fixed many things ralated to groups like wrong SIDs
This commit is contained in:
parent
444c69f0dc
commit
775aa6cf0d
|
@ -66,6 +66,7 @@ class account { // This class keeps all needed values for any account
|
|||
var $smb_flagsD; // string (1|0) account is disabled? (user|host)
|
||||
var $smb_flagsX; // string (1|0) password doesn'T expire (user|host)
|
||||
var $smb_mapgroup; // decimal ID for groups
|
||||
var $smb_displayName; // string, description, similar to gecos-field.
|
||||
// Quota Settins
|
||||
var $quota; // array[][] First array is an index for every chare with active quotas
|
||||
// second array Contains values for every share:
|
||||
|
@ -350,6 +351,10 @@ function checksamba($values, $type) { // This function checks all samba account
|
|||
else $return->smb_password = "";
|
||||
break;
|
||||
case 'group' :
|
||||
if (($values->smb_displayName=='') && isset($values->general_gecos)) {
|
||||
$return->smb_displayName = $values->general_gecos;
|
||||
$errors[] = array('INFO', _('Display name'), _('Inserted gecos-field as display name.'));
|
||||
}
|
||||
break;
|
||||
}
|
||||
// Return values and errors
|
||||
|
@ -932,6 +937,7 @@ function loadgroup($dn) { // Will load all needed values from an existing group
|
|||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
||||
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||
// Load values into account object
|
||||
$i=0;
|
||||
while (isset($attr['objectClass'][$i])) {
|
||||
$return->general_objectClass[$i] = $attr['objectClass'][$i];
|
||||
|
@ -943,13 +949,19 @@ function loadgroup($dn) { // Will load all needed values from an existing group
|
|||
$i++;
|
||||
}
|
||||
if (isset($attr['gidNumber'][0])) $return->general_uidNumber = $attr['gidNumber'][0];
|
||||
if (isset($attr['gecos'][0])) $return->general_gecos = utf8_decode($attr['gecos'][0]);
|
||||
if (isset($attr['description'][0])) $return->general_gecos = utf8_decode($attr['description'][0]);
|
||||
if (isset($attr['cn'][0])) {
|
||||
$return->general_username = $attr['cn'][0];
|
||||
if ($_SESSION['config']->scriptServer) getquotas('group',$attr['cn'][0]);
|
||||
$values = getquotas('group', $attr['cn'][0]);
|
||||
if (is_object($values)) {
|
||||
while (list($key, $val) = each($values)) // Set only defined values
|
||||
if (isset($val)) $return->$key = $val;
|
||||
}
|
||||
}
|
||||
if (isset($attr['sambaSID'][0])) {
|
||||
if (isset($attr['sambaSID'][0])) { // Samba3 Samba 2.0 don't have any objects 4 groups
|
||||
$return->smb_mapgroup = $attr['sambaSID'][0];
|
||||
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
|
||||
// extract SID from sambaSID to find domain
|
||||
$temp = explode('-', $attr['sambaSID'][0]);
|
||||
$SID = $temp[0].'-'.$temp[1].'-'.$temp[2].'-'.$temp[3].'-'.$temp[4].'-'.$temp[5].'-'.$temp[6];
|
||||
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
||||
|
@ -1612,27 +1624,15 @@ function creategroup($values) { // Will create the LDAP-Group
|
|||
// 4 == Error while creating Group
|
||||
// 5 == Error while modifying Group
|
||||
$values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn;
|
||||
|
||||
// decrypt password
|
||||
$iv = base64_decode($_COOKIE["IV"]);
|
||||
$key = base64_decode($_COOKIE["Key"]);
|
||||
if ($values->unix_password != '') {
|
||||
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
|
||||
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
|
||||
}
|
||||
if ($values->smb_password != '') {
|
||||
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
|
||||
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
|
||||
}
|
||||
$attr['objectClass'][0] = 'posixGroup';
|
||||
$attr['cn'] = $values->general_username;
|
||||
$attr['gidNumber'] = $values->general_uidNumber;
|
||||
$attr['description'] = $values->general_gecos;
|
||||
if ($values->general_gecos) $attr['description'] = utf8_encode($values->general_gecos);
|
||||
if ($_SESSION['config']->samba3 =='yes' && (isset($values->smb_mapgroup))) {
|
||||
$attr['sambaSID'] = $values->smb_mapgroup;
|
||||
$attr['objectClass'][1] = 'sambaGroupMapping';
|
||||
$attr['sambaGroupType'] = '2';
|
||||
if ($values->general_gecos) $attr['displayName'] = $values->general_gecos;
|
||||
if ($values->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName);
|
||||
}
|
||||
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
||||
if ($_SESSION['config']->scriptServer) setquotas($values,'group');
|
||||
|
@ -1652,34 +1652,21 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
|
|||
// 5 == Error while modifying Group
|
||||
$values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn;
|
||||
|
||||
// decrypt password
|
||||
$iv = base64_decode($_COOKIE["IV"]);
|
||||
$key = base64_decode($_COOKIE["Key"]);
|
||||
if ($values->unix_password != '') {
|
||||
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
|
||||
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
|
||||
}
|
||||
if ($values->smb_password != '') {
|
||||
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
|
||||
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
|
||||
}
|
||||
if ($values->general_username != $values_old->general_username) $attr['cn'] = $values->general_username;
|
||||
if ($values->general_uidNumber != $values_old->general_uidNumber) $attr['gidNumber'] = $values->general_uidNumber;
|
||||
if ($values->general_gecos != $values_old->general_gecos) $attr['description'] = $values->general_gecos;
|
||||
if ($values->general_gecos != $values_old->general_gecos) $attr['description'] = utf8_encode($values->general_gecos);
|
||||
|
||||
if (($values->smb_displayName != $values_old->smb_displayName) && ($values->smb_displayName != ''))
|
||||
$attr['displayName'] = utf8_encode($values->smb_displayName);
|
||||
if (($values->smb_displayName != $values_old->smb_displayName) && ($values->smb_displayName == ''))
|
||||
$attr_rem['displayName'] = utf8_encode($values_old->smb_displayName);
|
||||
|
||||
if ($_SESSION['config']->samba3 =='yes') {
|
||||
if ($values->smb_mapgroup != $values_old->smb_mapgroup)
|
||||
$attr['sambaSID'] = $values->smb_mapgroup;
|
||||
if ($values->general_gecos!=$values_old->general_gecos)
|
||||
$attr['displayName'] = $values->general_gecos;
|
||||
}
|
||||
|
||||
if (($values->unix_memberUid != $values_old->unix_memberUid)) {
|
||||
//$values->unix_memberUid = str_replace(' ', '', $values->unix_memberUid);
|
||||
//$memberUid = explode (',', $values->unix_memberUid);
|
||||
//$values_old->unix_memberUid = str_replace(' ', '', $values_old->unix_memberUid);
|
||||
//$memberUid_old = explode (',', $values_old->unix_memberUid);
|
||||
//if ($memberUid[0]=='') $attr_rem['memberUid'] = $memberUid_old;
|
||||
// else if ($memberUid[0]!='') $attr['memberUid'] = $memberUid;
|
||||
if (count($values->unix_memberUid)==0) $attr_rem['memberUid'] = $values_old->unix_memberUid;
|
||||
else $attr['memberUid'] = $values->unix_memberUid;
|
||||
}
|
||||
|
@ -1724,6 +1711,7 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
|
|||
if ($success) $success = ldap_mod_replace($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
||||
if (!$success) return 5;
|
||||
}
|
||||
|
||||
if ( $_SESSION['final_changegids']==true ) {
|
||||
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), 'gidNumber=' . $values_old->general_uidNumber, array('gidNumber'));
|
||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||
|
|
|
@ -111,24 +111,26 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
|
|||
break;
|
||||
|
||||
case 'samba':
|
||||
$_SESSION['account']->smb_domain = $_POST['f_smb_domain'];
|
||||
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
||||
foreach ($samba3domains as $domain)
|
||||
if ($_POST['f_smb_domain'] == $domain->name)
|
||||
$_SESSION['account']->smb_domain = $domain;
|
||||
$_SESSION['account']->smb_displayName = $_POST['f_smb_displayName'];
|
||||
switch ($_POST['f_smb_mapgroup']) {
|
||||
case '*'._('Domain Guests'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '514'; break;
|
||||
case '*'._('Domain Users'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '513'; break;
|
||||
case '*'._('Domain Admins'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '512'; break;
|
||||
case $_SESSION['account']->general_group:
|
||||
if ($_SESSION['config']->samba3 == 'yes')
|
||||
$_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-".
|
||||
(2 * getgid($_SESSION['account']->general_group) + $_SESSION['account']->smb_domain->RIDbase +1);
|
||||
else $_SESSION['account']->smb_mapgroup = (2 * getgid($_SESSION['account']->general_group) + 1001);
|
||||
break;
|
||||
case $_SESSION['account']->general_username:
|
||||
if ($_SESSION['config']->samba3 == 'yes')
|
||||
$_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-".
|
||||
(2 * $_SESSION['account']->general_uidNumber + $_SESSION['account']->smb_domain->RIDbase +1);
|
||||
else $_SESSION['account']->smb_mapgroup = (2 * $_SESSION['account']->general_uidNumber + 1001);
|
||||
$_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-".
|
||||
(2 * getgid($_SESSION['account']->general_username) + $_SESSION['account']->smb_domain->RIDbase +1);
|
||||
break;
|
||||
}
|
||||
if (isset($_SESSION['account_old'])) list($values, $errors) = checksamba($_SESSION['account'], 'group', $_SESSION['account_old']); // account.inc
|
||||
else list($values, $errors) = checksamba($_SESSION['account'], 'group'); // account.inc
|
||||
if (is_object($values)) { // Set only defined values
|
||||
while (list($key, $val) = each($values))
|
||||
if (isset($val)) $_SESSION['account']->$key = $val;
|
||||
}
|
||||
break;
|
||||
|
||||
case 'quota':
|
||||
|
@ -249,6 +251,7 @@ if (is_array($errors)) {
|
|||
for ($i=0; $i<sizeof($errors); $i++) StatusMessage($errors[$i][0], $errors[$i][1], $errors[$i][2]);
|
||||
echo "</table>";
|
||||
}
|
||||
|
||||
// print_r($_SESSION['account']);
|
||||
|
||||
switch ($select_local) { // Select which part of page will be loaded
|
||||
|
@ -269,7 +272,8 @@ switch ($select_local) { // Select which part of page will be loaded
|
|||
echo "</b></legend>\n";
|
||||
echo "<input name=\"next_general\" type=\"submit\" value=\""; echo _('General'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_members\" type=\"submit\" disabled value=\""; echo _('Members'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_samba\" type=\"submit\" value=\""; echo _('Samba'); echo "\">\n<br>";
|
||||
if ($_SESSION['config']->samba3 == 'yes')
|
||||
echo "<input name=\"next_samba\" type=\"submit\" value=\""; echo _('Samba'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_quota\" type=\"submit\""; if (!isset($_SESSION['config']->scriptPath)) echo " disabled ";
|
||||
echo "value=\""; echo _('Quota'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_final\" type=\"submit\" value=\""; echo _('Final');
|
||||
|
@ -308,7 +312,8 @@ switch ($select_local) { // Select which part of page will be loaded
|
|||
echo "</b></legend>\n";
|
||||
echo "<input name=\"next_general\" type=\"submit\" disabled value=\""; echo _('General'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_members\" type=\"submit\" value=\""; echo _('Members'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_samba\" type=\"submit\" value=\""; echo _('Samba'); echo "\">\n<br>";
|
||||
if ($_SESSION['config']->samba3 == 'yes')
|
||||
echo "<input name=\"next_samba\" type=\"submit\" value=\""; echo _('Samba'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_quota\" type=\"submit\""; if (!isset($_SESSION['config']->scriptPath)) echo " disabled ";
|
||||
echo "value=\""; echo _('Quota'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_final\" type=\"submit\" value=\""; echo _('Final');
|
||||
|
@ -357,7 +362,7 @@ switch ($select_local) { // Select which part of page will be loaded
|
|||
|
||||
case 'samba':
|
||||
// Samba Settings
|
||||
if ($_SESSION['config']->samba3 == 'yes') $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
||||
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
||||
echo "<input name=\"select\" type=\"hidden\" value=\"samba\">\n";
|
||||
echo "<table border=0 width=\"100%\">\n<tr><td valign=\"top\" width=\"15%\" >";
|
||||
echo "<table border=0><tr><td><fieldset class=\"groupedit-middle\"><legend class=\"groupedit-bright\"><b>";
|
||||
|
@ -370,8 +375,12 @@ switch ($select_local) { // Select which part of page will be loaded
|
|||
echo "value=\""; echo _('Quota'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_final\" type=\"submit\" value=\""; echo _('Final');
|
||||
echo "\"></fieldset></td></tr></table></td>\n<td valign=\"top\">";
|
||||
echo "<table border=0><tr><td><fieldset class=\"groupedit-bright\"><legend class=\"groupedit-bright\"><b>"._('Samba properties')."</b></legend>\n";
|
||||
echo "<table border=0 width=\"100%\"><tr><td><fieldset class=\"groupedit-bright\"><legend class=\"groupedit-bright\"><b>"._('Samba properties')."</b></legend>\n";
|
||||
echo "<table border=0 width=\"100%\"><tr><td>";
|
||||
echo _("Display name");
|
||||
echo "</td>\n<td>".
|
||||
"<input name=\"f_smb_displayName\" type=\"text\" size=\"30\" maxlength=\"50\" value=\"".$_SESSION['account']->smb_displayName."\">".
|
||||
"</td>\n<td><a href=\"../help.php?HelpNumber=XXX\" target=\"lamhelp\">"._('Help-XX')."</a></td>\n</tr>\n<tr>\n<td>";
|
||||
echo _('Windows groupname');
|
||||
echo "</td>\n<td><select name=\"f_smb_mapgroup\">";
|
||||
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-".
|
||||
|
@ -437,7 +446,8 @@ switch ($select_local) { // Select which part of page will be loaded
|
|||
echo "</b></legend>\n";
|
||||
echo "<input name=\"next_general\" type=\"submit\" value=\""; echo _('General'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_members\" type=\"submit\" value=\""; echo _('Members'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_samba\" type=\"submit\" value=\""; echo _('Samba'); echo "\">\n<br>";
|
||||
if ($_SESSION['config']->samba3 == 'yes')
|
||||
echo "<input name=\"next_samba\" type=\"submit\" value=\""; echo _('Samba'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_quota\" type=\"submit\" disabled value=\""; echo _('Quota'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_final\" type=\"submit\" value=\""; echo _('Final');
|
||||
echo "\"></fieldset></td></tr></table></td>\n<td valign=\"top\">";
|
||||
|
@ -471,14 +481,15 @@ switch ($select_local) { // Select which part of page will be loaded
|
|||
case 'final':
|
||||
// Final Settings
|
||||
echo '<input name="select" type="hidden" value="final">';
|
||||
echo "<input name=\"select\" type=\"hidden\" value=\"samba\">\n";
|
||||
echo "<input name=\"select\" type=\"hidden\" value=\"final\">\n";
|
||||
echo "<table border=0 width=\"100%\">\n<tr><td valign=\"top\" width=\"15%\" >";
|
||||
echo "<table><tr><td><fieldset class=\"groupedit-middle\"><legend class=\"groupedit-bright\"><b>";
|
||||
echo _('Please select page:');
|
||||
echo "</b></legend>\n";
|
||||
echo "<input name=\"next_general\" type=\"submit\" value=\""; echo _('General'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_members\" type=\"submit\" value=\""; echo _('Members'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_samba\" type=\"submit\" value=\""; echo _('Samba'); echo "\">\n<br>";
|
||||
if ($_SESSION['config']->samba3 == 'yes')
|
||||
echo "<input name=\"next_samba\" type=\"submit\" value=\""; echo _('Samba'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_quota\" type=\"submit\""; if (!isset($_SESSION['config']->scriptPath)) echo " disabled ";
|
||||
echo "value=\""; echo _('Quota'); echo "\">\n<br>";
|
||||
echo "<input name=\"next_final\" type=\"submit\" disabled value=\""; echo _('Final');
|
||||
|
|
Loading…
Reference in New Issue