From b30037217873783d3686bc1de71b3b9c864ad4eb Mon Sep 17 00:00:00 2001 From: katagia Date: Wed, 24 Sep 2003 20:58:34 +0000 Subject: [PATCH] check for existing entried with same uid or cn didn only work if the other uids (cns) were in same OU. Fixed. Homedirs weren't deleted. Fixed. Display some info to change gid of files if primary group has changed. Display undo only if editing entries Fixed "Reset Password" Button 4 hosts. Don't jump to general page anymore. --- lam/config/profiles/users/default.pru | 5 +- lam/lib/account.inc | 88 +++++++++++++++++++-------- lam/templates/account/groupedit.php | 19 ++++-- lam/templates/account/hostedit.php | 3 +- lam/templates/account/useredit.php | 24 ++++++-- 5 files changed, 103 insertions(+), 36 deletions(-) diff --git a/lam/config/profiles/users/default.pru b/lam/config/profiles/users/default.pru index 898ee817..9dd4fe09 100644 --- a/lam/config/profiles/users/default.pru +++ b/lam/config/profiles/users/default.pru @@ -1,4 +1,5 @@ -general_homedir: /home/$user +general_group: admin +general_homedir: /home/$group/$user general_shell: /bin/bash unix_password_no: 0 unix_pwdwarn: 10 @@ -11,3 +12,5 @@ smb_password_no: 0 smb_useunixpwd: 1 smb_flagsD: 1 smb_homedrive: U: +smb_domain: sambaDomainName=test,dc=my-domain,dc=com +quota: /home,10000,10000,500,500;/,20000,20000,1000,1000 diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 052dca2c..cfaefb6f 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -220,6 +220,7 @@ function remquotas($user, $type) { // Whis function will remove the quotas from $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota set '; if ($type=='user') $towrite = $towrite.'u '; else $towrite = $towrite.'g '; + exec("perl ../../lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals); } @@ -237,7 +238,7 @@ function remhomedir($user) { // Remove Homedirectory // all other needed vars are taken from remotesystem getusrnam $ldap_q = $_SESSION['ldap']->decrypt(); $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem'; - exec("perl ../../lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals); + exec("perl ../lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals); } function ldapreload($type) { // This function will load an array th cache ldap-requests @@ -307,42 +308,48 @@ function ldapexists($values, $type, $values_old=false) { // This function will s switch ($type) { case 'user': ldapreload('user'); - $search = 'uid='.$values->general_username.','.$values->general_dn; + $search = 'uid='.$values->general_username; $keys = array_keys($_SESSION['userDN']); unset ($keys[0]); $keys = array_values($keys); - if ( ($values_old->general_username != $values->general_username) && - ($_SESSION['userDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); - if ((!$values_old) && - ($_SESSION['userDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); + if ( ($values_old->general_username != $values->general_username) && + ($_SESSION['userDN'][0] != $values->general_username)) { + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); + } + if ((!$values_old) && ($_SESSION['userDN'][0] != $values->general_username)) + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); break; case 'group': ldapreload('group'); - $search = 'cn='.$values->general_username.','.$values->general_dn; + $search = 'cn='.$values->general_username; $keys = array_keys($_SESSION['groupDN']); unset ($keys[0]); $keys = array_values($keys); - if ( ($values_old->general_username != $values->general_username) && - ($_SESSION['groupDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); - if ((!$values_old) && - ($_SESSION['groupDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); + if ( ($values_old->general_username != $values->general_username) && + ($_SESSION['groupDN'][0] != $values->general_username)) { + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); + } + if ((!$values_old) && ($_SESSION['groupDN'][0] != $values->general_username)) + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); break; case 'host': ldapreload('host'); - $search = 'uid='.$values->general_username.','.$values->general_dn; + $search = 'uid='.$values->general_username; $keys = array_keys($_SESSION['hostDN']); unset ($keys[0]); $keys = array_values($keys); if ( ($values_old->general_username != $values->general_username) && - ($_SESSION['hostDN'][0] != $values->general_username) && - (in_array($search , $keys)) ) return sprintf (_('%s already exists!'), $type); - if ((!$values_old) && - ($_SESSION['hostDN'][0] != $values->general_username) && - (in_array($search , $keys))) return sprintf (_('%s already exists!'), $type); + ($_SESSION['hostDN'][0] != $values->general_username)) { + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); + } + if ((!$values_old) && ($_SESSION['hostDN'][0] != $values->general_username)) + foreach ($keys as $key) + if (strstr($key, $search)) return sprintf (_('%s already exists!'), $type); break; } return 0; @@ -527,7 +534,11 @@ function loaduser($dn) { // Will load all needed values from an existing account if (isset($attr['postalCode'][0])) $return->personal_postalCode = utf8_decode($attr['postalCode'][0]); if (isset($attr['postalAddress'][0])) $return->personal_postalAddress = utf8_decode($attr['postalAddress'][0]); if (isset($attr['employeeType'][0])) $return->personal_employeeType = utf8_decode($attr['employeeType'][0]); - if (substr(str_replace('{CRYPT}', '',$attr['userPassword'][0]),0,1) == '!' ) $return->unix_deactivated=true; + // New password code. should work with every kind of encryption ({CRYPT}, {SHA} + if ( ereg('^[{]([A-Z]|[a-z]|[0-9])+([}!])+', $attr['userPassword'][0])) $return->unix_deactivated=true; + // next line is old code + //if (substr(str_replace('{CRYPT}', '',$attr['userPassword'][0]),0,1) == '!' ) $return->unix_deactivated=true; + if (isset($attr['userPassword'][0])) $return->unix_password = $attr['userPassword'][0]; @@ -821,12 +832,10 @@ function createuser($values) { // Will create the LDAP-Account if ($values->personal_employeeType!='') $attr['employeeType'] = utf8_encode($values->personal_employeeType); // posixAccount_may shadowAccount_may if ($values->unix_password_no) $values->unix_password = ''; - if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password); - else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password); + if ($values->unix_deactivated) $attr['userPassword'] = '!' . crypt($values->unix_password); $attr['shadowLastChange'] = getdays(); // shadowAccount_may $attr['loginShell'] = $values->general_shell; // posixAccount_may $attr['gecos'] = utf8_encode($values->general_gecos); // posixAccount_may - print $attr['gecos']; $attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may @@ -932,6 +941,35 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account if ($values->general_homedir != $values_old->general_homedir) $attr['homeDirectory'] = $values->general_homedir; // posixAccount_req // posixAccount_may shadowAccount_may + // new password code + // Why doesn't ldap encrypt the password if now {???} is given? + // change password if new password is used or account es (un)locked + /* + if ($values->unix_password=='') { + // check if account has been (un)locked + if ($values->unix_deactivated && !$values_old->unix_deactivated) { + // Put ! between {??} andPassword Hash + for ($i=0; $iunix_password); $i++) + if ($values_old->unix_password{$i} == '}') $char = $i; + //$attr['userPassword'] = substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1); + echo $values_old->unix_password."---"; + echo substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1); + } + if (!$values->unix_deactivated && $values_old->unix_deactivated) { + // Remov ! between {??} andPassword Hash + for ($i=0; $iunix_password); $i++) + if ($values_old->unix_password{$i} == '}') $char = $i; + $attr['userPassword'] = substr($values_old->unix_password,0,$char). substr($values_old->unix_password,$char+2,-1); + } + } + else { + // Create new password + $attr['shadowLastChange'] = getdays(); // shadowAccount_may + if ($values->unix_deactivated) $attr['userPassword'] = '!'. $values->unix_password; + else $attr['userPassword'] = $values->unix_password; + } */ + + // old password code $password_old = str_replace('{CRYPT}', '',$values_old->unix_password); if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old)); if ($values->unix_password=='') { diff --git a/lam/templates/account/groupedit.php b/lam/templates/account/groupedit.php index 076d8481..eeeb6fc4 100644 --- a/lam/templates/account/groupedit.php +++ b/lam/templates/account/groupedit.php @@ -46,14 +46,12 @@ if (isset($_GET['DN'])) { $_SESSION['account'] = loadGroupProfile('default'); $_SESSION['account'] ->type = 'group'; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } } else if (count($_POST)==0) { // Startcondition. groupedit.php was called from outside $_SESSION['account'] = loadGroupProfile('default'); $_SESSION['account'] ->type = 'group'; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } switch ($_POST['select']) { // Select which part of page should be loaded and check values @@ -572,8 +570,7 @@ switch ($select_local) { // Select which part of page will be loaded case 'quota': // Quota Settings - - if (!isset($_SESSION['account']->quota)) { // load quotas + if (!isset($_SESSION['account']->quota[0]) || (!isset($_SESSION['account']->quota[0][1])) && isset($_SESSION['account_old']) ) { // load quotas $values = getquotas('group', $_SESSION['account']->general_username); if (is_object($values)) { while (list($key, $val) = each($values)) // Set only defined values @@ -641,6 +638,20 @@ switch ($select_local) { // Select which part of page will be loaded $disabled = "disabled"; } } + + if (!isset($_SESSION['account']->quota[0]) || (!isset($_SESSION['account']->quota[0][1])) && isset($_SESSION['account_old']) ) { // load quotas + $values = getquotas('group', $_SESSION['account']->general_username); + if (is_object($values)) { + while (list($key, $val) = each($values)) // Set only defined values + if (isset($val)) $_SESSION['account']->$key = $val; + } + if (is_object($values) && isset($_SESSION['account_old'])) { + while (list($key, $val) = each($values)) // Set only defined values + if (isset($val)) $_SESSION['account_old']->$key = $val; + } + } + + echo ''; echo "\n"; echo "\n
"; diff --git a/lam/templates/account/hostedit.php b/lam/templates/account/hostedit.php index b5a4e3bc..88005b52 100644 --- a/lam/templates/account/hostedit.php +++ b/lam/templates/account/hostedit.php @@ -53,7 +53,6 @@ if (isset($_GET['DN'])) { $_SESSION['account']->general_homedir = '/dev/null'; $_SESSION['account']->general_shell = '/bin/false'; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } } else if (count($_POST)==0) { // Startcondition. hostedit.php was called from outside @@ -64,7 +63,6 @@ else if (count($_POST)==0) { // Startcondition. hostedit.php was called from out $_SESSION['account']->general_homedir = '/dev/null'; $_SESSION['account']->general_shell = '/bin/false'; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } switch ($_POST['select']) { // Select which part of page should be loaded and check values @@ -171,6 +169,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch if ($_POST['respass']) { $_SESSION['account']->unix_password_no=true; $_SESSION['account']->smb_password_no=true; + $select_local = 'samba'; } break; case 'final': diff --git a/lam/templates/account/useredit.php b/lam/templates/account/useredit.php index f0c22833..01ab6bc8 100644 --- a/lam/templates/account/useredit.php +++ b/lam/templates/account/useredit.php @@ -52,7 +52,6 @@ if (isset($_GET['DN'])) { $_SESSION['account'] ->type = 'user'; $_SESSION['account']->smb_flagsW = 0; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } } else if (count($_POST)==0) { // Startcondition. useredit.php was called from outside @@ -60,7 +59,6 @@ else if (count($_POST)==0) { // Startcondition. useredit.php was called from out $_SESSION['account'] ->type = 'user'; $_SESSION['account']->smb_flagsW = 0; if (isset($_SESSION['account_old'])) unset($_SESSION['account_old']); - $_SESSION['account_old'] = false; } @@ -1088,7 +1086,7 @@ switch ($select_local) { // Select which part of page will be loaded break; case 'quota': // Quota Settings - if (!isset($_SESSION['account']->quota)) { // load quotas + if (!isset($_SESSION['account']->quota[0]) || (!isset($_SESSION['account']->quota[0][1])) && isset($_SESSION['account_old']) ) { // load quotas $values = getquotas('user', $_SESSION['account']->general_username); if (is_object($values)) { while (list($key, $val) = each($values)) // Set only defined values @@ -1099,7 +1097,6 @@ switch ($select_local) { // Select which part of page will be loaded if (isset($val)) $_SESSION['account_old']->$key = $val; } } - echo "\n"; echo "\n
"; echo "
"; @@ -1234,6 +1231,19 @@ switch ($select_local) { // Select which part of page will be loaded $disabled = "disabled"; } } + + if (!isset($_SESSION['account']->quota[0]) || (!isset($_SESSION['account']->quota[0][1])) && isset($_SESSION['account_old']) ) { // load quotas + $values = getquotas('user', $_SESSION['account']->general_username); + if (is_object($values)) { + while (list($key, $val) = each($values)) // Set only defined values + if (isset($val)) $_SESSION['account']->$key = $val; + } + if (is_object($values) && isset($_SESSION['account_old'])) { + while (list($key, $val) = each($values)) // Set only defined values + if (isset($val)) $_SESSION['account_old']->$key = $val; + } + } + echo ''; echo "\n
"; echo "'."\n"; } + if (($_SESSION['account_old']) && ($_SESSION['account']->general_group != $_SESSION['account_old']->general_group)) { + echo ''; + StatusMessage ('INFO', _('Primary group has changed. You have to run the following command as root in order to change existing file-permissions:'), + 'find / -uid ' . $_SESSION['account']->general_uidNumber . ' -gid ' . getgid($_SESSION['account_old']->general_group) .' -exec chown ' . $_SESSION['account']->general_uidNumber . ':'.getgid($_SESSION['account' ]->general_group). ' {} \;'); + echo ''."\n"; + } if (($_SESSION['account_old']) && ($_SESSION['account']->general_homedir != $_SESSION['account_old']->general_homedir)) { echo ''; StatusMessage ('INFO', _('Home Directory has changed. You have to run the following command as root in order to change the existing homedirectory:'),
"; @@ -1275,6 +1285,12 @@ switch ($select_local) { // Select which part of page will be loaded 'find / -gid ' . $_SESSION['account_old' ]->general_uidNumber . ' -exec chown ' . $_SESSION['account']->general_uidNumber . ' {} \;'); echo '