diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 182a5ee2..77ac9c8a 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -210,7 +210,7 @@ function getquotas($type,$user='+') { /* scriptServer is the IP to remote-host to which lam should connect via ssh * scriptPath is Path to lamdaemon.pl on remote system */ - exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals, $status); + exec("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals, $status); /* $vals is a string which contains a two dimensional array. * We have to recreate it with explode * @@ -702,6 +702,8 @@ function loaduser($dn) { $return->general_dn = ldap_get_dn($_SESSION['ldap']->server(), $entry); $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry); + // Set user samba flag + $account_new->smb_flagsW = 0; /* Write attributes into $return. * Some values don't have to be set. These are only loaded if they are set */ @@ -1668,8 +1670,9 @@ function createhost($values) { if ($_SESSION['config']->is_samba3()) { // Add all attributes as samba3 objectclass $attr['objectClass'][3] = 'sambaSamAccount'; - $attr['sambaNTPassword'] = 'NO PASSWORD*****'; - $attr['sambaLMPassword'] = 'NO PASSWORD*****'; + // "Standard" password for new hosts + $attr['sambaNTPassword'] = '0CB6948805F797BF2A82807973B89537'; + $attr['sambaLMPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE'; $attr['sambaPwdLastSet'] = time(); // sambaAccount_may $attr['sambaSID'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may $attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req @@ -1682,8 +1685,9 @@ function createhost($values) { else { // Add all attributes as samba2.2 objectclass $attr['objectClass'][3] = 'sambaAccount'; - $attr['ntPassword'] = 'NO PASSWORD*****'; - $attr['lmPassword'] = 'NO PASSWORD*****'; + // "Standard" password for new hosts + $attr['ntPassword'] = '0CB6948805F797BF2A82807973B89537'; + $attr['lmPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE'; $attr['pwdLastSet'] = time(); // sambaAccount_may $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req @@ -1823,8 +1827,9 @@ function modifyhost($values,$values_old) { } // Reset password if ($values->smb_password_no) { - $attr['sambaNTPassword'] = 'NO PASSWORD*****'; - $attr['sambaLMPassword'] = 'NO PASSWORD*****'; + // "Standard" password for new hosts + $attr['sambaNTPassword'] = '0CB6948805F797BF2A82807973B89537'; + $attr['sambaLMPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE'; $attr['sambaPwdLastSet'] = time(); // sambaAccount_may $attr['userPassword'] = ''; $attr['shadowLastChange'] = getdays(); @@ -1886,8 +1891,9 @@ function modifyhost($values,$values_old) { if (isset($attr_old['sambaSID'][0])) $attr_rem['sambaSID'] = $attr_old['sambaSID'][0]; } if ($values->smb_password_no) { - $attr['ntPassword'] = 'NO PASSWORD*****'; - $attr['lmPassword'] = 'NO PASSWORD*****'; + // "Standard" password for new hosts + $attr['ntPassword'] = '0CB6948805F797BF2A82807973B89537'; + $attr['lmPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE'; $attr['pwdLastSet'] = time(); // sambaAccount_may $attr['userPassword'] = ''; $attr['shadowLastChange'] = getdays(); diff --git a/lam/templates/account/groupedit.php b/lam/templates/account/groupedit.php index b5bb220b..df209c77 100644 --- a/lam/templates/account/groupedit.php +++ b/lam/templates/account/groupedit.php @@ -37,8 +37,8 @@ session_save_path('../../sess'); // Set correct language, codepages, .... setlanguage(); -/* hostaccount.php is using dynamic session varialenames so -* we can run several copies of hostaccount.php at the same +/* groupedit.php is using dynamic session varialenames so +* we can run several copies of groupedit.php at the same * time * $varkey is the dynamic part of the variable name */ @@ -56,7 +56,6 @@ $ldap_intern =& $_SESSION['ldap']; $config_intern =& $_SESSION['config']; $header_intern =& $_SESSION['header']; $userDN_intern =& $_SESSION['userDN']; -// Register Post-Variables as reference // $_GET is only valid if groupedit.php was called from grouplist.php if (isset($_GET['DN']) && $_GET['DN']!='') { @@ -129,7 +128,6 @@ switch ($_POST['select']) { * general = startpage, general account paramters * samba = page with all samba-related parameters e.g. smbpassword * quota = page with all quota-related parameters e.g. hard file quota - * personal = page with all personal-related parametergs, e.g. phone number * final = last page shown before account is created/modified * finish = page shown after account has been created/modified */ @@ -142,11 +140,11 @@ switch ($_POST['select']) { $account_new->unix_memberUid = array_flip($account_new->unix_memberUid); array_unique($account_new->unix_memberUid); $account_new->unix_memberUid = array_flip($account_new->unix_memberUid); - // sort user + // sort users sort($account_new->unix_memberUid); break; } - if (isset($_POST['members']) && isset($_POST['remove'])) { // remove users fromlist + if (isset($_POST['members']) && isset($_POST['remove'])) { // remove users from list $account_new->unix_memberUid = array_delete($_POST['members'], $account_new->unix_memberUid); break; } @@ -155,15 +153,14 @@ switch ($_POST['select']) { $select_local = 'groupmembers'; break; case 'general': - // Write all general attributes into $account_new if no profile should be loaded if (!$_POST['load']) { + // Write all general attributes into $account_new if no profile should be loaded $account_new->general_dn = $_POST['f_general_suffix']; $account_new->general_username = $_POST['f_general_username']; $account_new->general_uidNumber = $_POST['f_general_uidNumber']; $account_new->general_gecos = $_POST['f_general_gecos']; // Check if values are OK and set automatic values. if not error-variable will be set - // Check if Groupname contains only valid characters if ( !ereg('^([a-z]|[0-9]|[.]|[-]|[_])*$', $account_new->general_username)) $errors[] = array('ERROR', _('Groupname'), _('Groupname contains invalid characters. Valid characters are: a-z, 0-9 and .-_ !')); @@ -369,10 +366,10 @@ do { // X-Or, only one if() can be true } // Go back to listgroups.php if ($_POST['backmain']) { - metaRefresh("../lists/listgroups.php"); if (isset($_SESSION['account_'.$varkey.'_account_new'])) unset($_SESSION['account_'.$varkey.'_account_new']); if (isset($_SESSION['account_'.$varkey.'_account_old'])) unset($_SESSION['account_'.$varkey.'_account_old']); if (isset($_SESSION['account_'.$varkey.'_final_changegids'])) unset($_SESSION['account_'.$varkey.'_final_changegids']); + metaRefresh("../lists/listgroups.php"); die; break; } diff --git a/lam/templates/account/hostedit.php b/lam/templates/account/hostedit.php index a804ab59..7321a826 100644 --- a/lam/templates/account/hostedit.php +++ b/lam/templates/account/hostedit.php @@ -90,8 +90,8 @@ switch ($_POST['select']) { * final = page which will be displayed if changes were made */ case 'general': - // Write all general values into $account_new if no profile should be loaded if (!$_POST['load']) { + // Write all general values into $account_new if no profile should be loaded $account_new->general_dn = $_POST['f_general_suffix']; $account_new->general_username = $_POST['f_general_username']; $account_new->general_uidNumber = $_POST['f_general_uidNumber']; @@ -272,9 +272,9 @@ do { // X-Or, only one if() can be true } // Go back to listhosts.php if ($_POST['backmain']) { - metaRefresh("../lists/listhosts.php"); if (isset($_SESSION['account_'.$varkey.'_account_new'])) unset($_SESSION['account_'.$varkey.'_account_new']); if (isset($_SESSION['account_'.$varkey.'_account_old'])) unset($_SESSION['account_'.$varkey.'_account_old']); + metaRefresh("../lists/listhosts.php"); die; break; } diff --git a/lam/templates/account/useredit.php b/lam/templates/account/useredit.php index f714591d..6f799374 100644 --- a/lam/templates/account/useredit.php +++ b/lam/templates/account/useredit.php @@ -23,6 +23,7 @@ $Id$ LDAP Account Manager displays table for creating or modifying accounts in LDAP */ +// include all needed files include_once('../../lib/account.inc'); // File with all account-funtions include_once('../../lib/config.inc'); // File with configure-functions include_once('../../lib/profiles.inc'); // functions to load and save profiles @@ -30,10 +31,17 @@ include_once('../../lib/status.inc'); // Return error-message include_once('../../lib/pdf.inc'); // Return a pdf-file include_once('../../lib/ldap.inc'); // LDAP-functions +// Start session session_save_path('../../sess'); @session_start(); +// Set correct language, codepages, .... setlanguage(); +/* groupedit.php is using dynamic session varialenames so +* we can run several copies of groupedit.php at the same +* time +* $varkey is the dynamic part of the variable name +*/ if (!isset($_POST['varkey'])) $varkey = session_id().time(); else $varkey = $_POST['varkey']; @@ -45,51 +53,56 @@ if (!isset($_SESSION['account_'.$varkey.'_shelllist'])) $_SESSION['account_'.$va // Register Session-Variables with references so we don't net to change to complete code if names changes $account_new =& $_SESSION['account_'.$varkey.'_account_new']; $shelllist =& $_SESSION['account_'.$varkey.'_shelllist']; -$final_changegids =& $_SESSION['account_'.$varkey.'_final_changegids']; if (is_object($_SESSION['account_'.$varkey.'_account_old'])) $account_old =& $_SESSION['account_'.$varkey.'_account_old']; - $ldap_intern =& $_SESSION['ldap']; $config_intern =& $_SESSION['config']; $header_intern =& $_SESSION['header']; $hostDN_intern =& $_SESSION['hostDN']; $groupDN_intern =& $_SESSION['groupDN']; - - +// $_GET is only valid if useredit.php was called from userlist.php if (isset($_GET['DN']) && $_GET['DN']!='') { + // useredit.php should edit an existing account + // reset variables if (isset($_SESSION['account_'.$varkey.'_account_old'])) { unset($account_old); unset($_SESSION['account_'.$varkey.'_account_old']); } $_SESSION['account_'.$varkey.'_account_old'] = new account(); $account_old =& $_SESSION['account_'.$varkey.'_account_old']; + // get "real" DN from variable $DN = str_replace("\'", '',$_GET['DN']); + // Load existing group $account_new = loaduser($DN); $account_new ->type = 'user'; $account_old = $account_new; $account_new->unix_password=''; $account_new->smb_password=''; - $account_new->smb_flagsW = 0; $account_new->general_dn = substr($account_new->general_dn, strpos($account_new->general_dn, ',')+1); - $final_changegids = ''; + // Display general-page + $select_local = 'general'; } - - else if (count($_POST)==0) { // Startcondition. useredit.php was called from outside +// Startcondition. useredit.php was called from outside to create a new group + else if (count($_POST)==0) { + // Create new account object with settings from default profile $account_new = loadUserProfile('default'); $account_new ->type = 'user'; - $account_new->smb_flagsW = 0; - // load quotas from profile and check if they are valid if ($config_intern->scriptServer) { + // load quotas and check if quotas from profile are valid $values = getquotas('user'); - if (isset($account_new->quota[0])) { // check quotas from profile + if (isset($account_new->quota[0])) { + // check quotas from profile $i=0; - // check quota settings + // check quota settings, loop for every partition with quotas while (isset($account_new->quota[$i])) { + // search if quotas from profile fit to a real quota $found = (-1); for ($j=0; $jquota); $j++) if ($values->quota[$j][0]==$account_new->quota[$i][0]) $found = $j; + // unset quota from profile if quotas (mointpoint) doesn't exists anymore if ($found==-1) unset($account_new->quota[$i]); else { + // Set missing part in quota-array $account_new->quota[$i][1] = $values->quota[$found][1]; $account_new->quota[$i][5] = $values->quota[$found][5]; $account_new->quota[$i][4] = $values->quota[$found][4]; @@ -97,83 +110,87 @@ if (isset($_GET['DN']) && $_GET['DN']!='') { $i++; } } + // Beautify array, repair index $account_new->quota = array_values($account_new->quota); } else { // No quotas saved in profile + // Display quotas for new users (Quota set to 0) if (is_object($values)) { while (list($key, $val) = each($values)) // Set only defined values if (isset($val)) $account_new->$key = $val; } } } - if (isset($_SESSION['account_'.$varkey.'_account_old'])) { - unset($account_old); - unset($_SESSION['account_'.$varkey.'_account_old']); - } + // Display general-page + $select_local = 'general'; } -switch ($_POST['select']) { // Select which part of page should be loaded and check values - // general = startpage, general account paramters - // unix = page with all shadow-options and password - // samba = page with all samba-related parameters e.g. smbpassword - // quota = page with all quota-related parameters e.g. hard file quota - // personal = page with all personal-related parametergs, e.g. phone number - // final = last page shown before account is created/modified - // if account is modified commands might be ran are shown - // finish = page shown after account has been created/modified - +switch ($_POST['select']) { + /* Select which part of page should be loaded and check values + * groups = page with all groups to which user is additional member + * workstations = page with all workstations the user is allowed to login + * general = startpage, general account paramters + * samba = page with all samba-related parameters e.g. smbpassword + * quota = page with all quota-related parameters e.g. hard file quota + * personal = page with all personal-related parametergs, e.g. phone number + * final = last page shown before account is created/modified + * finish = page shown after account has been created/modified + */ case 'groups': do { // X-Or, only one if() can be true - if (isset($_POST['allgroups']) && isset($_POST['add'])) { // Add users to list - // Add new user + if (isset($_POST['allgroups']) && isset($_POST['add'])) { // Add groups to list + // Add new group $account_new->general_groupadd = @array_merge($account_new->general_groupadd, $_POST['allgroups']); // remove doubles $account_new->general_groupadd = @array_flip($account_new->general_groupadd); array_unique($account_new->general_groupadd); $account_new->general_groupadd = @array_flip($account_new->general_groupadd); - // sort user + // sort groups sort($account_new->general_groupadd); break; } - if (isset($_POST['selectedgroups']) && isset($_POST['remove'])) { // remove users fromlist + if (isset($_POST['selectedgroups']) && isset($_POST['remove'])) { // remove groups from list $account_new->general_groupadd = array_delete($_POST['selectedgroups'], $account_new->general_groupadd); break; } } while(0); + // display group page $select_local = 'groups'; break; - case 'workstations': do { // X-Or, only one if() can be true - if (isset($_POST['hosts']) && isset($_POST['add'])) { // Add users to list + if (isset($_POST['hosts']) && isset($_POST['add'])) { // Add workstations to list $temp = str_replace(' ', '', $account_new->smb_smbuserworkstations); $workstations = explode (',', $temp); for ($i=0; $ismb_smbuserworkstations = $workstations[0]; for ($i=1; $ismb_smbuserworkstations = $account_new->smb_smbuserworkstations . ", " . $workstations[$i]; } - // display groupmembers page break; } - if (isset($_POST['members']) && isset($_POST['remove'])) { // remove users fromlist + if (isset($_POST['members']) && isset($_POST['remove'])) { // remove // Add workstations from list + // Put all workstations in array $temp = str_replace(' ', '', $account_new->smb_smbuserworkstations); $workstations = explode (',', $temp); for ($i=0; $ismb_smbuserworkstations = $workstations[0]; for ($i=1; $ismb_smbuserworkstations = $account_new->smb_smbuserworkstations . ", " . $workstations[$i]; @@ -181,13 +198,12 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch break; } } while(0); + // display workstations page $select_local = 'workstations'; break; - - case 'general': - // Write all general values into $account_new if no profile should be loaded if (!$_POST['load']) { + // Write all general values into $account_new if no profile should be loaded $account_new->general_dn = $_POST['f_general_suffix']; $account_new->general_username = $_POST['f_general_username']; $account_new->general_surname = $_POST['f_general_surname']; @@ -197,14 +213,6 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch $account_new->general_homedir = $_POST['f_general_homedir']; $account_new->general_shell = $_POST['f_general_shell']; $account_new->general_gecos = $_POST['f_general_gecos']; - - // Check if Homedir is valid - $account_new->general_homedir = str_replace('$group', $account_new->general_group, $account_new->general_homedir); - if ($account_new->general_username != '') - $account_new->general_homedir = str_replace('$user', $account_new->general_username, $account_new->general_homedir); - if ($account_new->general_homedir != $_POST['f_general_homedir']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.')); - if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $account_new->general_homedir )) - $errors[] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.')); // Check if givenname is valid if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $account_new->general_givenname)) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters')); // Check if surname is valid @@ -234,10 +242,20 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch $lastchar = substr($account_new->general_username, strlen($account_new->general_username)-1, 1); // Last character is no number if ( !ereg('^([0-9])+$', $lastchar)) + /* Last character is no number. Therefore we only have to + * add "2" to it. + */ $account_new->general_username = $account_new->general_username . '2'; else { + /* Last character is a number -> we have to increase the number until we've + * found a groupname with trailing number which is not in use. + * + * $i will show us were we have to split groupname so we get a part + * with the groupname and a part with the trailing number + */ $i=strlen($account_new->general_username)-1; $mark = false; + // Set $i to the last character which is a number in $account_new->general_username while (!$mark) { if (ereg('^([0-9])+$',substr($account_new->general_username, $i, strlen($account_new->general_username)-$i))) $i--; else $mark=true; @@ -245,23 +263,29 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch // increase last number with one $firstchars = substr($account_new->general_username, 0, $i+1); $lastchars = substr($account_new->general_username, $i+1, strlen($account_new->general_username)-$i); + // Put username together $account_new->general_username = $firstchars . (intval($lastchars)+1); } } + // Show warning if lam has changed username if ($account_new->general_username != $_POST['f_general_username']) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.')); - + // Check if Homedir is valid + $account_new->general_homedir = str_replace('$group', $account_new->general_group, $account_new->general_homedir); + if ($account_new->general_username != '') + $account_new->general_homedir = str_replace('$user', $account_new->general_username, $account_new->general_homedir); + if ($account_new->general_homedir != $_POST['f_general_homedir']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.')); + if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $account_new->general_homedir )) + $errors[] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.')); // Check if UID is valid. If none value was entered, the next useable value will be inserted $temp = explode(':', checkid($account_new, $account_old)); $account_new->general_uidNumber = $temp[0]; // true if checkid has returned an error if ($temp[1]!='') $errors[] = explode(';',$temp[1]); - // Check if Name-length is OK. minLength=3, maxLength=20 if ( !ereg('.{3,20}', $account_new->general_username)) $errors[] = array('ERROR', _('Name'), _('Name must contain between 3 and 20 characters.')); // Check if Name starts with letter if ( !ereg('^([a-z]|[A-Z]).*$', $account_new->general_username)) $errors[] = array('ERROR', _('Name'), _('Name contains invalid characters. First character must be a letter')); - } break; case 'unix': @@ -292,26 +316,25 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch // Keep unix-page acitve $select_local = 'unix'; } - // Check if values are OK and set automatic values. if not error-variable will be set - else { // account.inc - if ($account_new->unix_password != '') { - $iv = base64_decode($_COOKIE["IV"]); - $key = base64_decode($_COOKIE["Key"]); - $password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv); - $password = str_replace(chr(00), '', $password); - } - if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $password)) - $errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); - if ( !ereg('^([0-9])*$', $account_new->unix_pwdminage)) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.')); - if ( $account_new->unix_pwdminage > $account_new->unix_pwdmaxage ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.')); - if ( !ereg('^([0-9]*)$', $account_new->unix_pwdmaxage)) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.')); - if ( !ereg('^(([-][1])|([0-9]*))$', $account_new->unix_pwdallowlogin)) - $errors[] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.')); - if ( !ereg('^([0-9]*)$', $account_new->unix_pwdwarn)) $errors[] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.')); - if ((!$account_new->unix_host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $account_new->unix_host)) - $errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.')); + // Check if values are OK and set automatic values. if not error-variable will be set + else { // account.inc + if ($account_new->unix_password != '') { + $iv = base64_decode($_COOKIE["IV"]); + $key = base64_decode($_COOKIE["Key"]); + $password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv); + $password = str_replace(chr(00), '', $password); } - + if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $password)) + $errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); + if ( !ereg('^([0-9])*$', $account_new->unix_pwdminage)) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.')); + if ( $account_new->unix_pwdminage > $account_new->unix_pwdmaxage ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.')); + if ( !ereg('^([0-9]*)$', $account_new->unix_pwdmaxage)) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.')); + if ( !ereg('^(([-][1])|([0-9]*))$', $account_new->unix_pwdallowlogin)) + $errors[] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.')); + if ( !ereg('^([0-9]*)$', $account_new->unix_pwdwarn)) $errors[] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.')); + if ((!$account_new->unix_host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $account_new->unix_host)) + $errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.')); + } break; case 'samba': // Write all general values into $account_new @@ -328,26 +351,19 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch $account_new->smb_smbhome = stripslashes($_POST['f_smb_smbhome']); $account_new->smb_profilePath = stripslashes($_POST['f_smb_profilePath']); $account_new->smb_displayName = $_POST['f_smb_displayName']; - if ($_POST['f_smb_flagsW']) $account_new->smb_flagsW = true; - else $account_new->smb_flagsW = false; if ($_POST['f_smb_flagsD']) $account_new->smb_flagsD = true; else $account_new->smb_flagsD = false; if ($_POST['f_smb_flagsX']) $account_new->smb_flagsX = true; else $account_new->smb_flagsX = false; if ($config_intern->is_samba3()) { + // samba 3 uses object with SID and domainname $samba3domains = $ldap_intern->search_domains($config_intern->get_domainSuffix()); for ($i=0; $iname) { $account_new->smb_domain = $samba3domains[$i]; } - } - else { - if (isset($_POST['f_smb_domain'])) $account_new->smb_domain = $_POST['f_smb_domain']; - else $account_new->smb_domain = ''; - } - - if ($config_intern->is_samba3()) + // Check if user is member of a well known windows group switch ($_POST['f_smb_mapgroup']) { case '*'._('Domain Guests'): $account_new->smb_mapgroup = $account_new->smb_domain->SID . "-" . '514'; break; case '*'._('Domain Users'): $account_new->smb_mapgroup = $account_new->smb_domain->SID . "-" . '513'; break; @@ -357,7 +373,12 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch (2 * getgid($account_new->general_group) + $account_new->smb_domain->RIDbase +1); break; } - else + } + else { + // samba 2.2 only uses a string as domainname + if (isset($_POST['f_smb_domain'])) $account_new->smb_domain = $_POST['f_smb_domain']; + else $account_new->smb_domain = ''; + // Check if user is member of a well known windows group switch ($_POST['f_smb_mapgroup']) { case '*'._('Domain Guests'): $account_new->smb_mapgroup = '514'; break; case '*'._('Domain Users'): $account_new->smb_mapgroup = '513'; break; @@ -366,30 +387,27 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch $account_new->smb_mapgroup = (2 * getgid($account_new->general_group) + 1001); break; } - - + } + // Set samba password $smb_password = $_POST['f_smb_password']; - // Decrypt unix-password if needed password $iv = base64_decode($_COOKIE["IV"]); $key = base64_decode($_COOKIE["Key"]); if ( ($account_new->smb_useunixpwd && !$account_old) || ($account_new->smb_useunixpwd && $account_new->unix_password!='') ) { - $smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv); - $smb_password = str_replace(chr(00), '', $smb_password); + // Set Samba-Password to unix-password if option is set + $unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv); + $smb_password = str_replace(chr(00), '', $unix_password); } // Check values $account_new->smb_scriptPath = str_replace('$user', $account_new->general_username, $account_new->smb_scriptPath); $account_new->smb_scriptPath = str_replace('$group', $account_new->general_group, $account_new->smb_scriptPath); if ($account_new->smb_scriptPath != $_POST['f_smb_scriptpath']) $errors[] = array('INFO', _('Script path'), _('Inserted user- or groupname in scriptpath.')); - $account_new->smb_profilePath = str_replace('$user', $account_new->general_username, $account_new->smb_profilePath); $account_new->smb_profilePath = str_replace('$group', $account_new->general_group, $account_new->smb_profilePath); if ($account_new->smb_profilePath != stripslashes($_POST['f_smb_profilePath'])) $errors[] = array('INFO', _('Profile path'), _('Inserted user- or groupname in profilepath.')); - $account_new->smb_smbhome = str_replace('$user', $account_new->general_username, $account_new->smb_smbhome); $account_new->smb_smbhome = str_replace('$group', $account_new->general_group, $account_new->smb_smbhome); if ($account_new->smb_smbhome != stripslashes($_POST['f_smb_smbhome'])) $errors[] = array('INFO', _('Home path'), _('Inserted user- or groupname in HomePath.')); - if ( (!$account_new->smb_smbhome=='') && (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+)+$', $account_new->smb_smbhome))) $errors[] = array('ERROR', _('Home path'), _('Home path is invalid.')); if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', @@ -403,12 +421,10 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch if ((!$account_new->smb_domain=='') && (!is_object($account_new->smb_domain)) && !ereg('^([a-z]|[A-Z]|[0-9]|[-])+$', $account_new->smb_domain)) $errors[] = array('ERROR', _('Domain name'), _('Domain name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.')); if ($account_new->smb_useunixpwd) $account_new->smb_useunixpwd = 1; else $account_new->smb_useunixpwd = 0; - if (($account_new->smb_displayName=='') && isset($account_new->general_gecos)) { $account_new->smb_displayName = $account_new->general_gecos; $errors[] = array('INFO', _('Display name'), _('Inserted gecos-field as display name.')); } - if ($smb_password!='') { // Encrypt password $account_new->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $smb_password, @@ -419,6 +435,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch case 'quota': // Write all general values into $account_new $i=0; + // loop for every mointpoint with quotas while ($account_new->quota[$i][0]) { $account_new->quota[$i][2] = $_POST['f_quota_'.$i.'_2']; $account_new->quota[$i][3] = $_POST['f_quota_'.$i.'_3']; @@ -436,7 +453,6 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch $i++; } break; - case 'personal': // Write all general values into $account_new $account_new->personal_title = $_POST['f_personal_title']; @@ -459,16 +475,13 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_employeeType)) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!')); if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $account_new->personal_postalCode)) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!')); break; - case 'final': // Write all general values into $account_new - if ($_POST['f_final_changegids']) $final_changegids = $_POST['f_final_changegids'] ; - // Check which part Site should be displayed next break; case 'finish': // Check if pdf-file should be created if ($_POST['outputpdf']) { - // Quota Settings + // Load quotas if not yet done because they are needed for the pdf-file if ($config_intern->scriptServer && !isset($account_new->quota[0])) { // load quotas $values = getquotas('user', $account_old->general_username); if (is_object($values)) { @@ -480,7 +493,9 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch if (isset($val)) $account_old->$key = $val; } } - createUserPDF(array($account_new)); + // Create / display PDf-file + createUSerPDF(array($account_new)); + // Stop script die; } break; @@ -490,50 +505,96 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch do { // X-Or, only one if() can be true if ($_POST['next_general']) { + // Go from general to next page if no error did ocour if (!is_array($errors)) $select_local='general'; else $select_local=$_POST['select']; break; } if ($_POST['next_unix']) { + // Go from unix to next page if no error did ocour if (!is_array($errors)) $select_local='unix'; else $select_local=$_POST['select']; break; } if ($_POST['next_samba']) { + // Go from samba to next page if no error did ocour if (!is_array($errors)) $select_local='samba'; else $select_local=$_POST['select']; break; } if ($_POST['next_quota']) { + // Go from quota to next page if no error did ocour if (!is_array($errors)) $select_local='quota'; else $select_local=$_POST['select']; break; } if ($_POST['next_personal']) { + // Go from personal to next page if no error did ocour if (!is_array($errors)) $select_local='personal'; else $select_local=$_POST['select']; break; } if ($_POST['next_final']) { + // Go from final to next page if no error did ocour + if (($account_old) && ($account_new->general_uidNumber != $account_old->general_uidNumber)) + $errors[] = array('INFO', _('UID-number has changed. You have to run the following command as root in order to change existing file-permissions:'), + 'find / -gid ' . $account_old->general_uidNumber . ' -exec chown ' . $account_new->general_uidNumber . ' {} \;'); + if (($account_old) && ($account_new->general_group != $account_old->general_group)) + $errors[] = array('INFO', _('Primary group has changed. You have to run the following command as root in order to change existing file-permissions:'), + 'find / -uid ' . $account_new->general_uidNumber . ' -gid ' . getgid($account_old->general_group) .' -exec chown ' . $account_new->general_uidNumber . ':'.getgid($account_new->general_group). ' {} \;'); + if (($account_old) && ($account_new->general_homedir != $account_old->general_homedir)) + $errors[] = array('INFO', _('Home Directory has changed. You have to run the following command as root in order to change the existing homedirectory:'), + 'mv ' . $account_old->general_homedir . ' ' . $account_new->general_homedir); + if ($config_intern->is_samba3() && !isset($account_new->smb_domain)) + // Samba page not viewed; can not create user because if missing options + $errors[] = array("ERROR", _("Samba Options not set!"), _("Please check settings on samba page.")); + else { + $found = false; + if (strstr($account_new->smb_scriptPath, '$group')) $found = true; + if (strstr($account_new->smb_scriptPath, '$user')) $found = true; + if (strstr($account_new->smb_profilePath, '$group')) $found = true; + if (strstr($account_new->smb_profilePath, '$user')) $found = true; + if (strstr($account_new->smb_smbhome, '$group')) $found = true; + if (strstr($account_new->smb_smbhome, '$user')) $found = true; + if ($found) + // Samba page not viewed; can not create group because if missing options + $errors[] = array("ERROR", _("Samba Options not set!"), _("Please check settings on samba page.")); + } + if (isset($account_old->general_objectClass)) { + if (!in_array('posixAccount', $account_old->general_objectClass)) + $errors[] = array('WARN', _('ObjectClass posixAccount not found.'), _('Have to add objectClass posixAccount.')); + if (!in_array('shadowAccount', $account_old->general_objectClass)) + $errors[] = array('WARN', _('ObjectClass shadowAccount.'), _('Have to add objectClass shadowAccount.')); + if ($config_intern->is_samba3()) { + if (!in_array('sambaSamAccount', $account_old->general_objectClass)) + $errors[] = array('WARN', _('ObjectClass sambaSamAccount not found.'), _('Have to add objectClass sambaSamAccount. USer with sambaAccount will be updated.')); + } + else { + if (!in_array('sambaAccount', $account_old->general_objectClass)) + $errors[] = array('WARN', _('ObjectClass sambaAccount not found.'), _('Have to add objectClass sambaAccount. User with sambaSamAccount will be set back to sambaAccount.')); + } + } if (!is_array($errors)) $select_local='final'; else $select_local=$_POST['select']; break; } if ($_POST['next_workstations']) { + // Go from workstations to next page if no error did ocour if (!is_array($errors)) $select_local='workstations'; else $select_local=$_POST['select']; break; } if ($_POST['next_groups']) { + // Go from groups to next page if no error did ocour if (!is_array($errors)) $select_local='groups'; else $select_local=$_POST['select']; break; } + // Reset account to original settings if undo-button was pressed if ($_POST['next_reset']) { $account_new = $account_old; $account_new->unix_password=''; $account_new->smb_password=''; - $account_new->smb_flagsW = 0; $account_new->general_dn = substr($account_new->general_dn, strpos($account_new->general_dn, ',')+1); $select_local = $_POST['select']; break; @@ -542,19 +603,22 @@ do { // X-Or, only one if() can be true // Create or modify an account if ($account_old) $result = modifyuser($account_new,$account_old); else $result = createuser($account_new); // account.inc - if ( $result==1 || $result==3 ) $select_local = 'finish'; - else $select_local = 'final'; + if ( $result==4 || $result==5 ) $select_local = 'final'; + else $select_local = 'finish'; break; } + // Load Profile and reset all attributes to settings in profile if ($_POST['createagain']) { $select_local='general'; + unset ($_SESSION['account_'.$varkey.'_account_new']); unset($account_new); - $account_new = loadUserProfile('default'); + $_SESSION['account_'.$varkey.'_account_new'] = loadUserProfile('default'); + $account_new =& $_SESSION['account_'.$varkey.'_account_new']; $account_new ->type = 'user'; break; } + // Load Profile and reset all attributes to settings in profile if ($_POST['load']) { - // load profile $account_new->general_dn = $_POST['f_general_suffix']; $account_new->general_username = $_POST['f_general_username']; $account_new->general_surname = $_POST['f_general_surname']; @@ -578,27 +642,28 @@ do { // X-Or, only one if() can be true $account_new->smb_scriptPath = str_replace('$group', $account_new->general_group, $account_new->smb_scriptPath); if ($account_new->general_username != '') $account_new->smb_scriptPath = str_replace('$user', $account_new->general_username, $account_new->smb_scriptPath); - $account_new->smb_profilePath = str_replace('$group', $account_new->general_group, $account_new->smb_profilePath); if ($account_new->general_username != '') $account_new->smb_profilePath = str_replace('$user', $account_new->general_username, $account_new->smb_profilePath); - $account_new->smb_smbhome = str_replace('$group', $account_new->general_group, $account_new->smb_smbhome); if ($account_new->general_username != '') $account_new->smb_smbhome = str_replace('$user', $account_new->general_username, $account_new->smb_smbhome); - if ($config_intern->scriptServer) { - // load quotas from profile and check if they are valid - $values = getquotas('user', $account_old->general_username); - if (isset($account_new->quota[0])) { // check quotas from profile + // load quotas and check if quotas from profile are valid + $values = getquotas('user'); + if (isset($account_new->quota[0])) { + // check quotas from profile $i=0; - // check quota settings + // check quota settings, loop for every partition with quotas while (isset($account_new->quota[$i])) { + // search if quotas from profile fit to a real quota $found = (-1); for ($j=0; $jquota); $j++) if ($values->quota[$j][0]==$account_new->quota[$i][0]) $found = $j; + // unset quota from profile if quotas (mointpoint) doesn't exists anymore if ($found==-1) unset($account_new->quota[$i]); else { + // Set missing part in quota-array $account_new->quota[$i][1] = $values->quota[$found][1]; $account_new->quota[$i][5] = $values->quota[$found][5]; $account_new->quota[$i][4] = $values->quota[$found][4]; @@ -606,27 +671,35 @@ do { // X-Or, only one if() can be true $i++; } } + // Beautify array, repair index $account_new->quota = array_values($account_new->quota); } else { // No quotas saved in profile + // Display quotas for new users (Quota set to 0) if (is_object($values)) { while (list($key, $val) = each($values)) // Set only defined values if (isset($val)) $account_new->$key = $val; } } - $account_old->quota = $values->quota; } // select general page after group has been loaded $select_local='general'; break; } + // Save Profile if ($_POST['save']) { // save profile - saveUserProfile($account_new, $_POST['f_finish_safeProfile']); + if ($_POST['f_finish_safeProfile']=='') + $errors[] = array('ERROR', _('Save profile'), _('No profilename given.')); + else { + saveUSerProfile($account_new, $_POST['f_finish_safeProfile']); + $errors[] = array('INFO', _('Save profile'), _('New profile created.')); + } // select last page displayed before user is created $select_local='final'; break; } + // Go back to listgroups.php if ($_POST['backmain']) { if (isset($_SESSION['account_'.$varkey.'_account_new'])) unset($_SESSION['account_'.$varkey.'_account_new']); if (isset($_SESSION['account_'.$varkey.'_account_old'])) unset($_SESSION['account_'.$varkey.'_account_old']); @@ -636,7 +709,6 @@ do { // X-Or, only one if() can be true die; break; } - if (!$select_local) $select_local='general'; } while(0); @@ -652,31 +724,38 @@ echo "\n". "
\n". "\n"; +// Display errir-messages if (is_array($errors)) for ($i=0; $ismb_smbuserworkstations); $workstations = explode (',', $temp); + // Remove workstations to which the user is allowed to login from array $hosts = array_delete($workstations, $hosts); echo ''; echo "\n
"; @@ -706,6 +785,7 @@ switch ($select_local) { // Select which part of page will be loaded echo "
"; echo _("Allowed workstations"); echo "\n"; + // display all workstations the user is allowed to login if (count($workstations)!=0) { echo "\n"; foreach ($hosts as $temp) echo " \n"; @@ -729,18 +810,23 @@ switch ($select_local) { // Select which part of page will be loaded echo "\n"; echo "
\n\n\n"; break; - case 'groups': + // Validate cache-array ldapreload('group'); + // Get copy of cache-array $temp2 = $groupDN_intern; + // unset timestamp stored in $temp2[0] unset($temp2[0]); + // load list with all groups foreach ($temp2 as $temp) $groups[] = $temp['cn']; + // sort groups sort($groups, SORT_STRING); + // remove groups the user is member of from grouplist $groups = array_delete($account_new->general_groupadd, $groups); + // Remove primary group from grouplist $groups = array_flip($groups); - unset ($groups[$account_new->general_group]); + if (isset($groups[$account_new->general_group])) unset ($groups[$account_new->general_group]); $groups = array_flip($groups); - echo ''; echo "\n\n
"; echo "
"; @@ -769,6 +855,7 @@ switch ($select_local) { // Select which part of page will be loaded echo "
"; echo _("Selected groups"); echo "\n"; + // Show all groups the user is additional member of if (count($account_new->general_groupadd)!=0) { echo "
"; echo _('Available groups'); echo "\n"; + // show all groups expect these the user is member of if (count($groups)!=0) { echo "\n"; echo "
\n
\n"; break; - - case 'general': // General Account Settings // load list of all groups $groups = findgroups(); + // load list of profiles $profilelist = getUserProfiles(); - // Show page info - // Show page info echo ''; echo "\n\n\n
"; echo "'."\n".'\n\n
"; @@ -889,6 +974,7 @@ switch ($select_local) { // Select which part of page will be loaded ''._('Help').''. '
'; echo _('Suffix'); echo '
"; echo _('Values with * are required'); echo "\n
"; + // Show fieldset with list of all user profiles if (count($profilelist)!=0) { echo "
"; echo _("Load profile"); @@ -913,7 +1000,6 @@ switch ($select_local) { // Select which part of page will be loaded echo _('Help')."
\n\n"; } echo "\n\n\n"; - break; case 'unix': // Unix Password Settings @@ -925,6 +1011,7 @@ switch ($select_local) { // Select which part of page will be loaded $password = str_replace(chr(00), '', $password); } else $password=''; + // Use dd-mm-yyyy format of date because it's easier to read for humans $date = getdate ($account_new->unix_pwdexpire); echo "\n"; echo "\n'."\n".''."\n".''."\n".''."\n".'\n\n
"; @@ -1005,16 +1092,19 @@ switch ($select_local) { // Select which part of page will be loaded if ($account_new->unix_deactivated) echo ' checked '; echo '>'. ''._('Help').''. - '
'; - echo _('Unix workstations'); - echo ''. - ''. - ''._('Help'). - "
"; + ''."\n"; + // show only hosts if schema does allow hosts + if ($_SESSION['ldap']->support_unix_hosts) { + echo ''; + echo _('Unix workstations'); + echo ''."\n".''. + ''."\n".''. + ''._('Help'). + "\n\n"; + } + echo "\n"; echo _('Values with * are required'); echo "\n\n\n"; - - break; case 'samba': // Samba Settings @@ -1027,10 +1117,11 @@ switch ($select_local) { // Select which part of page will be loaded } else $password = ""; if ($config_intern->is_samba3()) $samba3domains = $ldap_intern->search_domains($config_intern->get_domainSuffix()); + // Use dd-mm-yyyy format of date because it's easier to read for humans $canchangedate = getdate($account_new->smb_pwdcanchange); $mustchangedate = getdate($account_new->smb_pwdmustchange); - echo ''; + // Save all values smaller than "day" so we don't loose them echo ''. ''. ''. @@ -1132,7 +1223,7 @@ switch ($select_local) { // Select which part of page will be loaded ''."\n".''; echo _('Home drive'); echo ''."\n".''."\n".''. ''._('Help').''. @@ -1159,6 +1250,7 @@ switch ($select_local) { // Select which part of page will be loaded ''."\n".''; echo _('Windows groupname'); echo ''."\n".''; for ($i=0; $ismb_domain->name) { @@ -1253,6 +1347,7 @@ switch ($select_local) { // Select which part of page will be loaded echo ''; } else { + // Samba 2.2 just uses a string as domain name echo ''."\n".''; } echo ''."\n".''._('Help').''."\n"; @@ -1260,6 +1355,7 @@ switch ($select_local) { // Select which part of page will be loaded break; case 'quota': // Quota Settings + // Load quotas if not yet done if ($config_intern->scriptServer && !isset($account_new->quota[0])) { // load quotas $values = getquotas('user', $account_old->general_username); if (is_object($values)) { @@ -1303,6 +1399,7 @@ switch ($select_local) { // Select which part of page will be loaded ''._('Help').''."\n".''._('Help').''."\n".''. ''._('Help').''."\n"; $i=0; + // loop for every mointpoint with enabled quotas while ($account_new->quota[$i][0]) { echo ''.$account_new->quota[$i][0].''.$account_new->quota[$i][1].''; // used blocks echo ''; // blocks soft limit @@ -1316,7 +1413,6 @@ switch ($select_local) { // Select which part of page will be loaded } echo "\n\n\n\n"; break; - case 'personal': // Personal Settings echo "\n"; @@ -1399,12 +1495,6 @@ switch ($select_local) { // Select which part of page will be loaded break; case 'final': // Final Settings - $disabled = ""; - if ($config_intern->is_samba3()) { - if (!isset($account_new->smb_domain)) { // Samba page nit viewd; can not create group because if missing options - $disabled = "disabled"; - } - } echo ''; echo "\n
"; echo "
"; @@ -1440,76 +1530,7 @@ switch ($select_local) { // Select which part of page will be loaded else echo _('Create'); echo "\n"; echo ""; - if (($account_old) && ($account_new->general_uidNumber != $account_old->general_uidNumber)) { - echo ''; - StatusMessage ('INFO', _('UID-number has changed. You have to run the following command as root in order to change existing file-permissions:'), - 'find / -gid ' . $account_old->general_uidNumber . ' -exec chown ' . $account_new->general_uidNumber . ' {} \;'); - echo ''."\n"; - } - if (($account_old) && ($account_new->general_group != $account_old->general_group)) { - echo ''; - StatusMessage ('INFO', _('Primary group has changed. You have to run the following command as root in order to change existing file-permissions:'), - 'find / -uid ' . $account_new->general_uidNumber . ' -gid ' . getgid($account_old->general_group) .' -exec chown ' . $account_new->general_uidNumber . ':'.getgid($account_new->general_group). ' {} \;'); - echo ''."\n"; - } - if (($account_old) && ($account_new->general_homedir != $account_old->general_homedir)) { - echo ''; - StatusMessage ('INFO', _('Home Directory has changed. You have to run the following command as root in order to change the existing homedirectory:'), - 'mv ' . $account_old->general_homedir . ' ' . $account_new->general_homedir); - echo ''."\n"; - } - - if ($disabled=='disabled') { // Samba page nit viewd; can not create group because if missing options - echo ""; - StatusMessage("ERROR", _("Samba Options not set!"), _("Please check settings on samba page.")); - echo ""; - } - - else { - $found = false; - if (strstr($account_new->smb_scriptPath, '$group')) $found = true; - if (strstr($account_new->smb_scriptPath, '$user')) $found = true; - if (strstr($account_new->smb_profilePath, '$group')) $found = true; - if (strstr($account_new->smb_profilePath, '$user')) $found = true; - if (strstr($account_new->smb_smbhome, '$group')) $found = true; - if (strstr($account_new->smb_smbhome, '$user')) $found = true; - if ($found) { // Samba page nit viewd; can not create group because if missing options - $disabled = "disabled"; - echo ""; - StatusMessage("ERROR", _("Samba Options not set!"), _("Please check settings on samba page.")); - echo ""; - } - } - - if (isset($account_old->general_objectClass)) { - if (!in_array('posixAccount', $account_old->general_objectClass)) { - echo ''; - StatusMessage('WARN', _('ObjectClass posixAccount not found.'), _('Have to add objectClass posixAccount.')); - echo "\n"; - } - if (!in_array('shadowAccount', $account_old->general_objectClass)) { - echo ''; - StatusMessage('WARN', _('ObjectClass shadowAccount.'), _('Have to add objectClass shadowAccount.')); - echo "\n"; - } - if ($config_intern->is_samba3()) { - if (!in_array('sambaSamAccount', $account_old->general_objectClass)) { - echo ''; - StatusMessage('WARN', _('ObjectClass sambaSamAccount not found.'), _('Have to add objectClass sambaSamAccount. USer with sambaAccount will be updated.')); - echo "\n"; - }} - else - if (!in_array('sambaAccount', $account_old->general_objectClass)) { - echo ''; - StatusMessage('WARN', _('ObjectClass sambaAccount not found.'), _('Have to add objectClass sambaAccount. User with sambaSamAccount will be set back to sambaAccount.')); - echo "\n"; - } - } - - - - - echo "
'."\n";