diff --git a/lam/config/profiles/users/default.pru b/lam/config/profiles/users/default.pru index 898ee817..9dd4fe09 100644 --- a/lam/config/profiles/users/default.pru +++ b/lam/config/profiles/users/default.pru @@ -1,4 +1,5 @@ -general_homedir: /home/$user +general_group: admin +general_homedir: /home/$group/$user general_shell: /bin/bash unix_password_no: 0 unix_pwdwarn: 10 @@ -11,3 +12,5 @@ smb_password_no: 0 smb_useunixpwd: 1 smb_flagsD: 1 smb_homedrive: U: +smb_domain: sambaDomainName=test,dc=my-domain,dc=com +quota: /home,10000,10000,500,500;/,20000,20000,1000,1000 diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 052dca2c..cfaefb6f 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -220,6 +220,7 @@ function remquotas($user, $type) { // Whis function will remove the quotas from $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota set '; if ($type=='user') $towrite = $towrite.'u '; else $towrite = $towrite.'g '; + exec("perl ../../lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals); } @@ -237,7 +238,7 @@ function remhomedir($user) { // Remove Homedirectory // all other needed vars are taken from remotesystem getusrnam $ldap_q = $_SESSION['ldap']->decrypt(); $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem'; - exec("perl ../../lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals); + exec("perl ../lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals); } function ldapreload($type) { // This function will load an array th cache ldap-requests @@ -307,42 +308,48 @@ function ldapexists($values, $type, $values_old=false) { // This function will s switch ($type) { case 'user': ldapreload('user'); - $search = 'uid='.$values->general_username.','.$values->general_dn; + $search = 'uid='.$values->general_username; $keys = array_keys($_SESSION['userDN']); unset ($keys[0]); $keys = array_values($keys); - if ( ($values_old->general_username != $values->general_username) && - ($_SESSION['userDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); - if ((!$values_old) && - ($_SESSION['userDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); + if ( ($values_old->general_username != $values->general_username) && + ($_SESSION['userDN'][0] != $values->general_username)) { + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); + } + if ((!$values_old) && ($_SESSION['userDN'][0] != $values->general_username)) + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); break; case 'group': ldapreload('group'); - $search = 'cn='.$values->general_username.','.$values->general_dn; + $search = 'cn='.$values->general_username; $keys = array_keys($_SESSION['groupDN']); unset ($keys[0]); $keys = array_values($keys); - if ( ($values_old->general_username != $values->general_username) && - ($_SESSION['groupDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); - if ((!$values_old) && - ($_SESSION['groupDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); + if ( ($values_old->general_username != $values->general_username) && + ($_SESSION['groupDN'][0] != $values->general_username)) { + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); + } + if ((!$values_old) && ($_SESSION['groupDN'][0] != $values->general_username)) + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); break; case 'host': ldapreload('host'); - $search = 'uid='.$values->general_username.','.$values->general_dn; + $search = 'uid='.$values->general_username; $keys = array_keys($_SESSION['hostDN']); unset ($keys[0]); $keys = array_values($keys); if ( ($values_old->general_username != $values->general_username) && - ($_SESSION['hostDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); - if ((!$values_old) && - ($_SESSION['hostDN'][0] != $values->general_username) && - (in_array($search , $keys))) return sprintf (_('%s already exists!'), $type); + ($_SESSION['hostDN'][0] != $values->general_username)) { + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); + } + if ((!$values_old) && ($_SESSION['hostDN'][0] != $values->general_username)) + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); break; } return 0; @@ -527,7 +534,11 @@ function loaduser($dn) { // Will load all needed values from an existing account if (isset($attr['postalCode'][0])) $return->personal_postalCode = utf8_decode($attr['postalCode'][0]); if (isset($attr['postalAddress'][0])) $return->personal_postalAddress = utf8_decode($attr['postalAddress'][0]); if (isset($attr['employeeType'][0])) $return->personal_employeeType = utf8_decode($attr['employeeType'][0]); - if (substr(str_replace('{CRYPT}', '',$attr['userPassword'][0]),0,1) == '!' ) $return->unix_deactivated=true; + // New password code. should work with every kind of encryption ({CRYPT}, {SHA} + if ( ereg('^[{]([A-Z]|[a-z]|[0-9])+([}!])+', $attr['userPassword'][0])) $return->unix_deactivated=true; + // next line is old code + //if (substr(str_replace('{CRYPT}', '',$attr['userPassword'][0]),0,1) == '!' ) $return->unix_deactivated=true; + if (isset($attr['userPassword'][0])) $return->unix_password = $attr['userPassword'][0]; @@ -821,12 +832,10 @@ function createuser($values) { // Will create the LDAP-Account if ($values->personal_employeeType!='') $attr['employeeType'] = utf8_encode($values->personal_employeeType); // posixAccount_may shadowAccount_may if ($values->unix_password_no) $values->unix_password = ''; - if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password); - else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password); + if ($values->unix_deactivated) $attr['userPassword'] = '!' . crypt($values->unix_password); $attr['shadowLastChange'] = getdays(); // shadowAccount_may $attr['loginShell'] = $values->general_shell; // posixAccount_may $attr['gecos'] = utf8_encode($values->general_gecos); // posixAccount_may - print $attr['gecos']; $attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may @@ -932,6 +941,35 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account if ($values->general_homedir != $values_old->general_homedir) $attr['homeDirectory'] = $values->general_homedir; // posixAccount_req // posixAccount_may shadowAccount_may + // new password code + // Why doesn't ldap encrypt the password if now {???} is given? + // change password if new password is used or account es (un)locked + /* + if ($values->unix_password=='') { + // check if account has been (un)locked + if ($values->unix_deactivated && !$values_old->unix_deactivated) { + // Put ! between {??} andPassword Hash + for ($i=0; $iunix_password); $i++) + if ($values_old->unix_password{$i} == '}') $char = $i; + //$attr['userPassword'] = substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1); + echo $values_old->unix_password."---"; + echo substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1); + } + if (!$values->unix_deactivated && $values_old->unix_deactivated) { + // Remov ! between {??} andPassword Hash + for ($i=0; $iunix_password); $i++) + if ($values_old->unix_password{$i} == '}') $char = $i; + $attr['userPassword'] = substr($values_old->unix_password,0,$char). substr($values_old->unix_password,$char+2,-1); + } + } + else { + // Create new password + $attr['shadowLastChange'] = getdays(); // shadowAccount_may + if ($values->unix_deactivated) $attr['userPassword'] = '!'. $values->unix_password; + else $attr['userPassword'] = $values->unix_password; + } */ + + // old password code $password_old = str_replace('{CRYPT}', '',$values_old->unix_password); if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old)); if ($values->unix_password=='') { diff --git a/lam/templates/account/groupedit.php b/lam/templates/account/groupedit.php index 076d8481..eeeb6fc4 100644 --- a/lam/templates/account/groupedit.php +++ b/lam/templates/account/groupedit.php @@ -46,14 +46,12 @@ if (isset($_GET['DN'])) { $_SESSION['account'] = loadGroupProfile('default'); $_SESSION['account'] ->type = 'group'; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } } else if (count($_POST)==0) { // Startcondition. groupedit.php was called from outside $_SESSION['account'] = loadGroupProfile('default'); $_SESSION['account'] ->type = 'group'; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } switch ($_POST['select']) { // Select which part of page should be loaded and check values @@ -572,8 +570,7 @@ switch ($select_local) { // Select which part of page will be loaded case 'quota': // Quota Settings - - if (!isset($_SESSION['account']->quota)) { // load quotas + if (!isset($_SESSION['account']->quota[0]) || (!isset($_SESSION['account']->quota[0][1])) && isset($_SESSION['account_old']) ) { // load quotas $values = getquotas('group', $_SESSION['account']->general_username); if (is_object($values)) { while (list($key, $val) = each($values)) // Set only defined values @@ -641,6 +638,20 @@ switch ($select_local) { // Select which part of page will be loaded $disabled = "disabled"; } } + + if (!isset($_SESSION['account']->quota[0]) || (!isset($_SESSION['account']->quota[0][1])) && isset($_SESSION['account_old']) ) { // load quotas + $values = getquotas('group', $_SESSION['account']->general_username); + if (is_object($values)) { + while (list($key, $val) = each($values)) // Set only defined values + if (isset($val)) $_SESSION['account']->$key = $val; + } + if (is_object($values) && isset($_SESSION['account_old'])) { + while (list($key, $val) = each($values)) // Set only defined values + if (isset($val)) $_SESSION['account_old']->$key = $val; + } + } + + echo ''; echo "\n"; echo "\n
"; diff --git a/lam/templates/account/hostedit.php b/lam/templates/account/hostedit.php index b5a4e3bc..88005b52 100644 --- a/lam/templates/account/hostedit.php +++ b/lam/templates/account/hostedit.php @@ -53,7 +53,6 @@ if (isset($_GET['DN'])) { $_SESSION['account']->general_homedir = '/dev/null'; $_SESSION['account']->general_shell = '/bin/false'; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } } else if (count($_POST)==0) { // Startcondition. hostedit.php was called from outside @@ -64,7 +63,6 @@ else if (count($_POST)==0) { // Startcondition. hostedit.php was called from out $_SESSION['account']->general_homedir = '/dev/null'; $_SESSION['account']->general_shell = '/bin/false'; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } switch ($_POST['select']) { // Select which part of page should be loaded and check values @@ -171,6 +169,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch if ($_POST['respass']) { $_SESSION['account']->unix_password_no=true; $_SESSION['account']->smb_password_no=true; + $select_local = 'samba'; } break; case 'final': diff --git a/lam/templates/account/useredit.php b/lam/templates/account/useredit.php index f0c22833..01ab6bc8 100644 --- a/lam/templates/account/useredit.php +++ b/lam/templates/account/useredit.php @@ -52,7 +52,6 @@ if (isset($_GET['DN'])) { $_SESSION['account'] ->type = 'user'; $_SESSION['account']->smb_flagsW = 0; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } } else if (count($_POST)==0) { // Startcondition. useredit.php was called from outside @@ -60,7 +59,6 @@ else if (count($_POST)==0) { // Startcondition. useredit.php was called from out $_SESSION['account'] ->type = 'user'; $_SESSION['account']->smb_flagsW = 0; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } @@ -1088,7 +1086,7 @@ switch ($select_local) { // Select which part of page will be loaded break; case 'quota': // Quota Settings - if (!isset($_SESSION['account']->quota)) { // load quotas + if (!isset($_SESSION['account']->quota[0]) || (!isset($_SESSION['account']->quota[0][1])) && isset($_SESSION['account_old']) ) { // load quotas $values = getquotas('user', $_SESSION['account']->general_username); if (is_object($values)) { while (list($key, $val) = each($values)) // Set only defined values @@ -1099,7 +1097,6 @@ switch ($select_local) { // Select which part of page will be loaded if (isset($val)) $_SESSION['account_old']->$key = $val; } } - echo "\n"; echo "\n
"; echo "
"; @@ -1234,6 +1231,19 @@ switch ($select_local) { // Select which part of page will be loaded $disabled = "disabled"; } } + + if (!isset($_SESSION['account']->quota[0]) || (!isset($_SESSION['account']->quota[0][1])) && isset($_SESSION['account_old']) ) { // load quotas + $values = getquotas('user', $_SESSION['account']->general_username); + if (is_object($values)) { + while (list($key, $val) = each($values)) // Set only defined values + if (isset($val)) $_SESSION['account']->$key = $val; + } + if (is_object($values) && isset($_SESSION['account_old'])) { + while (list($key, $val) = each($values)) // Set only defined values + if (isset($val)) $_SESSION['account_old']->$key = $val; + } + } + echo ''; echo "\n
"; echo "'."\n"; } + if (($_SESSION['account_old']) && ($_SESSION['account']->general_group != $_SESSION['account_old']->general_group)) { + echo ''; + StatusMessage ('INFO', _('Primary group has changed. You have to run the following command as root in order to change existing file-permissions:'), + 'find / -uid ' . $_SESSION['account']->general_uidNumber . ' -gid ' . getgid($_SESSION['account_old']->general_group) .' -exec chown ' . $_SESSION['account']->general_uidNumber . ':'.getgid($_SESSION['account' ]->general_group). ' {} \;'); + echo ''."\n"; + } if (($_SESSION['account_old']) && ($_SESSION['account']->general_homedir != $_SESSION['account_old']->general_homedir)) { echo ''; StatusMessage ('INFO', _('Home Directory has changed. You have to run the following command as root in order to change the existing homedirectory:'),
"; @@ -1275,6 +1285,12 @@ switch ($select_local) { // Select which part of page will be loaded 'find / -gid ' . $_SESSION['account_old' ]->general_uidNumber . ' -exec chown ' . $_SESSION['account']->general_uidNumber . ' {} \;'); echo '