From 6d1904ffd6ccb7a4e2c7ebe65bdf1e8d7f382a68 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sat, 25 Oct 2014 19:00:10 +0000
Subject: [PATCH] support radiusProfileDn

---
 lam/lib/modules/freeRadius.inc | 159 ++++++++++++++++++++++++++++-----
 1 file changed, 136 insertions(+), 23 deletions(-)

diff --git a/lam/lib/modules/freeRadius.inc b/lam/lib/modules/freeRadius.inc
index 502c5e64..a75a50f5 100644
--- a/lam/lib/modules/freeRadius.inc
+++ b/lam/lib/modules/freeRadius.inc
@@ -38,6 +38,9 @@ class freeRadius extends baseModule {
 	private static $monthList = array('01' => 'Jan', '02' => 'Feb', '03' => 'Mar', '04' => 'Apr', '05' => 'May',
 			'06' => 'Jun', '07' => 'Jul', '08' => 'Aug', '09' => 'Sep', '10' => 'Oct', '11' => 'Nov', '12' => 'Dec'
 		);
+		
+	/** cache for profile DNs */
+	private $profileCache = null;
 	
 	
 	/**
@@ -78,7 +81,7 @@ class freeRadius extends baseModule {
 		$return['objectClasses'] = array('radiusprofile');
 		// managed attributes
 		$return['attributes'] = array('radiusFramedIPAddress', 'radiusFramedIPNetmask', 'radiusRealm', 'radiusGroupName',
-			'radiusExpiration', 'radiusIdleTimeout', 'dialupAccess');
+			'radiusExpiration', 'radiusIdleTimeout', 'dialupAccess', 'radiusProfileDn');
 		// help Entries
 		$return['help'] = array(
 			'radiusFramedIPAddress' => array(
@@ -113,32 +116,18 @@ class freeRadius extends baseModule {
 				"Headline" => _("Enabled"), 'attr' => 'dialupAccess',
 				"Text" => _("Specifies if the user may authenticate with FreeRadius.")
 			),
+			'profileDN' => array(
+				"Headline" => _("Profile DN"), 'attr' => 'radiusProfileDn',
+				"Text" => _('DN where Radius profile templates are stored.')
+			),
+			'radiusProfileDn' => array(
+				"Headline" => _("Profile"), 'attr' => 'radiusProfileDn',
+				"Text" => _('Radius profile for this user.')
+			),
 			'hiddenOptions' => array(
 				"Headline" => _("Hidden options"),
 				"Text" => _("The selected options will not be managed inside LAM. You can use this to reduce the number of displayed input fields.")
 			));
-		// configuration settings
-		$configContainer = new htmlTable();
-		$configContainerHead = new htmlTable();
-		$configContainerHead->addElement(new htmlOutputText(_('Hidden options')));
-		$configContainerHead->addElement(new htmlHelpLink('hiddenOptions'));
-		$configContainerOptions = new htmlTable();
-		$configContainer->addElement($configContainerHead, true);
-		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusFramedIPAddress', false, _('IP address'), null, false));
-		$configContainerOptions->addElement(new htmlOutputText(' '));
-		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusFramedIPNetmask', false, _('Net mask'), null, false));
-		$configContainerOptions->addElement(new htmlOutputText(' '));
-		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusRealm', false, _('Realm'), null, false));
-		$configContainerOptions->addElement(new htmlOutputText(' '));
-		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusGroupName', false, _('Group names'), null, false));
-		$configContainerOptions->addElement(new htmlOutputText(' '));
-		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusExpiration', false, _('Expiration date'), null, false));
-		$configContainerOptions->addNewLine();
-		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusIdleTimeout', false, _('Idle timeout'), null, false));
-		$configContainerOptions->addElement(new htmlOutputText(' '));
-		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideDialupAccess', false, _('Enabled'), null, false));
-		$configContainer->addElement($configContainerOptions, true);
-		$return['config_options']['all'] = $configContainer;
 		// profile settings
 		$profileElements = array();
 		if (!$this->isBooleanConfigOptionSet('freeRadius_hideRadiusFramedIPNetmask')) {
@@ -175,6 +164,16 @@ class freeRadius extends baseModule {
 			$profileElements[] = $dialupAccessSelect;
 			$return['profile_mappings']['freeRadius_dialupAccess'] = 'dialupAccess';
 		}
+		if (!$this->isBooleanConfigOptionSet('freeRadius_hideRadiusProfileDn')) {
+			$profileOptions = array('-' => '');
+			foreach ($this->getProfiles() as $dn) {
+				$profileOptions[getAbstractDN($dn)] = $dn;
+			}
+			$profileSelect = new htmlTableExtendedSelect('freeRadius_radiusProfileDn', $profileOptions, array(''), _('Profile'), 'radiusProfileDn');
+			$profileSelect->setHasDescriptiveElements(true);
+			$profileElements[] = $profileSelect;
+			$return['profile_mappings']['freeRadius_radiusProfileDn'] = 'radiusProfileDn';
+		}
 		if (sizeof($profileElements) > 0) {
 			$profileContainer = new htmlTable();
 			for ($i = 0; $i < sizeof($profileElements); $i++) {
@@ -242,6 +241,14 @@ class freeRadius extends baseModule {
 				'values' => 'true, false'
 			);
 		}
+		if (!$this->isBooleanConfigOptionSet('freeRadius_hideRadiusProfileDn')) {
+			$return['upload_columns'][] = array(
+				'name' => 'freeRadius_radiusProfileDn',
+				'description' => _('Profile'),
+				'help' => 'radiusProfileDn',
+				'example' => 'cn=profile,ou=radiusProfile,dc=example,dc=com'
+			);
+		}
 		// available PDF fields
 		$return['PDF_fields'] = array();
 		if (!$this->isBooleanConfigOptionSet('freeRadius_hideRadiusFramedIPAddress')) {
@@ -265,8 +272,55 @@ class freeRadius extends baseModule {
 		if (!$this->isBooleanConfigOptionSet('freeRadius_hideDialupAccess')) {
 			$return['PDF_fields']['dialupAccess'] = _('Enabled');
 		}
+		if (!$this->isBooleanConfigOptionSet('freeRadius_hideRadiusProfileDn')) {
+			$return['PDF_fields']['radiusProfileDn'] = _('Profile');
+		}
 		return $return;
 	}
+	
+	/**
+	* Returns a list of configuration options.
+	* 
+	* Calling this method does not require the existence of an enclosing {@link accountContainer}.<br>
+	* <br>
+	* The field names are used as keywords to load and save settings.
+	* We recommend to use the module name as prefix for them (e.g. posixAccount_homeDirectory) to avoid naming conflicts.
+	*
+	* @param array $scopes account types (user, group, host)
+	* @param array $allScopes list of all active account modules and their scopes (module => array(scopes))
+	* @return mixed htmlElement or array of htmlElement
+	* 
+	* @see htmlElement
+	*/
+	public function get_configOptions($scopes, $allScopes) {
+		$configContainer = new htmlTable();
+		$configContainer->addElement(new htmlTableExtendedInputField(_('Profile DN'), 'freeRadius_profileDN', '', 'profileDN'), true);
+		$configContainer->addVerticalSpace('10px');
+		$configContainerHead = new htmlTable();
+		$configContainerHead->colspan = 5;
+		$configContainerHead->addElement(new htmlOutputText(_('Hidden options')));
+		$configContainerHead->addElement(new htmlHelpLink('hiddenOptions'));
+		$configContainerOptions = new htmlTable();
+		$configContainerOptions->colspan = 5;
+		$configContainer->addElement($configContainerHead, true);
+		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusFramedIPAddress', false, _('IP address'), null, false));
+		$configContainerOptions->addElement(new htmlOutputText(' '));
+		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusFramedIPNetmask', false, _('Net mask'), null, false));
+		$configContainerOptions->addElement(new htmlOutputText(' '));
+		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusRealm', false, _('Realm'), null, false));
+		$configContainerOptions->addElement(new htmlOutputText(' '));
+		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusGroupName', false, _('Group names'), null, false));
+		$configContainerOptions->addElement(new htmlOutputText(' '));
+		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusExpiration', false, _('Expiration date'), null, false));
+		$configContainerOptions->addNewLine();
+		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusIdleTimeout', false, _('Idle timeout'), null, false));
+		$configContainerOptions->addElement(new htmlOutputText(' '));
+		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideRadiusProfileDn', false, _('Profile'), null, false));
+		$configContainerOptions->addElement(new htmlOutputText(' '));
+		$configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('freeRadius_hideDialupAccess', false, _('Enabled'), null, false));
+		$configContainer->addElement($configContainerOptions, true);
+		return $configContainer;
+	}
 
 	/**
 	* This function fills the error message array with messages
@@ -285,6 +339,7 @@ class freeRadius extends baseModule {
 		$this->messages['radiusIdleTimeout'][0] = array('ERROR', _('Please enter a numeric value for the idle timeout.'));
 		$this->messages['radiusIdleTimeout'][1] = array('ERROR', _('Account %s:') . ' freeRadius_radiusIdleTimeout', _('Please enter a numeric value for the idle timeout.'));
 		$this->messages['dialupAccess'][0] = array('ERROR', _('Account %s:') . ' freeRadius_dialupAccess', _('This value can only be "true" or "false".'));
+		$this->messages['radiusProfileDn'][0] = array('ERROR', _('Account %s:') . ' freeRadius_radiusProfileDn', _('This is not a valid DN!'));
 	}
 
 	/**
@@ -329,6 +384,23 @@ class freeRadius extends baseModule {
 				$return->addElement($radiusExpirationList);
 				$return->addElement(new htmlHelpLink('radiusExpiration'), true);
 			}
+			// profile DN
+			if (!$this->isBooleanConfigOptionSet('freeRadius_hideRadiusProfileDn')) {
+				$profiles = array('-' => '-');
+				foreach ($this->getProfiles() as $dn) {
+					$profiles[getAbstractDN($dn)] = $dn;
+				}
+				$profile = array();
+				if (!empty($this->attributes['radiusProfileDn'][0])) {
+					$profile = $this->attributes['radiusProfileDn'];
+					if (!in_array($this->attributes['radiusProfileDn'][0], $profiles)) {
+						$profiles[getAbstractDN($this->attributes['radiusProfileDn'][0])] = $this->attributes['radiusProfileDn'][0];
+					}
+				}
+				$profileSelect = new htmlTableExtendedSelect('radiusProfileDn', $profiles, $profile, _('Profile'), 'radiusProfileDn');
+				$profileSelect->setHasDescriptiveElements(true);
+				$return->addElement($profileSelect, true);
+			}
 			// enabled
 			if (!$this->isBooleanConfigOptionSet('freeRadius_hideDialupAccess')) {
 				$enabled = array('');
@@ -425,6 +497,15 @@ class freeRadius extends baseModule {
 				$this->attributes['dialupAccess'][0] = 'true';
 			}
 		}
+		// profile DN
+		if (!$this->isBooleanConfigOptionSet('freeRadius_hideRadiusProfileDn')) {
+			if (($_POST['radiusProfileDn'] == '-') && !empty($this->attributes['radiusProfileDn'])) {
+				unset($this->attributes['radiusProfileDn']);
+			}
+			elseif ($_POST['radiusProfileDn'] != '-') {
+				$this->attributes['radiusProfileDn'][0] = $_POST['radiusProfileDn'];
+			}
+		}
 		return $errors;
 	}
 	
@@ -588,6 +669,17 @@ class freeRadius extends baseModule {
 					$errors[] = $errMsg;
 				}
 			}
+			// profile DN
+			if (!empty($rawAccounts[$i][$ids['freeRadius_radiusProfileDn']])) {
+				if (get_preg($rawAccounts[$i][$ids['freeRadius_radiusProfileDn']], 'dn')) {
+					$partialAccounts[$i]['radiusProfileDn'] = $rawAccounts[$i][$ids['freeRadius_radiusProfileDn']];
+				}
+				else {
+					$errMsg = $this->messages['radiusProfileDn'][0];
+					array_push($errMsg, array($i));
+					$errors[] = $errMsg;
+				}
+			}
 		}
 		return $errors;
 	}
@@ -604,6 +696,7 @@ class freeRadius extends baseModule {
 		$this->addSimplePDFField($return, 'radiusRealm', _('Realm'));
 		$this->addSimplePDFField($return, 'radiusGroupName', _('Group names'));
 		$this->addSimplePDFField($return, 'radiusIdleTimeout', _('Idle timeout'));
+		$this->addSimplePDFField($return, 'radiusProfileDn', _('Profile'));
 		if (isset($this->attributes['radiusExpiration'][0])) {
 			$return[get_class($this) . '_radiusExpiration'][0] = '<block><key>' . _('Expiration date') . '</key><value>' . $this->formatExpirationDate($this->attributes['radiusExpiration'][0]) . '</value></block>';
 		}
@@ -676,6 +769,26 @@ class freeRadius extends baseModule {
 		return $date;
 	}
 	
+	/**
+	 * Returns a list of possible profile DNs.
+	 * 
+	 * @return array list of profile DNs
+	 */
+	private function getProfiles() {
+		if ($this->profileCache != null) {
+			return $this->profileCache;
+		}
+		if (empty($this->moduleSettings['freeRadius_profileDN'][0])) {
+			return array();
+		}
+		$list = searchLDAP($this->moduleSettings['freeRadius_profileDN'][0], '(objectClass=radiusProfile)', array('dn'));
+		foreach ($list as $attr) {
+			$this->profileCache[] = $attr['dn'];
+		}
+		usort($this->profileCache, 'compareDN');
+		return $this->profileCache;
+	}
+	
 }