
|
||||
for ($i=0; $i<count($_SESSION['ldap']->objectClasses) || $i==-1; $i++) {
|
||||
|
@ -139,7 +139,7 @@ class cache {
|
|||
function in_cache($value, $attribute, $singlescope) {
|
||||
$this->refresh_cache();
|
||||
// Check input variables
|
||||
$allowed_types = array ( 'user', 'group', 'host', '*' );
|
||||
$allowed_types = array ( 'user', 'group', 'host', 'domain', '*' );
|
||||
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
|
||||
// Create list of all allowed attributes
|
||||
for ($i=0; $i<count($this->ldap->objectClasses); $i++ ) {
|
||||
|
@ -235,7 +235,7 @@ class cache {
|
|||
* made without refrehing the complete cache
|
||||
*/
|
||||
function update_cache($dn, $attributes, $singlescope) {
|
||||
$allowed_types = array ( 'user', 'group', 'host', '*' );
|
||||
$allowed_types = array ( 'user', 'group', 'host', 'domain', '*' );
|
||||
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
|
||||
// Everything seems to be OK, start processing data
|
||||
$this->refresh_cache();
|
||||
|
@ -247,213 +247,44 @@ class cache {
|
|||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* Main-Module. Contains basic module functions have to be loaded first
|
||||
* It also chooses which page to show.
|
||||
*/
|
||||
class main {
|
||||
// This variable stores the number of the current displayed page
|
||||
var $current_page;
|
||||
// This variable os set to the pagename of a subpage if it should be displayed
|
||||
var $subpage;
|
||||
// name of accountContainer so we can read other classes in accuontArray
|
||||
var $base;
|
||||
// Alias Name. This name is shown in the menu instead of main
|
||||
var $alias;
|
||||
|
||||
function main($base) {
|
||||
$this->current_page = 0;
|
||||
$this->subpage = '';
|
||||
/* Create a reference to basearray so we can read all other modules
|
||||
* php will avaois recousrion itself
|
||||
/* This function will return the gidNumber to an existing groupname
|
||||
* gidNumbers are taken from cache-array
|
||||
*/
|
||||
$this->base = $base;
|
||||
$this->alias = _('main');
|
||||
function getgid($groupname) {
|
||||
$dn_groups = $_SESSION['cache']->get_cache('gidNumber', 'posixGroup', 'group');
|
||||
$DNs = array_keys($dn_groups);
|
||||
foreach ($DNs as $DN) {
|
||||
if (strpos($DN, $groupname))
|
||||
return $dn_groups[$DN][0];
|
||||
}
|
||||
}
|
||||
|
||||
/* This function returns a list with all required modules
|
||||
|
||||
/* This function will return an array with all groupnames
|
||||
* found in ldap. Groupnames are taken from cache-array.
|
||||
*/
|
||||
function dependencies() {
|
||||
return array();
|
||||
}
|
||||
|
||||
function module_ready() {
|
||||
return true;
|
||||
}
|
||||
|
||||
function display_html_attributes($post) {
|
||||
$function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();';
|
||||
eval($function);
|
||||
$modules = $_SESSION[$this->base]->check_attributes();
|
||||
if (count($modules)!=0) {
|
||||
$disabled = 'disabled';
|
||||
for ($i=0; $i<count($modules); $i++) StatusMessage('ERROR', _('Check module'), sprintf(_('Please set up all required attributes on %s page'), $_SESSION[$this->base]->module[$modules[$i]]->alias));
|
||||
}
|
||||
else $disabled = '';
|
||||
|
||||
echo "<table border=0 width=\"100%\">\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Suffix') . "</td>\n";
|
||||
echo "<td><select name=\"form_main_suffix\">";
|
||||
// loop through all suffixes
|
||||
$function = '$suffix = $_SESSION[$_SESSION[$this->base]->config]->get_'.ucfirst($_SESSION[$this->base]->type).'Suffix();';
|
||||
eval($function);
|
||||
foreach ($_SESSION[$_SESSION[$this->base]->ldap]->search_units($suffix) as $suffix) {
|
||||
if ($_SESSION[$this->base]->dn) {
|
||||
if ($_SESSION[$this->base]->dn == $suffix) echo "<option selected>$suffix</option>\n";
|
||||
else echo "<option>$suffix</option>\n";
|
||||
}
|
||||
else echo "<option>$suffix</option>\n";
|
||||
}
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=461\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
// Show fieldset with list of all user profiles
|
||||
if (count($profilelist)!=0) {
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _("Load profile") . "</td>\n";
|
||||
echo "<td><select name=\"form_main_selectLoadProfile\">";
|
||||
foreach ($profilelist as $profile) echo "<option>$profile</option>\n";
|
||||
echo "</select>\n";
|
||||
echo "<input name=\"form_main_loadProfile\" type=\"submit\" value=\"" . _('Load Profile') . "\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=421\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
}
|
||||
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _("Save profile") . "</td>\n";
|
||||
echo "<td><input name=\"form_main_selectSaveProfile\" type=\"text\" size=\"30\" maxlength=\"50\">\n";
|
||||
echo "<input name=\"form_main_saveProfile\" type=\"submit\" value=\"" . _('Save profile') . "\" $disabled ></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=457\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
echo "<tr>\n";
|
||||
echo "<td><input name=\"form_main_create\" type=\"submit\" value=\"";
|
||||
if ($_SESSION[$this->base]->dn_orig!='') echo _('Modify Account');
|
||||
else echo _('Create Account');
|
||||
echo "\" $disabled ></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
function findgroups() {
|
||||
$dn_groups = $_SESSION['cache']->get_cache('cn', 'posixGroup', 'group');
|
||||
$DNs = array_keys($dn_groups);
|
||||
foreach ($DNs as $DN)
|
||||
$return[] = $dn_groups[$DN][0];
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
/* This page will be shown if an account
|
||||
* has been saved
|
||||
/* This function will return the groupname to an existing gidNumber
|
||||
* groupnames are taken from cache-array
|
||||
*/
|
||||
function display_html_finish($post) {
|
||||
// Show success message
|
||||
if ($_SESSION[$this->base]->dn_orig=='') $kind = _('created');
|
||||
else $kind = _('modified');
|
||||
$text = sprintf(_('%s has been %s.'), ucfirst($_SESSION[$this->base]->type), $kind);
|
||||
StatusMessage('INFO', _('LDAP operation successful.'), $text);
|
||||
|
||||
// Show rest of page
|
||||
echo "<table border=0 width=\"100%\">\n";
|
||||
echo "<tr>\n";
|
||||
if ($_SESSION[$this->base]->dn_orig=='') {
|
||||
echo "<td><input name=\"form_main_createagain\" type=\"submit\" value=\"";
|
||||
echo sprintf(_('Create another %s'), $_SESSION[$this->base]->type);
|
||||
echo "\"></td>\n";
|
||||
function getgrnam($gidNumber) {
|
||||
$dn_groups = $_SESSION['cache']->get_cache('gidNumber', 'posixGroup', 'group');
|
||||
$DNs = array_keys($dn_groups);
|
||||
foreach ($DNs as $DN) {
|
||||
if ($dn_groups[$DN][0]==$gidNumber)
|
||||
$return = substr($DN, 3, strpos($DN, ',')-3);
|
||||
}
|
||||
echo "<td><input name=\"form_main_outputpdf\" type=\"submit\" value=\"" . _('Create PDF file') . "\"></td>\n";
|
||||
echo "<td><input name=\"form_main_backmain\" type=\"submit\" value=\"";
|
||||
echo sprintf (_('Back to %s list'), $_SESSION[$this->base]->type);
|
||||
echo "\"></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
return $return;
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_finish($post) {
|
||||
if ($post['form_main_createagain']) {
|
||||
// Reset objects
|
||||
$modules = array_keys($_SESSION[$this->base]->module);
|
||||
foreach ($modules as $module)
|
||||
if ($module!='main') unset($_SESSION[$this->base]->module[$module]);
|
||||
// Reset accountContainer
|
||||
$_SESSION[$this->base]->dn = '';
|
||||
$_SESSION[$this->base]->dn_orig = '';
|
||||
$_SESSION[$this->base]->attributes = array();
|
||||
$_SESSION[$this->base]->order = array();
|
||||
$this->current_page = 0;
|
||||
$this->subpage = '';
|
||||
// Add all required objects etc.
|
||||
$_SESSION[$this->base]->new_account();
|
||||
return 0;
|
||||
}
|
||||
if ($post['form_main_backmain']) {
|
||||
// Return to *-list
|
||||
// *** fixme unset accountContainer in session
|
||||
metaRefresh("../lists/list".$_SESSION[$this->base]->type."s.php");
|
||||
exit;
|
||||
}
|
||||
if ($post['form_main_outputpdf']) {
|
||||
// Create / display PDf-file
|
||||
$function = 'create'.ucfirst($_SESSION[$this->base]->type).'PDF(array($_SESSION[$this->base]));';
|
||||
eval($function);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
// change dn
|
||||
if ($post['form_main_suffix']!='') $_SESSION[$this->base]->dn = $post['form_main_suffix'];
|
||||
// load profile
|
||||
if ($post['form_main_selectLoadProfile'] && $post['form_main_loadProfile']) {
|
||||
// *** fixme load*Profile must return array in the same way ldap_get_attributes does.
|
||||
$function = '$newattributes = load'.ucfirst($scope).'Profile($post[\'form_main_selectLoadProfile\']);';
|
||||
eval($function);
|
||||
// pass newattributes to each module
|
||||
$modules = array_keys($_SESSION[$this->base]->module);
|
||||
foreach ($modules as $module) $_SESSION[$this->base]->module[$module]->load_attributes($newattributes);
|
||||
return 0;
|
||||
}
|
||||
// save account
|
||||
if ($post['form_main_create']) {
|
||||
$success = $_SESSION[$this->base]->save_account();
|
||||
if (is_array($success)) return array($success);
|
||||
// return name of subpage
|
||||
return 'finish';
|
||||
}
|
||||
// save profile
|
||||
if ($post['form_main_saveProfile']) {
|
||||
if ($post['form_main_selectSaveProfile']=='') $errors[] = array('ERROR', _('Save profile'), _('No profilename given.'));
|
||||
else {
|
||||
$function = 'save'.ucfirst($scope).'Profile();';
|
||||
eval($function);
|
||||
if ($function) $errors[] = array('INFO', _('Save profile'), _('New profile created.'));
|
||||
else $errors[] = array('ERROR', _('Save profile'), _('Wrong profilename given.'));
|
||||
}
|
||||
if (is_array($errors)) return $errors;
|
||||
else return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Dummy functions to make module compatible
|
||||
function load_attributes($attr) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Dummy functions to make module compatible
|
||||
function save_attributes() {
|
||||
return array();
|
||||
}
|
||||
|
||||
// Dummy functions to make module compatible
|
||||
function get_attributes() {
|
||||
return array();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
@ -467,7 +298,7 @@ class accountContainer {
|
|||
if (!is_string($type)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
|
||||
// *** fixme use global variable to determine allowed types
|
||||
$allowed_types = array ( 'user', 'group', 'host' );
|
||||
$allowed_types = array ( 'user', 'group', 'host', 'domain' );
|
||||
if (!in_array($type, $allowed_types)) trigger_error(_('Account type not recognized.'), E_USER_ERROR);
|
||||
$this->type = $type;
|
||||
$this->base = $base;
|
||||
|
@ -647,8 +478,6 @@ class accountContainer {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
/* This function return ldap attributes
|
||||
|
@ -737,6 +566,7 @@ class accountContainer {
|
|||
}
|
||||
}
|
||||
}
|
||||
$this->add_attributes($objectClass);
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
@ -846,15 +676,20 @@ class accountContainer {
|
|||
$this->dn_orig = $dn;
|
||||
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||
if (isset($attr['objectClass']['count'])) unset($attr['objectClass']['count']);
|
||||
// Add objects
|
||||
foreach ($attr['objectClass'] as $objectClass) $this->add_objectClass($objectClass);
|
||||
// load attributes
|
||||
foreach ($attr['objectClass'] as $objectClass)
|
||||
foreach ($attr['objectClass'] as $objectClass) {
|
||||
$this->add_objectClass($objectClass);
|
||||
if (isset($this->module[$objectClass])) $this->module[$objectClass]->load_attributes($attr);
|
||||
}
|
||||
$this->module['quota'] = new quota($this->base);
|
||||
$this->module['quota']->load_attributes($attr);
|
||||
|
||||
|
||||
// sortm modules and make all active because all required attributes should be set
|
||||
$module = array_keys ($this->module);
|
||||
$modulelist = array();
|
||||
// *** fixme add modules from config which should be used but not yet in loaded account
|
||||
// *** fixme how to handle non ldap modules?
|
||||
|
||||
// loop until all modules are in order.
|
||||
// We don't want to loop forever
|
||||
|
@ -1006,7 +841,7 @@ class accountContainer {
|
|||
}
|
||||
}
|
||||
foreach ($attributes as $DN)
|
||||
if (is_array($DN['lamdaemon'])) $this->lamdaemon($DN['lamdaemon']);
|
||||
if (is_array($DN['lamdaemon']['command'])) $this->lamdaemon($DN['lamdaemon']['command']);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -1020,11 +855,7 @@ class accountContainer {
|
|||
*/
|
||||
$towrite = escapeshellarg($_SESSION[$this->config]->scriptServer)." ".escapeshellarg($_SESSION[$this->config]->scriptPath)." ".
|
||||
escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]);
|
||||
if (is_array($users)) {
|
||||
foreach ($users as $user) {
|
||||
$userstring .= "$user home add\n";
|
||||
}
|
||||
}
|
||||
|
||||
$userstring = implode ("\n", $commands);
|
||||
if (function_exists(proc_open)) {
|
||||
// New Code, requires PHP 4.3
|
||||
|
@ -1068,8 +899,7 @@ class accountContainer {
|
|||
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
// This class keeps all needed values for any account
|
||||
class account {
|
||||
// Type : user | group | host
|
||||
|
@ -1118,6 +948,7 @@ class account {
|
|||
* mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes,
|
||||
* soft inode limit, hard inode limit, grace inode period
|
||||
*/
|
||||
/*
|
||||
// Personal Settings
|
||||
var $personal_title; // string title of user
|
||||
var $personal_mail; // string mailaddress of user
|
||||
|
@ -1129,7 +960,7 @@ class account {
|
|||
var $personal_postalAddress; // string postal Address of user
|
||||
var $personal_employeeType; // string employe type of user
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
/* Return a list of all shells listed in ../config/shells
|
||||
* Normally ../config/shells is a symbolic link to /etc/shells
|
||||
|
@ -1172,12 +1003,13 @@ function replace_umlaut($text) {
|
|||
function array_delete($values, $array) {
|
||||
// Loop for every entry and check if it should be removed
|
||||
if (is_array($array)) {
|
||||
$return = array();
|
||||
foreach ($array as $array_value)
|
||||
if (!@in_array($array_value, $values))
|
||||
$return[] = $array_value;
|
||||
return $return;
|
||||
}
|
||||
else return 0;
|
||||
else return array();
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -22,13 +22,10 @@ $Id$
|
|||
|
||||
/*
|
||||
* Variables in basearray which are no objects:
|
||||
* type: Type of account. Can be user, group, host
|
||||
* type: Type of account. Can be user, group, host, domain
|
||||
* attributes: List of all attributes, how to get them and are theiy required or optional
|
||||
* dn: current DN without uid= or cn=
|
||||
* dn_orig: old DN if account was loaded with uid= or cn=
|
||||
|
||||
* External functions which are used
|
||||
* account.inc:
|
||||
*/
|
||||
|
||||
|
||||
|
@ -36,38 +33,33 @@ $Id$
|
|||
* and funtioncs required to deal with account
|
||||
* account can only be created when it should be added
|
||||
* to an array.
|
||||
* basearray is the same array account should be added
|
||||
* to. If basearray is not given the constructor tries to
|
||||
* create an array with account and all other required
|
||||
* objects.
|
||||
* Example: $user[] = new account($user);
|
||||
* $base is the name of account_container in session
|
||||
*
|
||||
*/
|
||||
|
||||
class account {
|
||||
// Constructor
|
||||
function account($base) {
|
||||
/* Return an error if posixAccount should be created without
|
||||
* base container
|
||||
*/
|
||||
// Get local copy of name of account_container in session
|
||||
$this->base = $base;
|
||||
// Do some error checks
|
||||
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'account\');'), E_USER_ERROR);
|
||||
$this->base = $base;
|
||||
// account is only a valid objectClass for users
|
||||
if ($_SESSION[$this->base]->get_type() != 'host') trigger_error(_('account can only be used for hosts.'), E_USER_WARNING);
|
||||
// Add Array with all attributes and type
|
||||
// load attribtues which are used in account objectClass
|
||||
$this->attributes = $_SESSION[$this->base]->get_module_attributes('account');
|
||||
$_SESSION[$this->base]->add_attributes ('account');
|
||||
// Create copy of attributes
|
||||
$this->orig = $this->attributes ;
|
||||
// Add objectClass to attributes
|
||||
$this->attributes['objectClass'][0] = 'account';
|
||||
// unset userPassword because we handle it separat.
|
||||
// Set aliasname
|
||||
$this->alias = _('account');
|
||||
}
|
||||
|
||||
// Variables
|
||||
// Alias Name. This name is shown in the menu instead of posixAccount
|
||||
// Alias Name. This name is shown in the menu instead of 'account'
|
||||
var $alias;
|
||||
// reference to base-array so we can read other classes in basearray
|
||||
// name of account_container in session so we can read other classes in account_container
|
||||
var $base;
|
||||
// This variable contains all account attributes
|
||||
var $attributes;
|
||||
|
@ -82,16 +74,29 @@ class account {
|
|||
return array('main');
|
||||
}
|
||||
|
||||
/* This function returns true if all required attributes from other
|
||||
* modules are set. This is required to prevent undefined states
|
||||
*/
|
||||
function module_ready() {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/* This function returns a list of all html-pages in module
|
||||
* This is usefull for mass upload and pdf-files
|
||||
* because lam can walk trough all pages itself and do some
|
||||
* error checkings
|
||||
*/
|
||||
function pages() {
|
||||
return array('attributes');
|
||||
}
|
||||
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
// Load attributes
|
||||
$this->attributes['description'][0] = $post['form_account_description'];
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -99,7 +104,6 @@ class account {
|
|||
* $attr is an array as it's retured from ldap_get_attributes
|
||||
*/
|
||||
function load_attributes($attr) {
|
||||
// Load attributes which are displayed
|
||||
// unset count entries
|
||||
unset ($attr['count']);
|
||||
$attributes = array_keys($attr);
|
||||
|
@ -107,6 +111,7 @@ class account {
|
|||
// unset double entries
|
||||
for ($i=0; $i<count($attr); $i++)
|
||||
if (isset($attr[$i])) unset($attr[$i]);
|
||||
// load attribtues
|
||||
foreach ($attributes as $attribute) {
|
||||
if (isset($this->orig[$attribute])) {
|
||||
$this->orig[$attribute] = $attr[$attribute];
|
||||
|
@ -114,24 +119,25 @@ class account {
|
|||
for ($i=0; $i<count($this->orig[$attribute]); $i++) $this->orig[$attribute][$i] = utf8_decode ($this->orig[$attribute][$i]);
|
||||
}
|
||||
}
|
||||
// Values are kept as copy so we can compare old attributes with new attributes
|
||||
// Add objectClass to orig because we don't want to add objectClass if it's already set
|
||||
$this->orig['objectClass'][0] = 'account';
|
||||
// Values are kept as copy so we can compare old attributes with new attributes
|
||||
$this->attributes = $this->orig;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* This function returns an array with 3 entries:
|
||||
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
|
||||
/* This function returns an array with 4 entries:
|
||||
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr), 'lamdaemon' => array(cmds)), DN2 .... )
|
||||
* DN is the DN to change. It may be possible to change several DNs,
|
||||
* e.g. create a new user and add him to some groups via attribute memberUid
|
||||
* add are attributes which have to be added to ldap entry
|
||||
* remove are attributes which have to be removed from ldap entry
|
||||
* lamdaemon are lamdaemon commands to modify homedir, quotas, ...
|
||||
*/
|
||||
function save_attributes() {
|
||||
// Get easy attributes
|
||||
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
||||
|
||||
// Return attributes
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
@ -158,9 +164,6 @@ class account {
|
|||
return 0;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
?>
|
||||
|
|
|
@ -22,51 +22,43 @@ $Id$
|
|||
|
||||
/*
|
||||
* Variables in basearray which are no objects:
|
||||
* type: Type of account. Can be user, group, host
|
||||
* type: Type of account. Can be user, group, host, domain
|
||||
* attributes: List of all attributes, how to get them and are theiy required or optional
|
||||
* dn: current DN without uid= or cn=
|
||||
* dn_orig: old DN if account was loaded with uid= or cn=
|
||||
|
||||
* External functions which are used
|
||||
* account.inc:
|
||||
*/
|
||||
|
||||
|
||||
/* This class contains all inetOrgPerson LDAP attributes
|
||||
/* This class contains all account LDAP attributes
|
||||
* and funtioncs required to deal with inetOrgPerson
|
||||
* inetOrgPerson can only be created when it should be added
|
||||
* to an array.
|
||||
* basearray is the same array inetOrgPerson should be added
|
||||
* to. If basearray is not given the constructor tries to
|
||||
* create an array with inetOrgPerson and all other required
|
||||
* objects.
|
||||
* Example: $user[] = new inetOrgPerson($user);
|
||||
*
|
||||
* $base is the name of account_container in session
|
||||
*/
|
||||
|
||||
class inetOrgPerson {
|
||||
// Constructor
|
||||
function inetOrgPerson($base) {
|
||||
/* Return an error if posixAccount should be created without
|
||||
* base container
|
||||
*/
|
||||
// Get local copy of name of account_container in session
|
||||
$this->base = $base;
|
||||
// Do some error checks
|
||||
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR);
|
||||
$this->base = $base;
|
||||
// inetOrgPerson is only a valid objectClass for users
|
||||
if ($_SESSION[$this->base]->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
|
||||
// Add Array with all attributes and type
|
||||
if ($_SESSION[$this->base]->type != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
|
||||
// load attribtues which are used in inetOrgPerson objectClass
|
||||
$this->attributes = $_SESSION[$this->base]->get_module_attributes('inetOrgPerson');
|
||||
$_SESSION[$this->base]->add_attributes ('inetOrgPerson');
|
||||
// Create copy of attributes
|
||||
$this->orig = $this->attributes ;
|
||||
// Add objectClass to attributes
|
||||
$this->attributes['objectClass'][0] = 'inetOrgPerson';
|
||||
// Set aliasname
|
||||
$this->alias = _('inetOrgPerson');
|
||||
}
|
||||
|
||||
// Variables
|
||||
// Alias Name. This name is shown in the menu instead of posixAccount
|
||||
var $alias;
|
||||
// reference to base-array so we can read other classes in basearray
|
||||
// name of account_container in session so we can read other classes in account_container
|
||||
var $base;
|
||||
// This variable contains all inetOrgPerson attributes
|
||||
var $attributes;
|
||||
|
@ -82,10 +74,23 @@ class inetOrgPerson {
|
|||
return array('main');
|
||||
}
|
||||
|
||||
/* This function returns true if all required attributes from other
|
||||
* modules are set. This is required to prevent undefined states
|
||||
*/
|
||||
function module_ready() {
|
||||
return true;
|
||||
}
|
||||
|
||||
/* This function returns a list of all html-pages in module
|
||||
* This is usefull for mass upload and pdf-files
|
||||
* because lam can walk trough all pages itself and do some
|
||||
* error checkings
|
||||
*/
|
||||
function pages() {
|
||||
return array('attributes');
|
||||
}
|
||||
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
|
@ -103,30 +108,29 @@ class inetOrgPerson {
|
|||
$this->attributes['postalAddress'][0] = $post['form_inetOrgPerson_postalAddress'];
|
||||
$this->attributes['employeeType'][0] = $post['form_inetOrgPerson_employeeType'];
|
||||
|
||||
// handle host-attribute in on epice because it's not set by default
|
||||
if (isset($this->attributes['host'])) {
|
||||
$host = $post['form_inetOrgPerson_host'];
|
||||
if ((!$host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $host))
|
||||
$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
|
||||
$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'), 'host');
|
||||
$hosts = explode(" ", $host);
|
||||
$this->attributes['host'] = array();
|
||||
foreach ($hosts as $host)
|
||||
if ($host!="") $this->attributes['host'][] = $host;
|
||||
}
|
||||
|
||||
// Check if givenname is valid
|
||||
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'][0])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
|
||||
// Check if surname is valid
|
||||
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'][0])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
|
||||
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'][0])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
|
||||
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'][0])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'][0])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'][0])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'][0])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'][0])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'][0])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
|
||||
// Do some regex-checks and return error if attributes are set to wrong values
|
||||
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'][0])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'), 'givenname');
|
||||
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'][0])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'), 'sn');
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'][0])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'), 'telephoneNumber');
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'), 'mobileTelephoneNumber');
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'), 'facsimileTelephoneNumber');
|
||||
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'][0])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'), 'mail');
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'][0])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'), 'street');
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'][0])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'), 'postalAdress');
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'][0])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'), 'title');
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'][0])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'), 'employeeType');
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'][0])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'), 'personal_postalCode');
|
||||
// Return error-messages
|
||||
if (is_array($errors)) return $errors;
|
||||
return 0;
|
||||
|
@ -136,7 +140,6 @@ class inetOrgPerson {
|
|||
* $attr is an array as it's retured from ldap_get_attributes
|
||||
*/
|
||||
function load_attributes($attr) {
|
||||
// Load attributes which are displayed
|
||||
// unset count entries
|
||||
unset ($attr['count']);
|
||||
$attributes = array_keys($attr);
|
||||
|
@ -144,6 +147,7 @@ class inetOrgPerson {
|
|||
// unset double entries
|
||||
for ($i=0; $i<count($attr); $i++)
|
||||
if (isset($attr[$i])) unset($attr[$i]);
|
||||
// load attribtues
|
||||
foreach ($attributes as $attribute) {
|
||||
if (isset($this->orig[$attribute])) {
|
||||
$this->orig[$attribute] = $attr[$attribute];
|
||||
|
@ -151,25 +155,31 @@ class inetOrgPerson {
|
|||
for ($i=0; $i<count($this->orig[$attribute]); $i++) $this->orig[$attribute][$i] = utf8_decode ($this->orig[$attribute][$i]);
|
||||
}
|
||||
}
|
||||
// Values are kept as copy so we can compare old attributes with new attributes
|
||||
// Add objectClass to orig because we don't want to add objectClass if it's already set
|
||||
$this->orig['objectClass'][0] = 'inetOrgPerson';
|
||||
// Values are kept as copy so we can compare old attributes with new attributes
|
||||
$this->attributes = $this->orig;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* This function returns an array with 3 entries:
|
||||
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
|
||||
/* This function returns an array with 4 entries:
|
||||
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr), 'lamdaemon' => array(cmds)), DN2 .... )
|
||||
* DN is the DN to change. It may be possible to change several DNs,
|
||||
* e.g. create a new user and add him to some groups via attribute memberUid
|
||||
* add are attributes which have to be added to ldap entry
|
||||
* remove are attributes which have to be removed from ldap entry
|
||||
* lamdaemon are lamdaemon commands to modify homedir, quotas, ...
|
||||
*/
|
||||
function save_attributes() {
|
||||
// Get easy attributes
|
||||
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
||||
// unset password. First we hanlde userPassword with posixAccount, second we hanlde it completly separat
|
||||
// because it en/decrypted in session
|
||||
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
|
||||
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
|
||||
// Return attributes
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
@ -262,9 +272,6 @@ class inetOrgPerson {
|
|||
return 0;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
?>
|
||||
|
|
|
@ -0,0 +1,254 @@
|
|||
<?php
|
||||
/*
|
||||
$Id$
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
||||
Copyright (C) 2003 Tilo Lutz
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* Variables in basearray which are no objects:
|
||||
* type: Type of account. Can be user, group, host, domain
|
||||
* attributes: List of all attributes, how to get them and are theiy required or optional
|
||||
* dn: current DN without uid= or cn=
|
||||
* dn_orig: old DN if account was loaded with uid= or cn=
|
||||
*/
|
||||
|
||||
|
||||
/* This class contains all account LDAP attributes
|
||||
* and funtioncs required to deal with account
|
||||
* account can only be created when it should be added
|
||||
* to an array.
|
||||
* $base is the name of account_container in session
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
/* Main-Module. Contains basic module functions have to be loaded first before
|
||||
* any other module. This module doesn't support any ldap functions
|
||||
* ldap functions in this module are only dummy functions
|
||||
* It also chooses which page to show.
|
||||
*/
|
||||
class main {
|
||||
// Constructor
|
||||
function main($base) {
|
||||
// Set counter to first page
|
||||
$this->current_page = 0;
|
||||
// reset subpage counter
|
||||
$this->subpage = '';
|
||||
// Get local copy of name of account_container in session
|
||||
$this->base = $base;
|
||||
// Set aliasname
|
||||
$this->alias = _('main');
|
||||
}
|
||||
|
||||
|
||||
// Variables
|
||||
|
||||
// This variable stores the number of the current displayed page
|
||||
var $current_page;
|
||||
// This variable os set to the pagename of a subpage if it should be displayed
|
||||
var $subpage;
|
||||
// name of accountContainer so we can read other classes in accuontArray
|
||||
var $base;
|
||||
// Alias Name. This name is shown in the menu instead of main
|
||||
var $alias;
|
||||
|
||||
/* This function returns a list with all required modules
|
||||
*/
|
||||
function dependencies() {
|
||||
return array();
|
||||
}
|
||||
|
||||
function module_ready() {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Dummy functions to make module compatible
|
||||
function load_attributes($attr) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Dummy functions to make module compatible
|
||||
function save_attributes() {
|
||||
return array();
|
||||
}
|
||||
|
||||
// Dummy functions to make module compatible
|
||||
function get_attributes() {
|
||||
return array();
|
||||
}
|
||||
|
||||
function display_html_attributes($post) {
|
||||
// Get list of profiles
|
||||
$function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();';
|
||||
eval($function);
|
||||
$modules = $_SESSION[$this->base]->check_attributes();
|
||||
if (count($modules)!=0) {
|
||||
$disabled = 'disabled';
|
||||
// Show reason why module is disabled
|
||||
for ($i=0; $i<count($modules); $i++) StatusMessage('ERROR', _('Check module'), sprintf(_('Please set up all required attributes on %s page'), $_SESSION[$this->base]->module[$modules[$i]]->alias));
|
||||
}
|
||||
else $disabled = '';
|
||||
|
||||
echo "<table border=0 width=\"100%\">\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Suffix') . "</td>\n";
|
||||
echo "<td><select name=\"form_main_suffix\">";
|
||||
// loop through all suffixes
|
||||
$function = '$suffix = $_SESSION[$_SESSION[$this->base]->config]->get_'.ucfirst($_SESSION[$this->base]->type).'Suffix();';
|
||||
eval($function);
|
||||
foreach ($_SESSION[$_SESSION[$this->base]->ldap]->search_units($suffix) as $suffix) {
|
||||
if ($_SESSION[$this->base]->dn) {
|
||||
if ($_SESSION[$this->base]->dn == $suffix) echo "<option selected>$suffix</option>\n";
|
||||
else echo "<option>$suffix</option>\n";
|
||||
}
|
||||
else echo "<option>$suffix</option>\n";
|
||||
}
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=461\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
// Show fieldset with list of all user profiles
|
||||
if (count($profilelist)!=0) {
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _("Load profile") . "</td>\n";
|
||||
echo "<td><select name=\"form_main_selectLoadProfile\">";
|
||||
foreach ($profilelist as $profile) echo "<option>$profile</option>\n";
|
||||
echo "</select>\n";
|
||||
echo "<input name=\"form_main_loadProfile\" type=\"submit\" value=\"" . _('Load Profile') . "\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=421\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
}
|
||||
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _("Save profile") . "</td>\n";
|
||||
echo "<td><input name=\"form_main_selectSaveProfile\" type=\"text\" size=\"30\" maxlength=\"50\">\n";
|
||||
echo "<input name=\"form_main_saveProfile\" type=\"submit\" value=\"" . _('Save profile') . "\" $disabled ></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=457\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td><input name=\"form_main_create\" type=\"submit\" value=\"";
|
||||
if ($_SESSION[$this->base]->dn_orig!='') echo _('Modify Account');
|
||||
else echo _('Create Account');
|
||||
echo "\" $disabled ></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* This page will be shown if an account
|
||||
* has been saved
|
||||
*/
|
||||
function display_html_finish($post) {
|
||||
// Show success message
|
||||
if ($_SESSION[$this->base]->dn_orig=='') $kind = _('created');
|
||||
else $kind = _('modified');
|
||||
$text = sprintf(_('%s has been %s.'), ucfirst($_SESSION[$this->base]->type), $kind);
|
||||
StatusMessage('INFO', _('LDAP operation successful.'), $text);
|
||||
|
||||
// Show rest of page
|
||||
echo "<table border=0 width=\"100%\">\n";
|
||||
echo "<tr>\n";
|
||||
if ($_SESSION[$this->base]->dn_orig=='') {
|
||||
echo "<td><input name=\"form_main_createagain\" type=\"submit\" value=\"";
|
||||
echo sprintf(_('Create another %s'), $_SESSION[$this->base]->type);
|
||||
echo "\"></td>\n";
|
||||
}
|
||||
echo "<td><input name=\"form_main_outputpdf\" type=\"submit\" value=\"" . _('Create PDF file') . "\"></td>\n";
|
||||
echo "<td><input name=\"form_main_backmain\" type=\"submit\" value=\"";
|
||||
echo sprintf (_('Back to %s list'), $_SESSION[$this->base]->type);
|
||||
echo "\"></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_finish($post) {
|
||||
if ($post['form_main_createagain']) {
|
||||
// Reset objects
|
||||
$modules = array_keys($_SESSION[$this->base]->module);
|
||||
foreach ($modules as $module)
|
||||
if ($module!='main') unset($_SESSION[$this->base]->module[$module]);
|
||||
// Reset accountContainer
|
||||
$_SESSION[$this->base]->dn = '';
|
||||
$_SESSION[$this->base]->dn_orig = '';
|
||||
$_SESSION[$this->base]->attributes = array();
|
||||
$_SESSION[$this->base]->order = array();
|
||||
$this->current_page = 0;
|
||||
$this->subpage = '';
|
||||
// Add all required objects etc.
|
||||
$_SESSION[$this->base]->new_account();
|
||||
return 0;
|
||||
}
|
||||
if ($post['form_main_backmain']) {
|
||||
// Return to *-list
|
||||
// *** fixme unset accountContainer in session
|
||||
metaRefresh("../lists/list".$_SESSION[$this->base]->type."s.php");
|
||||
exit;
|
||||
}
|
||||
if ($post['form_main_outputpdf']) {
|
||||
// Create / display PDf-file
|
||||
$function = 'create'.ucfirst($_SESSION[$this->base]->type).'PDF(array($_SESSION[$this->base]));';
|
||||
eval($function);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
// change dn
|
||||
if ($post['form_main_suffix']!='') $_SESSION[$this->base]->dn = $post['form_main_suffix'];
|
||||
// load profile
|
||||
if ($post['form_main_selectLoadProfile'] && $post['form_main_loadProfile']) {
|
||||
// *** fixme load*Profile must return array in the same way ldap_get_attributes does.
|
||||
$function = '$newattributes = load'.ucfirst($scope).'Profile($post[\'form_main_selectLoadProfile\']);';
|
||||
eval($function);
|
||||
// pass newattributes to each module
|
||||
$modules = array_keys($_SESSION[$this->base]->module);
|
||||
foreach ($modules as $module) $_SESSION[$this->base]->module[$module]->load_attributes($newattributes);
|
||||
return 0;
|
||||
}
|
||||
// save account
|
||||
if ($post['form_main_create']) {
|
||||
$success = $_SESSION[$this->base]->save_account();
|
||||
if (is_array($success)) return array($success);
|
||||
// return name of subpage
|
||||
return 'finish';
|
||||
}
|
||||
// save profile
|
||||
if ($post['form_main_saveProfile']) {
|
||||
if ($post['form_main_selectSaveProfile']=='') $errors[] = array('ERROR', _('Save profile'), _('No profilename given.'));
|
||||
else {
|
||||
$function = 'save'.ucfirst($scope).'Profile();';
|
||||
eval($function);
|
||||
if ($function) $errors[] = array('INFO', _('Save profile'), _('New profile created.'));
|
||||
else $errors[] = array('ERROR', _('Save profile'), _('Wrong profilename given.'));
|
||||
}
|
||||
if (is_array($errors)) return $errors;
|
||||
else return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
|
@ -73,7 +73,7 @@ class posixAccount {
|
|||
$_SESSION[$this->base]->add_attributes ('posixAccount');
|
||||
|
||||
$this->alias = _('posixAccount');
|
||||
$groups = findgroups(); // list of all groupnames
|
||||
$groups = $_SESSION[$_SESSION[$this->base]->cache]->findgroups(); // list of all groupnames
|
||||
if (count($groups)==0) trigger_error(_('No groups found in ldap.'), E_USER_WARNING);
|
||||
|
||||
// Make references to attributes which already esists in ldap
|
||||
|
@ -159,11 +159,20 @@ class posixAccount {
|
|||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
if ($this->orig['uid'][0]!='' && $post['form_posixAccount_uid']!=$this->attributes['uid'][0])
|
||||
$errors[] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?'));
|
||||
if ($this->orig['gidNumber'][0]!='' && $_SESSION[$_SESSION[$this->base]->cache]->getgid($post['form_posixAccount_gidNumber'])!=$this->attributes['gidNumber'][0])
|
||||
$errors[] = array('INFO', _('GID number'), sprintf(_('GID number has changed. To keep file ownership you have to run the following command as root: \'find / -gid %s -uid %s -exec chgrp %s {} \;\''), $this->orig['gidNumber'][0], $this->orig['uidNumber'][0], $_SESSION[$_SESSION[$this->base]->cache]->getgid($post['form_posixAccount_gidNumber'])));
|
||||
if ($this->orig['uidNumber'][0]!='' && $post['form_posixAccount_uidNumber']!=$this->attributes['uidNumber'][0])
|
||||
$errors[] = array('INFO', _('UID number'), sprintf(_('UID number has changed. To keep file ownership you have to run the following command as root: \'find / -uid %s -exec chown %s {} \;\''), $this->orig['uidNumber'][0], $this->attributes['uidNumber'][0]));
|
||||
if (isset($post['form_posixAccount_homeDirectory']) && $this->orig['homeDirectory'][0]!='' && $post['form_posixAccount_homeDirectory']!=$this->attributes['homeDirectory'][0])
|
||||
$errors[] = array('INFO', _('Home directory'), sprintf(_('Home directory changed. To keep home directory you have to run the following command as root: \'mv %s %s\''), $this->orig['homeDirectory'][0], $this->attributes['homeDirectory'][0]));
|
||||
|
||||
// Load attributes
|
||||
$this->attributes['uid'][0] = $post['form_posixAccount_uid'];
|
||||
$this->attributes['cn'][0] = $this->attributes['uid'][0];
|
||||
$this->attributes['uidNumber'][0] = $post['form_posixAccount_uidNumber'];
|
||||
$this->attributes['gidNumber'][0] = getgrnam($post['form_posixAccount_gidNumber']);
|
||||
$this->attributes['gidNumber'][0] = $_SESSION[$_SESSION[$this->base]->cache]->getgid($post['form_posixAccount_gidNumber']);
|
||||
$this->attributes['homeDirectory'][0] = $post['form_posixAccount_homeDirectory'];
|
||||
$this->attributes['loginShell'][0] = $post['form_posixAccount_loginShell'];
|
||||
$this->attributes['gecos'][0] = $post['form_posixAccount_gecos'];
|
||||
|
@ -247,7 +256,7 @@ class posixAccount {
|
|||
if (($this->attributes['uid'][0] != $post['form_posixAccount_uid']) && ereg('[A-Z]$', $post['form_posixAccount_uid']))
|
||||
$errors[] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
|
||||
// Check if Homedir is valid
|
||||
$this->attributes['homeDirectory'][0] = str_replace('$group', getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
|
||||
$this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
|
||||
if ($this->attributes['uid'][0] != '')
|
||||
$this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]);
|
||||
if ($this->attributes['homeDirectory'][0] != $post['form_posixAccount_homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
|
||||
|
@ -333,10 +342,6 @@ class posixAccount {
|
|||
if (isset($post['form_posixAccount_addgroups']) && isset($post['form_posixAccount_addgroups_button'])) { // Add groups to list
|
||||
// Add new group
|
||||
$this->groups = @array_merge($this->groups, $post['form_posixAccount_addgroups']);
|
||||
// remove doubles
|
||||
$this->groups = @array_flip($this->groups);
|
||||
array_unique($this->groups);
|
||||
$this->groups = @array_flip($this->groups);
|
||||
// sort groups
|
||||
sort($this->groups);
|
||||
break;
|
||||
|
@ -379,8 +384,9 @@ class posixAccount {
|
|||
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group');
|
||||
$DNs = array_keys($dn_groups);
|
||||
foreach ($DNs as $DN) {
|
||||
if (in_array($attr['uid'], $dn_groups[$DN]))
|
||||
$this->groups[] = substr($DN, 3, strpos($DN, ',')-1);
|
||||
if (in_array($attr['uid'][0], $dn_groups[$DN])) {
|
||||
$this->groups[] = substr($DN, 3, strpos($DN, ',')-3);
|
||||
}
|
||||
}
|
||||
$this->groups_orig = $this->groups;
|
||||
return 0;
|
||||
|
@ -434,10 +440,25 @@ class posixAccount {
|
|||
|
||||
// Remove primary group from additional groups
|
||||
for ($i=0; $i<count($this->groups); $i++) {
|
||||
if ($this->groups[$i]==getgrnam($this->attributes['gidNumber'])) unset($this->groups[$i]);
|
||||
if ($this->groups[$i]==$_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'])) unset($this->groups[$i]);
|
||||
}
|
||||
|
||||
// Set additional group memberships
|
||||
if ($this->orig['uid'][0]!='' && $this->attributes['uid'][0]!=$this->orig['uid'][0]) {
|
||||
// remove old memberships
|
||||
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group');
|
||||
$DNs = array_keys($dn_groups);
|
||||
foreach ($DNs as $DN)
|
||||
if (in_array($this->orig['uid'][0], $dn_groups[$DN]))
|
||||
$return[$DN]['remove']['memberUid'][0] = $this->orig['uid'][0];
|
||||
// Add new memberships
|
||||
if (is_array($this->groups))
|
||||
foreach ($this->groups as $group) {
|
||||
$dn = $_SESSION[$_SESSION[$this->base]->ldap]->in_cache ($group, 'cn', 'group');
|
||||
$return[$dn]['add']['memberUid'][0] = $this->attributes['uid'][0];
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (is_array($this->groups)) {
|
||||
// There are some additional groups defined
|
||||
if (is_array($this->groups_orig)) {
|
||||
|
@ -448,11 +469,13 @@ class posixAccount {
|
|||
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
|
||||
$DNs = array_keys($dn_cns);
|
||||
foreach ($DNs as $DN) {
|
||||
if (in_array($dn_cns[$DN], $add)) $return[$DN]['add']['memberUid'] = $this->attributes['uid'];
|
||||
if (in_array($dn_cns[$DN], $remove)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
|
||||
if (is_array($add))
|
||||
if (in_array($dn_cns[$DN][0], $add)) $return[$DN]['add']['memberUid'] = $this->attributes['uid'];
|
||||
if (is_array($remove))
|
||||
if (in_array($dn_cns[$DN][0], $remove)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
|
||||
}
|
||||
// primary group mut also be removed if it has changed after setting additional groups
|
||||
if (in_array(getgrnam($this->attributes['gidNumber']), $this->groups_orig)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
|
||||
if (in_array($_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber']), $this->groups_orig)) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
|
||||
}
|
||||
else {
|
||||
// Add user to every group
|
||||
|
@ -460,7 +483,7 @@ class posixAccount {
|
|||
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
|
||||
$DNs = array_keys($dn_cns);
|
||||
foreach ($DNs as $DN) {
|
||||
if (in_array($dn_cns[$DN], $this->groups)) $return[$DN]['add']['memberUid'] = $this->attributes['uid'];
|
||||
if (in_array($dn_cns[$DN][0], $this->groups)) $return[$DN]['add']['memberUid'] = $this->attributes['uid'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -471,15 +494,22 @@ class posixAccount {
|
|||
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
|
||||
$DNs = array_keys($dn_cns);
|
||||
foreach ($DNs as $DN) {
|
||||
if (in_array($dn_cns[$DN], $this->orig['groups'])) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
|
||||
if (in_array($dn_cns[$DN][0], $this->orig['groups'])) $return[$DN]['remove']['memberUid'] = $this->attributes['uid'];
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($this->createhomedir) $return[$_SESSION[$this->base]->dn]['lamdaemon'][] = $this->attributes['uid'][0] . " home add";
|
||||
}
|
||||
|
||||
if ($this->createhomedir) $return[$_SESSION[$this->base]->dn]['lamdaemon']['command'][] = $this->attributes['uid'][0] . " home add";
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
function delete_attributes() {
|
||||
|
||||
}
|
||||
|
||||
|
||||
/* This function returns all ldap attributes
|
||||
* which are part of posixAccount and returns
|
||||
* also their values.
|
||||
|
@ -495,7 +525,7 @@ class posixAccount {
|
|||
* It will output a complete html-table
|
||||
*/
|
||||
function display_html_attributes($post) {
|
||||
$groups = findgroups(); // list of all groupnames
|
||||
$groups = $_SESSION[$_SESSION[$this->base]->cache]->findgroups(); // list of all groupnames
|
||||
$shelllist = getshells(); // list of all valid shells
|
||||
if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword();
|
||||
else $password='';
|
||||
|
@ -517,10 +547,10 @@ class posixAccount {
|
|||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Primary group') . "*</td>\n";
|
||||
echo "<td><select name=\"form_posixAccount_group\">";
|
||||
echo "<td><select name=\"form_posixAccount_gidNumber\">";
|
||||
// loop trough existing groups
|
||||
foreach ($groups as $group)
|
||||
if (getgrnam($this->attributes['gidNumber'][0]) == $group) echo "<option selected> $group </option>\n";
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'][0]) == $group) echo "<option selected> $group </option>\n";
|
||||
else echo "<option> $group </option>\n";
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=406\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
|
@ -590,17 +620,18 @@ class posixAccount {
|
|||
|
||||
function display_html_group($post) {
|
||||
// load list with all groups
|
||||
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uidNumber', 'posixGroup', 'group');
|
||||
foreach ($dn_groups as $group) $groups[] = $group[0];
|
||||
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixGroup', 'group');
|
||||
$DNs = array_keys($dn_groups);
|
||||
foreach ($DNs as $DN)
|
||||
$groups[] = substr($DN, 3, strpos($DN, ',')-3);
|
||||
// sort groups
|
||||
sort($groups, SORT_STRING);
|
||||
// remove groups the user is member of from grouplist
|
||||
$groups = array_delete($this->groups, $groups);
|
||||
// Remove primary group from grouplist
|
||||
$groups = array_flip($groups);
|
||||
if (isset($groups[getgrnam($this->attributes['gidNumber'])])) unset ($groups[getgrnam($this->attributes['gidNumber'])]);
|
||||
if (isset($groups[$_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'])])) unset ($groups[$_SESSION[$_SESSION[$this->base]->cache]->getgrnam($this->attributes['gidNumber'])]);
|
||||
$groups = array_flip($groups);
|
||||
|
||||
echo "<table border=0 width=\"100%\">\n<tr>\n";
|
||||
echo "<td><fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
|
||||
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\"><b>" . _("Additional groups") . "</b></legend>\n";
|
||||
|
@ -612,7 +643,7 @@ class posixAccount {
|
|||
if (count($this->groups)!=0) {
|
||||
echo "<select name=\"form_posixAccount_removegroups[]\" class=\"".$_SESSION[$this->base]->type."edit-bright\" size=15 multiple>\n";
|
||||
for ($i=0; $i<count($this->groups); $i++)
|
||||
if ($this->groups[$i]!='') echo "<option> $this->groups[$i] </option>\n";
|
||||
echo "<option>" . $this->groups[$i] . "</option>\n";
|
||||
echo "</select>\n";
|
||||
}
|
||||
echo "</fieldset></td>\n";
|
||||
|
@ -627,7 +658,7 @@ class posixAccount {
|
|||
if (count($groups)!=0) {
|
||||
echo "<select name=\"form_posixAccount_addgroups[]\" size=15 multiple class=\"".$_SESSION[$this->base]->type."edit-bright\">\n";
|
||||
for ($i=0; $i<count($groups); $i++)
|
||||
if ($groups[$i]!='') echo "<option> $groups[$i] </option>\n";
|
||||
echo "<option> $groups[$i] </option>\n";
|
||||
echo "</select>\n";
|
||||
}
|
||||
echo "</fieldset></td>\n";
|
||||
|
|
|
@ -0,0 +1,587 @@
|
|||
<?php
|
||||
/*
|
||||
$Id$
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
||||
Copyright (C) 2003 Tilo Lutz
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
/* Session variables which are used:
|
||||
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
|
||||
*
|
||||
* Coockie variables which are used:
|
||||
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
|
||||
*
|
||||
* Variables in basearray which are no objects:
|
||||
* type: Type of account. Can be user, group, host
|
||||
* attributes: List of all attributes, how to get them and are theiy required or optional
|
||||
* dn: current DN without uid= or cn=
|
||||
* dn_orig: old DN if account was loaded with uid= or cn=
|
||||
|
||||
* External functions which are used
|
||||
* account.inc: findgroups, incache, get_cache, array_delete, getshells
|
||||
* ldap.inc: pwd_is_enabled, pwd_hash
|
||||
*/
|
||||
|
||||
/* This class contains all posixGroup LDAP attributes
|
||||
* and funtioncs required to deal with posixGroup
|
||||
* posixGroup can only be created when it should be added
|
||||
* to an array.
|
||||
* basearray is the same array posixGroup should be added
|
||||
* to. If basearray is not given the constructor tries to
|
||||
* create an array with posixGroup and all other required
|
||||
* objects.
|
||||
* Example: $user[] = new posixGroup($user);
|
||||
*
|
||||
* In container array the following things have to exist:
|
||||
* account or inetOrgPerson object
|
||||
* type: 'user' or 'host'
|
||||
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
|
||||
*/
|
||||
class posixGroup {
|
||||
// Constructor
|
||||
function posixGroup($base) {
|
||||
/* Return an error if posixGroup should be created without
|
||||
* base container
|
||||
*/
|
||||
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'posixGroup\');'), E_USER_ERROR);
|
||||
$this->base = $base;
|
||||
// posixGroup is only a valid objectClass for user and host
|
||||
if ($_SESSION[$this->base]->get_type() != 'group') trigger_error(_('posixGroup can only be used for groups.'), E_USER_WARNING);
|
||||
// Add Array with all attributes and type
|
||||
$this->attributes = $_SESSION[$this->base]->get_module_attributes('posixGroup');
|
||||
$_SESSION[$this->base]->add_attributes ('posixGroup');
|
||||
$this->alias = _('posixGroup');
|
||||
// Make references to attributes which already esists in ldap
|
||||
$newattributes = array_keys($this->attributes);
|
||||
$module = array_keys($_SESSION[$this->base]->module);
|
||||
// fixme *** do we have to unset module posixAccuont itself
|
||||
for ($i=0; $i<count($module); $i++) {
|
||||
foreach ($newattributes as $attribute)
|
||||
if (isset($_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute]))
|
||||
$this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute];
|
||||
}
|
||||
$this->orig = $this->attributes ;
|
||||
$this->attributes['objectClass'][0] = 'posixGroup';
|
||||
$this->changegids=false;
|
||||
}
|
||||
|
||||
// Variables
|
||||
// Alias Name. This name is shown in the menu instead of posixGroup
|
||||
var $alias;
|
||||
// name of accountContainer so we can read other classes in accuontArray
|
||||
var $base;
|
||||
// Use a unix password?
|
||||
var $userPassword_no;
|
||||
// Lock account?
|
||||
var $userPassword_lock;
|
||||
// change gids of users and hosts?
|
||||
var $changegids;
|
||||
|
||||
// This variable contains all inetOrgPerson attributes
|
||||
var $attributes;
|
||||
/* If an account was loaded all attributes are kept in this array
|
||||
* to compare it with new changed attributes
|
||||
*/
|
||||
var $orig;
|
||||
|
||||
/* $attribute['userPassword'] can't accessed directly because it's enrcypted
|
||||
* To read / write password function userPassword is needed
|
||||
* This function will return the unencrypted password when
|
||||
* called without a variable
|
||||
* If it's called with a new password, the
|
||||
* new password will be stored encrypted
|
||||
*/
|
||||
function userPassword($newpassword=false) {
|
||||
if (is_string($newpassword)) {
|
||||
// Write new password
|
||||
if ($newpassword!='') {
|
||||
$iv = base64_decode($_COOKIE["IV"]);
|
||||
$key = base64_decode($_COOKIE["Key"]);
|
||||
$this->attributes['userPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
|
||||
}
|
||||
else $this->attributes['userPassword'][0] = '';
|
||||
return 0;
|
||||
}
|
||||
else {
|
||||
if ($this->attributes['userPassword'][0]!='') {
|
||||
// Read existing password if set
|
||||
$iv = base64_decode($_COOKIE["IV"]);
|
||||
$key = base64_decode($_COOKIE["Key"]);
|
||||
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv);
|
||||
$password = str_replace(chr(00), '', $password);
|
||||
return $password;
|
||||
}
|
||||
else return '';
|
||||
}
|
||||
}
|
||||
|
||||
/* This function returns a list with all required modules
|
||||
*/
|
||||
function dependencies() {
|
||||
return array('main');
|
||||
}
|
||||
|
||||
function module_ready() {
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
if ($this->orig['gidNumber'][0]!='' && $post['form_posixGroup_gidNumber']!=$this->attributes['gidNumber'][0])
|
||||
$errors[] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.'));
|
||||
|
||||
// Load attributes
|
||||
$this->attributes['cn'][0] = $post['form_posixGroup_cn'];
|
||||
$this->attributes['gidNumber'][0] = $post['form_posixGroup_gidNumber'];
|
||||
$this->attributes['description'][0] = $post['form_posixGroup_description'];
|
||||
if ($post['form_posixGroup_userPassword_no']) $this->userPassword_no=true;
|
||||
else $this->userPassword_no=false;
|
||||
if ($post['form_posixGroup_userPassword_lock']) $this->userPassword_lock=true;
|
||||
else $this->userPassword_lock=false;
|
||||
if ($post['form_posixGroup_changegids']) $this->changegids=true;
|
||||
else $this->changegids=false;
|
||||
|
||||
if (isset($post['form_posixGroup_userPassword'])) {
|
||||
if ($post['form_posixGroup_userPassword'] != $post['form_posixGroup_userPassword2']) {
|
||||
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
|
||||
unset ($post['form_posixGroup_userPassword2']);
|
||||
}
|
||||
else $this->userPassword($post['form_posixGroup_userPassword']);
|
||||
}
|
||||
if ($post['form_posixGroup_genpass']) $this->userPassword(genpasswd());
|
||||
|
||||
// Check if UID is valid. If none value was entered, the next useable value will be inserted
|
||||
// load min and may uidNumber
|
||||
$minID = intval($_SESSION[$_SESSION[$this->base]->config]->get_minGID());
|
||||
$maxID = intval($_SESSION[$_SESSION[$this->base]->config]->get_maxGID());
|
||||
$dn_gids = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixGroup', '*');
|
||||
// get_cache will return an array ( dn1 => array(uidnumber1), dn2 => array(uidnumber2), ... )
|
||||
foreach ($dn_gids as $gid) $gids[] = $gid[0];
|
||||
if(is_array($gids)) sort ($gids, SORT_NUMERIC);
|
||||
if ($this->attributes['gidNumber'][0]=='') {
|
||||
// No id-number given
|
||||
if ($this->orig['gidNumber'][0]=='') {
|
||||
// new account -> we have to find a free id-number
|
||||
if (count($gids)!=0) {
|
||||
// There are some uids
|
||||
// Store highest id-number
|
||||
$id = $gids[count($gids)-1];
|
||||
// Return minimum allowed id-number if all found id-numbers are too low
|
||||
if ($id < $minID) $this->attributes['gidNumber'][0] = $minID;
|
||||
// Return higesht used id-number + 1 if it's still in valid range
|
||||
if ($id < $maxID) $this->attributes['gidNumber'][0] = $id+1;
|
||||
/* If this function is still running we have to fid a free id-number between
|
||||
* the used id-numbers
|
||||
*/
|
||||
$i = intval($minID);
|
||||
while (in_array($i, $gids)) $i++;
|
||||
if ($i>$maxID)
|
||||
$errors[] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
|
||||
else {
|
||||
$this->attributes['gidNumber'][0] = $i;
|
||||
$errors[] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
|
||||
}
|
||||
}
|
||||
else $this->attributes['gidNumber'][0] = $minID;
|
||||
// return minimum allowed id-number if no id-numbers are found
|
||||
}
|
||||
else $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
|
||||
// old account -> return id-number which has been used
|
||||
}
|
||||
else {
|
||||
// Check manual ID
|
||||
// id-number is out of valid range
|
||||
if ( ($this->attributes['gidNumber'][0]!=$post['form_posixGroup_gidNumber']) && ($this->attributes['gidNumber'][0] < $minID || $this->attributes['gidNumber'][0] > $maxID)) $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
|
||||
// $uids is allways an array but not if no entries were found
|
||||
if (is_array($gids)) {
|
||||
// id-number is in use and account is a new account
|
||||
if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
|
||||
// id-number is in use, account is existing account and id-number is not used by itself
|
||||
if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]!='' && ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0]) ) {
|
||||
$errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
|
||||
$this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (($this->attributes['cn'][0] != $post['form_posixGroup_cn']) && ereg('[A-Z]$', $post['form_posixGroup_cn']))
|
||||
$errors[] = array('WARN', _('Groupname'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
|
||||
// Check if Username contains only valid characters
|
||||
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])+$', $this->attributes['cn'][0]))
|
||||
$errors[] = array('ERROR', _('Groupname'), _('Groupname contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
|
||||
|
||||
// Create automatic useraccount with number if original user already exists
|
||||
// Reset name to original name if new name is in use
|
||||
// Set username back to original name if new username is in use
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['cn'][0],'cn', '*')!=false && ($this->orig['cn'][0]!='')) {
|
||||
$this->attributes['cn'][0] = $this->orig['cn'][0];
|
||||
}
|
||||
// Change uid to a new uid until a free uid is found
|
||||
else while ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['cn'][0], 'cn', '*')) {
|
||||
// get last character of username
|
||||
$lastchar = substr($this->attributes['cn'][0], strlen($this->attributes['cn'][0])-1, 1);
|
||||
// Last character is no number
|
||||
if ( !ereg('^([0-9])+$', $lastchar))
|
||||
/* Last character is no number. Therefore we only have to
|
||||
* add "2" to it.
|
||||
*/
|
||||
$this->attributes['cn'][0] = $this->attributes['cn'][0] . '2';
|
||||
else {
|
||||
/* Last character is a number -> we have to increase the number until we've
|
||||
* found a groupname with trailing number which is not in use.
|
||||
*
|
||||
* $i will show us were we have to split groupname so we get a part
|
||||
* with the groupname and a part with the trailing number
|
||||
*/
|
||||
$i=strlen($this->attributes['cn'][0])-1;
|
||||
$mark = false;
|
||||
// Set $i to the last character which is a number in $account_new->general_username
|
||||
while (!$mark) {
|
||||
if (ereg('^([0-9])+$',substr($this->attributes['cn'][0], $i, strlen($this->attributes['cn'][0])-$i))) $i--;
|
||||
else $mark=true;
|
||||
}
|
||||
// increase last number with one
|
||||
$firstchars = substr($this->attributes['cn'][0], 0, $i+1);
|
||||
$lastchars = substr($this->attributes['cn'][0], $i+1, strlen($this->attributes['cn'][0])-$i);
|
||||
// Put username together
|
||||
$this->attributes['cn'][0] = $firstchars . (intval($lastchars)+1);
|
||||
}
|
||||
}
|
||||
|
||||
// Show warning if lam has changed username
|
||||
if ($this->attributes['cn'][0] != $post['form_posixGroup_cn']) {
|
||||
$errors[] = array('WARN', _('Groupname'), _('Groupname in use. Selected next free groupname.'));
|
||||
}
|
||||
|
||||
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $this->userPassword()))
|
||||
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
|
||||
|
||||
// Return error-messages
|
||||
if (is_array($errors)) return $errors;
|
||||
// Go to additional group page when no error did ocour and button was pressed
|
||||
if ($post['form_posixGroup_adduser']) return 'user';
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_user($post) {
|
||||
do { // X-Or, only one if() can be true
|
||||
if (isset($post['form_posixGroup_addusers']) && isset($post['form_posixGroup_addusers_button'])) { // Add groups to list
|
||||
// Add new user
|
||||
$this->attributes['memberUid'] = @array_merge($this->attributes['memberUid'], $post['form_posixGroup_addusers']);
|
||||
// remove doubles
|
||||
$this->attributes['memberUid'] = @array_flip($this->attributes['memberUid']);
|
||||
array_unique($this->attributes['memberUid']);
|
||||
$this->attributes['memberUid'] = @array_flip($this->attributes['memberUid']);
|
||||
// sort groups
|
||||
sort($this->attributes['memberUid']);
|
||||
break;
|
||||
}
|
||||
if (isset($post['form_posixGroup_removeusers']) && isset($post['form_posixGroup_removeusers_button'])) { // remove groups from list
|
||||
$this->attributes['memberUid'] = array_delete($post['form_posixGroup_removeusers'], $this->attributes['memberUid']);
|
||||
break;
|
||||
}
|
||||
} while(0);
|
||||
if (isset($post['form_posixGroup_adduser_button']) || isset($post['form_posixGroup_removeuser_button'])) return 'user';
|
||||
if ($post['form_posixGroup_toattributes']) return 'attributes';
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* This function loads all attributes into the object
|
||||
* $attr is an array as it's retured from ldap_get_attributes
|
||||
*/
|
||||
function load_attributes($attr) {
|
||||
// Load attributes which are displayed
|
||||
// unset count entries
|
||||
unset ($attr['count']);
|
||||
$attributes = array_keys($attr);
|
||||
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
|
||||
// unset double entries
|
||||
for ($i=0; $i<count($attr); $i++)
|
||||
if (isset($attr[$i])) unset($attr[$i]);
|
||||
foreach ($attributes as $attribute) {
|
||||
if (isset($this->attributes[$attribute])) {
|
||||
// decode as unicode
|
||||
$this->attributes[$attribute] = $attr[$attribute];
|
||||
for ($i=0; $i<count($this->attributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
|
||||
}
|
||||
}
|
||||
// Values are kept as copy so we can compare old attributes with new attributes
|
||||
$this->attributes['objectClass'][0] = 'posixGroup';
|
||||
$this->orig = $this->attributes;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* This function returns an array with 3 entries:
|
||||
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
|
||||
* DN is the DN to change. It may be possible to change several DNs,
|
||||
* e.g. create a new user and add him to some groups via attribute memberUid
|
||||
* add are attributes which have to be added to ldap entry
|
||||
* remove are attributes which have to be removed from ldap entry
|
||||
* modify are attributes which have to been modified in ldap entry
|
||||
*/
|
||||
function save_attributes() {
|
||||
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
||||
|
||||
if (isset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']))
|
||||
unset($return[$_SESSION[$this->base]->dn]['modify']['userPassword']);
|
||||
// Set unix password
|
||||
if (count($this->orig['userPassword'])==0) {
|
||||
// New user or no old password set
|
||||
if ($this->userPassword_no) {
|
||||
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
|
||||
}
|
||||
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
|
||||
}
|
||||
else {
|
||||
if (($this->attributes['userPassword'][0] != $this->orig['userPassword'][0] && $this->userPassword()!='' ) || $this->userPassword_no) {
|
||||
// Write new password
|
||||
if ($this->userPassword_no) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
|
||||
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
|
||||
}
|
||||
else { // No new password but old password
|
||||
// (un)lock password
|
||||
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'][0])) {
|
||||
// Split old password hash in {CRYPT} and password-hash
|
||||
$i = 0;
|
||||
while ($this->orig['userPassword'][0]{$i} != '}') $i++;
|
||||
$passwd = substr($this->orig['userPassword'][0], $i+1 );
|
||||
$crypt = substr($this->orig['userPassword'][0], 0, $i+1 );
|
||||
// remove trailing ! from password hash
|
||||
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
|
||||
// Write new password
|
||||
if ($this->userPassword_lock) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt!$passwd");
|
||||
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt$passwd");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Remove primary group from users from memberUid
|
||||
$users_dn = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixAccount', 'user');
|
||||
$DNs = array_keys($users_dn);
|
||||
for ($i=0; $i<count($DNs); $i++) {
|
||||
if ($users_dn[$DNs[$i]][0]==$this->attributes['gidNumber'][0]) {
|
||||
$thisuser = substr($DNs[$i], 4, strpos($DNs[$i], ",")-4);
|
||||
if (@in_array($thisuser, $this->attribtues['memberUid'])) {
|
||||
$this->attribtues['memberUid'] = @array_flip($this->attribtues['memberUid']);
|
||||
unset($this->attribtues['memberUid'][$thisuser]);
|
||||
$this->attribtues['memberUid'] = @array_flip($this->attribtues['memberUid']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Change gids of users and hosts?
|
||||
if ($this->changegids) {
|
||||
// get gidNumber
|
||||
$line=-1;
|
||||
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME 'posixAccount'")) $line = $i;
|
||||
}
|
||||
if ($line!=-1) {
|
||||
$result = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixAccount', '*');
|
||||
$DNs = array_keys($result);
|
||||
for ($i=0; $i<count($DNs); $i++)
|
||||
if ($result[$DNs[$i]][0] == $this->orig['gidNumber'][0]) $return[$DNs[$i]]['modify']['gidNumber'][0] = $this->attributes['gidNumber'][0];
|
||||
}
|
||||
// change primaryGroupID
|
||||
$line=-1;
|
||||
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME 'sambaAccount'")) $line = $i;
|
||||
}
|
||||
if ($line!=-1) {
|
||||
$result = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('primaryGroupID', 'sambaAccount', '*');
|
||||
$DNs = array_keys($result);
|
||||
for ($i=0; $i<count($DNs); $i++) {
|
||||
if ($result[$DNs[$i]][0] == $this->orig['gidNumber'][0]*2+1001 ) $return[$DNs[$i]]['modify']['PrimaryGroupID'][0] = $this->attributes['gidNumber'][0]*2+1001;
|
||||
}
|
||||
}
|
||||
// change sambaPrimaryGroupSID
|
||||
$line=-1;
|
||||
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME 'sambaSamAccount'")) $line = $i;
|
||||
}
|
||||
if ($line!=-1) {
|
||||
$result = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('sambaPrimaryGroupSID', 'sambaSamAccount', '*');
|
||||
$DNs = array_keys($result);
|
||||
for ($i=0; $i<count($DNs); $i++) {
|
||||
// Get Domain SID from name
|
||||
$sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix());
|
||||
// Get Domain-SID from group SID
|
||||
$domainSID = substr($result[$DNs[$i]], 0, strrpos($result[$DNs[$i]], "-"));
|
||||
for ($i=0; $i<count($sambaDomains); $i++ )
|
||||
if ($domainSID==$sambaDomains[$i]->SID)
|
||||
$RIDbase = $sambaDomains[$i]->RIDbase;
|
||||
if ($result[$DNs[$i]][0] == $SID . "-" . $this->orig['gidNumber'][0]*2+1+$RIDbase ) $return[$DNs[$i]]['modify']['sambaPrimaryGroupSID'][0] = $SID . "-" . $this->attributes['gidNumber'][0]*2+1+$RIDbase;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
/* This function returns all ldap attributes
|
||||
* which are part of posixGroup and returns
|
||||
* also their values.
|
||||
*/
|
||||
function get_attributes() {
|
||||
$return = $this->attributes;
|
||||
$return['userPassword'] = $this->userPassword();
|
||||
return $return;
|
||||
}
|
||||
|
||||
/* This function will create the html-page
|
||||
* to show a page with all attributes.
|
||||
* It will output a complete html-table
|
||||
*/
|
||||
function display_html_attributes($post) {
|
||||
if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword();
|
||||
else $password='';
|
||||
echo "<table border=0 width=\"100%\">\n";
|
||||
echo "<tr>\n";
|
||||
echo '<td>' . _('Groupname') . "*</td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_cn\" type=\"text\" size=\"20\" maxlength=\"20\" value=\"".$this->attributes['cn'][0]."\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=400\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('GID number') ."</td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_gidNumber\" type=\"text\" size=\"6\" maxlength=\"6\" value=\"".$this->attributes['gidNumber'][0]."\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=401\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Description') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_description\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['description'][0]."\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=404\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Group members') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_adduser\" type=\"submit\" value=\"" . _('Edit groups') . "\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=402\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Password') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_userPassword\" type=\"password\" size=\"20\" maxlength=\"20\" value=\"$password\"></td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_genpass\" type=\"submit\" value=\"" . _('Generate password') . "\"></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Repeat password') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_userPassword2\" type=\"password\" size=\"20\" maxlength=\"20\" value=\"";
|
||||
if ($post['form_posixGroup_userPassword2']!='') echo $post['form_posixGroup_userPassword2'];
|
||||
else echo $password;
|
||||
echo "\"></td>\n";
|
||||
echo "<td></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Use no password') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_userPassword_no\" type=\"checkbox\"";
|
||||
if ($this->userPassword_no) echo " checked ";
|
||||
echo "></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=426\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Lock password') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_userPassword_lock\" type=\"checkbox\"";
|
||||
if ($this->userPassword_lock) echo " checked ";
|
||||
echo "></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=426\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
if ($this->attributes['gidNumber'][0]!=$this->orig['gidNumber'][0] && $this->orig['gidNumber'][0]!='') {
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Change GID number of users and hosts') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixGroup_changegids\" type=\"checkbox\"";
|
||||
if ($this->changegids) echo " checked ";
|
||||
echo "></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=XXX\" target=\"lamhelp\">" . _('Help-XX') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
}
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
}
|
||||
|
||||
function display_html_user($post) {
|
||||
// load list with all groups
|
||||
$dn_users = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uid', 'posixAccount', 'user');
|
||||
foreach ($dn_users as $user) $users[] = $user[0];
|
||||
// sort groups
|
||||
sort($users, SORT_STRING);
|
||||
// remove groups the user is member of from grouplist
|
||||
$users = array_delete($this->attributes['memberUid'], $users);
|
||||
// Remove primary group from grouplist
|
||||
$users_dn = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('gidNumber', 'posixAccount', 'user');
|
||||
$DNs = array_keys($users_dn);
|
||||
for ($i=0; $i<count($DNs); $i++) {
|
||||
if ($users_dn[$DNs[$i]][0]==$this->attributes['gidNumber'][0]) {
|
||||
$thisuser = substr($DNs[$i], 4, strpos($DNs[$i], ",")-4);
|
||||
if (in_array($thisuser, $users)) {
|
||||
$users = @array_flip($users);
|
||||
unset($users[$thisuser]);
|
||||
$users = @array_flip($users);
|
||||
}
|
||||
}
|
||||
}
|
||||
// sort users
|
||||
sort($users);
|
||||
|
||||
echo "<table border=0 width=\"100%\">\n<tr>\n";
|
||||
echo "<td><fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
|
||||
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\"><b>" . _("Group members") . "</b></legend>\n";
|
||||
echo "<table border=0 width=\"100%\">\n<tr>\n";
|
||||
echo "<td valign=\"top\">";
|
||||
echo "<fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
|
||||
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\">" . _("Selected users") . "</legend>\n";
|
||||
// Show all groups the user is additional member of
|
||||
if (count($this->attributes['memberUid'])!=0) {
|
||||
echo "<select name=\"form_posixGroup_removeusers[]\" class=\"".$_SESSION[$this->base]->type."edit-bright\" size=15 multiple>\n";
|
||||
foreach ($this->attributes['memberUid'] as $member)
|
||||
if ($member!='') echo "<option>$member</option>\n";
|
||||
echo "</select>\n";
|
||||
}
|
||||
echo "</fieldset></td>\n";
|
||||
echo "<td align=\"center\" width=\"10%\"><input type=\"submit\" name=\"form_posixGroup_addusers_button\" value=\"<=\">";
|
||||
echo " ";
|
||||
echo "<input type=\"submit\" name=\"form_posixGroup_removeusers_button\" value=\"=>\"><br><br>";
|
||||
echo "<a href=\""."../help.php?HelpNumber=402\" target=\"lamhelp\">"._('Help')."</a></td>\n";
|
||||
echo "<td valign=\"top\">\n";
|
||||
echo "<fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
|
||||
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\">" . _('Available users') . "</legend>\n";
|
||||
// show all groups expect these the user is member of
|
||||
if (count($users)!=0) {
|
||||
echo "<select name=\"form_posixGroup_addusers[]\" size=15 multiple class=\"".$_SESSION[$this->base]->type."edit-bright\">\n";
|
||||
for ($i=0; $i<count($users); $i++)
|
||||
if ($users[$i]!='') echo "<option> $users[$i] </option>\n";
|
||||
echo "</select>\n";
|
||||
}
|
||||
echo "</fieldset></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "</table>\n";
|
||||
echo "<input name=\"form_posixGroup_toattributes\" type=\"submit\" value=\""; echo _('Back'); echo "\">\n";
|
||||
echo "</fieldset>\n";
|
||||
echo "</td></tr></table>\n";
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
|
@ -0,0 +1,271 @@
|
|||
<?php
|
||||
/*
|
||||
$Id$
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
||||
Copyright (C) 2003 Tilo Lutz
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
|
||||
class quota {
|
||||
// Constructor
|
||||
function quota($base) {
|
||||
$this->base = $base;
|
||||
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'quota\');'), E_USER_ERROR);
|
||||
// quota is only a valid objectClass for user and host
|
||||
if (!($_SESSION[$this->base]->get_type() == 'user') && !($_SESSION[$this->base]->get_type() == 'group')) trigger_error(_('quota can only be used for users or hosts.'), E_USER_WARNING);
|
||||
/* Check if ldap conatiner is in array and set type
|
||||
* users are using inetOrgPerson-, hosts account-container
|
||||
*/
|
||||
if (!isset($_SESSION[$this->base]->module['posixAccount']) && $_SESSION[$this->base]->type=='user') $_SESSION[$this->base]->add_objectClass('posixAccount');
|
||||
if (!isset($_SESSION[$this->base]->module['posixGroup']) && $_SESSION[$this->base]->type=='group') $_SESSION[$this->base]->add_objectClass('posixGroup');
|
||||
$this->alias = _('quota');
|
||||
|
||||
// Get basic quotas for new account
|
||||
$output_array = $_SESSION[$this->base]->lamdaemon(array("+ quota get " . $_SESSION[$this->base]->type));
|
||||
// process quotas
|
||||
if (is_array($output_array)) {
|
||||
$all_quota = explode(':', $output_array[0]);
|
||||
for ($j=0; $j<sizeof($all_quota)-1; $j++) {
|
||||
$single_quota = explode(',', $all_quota[$j]);
|
||||
// unset not existing quotas from account-object
|
||||
// collect all existing mountpoints in array
|
||||
$real_quotas[] = $single_quota[0];
|
||||
for ($k=0; $k<sizeof($single_quota); $k++)
|
||||
$this->quota[$j][$k] = $single_quota[$k];
|
||||
if ($this->quota[$j][4]<time()) $this->quota[$j][4] = '';
|
||||
else $this->quota[$j][4] = strval(intval(($this->quota[$j][4]-time())/3600)) .' '. _('hours');
|
||||
if ($this->quota[$j][8]<time()) $this->quota[$j][8] = '';
|
||||
else $this->quota[$j][8] = strval(intval(($this->quota[$j][8]-time())/3600)) .' '. _('hours');
|
||||
}
|
||||
$j=0;
|
||||
while (isset($this->quota[$j][0]))
|
||||
// remove invalid quotas
|
||||
if (!in_array($this->quota[$j][0], $real_quotas)) unset($this->quota[$j]);
|
||||
else $j++;
|
||||
// Beautify array, repair index
|
||||
if (is_array($this->quota)) $this->quota = array_values($this->quota);
|
||||
}
|
||||
}
|
||||
|
||||
// Variables
|
||||
// Alias Name. This name is shown in the menu instead of quota
|
||||
var $alias;
|
||||
// name of accountContainer so we can read other classes in accuontArray
|
||||
var $base;
|
||||
|
||||
var $quota;
|
||||
|
||||
/* This function returns a list with all required modules
|
||||
*/
|
||||
function dependencies() {
|
||||
if ($_SESSION[$this->base]->type=='user') return array('posixAccount');
|
||||
if ($_SESSION[$this->base]->type=='group') return array('posixGroup');
|
||||
// return error if unsupported type is used
|
||||
return -1;
|
||||
}
|
||||
|
||||
function module_ready() {
|
||||
if (!isset($_SESSION[$_SESSION[$this->base]->config]->scriptPath)) return $false;
|
||||
if ($_SESSION[$this->base]->type=='user' && $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0]=='') return false;
|
||||
if ($_SESSION[$this->base]->type=='group' && $_SESSION[$this->base]->module['posixGroup']->attributes['cn'][0]=='') return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
// Write all general values into $account_new
|
||||
$i=0;
|
||||
// loop for every mointpoint with quotas
|
||||
while ($this->quota[$i][0]) {
|
||||
$this->quota[$i][2] = $post['form_quota_' . $i . '_2'];
|
||||
$this->quota[$i][3] = $post['form_quota_' . $i . '_3'];
|
||||
$this->quota[$i][6] = $post['form_quota_' . $i . '_6'];
|
||||
$this->quota[$i][7] = $post['form_quota_' . $i . '_7'];
|
||||
// Check if values are OK and set automatic values. if not error-variable will be set
|
||||
if (!ereg('^([0-9])*$', $this->quota[$i][2]))
|
||||
$errors[] = array('ERROR', _('Block soft quota'), _('Block soft quota contains invalid characters. Only natural numbers are allowed'));
|
||||
if (!ereg('^([0-9])*$', $this->quota[$i][3]))
|
||||
$errors[] = array('ERROR', _('Block hard quota'), _('Block hard quota contains invalid characters. Only natural numbers are allowed'));
|
||||
if (!ereg('^([0-9])*$', $this->quota[$i][6]))
|
||||
$errors[] = array('ERROR', _('Inode soft quota'), _('Inode soft quota contains invalid characters. Only natural numbers are allowed'));
|
||||
if (!ereg('^([0-9])*$', $this->quota[$i][7]))
|
||||
$errors[] = array('ERROR', _('Inode hard quota'), _('Inode hard quota contains invalid characters. Only natural numbers are allowed'));
|
||||
if (intval($this->quota[$i][2]) > intval($this->quota[$i][3]))
|
||||
$errors[] = array('ERROR', _('Block quota'), _('Block soft quota must be smaller than block hard quota'));
|
||||
if (intval($this->quota[$i][6]) > intval($this->quota[$i][7]))
|
||||
$errors[] = array('ERROR', _('Inode quota'), _('Inode soft quota must be smaller than inode hard quota'));
|
||||
$i++;
|
||||
}
|
||||
|
||||
// Return error-messages
|
||||
if (is_array($errors)) return $errors;
|
||||
// Go to additional group page when no error did ocour and button was pressed
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* This function loads all attributes into the object
|
||||
* $attr is an array as it's retured from ldap_get_attributes
|
||||
*/
|
||||
function load_attributes($attr) {
|
||||
// Load name
|
||||
if ($_SESSION[$this->base]->type=='user') $id = $attr['uid'][0];
|
||||
if ($_SESSION[$this->base]->type=='group') $id = $attr['cn'][0];
|
||||
// Get quotas
|
||||
$output_array = $_SESSION[$this->base]->lamdaemon(array("$id quota get " . $_SESSION[$this->base]->type));
|
||||
// process quotas
|
||||
if (is_array($output_array)) {
|
||||
$all_quota = explode(':', $output_array[0]);
|
||||
for ($j=0; $j<sizeof($all_quota)-1; $j++) {
|
||||
$single_quota = explode(',', $all_quota[$j]);
|
||||
// unset not existing quotas from account-object
|
||||
// collect all existing mountpoints in array
|
||||
$real_quotas[] = $single_quota[0];
|
||||
for ($k=0; $k<sizeof($single_quota); $k++)
|
||||
$this->quota[$j][$k] = $single_quota[$k];
|
||||
if ($this->quota[$j][4]<time()) $this->quota[$j][4] = '';
|
||||
else $this->quota[$j][4] = strval(intval(($this->quota[$j][4]-time())/3600)) .' '. _('hours');
|
||||
if ($this->quota[$j][8]<time()) $this->quota[$j][8] = '';
|
||||
else $this->quota[$j][8] = strval(intval(($this->quota[$j][8]-time())/3600)) .' '. _('hours');
|
||||
}
|
||||
$j=0;
|
||||
while (isset($this->quota[$j][0]))
|
||||
// remove invalid quotas
|
||||
if (!in_array($this->quota[$j][0], $real_quotas)) unset($this->quota[$j]);
|
||||
else $j++;
|
||||
// Beautify array, repair index
|
||||
if (is_array($this->quota)) $this->quota = array_values($this->quota);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* This function returns an array with 3 entries:
|
||||
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
|
||||
* DN is the DN to change. It may be possible to change several DNs,
|
||||
* e.g. create a new user and add him to some groups via attribute memberUid
|
||||
* add are attributes which have to be added to ldap entry
|
||||
* remove are attributes which have to be removed from ldap entry
|
||||
* modify are attributes which have to been modified in ldap entry
|
||||
*/
|
||||
function save_attributes() {
|
||||
/* Check wich quotas have changed
|
||||
* Because we can not send an array to lamdaemon.pl we have to put all
|
||||
* values in a string. ':' sepraeates the first array, ',' the second
|
||||
*
|
||||
* $values->quota[][] First array is an index for every chare with active quotas
|
||||
* second array Contains values for every share:
|
||||
* mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes,
|
||||
* soft inode limit, hard inode limit, grace inode period
|
||||
*/
|
||||
|
||||
$i=0;
|
||||
while ($this->quota[$i][0]) {
|
||||
$quotastring = $quotastring . $this->quota[$i][0] . ',' . $this->quota[$i][2] . ',' . $this->quota[$i][3]
|
||||
. ',' . $this->quota[$i][6] . ',' . $this->quota[$i][7] . ':';
|
||||
$i++;
|
||||
}
|
||||
|
||||
if ($_SESSION[$this->base]->type=='user') $id = $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0];
|
||||
if ($_SESSION[$this->base]->type=='group') $id = $_SESSION[$this->base]->module['posixGroup']->attributes['cn'][0];
|
||||
$return[$_SESSION[$this->base]->dn]['lamdaemon']['command'][] = $id . " quota set " . $_SESSION[$this->base]->type . " $quotastring\n";
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
function delete_attributes() {
|
||||
$i=0;
|
||||
while ($this->quota[$i][0]) {
|
||||
$quotastring = $quotastring . $this->quota[$i][0] . ',0,0,0,0:';
|
||||
$i++;
|
||||
}
|
||||
if ($_SESSION[$this->base]->type=='user') $id = $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0];
|
||||
if ($_SESSION[$this->base]->type=='group') $id = $_SESSION[$this->base]->module['posixGroup']->attributes['cn'][0];
|
||||
$return[$_SESSION[$this->base]->dn]['lamdaemon']['command'][] = $id . " quota set " . $_SESSION[$this->base]->type . " $quotastring\n";
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
/* This function returns all ldap attributes
|
||||
* which are part of quota and returns
|
||||
* also their values.
|
||||
*/
|
||||
function get_attributes() {
|
||||
return $this->quota;
|
||||
}
|
||||
|
||||
/* This function will create the html-page
|
||||
* to show a page with all attributes.
|
||||
* It will output a complete html-table
|
||||
*/
|
||||
function display_html_attributes($post) {
|
||||
echo "<table border=0 width=\"100%\">\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Mountpoint') . "</td>\n";
|
||||
echo "<td>" . _('Used blocks') . "</td>\n";
|
||||
echo "<td>" . _('Soft block limit') . "</td>\n";
|
||||
echo "<td>" . _('Hard block limit') . "</td>\n";
|
||||
echo "<td>" . _('Grace block period') . "</td>\n";
|
||||
echo "<td>" . _('Used inodes') . "</td>\n";
|
||||
echo "<td>" . _('Soft inode limit') . "</td>\n";
|
||||
echo "<td>" . _('Hard inode limit') . "</td>\n";
|
||||
echo "<td>" . _('Grace inode period') . "</td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=439\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=440\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=441\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=442\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=443\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=444\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=445\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=446\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=447\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
$i=0;
|
||||
// loop for every mointpoint with enabled quotas
|
||||
while ($this->quota[$i][0]) {
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . $this->quota[$i][0] . "</td>\n";
|
||||
echo "<td>" . $this->quota[$i][1] . "</td>\n"; // used blocks
|
||||
echo "<td><input name=\"form_quota_" . $i . "_2\" type=\"text\" size=\"12\" maxlength=\"20\" value=\"" . $this->quota[$i][2] . "\"></td>\n"; // blocks soft limit
|
||||
echo "<td><input name=\"form_quota_" . $i . "_3\" type=\"text\" size=\"12\" maxlength=\"20\" value=\"" . $this->quota[$i][3] . "\"></td>\n"; // blocks hard limit
|
||||
echo "<td>" . $this->quota[$i][4] . "</td>\n"; // block grace period
|
||||
echo "<td>" . $this->quota[$i][5] . "</td>\n"; // used inodes
|
||||
echo "<td><input name=\"form_quota_" . $i . "_6\" type=\"text\" size=\"12\" maxlength=\"20\" value=\"" . $this->quota[$i][6] . "\"></td>\n"; // inodes soft limit
|
||||
echo "<td><input name=\"form_quota_" . $i . "_7\" type=\"text\" size=\"12\" maxlength=\"20\" value=\"" . $this->quota[$i][7] . "\"></td>\n"; // inodes hard limit
|
||||
echo "<td>" . $this->quota[$i][8] . "</td>\n";
|
||||
echo "</tr>\n"; // inodes grace period
|
||||
$i++;
|
||||
}
|
||||
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
?>
|
|
@ -209,13 +209,13 @@ class sambaAccount {
|
|||
if ($post['form_sambaAccount_rid']== _('Administrator')) {
|
||||
$this->attributes['rid'][0] = "500";
|
||||
// Do a check if an administrator already exists
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("500", 'rid', 'user'))
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("500", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig)
|
||||
$errors[] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.'));
|
||||
}
|
||||
if ($post['form_sambaAccount_rid']== _('Guest')) {
|
||||
$this->attributes['rid'][0] = "501";
|
||||
// Do a check if an administrator already exists
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("501", 'rid', 'user'))
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache("501", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig)
|
||||
$errors[] = array('ERROR', _('Special user'), _('There can be only one guest per domain.'));
|
||||
}
|
||||
$this->attributes['smbHome'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['smbHome'][0]);
|
||||
|
@ -338,6 +338,12 @@ class sambaAccount {
|
|||
if ($this->attributes['rid'][0] == "501") $special = true;
|
||||
if ($this->attributes['rid'][0] == "515") $special = true;
|
||||
if (!$special) $this->attributes['rid'][0] == $_SESSION[$this->base]->module['posixAccount']->attributes['uidNumber'][0]*2+1000;
|
||||
$rids = array_keys($this->rids);
|
||||
$wrid = false;
|
||||
for ($i=0; $i<count($rids); $i++)
|
||||
if ($this->attributes['primaryGroupID'][0] == $rids[$i])
|
||||
$wrid = true;
|
||||
if (!$wrid) $this->attributes['primaryGroupID'][0] = ($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]*2)+1001;
|
||||
|
||||
|
||||
|
||||
|
@ -509,8 +515,8 @@ class sambaAccount {
|
|||
}
|
||||
else echo "<option>" . $names[$i] . "</option>";
|
||||
}
|
||||
if ($wrid) echo "<option>" . getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
|
||||
else echo "<option selected>" . getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
|
||||
if ($wrid) echo "<option>" . $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
|
||||
else echo "<option selected>" . $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=464\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
|
|
@ -0,0 +1,269 @@
|
|||
<?php
|
||||
/*
|
||||
$Id$
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
||||
Copyright (C) 2003 Tilo Lutz
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
/* Session variables which are used:
|
||||
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
|
||||
*
|
||||
* Coockie variables which are used:
|
||||
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
|
||||
*
|
||||
* Variables in basearray which are no objects:
|
||||
* type: Type of account. Can be user, group, host
|
||||
* attributes: List of all attributes, how to get them and are theiy required or optional
|
||||
* dn: current DN without uid= or cn=
|
||||
* dn_orig: old DN if account was loaded with uid= or cn=
|
||||
|
||||
* External functions which are used
|
||||
* account.inc: findgroups, incache, get_cache, array_delete, getshells
|
||||
* ldap.inc: pwd_is_enabled, pwd_hash
|
||||
*/
|
||||
|
||||
/* This class contains all sambaGroupMapping LDAP attributes
|
||||
* and funtioncs required to deal with sambaGroupMapping
|
||||
* sambaGroupMapping can only be created when it should be added
|
||||
* to an array.
|
||||
* basearray is the same array sambaGroupMapping should be added
|
||||
* to. If basearray is not given the constructor tries to
|
||||
* create an array with sambaGroupMapping and all other required
|
||||
* objects.
|
||||
* Example: $user[] = new sambaGroupMapping($user);
|
||||
*
|
||||
* In container array the following things have to exist:
|
||||
* account or inetOrgPerson object
|
||||
* type: 'user' or 'host'
|
||||
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
|
||||
*/
|
||||
class sambaGroupMapping {
|
||||
// Constructor
|
||||
function sambaGroupMapping($base) {
|
||||
/* Return an error if sambaGroupMapping should be created without
|
||||
* base container
|
||||
*/
|
||||
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'sambaGroupMapping\');'), E_USER_ERROR);
|
||||
$this->base = $base;
|
||||
// sambaGroupMapping is only a valid objectClass for user and host
|
||||
if ($_SESSION[$this->base]->get_type() != 'group') trigger_error(_('sambaGroupMapping can only be used for groups.'), E_USER_WARNING);
|
||||
// Add Array with all attributes and type
|
||||
$this->attributes = $_SESSION[$this->base]->get_module_attributes('sambaGroupMapping');
|
||||
$_SESSION[$this->base]->add_attributes ('sambaGroupMapping');
|
||||
$this->alias = _('sambaGroupMapping');
|
||||
// Make references to attributes which already esists in ldap
|
||||
$newattributes = array_keys($this->attributes);
|
||||
$module = array_keys($_SESSION[$this->base]->module);
|
||||
// fixme *** do we have to unset module posixAccuont itself
|
||||
for ($i=0; $i<count($module); $i++) {
|
||||
foreach ($newattributes as $attribute)
|
||||
if (isset($_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute])) $this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute];
|
||||
}
|
||||
$this->orig = $this->attributes ;
|
||||
$this->attributes['objectClass'][0] = 'sambaGroupMapping';
|
||||
$this->rids = array ( _('Domain Admins') => 512, _('Domain Users') => 513, _('Domain Guests') => 514, _('Domain Computers') => 515, _('Domain Controllers') => 516,
|
||||
_('Domain Certificate Admins') => 517, _('Domain Schema Admins') => 518, _('Domain Enterprise Admins') => 519, _('Domain Policy Admins') => 520 );
|
||||
}
|
||||
|
||||
// Variables
|
||||
// Alias Name. This name is shown in the menu instead of sambaGroupMapping
|
||||
var $alias;
|
||||
// name of accountContainer so we can read other classes in accuontArray
|
||||
var $base;
|
||||
|
||||
// This variable contains all inetOrgPerson attributes
|
||||
var $attributes;
|
||||
/* If an account was loaded all attributes are kept in this array
|
||||
* to compare it with new changed attributes
|
||||
*/
|
||||
var $orig;
|
||||
// Array of well known rids
|
||||
var $rids;
|
||||
|
||||
/* This function returns a list with all required modules
|
||||
*/
|
||||
function dependencies() {
|
||||
return array('posixGroup');
|
||||
}
|
||||
|
||||
function module_ready() {
|
||||
if ($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]=='') return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
// Get Domain SID from name
|
||||
$sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix());
|
||||
for ($i=0; $i<count($sambaDomains); $i++ )
|
||||
if ($post['form_sambaGroupMapping_sambaDomainName'] == $sambaDomains[$i]->name) {
|
||||
$SID = $sambaDomains[$i]->SID;
|
||||
$RIDbase = $sambaDomain[$i]->RIDbase;
|
||||
}
|
||||
|
||||
// Load attributes
|
||||
$this->attributes['displayName'][0] = $post['form_sambaGroupMapping_displayName'];
|
||||
$this->attributes['sambaGroupType'][0] = 2;
|
||||
|
||||
$rids = array_keys($this->rids);
|
||||
$wrid = false;
|
||||
for ($i=0; $i<count($rids); $i++) {
|
||||
if ($post['form_sambaGroupMapping_sambaSID'] == $rids[$i]) {
|
||||
$wrid = true;
|
||||
// Get Domain SID
|
||||
$this->attributes['sambaSID'][0] = $SID."-".$this->rids[$rids[$i]];
|
||||
// Do a check if special grou pis unique
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-".$this->rids[$rids[$i]], 'sambaSID', 'group'))
|
||||
$errors[] = array('ERROR', _('Special Group'),sprintf( _('There can be only one group %s.'), $rids[$i]));
|
||||
}
|
||||
}
|
||||
if (!$wrid) $this->attributes['sambaSID'][0] = $SID."-".($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]*2)+$RIDbase+1;
|
||||
|
||||
|
||||
|
||||
// Return error-messages
|
||||
if (is_array($errors)) return $errors;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* This function loads all attributes into the object
|
||||
* $attr is an array as it's retured from ldap_get_attributes
|
||||
*/
|
||||
function load_attributes($attr) {
|
||||
// Load attributes which are displayed
|
||||
// unset count entries
|
||||
unset ($attr['count']);
|
||||
$attributes = array_keys($attr);
|
||||
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
|
||||
// unset double entries
|
||||
for ($i=0; $i<count($attr); $i++)
|
||||
if (isset($attr[$i])) unset($attr[$i]);
|
||||
foreach ($attributes as $attribute) {
|
||||
if (isset($this->attributes[$attribute])) {
|
||||
// decode as unicode
|
||||
$this->attributes[$attribute] = $attr[$attribute];
|
||||
for ($i=0; $i<count($this->attributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
|
||||
}
|
||||
}
|
||||
// Values are kept as copy so we can compare old attributes with new attributes
|
||||
$this->attributes['objectClass'][0] = 'sambaGroupMapping';
|
||||
$this->orig = $this->attributes;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* This function returns an array with 3 entries:
|
||||
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
|
||||
* DN is the DN to change. It may be possible to change several DNs,
|
||||
* e.g. create a new user and add him to some groups via attribute memberUid
|
||||
* add are attributes which have to be added to ldap entry
|
||||
* remove are attributes which have to be removed from ldap entry
|
||||
* modify are attributes which have to been modified in ldap entry
|
||||
*/
|
||||
function save_attributes() {
|
||||
// Get Domain SID from name
|
||||
$sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix());
|
||||
// Get Domain-SID from group SID
|
||||
$domainSID = substr($this->attributes['sambaSID'][0], 0, strrpos($this->attributes['sambaSID'][0], "-"));
|
||||
for ($i=0; $i<count($sambaDomains); $i++ )
|
||||
if ($domainSID==$sambaDomains[$i]->SID)
|
||||
$SID = $sambaDomains[$i]->SID;
|
||||
$names = array_keys($this->rids);
|
||||
$wrid=false;
|
||||
for ($i=0; $i<count($names); $i++)
|
||||
if ($this->attributes['sambaSID'][0]==$SID."-".$this->rids[$names[$i]]) {
|
||||
$wrid=true;
|
||||
}
|
||||
if (!$wrid) $this->attributes['sambaSID'][0] == $SID."-".($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]*2+1+$RIDbase);
|
||||
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
/* This function returns all ldap attributes
|
||||
* which are part of sambaGroupMapping and returns
|
||||
* also their values.
|
||||
*/
|
||||
function get_attributes() {
|
||||
return $this->attributes;
|
||||
}
|
||||
|
||||
/* This function will create the html-page
|
||||
* to show a page with all attributes.
|
||||
* It will output a complete html-table
|
||||
*/
|
||||
function display_html_attributes($post) {
|
||||
// Get Domain SID from name
|
||||
$sambaDomains = $_SESSION[$_SESSION[$this->base]->ldap]->search_domains($_SESSION[$_SESSION[$this->base]->config]->get_domainSuffix());
|
||||
// Get Domain-SID from group SID
|
||||
$domainSID = substr($this->attributes['sambaSID'][0], 0, strrpos($this->attributes['sambaSID'][0], "-"));
|
||||
for ($i=0; $i<count($sambaDomains); $i++ ) {
|
||||
// List with all valid domains
|
||||
$sambaDomainNames[] = $sambaDomains[$i]->name;
|
||||
if ($domainSID==$sambaDomains[$i]->SID) {
|
||||
$SID = $sambaDomains[$i]->SID;
|
||||
$sel_domain = $sambaDomains[$i]->name;
|
||||
}
|
||||
}
|
||||
echo "<table border=0 width=\"100%\">\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _("Display name") . "</td>\n";
|
||||
echo "<td><input name=\"form_sambaGroupMapping_displayName\" type=\"text\" size=\"30\" maxlength=\"50\" value=\"".$this->attributes['displayName'][0]."\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=420\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Special group') . "</td>\n";
|
||||
echo "<td><select name=\"form_sambaGroupMapping_sambaSID\">";
|
||||
// Display if group SID should be mapped to a well kown SID
|
||||
$names = array_keys($this->rids);
|
||||
$wrid=false;
|
||||
for ($i=0; $i<count($names); $i++) {
|
||||
if ($this->attributes['sambaSID'][0]==$SID."-".$this->rids[$names[$i]]) {
|
||||
echo "<option selected>" . $names[$i] . "</option>";
|
||||
$wrid=true;
|
||||
}
|
||||
else echo "<option>" . $names[$i] . "</option>";
|
||||
}
|
||||
if ($wrid) echo "<option>" . $this->attributes['cn'][0] . "</option>";
|
||||
else echo "<option selected>" . $this->attributes['cn'][0] . "</option>";
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=464\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Domain') . "</td>\n";
|
||||
echo "<td><select name=\"form_sambaGroupMapping_sambaDomainName\">";
|
||||
foreach ($sambaDomainNames as $domain) {
|
||||
if ($sel_domain==$domain) echo "<option selected>$domain</option>";
|
||||
else echo "<option>$domain</option>";
|
||||
}
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=467\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
?>
|
|
@ -216,13 +216,13 @@ class sambaSamAccount {
|
|||
if ($post['form_sambaSamAccount_sambaSID']== _('Administrator')) {
|
||||
$this->attributes['sambaSID'][0] = $SID."-500";
|
||||
// Do a check if an administrator already exists
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-500", 'sambaSID', 'user'))
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-500", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig)
|
||||
$errors[] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.'));
|
||||
}
|
||||
if ($post['form_sambaSamAccount_sambaSID']== _('Guest')) {
|
||||
$this->attributes['sambaSID'][0] = $SID."-501";
|
||||
// Do a check if an administrator already exists
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-501", 'sambaSID', 'user'))
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($SID."-501", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig)
|
||||
$errors[] = array('ERROR', _('Special user'), _('There can be only one guest per domain.'));
|
||||
}
|
||||
// Check values
|
||||
|
@ -349,6 +349,13 @@ class sambaSamAccount {
|
|||
if ($this->attributes['sambaSID'][0] == $SID."-500") $special = true;
|
||||
if ($this->attributes['sambaSID'][0] == $SID."-501") $special = true;
|
||||
if (!$special) $this->attributes['sambaSID'][0] == $SID."-".($_SESSION[$this->base]->module['posixAccount']->attributes['uidNumber'][0]*2+$RIDbase);
|
||||
$rids = array_keys($this->rids);
|
||||
$wrid = false;
|
||||
for ($i=0; $i<count($rids); $i++)
|
||||
if ($this->attributes['sambaPrimaryGroupSID'][0] == $SID . "-" . $rids[$i])
|
||||
$wrid = true;
|
||||
if (!$wrid) $this->attributes['sambaPrimaryGroupSID'][0] = $SID."-".($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]*2)+$RIDbase+1;
|
||||
|
||||
|
||||
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
|
||||
// Set password
|
||||
|
@ -525,8 +532,8 @@ class sambaSamAccount {
|
|||
}
|
||||
else echo "<option>" . $names[$i] . "</option>";
|
||||
}
|
||||
if ($wrid) echo "<option>" . getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
|
||||
else echo "<option selected>" . getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
|
||||
if ($wrid) echo "<option>" . $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
|
||||
else echo "<option selected>" . $_SESSION[$_SESSION[$this->base]->cache]->getgrnam($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]) . "</option>";
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=464\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
|
|
@ -40,8 +40,6 @@ $dir = opendir('../../lib/modules');
|
|||
while ($entry = readdir($dir))
|
||||
if (is_file('../../lib/modules/'.$entry)) include_once ('../../lib/modules/'.$entry);
|
||||
|
||||
|
||||
|
||||
// Start session
|
||||
session_save_path('../../sess');
|
||||
@session_start();
|
||||
|
|
Loading…
Reference in New Issue