From 775aa6cf0d2d1b85f7d3e73945d2a62e528c0f77 Mon Sep 17 00:00:00 2001 From: katagia Date: Tue, 16 Sep 2003 12:44:28 +0000 Subject: [PATCH] fixed many things ralated to groups like wrong SIDs --- lam/lib/account.inc | 62 ++++++++++++----------------- lam/templates/account/groupedit.php | 47 +++++++++++++--------- 2 files changed, 54 insertions(+), 55 deletions(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index b8755df1..13460e83 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -66,6 +66,7 @@ class account { // This class keeps all needed values for any account var $smb_flagsD; // string (1|0) account is disabled? (user|host) var $smb_flagsX; // string (1|0) password doesn'T expire (user|host) var $smb_mapgroup; // decimal ID for groups + var $smb_displayName; // string, description, similar to gecos-field. // Quota Settins var $quota; // array[][] First array is an index for every chare with active quotas // second array Contains values for every share: @@ -350,6 +351,10 @@ function checksamba($values, $type) { // This function checks all samba account else $return->smb_password = ""; break; case 'group' : + if (($values->smb_displayName=='') && isset($values->general_gecos)) { + $return->smb_displayName = $values->general_gecos; + $errors[] = array('INFO', _('Display name'), _('Inserted gecos-field as display name.')); + } break; } // Return values and errors @@ -932,6 +937,7 @@ function loadgroup($dn) { // Will load all needed values from an existing group $entry = ldap_first_entry($_SESSION['ldap']->server(), $result); $return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry)); $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry); + // Load values into account object $i=0; while (isset($attr['objectClass'][$i])) { $return->general_objectClass[$i] = $attr['objectClass'][$i]; @@ -943,13 +949,19 @@ function loadgroup($dn) { // Will load all needed values from an existing group $i++; } if (isset($attr['gidNumber'][0])) $return->general_uidNumber = $attr['gidNumber'][0]; - if (isset($attr['gecos'][0])) $return->general_gecos = utf8_decode($attr['gecos'][0]); + if (isset($attr['description'][0])) $return->general_gecos = utf8_decode($attr['description'][0]); if (isset($attr['cn'][0])) { $return->general_username = $attr['cn'][0]; - if ($_SESSION['config']->scriptServer) getquotas('group',$attr['cn'][0]); + $values = getquotas('group', $attr['cn'][0]); + if (is_object($values)) { + while (list($key, $val) = each($values)) // Set only defined values + if (isset($val)) $return->$key = $val; + } } - if (isset($attr['sambaSID'][0])) { + if (isset($attr['sambaSID'][0])) { // Samba3 Samba 2.0 don't have any objects 4 groups $return->smb_mapgroup = $attr['sambaSID'][0]; + if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]); + // extract SID from sambaSID to find domain $temp = explode('-', $attr['sambaSID'][0]); $SID = $temp[0].'-'.$temp[1].'-'.$temp[2].'-'.$temp[3].'-'.$temp[4].'-'.$temp[5].'-'.$temp[6]; $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix()); @@ -1612,27 +1624,15 @@ function creategroup($values) { // Will create the LDAP-Group // 4 == Error while creating Group // 5 == Error while modifying Group $values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn; - - // decrypt password - $iv = base64_decode($_COOKIE["IV"]); - $key = base64_decode($_COOKIE["Key"]); - if ($values->unix_password != '') { - $values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv); - $values->unix_password = str_replace(chr(00), '', $values->unix_password); - } - if ($values->smb_password != '') { - $values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv); - $values->smb_password = str_replace(chr(00), '', $values->smb_password); - } $attr['objectClass'][0] = 'posixGroup'; $attr['cn'] = $values->general_username; $attr['gidNumber'] = $values->general_uidNumber; - $attr['description'] = $values->general_gecos; + if ($values->general_gecos) $attr['description'] = utf8_encode($values->general_gecos); if ($_SESSION['config']->samba3 =='yes' && (isset($values->smb_mapgroup))) { $attr['sambaSID'] = $values->smb_mapgroup; $attr['objectClass'][1] = 'sambaGroupMapping'; $attr['sambaGroupType'] = '2'; - if ($values->general_gecos) $attr['displayName'] = $values->general_gecos; + if ($values->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName); } $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr); if ($_SESSION['config']->scriptServer) setquotas($values,'group'); @@ -1652,34 +1652,21 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group // 5 == Error while modifying Group $values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn; - // decrypt password - $iv = base64_decode($_COOKIE["IV"]); - $key = base64_decode($_COOKIE["Key"]); - if ($values->unix_password != '') { - $values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv); - $values->unix_password = str_replace(chr(00), '', $values->unix_password); - } - if ($values->smb_password != '') { - $values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv); - $values->smb_password = str_replace(chr(00), '', $values->smb_password); - } if ($values->general_username != $values_old->general_username) $attr['cn'] = $values->general_username; if ($values->general_uidNumber != $values_old->general_uidNumber) $attr['gidNumber'] = $values->general_uidNumber; - if ($values->general_gecos != $values_old->general_gecos) $attr['description'] = $values->general_gecos; + if ($values->general_gecos != $values_old->general_gecos) $attr['description'] = utf8_encode($values->general_gecos); + + if (($values->smb_displayName != $values_old->smb_displayName) && ($values->smb_displayName != '')) + $attr['displayName'] = utf8_encode($values->smb_displayName); + if (($values->smb_displayName != $values_old->smb_displayName) && ($values->smb_displayName == '')) + $attr_rem['displayName'] = utf8_encode($values_old->smb_displayName); + if ($_SESSION['config']->samba3 =='yes') { if ($values->smb_mapgroup != $values_old->smb_mapgroup) $attr['sambaSID'] = $values->smb_mapgroup; - if ($values->general_gecos!=$values_old->general_gecos) - $attr['displayName'] = $values->general_gecos; } if (($values->unix_memberUid != $values_old->unix_memberUid)) { - //$values->unix_memberUid = str_replace(' ', '', $values->unix_memberUid); - //$memberUid = explode (',', $values->unix_memberUid); - //$values_old->unix_memberUid = str_replace(' ', '', $values_old->unix_memberUid); - //$memberUid_old = explode (',', $values_old->unix_memberUid); - //if ($memberUid[0]=='') $attr_rem['memberUid'] = $memberUid_old; - // else if ($memberUid[0]!='') $attr['memberUid'] = $memberUid; if (count($values->unix_memberUid)==0) $attr_rem['memberUid'] = $values_old->unix_memberUid; else $attr['memberUid'] = $values->unix_memberUid; } @@ -1724,6 +1711,7 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group if ($success) $success = ldap_mod_replace($_SESSION['ldap']->server(),$values->general_dn, $attr); if (!$success) return 5; } + if ( $_SESSION['final_changegids']==true ) { $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), 'gidNumber=' . $values_old->general_uidNumber, array('gidNumber')); $entry = ldap_first_entry($_SESSION['ldap']->server(), $result); diff --git a/lam/templates/account/groupedit.php b/lam/templates/account/groupedit.php index 6279c7db..059c66bb 100644 --- a/lam/templates/account/groupedit.php +++ b/lam/templates/account/groupedit.php @@ -111,24 +111,26 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch break; case 'samba': - $_SESSION['account']->smb_domain = $_POST['f_smb_domain']; + $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix()); + foreach ($samba3domains as $domain) + if ($_POST['f_smb_domain'] == $domain->name) + $_SESSION['account']->smb_domain = $domain; + $_SESSION['account']->smb_displayName = $_POST['f_smb_displayName']; switch ($_POST['f_smb_mapgroup']) { case '*'._('Domain Guests'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '514'; break; case '*'._('Domain Users'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '513'; break; case '*'._('Domain Admins'): $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '512'; break; - case $_SESSION['account']->general_group: - if ($_SESSION['config']->samba3 == 'yes') - $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-". - (2 * getgid($_SESSION['account']->general_group) + $_SESSION['account']->smb_domain->RIDbase +1); - else $_SESSION['account']->smb_mapgroup = (2 * getgid($_SESSION['account']->general_group) + 1001); - break; case $_SESSION['account']->general_username: - if ($_SESSION['config']->samba3 == 'yes') - $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-". - (2 * $_SESSION['account']->general_uidNumber + $_SESSION['account']->smb_domain->RIDbase +1); - else $_SESSION['account']->smb_mapgroup = (2 * $_SESSION['account']->general_uidNumber + 1001); + $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-". + (2 * getgid($_SESSION['account']->general_username) + $_SESSION['account']->smb_domain->RIDbase +1); break; } + if (isset($_SESSION['account_old'])) list($values, $errors) = checksamba($_SESSION['account'], 'group', $_SESSION['account_old']); // account.inc + else list($values, $errors) = checksamba($_SESSION['account'], 'group'); // account.inc + if (is_object($values)) { // Set only defined values + while (list($key, $val) = each($values)) + if (isset($val)) $_SESSION['account']->$key = $val; + } break; case 'quota': @@ -249,6 +251,7 @@ if (is_array($errors)) { for ($i=0; $i"; } + // print_r($_SESSION['account']); switch ($select_local) { // Select which part of page will be loaded @@ -269,7 +272,8 @@ switch ($select_local) { // Select which part of page will be loaded echo "\n"; echo "\n
"; echo "\n
"; - echo "\n
"; + if ($_SESSION['config']->samba3 == 'yes') + echo "\n
"; echo "scriptPath)) echo " disabled "; echo "value=\""; echo _('Quota'); echo "\">\n
"; echo "\n"; echo "\n
"; echo "\n
"; - echo "\n
"; + if ($_SESSION['config']->samba3 == 'yes') + echo "\n
"; echo "scriptPath)) echo " disabled "; echo "value=\""; echo _('Quota'); echo "\">\n
"; echo "samba3 == 'yes') $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix()); + $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix()); echo "\n"; echo "\n\n
"; echo "
"; @@ -370,8 +375,12 @@ switch ($select_local) { // Select which part of page will be loaded echo "value=\""; echo _('Quota'); echo "\">\n
"; echo "
"; - echo "
"._('Samba properties')."\n"; + echo "\n
"._('Samba properties')."\n"; echo "\n\n\n\n\n\n
"; + echo _("Display name"); + echo "". + "smb_displayName."\">". + ""._('Help-XX')."
"; echo _('Windows groupname'); echo "\n
"; echo "\n
"; - echo "\n
"; + if ($_SESSION['config']->samba3 == 'yes') + echo "\n
"; echo "\n
"; echo "
"; @@ -471,14 +481,15 @@ switch ($select_local) { // Select which part of page will be loaded case 'final': // Final Settings echo ''; - echo "\n"; + echo "\n"; echo "\n
"; echo "
"; echo _('Please select page:'); echo "\n"; echo "\n
"; echo "\n
"; - echo "\n
"; + if ($_SESSION['config']->samba3 == 'yes') + echo "\n
"; echo "scriptPath)) echo " disabled "; echo "value=\""; echo _('Quota'); echo "\">\n
"; echo "