WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added many comments and 

fixed mayn errors
This commit is contained in:
katagia 2003-10-19 17:04:49 +00:00
parent 3bfd9d8ad2
commit 708dc678c7
1 changed files with 398 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

549
lam/lib/account.inc
View File

@ -23,7 +23,8 @@ $Id$
LDAP Account Manager functions used by account.php LDAP Account Manager functions used by account.php
*/ */
class account { // This class keeps all needed values for any account // This class keeps all needed values for any account
class account {
// Type : user | group | host // Type : user | group | host
var $type; var $type;
// General Settings // General Settings
@ -34,10 +35,10 @@ class account { // This class keeps all needed values for any account
var $general_givenname; // string Givenname (user) var $general_givenname; // string Givenname (user)
var $general_dn; // string DN var $general_dn; // string DN
var $general_group; // string Primary group (user|host) var $general_group; // string Primary group (user|host)
var $general_groupadd; // array(string) Addititional Groups (user|host) is member of var $general_groupadd; // array(string) Addititional Groups (user) is member of
var $general_homedir; // atring Homedirectoy (user) For host it's hardcoded to/dev/null var $general_homedir; // atring Homedirectoy (user) For host it's hardcoded to/dev/null
var $general_shell; // array(string) list off all valid shells (user) hosts are hard-wired to /bin/false var $general_shell; // array(string) list off all valid shells (user) hosts are hard-wired to /bin/false
var $general_gecos; // string, gecos-field (user|roup|host) var $general_gecos; // string, gecos-field (user|group|host)
// Unix Password Settings // Unix Password Settings
var $unix_memberUid; // array Stores all users which are member of group but is not primary group (group) var $unix_memberUid; // array Stores all users which are member of group but is not primary group (group)
var $unix_password; // string for unix-password (user|host) var $unix_password; // string for unix-password (user|host)
@ -64,7 +65,7 @@ class account { // This class keeps all needed values for any account
var $smb_domain; // string Domain of (user|host) or samba3domain-Object var $smb_domain; // string Domain of (user|host) or samba3domain-Object
var $smb_flagsW; // string (1|0) account is host? (user|host) var $smb_flagsW; // string (1|0) account is host? (user|host)
var $smb_flagsD; // string (1|0) account is disabled? (user|host) var $smb_flagsD; // string (1|0) account is disabled? (user|host)
var $smb_flagsX; // string (1|0) password doesn'T expire (user|host) var $smb_flagsX; // string (1|0) password doesn't expire (user|host)
var $smb_mapgroup; // decimal ID for groups var $smb_mapgroup; // decimal ID for groups
var $smb_displayName; // string, description, similar to gecos-field. var $smb_displayName; // string, description, similar to gecos-field.
// Quota Settins // Quota Settins
@ -85,7 +86,11 @@ class account { // This class keeps all needed values for any account
} }
function getshells() { // Return a list of all shells listed in ../config/shells /* Return a list of all shells listed in ../config/shells
* Normally ../config/shells is a symbolic link to /etc/shells
*/
function getshells() {
// Load shells from file
$shells = file($_SESSION['lampath'].'config/shells'); $shells = file($_SESSION['lampath'].'config/shells');
$i=0; $i=0;
while (count($shells) > $i) { while (count($shells) > $i) {
@ -93,14 +98,20 @@ function getshells() { // Return a list of all shells listed in ../config/shells
trim($shells[$i]); trim($shells[$i]);
// remove lineend // remove lineend
$shells[$i] = substr($shells[$i], 0, strpos($shells[$i], "\n")); $shells[$i] = substr($shells[$i], 0, strpos($shells[$i], "\n"));
// unset comments // remove comments
if ($shells[$i]{0}=='#') unset ($shells[$i]); if ($shells[$i]{0}=='#') unset ($shells[$i]);
else $i++; else $i++;
} }
// $shells is array with all valid shells
return $shells; return $shells;
} }
function replace_umlaut($text) { // This function will replace umlates with ascci-chars
/* This function will replace umlates with ascci-chars
* fixme
* In order to map all non-ascii characters this function should be changed
*/
function replace_umlaut($text) {
$aTranslate = array("ä"=>"ae", "Ä"=>"Ae", $aTranslate = array("ä"=>"ae", "Ä"=>"Ae",
"ö"=>"oe", "Ö"=>"Oe", "ö"=>"oe", "Ö"=>"Oe",
"ü"=>"ue", "Ü"=>"Ue", "ü"=>"ue", "Ü"=>"Ue",
@ -109,17 +120,26 @@ function replace_umlaut($text) { // This function will replace umlates with ascc
return strtr($text, $aTranslate); return strtr($text, $aTranslate);
} }
function array_delete($values, $array) { // This function will return all values from $array without values of $values
/* This function will return all values from $array without values of $values
* $values, $array and $return are arrays
*/
function array_delete($values, $array) {
// Loop for every entry and check if it should be removed
if (is_array($array)) {
foreach ($array as $array_value) foreach ($array as $array_value)
if (!@in_array($array_value, $values)) if (!@in_array($array_value, $values))
$return[] = $array_value; $return[] = $array_value;
return $return; return $return;
} }
else return 0;
}
// This function will return a password with max. 8 characters
function genpasswd() { // This function will return a password with max. 8 characters function genpasswd() {
// Allowed Characters to generate passwords // Allowed Characters to generate passwords
// I'Ve removed characters like l and 1 because they are too similar
$LCase = 'abcdefghjkmnpqrstuvwxyz'; $LCase = 'abcdefghjkmnpqrstuvwxyz';
$UCase = 'ABCDEFGHJKMNPQRSTUVWXYZ'; $UCase = 'ABCDEFGHJKMNPQRSTUVWXYZ';
$Integer = '23456789'; $Integer = '23456789';
@ -147,6 +167,7 @@ function genpasswd() { // This function will return a password with max. 8 chara
return $PW; return $PW;
} }
/* THIS FUNCTION GENERATES A RANDOM NUMBER THAT WILL BE USED TO /* THIS FUNCTION GENERATES A RANDOM NUMBER THAT WILL BE USED TO
* RANDOMLY SELECT CHARACTERS FROM THE STRINGS ABOVE * RANDOMLY SELECT CHARACTERS FROM THE STRINGS ABOVE
*/ */
@ -167,20 +188,36 @@ function RndInt($Format){
} }
return $Rnd; return $Rnd;
} // END RndInt() FUNCTION } // END RndInt() FUNCTION
/* RUN THE FUNCTION TO GENERATE RANDOM INTEGERS FOR EACH OF THE
* 8 CHARACTERS IN THE PASSWORD PRODUCED.
*/
function getquotas($type,$user='+') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
// $type = user or group /* Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
// $user = user or groupname if no user or groupname is defined, * $type = 'user' or 'group'
// an array with all quota-enabled partitions is returned in this case all returned values are 0 exept mointpoint[x][0] * $user = user or groupname. If no user or groupname is defined,
* an array with all quota-enabled partitions will be returned in this case all returned values are 0 exept mointpoint[x][0]
*/
function getquotas($type,$user='+') {
// define new object
$return = new account(); $return = new account();
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
/* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='get', type=user|group
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get '; $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get ';
if ($type=='user') $towrite = $towrite.'u'; if ($type=='user') $towrite = $towrite.'u';
else $towrite = $towrite.'g'; else $towrite = $towrite.'g';
exec(escapeshellarg("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals, $status); /* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
*/
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals, $status);
/* $vals is a string which contains a two dimensional array.
* We have to recreate it with explode
*
* $return->quota[][] First array is an index for every chare with active quotas
* second array Contains values for every share:
* mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes,
* soft inode limit, hard inode limit, grace inode period
*/
$vals = explode(':', $vals[0]); $vals = explode(':', $vals[0]);
for ($i=0; $i<sizeof($vals); $i++) { for ($i=0; $i<sizeof($vals); $i++) {
$vals2 = explode(',', $vals[$i]); $vals2 = explode(',', $vals[$i]);
@ -195,16 +232,31 @@ function getquotas($type,$user='+') { // Whis function will return the quotas fr
return $return; return $return;
} }
function setquotas($values,$type,$values_old=false) { // Whis function will set the quotas from the specified user.
// $values = object account with quotas which should be set /* Whis function will set the quotas from the specified user.
// $type: user or group * $values = object account with quotas which should be set
// $values_old = object account if set values and values_old will be compared. Quota will only be changed * $values_old = object account if set values and values_old will be compared. Quota will only be changed
// if values differ * if values differ
*/
function setquotas($values,$values_old=false) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
/* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='set', type=user|group
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$values->general_username.' quota set '; $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$values->general_username.' quota set ';
if ($type=='user') $towrite = $towrite.'u '; if ($values->type=='user') $towrite = $towrite.'u ';
else $towrite = $towrite.'g '; else $towrite = $towrite.'g ';
$i=0; $i=0;
/* Check wich quotas have changed
* Because we can not send an array to lamdaemon.pl we have to put all
* values in a string. ':' sepraeates the first array, ',' the second
*
* $values->quota[][] First array is an index for every chare with active quotas
* second array Contains values for every share:
* mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes,
* soft inode limit, hard inode limit, grace inode period
*/
while ($values->quota[$i][0]) { while ($values->quota[$i][0]) {
if ($values->quota[$i] != $values_old->quota[$i]) { if ($values->quota[$i] != $values_old->quota[$i]) {
$towrite = $towrite. $values->quota[$i][0] .','.$values->quota[$i][2] .','.$values->quota[$i][3] $towrite = $towrite. $values->quota[$i][0] .','.$values->quota[$i][2] .','.$values->quota[$i][3]
@ -212,45 +264,106 @@ function setquotas($values,$type,$values_old=false) { // Whis function will set
} }
$i++; $i++;
} }
if ($i!=0) exec(escapeshellarg("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals); /* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
* only run lamdaemon.pl if quotas are really set, $i!=0
*/
if ($i!=0) exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
} }
function remquotas($user, $type) { // Whis function will remove the quotas from the specified user.
// $user = username of which quta should be deleted /* Whis function will remove the quotas from the specified user.
// $type = user or group * $user = username of which quta should be deleted
* $type = user or group
* Delteing quotas means settings all values to 0 which means no quotas
*/
function remquotas($user, $type) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota set '; /* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='rem', type=user|group
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota rem ';
if ($type=='user') $towrite = $towrite.'u '; if ($type=='user') $towrite = $towrite.'u ';
else $towrite = $towrite.'g '; else $towrite = $towrite.'g ';
/* scriptServer is the IP to remote-host to which lam should connect via ssh
exec(escapeshellarg("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals); * scriptPath is Path to lamdaemon.pl on remote system
*/
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
} }
function addhomedir($user) { // Create Homedirectory /* Create Homedirectory
// $user = username * lamdaemon.pl uses getpwnam on remote system to get homedir path.
// all other needed vars are taken from remotesystem getusrnam * Therefore ldap have to be used on remote system for user accounts
* $user = username
*/
function addhomedir($user) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
/* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='add'
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add'; $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add';
exec(escapeshellarg("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals); /* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
*/
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
} }
function remhomedir($user) { // Remove Homedirectory
// $user = username /* Remove Homedirectory
// all other needed vars are taken from remotesystem getusrnam * lamdaemon.pl uses getpwnam on remote system to get homedir path.
* Therefore ldap have to be used on remote system for user accounts
* This also means you have to remove the homedirectory before the
* account is removed from ldap
* $user = username
*/
function remhomedir($user) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
/* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='rem'
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem'; $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem';
exec(escapeshellarg("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals); /* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
*/
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
} }
function ldapreload($type) { // This function will load an array th cache ldap-requests
/* This function maintains the ldap-cache which is used to reduce ldap requests
* If the array is older than $_SESSION['config']->get_cacheTimeoutSec() it will
* be recreated
*
* $type can be user|group|host.
*
* $_SESSION['xxxxDN'] contains all attributes which are needed very often from
* more than one function
* $_SESSION['xxxx'DN'][0] contains the creation time of the array as unix timestamp.
* All other entries have the following syntax:
* $_SESSION['xxxx'DN'][$dn][$attributes]
* $dn = DN of cached entry
* $attributes = All cached attributes of DN
* The cache contains the following attributes:
* user: cn, uidNumber
* group: cn, gidNumber
* host: cn, uidNumber
*/
function ldapreload($type) {
switch ($type) { switch ($type) {
case 'user': case 'user':
// Do we have to recreate array?
if ((!isset($_SESSION['userDN'])) || ($_SESSION['userDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) { if ((!isset($_SESSION['userDN'])) || ($_SESSION['userDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) {
// Remove old array
if (isset($_SESSION['userDN'])) unset($_SESSION['userDN']); if (isset($_SESSION['userDN'])) unset($_SESSION['userDN']);
// insert timestamp in array
$_SESSION['userDN'][0] = time(); $_SESSION['userDN'][0] = time();
// Search 4 values which should be cached
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(),
'objectClass=posixAccount', array('cn', 'uidNumber'), 0); 'objectClass=posixAccount', array('cn', 'uidNumber'), 0);
// Write search result in array
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result); $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
while ($entry) { while ($entry) {
$dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry)); $dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
@ -264,11 +377,16 @@ function ldapreload($type) { // This function will load an array th cache ldap-r
} }
break; break;
case 'group': case 'group':
// Do we have to recreate array?
if ((!isset($_SESSION['groupDN'])) || ($_SESSION['groupDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) { if ((!isset($_SESSION['groupDN'])) || ($_SESSION['groupDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) {
// Remove old array
if (isset($_SESSION['groupDN'])) unset($_SESSION['groupDN']); if (isset($_SESSION['groupDN'])) unset($_SESSION['groupDN']);
// insert timestamp in array
$_SESSION['groupDN'][0] = time(); $_SESSION['groupDN'][0] = time();
// Search 4 values which should be cached
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(),
'objectClass=posixGroup', array('gidNumber', 'cn'), 0); 'objectClass=posixGroup', array('gidNumber', 'cn'), 0);
// Write search result in array
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result); $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
while ($entry) { while ($entry) {
$dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry)); $dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
@ -282,11 +400,16 @@ function ldapreload($type) { // This function will load an array th cache ldap-r
} }
break; break;
case 'host': case 'host':
// Do we have to recreate array?
if ((!isset($_SESSION['hostDN'])) || ($_SESSION['hostDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) { if ((!isset($_SESSION['hostDN'])) || ($_SESSION['hostDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) {
// Remove old array
if (isset($_SESSION['hostDN'])) unset($_SESSION['hostDN']); if (isset($_SESSION['hostDN'])) unset($_SESSION['hostDN']);
// insert timestamp in array
$_SESSION['hostDN'][0] = time(); $_SESSION['hostDN'][0] = time();
// Search 4 values which should be cached
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_HostSuffix(), $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_HostSuffix(),
'objectClass=posixAccount', array('cn', 'uidNumber'), 0); 'objectClass=posixAccount', array('cn', 'uidNumber'), 0);
// Write search result in array
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result); $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
while ($entry) { while ($entry) {
$dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry)); $dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
@ -304,64 +427,68 @@ function ldapreload($type) { // This function will load an array th cache ldap-r
} }
/* This function will search in cache if the DN already exists
* $values is an account-object
function ldapexists($values, $type, $values_old=false) { // This function will search if the DN already exists * $values_old is an account-object
switch ($type) { * $values_old is needed because we don't want to raise
* an error if the DN allredy exists but is the original DN
*/
function ldapexists($values, $values_old=false) {
switch ($values->type) {
case 'user': case 'user':
// Validate cache-array
ldapreload('user'); ldapreload('user');
$search = 'uid='.$values->general_username; // Entry which we search in ldap ',' is needed to ensure the complete username is checked
$search = 'uid='.$values->general_username.',';
// Get copy of cache-array
$keys = array_keys($_SESSION['userDN']); $keys = array_keys($_SESSION['userDN']);
unset ($keys[0]);
$keys = array_values($keys);
if ( ($values_old->general_username != $values->general_username) &&
($_SESSION['userDN'][0] != $values->general_username)) {
foreach ($keys as $key)
if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type);
}
if ((!$values_old) && ($_SESSION['userDN'][0] != $values->general_username))
foreach ($keys as $key)
if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type);
break; break;
case 'group': case 'group':
// Validate cache-array
ldapreload('group'); ldapreload('group');
$search = 'cn='.$values->general_username; // Entry which we search in ldap ',' is needed to ensure the complete username is checked
$search = 'cn='.$values->general_username.',';
// Get copy of cache-array and
$keys = array_keys($_SESSION['groupDN']); $keys = array_keys($_SESSION['groupDN']);
unset ($keys[0]);
$keys = array_values($keys);
if ( ($values_old->general_username != $values->general_username) &&
($_SESSION['groupDN'][0] != $values->general_username)) {
foreach ($keys as $key)
if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type);
}
if ((!$values_old) && ($_SESSION['groupDN'][0] != $values->general_username))
foreach ($keys as $key)
if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type);
break; break;
case 'host': case 'host':
// Validate cache-array
ldapreload('host'); ldapreload('host');
$search = 'uid='.$values->general_username; // Entry which we search in ldap ',' is needed to ensure the complete username is checked
$search = 'uid='.$values->general_username.',';
// Get copy of cache-array
$keys = array_keys($_SESSION['hostDN']); $keys = array_keys($_SESSION['hostDN']);
break;
}
// Remove timestamp stored in [0]
unset ($keys[0]); unset ($keys[0]);
$keys = array_values($keys); $keys = array_values($keys);
if ( ($values_old->general_username != $values->general_username) && if (!$values_old) {
($_SESSION['hostDN'][0] != $values->general_username)) { // Create new account
// Check if entry allready exists
foreach ($keys as $key) foreach ($keys as $key)
if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); if (strstr($key, $search)) return sprintf (_('%s already exists!'), $values->type);
} }
if ((!$values_old) && ($_SESSION['hostDN'][0] != $values->general_username)) // edit existing account and don't create a new one
else if ($values_old->general_username != $values->general_username) {
foreach ($keys as $key) foreach ($keys as $key)
if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); if (strstr($key, $search)) return sprintf (_('%s already exists!'), $values->type);
break;
} }
return 0; return 0;
} }
function findgroups() { // Will return an array with all Groupnames found in LDAP /* This function will return an array with all groupnames
* found in ldap. Groupnames are taken from cache-array.
*/
function findgroups() {
// Validate cache-array
ldapreload('group'); ldapreload('group');
// Get copy of cache-array
$groups = $_SESSION['groupDN']; $groups = $_SESSION['groupDN'];
// Remove timestamp stored in [0]
unset ($groups[0]); unset ($groups[0]);
// Create and sort array
foreach ($groups as $group) { foreach ($groups as $group) {
$return[] = $group['cn']; $return[] = $group['cn'];
} }
@ -370,168 +497,244 @@ function findgroups() { // Will return an array with all Groupnames found in LDA
} }
function getgid($groupname) { // Will return the the gid to an existing Groupname /* This function will return the gidNumber to an existing groupname
* gidNumbers are taken from cache-array
*/
function getgid($groupname) {
// Validate cache-array
ldapreload('group'); ldapreload('group');
// Get copy of cache-array
$keys = $_SESSION['groupDN']; $keys = $_SESSION['groupDN'];
// Remove timestamp stored in [0]
unset ($keys[0]); unset ($keys[0]);
// Return gidNumber as soon as it's found
foreach ($keys as $key) { foreach ($keys as $key) {
if ($key['cn']==$groupname) return $key['uidNumber']; if ($key['cn']==$groupname) return $key['uidNumber'];
} }
// return -1 if groupname isn't found
return -1; return -1;
} }
/* This function will return an unuesed id-number if $values->general_uidNumber is not set and $values_old is false
function checkid($values, $type, $values_old=false) { // if value is empty will return an unused id from all ids found in LDAP else check existing value * If values_old is true and $values->general_uidNumber is not set the original id-number is returned
switch ($type) { * If $values->general_uidNumber is set id-number is checked. If it's allready in use an error will be reported
* id-numbers are taken from cache-array
* $values and $values_old are account objects
* Return-Values is an integer id-number or an string-error
*/
function checkid($values, $values_old=false) {
switch ($values->type) {
case 'user': case 'user':
/* Validate cache-array
* Because users and hosts are using the same id-numbers we have to merge
* both cache-arrays
*/
ldapreload('user'); ldapreload('user');
ldapreload('host'); ldapreload('host');
// Load all needed variables from session
$minID = intval($_SESSION['config']->get_minUID()); $minID = intval($_SESSION['config']->get_minUID());
$maxID = intval($_SESSION['config']->get_maxUID()); $maxID = intval($_SESSION['config']->get_maxUID());
$suffix = $_SESSION['config']->get_UserSuffix(); $suffix = $_SESSION['config']->get_UserSuffix();
$keys = $_SESSION['userDN']; // load and merge arrays
unset ($keys[0]);
$keys = array_values($keys); $temp = $_SESSION['userDN'];
$keys2 = $_SESSION['hostDN']; // Remove timestamp stored in [0]
unset ($keys2[0]); unset ($temp[0]);
$keys2 = array_values($keys2); // put only uidNumbers in array
foreach ($temp as $key) $uids[] = $key['uidNumber'];
$temp = $_SESSION['hostDN'];
break; break;
case 'group': case 'group':
// Validate cache-array
ldapreload('group'); ldapreload('group');
// Load all needed variables from session
$minID = intval($_SESSION['config']->get_MinGID()); $minID = intval($_SESSION['config']->get_MinGID());
$maxID = intval($_SESSION['config']->get_MaxGID()); $maxID = intval($_SESSION['config']->get_MaxGID());
$suffix = $_SESSION['config']->get_GroupSuffix(); $suffix = $_SESSION['config']->get_GroupSuffix();
$keys = $_SESSION['groupDN']; // Get copy of cache-array
unset ($keys[0]); $temp = $_SESSION['groupDN'];
$keys = array_values($keys);
break; break;
case 'host': case 'host':
/* Validate cache-array
* Because users and hosts are using the same id-numbers we have to merge
* both cache-arrays
*/
ldapreload('user'); ldapreload('user');
ldapreload('host'); ldapreload('host');
$minID = intval($_SESSION['config']->get_MinMachine()); // Load all needed variables from session
$maxID = intval($_SESSION['config']->get_MaxMachine()); $minID = intval($_SESSION['config']->get_minUID());
$suffix = $_SESSION['config']->get_HostSuffix(); $maxID = intval($_SESSION['config']->get_maxUID());
$keys = $_SESSION['hostDN']; $suffix = $_SESSION['config']->get_UserSuffix();
unset ($keys[0]); // load and merge arrays
$keys = array_values($keys);
$keys2 = $_SESSION['userDN']; $temp = $_SESSION['userDN'];
unset ($keys2[0]); // Remove timestamp stored in [0]
$keys2 = array_values($keys2); unset ($temp[0]);
// put only uidNumbers in array
foreach ($temp as $key) $uids[] = $key['uidNumber'];
$temp = $_SESSION['hostDN'];
break; break;
} }
// Store all used UIDs in Array // Remove timestamp stored in [0]
if (isset($keys2)) foreach ($keys2 as $key) $keys3[] = $key['uidNumber']; unset ($temp[0]);
foreach ($keys as $key) $keys3[] = $key['uidNumber']; // put only uidNumbers in array
sort ($keys3, SORT_NUMERIC); foreach ($temp as $key) $uids[] = $key['uidNumber'];
// sort array with uids
if(is_array($uids)) sort ($uids, SORT_NUMERIC);
if ($values->general_uidNumber=='') { if ($values->general_uidNumber=='') {
// No id-number given
if (!isset($values_old->general_uidNumber)) { if (!isset($values_old->general_uidNumber)) {
if ($keys) { // new account -> we have to find a free id-number
foreach ($keys as $key) if (count($uids)!=0) {
if ($key['uidNumber'] > $id) $id = $key['uidNumber']; // There are some uids
if ($id < $maxID) { // Check if Id is not used by host<->user // Store highest id-number
if (!isset($keys2)) return intval($id+1); // keys2 is not set 4 groups $id = $uids[count($uids)-1];
else { // Return higesht used id-number + 1 if it's still in valid range
$id++; if ($id < $maxID) return intval($id)+1;
while (!in_array($id, $keys3)) $id++; // Return minimum allowed id-number if all found id-numbers are too low
if ($id < $maxID) return intval($id); if ($id < $minID) return intval($minID);
} /* If this function is still running we have to fid a free id-number between
} * the used id-numbers
if ($id < $minID) { // Check if id is not used by host<->user */
if (!isset($keys2)) return intval($minID); // keys2 is not set 4 groups
else {
$id = $minID;
while (!in_array($id, $keys3)) $id++;
if ($id < $maxID) return intval($id);
}
}
$i = intval($minID); $i = intval($minID);
while (in_array($i, $keys3)) $i++; while (in_array($i, $uids)) $i++;
if ($i>$maxID) return _('No free ID-Number!'); if ($i>$maxID) return _('No free ID-Number!');
else return $i; else return $i;
} }
else $useID = $minID; else return intval($minID);
return intval($useID); // return minimum allowed id-number if no id-numbers are found
}
else return intval($values_old->general_uidNumber);
// old account -> return id-number which has been used
} }
else { else {
return intval($values_old->general_uidNumber);
}
}
// Check manual ID // Check manual ID
// id-number is out of valid range
if ( $values->general_uidNumber < $minID || $values->general_uidNumber > $maxID) return sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID); if ( $values->general_uidNumber < $minID || $values->general_uidNumber > $maxID) return sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID);
if ((in_array($values->general_uidNumber, $keys3)) && !$values_old) return _('ID is already in use'); // $uids is allways an array but not if no entries were found
if ((in_array($values->general_uidNumber, $keys3)) && $values_old && ($values_old->general_uidNumber != $values->general_uidNumber) ) if (is_array($uids)) {
// id-number is in use and account is a new account
if ((in_array($values->general_uidNumber, $uids)) && !$values_old) return _('ID is already in use');
// id-number is in use, account is existing account and id-number is not used by itself
if ((in_array($values->general_uidNumber, $uids)) && $values_old && ($values_old->general_uidNumber != $values->general_uidNumber) )
return _('ID is already in use'); return _('ID is already in use');
}
// return id-number if everything is OK
return intval($values->general_uidNumber); return intval($values->general_uidNumber);
} }
}
function getdays() { // will return the days from 1.1.1970 until now
// This function will return the days from 1.1.1970 until now
function getdays() {
$days = time() / 86400; $days = time() / 86400;
settype($days, 'integer'); settype($days, 'integer');
return $days; return $days;
} }
function smbflag($values) { // Creates te attribute attrFlags
/* This function creates all attributes stored in attrFlags. It's the same
* syntax used in smbpasswd
* $values is an account-object
* Return value is a string
*/
function smbflag($values) {
// Start character
$flag = "["; $flag = "[";
// Add Options
if ($values->smb_flagsW) $flag = $flag . "W"; else $flag = $flag . "U"; if ($values->smb_flagsW) $flag = $flag . "W"; else $flag = $flag . "U";
if ($values->smb_flagsD) $flag = $flag . "D"; if ($values->smb_flagsD) $flag = $flag . "D";
if ($values->smb_flagsX) $flag = $flag . "X"; if ($values->smb_flagsX) $flag = $flag . "X";
// Expand string to fixed length
$flag = str_pad($flag, 12); $flag = str_pad($flag, 12);
// End character
$flag = $flag. "]"; $flag = $flag. "]";
return $flag; return $flag;
} }
function loaduser($dn) { // Will load all needed values from an existing account
/* This function will load all needed values from an existing account
* $dn is the dn(string) of the user which should be loaded
* return-value is an account-object
*/
function loaduser($dn) {
// Create new object
$return = new account(); $return = new account();
// Set type of account
$return->type='user'; $return->type='user';
// Load userattributes from ldap
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount"); $result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result); $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
$return->general_dn = ldap_get_dn($_SESSION['ldap']->server(), $entry); $return->general_dn = ldap_get_dn($_SESSION['ldap']->server(), $entry);
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry); $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if (isset($attr['uid'][0])) $return->general_username = $attr['uid'][0]; /* Write attributes into $return.
if (isset($attr['uidNumber'][0])) $return->general_uidNumber = $attr['uidNumber'][0]; * Some values don't have to be set. These are only loaded if they are set
if (isset($attr['homeDirectory'][0])) $return->general_homedir = $attr['homeDirectory'][0]; */
$return->general_username = $attr['uid'][0];
$return->general_uidNumber = $attr['uidNumber'][0];
$return->general_homedir = $attr['homeDirectory'][0];
if (isset($attr['shadowLastChange'][0])) $return->unix_shadowLastChange = $attr['shadowLastChange'][0]; if (isset($attr['shadowLastChange'][0])) $return->unix_shadowLastChange = $attr['shadowLastChange'][0];
if (isset($attr['loginShell'][0])) $return->general_shell = $attr['loginShell'][0]; if (isset($attr['loginShell'][0])) $return->general_shell = $attr['loginShell'][0];
if (isset($attr['gecos'][0])) $return->general_gecos = $attr['gecos'][0]; if (isset($attr['gecos'][0])) $return->general_gecos = utf8_decode($attr['gecos'][0]);
// get groupname // get groupname
if (isset($attr['gidNumber'][0])) { // Validate cache-array
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "objectclass=PosixGroup", array('gidNumber', 'cn')); ldapreload('group');
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result); // Get copy of cache-array
while ($entry) { $groupDN_local = $_SESSION['groupDN'];
$attr2 = ldap_get_attributes($_SESSION['ldap']->server(), $entry); // Remove timestamp stored in [0]
if ($attr2['gidNumber'][0]==$attr['gidNumber'][0]) $return->general_group = $attr2['cn'][0]; unset ($groupDN_local[0]);
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry); // Now we only have an array with DNs
$groupDN_local = array_keys($groupDN_local);
$i=0;
// Loop until we've found the right uidNumber
while (!isset($return->general_group) && isset($_SESSION['groupDN'][$groupDN_local[$i]]['uidNumber'])) {
if ($_SESSION['groupDN'][$groupDN_local[$i]]['uidNumber'] == $attr['gidNumber'][0]) {
// We've found the correct entry. Now we need the groupname
// Get end position (',')
$end = strpos($groupDN_local[$i], ',');
// start position is allways 3 (cn=...)
// Get groupname from dn
$return->general_group = substr($groupDN_local[$i], 3, $end-3);
} }
// Increase loop-variable if entry wasn't found
else $i++;
} }
// get all additional groupmemberships // get all additional groupmemberships
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "objectclass=PosixGroup", array('memberUid', 'cn')); // load all groups which have memberUid set to the username which should be loaded
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "memberUid=".$attr['uid'][0], array('cn'));
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result); $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
// loop for every group
while ($entry) { while ($entry) {
$attr2 = ldap_get_attributes($_SESSION['ldap']->server(), $entry); $attr2 = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if ($attr2['memberUid']) foreach ($attr2['memberUid'] as $id) // Add groupnames to array
if (($id==$return->general_username) && ($attr2['cn'][0]!=$return->general_group)) $return->general_groupadd[]=$attr2['cn'][0]; if ($attr2['cn'][0]!=$return->general_group) $return->general_groupadd[]=$attr2['cn'][0];
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry); $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
} }
/* Write attributes into $return.
* Some values don't have to be set. These are only loaded if they are set
*/
if (isset($attr['shadowMin'][0])) $return->unix_pwdminage = $attr['shadowMin'][0]; if (isset($attr['shadowMin'][0])) $return->unix_pwdminage = $attr['shadowMin'][0];
if (isset($attr['shadowMax'][0])) $return->unix_pwdmaxage = $attr['shadowMax'][0]; if (isset($attr['shadowMax'][0])) $return->unix_pwdmaxage = $attr['shadowMax'][0];
if (isset($attr['shadowWarning'][0])) $return->unix_pwdwarn = $attr['shadowWarning'][0]; if (isset($attr['shadowWarning'][0])) $return->unix_pwdwarn = $attr['shadowWarning'][0];
if (isset($attr['shadowInactive'][0])) $return->unix_pwdallowlogin = $attr['shadowInactive'][0]; if (isset($attr['shadowInactive'][0])) $return->unix_pwdallowlogin = $attr['shadowInactive'][0];
if (isset($attr['shadowExpire'][0])) $return->unix_pwdexpire = $attr['shadowExpire'][0]*86400; if (isset($attr['shadowExpire'][0])) $return->unix_pwdexpire = $attr['shadowExpire'][0]*86400;
// load hosts // load hosts attributes if set
$i=0; $i=0;
while (isset($attr['host'][$i])) { while (isset($attr['host'][$i])) {
if ($i==0) $return->unix_host = $attr['host'][$i]; if ($i==0) $return->unix_host = $attr['host'][$i];
else $return->unix_host = $return->unix_host . ', ' . $attr['host'][$i]; else $return->unix_host = $return->unix_host . ', ' . $attr['host'][$i];
$i++; $i++;
} }
$i=0;
// load objectclasses
$i=0;
while (isset($attr['objectClass'][$i])) { while (isset($attr['objectClass'][$i])) {
$return->general_objectClass[$i] = $attr['objectClass'][$i]; $return->general_objectClass[$i] = $attr['objectClass'][$i];
$i++; $i++;
@ -553,13 +756,18 @@ function loaduser($dn) { // Will load all needed values from an existing account
if (isset($attr['userPassword'][0])) { if (isset($attr['userPassword'][0])) {
$return->unix_password = $attr['userPassword'][0]; $return->unix_password = $attr['userPassword'][0];
$return->unix_deactivated=$_SESSION['ldap']->pwd_is_enabled($attr['userPassword'][0]); $return->unix_deactivated=pwd_is_enabled($attr['userPassword'][0]);
} }
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]); if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
// sambaSamAccount (Samba3) is used.
if (in_array('sambaSamAccount', $attr['objectClass'])) { if (in_array('sambaSamAccount', $attr['objectClass'])) {
/* Write attributes into $return.
* Some values don't have to be set. These are only loaded if they are set
*/
if (isset($attr['sambaAcctFlags'][0])) { if (isset($attr['sambaAcctFlags'][0])) {
if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true; // a user is no workstation
$return->smb_flagsW=false;
if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return->smb_flagsD=true; if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flagsX=true; if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flagsX=true;
} }
@ -574,6 +782,7 @@ function loaduser($dn) { // Will load all needed values from an existing account
if (isset($attr['sambaNTPassword'][0])) $return->smb_password = $attr['sambaNTPassword'][0]; if (isset($attr['sambaNTPassword'][0])) $return->smb_password = $attr['sambaNTPassword'][0];
if (isset($attr['sambaDomainName'][0])) { if (isset($attr['sambaDomainName'][0])) {
if ($_SESSION['config']->samba3=='yes') { if ($_SESSION['config']->samba3=='yes') {
// store smb_domain as samba3domain-Object
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix()); $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
$i=0; $i=0;
while ($i!=-1) { while ($i!=-1) {
@ -584,22 +793,24 @@ function loaduser($dn) { // Will load all needed values from an existing account
else $i++; else $i++;
} }
} }
else { // store smb_domain as string
$return->smb_domain = $attr['sambaDomainName']; else $return->smb_domain = $attr['sambaDomainName'];
}
} }
if (isset($attr['sambaPrimaryGroupSID'][0])) { if (isset($attr['sambaPrimaryGroupSID'][0])) {
if ($_SESSION['config']->samba3=='yes') if ($_SESSION['config']->samba3=='yes')
// store "real" SID if we want to save user as samba3 entry
$return->smb_mapgroup = $attr['sambaPrimaryGroupSID'][0]; $return->smb_mapgroup = $attr['sambaPrimaryGroupSID'][0];
// store "calculated" id if we want to save user as samba2.2 entry
else $return->smb_mapgroup = 2*$attr['gidNumber'][0]+1001; else $return->smb_mapgroup = 2*$attr['gidNumber'][0]+1001;
} }
// return value to prevent loaded values to be overwritten from old samba 2.2 attributes // return value to prevent loaded values to be overwritten from old samba 2.2 attributes
if ($_SESSION['config']->is_samba3()) return $return; if ($_SESSION['config']->is_samba3()) return $return;
} }
// sambaSamAccount (Samba2.2) is used.
if (in_array('sambaAccount', $attr['objectClass'])) { if (in_array('sambaAccount', $attr['objectClass'])) {
if (isset($attr['acctFlags'][0])) { if (isset($attr['acctFlags'][0])) {
if (strrpos($attr['acctFlags'][0], 'W')) $return->smb_flagsW=true; $return->smb_flagsW=false;
if (strrpos($attr['acctFlags'][0], 'D')) $return->smb_flagsD=true; if (strrpos($attr['acctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['acctFlags'][0], 'X')) $return->smb_flagsX=true; if (strrpos($attr['acctFlags'][0], 'X')) $return->smb_flagsX=true;
} }
@ -613,21 +824,27 @@ function loaduser($dn) { // Will load all needed values from an existing account
if (isset($attr['userWorkstations'][0])) $return->smb_smbuserworkstations = $attr['userWorkstations'][0]; if (isset($attr['userWorkstations'][0])) $return->smb_smbuserworkstations = $attr['userWorkstations'][0];
if (isset($attr['domain'][0])) { if (isset($attr['domain'][0])) {
if ($_SESSION['config']->samba3=='yes') { if ($_SESSION['config']->samba3=='yes') {
// store smb_domain as samba3domain-Object
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix()); $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
for ($i=0; $i<sizeof($samba3domains); $i++) for ($i=0; $i<sizeof($samba3domains); $i++)
if ($attr['domain'][0] == $samba3domains[$i]->name) $return->smb_domain = $samba3domains[$i]; if ($attr['domain'][0] == $samba3domains[$i]->name) $return->smb_domain = $samba3domains[$i];
} }
// store smb_domain as string
else $return->smb_domain = $attr['domain'][0]; else $return->smb_domain = $attr['domain'][0];
} }
if (isset($attr['primaryGroupID'][0])) { if (isset($attr['primaryGroupID'][0])) {
if ($_SESSION['config']->samba3=='yes') if ($_SESSION['config']->samba3=='yes')
// store "real" SID if we want to save user as samba3 entry
$return->smb_mapgroup = $return->smb_domain->SID. '-' . (2*$attr['primaryGroupID'][0]+1); $return->smb_mapgroup = $return->smb_domain->SID. '-' . (2*$attr['primaryGroupID'][0]+1);
// store "calculated" id if we want to save user as samba2.2 entry
else $return->smb_mapgroup = $attr['primaryGroupID'][0]; else $return->smb_mapgroup = $attr['primaryGroupID'][0];
} }
} }
return $return; return $return;
} }
function loadhost($dn) { // Will load all needed values from an existing account function loadhost($dn) { // Will load all needed values from an existing account
$return = new account(); $return = new account();
$return->type='host'; $return->type='host';
@ -646,7 +863,7 @@ function loadhost($dn) { // Will load all needed values from an existing account
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]); if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
if (isset($attr['userPassword'][0])) { if (isset($attr['userPassword'][0])) {
$return->unix_password = $attr['userPassword'][0]; $return->unix_password = $attr['userPassword'][0];
$return->unix_deactivated=$_SESSION['ldap']->pwd_is_enabled($attr['userPassword'][0]); $return->unix_deactivated=pwd_is_enabled($attr['userPassword'][0]);
} }
// Get Groupname // Get Groupname
@ -784,8 +1001,8 @@ function createuser($values) { // Will create the LDAP-Account
} }
else { else {
if (file_exists($_SESSION['lampath'].'lib/createntlm.pl')) { // masscreate.php is at a different relative path if (file_exists($_SESSION['lampath'].'lib/createntlm.pl')) { // masscreate.php is at a different relative path
$attr['sambaNTPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password)); $attr['sambaNTPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
$attr['sambaLMPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password)); $attr['sambaLMPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
} }
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may $attr['sambaPwdLastSet'] = time(); // sambaAccount_may
} }
@ -812,8 +1029,8 @@ function createuser($values) { // Will create the LDAP-Account
$attr['pwdLastSet'] = time(); // sambaAccount_may $attr['pwdLastSet'] = time(); // sambaAccount_may
} }
else { else {
$attr['ntPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password)); $attr['ntPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
$attr['lmPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password)); $attr['lmPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
$attr['pwdLastSet'] = time(); // sambaAccount_may $attr['pwdLastSet'] = time(); // sambaAccount_may
} }
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
@ -877,7 +1094,7 @@ function createuser($values) { // Will create the LDAP-Account
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr); $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
if (!$success) return 4; if (!$success) return 4;
if ($_SESSION['config']->scriptServer) { if ($_SESSION['config']->scriptServer) {
if (is_array($values->quota)) setquotas($values,'user'); if (is_array($values->quota)) setquotas($values);
addhomedir($values->general_username); addhomedir($values->general_username);
} }
// Add User to Additional Groups // Add User to Additional Groups
@ -993,8 +1210,8 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
} }
else else
if ($values->smb_password!='') { if ($values->smb_password!='') {
$attr['sambaNTPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password)); $attr['sambaNTPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
$attr['sambaLMPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password)); $attr['sambaLMPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may $attr['sambaPwdLastSet'] = time(); // sambaAccount_may
} }
if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
@ -1024,8 +1241,8 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
} }
else else
if ($values->smb_password!='') { if ($values->smb_password!='') {
$attr['ntPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password)); $attr['ntPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
$attr['lmPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password)); $attr['lmPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
$attr['pwdLastSet'] = time(); // sambaAccount_may $attr['pwdLastSet'] = time(); // sambaAccount_may
} }
if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['pwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['pwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
@ -1298,7 +1515,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
} }
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry); $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
} }
if ($_SESSION['config']->scriptServer && is_array($values->quota) ) setquotas($values,'user',$values_old); if ($_SESSION['config']->scriptServer && is_array($values->quota) ) setquotas($values,$values_old);
if ((isset($_SESSION['userDN']))) { if ((isset($_SESSION['userDN']))) {
if ($values->general_dn != $values_old->general_dn) { if ($values->general_dn != $values_old->general_dn) {
unset ($_SESSION['userDN'][$values_old->general_dn]); unset ($_SESSION['userDN'][$values_old->general_dn]);
@ -1628,11 +1845,11 @@ function creategroup($values) { // Will create the LDAP-Group
$attr['sambaGroupType'] = '2'; $attr['sambaGroupType'] = '2';
if ($values->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName); if ($values->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName);
} }
foreach ($values->unix_memberUid as $user) if (is_array($values->unix_memberUid)) foreach ($values->unix_memberUid as $user)
$attr['memberUid'][] = $user; $attr['memberUid'][] = $user;
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr); $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
if (!$success) return 4; if (!$success) return 4;
if ($_SESSION['config']->scriptServer && is_array($values->quota)) setquotas($values,'group'); if ($_SESSION['config']->scriptServer && is_array($values->quota)) setquotas($values);
// Add entry to cache-array // Add entry to cache-array
if ((isset($_SESSION['groupDN']))) { if ((isset($_SESSION['groupDN']))) {
$_SESSION['groupDN'][$values->general_dn]['cn'] = $values->general_username; $_SESSION['groupDN'][$values->general_dn]['cn'] = $values->general_username;
@ -1718,7 +1935,7 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
} }
} }
if (!$success) return 5; if (!$success) return 5;
if ($_SESSION['config']->scriptServer && is_array($values->quota)) setquotas($values,'group',$values_old); if ($_SESSION['config']->scriptServer && is_array($values->quota)) setquotas($values,$values_old);
if ((isset($_SESSION['groupDN']))) { // refresh group-cache array if ((isset($_SESSION['groupDN']))) { // refresh group-cache array
if ($values->general_dn != $values_old->general_dn) { if ($values->general_dn != $values_old->general_dn) {
unset ($_SESSION['groupDN'][$values_old->general_dn]); unset ($_SESSION['groupDN'][$values_old->general_dn]);