diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 8535e818..3f7af507 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -468,7 +468,7 @@ class accountContainer {
echo "
\n";
- echo $input[$i][$j]['text'] . " | \n";
+ echo $input[$i][$j]['text'] . " | \n";
break;
case 'input':
echo "module);
foreach ($module as $singlemodule) {
@@ -949,6 +949,7 @@ class accountContainer {
if ($this->type=='group') $search = 'cn';
else $search = 'uid';
$added = false;
+ print_r($attributes);
foreach ($attributes as $DN) {
if (isset($DN['modify'][$search][0]) && !$added) {
$attributes[$search.'='.$DN['modify'][$search][0].','.$this->dn] = $attributes[$this->dn];
@@ -1235,333 +1236,6 @@ function RndInt($Format){
return $Rnd;
} // END RndInt() FUNCTION
-
-
-
-/* This function maintains the ldap-cache which is used to reduce ldap requests
-* If the array is older than $_SESSION['config']->get_cacheTimeoutSec() it will
-* be recreated
-*
-* $type can be user|group|host.
-*
-* $_SESSION['xxxxDN'] contains all attributes which are needed very often from
-* more than one function
-* $_SESSION['xxxx'DN'][0] contains the creation time of the array as unix timestamp.
-* All other entries have the following syntax:
-* $_SESSION['xxxx'DN'][$dn][$attributes]
-* $dn = DN of cached entry
-* $attributes = All cached attributes of DN
-* The cache contains the following attributes:
-* user: cn, uidNumber
-* group: cn, gidNumber
-* host: cn, uidNumber
-*/
-function ldapreload($type) {
- switch ($type) {
- case 'user':
- // Do we have to recreate array?
- if ((!isset($_SESSION['userDN'])) || ($_SESSION['userDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) {
- // Remove old array
- if (isset($_SESSION['userDN'])) unset($_SESSION['userDN']);
- // insert timestamp in array
- $_SESSION['userDN'][0] = time();
- // Search 4 values which should be cached
- $result = @ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(),
- '(&(objectClass=posixAccount)(!(uid=*$)))', array('cn', 'uidNumber'), 0);
- // Write search result in array
- $entry = @ldap_first_entry($_SESSION['ldap']->server(), $result);
- while ($entry) {
- $dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
- $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- if (isset($attr['cn'][0]))
- $_SESSION['userDN'][$dn]['cn'] = $attr['cn'][0];
- if (isset($attr['uidNumber'][0]))
- $_SESSION['userDN'][$dn]['uidNumber'] = $attr['uidNumber'][0];
- $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
- }
- }
- break;
- case 'group':
- // Do we have to recreate array?
- if ((!isset($_SESSION['groupDN'])) || ($_SESSION['groupDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) {
- // Remove old array
- if (isset($_SESSION['groupDN'])) unset($_SESSION['groupDN']);
- // insert timestamp in array
- $_SESSION['groupDN'][0] = time();
- // Search 4 values which should be cached
- $result = @ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(),
- 'objectClass=posixGroup', array('gidNumber', 'cn', 'memberUid', 'sambaSID'), 0);
- // Write search result in array
- $entry = @ldap_first_entry($_SESSION['ldap']->server(), $result);
- while ($entry) {
- $dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
- $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- if (isset($attr['gidNumber'][0]))
- $_SESSION['groupDN'][$dn]['uidNumber'] = $attr['gidNumber'][0];
- if (isset($attr['cn'][0]))
- $_SESSION['groupDN'][$dn]['cn'] = $attr['cn'][0];
- if (isset($attr['sambaSID'][0]))
- $_SESSION['groupDN'][$dn]['sambaSID'] = $attr['sambaSID'][0];
- $i=0;
- while (isset($attr['memberUid'][$i])) {
- $_SESSION['groupDN'][$dn]['memberUid'][$i] = $attr['memberUid'][$i];
- $i++;
- }
- $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
- }
- }
- break;
- case 'host':
- // Do we have to recreate array?
- if ((!isset($_SESSION['hostDN'])) || ($_SESSION['hostDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) {
- // Remove old array
- if (isset($_SESSION['hostDN'])) unset($_SESSION['hostDN']);
- // insert timestamp in array
- $_SESSION['hostDN'][0] = time();
- // Search 4 values which should be cached
- $result = @ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_HostSuffix(),
- '(&(objectClass=posixAccount)(uid=*$))', array('cn', 'uidNumber'), 0);
- // Write search result in array
- $entry = @ldap_first_entry($_SESSION['ldap']->server(), $result);
- while ($entry) {
- $dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
- $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- if (isset($attr['cn'][0]))
- $_SESSION['hostDN'][$dn]['cn'] = $attr['cn'][0];
- if (isset($attr['uidNumber'][0]))
- $_SESSION['hostDN'][$dn]['uidNumber'] = $attr['uidNumber'][0];
- $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
- }
- }
- break;
- }
- return 0;
- }
-
-
-/* This function will search in cache if the DN already exists
-* $values is an account-object
-* $values_old is an account-object
-* $values_old is needed because we don't want to raise
-* an error if the DN allredy exists but is the original DN
-*/
-function ldapexists($values, $values_old=false) {
- switch ($values->type) {
- case 'user':
- // Validate cache-array
- ldapreload('user');
- // Entry which we search in ldap ',' is needed to ensure the complete username is checked
- $search = 'uid='.$values->general_username.',';
- // Get copy of cache-array
- $keys = array_keys($_SESSION['userDN']);
- break;
- case 'group':
- // Validate cache-array
- ldapreload('group');
- // Entry which we search in ldap ',' is needed to ensure the complete username is checked
- $search = 'cn='.$values->general_username.',';
- // Get copy of cache-array and
- $keys = array_keys($_SESSION['groupDN']);
- break;
- case 'host':
- // Validate cache-array
- ldapreload('host');
- // Entry which we search in ldap ',' is needed to ensure the complete username is checked
- $search = 'uid='.$values->general_username.',';
- // Get copy of cache-array
- $keys = array_keys($_SESSION['hostDN']);
- break;
- }
- // Remove timestamp stored in [0]
- unset ($keys[0]);
- $keys = array_values($keys);
- if (!$values_old) {
- // Create new account
- // Check if entry allready exists
- foreach ($keys as $key)
- if (strstr($key, $search)) return sprintf (_('%s already exists!'), $values->type);
- }
- // edit existing account and don't create a new one
- else if ($values_old->general_username != $values->general_username) {
- foreach ($keys as $key)
- if (strstr($key, $search)) return sprintf (_('%s already exists!'), $values->type);
- }
- return 0;
- }
-
-
-/* This function will return an array with all groupnames
-* found in ldap. Groupnames are taken from cache-array.
-*/
-function findgroups() {
- // Validate cache-array
- ldapreload('group');
- // Get copy of cache-array
- $groups = $_SESSION['groupDN'];
- // Remove timestamp stored in [0]
- unset ($groups[0]);
- // Create and sort array
- foreach ($groups as $group) {
- $return[] = $group['cn'];
- }
- if (is_array($return)) sort ($return, SORT_STRING);
- return $return;
- }
-
-
-/* This function will return the gidNumber to an existing groupname
-* gidNumbers are taken from cache-array
-*/
-function getgid($groupname) {
- // Validate cache-array
- ldapreload('group');
- // Get copy of cache-array
- $keys = $_SESSION['groupDN'];
- // Remove timestamp stored in [0]
- unset ($keys[0]);
- // Return gidNumber as soon as it's found
- foreach ($keys as $key) {
- if ($key['cn']==$groupname) return $key['uidNumber'];
- }
- // return -1 if groupname isn't found
- return -1;
- }
-
-/* This function will return the groupname to an existing gidNumber
-* groupnames are taken from cache-array
-*/
-function getgrnam($gidNumber) {
- // Validate cache-array
- ldapreload('group');
- // Get copy of cache-array
- $groupDN_local = $_SESSION['groupDN'];
- // Remove timestamp stored in [0]
- unset ($groupDN_local[0]);
- // Now we only have an array with DNs
- $groupDN_local = array_keys($groupDN_local);
- $i=0;
- // Loop until we've found the right uidNumber
- while (!isset($return) && isset($_SESSION['groupDN'][$groupDN_local[$i]]['uidNumber'])) {
- if ($_SESSION['groupDN'][$groupDN_local[$i]]['uidNumber'] == $gidNumber) {
- // We've found the correct entry. Now we need the groupname
- $return = $_SESSION['groupDN'][$groupDN_local[$i]]['cn'];
- }
- // Increase loop-variable if entry wasn't found
- else $i++;
- }
- // Set $return to -1 if no group was found
- if (!isset($return)) $return = -1;
- return $return;
- }
-
-
-/* This function will return an unuesed id-number if $values->general_uidNumber is not set and $values_old is false
-* If values_old is true and $values->general_uidNumber is not set the original id-number is returned
-* If $values->general_uidNumber is set id-number is checked. If it's allready in use an error will be reported
-* id-numbers are taken from cache-array
-* $values and $values_old are account objects
-* Return-Values is an integer id-number or an string-error
-*/
-function checkid($values, $values_old=false) {
- switch ($values->type) {
- case 'group':
- // Validate cache-array
- ldapreload('group');
- // Load all needed variables from session
- $minID = intval($_SESSION['config']->get_MinGID());
- $maxID = intval($_SESSION['config']->get_MaxGID());
- // Get copy of cache-array
- $temp = $_SESSION['groupDN'];
- break;
- case 'user':
- /* Validate cache-array
- * Because users and hosts are using the same id-numbers we have to merge
- * both cache-arrays
- */
- ldapreload('user');
- ldapreload('host');
- // Load all needed variables from session
- $minID = intval($_SESSION['config']->get_minUID());
- $maxID = intval($_SESSION['config']->get_maxUID());
- // load and merge arrays
-
- $temp = $_SESSION['userDN'];
- // Remove timestamp stored in [0]
- unset ($temp[0]);
- // put only uidNumbers in array
- foreach ($temp as $key) $uids[] = $key['uidNumber'];
- $temp = $_SESSION['hostDN'];
- break;
- case 'host':
- /* Validate cache-array
- * Because users and hosts are using the same id-numbers we have to merge
- * both cache-arrays
- */
- ldapreload('user');
- ldapreload('host');
- // Load all needed variables from session
- $minID = intval($_SESSION['config']->get_minMachine());
- $maxID = intval($_SESSION['config']->get_maxMachine());
- // load and merge arrays
-
- $temp = $_SESSION['userDN'];
- // Remove timestamp stored in [0]
- unset ($temp[0]);
- // put only uidNumbers in array
- foreach ($temp as $key) $uids[] = $key['uidNumber'];
- $temp = $_SESSION['hostDN'];
- break;
- }
- // Remove timestamp stored in [0]
- unset ($temp[0]);
- // put only uidNumbers in array. Put only uids in array witch are smaller than maxID
- foreach ($temp as $key) if ($key['uidNumber'] < $maxID) $uids[] = $key['uidNumber'];
- // sort array with uids
- if(is_array($uids)) sort ($uids, SORT_NUMERIC);
- if ($values->general_uidNumber=='') {
- // No id-number given
- if (!isset($values_old->general_uidNumber)) {
- // new account -> we have to find a free id-number
- if (count($uids)!=0) {
- // There are some uids
- // Store highest id-number
- $id = $uids[count($uids)-1];
- // Return minimum allowed id-number if all found id-numbers are too low
- if ($id < $minID) return implode(':', array($minID, ''));
- // Return higesht used id-number + 1 if it's still in valid range
- if ($id < $maxID) return implode(':', array( $id+1, ''));
- /* If this function is still running we have to fid a free id-number between
- * the used id-numbers
- */
- $i = intval($minID);
- while (in_array($i, $uids)) $i++;
- if ($i>$maxID) return implode(':', array($values->general_uidNumber , implode(';', array('ERROR', _('ID-Number'), _('No free ID-Number!')))));
- else return implode(':', array($i, implode(';', array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.')))));
- }
- else return implode(':', array($minID, ''));
- // return minimum allowed id-number if no id-numbers are found
- }
- else return implode(':', array($values_old->general_uidNumber, ''));
- // old account -> return id-number which has been used
- }
- else {
- // Check manual ID
- // id-number is out of valid range
- if ( $values->general_uidNumber < $minID || $values->general_uidNumber > $maxID) return implode(':', array($values->general_uidNumber, implode(';', array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID)))));
- // $uids is allways an array but not if no entries were found
- if (is_array($uids)) {
- // id-number is in use and account is a new account
- if ((in_array($values->general_uidNumber, $uids)) && !$values_old) return implode(':', array($values->general_uidNumber, implode(';', array('ERROR', _('ID-Number'), _('ID is already in use')))));
- // id-number is in use, account is existing account and id-number is not used by itself
- if ((in_array($values->general_uidNumber, $uids)) && $values_old && ($values_old->general_uidNumber != $values->general_uidNumber) )
- return implode(':', array($values_old->general_uidNumber, implode(';', array('ERROR', _('ID-Number'), _('ID is already in use')))));
- }
- // return id-number if everything is OK
- return implode(':', array($values->general_uidNumber, ''));
- }
- }
-
-
// This function will return the days from 1.1.1970 until now
function getdays() {
$days = time() / 86400;
@@ -1593,1531 +1267,5 @@ function smbflag($input) {
}
-/* This function will load all needed values from an existing user account
-* $dns is an array of dns(string) of the users which should be loaded
-* return-value is an array of account-objects
-* $dns can also be an string. Then return-value is a single string too
-*/
-function loaduser($dns) {
- // Load userattributes from ldap
- //$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
- // Get uid=$user from DN
- // Put ldapsearch together
- if (is_array($dns)) {
- foreach ($dns as $dn)
- $uids[] = substr($dn, 0, strpos($dn, ','));
- $search = "(|";
- foreach ($uids as $uid) $search .= "($uid)";
- $search .= ")";
- }
- else $search = substr($dns, 0, strpos($dns, ','));
- /* if string is langer then 1024 characters we have to search for all users and
- * output only the selcted users because searchfilter would be too big
- */
- if (strlen($search)<1024) $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), $search);
- else $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), "uid=*");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
-
- // store smb_domain as samba3domain-Object
- if ($_SESSION['config']->is_samba3()) $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
-
- // loop for every found user
- $i=0;
- while ($entry) {
- // Only load user if it should be loaded
- if (is_array($dns)) {
- if (in_array(ldap_get_dn($_SESSION['ldap']->server(), $entry), $dns)) $continue=true;
- else $continue=false;
- }
- else $continue=true;
- if ($continue) {
- // Create new object
- $return[$i] = new account();
- // Set type of account
- $return[$i]->type='user';
- // Set user samba flag
- $return[$i]->smb_flags['W'] = false;
- $return[$i]->general_dn = ldap_get_dn($_SESSION['ldap']->server(), $entry);
- $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- /* Write attributes into $return.
- * Some values don't have to be set. These are only loaded if they are set
- */
- $return[$i]->general_username = $attr['uid'][0];
- $return[$i]->general_uidNumber = $attr['uidNumber'][0];
- $return[$i]->general_homedir = $attr['homeDirectory'][0];
- if (isset($attr['shadowLastChange'][0])) $return[$i]->unix_shadowLastChange = $attr['shadowLastChange'][0];
- if (isset($attr['loginShell'][0])) $return[$i]->general_shell = $attr['loginShell'][0];
- if (isset($attr['gecos'][0])) $return[$i]->general_gecos = utf8_decode($attr['gecos'][0]);
-
- // get groupname
- $return[$i]->general_group = getgrnam($attr['gidNumber'][0]);
-
- // get all additional groupmemberships
- // Load groups in cache
- ldapreload('group');
- foreach ($_SESSION['groupDN'] as $group) {
- if (is_array($group['memberUid']))
- if (in_array($return[$i]->general_username, $group['memberUid'])) $return[$i]->general_groupadd[] = $group['cn'];
- }
-
- /* Write attributes into $return.
- * Some values don't have to be set. These are only loaded if they are set
- */
- if (isset($attr['shadowMin'][0])) $return[$i]->unix_pwdminage = $attr['shadowMin'][0];
- if (isset($attr['shadowMax'][0])) $return[$i]->unix_pwdmaxage = $attr['shadowMax'][0];
- if (isset($attr['shadowWarning'][0])) $return[$i]->unix_pwdwarn = $attr['shadowWarning'][0];
- if (isset($attr['shadowInactive'][0])) $return[$i]->unix_pwdallowlogin = $attr['shadowInactive'][0];
- if (isset($attr['shadowExpire'][0])) $return[$i]->unix_pwdexpire = $attr['shadowExpire'][0]*86400;
-
- // load hosts attributes if set
- $j=0;
- while (isset($attr['host'][$j])) {
- if ($j==0) $return[$i]->unix_host = $attr['host'][$j];
- else $return[$i]->unix_host = $return[$i]->unix_host . ', ' . $attr['host'][$j];
- $j++;
- }
-
- // load objectclasses
- $j=0;
- while (isset($attr['objectClass'][$j])) {
- $return[$i]->general_objectClass[$j] = $attr['objectClass'][$j];
- $j++;
- }
-
- // load personal settings
- if (isset($attr['givenName'][0])) $return[$i]->general_givenname = utf8_decode($attr['givenName'][0]);
- if (isset($attr['sn'][0])) $return[$i]->general_surname = utf8_decode($attr['sn'][0]);
- if (isset($attr['title'][0])) $return[$i]->personal_title = utf8_decode($attr['title'][0]);
- if (isset($attr['mail'][0])) $return[$i]->personal_mail = utf8_decode($attr['mail'][0]);
- if (isset($attr['telephoneNumber'][0])) $return[$i]->personal_telephoneNumber = utf8_decode($attr['telephoneNumber'][0]);
- if (isset($attr['mobileTelephoneNumber'][0])) $return[$i]->personal_mobileTelephoneNumber = utf8_decode($attr['mobileTelephoneNumber'][0]);
- else if (isset($attr['mobile'][0])) $return[$i]->personal_mobileTelephoneNumber = utf8_decode($attr['mobile'][0]);
- if (isset($attr['facsimileTelephoneNumber'][0])) $return[$i]->personal_facsimileTelephoneNumber = utf8_decode($attr['facsimileTelephoneNumber'][0]);
- if (isset($attr['street'][0])) $return[$i]->personal_street = utf8_decode($attr['street'][0]);
- if (isset($attr['postalCode'][0])) $return[$i]->personal_postalCode = utf8_decode($attr['postalCode'][0]);
- if (isset($attr['postalAddress'][0])) $return[$i]->personal_postalAddress = utf8_decode($attr['postalAddress'][0]);
- if (isset($attr['employeeType'][0])) $return[$i]->personal_employeeType = utf8_decode($attr['employeeType'][0]);
-
- if (isset($attr['userPassword'][0])) {
- $return[$i]->unix_password = $attr['userPassword'][0];
- $return[$i]->unix_deactivated=!pwd_is_enabled($attr['userPassword'][0]);
- }
- if (isset($attr['displayName'][0])) $return[$i]->smb_displayName = utf8_decode($attr['displayName'][0]);
-
- // sambaSamAccount (Samba3) is used.
- if (in_array('sambaSamAccount', $attr['objectClass'])) {
- /* Write attributes into $return.
- * Some values don't have to be set. These are only loaded if they are set
- */
- if (isset($attr['sambaAcctFlags'][0])) {
- if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return[$i]->smb_flags['D']=true;
- if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return[$i]->smb_flags['X']=true;
- if (strrpos($attr['sambaAcctFlags'][0], 'N')) $return[$i]->smb_flags['N']=true;
- if (strrpos($attr['sambaAcctFlags'][0], 'S')) $return[$i]->smb_flags['S']=true;
- if (strrpos($attr['sambaAcctFlags'][0], 'H')) $return[$i]->smb_flags['H']=true;
- }
- if (isset($attr['sambaPwdCanChange'][0])) $return[$i]->smb_pwdcanchange = $attr['sambaPwdCanChange'][0];
- if (isset($attr['sambaPwdMustChange'][0])) $return[$i]->smb_pwdmustchange = $attr['sambaPwdMustChange'][0];
- if (isset($attr['sambaHomePath'][0])) $return[$i]->smb_smbhome = utf8_decode($attr['sambaHomePath'][0]);
- if (isset($attr['sambaHomeDrive'][0])) $return[$i]->smb_homedrive = $attr['sambaHomeDrive'][0];
- if (isset($attr['sambaLogonScript'][0])) $return[$i]->smb_scriptPath = utf8_decode($attr['sambaLogonScript'][0]);
- if (isset($attr['sambaProfilePath'][0])) $return[$i]->smb_profilePath = $attr['sambaProfilePath'][0];
- if (isset($attr['sambaUserWorkstations'][0])) $return[$i]->smb_smbuserworkstations = $attr['sambaUserWorkstations'][0];
- if (isset($attr['sambaNTPassword'][0])) $return[$i]->smb_password = $attr['sambaNTPassword'][0];
- if (isset($attr['sambaDomainName'][0])) {
- if ($_SESSION['config']->is_samba3()) {
- $j=0;
- while (!isset($return[$i]->smb_domain) && (count($samba3domains)>$j)) {
- if ($attr['sambaDomainName'][0] == $samba3domains[$j]->name)
- $return[$i]->smb_domain = $samba3domains[$j];
- else $j++;
- }
- }
- // store smb_domain as string
- if (!isset($return[$i]->smb_domain)) $return[$i]->smb_domain = $attr['sambaDomainName'];
- }
- if (isset($attr['sambaPrimaryGroupSID'][0])) {
- if ($_SESSION['config']->is_samba3())
- // store "real" SID if we want to save user as samba3 entry
- $return[$i]->smb_mapgroup = $attr['sambaPrimaryGroupSID'][0];
- // store "calculated" id if we want to save user as samba2.2 entry
- else $return[$i]->smb_mapgroup = 2*$attr['gidNumber'][0]+1001;
- }
- }
-
- // sambaSamAccount (Samba2.2) is used.
- // second argument should prevent samba3 settings to be overwritten from samba 2.2 settings
- if ( (in_array('sambaAccount', $attr['objectClass'])) && (!$_SESSION['config']->is_samba3() || !isset($return[$i]->smb_domain))) {
- if (isset($attr['acctFlags'][0])) {
- if (strrpos($attr['acctFlags'][0], 'D')) $return[$i]->smb_flags['D']=true;
- if (strrpos($attr['acctFlags'][0], 'X')) $return[$i]->smb_flags['X']=true;
- if (strrpos($attr['acctFlags'][0], 'N')) $return[$i]->smb_flags['N']=true;
- if (strrpos($attr['acctFlags'][0], 'S')) $return[$i]->smb_flags['S']=true;
- if (strrpos($attr['acctFlags'][0], 'H')) $return[$i]->smb_flags['H']=true;
- }
- if (isset($attr['ntPassword'][0])) $return[$i]->smb_password = $attr['ntPassword'][0];
- if (isset($attr['smbHome'][0])) $return[$i]->smb_smbhome = utf8_decode($attr['smbHome'][0]);
- if (isset($attr['pwdCanChange'][0])) $return[$i]->smb_pwdcanchange = $attr['pwdCanChange'][0];
- if (isset($attr['pwdMustChange'][0])) $return[$i]->smb_pwdmustchange = $attr['pwdMustChange'][0];
- if (isset($attr['homeDrive'][0])) $return[$i]->smb_homedrive = $attr['homeDrive'][0];
- if (isset($attr['scriptPath'][0])) $return[$i]->smb_scriptPath = utf8_decode($attr['scriptPath'][0]);
- if (isset($attr['profilePath'][0])) $return[$i]->smb_profilePath = $attr['profilePath'][0];
- if (isset($attr['userWorkstations'][0])) $return[$i]->smb_smbuserworkstations = $attr['userWorkstations'][0];
- if (isset($attr['domain'][0])) {
- if ($_SESSION['config']->is_samba3()) {
- $j=0;
- while (!isset($return[$i]->smb_domain) && (count($samba3domains)>$j)) {
- if ($attr['domain'][0] == $samba3domains[$j]->name)
- $return[$i]->smb_domain = $samba3domains[$j];
- else $j++;
- }
- }
- // store smb_domain as string
- if (!isset($return[$i]->smb_domain)) $return[$i]->smb_domain = $attr['domain'];
- }
- if (isset($attr['primaryGroupID'][0])) {
- if ($_SESSION['config']->is_samba3())
- // store "real" SID if we want to save user as samba3 entry
- $return[$i]->smb_mapgroup = $return[$i]->smb_domain->SID. '-' . (2*$attr['primaryGroupID'][0]+1);
- // store "calculated" id if we want to save user as samba2.2 entry
- else $return[$i]->smb_mapgroup = $attr['primaryGroupID'][0];
- }
- }
- }
- $i++;
- $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
- }
-
- // Return array if $dns is an array
- // else return string
- if (is_array($dns)) return $return;
- else return $return[0];
- }
-
-
-
-/* This function will load all needed values from an existing host account
-* $dn is the dn(string) of the host which should be loaded
-* return-value is an account-object
-*/
-function loadhost($dn) {
- // Create new object
- $return = new account();
- // Set type of account
- $return->type='host';
- // Load hostattributes from ldap
- $result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- $return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
- $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
-
- // Set host samba flags
- $return->smb_flags['W'] = true;
- $return->smb_flags['X'] = true;
- // load objectclasses
- $i=0;
- while (isset($attr['objectClass'][$i])) {
- $return->general_objectClass[$i] = $attr['objectClass'][$i];
- $i++;
- }
-
- $return->general_username = $attr['uid'][0];
- $return->general_uidNumber = $attr['uidNumber'][0];
- if (isset($attr['gecos'][0])) $return->general_gecos = utf8_decode($attr['gecos'][0]);
-
- // Get Groupname
- $return->general_group = getgrnam($attr['gidNumber'][0]);
-
- // sambaSamAccount (Samba3) is used.
- if (in_array('sambaSamAccount', $attr['objectClass'])) {
- /* Write attributes into $return.
- * Some values don't have to be set. These are only loaded if they are set
- */
- if (isset($attr['sambaAcctFlags'][0])) {
- // we load a workstation
- $return->smb_flags['W']=true;
- if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flags['X']=true;
- // Because the "D"-Flag is ignored for hosts it has been removed
- }
- if (isset($attr['sambaDomainName'][0])) {
- if ($_SESSION['config']->is_samba3()) {
- // store smb_domain as samba3domain-Object
- $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
- $i=0;
- while (!isset($return->smb_domain) && (count($samba3domains)>$i)) {
- if ($attr['sambaDomainName'][0] == $samba3domains[$i]->name)
- $return->smb_domain = $samba3domains[$i];
- else $i++;
- }
- }
- // store smb_domain as string
- if (!isset($return->smb_domain)) $return->smb_domain = $attr['sambaDomainName'];
- }
- if (isset($attr['sambaPrimaryGroupSID'][0])) {
- if ($_SESSION['config']->is_samba3())
- // store "real" SID if we want to save user as samba3 entry
- $return->smb_mapgroup = $attr['sambaPrimaryGroupSID'][0];
- // store "calculated" id if we want to save user as samba2.2 entry
- else $return->smb_mapgroup = 2*$attr['gidNumber'][0]+1001;
- }
- // return value to prevent loaded values to be overwritten from old samba 2.2 attributes
- if ($_SESSION['config']->is_samba3()) return $return;
- }
-
- // sambaSamAccount (Samba2.2) is used.
- if (in_array('sambaAccount', $attr['objectClass'])) {
- if (isset($attr['acctFlags'][0])) {
- // we load a workstation
- $return->smb_flags['W']=true;
- if (strrpos($attr['acctFlags'][0], 'X')) $return->smb_flags['X']=true;
- // Because the "D"-Flag is ignored for hosts it has been removed
- }
- if (isset($attr['domain'][0])) {
- if ($_SESSION['config']->is_samba3()) {
- // store smb_domain as samba3domain-Object
- $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
- $i=0;
- while (!isset($return->smb_domain) && (count($samba3domains)>$i)) {
- if ($attr['domain'][0] == $samba3domains[$i]->name)
- $return->smb_domain = $samba3domains[$i];
- else $i++;
- }
- }
- // store smb_domain as string
- if (!isset($return->smb_domain)) $return->smb_domain = $attr['domain'];
- }
- if (isset($attr['primaryGroupID'][0])) {
- if ($_SESSION['config']->is_samba3())
- // store "real" SID if we want to save user as samba3 entry
- $return->smb_mapgroup = $return->smb_domain->SID. '-' . (2*$attr['primaryGroupID'][0]+1);
- // store "calculated" id if we want to save user as samba2.2 entry
- else $return->smb_mapgroup = $attr['primaryGroupID'][0];
- }
- }
- return $return;
- }
-
-
-/* This function will load all needed values from an existing group account
-* $dn is the dn(string) of the group which should be loaded
-* return-value is an account-object
-*/
-function loadgroup($dn) {
- // Create new object
- $return = new account();
- // Set type of account
- $return->type='group';
- // Load userattributes from ldap
- $result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixGroup");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- $return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
- $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
-
- /* Write attributes into $return.
- * Some values don't have to be set. These are only loaded if they are set
- */
-
- // load objectclasses
- $i=0;
- while (isset($attr['objectClass'][$i])) {
- $return->general_objectClass[$i] = $attr['objectClass'][$i];
- $i++;
- }
- // Load Users which are also members of group
- $i=0;
- while (isset($attr['memberUid'][$i])) {
- $return->unix_memberUid[$i] = $attr['memberUid'][$i];
- $i++;
- }
-
- $return->general_uidNumber = $attr['gidNumber'][0];
- $return->general_username = $attr['cn'][0];
- if (isset($attr['description'][0])) $return->general_gecos = utf8_decode($attr['description'][0]);
-
- if (isset($attr['sambaSID'][0])) {
- // Samba3 Samba 2.2 don't have any objects for groups
- $return->smb_mapgroup = $attr['sambaSID'][0];
- if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
- // extract SID from sambaSID to find domain
- $temp = explode('-', $attr['sambaSID'][0]);
- $SID = $temp[0].'-'.$temp[1].'-'.$temp[2].'-'.$temp[3].'-'.$temp[4].'-'.$temp[5].'-'.$temp[6];
- $samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
- $i=0;
- while (!isset($return->smb_domain) && (count($samba3domains)>$i)) {
- if ($SID == $samba3domains[$i]->SID)
- $return->smb_domain = $samba3domains[$i];
- else $i++;
- }
- }
- return $return;
- }
-
-
-/* This function will create a new user acconut in ldap
-* $values is an account-object with all attributes of the user
-* if lamdaemon.pl is false no quotas are set. Usefull for massupload and deletion
-* return-value is an integer
-* 1 == Account has been created
-* 2 == Account already exists at different location
-* 4 == Error while creating Account
-*/
-function createuser($values, $uselamdaemon=true) {
- // These Objectclasses are needed for an user account
- $attr['objectClass'][0] = 'posixAccount';
- $attr['objectClass'][1] = 'shadowAccount';
- $attr['objectClass'][2] = 'inetOrgPerson';
- // Create DN for new user account
- $values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
- // decrypt password because we don't want to store them unencrypted in session
- if ($values->unix_password != '') {
- $values->unix_password = $_SESSION['ldap']->decrypt(base64_decode($values->unix_password));
- }
- if ($values->smb_password != '') {
- $values->smb_password = $_SESSION['ldap']->decrypt(base64_decode($values->smb_password));
- }
-
- // Attributes which are required
- $attr['cn'] = $values->general_username;
- $attr['uid'] = $values->general_username;
- $attr['uidNumber'] = $values->general_uidNumber;
- $attr['gidNumber'] = getgid($values->general_group);
- $attr['homeDirectory'] = $values->general_homedir;
- $attr['givenName'] = utf8_encode($values->general_givenname);
- $attr['sn'] = utf8_encode($values->general_surname);
- // values stored in shadowExpire, days since 1.1.1970
- if (isset($values->unix_pwdexpire)) $attr['shadowExpire'] = intval($values->unix_pwdexpire / 86400) ;
-
- /* Write unix attributes into $attr array
- * Some values don't have to be set. These are only loaded if they are set
- */
- $attr['loginShell'] = $values->general_shell; // posixAccount_may
- $attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
- $attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may
- if ($values->unix_pwdminage!='') $attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
- if ($values->unix_pwdmaxage!='') $attr['shadowMax'] = $values->unix_pwdmaxage; // shadowAccount_may
- if ($values->unix_pwdwarn!='') $attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
- if ($values->unix_pwdallowlogin!='') $attr['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
- // Set unix password
- $attr['shadowLastChange'] = getdays(); // shadowAccount_may
- if ($values->unix_password_no) $values->unix_password = '';
- if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
- else $attr['userPassword'] = pwd_hash($values->unix_password);
-
- // explode host-string and save every allowed host as separate attribute
- $values->unix_host = str_replace(' ', '', $values->unix_host);
- $hosts = explode (',', $values->unix_host);
- $i=0;
- while(isset($hosts[$i])) {
- if ($hosts[$i]!='') $attr['host'][$i] = $hosts[$i];
- $i++;
- }
-
- // Samba attributes
- if ($_SESSION['config']->is_samba3()) {
- // Add all attributes as samba3 objectclass
- $attr['objectClass'][3] = 'sambaSamAccount';
- if ($values->smb_flags['N']) {
- // Don't set samba-passwords
- $attr['sambaNTPassword'] = 'NO PASSWORD*****';
- $attr['sambaLMPassword'] = 'NO PASSWORD*****';
- }
- else {
- // use escapeshellarg() to make command shell-secure
- // Set samba-passwords with external perl-script
- $attr['sambaNTPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
- $attr['sambaLMPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
- }
- $attr['sambaPwdLastSet'] = time();
- // Generate SID
- $attr['sambaSID'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
-
- //if ($values->smb_mapgroup!='') $attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_req
- ldapreload('group');
- foreach ($_SESSION['groupDN'] as $groupname) {
- if ($groupname['cn'] == $values->general_group) $attr['sambaPrimaryGroupSID'] = $groupname['sambaSID'];
- }
- if ($values->smb_pwdcanchange!='') $attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
- else $attr['sambaPwdCanChange'] = time(); // sambaAccount_may
- if ($values->smb_pwdmustchange!='') $attr['sambaPwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
- else $attr['sambaPwdMustChange'] = time() + 1000000000; // sambaAccount_may
- $attr['sambaAcctFlags'] = smbflag($values->smb_flags); // sambaAccount_may
- $attr['displayName'] = $values->general_gecos; // sambaAccount_may
- if ($values->smb_smbhome!='') $attr['sambaHomePath'] = utf8_encode($values->smb_smbhome); // sambaAccount_may
- if ($values->smb_homedrive!='') $attr['sambaHomeDrive'] = $values->smb_homedrive; // sambaAccount_may
- if ($values->smb_scriptPath!='') $attr['sambaLogonScript'] = utf8_encode($values->smb_scriptPath); // sambaAccount_may
- if ($values->smb_profilePath!='') $attr['sambaProfilePath'] = $values->smb_profilePath; // sambaAccount_may
- if ($values->smb_smbuserworkstations!='') $attr['sambaUserWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
- if ($values->smb_domain!='') $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
- }
- else {
- // Add all attributes as samba2.2 objectclass
- $attr['objectClass'][3] = 'sambaAccount';
- if ($values->smb_flags['N']) {
- // Don't set samba-passwords
- $attr['ntPassword'] = 'NO PASSWORD*****';
- $attr['lmPassword'] = 'NO PASSWORD*****';
- }
- else {
- // use escapeshellarg() to make command shell-secure
- // Set samba-passwords with external perl-script
- $attr['ntPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
- $attr['lmPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
- }
- $attr['pwdLastSet'] = time();
- // Generate pseudo SID
- $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
- $attr['primaryGroupID'] = $values->smb_mapgroup; // sambaAccount_req
- if ($values->smb_pwdcanchange!='') $attr['pwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
- else $attr['pwdCanChange'] = time(); // sambaAccount_may
- if ($values->smb_pwdmustchange!='') $attr['pwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
- else $attr['pwdMustChange'] = time() + 1000000000; // sambaAccount_may
- $attr['pwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
- $attr['acctFlags'] = smbflag($values->smbflags); // sambaAccount_may
- $attr['displayName'] = $values->general_gecos; // sambaAccount_may
- if ($values->smb_smbhome!='') $attr['smbHome'] = utf8_encode($values->smb_smbhome); // sambaAccount_may
- if ($values->smb_homedrive!='') $attr['homeDrive'] = $values->smb_homedrive; // sambaAccount_may
- if ($values->smb_scriptPath!='') $attr['scriptPath'] = utf8_encode($values->smb_scriptPath); // sambaAccount_may
- if ($values->smb_profilePath!='') $attr['profilePath'] = $values->smb_profilePath; // sambaAccount_may
- if ($values->smb_smbuserworkstations!='') $attr['userWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
- if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
- }
- $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
-
- // personal attributes
- if ($values->personal_title!='') $attr['title'] = utf8_encode($values->personal_title);
- if ($values->personal_mail!='') $attr['mail'] = utf8_encode($values->personal_mail);
- if ($values->personal_telephoneNumber!='') $attr['telephoneNumber'] = utf8_encode($values->personal_telephoneNumber);
- if ($values->personal_mobileTelephoneNumber!='') $attr['mobileTelephoneNumber'] = utf8_encode($values->personal_mobileTelephoneNumber);
- if ($values->personal_facsimileTelephoneNumber!='') $attr['facsimileTelephoneNumber'] = utf8_encode($values->personal_facsimileTelephoneNumber);
- if ($values->personal_street!='') $attr['street'] = utf8_encode($values->personal_street);
- if ($values->personal_postalCode!='') $attr['postalCode'] = utf8_encode($values->personal_postalCode);
- if ($values->personal_postalAddress!='') $attr['postalAddress'] = utf8_encode($values->personal_postalAddress);
- if ($values->personal_employeeType!='') $attr['employeeType'] = utf8_encode($values->personal_employeeType);
-
- // Create LDAP user account
- $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
- // Continue if now error did ocour
- if (!$success) return 4;
-
- if ($_SESSION['config']->scriptServer && $uselamdaemon) {
- // lamdaemon.pl should be used
- // Set quotas if quotas are used
- if (is_array($values->quota)) setquotas(array($values));
- // Create Homedirectory
- addhomedir(array($values->general_username));
- }
-
- // Add User to Additional Groups
- if (isset($values->general_groupadd[0]))
- // Loop for every group
- foreach ($values->general_groupadd as $group2) {
- // Search for group in LDAP
- $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "(&(objectclass=posixGroup)(cn=$group2))", array(''));
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- // Get DN
- $dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
- // Add user to group
- $success = ldap_mod_add($_SESSION['ldap']->server(), $dn, array('memberUid' => $values->general_username));
- if (!$success) return 4;
- // Add new memberUid to cache-array
- ldapreload('group');
- $_SESSION['groupDN'][$dn]['memberUid'][] = $values->general_username;
- }
- // Add new user to cache-array
- if ((isset($_SESSION['userDN']))) {
- $_SESSION['userDN'][$values->general_dn]['cn'] = $values->general_username;
- $_SESSION['userDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
- }
- // Everything is OK, return 1
- return 1;
- }
-
-/* This function will modify a user acconut in ldap
-* $values and $values_old are an account-object with all
-* attributes of the user.
-* if lamdaemon.pl is false no quotas are set. Usefull for massupload and deletion
-* Only attributes which have changed will be written
-* return-value is an integer
-* 2 == Account already exists at different location
-* 3 == Account has been modified
-* 5 == Error while modifying Account
-*/
-function modifyuser($values,$values_old,$uselamdaemon=true) { // Will modify the LDAP-Account
- // Add missing objectclasses to user
- if (!in_array('posixAccount', $values->general_objectClass)) {
- $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'posixAccount';
- }
- if (!in_array('shadowAccount', $values->general_objectClass)) {
- if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'shadowAccount';
- }
- // Create DN for new user account
- $values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
- // decrypt password because we don't want to store them unencrypted in session
- if ($values->unix_password != '') {
- $values->unix_password = $_SESSION['ldap']->decrypt(base64_decode($values->unix_password));
- }
- if ($values->smb_password != '') {
- $values->smb_password = $_SESSION['ldap']->decrypt(base64_decode($values->smb_password));
- }
- // Attributes which are required
- if ($values->general_username != $values_old->general_username) {
- $attr['cn'] = $values->general_username;
- $attr['uid'] = $values->general_username;
- }
- if ($values->general_uidNumber != $values_old->general_uidNumber) {
- $attr['uidNumber'] = $values->general_uidNumber;
- // Because sambaSid(rid) is related to uidNumber we have to change it if uidNumbaer has changed
- if ($_SESSION['config']->is_samba3())
- $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase);
- else $attr['rid'] = (2 * $values->general_uidNumber + 1000);
- }
- if ($values->general_group != $values_old->general_group) {
- $attr['gidNumber'] = getgid($values->general_group);
- // Because primaryGroup(S)ID is related to gidNumber we have to change it if gidNumber has changed
- if ($_SESSION['config']->is_samba3()) {
- // We use samba 3 schema
- // Change SID only if we don't use a well known SID
- ldapreload('group');
- foreach ($_SESSION['groupDN'] as $groupname) {
- if ($groupname['cn'] == $values->general_group) $attr['sambaPrimaryGroupSID'] = $groupname['sambaSID'];
- }
- }
- else {
- // We use old samba 2.2 schema
- // Change SID only if we don't use a well known SID
- if ($values->smb_mapgroup== '512') $found=true;
- if ($values->smb_mapgroup== '513') $found=true;
- if ($values->smb_mapgroup== '514') $found=true;
- if (!$found) $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001);
- }
- }
- if ($values->general_homedir != $values_old->general_homedir)
- $attr['homeDirectory'] = $values->general_homedir;
- if ($values->general_givenname!=$values_old->general_givenname) $attr['givenName'] = utf8_encode($values->general_givenname);
- if ($values->general_surname!=$values_old->general_surname) $attr['sn'] = utf8_encode($values->general_surname);
-
- /* Write unix attributes into $attr array
- * Some values don't have to be set. These are only loaded if they are set
- */
- if ($values->general_shell != $values_old->general_shell)
- $attr['loginShell'] = $values->general_shell;
- if ($values->general_gecos != $values_old->general_gecos) {
- $attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos));
- $attr['description'] = utf8_encode($values->general_gecos);
- }
- if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage !=''))
- $attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
- if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage ==''))
- $attr_rem['shadowMin'] = $values_old->unix_pwdminage; // shadowAccount_may
- if (($values->unix_pwdmaxage != $values_old->unix_pwdmaxage) && ($values->unix_pwdmaxage !=''))
- $attr['shadowMax'] = $values->unix_pwdmaxage; // shadowAccount_may
- if (($values->unix_pwdmaxage != $values_old->unix_pwdmaxage) && ($values->unix_pwdmaxage ==''))
- $attr_rem['shadowMax'] = $values_old->unix_pwdmaxage; // shadowAccount_may
- if (($values->unix_pwdwarn != $values_old->unix_pwdwarn) && ($values->unix_pwdwarn !=''))
- $attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
- if (($values->unix_pwdwarn != $values_old->unix_pwdwarn) && ($values->unix_pwdwarn ==''))
- $attr_rem['shadowWarning'] = $values_old->unix_pwdwarn; // shadowAccount_may
- if (($values->unix_pwdallowlogin != $values_old->unix_pwdallowlogin) && ($values->unix_pwdallowlogin !=''))
- $attr['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
- if (($values->unix_pwdallowlogin != $values_old->unix_pwdallowlogin) && ($values->unix_pwdallowlogin ==''))
- $attr_rem['shadowInactive'] = $values_old->unix_pwdallowlogin; // shadowAccount_may
- // Check if shadow expire has changed
- if ($values->unix_pwdexpire != $values_old->unix_pwdexpire) $attr['shadowExpire'] = intval($values->unix_pwdexpire / 86400) ;
- // Set unix password
- if ($values->unix_password=='') {
- // $values->unix_password=='' means use old password
- if ($values->unix_deactivated != $values_old->unix_deactivated) {
- // (de)activate password
- // Split old password hash in {CRYPT} and password-hash
- $i = 0;
- while ($values_old->unix_password{$i} != '}') $i++;
- $passwd = substr($values_old->unix_password, $i+1 );
- $crypt = substr($values_old->unix_password, 0, $i+1 );
- // remove trailing ! from password hash
- if ($passwd{0} == '!') $passwd = substr($passwd, 1);
- // Write new password
- if ($values->unix_deactivated) $attr['userPassword'] = $crypt.'!'.$passwd;
- else $attr['userPassword'] = $crypt.$passwd;
- }
- if ($values->unix_password_no) {
- // use no password
- if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash('', false);
- else $attr['userPassword'] = pwd_hash('');
- $attr['shadowLastChange'] = getdays(); // shadowAccount_may
- }
- }
- else {
- // Set new password
- if ($values->unix_password_no) $values->unix_password = '';
- if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
- else $attr['userPassword'] = pwd_hash($values->unix_password);
- $attr['shadowLastChange'] = getdays(); // shadowAccount_may
- }
- // explode host-string and save every allowed host as separate attribute
- if (($values->unix_host != $values_old->unix_host)) {
- $values->unix_host = str_replace(' ', '', $values->unix_host);
- $host = explode (',', $values->unix_host);
- $values_old->unix_host = str_replace(' ', '', $values_old->unix_host);
- $host_old = explode (',', $values_old->unix_host);
- if ($host[0]=='') $attr_rem['host'] = $host_old;
- else if ($host[0]!='') $attr['host'] = $host;
- }
-
- // Samba attributes
- if ($_SESSION['config']->is_samba3()) {
- if (!in_array('sambaSamAccount', $values->general_objectClass)) {
- // We have to convert sambaAccount Objectclass to sambaSamAccount objectclass
- if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'sambaSamAccount';
- // unset old sambaAccount objectClass
- for ($i=0; $iserver(), $values_old->general_dn, "objectclass=PosixAccount");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- $attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- // Add new attributed
- if (isset($attr_old['lmPassword'][0])) $attr['sambaLMPassword'] = $attr_old['lmPassword'][0];
- if (isset($attr_old['ntPassword'][0])) $attr['sambaNTPassword'] = $attr_old['ntPassword'][0];
- if (isset($attr_old['pwdLastSet'][0])) $attr['sambaPwdLastSet'] = $attr_old['pwdLastSet'][0];
- if (isset($attr_old['logonTime'][0])) $attr['sambaLogonTime'] = $attr_old['logonTime'][0];
- if (isset($attr_old['logoffTime'][0])) $attr['sambaLogoffTime'] = $attr_old['logoffTime'][0];
- if (isset($attr_old['kickoffTime'][0])) $attr['sambaKickoffTime'] = $attr_old['kickoffTime'][0];
- if (isset($attr_old['pwdCanChange'][0])) $attr['sambaPwdCanChange'] = $attr_old['pwdCanChange'][0];
- if (isset($attr_old['pwdMustChange'][0])) $attr['sambaPwdMustChange'] = $attr_old['pwdMustChange'][0];
- if (isset($attr_old['smbHome'][0])) $attr['sambaHomePath'] = $attr_old['smbHome'][0];
- if (isset($attr_old['homeDrive'][0])) $attr['sambaHomeDrive'] = $attr_old['homeDrive'][0];
- if (isset($attr_old['scriptPath'][0])) $attr['sambaLogonScript'] = $attr_old['scriptPath'][0];
- if (isset($attr_old['profilePath'][0])) $attr['sambaProfilePath'] = $attr_old['profilePath'][0];
- if (isset($attr_old['userWorkstations'][0])) $attr['sambaUserWorkstations'] = $attr_old['userWorkstations'][0];
- // Values used from account object
- $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
- $attr['sambaAcctFlags'] = smbflag($values->flags); // sambaAccount_may
- $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
- $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
- $attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_req
- // remove old attributes
- if (in_array('sambaAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaAccount';
- if (isset($attr_old['lmPassword'][0])) $attr_rem['lmPassword'] = $attr_old['lmPassword'][0];
- if (isset($attr_old['ntPassword'][0])) $attr_rem['ntPassword'] = $attr_old['ntPassword'][0];
- if (isset($attr_old['pwdLastSet'][0])) $attr_rem['pwdLastSet'] = $attr_old['pwdLastSet'][0];
- if (isset($attr_old['logonTime'][0])) $attr_rem['logonTime'] = $attr_old['logonTime'][0];
- if (isset($attr_old['kickoffTime'][0])) $attr_rem['kickoffTime'] = $attr_old['kickoffTime'][0];
- if (isset($attr_old['pwdCanChange'][0])) $attr_rem['pwdCanChange'] = $attr_old['pwdCanChange'][0];
- if (isset($attr_old['pwdMustChange'][0])) $attr_rem['pwdMustChange'] = $attr_old['pwdMustChange'][0];
- if (isset($attr_old['smbHome'][0])) $attr_rem['smbHome'] = $attr_old['smbHome'][0];
- if (isset($attr_old['acctFlags'][0])) $attr_rem['acctFlags'] = $attr_old['acctFlags'][0];
- if (isset($attr_old['homeDrive'][0])) $attr_rem['homeDrive'] = $attr_old['homeDrive'][0];
- if (isset($attr_old['scriptPath'][0])) $attr_rem['scriptPath'] = $attr_old['scriptPath'][0];
- if (isset($attr_old['profilePath'][0])) $attr_rem['profilePath'] = $attr_old['profilePath'][0];
- if (isset($attr_old['userWorkstations'][0])) $attr_rem['userWorkstations'] = $attr_old['userWorkstations'][0];
- if (isset($attr_old['primaryGroupID'][0])) $attr_rem['primaryGroupID'] = $attr_old['primaryGroupID'][0];
- if (isset($attr_old['domain'][0])) $attr_rem['domain'] = $attr_old['domain'][0];
- if (isset($attr_old['rid'][0])) $attr_rem['rid'] = $attr_old['rid'][0];
- }
- // Set all changed values
- if ($values->smb_flags['N']) {
- // use no samba Password
- $attr['sambaNTPassword'] = 'NO PASSWORD*****';
- $attr['sambaLMPassword'] = 'NO PASSWORD*****';
- $attr['sambaPwdLastSet'] = time(); // sambaAccount_may
- }
- else
- if ($values->smb_password!='') {
- // use escapeshellarg() to make command shell-secure
- // Set samba-passwords with external perl-script
- $attr['sambaNTPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
- $attr['sambaLMPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
- $attr['sambaPwdLastSet'] = time(); // sambaAccount_may
- }
- // Check which Samba-Attributes have changed
- if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
- if ($values->smb_pwdmustchange != $values_old->smb_pwdmustchange) $attr['sambaPwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
- if (smbflag($values->smb_flags) != smbflag($values_old->smb_flags)) $attr['sambaAcctFlags'] = smbflag($values->smb_flags); // sambaAccount_may
- if (($values->smb_smbhome!='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr['sambaHomePath'] = utf8_encode($values->smb_smbhome); // sambaAccount_may
- if (($values->smb_smbhome=='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr_rem['sambaHomePath'] = utf8_encode($values_old->smb_smbhome); // sambaAccount_may
- if (($values->smb_homedrive!='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr['sambaHomeDrive'] = $values->smb_homedrive; // sambaAccount_may
- if (($values->smb_homedrive=='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr_rem['sambaHomeDrive'] = $values_old->smb_homedrive; // sambaAccount_may
- if (($values->smb_scriptPath!='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr['sambaLogonScript'] = utf8_encode($values->smb_scriptPath); // sambaAccount_may
- if (($values->smb_scriptPath=='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr_rem['sambaLogonScript'] = utf8_encode($values_old->smb_scriptPath); // sambaAccount_may
- if (($values->smb_profilePath!='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr['sambaProfilePath'] = $values->smb_profilePath; // sambaAccount_may
- if (($values->smb_profilePath=='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr_rem['sambaProfilePath'] = $values_old->smb_profilePath; // sambaAccount_may
- if (($values->smb_smbuserworkstations!='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr['sambaUserWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
- if (($values->smb_smbuserworkstations=='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr_rem['sambaUserWorkstations'] = $values_old->smb_smbuserworkstations; // sambaAccount_may
- if ($values->smb_domain->name!=$values_old->smb_domain->name) {
- $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
- $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase);
- $attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-".
- (2 * getgid($values->general_group) + $values->smb_domain->RIDbase+1);
- }
- if (($values->smb_mapgroup!='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) {
- ldapreload('group');
- foreach ($_SESSION['groupDN'] as $groupname) {
- if ($groupname['cn'] == $values->general_group) $attr['sambaPrimaryGroupSID'] = $groupname['sambaSID'];
- }
- }
- if ($values->smb_displayName != $values_old->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
- }
- else {
- // use old samba 2.2 objectclass
- if (!in_array('sambaAccount', $values->general_objectClass)) {
- // Add or convert samba attributes & object to samba 2.2
- if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'sambaAccount';
- // unset old sambaAccount objectClass
- for ($i=0; $iserver(), $values_old->general_dn, "objectclass=PosixAccount");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- $attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- if (isset($attr_old['sambaLMPassword'][0])) $attr['lmPassword'] = $attr_old['sambaLMPassword'][0];
- if (isset($attr_old['sambaNTPassword'][0])) $attr['ntPassword'] = $attr_old['sambaNTPassword'][0];
- if (isset($attr_old['sambaPwdLastSet'][0])) $attr['pwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
- if (isset($attr_old['sambaLogonTime'][0])) $attr['logonTime'] = $attr_old['sambaLogonTime'][0];
- if (isset($attr_old['sambaLogoffTime'][0])) $attr['logoffTime'] = $attr_old['sambaLogoffTime'][0];
- if (isset($attr_old['sambaKickoffTime'][0])) $attr['kickoffTime'] = $attr_old['sambaKickoffTime'][0];
- if (isset($attr_old['sambaPwdCanChange'][0])) $attr['pwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
- if (isset($attr_old['sambaPwdMustChange'][0])) $attr['pwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
- if (isset($attr_old['sambaHomePath'][0])) $attr['smbHome'] = $attr_old['sambaHomePath'][0];
- if (isset($attr_old['sambaHomeDrive'][0])) $attr['homeDrive'] = $attr_old['sambaHomeDrive'][0];
- if (isset($attr_old['sambaLogonScript'][0])) $attr['scriptPath'] = $attr_old['sambaLogonScript'][0];
- if (isset($attr_old['sambaProfilePath'][0])) $attr['profilePath'] = $attr_old['sambaProfilePath'][0];
- if (isset($attr_old['sambaUserWorkstations'][0])) $attr['userWorkstations'] = $attr_old['sambaUserWorkstations'][0];
- // Values used from account object
- $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
- $attr['acctFlags'] = smbflag($values->smb_flags); // sambaAccount_may
- if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
- $attr['primaryGroupID'] = $values->smb_mapgroup; // sambaAccount_req
- $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
- // remove old attributes
- if (in_array('sambaSamAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaSamAccount';
- if (isset($attr_old['sambaLMPassword'][0])) $attr_rem['sambaLMPassword'] = $attr_old['sambaLMPassword'][0];
- if (isset($attr_old['sambaNTPassword'][0])) $attr_rem['sambaNTPassword'] = $attr_old['sambaNTPassword'][0];
- if (isset($attr_old['sambaPwdLastSet'][0])) $attr_rem['sambaPwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
- if (isset($attr_old['sambaLogonTime'][0])) $attr_rem['sambaLogonTime'] = $attr_old['sambaLogonTime'][0];
- if (isset($attr_old['sambaKickoffTime'][0])) $attr_rem['sambaKickoffTime'] = $attr_old['sambaKickoffTime'][0];
- if (isset($attr_old['sambaPwdCanChange'][0])) $attr_rem['sambaPwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
- if (isset($attr_old['sambaPwdMustChange'][0])) $attr_rem['sambaPwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
- if (isset($attr_old['sambaHomePath'][0])) $attr_rem['sambaHomePath'] = $attr_old['sambaHomePAth'][0];
- if (isset($attr_old['sambaAcctFlags'][0])) $attr_rem['sambaAcctFlags'] = $attr_old['sambaAcctFlags'][0];
- if (isset($attr_old['sambaHomeDrive'][0])) $attr_rem['sambaHomeDrive'] = $attr_old['sambaHomeDrive'][0];
- if (isset($attr_old['sambaLogonScript'][0])) $attr_rem['sambaLogonScript'] = $attr_old['sambaLogonScript'][0];
- if (isset($attr_old['sambaProfilePath'][0])) $attr_rem['sambaProfilePath'] = $attr_old['sambaProfilePath'][0];
- if (isset($attr_old['sambaUserWorkstations'][0])) $attr_rem['sambaUserWorkstations'] = $attr_old['sambaUserWorkstations'][0];
- if (isset($attr_old['sambaPrimaryGroupID'][0])) $attr_rem['sambaPrimaryGroupID'] = $attr_old['sambaPrimaryGroupID'][0];
- if (isset($attr_old['sambaDomainName'][0])) $attr_rem['sambaDomainName'] = $attr_old['sambaDomainName'][0];
- if (isset($attr_old['sambaSID'][0])) $attr_rem['sambaSID'] = $attr_old['sambaSID'][0];
- }
- // Set all changed values
- if ($values->smb_flags['N']) {
- // use no samba Password
- $attr['ntPassword'] = 'NO PASSWORD*****';
- $attr['lmPassword'] = 'NO PASSWORD*****';
- $attr['pwdLastSet'] = time();
- }
- else
- if ($values->smb_password!='') {
- // use escapeshellarg() to make command shell-secure
- // Set samba-passwords with external perl-script
- $attr['ntPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
- $attr['lmPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
- $attr['pwdLastSet'] = time(); // sambaAccount_may
- }
- // Check which Samba-Attributes have changed
- if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['pwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
- if ($values->smb_pwdmustchange != $values_old->smb_pwdmustchange) $attr['pwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
- if (smbflag($values->smb_flags) != smbflag($values_old->smb_flags)) $attr['acctFlags'] = smbflag($values->smb_flags); // sambaAccount_may
- if (($values->smb_smbhome!='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr['smbHome'] = utf8_encode($values->smb_smbhome); // sambaAccount_may
- if (($values->smb_smbhome=='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr_rem['smbHome'] = utf8_encode($values_old->smb_smbhome); // sambaAccount_may
- if (($values->smb_homedrive!='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr['homeDrive'] = $values->smb_homedrive; // sambaAccount_may
- if (($values->smb_homedrive=='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr_rem['homeDrive'] = $values_old->smb_homedrive; // sambaAccount_may
- if (($values->smb_scriptPath!='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr['scriptPath'] = utf8_encode($values->smb_scriptPath); // sambaAccount_may
- if (($values->smb_scriptPath=='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr_rem['scriptPath'] = utf8_encode($values_old->smb_scriptPath); // sambaAccount_may
- if (($values->smb_profilePath!='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr['profilePath'] = $values->smb_profilePath; // sambaAccount_may
- if (($values->smb_profilePath=='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr_rem['profilePath'] = $values_old->smb_profilePath; // sambaAccount_may
- if (($values->smb_smbuserworkstations!='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr['userWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
- if (($values->smb_smbuserworkstations=='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr_rem['userWorkstations'] = $values_old->smb_smbuserworkstations; // sambaAccount_may
- if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['domain'] = $values->smb_domain; // sambaAccount_may
- if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
- if (($values->smb_mapgroup!='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr['primaryGroupID'] = $values->smb_mapgroup; // sambaAccount_may
- if (($values->smb_mapgroup=='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr_rem['primaryGroupID'] = $values_old->smb_mapgroup;
- if ($values->smb_displayName != $values_old->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
- }
-
- // Check which personal attributes have changed
- if (($values->personal_title != $values_old->personal_title) && ($values->personal_title != ''))
- $attr['title'] = utf8_encode($values->personal_title);
- if (($values->personal_title != $values_old->personal_title) && ($values->personal_title == ''))
- $attr_rem['title'] = utf8_encode($values_old->personal_title);
- if (($values->personal_mail != $values_old->personal_mail) && ($values->personal_mail != ''))
- $attr['mail'] = utf8_encode($values->personal_mail);
- if (($values->personal_mail != $values_old->personal_mail) && ($values->personal_mail == ''))
- $attr_rem['mail'] = utf8_encode($values_old->personal_mail);
- if (($values->personal_telephoneNumber != $values_old->personal_telephoneNumber) && ($values->personal_telephoneNumber !=''))
- $attr['telephoneNumber'] = utf8_encode($values->personal_telephoneNumber);
- if (($values->personal_telephoneNumber != $values_old->personal_telephoneNumber) && ($values->personal_telephoneNumber ==''))
- $attr_rem['telephoneNumber'] = utf8_encode($values_old->personal_telephoneNumber);
- if (($values->personal_mobileTelephoneNumber != $values_old->personal_mobileTelephoneNumber) && ($values->personal_mobileTelephoneNumber!=''))
- $attr['mobileTelephoneNumber'] = utf8_encode($values->personal_mobileTelephoneNumber);
- if (($values->personal_mobileTelephoneNumber != $values_old->personal_mobileTelephoneNumber) && ($values->personal_mobileTelephoneNumber==''))
- $attr_rem['mobileTelephoneNumber'] = utf8_encode($values_old->personal_mobileTelephoneNumber);
- if (($values->personal_facsimileTelephoneNumber != $values_old->personal_facsimileTelephoneNumber) && ($values->personal_facsimileTelephoneNumber!=''))
- $attr['facsimileTelephoneNumber'] = utf8_encode($values->personal_facsimileTelephoneNumber);
- if (($values->personal_facsimileTelephoneNumber != $values_old->personal_facsimileTelephoneNumber) && ($values->personal_facsimileTelephoneNumber==''))
- $attr_rem['facsimileTelephoneNumber'] = utf8_encode($values_old->personal_facsimileTelephoneNumber);
- if (($values->personal_street != $values_old->personal_street) && ($values->personal_street!=''))
- $attr['street'] = utf8_encode($values->personal_street);
- if (($values->personal_street != $values_old->personal_street) && ($values->personal_street==''))
- $attr_rem['street'] = utf8_encode($values_old->personal_street);
- if (($values->personal_street != $values_old->personal_street) && ($values->personal_street!=''))
- $attr['postalCode'] = utf8_encode($values->personal_street);
- if (($values->personal_street != $values_old->personal_street) && ($values->personal_street==''))
- $attr_rem['postalCode'] = utf8_encode($values_old->personal_street);
- if (($values->personal_postalAddress != $values_old->personal_postalAddress) && ($values->personal_postalAddress!=''))
- $attr['postalAddress'] = utf8_encode($values->personal_postalAddress);
- if (($values->personal_postalAddress != $values_old->personal_postalAddress) && ($values->personal_postalAddress==''))
- $attr_rem['postalAddress'] = utf8_encode($values_old->personal_postalAddress);
- if (($values->personal_employeeType != $values_old->personal_employeeType) && ($values->personal_employeeType!=''))
- $attr['employeeType'] = utf8_encode($values->personal_employeeType);
- if (($values->personal_employeeType != $values_old->personal_employeeType) && ($values->personal_employeeType==''))
- $attr_rem['employeeType'] = utf8_encode($values_old->personal_employeeType);
-
- if (($values->general_uidNumber != $values_old->general_uidNumber) && $_SESSION['config']->scriptServer) {
- // Remove old quotas
- remquotas(array($values_old->general_username), "user");
- // Remove quotas from $values_old because we have to rewrite them all
- unset ($values_old->quota);
- }
-
- if ($values->general_dn != $values_old->general_dn) {
- // Account should be moved to a new location
- // Load old account
- $result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixAccount");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- $attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- // remove "count" from array
- unset($attr_old['count']);
- for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
- $keys = array_keys($attr_old);
- for ($i=0; $i < sizeof($keys); $i++)
- unset($attr_old[$keys[$i]]['count']);
- // Change uid to new uid. Else ldap won't create the new entry
- //$attr_old['uid'][0] = $values->general_username;
- $attr_rem_keys = @array_keys($attr_rem);
- for ($i=0; $iserver(),$values->general_dn, $attr_old);
- // remove old account
- if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
- if (!$success) return 5;
- // Remove all memberUid entries. The new entries will be added again
- // Search for groups which have memberUid set to username
- $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "(&(objectClass=PosixGroup)(memberUid=$values_old->general_username))", array(''));
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- // loop for every found group and remove membership
- while ($entry) {
- $dn = ldap_get_dn($_SESSION['ldap']->server(), $entry);
- $success = ldap_mod_del($_SESSION['ldap']->server(), $dn , array('memberUid' => $values_old->general_username));
- // *** fixme add error-message if memberUid couldn't be deleted
- // Remove old memberUid to cache-array
- if ((isset($_SESSION['groupDN']))) {
- if (!in_array($values->general_username, $_SESSION['groupDN'][$dn]['memberUid'])) {
- $i=0;
- for ($i=0; $igeneral_username) unset ($_SESSION['groupDN'][$dn]['memberUid'][$i]);
- $_SESSION['groupDN'][$dn]['memberUid'][$i] = array_values($_SESSION['groupDN'][$dn]['memberUid'][$i]);
- }
- }
- }
- $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
- }
- }
- else { // Just modify, not recreate
- if ($attr) {
- // Change or add new attributes
- $success = ldap_modify($_SESSION['ldap']->server(),$values->general_dn, $attr);
- if (!$success) return 5;
- }
- if ($attr_rem) {
- // Remove old attributes which are no longer in use
- $success = ldap_mod_del($_SESSION['ldap']->server(),$values->general_dn, $attr_rem);
- if (!$success) return 5;
- }
- }
-
- // Write additional groupmemberchips
- // Get a list with all groups
- $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), 'objectClass=PosixGroup', array('memberUid', 'cn'));
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- while ($entry) {
- $modifygroup=0;
- $attr2 = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- // Remove "count" from array
- if (is_array($attr2['memberUid'])) array_shift($attr2['memberUid']);
- array_shift($attr2['cn']);
- if ($attr2['memberUid']) {
- // Remove user from groups he's not member anymore
- if (@in_array($values->general_username, $attr2['memberUid']) && !@in_array($attr2['cn'][0],$values->general_groupadd)) {
- $dn = ldap_get_dn($_SESSION['ldap']->server(), $entry);
- $success = ldap_mod_del($_SESSION['ldap']->server(), $dn ,array('memberUid' => $values->general_username));
- if (!$success) return 5;
- // Remove old memberUid to cache-array
- ldapreload('group');
- if ((isset($_SESSION['groupDN']))) {
- for ($i=0; $igeneral_username==$_SESSION['groupDN'][$dn]['memberUid'][$i]) {
- unset($_SESSION['groupDN'][$dn]['memberUid'][$i]);
- $_SESSION['groupDN'][$dn]['memberUid'] = array_values($_SESSION['groupDN'][$dn]['memberUid']);
- }
- }
- }
- }
- // Add user to groups
- if (!@in_array($values->general_username, $attr2['memberUid']) && @in_array($attr2['cn'][0],$values->general_groupadd)) {
- $dn = ldap_get_dn($_SESSION['ldap']->server(), $entry);
- $success = ldap_mod_add($_SESSION['ldap']->server(), $dn ,array('memberUid' => $values->general_username));
- if (!$success) return 5;
- // Add new memberUid to cache-array
- ldapreload('group');
- if ((isset($_SESSION['groupDN']))) {
- if (is_array($_SESSION['groupDN'][$dn]['memberUid'])) {
- if (!in_array($values->general_username, $_SESSION['groupDN'][$dn]['memberUid'])) $_SESSION['groupDN'][$dn]['memberUid'][] = $values->general_username;
- }
- else $_SESSION['groupDN'][$dn]['memberUid'][] = $values->general_username;
- }
- }
- }
- else {
- // Add user to groups
- if (@in_array($attr2['cn'][0],$values->general_groupadd)) {
- $dn = ldap_get_dn($_SESSION['ldap']->server(), $entry);
- $success = ldap_mod_add($_SESSION['ldap']->server(), $dn ,array('memberUid' => $values->general_username));
- if (!$success) return 5;
- // Add new memberUid to cache-array
- ldapreload('group');
- if ((isset($_SESSION['groupDN']))) {
- if (is_array($_SESSION['groupDN'][$dn]['memberUid'])) {
- if (!in_array($values->general_username, $_SESSION['groupDN'][$dn]['memberUid'])) $_SESSION['groupDN'][$dn]['memberUid'][] = $values->general_username;
- }
- else $_SESSION['groupDN'][$dn]['memberUid'][] = $values->general_username;
- }
- }
- }
- $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
- }
-
- // Change quotas if quotas are set and lamdaemon.pl should be used
- if ($_SESSION['config']->scriptServer && is_array($values->quota) && $uselamdaemon && ($values->quota != $values_old->quota))
- setquotas(array($values));
- //make required changes in cache-array
- if ((isset($_SESSION['userDN']))) {
- if ($values->general_dn != $values_old->general_dn) {
- unset ($_SESSION['userDN'][$values_old->general_dn]);
- }
- $_SESSION['userDN'][$values->general_dn]['cn'] = $values->general_username;
- $_SESSION['userDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
- }
- // Return 3 if everything has worked fine
- return 3;
- }
-
-
-/* This function will create a new host acconut in ldap
-* $values is an account-object with all attributes of the host
-* return-value is an integer
-* 1 == Account has been created
-* 2 == Account already exists at different location
-* 4 == Error while creating Account
-*/
-function createhost($values) {
- // These Objectclasses are needed for an host account
- $attr['objectClass'][0] = 'posixAccount';
- $attr['objectClass'][1] = 'shadowAccount';
- $attr['objectClass'][2] = 'account';
- // Create DN for new host account
- $values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
- // Attributes which are required
- $attr['cn'] = $values->general_username;
- $attr['uid'] = $values->general_username;
- $attr['uidNumber'] = $values->general_uidNumber;
- $attr['gidNumber'] = getgid($values->general_group);
- $attr['homeDirectory'] = "/dev/null";
-
- /* Write unix attributes into $attr array
- * Some values don't have to be set. These are only loaded if they are set
- */
- $attr['loginShell'] = "/bin/false";
- $attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos));
- $attr['description'] = utf8_encode($values->general_gecos);
- // Set unix password
-
- // Samba attributes
- if ($_SESSION['config']->is_samba3()) {
- // Add all attributes as samba3 objectclass
- $attr['objectClass'][3] = 'sambaSamAccount';
- // "Standard" password for new hosts
- $attr['sambaNTPassword'] = '0CB6948805F797BF2A82807973B89537';
- $attr['sambaLMPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE';
- $attr['sambaPwdLastSet'] = time(); // sambaAccount_may
- $attr['sambaSID'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
- $attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-515"; // sambaAccount_req
- $attr['sambaPwdCanChange'] = time(); // sambaAccount_may
- $attr['sambaPwdMustChange'] = "1893452400"; // sambaAccount_may // anywhere in year 2030
- $attr['sambaAcctFlags'] = smbflag($values->smb_flags); // sambaAccount_may
- $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
- }
- else {
- // Add all attributes as samba2.2 objectclass
- $attr['objectClass'][3] = 'sambaAccount';
- // "Standard" password for new hosts
- $attr['ntPassword'] = '0CB6948805F797BF2A82807973B89537';
- $attr['lmPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE';
- $attr['pwdLastSet'] = time(); // sambaAccount_may
- $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
- $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
- $attr['pwdCanChange'] = time(); // sambaAccount_may
- $attr['pwdMustChange'] = "1893452400"; // sambaAccount_may // anywhere in 2030
- $attr['acctFlags'] = smbflag($values->smb_flags); // sambaAccount_may
- if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
- }
-
- // Create LDAP user account
- $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
- // Continue if now error did ocour
- if (!$success) return 4;
- // Add new host to cache-array
- if ((isset($_SESSION['hostDN']))) {
- $_SESSION['hostDN'][$values->general_dn]['cn'] = $values->general_username;
- $_SESSION['hostDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
- }
- return 1;
- }
-
-/* This function will modify a host acconut in ldap
-* $values and $values_old are an account-object with all
-* attributes of the host.
-* Only attributes which have changed will be written
-* return-value is an integer
-* 2 == Account already exists at different location
-* 3 == Account has been modified
-* 5 == Error while modifying Account
-*/
-function modifyhost($values,$values_old) {
- // Add missing objectclasses to host
- if (!in_array('posixAccount', $values->general_objectClass)) {
- $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'posixAccount';
- }
- if (!in_array('shadowAccount', $values->general_objectClass)) {
- if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'shadowAccount';
- }
- // Create DN for new host account
- $values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
-
- // Attributes which are required
- if ($values->general_username != $values_old->general_username) {
- $attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
- $attr['uid'] = $values->general_username; // posixAccount_req
- }
- if ($values->general_uidNumber != $values_old->general_uidNumber) {
- $attr['uidNumber'] = $values->general_uidNumber;
- // Because sambaSid(rid) is related to uidNumber we have to change it if uidNumbaer has changed
- if ($_SESSION['config']->is_samba3())
- $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase);
- else $attr['rid'] = (2 * $values->general_uidNumber + 1000);
- }
- if ($values->general_group != $values_old->general_group) {
- $attr['gidNumber'] = getgid($values->general_group);
- // Because primaryGroup(S)ID is related to gidNumber we have to change it if gidNumber has changed
- if ($_SESSION['config']->is_samba3())
- // We use samba 3 schema
- $attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-".
- (2 * getgid($values->general_group) + $values->smb_domain->RIDbase+1);
- else
- // We use old samba 2.2 schema
- $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001);
- }
- /* Write unix attributes into $attr array
- * Some values don't have to be set. These are only loaded if they are set
- */
- if ($values->general_gecos != $values_old->general_gecos) {
- $attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
- $attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may
- }
-
- // Samba attributes
- if ($_SESSION['config']->is_samba3()) {
- if (!in_array('sambaSamAccount', $values->general_objectClass)) {
- // We have to convert sambaAccount Objectclass to sambaSamAccount objectclass
- if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'sambaSamAccount';
- // unset old sambaAccount objectClass
- for ($i=0; $iserver(), $values_old->general_dn, "objectclass=PosixAccount");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- $return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
- $attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- if (isset($attr_old['lmPassword'][0])) $attr['sambaLMPassword'] = $attr_old['lmPassword'][0];
- if (isset($attr_old['ntPassword'][0])) $attr['sambaNTPassword'] = $attr_old['ntPassword'][0];
- if (isset($attr_old['pwdLastSet'][0])) $attr['sambaPwdLastSet'] = $attr_old['pwdLastSet'][0];
- if (isset($attr_old['logonTime'][0])) $attr['sambaLogonTime'] = $attr_old['logonTime'][0];
- if (isset($attr_old['logoffTime'][0])) $attr['sambaLogoffTime'] = $attr_old['logoffTime'][0];
- if (isset($attr_old['kickoffTime'][0])) $attr['sambaKickoffTime'] = $attr_old['kickoffTime'][0];
- if (isset($attr_old['pwdCanChange'][0])) $attr['sambaPwdCanChange'] = $attr_old['pwdCanChange'][0];
- if (isset($attr_old['pwdMustChange'][0])) $attr['sambaPwdMustChange'] = $attr_old['pwdMustChange'][0];
- if (isset($attr_old['smbHome'][0])) $attr['sambaHomePath'] = $attr_old['smbHome'][0];
- if (isset($attr_old['homeDrive'][0])) $attr['sambaHomeDrive'] = $attr_old['homeDrive'][0];
- if (isset($attr_old['scriptPath'][0])) $attr['sambaLogonScript'] = $attr_old['scriptPath'][0];
- if (isset($attr_old['profilePath'][0])) $attr['sambaProfilePath'] = $attr_old['profilePath'][0];
- if (isset($attr_old['userWorkstations'][0])) $attr['sambaUserWorkstations'] = $attr_old['userWorkstations'][0];
- // Values used from account object
- $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
- $attr['sambaAcctFlags'] = smbflag($values->smb_flags); // sambaAccount_may
- $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
- $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
- $attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req
- // remove old attributes
- if (in_array('sambaAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaAccount';
- if (isset($attr_old['lmPassword'][0])) $attr_rem['lmPassword'] = $attr_old['lmPassword'][0];
- if (isset($attr_old['ntPassword'][0])) $attr_rem['ntPassword'] = $attr_old['ntPassword'][0];
- if (isset($attr_old['pwdLastSet'][0])) $attr_rem['pwdLastSet'] = $attr_old['pwdLastSet'][0];
- if (isset($attr_old['logonTime'][0])) $attr_rem['logonTime'] = $attr_old['logonTime'][0];
- if (isset($attr_old['kickoffTime'][0])) $attr_rem['kickoffTime'] = $attr_old['kickoffTime'][0];
- if (isset($attr_old['pwdCanChange'][0])) $attr_rem['pwdCanChange'] = $attr_old['pwdCanChange'][0];
- if (isset($attr_old['pwdMustChange'][0])) $attr_rem['pwdMustChange'] = $attr_old['pwdMustChange'][0];
- if (isset($attr_old['smbHome'][0])) $attr_rem['smbHome'] = $attr_old['smbHome'][0];
- if (isset($attr_old['acctFlags'][0])) $attr_rem['acctFlags'] = $attr_old['acctFlags'][0];
- if (isset($attr_old['homeDrive'][0])) $attr_rem['homeDrive'] = $attr_old['homeDrive'][0];
- if (isset($attr_old['scriptPath'][0])) $attr_rem['scriptPath'] = $attr_old['scriptPath'][0];
- if (isset($attr_old['profilePath'][0])) $attr_rem['profilePath'] = $attr_old['profilePath'][0];
- if (isset($attr_old['userWorkstations'][0])) $attr_rem['userWorkstations'] = $attr_old['userWorkstations'][0];
- if (isset($attr_old['primaryGroupID'][0])) $attr_rem['primaryGroupID'] = $attr_old['primaryGroupID'][0];
- if (isset($attr_old['domain'][0])) $attr_rem['domain'] = $attr_old['domain'][0];
- if (isset($attr_old['rid'][0])) $attr_rem['rid'] = $attr_old['rid'][0];
- }
- // Reset password
- if ($values->smb_flags['N']) {
- // "Standard" password for new hosts
- $attr['sambaNTPassword'] = '0CB6948805F797BF2A82807973B89537';
- $attr['sambaLMPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE';
- $attr['sambaPwdLastSet'] = time(); // sambaAccount_may
- }
- if ($values->smb_domain->name!=$values_old->smb_domain->name) {
- $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
- $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase);
- $attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-".
- (2 * getgid($values->general_group) + $values->smb_domain->RIDbase+1);
- }
- }
- else {
- // use old samba 2.2 objectclass
- if (!in_array('sambaAccount', $values->general_objectClass)) {
- // Add or convert samba attributes & object to samba 2.2
- if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'sambaAccount';
- // unset old sambaAccount objectClass
- for ($i=0; $iserver(), $values_old->general_dn, "objectclass=PosixAccount");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- $return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
- $attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- if (isset($attr_old['sambaLMPassword'][0])) $attr['lmPassword'] = $attr_old['sambaLMPassword'][0];
- if (isset($attr_old['sambaNTPassword'][0])) $attr['ntPassword'] = $attr_old['sambaNTPassword'][0];
- if (isset($attr_old['sambaPwdLastSet'][0])) $attr['pwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
- if (isset($attr_old['sambaLogonTime'][0])) $attr['logonTime'] = $attr_old['sambaLogonTime'][0];
- if (isset($attr_old['sambaLogoffTime'][0])) $attr['logoffTime'] = $attr_old['sambaLogoffTime'][0];
- if (isset($attr_old['sambaKickoffTime'][0])) $attr['kickoffTime'] = $attr_old['sambaKickoffTime'][0];
- if (isset($attr_old['sambaPwdCanChange'][0])) $attr['pwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
- if (isset($attr_old['sambaPwdMustChange'][0])) $attr['pwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
- if (isset($attr_old['sambaHomePath'][0])) $attr['smbHome'] = $attr_old['sambaHomePath'][0];
- if (isset($attr_old['sambaHomeDrive'][0])) $attr['homeDrive'] = $attr_old['sambaHomeDrive'][0];
- if (isset($attr_old['sambaLogonScript'][0])) $attr['scriptPath'] = $attr_old['sambaLogonScript'][0];
- if (isset($attr_old['sambaProfilePath'][0])) $attr['profilePath'] = $attr_old['sambaProfilePath'][0];
- if (isset($attr_old['sambaUserWorkstations'][0])) $attr['userWorkstations'] = $attr_old['sambaUserWorkstations'][0];
- // Values used from account object
- $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
- $attr['acctFlags'] = smbflag($values->smb_flags); // sambaAccount_may
- if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
- $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
- $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
- // remove old attributes
- if (in_array('sambaSamAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaSamAccount';
- if (isset($attr_old['sambaLMPassword'][0])) $attr_rem['sambaLMPassword'] = $attr_old['sambaLMPassword'][0];
- if (isset($attr_old['sambaNTPassword'][0])) $attr_rem['sambaNTPassword'] = $attr_old['sambaNTPassword'][0];
- if (isset($attr_old['sambaPwdLastSet'][0])) $attr_rem['sambaPwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
- if (isset($attr_old['sambaLogonTime'][0])) $attr_rem['sambaLogonTime'] = $attr_old['sambaLogonTime'][0];
- if (isset($attr_old['sambaKickoffTime'][0])) $attr_rem['sambaKickoffTime'] = $attr_old['sambaKickoffTime'][0];
- if (isset($attr_old['sambaPwdCanChange'][0])) $attr_rem['sambaPwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
- if (isset($attr_old['sambaPwdMustChange'][0])) $attr_rem['sambaPwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
- if (isset($attr_old['sambaHomePath'][0])) $attr_rem['sambaHomePath'] = $attr_old['sambaHomePAth'][0];
- if (isset($attr_old['sambaAcctFlags'][0])) $attr_rem['sambaAcctFlags'] = $attr_old['sambaAcctFlags'][0];
- if (isset($attr_old['sambaHomeDrive'][0])) $attr_rem['sambaHomeDrive'] = $attr_old['sambaHomeDrive'][0];
- if (isset($attr_old['sambaLogonScript'][0])) $attr_rem['sambaLogonScript'] = $attr_old['sambaLogonScript'][0];
- if (isset($attr_old['sambaProfilePath'][0])) $attr_rem['sambaProfilePath'] = $attr_old['sambaProfilePath'][0];
- if (isset($attr_old['sambaUserWorkstations'][0])) $attr_rem['sambaUserWorkstations'] = $attr_old['sambaUserWorkstations'][0];
- if (isset($attr_old['sambaPrimaryGroupID'][0])) $attr_rem['sambaPrimaryGroupID'] = $attr_old['sambaPrimaryGroupID'][0];
- if (isset($attr_old['sambaDomainName'][0])) $attr_rem['sambaDomainName'] = $attr_old['sambaDomainName'][0];
- if (isset($attr_old['sambaSID'][0])) $attr_rem['sambaSID'] = $attr_old['sambaSID'][0];
- }
- if ($values->smb_flags['N']) {
- // "Standard" password for new hosts
- $attr['ntPassword'] = '0CB6948805F797BF2A82807973B89537';
- $attr['lmPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE';
- $attr['pwdLastSet'] = time(); // sambaAccount_may
- }
- if (isset($attr_old['sambaSID'][0])) $attr_rem['sambaSID'] = $attr_old['sambaSID'][0];
- if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['domain'] = $values->smb_domain; // sambaAccount_may
- if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
- }
-
- if ($values->general_dn != $values_old->general_dn) {
- // Account should be moved to a new location
- // Load old account
- $result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixAccount");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- $attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- // remove "count" from array
- unset($attr_old['count']);
- for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
- $keys = array_keys($attr_old);
- for ($i=0; $i < sizeof($keys); $i++)
- unset($attr_old[$keys[$i]]['count']);
- // Change uid to new uid. Else ldap won't create the new entry
- //$attr_old['uid'][0] = $values->general_username;
- $attr_rem_keys = @array_keys($attr_rem);
- for ($i=0; $iserver(),$values->general_dn, $attr_old);
- // remove old account
- if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
- if (!$success) return 5;
- }
- else { // Just modify, not recreate
- if ($attr) {
- // Change or add new attributes
- $success = ldap_modify($_SESSION['ldap']->server(),$values->general_dn, $attr);
- if (!$success) return 5;
- }
- if ($attr_rem) {
- // Remove old attributes which are no longer in use
- $success = ldap_mod_del($_SESSION['ldap']->server(),$values->general_dn, $attr_rem);
- if (!$success) return 5;
- }
- }
-
- //make required changes in cache-array
- if ((isset($_SESSION['hostDN']))) {
- if ($values->general_dn != $values_old->general_dn) {
- unset ($_SESSION['hostDN'][$values_old->general_dn]);
- }
- $_SESSION['hostDN'][$values->general_dn]['cn'] = $values->general_username;
- $_SESSION['hostDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
- }
- // Return 3 if everything has worked fine
- return 3;
- }
-
-
-/* This function will create a new group acconut in ldap
-* $values is an account-object with all attributes of the group
-* if lamdaemon.pl is false no quotas are set. Usefull for massupload and deletion
-* return-value is an integer
-* 1 == Account has been created
-* 2 == Account already exists at different location
-* 4 == Error while creating Account
-*/
-function creategroup($values, $uselamdaemon=true) {
- // These Objectclasses are needed for an user account
- $attr['objectClass'][0] = 'posixGroup';
- // Create DN for new user account
- $values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn;
- // Attributes which are required
- $attr['cn'] = $values->general_username;
- $attr['gidNumber'] = $values->general_uidNumber;
-
- /* Write unix attributes into $attr array
- * Some values don't have to be set. These are only loaded if they are set
- */
- if ($values->general_gecos) $attr['description'] = utf8_encode($values->general_gecos);
- // Samba 3 attributes
- // $values->smb_mapgroup is not set if creategroup is called from masscreate.php
- if ($_SESSION['config']->is_samba3() && isset($values->smb_mapgroup)) {
- $attr['sambaSID'] = $values->smb_mapgroup;
- $attr['objectClass'][1] = 'sambaGroupMapping';
- $attr['sambaGroupType'] = '2';
- if ($values->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName);
- }
- // Write additional group members
- if (is_array($values->unix_memberUid)) $attr['memberUid'] = $values->unix_memberUid;
- // Create LDAP group account
- $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
- // Continue if now error did ocour
- if (!$success) return 4;
- // lamdaemon.pl should be used. Set quotas if quotas are used
- if ($_SESSION['config']->scriptServer && is_array($values->quota) && $uselamdaemon) setquotas(array($values));
- // Add new group to cache-array
- if ((isset($_SESSION['groupDN']))) {
- $_SESSION['groupDN'][$values->general_dn]['memberUid'] = $values->unix_memberUid;
- $_SESSION['groupDN'][$values->general_dn]['cn'] = $values->general_username;
- $_SESSION['groupDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
- if ($_SESSION['config']->is_samba3() && isset($values->smb_mapgroup))
- $_SESSION['groupDN'][$values->general_dn]['sambaSID'] = $values->smb_mapgroup;
- }
- return 1;
- }
-
-
-/* This function will modify a group acconut in ldap
-* $values and $values_old are an account-object with all
-* attributes of the group.
-* if lamdaemon.pl is false no quotas are set. Usefull for massupload and deletion
-* Only attributes which have changed will be written
-* return-value is an integer
-* 2 == Account already exists at different location
-* 3 == Account has been modified
-* 5 == Error while modifying Account
-*/
-function modifygroup($values,$values_old, $uselamdaemon=true) {
- // Add missing objectclasses to group
- if (!in_array('posixGroup', $values->general_objectClass)) {
- $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'posixGroup';
- }
- if (($_SESSION['config']->is_samba3()) && (!in_array('sambaGroupMapping', $values->general_objectClass))) {
- if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
- $attr['objectClass'][] = 'sambaGroupMapping';
- $attr['sambaGroupType'] = '2';
- }
- // Create DN for new group account
- $values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn;
-
- // Attributes which are required
- if ($values->general_username != $values_old->general_username) $attr['cn'] = $values->general_username;
- if ($values->general_uidNumber != $values_old->general_uidNumber) {
- $attr['gidNumber'] = $values->general_uidNumber;
- // Set correct SID if UID was changed
- if ($_SESSION['config']->is_samba3()) $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase +1);
- }
- if ($values->general_gecos != $values_old->general_gecos) $attr['description'] = utf8_encode($values->general_gecos);
- if ($values->smb_displayName != $values_old->smb_displayName)
- $attr['displayName'] = utf8_encode($values->smb_displayName);
- // Samba 3.0 attributes
- if ($_SESSION['config']->is_samba3()) {
- if ($values->smb_mapgroup != $values_old->smb_mapgroup)
- $attr['sambaSID'] = $values->smb_mapgroup;
- }
- // Write Additional group members
- if (($values->unix_memberUid != $values_old->unix_memberUid)) {
- if (count($values->unix_memberUid)==0) $attr_rem['memberUid'] = $values_old->unix_memberUid;
- else $attr['memberUid'] = $values->unix_memberUid;
- }
- // Rewrite quotas if uidnumbers has changed
- if ($values->general_uidNumber != $values_old->general_uidNumber && $_SESSION['config']->scriptServer) {
- // Remove old quotas
- remquotas(array($values_old->general_username), "user");
- // Remove quotas from $values_old because we have to rewrite them all
- unset ($values_old->quota);
- }
-
- if ($values->general_dn != $values_old->general_dn) {
- // Account should be moved to a new location
- // Load old account
- $result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- $attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
- // remove "count" from array
- unset($attr_old['count']);
- for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
- $keys = @array_keys($attr_old);
- for ($i=0; $i < sizeof($keys); $i++)
- unset($attr_old[$keys[$i]]['count']);
- // Change cn to new cn. Else ldap won't create the new entry
- //$attr_old['cn'][0] = $values->general_username;
- $attr_rem_keys = @array_keys($attr_rem);
- for ($i=0; $iserver(),$values->general_dn, $attr_old);
- // remove old account
- if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
- if (!$success) return 5;
- }
- else { // Just modify, not recreate
- if ($attr) {
- // Change or add new attributes
- $success = ldap_modify($_SESSION['ldap']->server(),$values->general_dn, $attr);
- if (!$success) return 5;
- }
- if ($attr_rem) {
- // Remove old attributes which are no longer in use
- $success = ldap_mod_del($_SESSION['ldap']->server(),$values->general_dn, $attr_rem);
- if (!$success) return 5;
- }
- }
-
-
- // Chnage GIDs of all users which are member of group
- if ( $_SESSION['final_changegids']==true ) {
- $result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), 'gidNumber=' . $values_old->general_uidNumber, array(''));
- $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
- while ($entry) {
- $user['gidNumber'][0] = $values->general_uidNumber;
- $success =ldap_modify($_SESSION['ldap']->server(), ldap_get_dn($_SESSION['ldap']->server(), $entry), $user);
- if (!$success) return 5;
- $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
- }
- }
-
- // Change quotas if quotas are set and lamdaemon.pl should be used
- if ($_SESSION['config']->scriptServer && is_array($values->quota) && $uselamdaemon && ($values->quota != $values_old->quota))
- setquotas(array($values));
- //make required changes in cache-array
- if ((isset($_SESSION['groupDN']))) {
- if ($values->general_dn != $values_old->general_dn) {
- unset ($_SESSION['groupDN'][$values_old->general_dn]);
- }
- if (is_array($values->unix_memberUid)) $_SESSION['groupDN'][$values->general_dn]['memberUid'] = $values->unix_memberUid;
- $_SESSION['groupDN'][$values->general_dn]['cn'] = $values->general_username;
- $_SESSION['groupDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
- if ($values->smb_mapgroup != $values_old->smb_mapgroup)
- $_SESSION['groupDN'][$values->general_dn]['sambaSID'] = $values->smb_mapgroup;
- }
- // Return 3 if everything has worked fine
- return 3;
- }
-
?>
diff --git a/lam/lib/lamdaemon.pl b/lam/lib/lamdaemon.pl
index 559134c1..6cff64f6 100755
--- a/lam/lib/lamdaemon.pl
+++ b/lam/lib/lamdaemon.pl
@@ -71,11 +71,10 @@ if ($( == 0 ) { # we are root
if ($ARGV[0] eq "*test") {
use Quota; # Needed to get and set quotas
print "Perl quota module successfully installed.\n";
- print "IF you haven't seen any errors lamdaemon.pl was set up successfully.\n";
+ print "If you haven't seen any errors lamdaemon.pl was set up successfully.\n";
}
else {
# loop for every transmitted user
- # XXX fixme change code to read stdin at once and then loop
my $string = do {local $/;};
@input = split ("\n", $string );
for ($i=0; $i<=$#input; $i++) {
@@ -103,21 +102,30 @@ if ($( == 0 ) { # we are root
system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
}
}
+ else {
+ $return = "ERROR,Lamdaemon,Homedirectory already exists.:$return";
+ }
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
$vals[2] eq 'rem' && do {
($<, $>) = ($>, $<); # Get root previliges
if (-d $user[7]) {
+ # Fixme, only delete files owned by user.
system 'rm', '-R', $user[7]; # Delete Homedirectory
if (-e '/usr/sbin/userdel.local') {
system '/usr/sbin/userdel.local', $user[0];
}
}
+ else {
+ $return = "ERROR,Lamdaemon,Homedirectory doesn't exists.:$return";
+ }
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
}
+ # Show error if undfined command is used
+ $return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
last switch;
};
$vals[1] eq 'quota' && do {
@@ -182,9 +190,11 @@ if ($( == 0 ) { # we are root
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
+ $return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
}
};
last switch;
+ $return = "ERROR,Lamdaemon,Unknown command $vals[1].:$return";
};
print "$return\n";
}
diff --git a/lam/lib/modules/shadowAccount.inc b/lam/lib/modules/shadowAccount.inc
index d840c3af..0c1be0e0 100644
--- a/lam/lib/modules/shadowAccount.inc
+++ b/lam/lib/modules/shadowAccount.inc
@@ -189,12 +189,12 @@ class shadowAccount {
$this->attributes['shadowExpire'][0] = intval(mktime(10, 0, 0, $post['shadowExpire_mon'],
$post['shadowExpire_day'], $post['shadowExpire_yea'])/3600/24);
- if ( !ereg('^([0-9])*$', $this->attributes['shadowMin'][0])) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'), 'shadowMin');
- if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0] ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'), 'shadowMin');
- if ( !ereg('^([0-9]*)$', $this->attributes['shadowMax'][0])) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'), 'shadowMax');
+ if ( !ereg('^([0-9])*$', $this->attributes['shadowMin'][0])) $errors['shadowMin'][] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
+ if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0]) $errors['shadowMin'][] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
+ if ( !ereg('^([0-9]*)$', $this->attributes['shadowMax'][0])) $errors['shadowMax'][] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'));
if ( !ereg('^(([-][1])|([0-9]*))$', $this->attributes['shadowInactive'][0]))
- $errors[] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'), 'shadowInactive');
- if ( !ereg('^([0-9]*)$', $this->attributes['shadowWarning'][0])) $errors[] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'), 'shadowWarning');
+ $errors['shadowInactive'][] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'));
+ if ( !ereg('^([0-9]*)$', $this->attributes['shadowWarning'][0])) $errors['shadowWarning'][] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'));
if (is_array($errors)) return $errors;
return 0;
}
|