From 7f6574af8c36044b44b31cf2f81a46a3296becb8 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sat, 31 Dec 2016 10:43:31 +0100 Subject: [PATCH 1/5] move reading of suffix list --- lam/docs/devel/upgrade.htm | 12 ++++++++++-- lam/lib/baseType.inc | 11 ++++++++++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/lam/docs/devel/upgrade.htm b/lam/docs/devel/upgrade.htm index f867206a..8e40fefe 100644 --- a/lam/docs/devel/upgrade.htm +++ b/lam/docs/devel/upgrade.htm @@ -19,6 +19,7 @@ + @@ -48,8 +49,15 @@ This is a list of API changes for all LAM releases.

5.5 -> 5.6

-Functions in lib/types.inc got namespace LAM/TYPES (e.g. getTypeAlias()).
-New API to access configured account types: LAM\TYPES\TypeManager.
+ +

5.4 -> 5.5

Functions Ldap::encrypt/decrypt in ldap.inc moved to lamEncrypt/lamDecrypt in security.inc.

diff --git a/lam/lib/baseType.inc b/lam/lib/baseType.inc index ef208bf1..cf093870 100644 --- a/lam/lib/baseType.inc +++ b/lam/lib/baseType.inc @@ -129,6 +129,15 @@ class baseType { return null; } + /** + * Returns the LDAP filter to find the possible suffixes for this account type. + * + * @return string LDAP filter + */ + public function getSuffixFilter() { + return "(|(objectClass=organizationalunit)(objectClass=country)(objectClass=organization)(objectClass=krbRealmContainer)(objectClass=container))"; + } + /** * Returns a list of LDAP suffixes for this type. * @@ -144,7 +153,7 @@ class baseType { $connection = $_SESSION['ldapHandle']; } $ret = array(); - $filter = "(|(objectClass=organizationalunit)(objectClass=country)(objectClass=organization)(objectClass=krbRealmContainer)(objectClass=container))"; + $filter = $this->getSuffixFilter(); $sr = @ldap_search($connection, escapeDN($suffix),$filter , array('dn', 'objectClass'), 0, 0, 0, LDAP_DEREF_NEVER); if ($sr) { $units = ldap_get_entries($connection, $sr); From b408538403cb817cf4ca99991a85979a3fbc3a4e Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sat, 31 Dec 2016 10:55:56 +0100 Subject: [PATCH 2/5] getSuffixList() no longer supports self service --- lam/lib/baseType.inc | 12 +++--------- lam/lib/modules/inetOrgPerson.inc | 8 +++++++- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lam/lib/baseType.inc b/lam/lib/baseType.inc index cf093870..b1d2a171 100644 --- a/lam/lib/baseType.inc +++ b/lam/lib/baseType.inc @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2005 - 2014 Roland Gruber + Copyright (C) 2005 - 2016 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -144,14 +144,8 @@ class baseType { * @return array sorted list of possible suffixes for this type. */ public function getSuffixList() { - if (isset($_SESSION["config"])) { - $suffix = $_SESSION["config"]->get_Suffix(get_class($this)); - $connection = $_SESSION["ldap"]->server(); - } - else { - $suffix = $_SESSION['selfServiceProfile']->LDAPSuffix; - $connection = $_SESSION['ldapHandle']; - } + $suffix = $_SESSION["config"]->get_Suffix(get_class($this)); + $connection = $_SESSION["ldap"]->server(); $ret = array(); $filter = $this->getSuffixFilter(); $sr = @ldap_search($connection, escapeDN($suffix),$filter , array('dn', 'objectClass'), 0, 0, 0, LDAP_DEREF_NEVER); diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc index 15df66e0..4bf5ef80 100644 --- a/lam/lib/modules/inetOrgPerson.inc +++ b/lam/lib/modules/inetOrgPerson.inc @@ -2809,7 +2809,13 @@ class inetOrgPerson extends baseModule implements passwordService { } else { $userObj = new user(); - $ouList = $userObj->getSuffixList(); + $filter = $userObj->getSuffixFilter(); + $suffix = $_SESSION['selfServiceProfile']->LDAPSuffix; + $foundOus = searchLDAPPaged($_SESSION['ldapHandle'], $suffix, $filter, array('dn'), false, 0); + $ouList = array(); + foreach ($foundOus as $foundOu) { + $ouList[] = $foundOu['dn']; + } if (!empty($attributes['ou'][0]) && !in_array($attributes['ou'][0], $ouList)) { $ouList[] = $attributes['ou'][0]; usort($ouList, 'compareDN'); From ccc2721f51690972e731e9b533b9a859a9840d25 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sat, 31 Dec 2016 11:00:47 +0100 Subject: [PATCH 3/5] formatting --- lam/lib/modules.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc index 1c956c0b..08ed0d4c 100644 --- a/lam/lib/modules.inc +++ b/lam/lib/modules.inc @@ -812,7 +812,7 @@ class accountContainer { */ function get_type() { return $this->type; - } + } /** * This function is called when the user clicks on any button on the account pages. From 702752295073d6fadd215d09905c3a5c07eaba4e Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sat, 31 Dec 2016 11:13:36 +0100 Subject: [PATCH 4/5] new type API --- lam/lib/modules/nisMailAliasUser.inc | 63 ++++++++++++++++------------ lam/lib/types.inc | 17 ++++++++ 2 files changed, 53 insertions(+), 27 deletions(-) diff --git a/lam/lib/modules/nisMailAliasUser.inc b/lam/lib/modules/nisMailAliasUser.inc index 12931565..a9b8a421 100644 --- a/lam/lib/modules/nisMailAliasUser.inc +++ b/lam/lib/modules/nisMailAliasUser.inc @@ -36,7 +36,7 @@ class nisMailAliasUser extends baseModule { /** alias cache */ private $cachedAliasList = null; - + /** recipient entries to delete (list of arrays: dn => attributes) */ private $recipientsToDelete = array(); /** complete alias entries to delete */ @@ -45,10 +45,10 @@ class nisMailAliasUser extends baseModule { private $aliasesToAdd = array(); /** alias entries to extend with new recipients (list of arrays: dn => recipients) */ private $recipientsToAdd = array(); - + /** * Returns true if this module can manage accounts of the current type, otherwise false. - * + * * @return boolean true if module fits */ public function can_manage() { @@ -59,7 +59,7 @@ class nisMailAliasUser extends baseModule { * Returns meta data that is interpreted by parent class * * @return array array with meta data - * + * * @see baseModule::get_metaData() */ function get_metaData() { @@ -122,7 +122,7 @@ class nisMailAliasUser extends baseModule { /** * Returns the HTML meta data for the main account page. - * + * * @return htmlElement HTML meta data */ function display_html_attributes() { @@ -247,10 +247,10 @@ class nisMailAliasUser extends baseModule { } return $errors; } - + /** * Removes a recipient from the given DN. - * + * * @param String $recipient recipient as user name or email * @param String $dn alias DN */ @@ -300,7 +300,7 @@ class nisMailAliasUser extends baseModule { /** * Removes an alias with the given DN. - * + * * @param String $dn alias DN */ private function deleteAlias($dn) { @@ -324,10 +324,10 @@ class nisMailAliasUser extends baseModule { unset($this->recipientsToDelete[$dn]); } } - + /** * Returns the HTML meta data for the add page. - * + * * @return htmlElement HTML meta data */ function display_html_add() { @@ -357,9 +357,18 @@ class nisMailAliasUser extends baseModule { $return->addElement(new htmlHiddenInput('recipient', $recipient), true); // new mail alias $return->addElement(new htmlSubTitle(_('Create new alias')), true); - $typeObj = new mailAlias(); - $ous = $typeObj->getSuffixList(); - $return->addElement(new htmlTableExtendedSelect('new_ou', $ous, array(), _('Suffix'), 'suffix'), true); + $typeManager = new \LAM\TYPES\TypeManager(); + $mailAliasTypes = $typeManager->getConfiguredTypesForScope('mailAlias'); + $ous = array(); + foreach ($mailAliasTypes as $type) { + $ous = array_merge($ous, $type->getBaseType()->getSuffixList()); + } + $ous = array_unique($ous); + usort($ous, 'compareDN'); + $suffixSelect = new htmlTableExtendedSelect('new_ou', $ous, array(), _('Suffix'), 'suffix'); + $suffixSelect->setRightToLeftTextDirection(true); + $suffixSelect->setSortElements(false); + $return->addElement($suffixSelect, true); $newAliasCn = empty($_POST['new_cn']) ? '' : $_POST['new_cn']; $return->addElement(new htmlTableExtendedInputField(_('Alias name'), 'new_cn', $newAliasCn, 'newAlias'), true); $return->addVerticalSpace('5px'); @@ -367,9 +376,9 @@ class nisMailAliasUser extends baseModule { $addButton->setIconClass('createButton'); $addButton->colspan = 5; $return->addElement($addButton, true); - + $return->addVerticalSpace('20px'); - + // add to existing alias $return->addElement(new htmlSubTitle(_('Add to existing alias')), true); $aliasesToAdd = array(); @@ -388,7 +397,7 @@ class nisMailAliasUser extends baseModule { $addButton->setIconClass('createButton'); $addButton->colspan = 5; $return->addElement($addButton, true); - + $return->addElement(new htmlEqualWidth(array('new_ou', 'new_cn', 'ex_cn'))); return $return; } @@ -446,13 +455,13 @@ class nisMailAliasUser extends baseModule { } } } - + return $errors; } - + /** * Allows the module to run commands after the LDAP entry is changed or created. - * + * * Calling this method requires the existence of an enclosing {@link accountContainer}. * * @param boolean $newAccount new account @@ -545,7 +554,7 @@ class nisMailAliasUser extends baseModule { /** * Returns a list of configuration options. - * + * * Calling this method does not require the existence of an enclosing {@link accountContainer}.
*
* The field names are used as keywords to load and save settings. @@ -554,7 +563,7 @@ class nisMailAliasUser extends baseModule { * @param array $scopes account types (user, group, host) * @param array $allScopes list of all active account modules and their scopes (module => array(scopes)) * @return mixed htmlElement or array of htmlElement - * + * * @see baseModule::get_metaData() * @see htmlElement */ @@ -584,10 +593,10 @@ class nisMailAliasUser extends baseModule { $this->cachedAliasList = searchLDAPByAttribute('cn', '*', 'nisMailAlias', array('dn', 'cn', 'rfc822MailMember'), array('mailAlias')); return $this->cachedAliasList; } - + /** * Returns the user name of this account. - * + * * @return String user name */ private function getUserName() { @@ -605,10 +614,10 @@ class nisMailAliasUser extends baseModule { } return null; } - + /** * Returns the email addresses of this account. - * + * * @return String mail addresses */ private function getMailAddresses() { @@ -620,10 +629,10 @@ class nisMailAliasUser extends baseModule { } return null; } - + /** * Returns if the mail alias type is active. Otherwise, aliases cannot be managed. - * + * * @return boolean is active */ private function isMailAliasTypeActive() { diff --git a/lam/lib/types.inc b/lam/lib/types.inc index 405646c9..955a8f29 100644 --- a/lam/lib/types.inc +++ b/lam/lib/types.inc @@ -389,6 +389,23 @@ class TypeManager { return $configuredTypes; } + /** + * Returns a list of configured types for this scope. + * + * @param string $scope scope (e.g. user) + * @return \LAM\TYPES\ConfiguredType[] list of ConfiguredType + */ + public function getConfiguredTypesForScope($scope) { + $allTypes = $this->getConfiguredTypes(); + $scopedTypes = array(); + foreach ($allTypes as $type) { + if ($type->getScope() == $scope) { + $scopedTypes[] = $type; + } + } + return $scopedTypes; + } + /** * Builds a configured account type. * From e93d59740c5d30b2f9ace0173955877cd060c67b Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sat, 31 Dec 2016 14:44:46 +0100 Subject: [PATCH 5/5] moved getSuffixList() --- lam/docs/devel/upgrade.htm | 5 +++- lam/lib/baseType.inc | 41 -------------------------- lam/lib/lists.inc | 2 +- lam/lib/modules.inc | 3 +- lam/lib/modules/nisMailAliasUser.inc | 2 +- lam/lib/types.inc | 40 +++++++++++++++++++++++++ lam/lib/types/asteriskExt.inc | 2 +- lam/templates/profedit/profilepage.php | 3 +- 8 files changed, 49 insertions(+), 49 deletions(-) diff --git a/lam/docs/devel/upgrade.htm b/lam/docs/devel/upgrade.htm index 8e40fefe..199d5603 100644 --- a/lam/docs/devel/upgrade.htm +++ b/lam/docs/devel/upgrade.htm @@ -19,6 +19,7 @@ + @@ -54,8 +55,10 @@ This is a list of API changes for all LAM releases. Functions in lib/types.inc got namespace LAM/TYPES (e.g. getTypeAlias()).
  • New API to access configured account types: LAM\TYPES\TypeManager.
    • -
  • class baseType: new function getSuffixFilter()
    +
  • class baseType: new function getSuffixFilter()
    • +
  • moved getSuffixList() from baseType to ConfiguredType
    • + diff --git a/lam/lib/baseType.inc b/lam/lib/baseType.inc index b1d2a171..5833d189 100644 --- a/lam/lib/baseType.inc +++ b/lam/lib/baseType.inc @@ -138,47 +138,6 @@ class baseType { return "(|(objectClass=organizationalunit)(objectClass=country)(objectClass=organization)(objectClass=krbRealmContainer)(objectClass=container))"; } - /** - * Returns a list of LDAP suffixes for this type. - * - * @return array sorted list of possible suffixes for this type. - */ - public function getSuffixList() { - $suffix = $_SESSION["config"]->get_Suffix(get_class($this)); - $connection = $_SESSION["ldap"]->server(); - $ret = array(); - $filter = $this->getSuffixFilter(); - $sr = @ldap_search($connection, escapeDN($suffix),$filter , array('dn', 'objectClass'), 0, 0, 0, LDAP_DEREF_NEVER); - if ($sr) { - $units = ldap_get_entries($connection, $sr); - cleanLDAPResult($units); - // extract Dns - $count = sizeof($units); - for ($i = 0; $i < $count; $i++) { - if (in_array('container', $units[$i]['objectclass'])) { - // Active Directory fix, hide system containers - if (preg_match('/.*cn=system,dc=.+/i', $units[$i]['dn']) || preg_match('/.*CN=program data,dc=.+/i', $units[$i]['dn'])) { - continue; - } - } - $ret[] = $units[$i]['dn']; - } - } - // add root suffix if needed - $found = false; - for ($i = 0; $i < sizeof($ret); $i++) { // search suffix case-intensitive - if (strtolower($suffix) == strtolower($ret[$i])) { - $found = true; - break; - } - } - if (!$found) { - $ret[] = $suffix; - } - usort($ret, 'compareDN'); - return $ret; - } - /** * This function is called after the edit page is processed and before the page content is generated. * This can be used to run custom handlers after each page processing. diff --git a/lam/lib/lists.inc b/lam/lib/lists.inc index 49b7750a..bfd687a9 100644 --- a/lam/lib/lists.inc +++ b/lam/lib/lists.inc @@ -962,7 +962,7 @@ class lamList { call_user_func_array('StatusMessage', $lastError); } // generate list of possible suffixes - $this->possibleSuffixes = $this->type->getBaseType()->getSuffixList(); + $this->possibleSuffixes = $this->type->getSuffixList(); } /** diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc index 08ed0d4c..39de01e8 100644 --- a/lam/lib/modules.inc +++ b/lam/lib/modules.inc @@ -2146,8 +2146,7 @@ class accountContainer { if ($this->cachedOUs != null) { return $this->cachedOUs; } - $typeObj = $this->type->getBaseType(); - $this->cachedOUs = $typeObj->getSuffixList(); + $this->cachedOUs = $this->type->getSuffixList(); return $this->cachedOUs; } diff --git a/lam/lib/modules/nisMailAliasUser.inc b/lam/lib/modules/nisMailAliasUser.inc index a9b8a421..fad3ee73 100644 --- a/lam/lib/modules/nisMailAliasUser.inc +++ b/lam/lib/modules/nisMailAliasUser.inc @@ -361,7 +361,7 @@ class nisMailAliasUser extends baseModule { $mailAliasTypes = $typeManager->getConfiguredTypesForScope('mailAlias'); $ous = array(); foreach ($mailAliasTypes as $type) { - $ous = array_merge($ous, $type->getBaseType()->getSuffixList()); + $ous = array_merge($ous, $type->getSuffixList()); } $ous = array_unique($ous); usort($ous, 'compareDN'); diff --git a/lam/lib/types.inc b/lam/lib/types.inc index 955a8f29..7f22bb57 100644 --- a/lam/lib/types.inc +++ b/lam/lib/types.inc @@ -271,6 +271,46 @@ class ConfiguredType { return $this->baseType; } + /** + * Returns a list of LDAP suffixes for this type. + * + * @return array sorted list of possible suffixes for this type. + */ + public function getSuffixList() { + $connection = $_SESSION["ldap"]->server(); + $ret = array(); + $filter = $this->getBaseType()->getSuffixFilter(); + $sr = @ldap_search($connection, escapeDN($this->suffix), $filter, array('dn', 'objectClass'), 0, 0, 0, LDAP_DEREF_NEVER); + if ($sr) { + $units = ldap_get_entries($connection, $sr); + cleanLDAPResult($units); + // extract Dns + $count = sizeof($units); + for ($i = 0; $i < $count; $i++) { + if (in_array('container', $units[$i]['objectclass'])) { + // Active Directory fix, hide system containers + if (preg_match('/.*cn=system,dc=.+/i', $units[$i]['dn']) || preg_match('/.*CN=program data,dc=.+/i', $units[$i]['dn'])) { + continue; + } + } + $ret[] = $units[$i]['dn']; + } + } + // add root suffix if needed + $found = false; + for ($i = 0; $i < sizeof($ret); $i++) { // search suffix case-intensitive + if (strtolower($this->suffix) == strtolower($ret[$i])) { + $found = true; + break; + } + } + if (!$found) { + $ret[] = $this->suffix; + } + usort($ret, 'compareDN'); + return $ret; + } + } /** diff --git a/lam/lib/types/asteriskExt.inc b/lam/lib/types/asteriskExt.inc index 617a41ed..319d271d 100644 --- a/lam/lib/types/asteriskExt.inc +++ b/lam/lib/types/asteriskExt.inc @@ -180,7 +180,7 @@ class lamAsteriskExtList extends lamList { $entries = $this->normalizeLdapOutput($entries); $this->entries = $entries; // generate list of possible suffixes - $this->possibleSuffixes = $this->type->getBaseType()->getSuffixList(); + $this->possibleSuffixes = $this->type->getSuffixList(); } /** diff --git a/lam/templates/profedit/profilepage.php b/lam/templates/profedit/profilepage.php index 07866e25..1e0aef15 100644 --- a/lam/templates/profedit/profilepage.php +++ b/lam/templates/profedit/profilepage.php @@ -207,8 +207,7 @@ $dnContent->addElement(new htmlSpacer(null, '10px'), true); $rootsuffix = $type->getSuffix(); // get subsuffixes $suffixes = array('-' => '-'); -$typeObj = $type->getBaseType(); -$possibleSuffixes = $typeObj->getSuffixList(); +$possibleSuffixes = $type->getSuffixList(); foreach ($possibleSuffixes as $suffix) { $suffixes[getAbstractDN($suffix)] = $suffix; }