added new get_preg function. Changed all modules to use get_reg

Changed Status Messages in Module. Thex are now all stored in a single array.
Changed Password handling in psoxGroup and posixAccount
This commit is contained in:
katagia 2004-09-26 13:48:52 +00:00
parent bbc8ef2b6d
commit e53a3874cb
11 changed files with 357 additions and 634 deletions

View File

@ -424,17 +424,17 @@ function get_preg($argument, $regexp) {
// First we check "positive" cases // First we check "positive" cases
$pregexpr = ''; $pregexpr = '';
switch ($regexp) { switch ($regexp) {
case "password": // fixme where do i get an exact regexp? case 'password': // fixme where do i get an exact regexp?
$pregexpr = '/^([[:alnum:]\\ \\|\\#\\*\\,\\.\\;\\:\\_\\+\\!\\%\\&\\/\\?\\{\\(\\)\\}-])*$/'; $pregexpr = '/^([[:alnum:]\\ \\|\\#\\*\\,\\.\\;\\:\\_\\+\\!\\%\\&\\/\\?\\{\\(\\)\\}-])*$/';
break; break;
case "groupname": // first character must be a letter. All letters, numbers, space and ._- are allowed characters case 'groupname': // first character must be a letter. All letters, numbers, space and ._- are allowed characters
case "username": // first character must be a letter. All letters, numbers, space and ._- are allowed characters case 'username': // first character must be a letter. All letters, numbers, space and ._- are allowed characters
$pregexpr = '/^[[:alpha:]]([[:alnum:]\\.\\ \\_-])*$/'; $pregexpr = '/^[[:alpha:]]([[:alnum:]\\.\\ \\_-])*$/';
break; break;
case "hostname": // first character must be letter, last must be $. Only normal letters, numbers and ._- are allowed case 'hostname': // first character must be letter, last must be $. Only normal letters, numbers and ._- are allowed
$pregexpr = '/^[a-zA-Z]([a-zA-Z0-9\\.\\_-])*\\$$/'; $pregexpr = '/^[a-zA-Z]([a-zA-Z0-9\\.\\_-])*\\$$/';
break; break;
case "realname": // Allow all letters, space and .-_ case 'realname': // Allow all letters, space and .-_
$pregexpr = '/^[[:alpha:]]([[:alpha:]\\.\\ \\_-])*$/'; $pregexpr = '/^[[:alpha:]]([[:alpha:]\\.\\ \\_-])*$/';
break; break;
case "telephone": // Allow numbers, space, brackets, /-+. case "telephone": // Allow numbers, space, brackets, /-+.
@ -452,7 +452,7 @@ function get_preg($argument, $regexp) {
case "employeeType": // Allow all letters, numbers, space and .-_ case "employeeType": // Allow all letters, numbers, space and .-_
$pregexpr = '/^([[:alnum:]\\.\\ \\_-])*$/'; $pregexpr = '/^([[:alnum:]\\.\\ \\_-])*$/';
break; break;
case "homedir": // Homapath, /path/...... case "homeDirectory": // Homapath, /path/......
$pregexpr = '/^[/]([[:alnum:]\\.\\ \\_-)+([/]([[:alnum:]\\.\\ \\_-)+)*$/'; $pregexpr = '/^[/]([[:alnum:]\\.\\ \\_-)+([/]([[:alnum:]\\.\\ \\_-)+)*$/';
break; break;
case "digit": // Normal number case "digit": // Normal number
@ -468,7 +468,10 @@ function get_preg($argument, $regexp) {
$pregexpr = '/^(([a-zA-Z0-9\\.\\_-])+(,[a-zA-Z0-9\\.\\_-])*)*$/'; $pregexpr = '/^(([a-zA-Z0-9\\.\\_-])+(,[a-zA-Z0-9\\.\\_-])*)*$/';
break; break;
case "domainname": // Windows Domainname case "domainname": // Windows Domainname
$pregexpr = '/^([a-z0-9\\_-])+$/'; $pregexpr = '/^([a-z0-9\\.\\_-])+$/';
break;
case "unixhost": // Unix hosts
$pregexpr = '/^([a-z0-9\\.\\_-])*$/';
break; break;
case 'digit2': // Same as digit but also -1 case 'digit2': // Same as digit but also -1
$pregexpr = '/^(([-][1])|([:digit:]*))$/'; $pregexpr = '/^(([-][1])|([:digit:]*))$/';
@ -480,7 +483,15 @@ function get_preg($argument, $regexp) {
// Now we check "negative" cases, characters which are not allowed // Now we check "negative" cases, characters which are not allowed
$pregexpr = ''; $pregexpr = '';
switch ($regexp) { switch ($regexp) {
case "dummy": $pregexpr = '/^([a-z])*$/'; break; case "!lower":
$pregexpr = '/[[:lower:]]/';
break;
case "!upper":
$pregexpr = '/[[:upper:]]/';
break;
case "!digit":
$pregexpr = '/[[:digit:]]/';
break;
} }
if ($pregexpr!='') if ($pregexpr!='')
if (!preg_match($pregexpr, $argument)) return true; if (!preg_match($pregexpr, $argument)) return true;

View File

@ -90,6 +90,7 @@ class baseModule {
} }
$objectClassName = substr($_SESSION['ldap']->objectClasses[$line], 6+strpos($_SESSION['ldap']->objectClasses[$line], "NAME '"), strlen(get_class($this)) ); $objectClassName = substr($_SESSION['ldap']->objectClasses[$line], 6+strpos($_SESSION['ldap']->objectClasses[$line], "NAME '"), strlen(get_class($this)) );
$this->attributes['objectClass'][0] = $objectClassName; $this->attributes['objectClass'][0] = $objectClassName;
$this->load_Messages();
} }

View File

@ -20,23 +20,6 @@ $Id$
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
/*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host, domain
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
*/
/* This class contains all account LDAP attributes
* and funtioncs required to deal with account
* account can only be created when it should be added
* to an array.
* $base is the name of account_container in session
*
*/
class account extends baseModule { class account extends baseModule {
/** /**
@ -65,15 +48,6 @@ class account extends baseModule {
parent::init($base); parent::init($base);
} }
// Variables
// This variable contains all account attributes
var $attributes;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig;
/* This function returns true if all required attributes from other /* This function returns true if all required attributes from other
* modules are set. This is required to prevent undefined states * modules are set. This is required to prevent undefined states
*/ */
@ -110,26 +84,7 @@ class account extends baseModule {
* $attr is an array as it's retured from ldap_get_attributes * $attr is an array as it's retured from ldap_get_attributes
*/ */
function load_attributes($attr) { function load_attributes($attr) {
// Load attributes which are displayed $this->load_ldap_attributes($attr);
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) {
$this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
$this->orig[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
}
}
}
// Add objectClass to orig because we don't want to add objectClass if it's already set
$this->orig['objectClass'][0] = 'account';
return 0; return 0;
} }

View File

@ -41,23 +41,27 @@ class inetOrgPerson extends baseModule {
* Creates a new inetOrgPerson object. * Creates a new inetOrgPerson object.
*/ */
function inetOrgPerson($scope) { function inetOrgPerson($scope) {
// error messages for input checks
$this->messages['host'] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
$this->messages['givenName'] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
$this->messages['surname'] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
$this->messages['telephoneNumber'] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
$this->messages['mobileTelephone'] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
$this->messages['facsimileNumber'] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
$this->messages['email'] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
$this->messages['street'] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
$this->messages['postalAddress'] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
$this->messages['postalCode'] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
$this->messages['title'] = array('ERROR', _('Title'), _('Please enter a valid title!'));
$this->messages['employeeType'] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
// call parent constructor // call parent constructor
parent::baseModule($scope); parent::baseModule($scope);
} }
/** this functin fills the error message array with messages
**/
function load_Messages() {
$this->messages['host'][0] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
$this->messages['givenName'][0] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
$this->messages['surname'][0] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
$this->messages['telephoneNumber'][0] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
$this->messages['mobileTelephone'][0] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
$this->messages['facsimileNumber'][0] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
$this->messages['email'][0] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
$this->messages['street'][0] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
$this->messages['postalAddress'][0] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
$this->messages['postalCode'][0] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
$this->messages['title'][0] = array('ERROR', _('Title'), _('Please enter a valid title!'));
$this->messages['employeeType'][0] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
}
/** /**
* Returns meta data that is interpreted by parent class * Returns meta data that is interpreted by parent class
* *
@ -83,10 +87,10 @@ class inetOrgPerson extends baseModule {
2 => array('kind' => 'help', 'value' => 'TODO')) 2 => array('kind' => 'help', 'value' => 'TODO'))
); );
// profile checks // profile checks
$return['profile_checks']['inetOrgPerson_title'] = array('type' => 'regex_i', 'regex' => $this->regex_title, $return['profile_checks']['inetOrgPerson_title'] = array('type' => 'regex_i', 'regex' => 'title',
'error_message' => $this->messages['title']); 'error_message' => $this->messages['title'][0]);
$return['profile_checks']['inetOrgPerson_employeeType'] = array('type' => 'regex_i', $return['profile_checks']['inetOrgPerson_employeeType'] = array('type' => 'regex_i',
'regex' => $this->regex_employeeType, 'error_message' => $this->messages['employeeType']); 'regex' => 'employeeType', 'error_message' => $this->messages['employeeType'][0]);
// available PDF fields // available PDF fields
$return['PDF_fields'] = array( 'description', $return['PDF_fields'] = array( 'description',
'host', 'host',
@ -128,37 +132,6 @@ class inetOrgPerson extends baseModule {
parent::init($base); parent::init($base);
} }
// Variables
/** This variable contains all inetOrgPerson attributes */
var $attributes;
/**
* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes.
*/
var $orig;
/** regular expression for host name */
var $regex_host = '^([a-z0-9\\.-])+(([,])+([ ])*([a-z0-9\\.-])+)*$';
/** regular expression for first/last name */
var $regex_name = '^([a-z <20><>])+$';
/** regular expression for telephone numbers */
var $regex_telephoneNumber = '^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$';
/** regular expression for e-mail */
var $regex_email = '^(([0-9a-z\\._-])+[@]([0-9a-z-])+([.]([0-9a-z-])+)*)*$';
/** regular expression for street names */
var $regex_street = '^([0-9a-z \\.<2E><>])*$';
/** regular expression for postal address */
var $regex_postalAddress = '^([0-9a-z \\.<2E><>])*$';
/** regular expression for postal codes */
var $regex_postalCode = '^([0-9a-z])*$';
/** regular expression for job titles */
var $regex_title = '^([0-9a-z \\.<2E><>])*$';
/** regular expression for employee types */
var $regex_employeeType = '^([0-9a-z \\.<2E><>])*$';
/** list of possible error messages */
var $messages = array();
/* This function returns true if all required attributes from other /* This function returns true if all required attributes from other
* modules are set. This is required to prevent undefined states * modules are set. This is required to prevent undefined states
*/ */
@ -197,26 +170,7 @@ class inetOrgPerson extends baseModule {
* $attr is an array as it's retured from ldap_get_attributes * $attr is an array as it's retured from ldap_get_attributes
*/ */
function load_attributes($attr) { function load_attributes($attr) {
// Load attributes which are displayed $this->load_ldap_attributes($attr);
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) {
$this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
$this->orig[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
}
}
}
// Add objectClass to orig because we don't want to add objectClass if it's already set
$this->orig['objectClass'][0] = 'inetOrgPerson';
return 0; return 0;
} }
@ -265,8 +219,8 @@ class inetOrgPerson extends baseModule {
// handle host-attribute in on epice because it's not set by default // handle host-attribute in on epice because it's not set by default
if (isset($this->attributes['host'])) { if (isset($this->attributes['host'])) {
$host = $post['host']; $host = $post['host'];
if ((!$host=='') && !eregi($this->regex_host, $host)) if (!get_preg($host,'unixhost'))
$errors['host'][] = $this->messages['host']; $errors['host'][] = $this->messages['host'][0];
$hosts = explode(" ", $host); $hosts = explode(" ", $host);
$this->attributes['host'] = array(); $this->attributes['host'] = array();
foreach ($hosts as $host) foreach ($hosts as $host)
@ -275,18 +229,18 @@ class inetOrgPerson extends baseModule {
// Do some regex-checks and return error if attributes are set to wrong values // Do some regex-checks and return error if attributes are set to wrong values
if (!$profile) { if (!$profile) {
if ( !eregi($this->regex_name, $this->attributes['givenName'][0])) $errors['givenName'][] = $this->messages['givenName']; if ( !get_preg($this->attributes['givenName'][0], 'realname')) $errors['givenName'][] = $this->messages['givenName'][0];
if ( !eregi($this->regex_name, $this->attributes['sn'][0])) $errors['sn'][] = $this->messages['surname']; if ( !get_preg($this->attributes['sn'][0], 'realname')) $errors['sn'][] = $this->messages['surname'][0];
if ( !ereg($this->regex_telephoneNumber, $this->attributes['telephoneNumber'][0])) $errors['telephoneNumber'][] = $this->messages['telephoneNumber']; if ( !get_preg($this->attributes['telephoneNumber'][0], 'telephone')) $errors['telephoneNumber'][] = $this->messages['telephoneNumber'][0];
if ( !ereg($this->regex_telephoneNumber, $this->attributes['mobileTelephoneNumber'][0])) $errors['mobileTelephoneNumber'][] = $this->messages['mobileTelephone']; if ( !get_preg($this->attributes['mobileTelephoneNumber'][0], 'telephone')) $errors['mobileTelephoneNumber'][] = $this->messages['mobileTelephone'][0];
if ( !ereg($this->regex_telephoneNumber, $this->attributes['facsimileTelephoneNumber'][0])) $errors['facsimileTelephoneNumber'][] = $this->messages['facsimileNumber']; if ( !get_preg($this->attributes['facsimileTelephoneNumber'][0], 'telephone')) $errors['facsimileTelephoneNumber'][] = $this->messages['facsimileNumber'][0];
if ( !eregi($this->regex_email, $this->attributes['mail'][0])) $errors['mail'][] = $this->messages['email']; if ( !get_preg($this->attributes['mail'][0], 'email')) $errors['mail'][] = $this->messages['email'][0];
if ( !eregi($this->regex_street, $this->attributes['street'][0])) $errors['street'][] = $this->messages['street']; if ( !get_preg($this->attributes['street'][0], 'street')) $errors['street'][] = $this->messages['street'][0];
if ( !eregi($this->regex_postalAddress, $this->attributes['postalAddress'][0])) $errors['postalAdress'][] = $this->messages['postalAddress']; if ( !get_preg($this->attributes['postalAddress'][0], 'postalAddress')) $errors['postalAdress'][] = $this->messages['postalAddress'][0];
if ( !eregi($this->regex_postalCode, $this->attributes['personal_postalCode'][0])) $errors['personal_postalCode'][] = $this->messages['postalCode']; if ( !get_preg($this->attributes['personal_postalCode'][0], 'postalCode')) $errors['personal_postalCode'][] = $this->messages['postalCode'][0];
} }
if ( !eregi($this->regex_title, $this->attributes['title'][0])) $errors['title'][] = $this->messages['title']; if ( !get_preg($this->attributes['title'][0], 'title')) $errors['title'][] = $this->messages['title'][0];
if ( !eregi($this->regex_employeeType, $this->attributes['employeeType'][0])) $errors['employeeType'][] = $this->messages['employeeType']; if ( !get_preg($this->attributes['employeeType'][0], 'employeeType')) $errors['employeeType'][] = $this->messages['employeeType'][0];
// Return error-messages // Return error-messages
if (is_array($errors)) return $errors; if (is_array($errors)) return $errors;
return 0; return 0;

View File

@ -20,57 +20,46 @@ $Id$
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
/* Session variables which are used:
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
*
* Coockie variables which are used:
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
* External functions which are used
* account.inc: findgroups, incache, get_cache, array_delete, getshells
* ldap.inc: pwd_is_enabled, pwd_hash
*/
/* This class contains all posixAccount LDAP attributes
* and funtioncs required to deal with posixAccount
* posixAccount can only be created when it should be added
* to an array.
* basearray is the same array posixAccount should be added
* to. If basearray is not given the constructor tries to
* create an array with posixAccount and all other required
* objects.
* Example: $user[] = new posixAccount($user);
*
* In container array the following things have to exist:
* account or inetOrgPerson object
* type: 'user' or 'host'
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
*/
class posixAccount extends baseModule { class posixAccount extends baseModule {
/** /**
* Creates a new posixAccount object. * Creates a new posixAccount object.
*/ */
function posixAccount($scope) { function posixAccount($scope) {
// error messages for input checks
$this->messages['homedir'] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
$this->messages['minUID'] = array('ERROR', _('Users') . ': &nbsp;' . _('Minimum UID number'), _("Minimum UID number is invalid!"));
$this->messages['maxUID'] = array('ERROR', _('Users') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number is invalid!"));
$this->messages['minMachine'] = array('ERROR', _('Hosts') . ': &nbsp;' . _('Minimum UID number'), _("Minimum UID number is invalid!"));
$this->messages['maxMachine'] = array('ERROR', _('Hosts') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number is invalid!"));
$this->messages['cmp_UID'] = array('ERROR', _('Users') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number must be greater than minimum UID number!"));
$this->messages['cmp_Machine'] = array('ERROR', _('Hosts') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number must be greater than minimum UID number!"));
$this->messages['cmp_both'] = array('ERROR', _('UID ranges'), _("The UID ranges for users and hosts overlap! This is a problem because LAM uses the highest UID in use + 1. Please set the minimum UID to equal values or use independent ranges."));
// call parent constructor // call parent constructor
parent::baseModule($scope); parent::baseModule($scope);
} }
/** this functin fills the error message array with messages
**/
function load_Messages() {
// error messages for input checks
$this->messages['minUID'][0] = array('ERROR', _('Users') . ': &nbsp;' . _('Minimum UID number'), _("Minimum UID number is invalid!"));
$this->messages['maxUID'][0] = array('ERROR', _('Users') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number is invalid!"));
$this->messages['minMachine'][0] = array('ERROR', _('Hosts') . ': &nbsp;' . _('Minimum UID number'), _("Minimum UID number is invalid!"));
$this->messages['maxMachine'][0] = array('ERROR', _('Hosts') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number is invalid!"));
$this->messages['cmp_UID'][0] = array('ERROR', _('Users') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number must be greater than minimum UID number!"));
$this->messages['cmp_Machine'][0] = array('ERROR', _('Hosts') . ': &nbsp;' . _('Maximum UID number'), _("Maximum UID number must be greater than minimum UID number!"));
$this->messages['cmp_both'][0] = array('ERROR', _('UID ranges'), _("The UID ranges for users and hosts overlap! This is a problem because LAM uses the highest UID in use + 1. Please set the minimum UID to equal values or use independent ranges."));
$this->messages['homeDirectory'][0] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
$this->messages['homeDirectory'][1] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
$this->messages['homeDirectory'][2] = array('INFO', _('Home directory'), sprintf(_('Home directory changed. To keep home directory you have to run the following command as root: \'mv %s %s\''), $this->orig['homeDirectory'][0], $this->attributes['homeDirectory'][0]));
$this->messages['gidNumber'][0] = array('INFO', _('GID number'), sprintf(_('GID number has changed. To keep file ownership you have to run the following command as root: \'find / -gid %s -uid %s -exec chgrp %s {} \;\''), $this->orig['gidNumber'][0], $this->orig['uidNumber'][0], $_SESSION['cache']->getgid($this->attribtues['gidNumber'][0])));
$this->messages['uidNumber'][0] = array('INFO', _('UID number'), sprintf(_('UID number has changed. To keep file ownership you have to run the following command as root: \'find / -uid %s -exec chown %s {} \;\''), $this->orig['uidNumber'][0], $this->attributes['uidNumber'][0]));
$this->messages['uidNumber'][1] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
$this->messages['uidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
$this->messages['uidNumber'][3] = array('ERROR', _('ID-Number'), _('ID is already in use'));
$this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
$this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
$this->messages['uid'][0] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?'));
$this->messages['uid'][1] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
$this->messages['uid'][2] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
$this->messages['uid'][3] = array('WARN', _('Hostname'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
$this->messages['uid'][4] = array('ERROR', _('Hostname'), _('Hostname contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ ! Hostname must end with $ !'));
$this->messages['uid'][5] = array('WARN', _('Username'), _('Username in use. Selected next free username.'));
$this->messages['uid'][6] = array('WARN', _('Hostname'), _('Hostname in use. Selected next free hostname.'));
}
/** /**
* Returns meta data that is interpreted by parent class * Returns meta data that is interpreted by parent class
* *
@ -96,8 +85,8 @@ class posixAccount extends baseModule {
// alias name // alias name
$return["alias"] = _("Unix"); $return["alias"] = _("Unix");
// profile checks // profile checks
$return['profile_checks']['posixAccount_homeDirectory'] = array('type' => 'regex_i', 'regex' => $this->regex_homedir, $return['profile_checks']['posixAccount_homeDirectory'] = array('type' => 'regex_i', 'regex' => 'homeDirectory',
'error_message' => $this->messages['homedir']); 'error_message' => $this->messages['homeDirectory'][0]);
// configuration options // configuration options
$return['config_options']['user'] = array( $return['config_options']['user'] = array(
array( array(
@ -172,7 +161,6 @@ class posixAccount extends baseModule {
parent::init($base); parent::init($base);
$groups = $_SESSION['cache']->findgroups(); // list of all groupnames $groups = $_SESSION['cache']->findgroups(); // list of all groupnames
if (count($groups)==0) trigger_error(_('No groups found in ldap.'), E_USER_WARNING); if (count($groups)==0) trigger_error(_('No groups found in ldap.'), E_USER_WARNING);
$this->createhomedir=false; $this->createhomedir=false;
} }
@ -181,13 +169,6 @@ class posixAccount extends baseModule {
var $userPassword_no; var $userPassword_no;
// Lock account? // Lock account?
var $userPassword_lock; var $userPassword_lock;
// This variable contains all inetOrgPerson attributes
var $attributes;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig;
/* These two variables keep an array of groups the /* These two variables keep an array of groups the
* user is also member of. * user is also member of.
*/ */
@ -195,12 +176,6 @@ class posixAccount extends baseModule {
var $groups_orig; var $groups_orig;
var $createhomedir; var $createhomedir;
/** regular expression for home directory */
var $regex_homedir = '^[/]([a-z])([a-z0-9\\._-])*([/]([a-z\\$])([a-z0-9\\._-])*)*$';
/** list of possible error messages */
var $messages = array();
/* $attribute['userPassword'] can't accessed directly because it's enrcypted /* $attribute['userPassword'] can't accessed directly because it's enrcypted
* To read / write password function userPassword is needed * To read / write password function userPassword is needed
* This function will return the unencrypted password when * This function will return the unencrypted password when
@ -263,26 +238,7 @@ class posixAccount extends baseModule {
* $attr is an array as it's retured from ldap_get_attributes * $attr is an array as it's retured from ldap_get_attributes
*/ */
function load_attributes($attr) { function load_attributes($attr) {
// Load attributes which are displayed $this->load_ldap_attributes($attr);
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) {
$this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
$this->orig[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
}
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->attributes['objectClass'][0] = 'posixAccount';
// get all additional groupmemberships // get all additional groupmemberships
$dn_groups = $_SESSION['cache']->get_cache('memberUid', 'posixGroup', 'group'); $dn_groups = $_SESSION['cache']->get_cache('memberUid', 'posixGroup', 'group');
@ -418,13 +374,19 @@ class posixAccount extends baseModule {
*/ */
function proccess_attributes($post, $profile=false) { function proccess_attributes($post, $profile=false) {
if ($this->orig['uid'][0]!='' && $post['uid']!=$this->attributes['uid'][0]) if ($this->orig['uid'][0]!='' && $post['uid']!=$this->attributes['uid'][0])
$errors['uid'][] = array('INFO', _('UID'), _('UID has changed. Do you want to change home directory?')); $errors['uid'][] = $this->messages['uid'][0];
if ($this->orig['gidNumber'][0]!='' && $_SESSION['cache']->getgid($post['gidNumber'])!=$this->attributes['gidNumber'][0]) if ($this->orig['gidNumber'][0]!='' && $_SESSION['cache']->getgid($post['gidNumber'])!=$this->attributes['gidNumber'][0]) {
$errors['gidNumber'][] = array('INFO', _('GID number'), sprintf(_('GID number has changed. To keep file ownership you have to run the following command as root: \'find / -gid %s -uid %s -exec chgrp %s {} \;\''), $this->orig['gidNumber'][0], $this->orig['uidNumber'][0], $_SESSION['cache']->getgid($post['gidNumber']))); $this->load_errorMessage();
if ($this->orig['uidNumber'][0]!='' && $post['uidNumber']!=$this->attributes['uidNumber'][0]) $errors['gidNumber'][] = $this->messages['gidNumber'][0];
$errors['uidNumber'][] = array('INFO', _('UID number'), sprintf(_('UID number has changed. To keep file ownership you have to run the following command as root: \'find / -uid %s -exec chown %s {} \;\''), $this->orig['uidNumber'][0], $this->attributes['uidNumber'][0])); }
if (isset($post['homeDirectory']) && $this->orig['homeDirectory'][0]!='' && $post['homeDirectory']!=$this->attributes['homeDirectory'][0]) if ($this->orig['uidNumber'][0]!='' && $post['uidNumber']!=$this->attributes['uidNumber'][0]) {
$errors['homeDirectory'][] = array('INFO', _('Home directory'), sprintf(_('Home directory changed. To keep home directory you have to run the following command as root: \'mv %s %s\''), $this->orig['homeDirectory'][0], $this->attributes['homeDirectory'][0])); $this->load_errorMessage();
$errors['uidNumber'][] = $this->messages['uidNumber'][0];
}
if (isset($post['homeDirectory']) && $this->orig['homeDirectory'][0]!='' && $post['homeDirectory']!=$this->attributes['homeDirectory'][0]) {
$this->load_errorMessage();
$errors['homeDirectory'][] = $this->messages['homeDirectory'][2];
}
// Load attributes // Load attributes
$this->attributes['uid'][0] = $post['uid']; $this->attributes['uid'][0] = $post['uid'];
@ -441,13 +403,19 @@ class posixAccount extends baseModule {
if ($post['userPassword_lock']) $this->userPassword_lock=true; if ($post['userPassword_lock']) $this->userPassword_lock=true;
else $this->userPassword_lock=false; else $this->userPassword_lock=false;
if (!$profile) { if (!$profile) {
if ($post['genpass']) $this->userPassword(genpasswd()); if ($post['genpass']) {
else if (isset($post['userPassword'])) { $this->userPassword(genpasswd());
$post['userPassword2'] = '';
}
else {
if (isset($post['userPassword'])) {
if ($post['userPassword'] != $post['userPassword2']) { if ($post['userPassword'] != $post['userPassword2']) {
$errors['userPassword'][] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $errors['userPassword'][] = $this->messages['userPassword'][0];
unset ($post['userPassword2']);
} }
else $this->userPassword($post['userPassword']); else $this->userPassword($post['userPassword']);
if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->messages['userPassword'][1];
}
} }
// Check if UID is valid. If none value was entered, the next useable value will be inserted // Check if UID is valid. If none value was entered, the next useable value will be inserted
@ -482,10 +450,10 @@ class posixAccount extends baseModule {
$i = intval($minID); $i = intval($minID);
while (in_array($i, $uids)) $i++; while (in_array($i, $uids)) $i++;
if ($i>$maxID) if ($i>$maxID)
$errors['uidNumber'][] = array('ERROR', _('ID-Number'), _('No free ID-Number!')); $errors['uidNumber'][] = $this->messages['uidNumber'][1];
else { else {
$this->attributes['uidNumber'][0] = $i; $this->attributes['uidNumber'][0] = $i;
$errors['uidNumber'][] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.')); $errors['uidNumber'][] = $this->messages['uidNumber'][2];
} }
} }
else $this->attributes['uidNumber'][0] = $minID; else $this->attributes['uidNumber'][0] = $minID;
@ -504,15 +472,15 @@ class posixAccount extends baseModule {
if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]=='') $errors['uidNumber'][] = array('ERROR', _('ID-Number'), _('ID is already in use')); if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]=='') $errors['uidNumber'][] = array('ERROR', _('ID-Number'), _('ID is already in use'));
// id-number is in use, account is existing account and id-number is not used by itself // id-number is in use, account is existing account and id-number is not used by itself
if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]!='' && ($this->orig['uidNumber'][0] != $this->attributes['uidNumber'][0]) ) { if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]!='' && ($this->orig['uidNumber'][0] != $this->attributes['uidNumber'][0]) ) {
$errors['uidNumber'][] = array('ERROR', _('ID-Number'), _('ID is already in use')); $errors['uidNumber'][] = $this->messages['uidNumber'][3];
$this->attributes['uidNumber'][0] = $this->orig['uidNumber'][0]; $this->attributes['uidNumber'][0] = $this->orig['uidNumber'][0];
} }
} }
} }
} }
if ($_SESSION[$this->base]->type=='user') { if ($_SESSION[$this->base]->type=='user') {
if (($this->attributes['uid'][0] != $post['uid']) && ereg('[A-Z]$', $post['uid']) && !$profile) if (($this->attributes['uid'][0] != $post['uid']) && !get_preg($post['uid'], '!upper') && !$profile)
$errors['uid'][] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.')); $errors['uid'][] = $this->messages['uid'][1];
// Check if Homedir is valid // Check if Homedir is valid
if (!$profile) { if (!$profile) {
$this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]); $this->attributes['homeDirectory'][0] = str_replace('$group', $_SESSION['cache']->getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
@ -520,19 +488,19 @@ class posixAccount extends baseModule {
$this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]); $this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]);
if ($this->attributes['homeDirectory'][0] != $post['homeDirectory']) $errors['homeDirecotry'][] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.')); if ($this->attributes['homeDirectory'][0] != $post['homeDirectory']) $errors['homeDirecotry'][] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
} }
if ( !eregi($this->regex_homedir, $this->attributes['homeDirectory'][0] )) if ( !get_preg($this->attributes['homeDirectory'][0], 'homeDirectory' ))
$errors['homeDirecotry'][] = $this->messages['homedir']; $errors['homeDirecotry'][] = $this->messages['homeDirectory'][0];
// Check if Username contains only valid characters // Check if Username contains only valid characters
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])+$', $this->attributes['uid'][0]) && !$profile) if ( !get_preg($this->attributes['uid'][0], 'username') && !$profile)
$errors['uid'][] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !')); $errors['uid'][] = $this->messages['uid'][2];
} }
if ($_SESSION[$this->base]->type=='host' && !$profile) { if ($_SESSION[$this->base]->type=='host' && !$profile) {
if (($this->attributes['uid'][0] != $post['form_account_uid']) && ereg('[A-Z]$', $post['form_account_uid'])) if (($this->attributes['uid'][0] != $post['uid']) && !get_preg($post['uid'], '!upper'))
$errors['uid'][] = array('WARN', _('Hostname'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.')); $errors['uid'][] = $this->messages['uid'][3];
// Check if Username contains only valid characters // Check if Hostname contains only valid characters
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])+[$]$', $this->attributes['uid'][0])) if ( !get_preg($this->attributes['uid'][0], 'hostname'))
$errors['uid'][] = array('ERROR', _('Hostname'), _('Hostname contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ ! Hostname must end with $ !')); $errors['uid'][] = $this->messages['uid'][4];
} }
// Create automatic useraccount with number if original user already exists // Create automatic useraccount with number if original user already exists
@ -579,14 +547,14 @@ class posixAccount extends baseModule {
// Show warning if lam has changed username // Show warning if lam has changed username
if ($_SESSION[$this->base]->type=='user') if ($_SESSION[$this->base]->type=='user')
if ($this->attributes['uid'][0] != $post['uid']) { if ($this->attributes['uid'][0] != $post['uid']) {
$errors['uid'][] = array('WARN', _('Username'), _('Username in use. Selected next free username.')); $errors['uid'][] = $this->messages['uid'][5];
} }
if ($_SESSION[$this->base]->type=='host') if ($_SESSION[$this->base]->type=='host')
if ($this->attributes['uid'][0] != $post['uid']) { if ($this->attributes['uid'][0] != $post['uid']) {
$errors['uid'][] = array('WARN', _('Hostname'), _('Hostname in use. Selected next free hostname.')); $errors['uid'][] = $this->messages['uid'][6];
} }
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $this->userPassword())) if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); $errors['userPassword'][] = $this->messages['userPassword'][1];
} }
// Return error-messages // Return error-messages
if (is_array($errors)) return $errors; if (is_array($errors)) return $errors;
@ -626,7 +594,7 @@ class posixAccount extends baseModule {
if (!$profile) { if (!$profile) {
if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword(); if ($this->attributes['userPassword'][0] != $this->orig['userPassword'][0]) $password=$this->userPassword();
else $password=''; else if ($this->attributes['userPassword'][0] != '') $password=$post['userPassword'];
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Username").'*' ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _("Username").'*' ),
1 => array ( 'kind' => 'input', 'name' => 'uid', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['uid'][0]), 1 => array ( 'kind' => 'input', 'name' => 'uid', 'type' => 'text', 'size' => '20', 'maxlength' => '20', 'value' => $this->attributes['uid'][0]),
2 => array ('kind' => 'help', 'value' => 'uid')); 2 => array ('kind' => 'help', 'value' => 'uid'));
@ -792,15 +760,15 @@ class posixAccount extends baseModule {
if (in_array('user', $scopes)) { if (in_array('user', $scopes)) {
// min/maxUID are required, check if they are numeric // min/maxUID are required, check if they are numeric
if (!isset($options['posixAccount_minUID'][0]) || !ereg('^[0-9]+$', $options['posixAccount_minUID'][0])) { if (!isset($options['posixAccount_minUID'][0]) || !ereg('^[0-9]+$', $options['posixAccount_minUID'][0])) {
$return[] = $this->messages['minUID']; $return[] = $this->messages['minUID'][0];
} }
if (!isset($options['posixAccount_maxUID'][0]) || !ereg('^[0-9]+$', $options['posixAccount_maxUID'][0])) { if (!isset($options['posixAccount_maxUID'][0]) || !ereg('^[0-9]+$', $options['posixAccount_maxUID'][0])) {
$return[] = $this->messages['maxUID']; $return[] = $this->messages['maxUID'][0];
} }
// minUID < maxUID // minUID < maxUID
if (isset($options['posixAccount_minUID'][0]) && isset($options['posixAccount_maxUID'][0])) { if (isset($options['posixAccount_minUID'][0]) && isset($options['posixAccount_maxUID'][0])) {
if ($options['posixAccount_minUID'][0] > $options['posixAccount_maxUID'][0]) { if ($options['posixAccount_minUID'][0] > $options['posixAccount_maxUID'][0]) {
$return[] = $this->messages['cmp_UID']; $return[] = $this->messages['cmp_UID'][0];
} }
} }
} }
@ -808,15 +776,15 @@ class posixAccount extends baseModule {
if (in_array('host', $scopes)) { if (in_array('host', $scopes)) {
// min/maxUID are required, check if they are numeric // min/maxUID are required, check if they are numeric
if (!isset($options['posixAccount_minMachine'][0]) || !ereg('^[0-9]+$', $options['posixAccount_minMachine'][0])) { if (!isset($options['posixAccount_minMachine'][0]) || !ereg('^[0-9]+$', $options['posixAccount_minMachine'][0])) {
$return[] = $this->messages['minMachine']; $return[] = $this->messages['minMachine'][0];
} }
if (!isset($options['posixAccount_maxMachine'][0]) || !ereg('^[0-9]+$', $options['posixAccount_maxMachine'][0])) { if (!isset($options['posixAccount_maxMachine'][0]) || !ereg('^[0-9]+$', $options['posixAccount_maxMachine'][0])) {
$return[] = $this->messages['maxMachine']; $return[] = $this->messages['maxMachine'][0];
} }
// minUID < maxUID // minUID < maxUID
if (isset($options['posixAccount_minMachine'][0]) && isset($options['posixAccount_maxMachine'][0])) { if (isset($options['posixAccount_minMachine'][0]) && isset($options['posixAccount_maxMachine'][0])) {
if ($options['posixAccount_minMachine'][0] > $options['posixAccount_maxMachine'][0]) { if ($options['posixAccount_minMachine'][0] > $options['posixAccount_maxMachine'][0]) {
$return[] = $this->messages['cmp_Machine']; $return[] = $this->messages['cmp_Machine'][0];
} }
} }
} }
@ -826,11 +794,11 @@ class posixAccount extends baseModule {
isset($options['posixAccount_minMachine'][0]) && isset($options['posixAccount_maxMachine'][0])) { isset($options['posixAccount_minMachine'][0]) && isset($options['posixAccount_maxMachine'][0])) {
if (($options['posixAccount_minMachine'][0] > $options['posixAccount_minUID'][0]) && if (($options['posixAccount_minMachine'][0] > $options['posixAccount_minUID'][0]) &&
($options['posixAccount_minMachine'][0] < $options['posixAccount_maxUID'][0])) { ($options['posixAccount_minMachine'][0] < $options['posixAccount_maxUID'][0])) {
$return[] = $this->messages['cmp_both']; $return[] = $this->messages['cmp_both'][0];
} }
if (($options['posixAccount_minUID'][0] > $options['posixAccount_minMachine'][0]) && if (($options['posixAccount_minUID'][0] > $options['posixAccount_minMachine'][0]) &&
($options['posixAccount_minUID'][0] < $options['posixAccount_maxMachine'][0])) { ($options['posixAccount_minUID'][0] < $options['posixAccount_maxMachine'][0])) {
$return[] = $this->messages['cmp_both']; $return[] = $this->messages['cmp_both'][0];
} }
} }
} }

View File

@ -37,8 +37,6 @@ class posixGroup extends baseModule {
* @param string $scope account type * @param string $scope account type
*/ */
function posixGroup($scope) { function posixGroup($scope) {
// load error messages
$this->load_errorMessages();
// call parent constructor // call parent constructor
parent::baseModule($scope); parent::baseModule($scope);
} }
@ -254,23 +252,42 @@ class posixGroup extends baseModule {
) )
); );
// configuration checks // configuration checks
$return['config_checks']['group']['posixGroup_minGID'] = array( $return['config_checks']['group']['posixGroup_minGID'] = array
'type' => 'regex',
'regex' => '^[0-9]+$', 'type' => 'regex'
'required' => true,
'required_message' => $this->errormessages['gidNumber'][5], 'regex' => 'digit'
'error_message' => $this->errormessages['gidNumber'][5]);
$return['config_checks']['group']['posixGroup_maxGID'] = array( 'required' => true
'type' => 'regex',
'regex' => '^[0-9]+$', 'required_message' => $this->errormessages['gidNumber'][5]
'required' => true,
'required_message' => $this->errormessages['gidNumber'][6], 'error_message' => $this->errormessages['gidNumber'][5])
'error_message' => $this->errormessages['gidNumber'][6]);
$return['config_checks']['group']['cmpGID'] = array( $return['config_checks']['group']['posixGroup_maxGID'] = array
'type' => 'int_greater',
'cmp_name1' => 'posixGroup_maxGID', 'type' => 'regex'
'cmp_name2' => 'posixGroup_minGID',
'error_message' => $this->errormessages['gidNumber'][7]); 'regex' => 'digit'
'required' => true
'required_message' => $this->errormessages['gidNumber'][6]
'error_message' => $this->errormessages['gidNumber'][6])
$return['config_checks']['group']['cmpGID'] = array
'type' => 'int_greater'
'cmp_name1' => 'posixGroup_maxGID'
'cmp_name2' => 'posixGroup_minGID'
'error_message' => $this->errormessages['gidNumber'][7])
// available PDF fields // available PDF fields
$return['PDF_fields'] = array( 'cn', $return['PDF_fields'] = array( 'cn',
'gidNumber', 'gidNumber',
@ -390,19 +407,19 @@ class posixGroup extends baseModule {
/** this functin fills the error message array with messages /** this functin fills the error message array with messages
**/ **/
function load_errorMessages() { function load_Messages() {
$this->errormessages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $this->messages['minGID'][0] = array('ERROR', _('Minimum GID number'), _('Minimum GID number is invalid or empty!'));
$this->errormessages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); $this->messages['maxGID'][0] = array('ERROR', _('Maximum GID number'), _('Maximum GID number is invalid or empty!'));
$this->errormessages['gidNumber'][0] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.')); $this->messages['cmpGID'][0] = array('ERROR', _('Maximum GID number'), _('Maximum GID number must be greater than minimum GID number!'));
$this->errormessages['gidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.')); $this->messages['userPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
$this->errormessages['gidNumber'][3] = array('ERROR', _('ID-Number'), _('No free ID-Number!')); $this->messages['userPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
$this->errormessages['gidNumber'][4] = array('ERROR', _('ID-Number'), _('ID is already in use')); $this->messages['gidNumber'][0] = array('INFO', _('GID number'), _('GID number has changed. Please select checkbox to change GID number of users and hosts.'));
$this->errormessages['gidNumber'][5] = array('ERROR', _('Minimum GID number'), _('Minimum GID number is invalid or empty!')); $this->messages['gidNumber'][2] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
$this->errormessages['gidNumber'][6] = array('ERROR', _('Maximum GID number'), _('Maximum GID number is invalid or empty!')); $this->messages['gidNumber'][3] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
$this->errormessages['gidNumber'][7] = array('ERROR', _('Maximum GID number'), _('Maximum GID number must be greater than minimum GID number!')); $this->messages['gidNumber'][4] = array('ERROR', _('ID-Number'), _('ID is already in use'));
$this->errormessages['cn'][0] = array('WARN', _('Groupname'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.')); $this->messages['cn'][0] = array('WARN', _('Groupname'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
$this->errormessages['cn'][1] = array('WARN', _('Groupname'), _('Groupname in use. Selected next free groupname.')); $this->messages['cn'][1] = array('WARN', _('Groupname'), _('Groupname in use. Selected next free groupname.'));
$this->errormessages['cn'][2] = array('ERROR', _('Groupname'), _('Groupname contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !')); $this->messages['cn'][2] = array('ERROR', _('Groupname'), _('Groupname contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
} }
@ -451,11 +468,11 @@ class posixGroup extends baseModule {
else { else {
if (isset($post['userPassword'])) { if (isset($post['userPassword'])) {
if ($post['userPassword'] != $post['userPassword2']) { if ($post['userPassword'] != $post['userPassword2']) {
$errors['userPassword'][] = $this->errormessages['userPassword'][0]; $errors['userPassword'][] = $this->messages['userPassword'][0];
} }
else $this->userPassword($post['userPassword']); else $this->userPassword($post['userPassword']);
if (!get_preg($this->userPassword(), 'password')) if (!get_preg($this->userPassword(), 'password'))
$errors['userPassword'][] = $this->errormessages['userPassword'][1]; $errors['userPassword'][] = $this->messages['userPassword'][1];
} }
} }
if ($this->attributes['gidNumber'][0]!=$post['gidNumber'] || ($this->errors['gidNumber'][0]='ERROR')) { if ($this->attributes['gidNumber'][0]!=$post['gidNumber'] || ($this->errors['gidNumber'][0]='ERROR')) {
@ -488,10 +505,10 @@ class posixGroup extends baseModule {
$i = intval($minID); $i = intval($minID);
while (in_array($i, $gids)) $i++; while (in_array($i, $gids)) $i++;
if ($i>$maxID) if ($i>$maxID)
$errors['gidNumber'][] = $this->errormessages['gidNumber'][3]; $errors['gidNumber'][] = $this->messages['gidNumber'][3];
else { else {
$this->attributes['gidNumber'][0] = $i; $this->attributes['gidNumber'][0] = $i;
$errors['gidNumber'][] = $this->errormessages['gidNumber'][2]; $errors['gidNumber'][] = $this->messages['gidNumber'][2];
} }
} }
else $this->attributes['gidNumber'][0] = $minID; else $this->attributes['gidNumber'][0] = $minID;
@ -510,7 +527,7 @@ class posixGroup extends baseModule {
if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]=='') $errors['gidNumber'][] = array('ERROR', _('ID-Number'), _('ID is already in use')); if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]=='') $errors['gidNumber'][] = array('ERROR', _('ID-Number'), _('ID is already in use'));
// id-number is in use, account is existing account and id-number is not used by itself // id-number is in use, account is existing account and id-number is not used by itself
if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]!='' && ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0]) ) { if ((in_array($this->attributes['gidNumber'][0], $gids)) && $this->orig['gidNumber'][0]!='' && ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0]) ) {
$errors['gidNumber'][] = $this->errormessages['gidNumber'][4]; $errors['gidNumber'][] = $this->messages['gidNumber'][4];
$this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0]; $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
} }
} }
@ -519,10 +536,10 @@ class posixGroup extends baseModule {
if ($this->attributes['cn'][0]!=$post['cn'] || ($this->errors['cn'][0]='ERROR')) { if ($this->attributes['cn'][0]!=$post['cn'] || ($this->errors['cn'][0]='ERROR')) {
$this->attributes['cn'][0] = $post['cn']; $this->attributes['cn'][0] = $post['cn'];
if (($this->attributes['cn'][0] != $post['cn']) && ereg('[A-Z]$', $post['cn'])) if (($this->attributes['cn'][0] != $post['cn']) && ereg('[A-Z]$', $post['cn']))
$errors['cn'][] = $this->errormessages['cn'][0]; $errors['cn'][] = $this->messages['cn'][0];
// Check if Groupname contains only valid characters // Check if Groupname contains only valid characters
if ( !get_preg($this->attributes['cn'][0],'groupname')) if ( !get_preg($this->attributes['cn'][0],'groupname'))
$errors['cn'][] = $this->errormessages['cn'][2]; $errors['cn'][] = $this->messages['cn'][2];
// Create automatic useraccount with number if original user already exists // Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use // Reset name to original name if new name is in use
// Set username back to original name if new username is in use // Set username back to original name if new username is in use
@ -562,11 +579,11 @@ class posixGroup extends baseModule {
} }
// Show warning if lam has changed username // Show warning if lam has changed username
if ($this->attributes['cn'][0] != $post['cn']) { if ($this->attributes['cn'][0] != $post['cn']) {
$errors['cn'][] = $this->errormessages['cn'][0]; $errors['cn'][] = $this->messages['cn'][0];
} }
// show info when gidnumber has changed // show info when gidnumber has changed
if (($this->orig['gidNumber'][0]!=$this->attributes['gidNumber'][0]) && $this->orig['gidNumber'][0]!='' && $post['gidNumber']!=$this->attributes['gidNumber'][0]) if (($this->orig['gidNumber'][0]!=$this->attributes['gidNumber'][0]) && $this->orig['gidNumber'][0]!='' && $post['gidNumber']!=$this->attributes['gidNumber'][0])
$errors['gidNumber'][] = $this->errormessages['gidNumber'][0]; $errors['gidNumber'][] = $this->messages['gidNumber'][0];
} }
} }
// Return error-messages // Return error-messages

View File

@ -27,17 +27,22 @@ class quota extends baseModule {
* Creates a new quota object. * Creates a new quota object.
*/ */
function quota($scope) { function quota($scope) {
// error messages for input checks
$this->messages['softblock'] = array('ERROR', _('Block soft quota'), _('Block soft quota contains invalid characters. Only natural numbers are allowed'));
$this->messages['hardblock'] = array('ERROR', _('Block hard quota'), _('Block hard quota contains invalid characters. Only natural numbers are allowed'));
$this->messages['softinode'] = array('ERROR', _('Inode soft quota'), _('Inode soft quota contains invalid characters. Only natural numbers are allowed'));
$this->messages['hardinode'] = array('ERROR', _('Inode hard quota'), _('Inode hard quota contains invalid characters. Only natural numbers are allowed'));
$this->messages['block_cmp'] = array('ERROR', _('Block quota'), _('Block soft quota must be smaller than block hard quota'));
$this->messages['inode_cmp'] = array('ERROR', _('Inode quota'), _('Inode soft quota must be smaller than inode hard quota'));
// call parent constructor // call parent constructor
parent::baseModule($scope); parent::baseModule($scope);
} }
/** this functin fills the error message array with messages
**/
function load_Messages() {
// error messages for input checks
$this->messages['softblock'][0] = array('ERROR', _('Block soft quota'), _('Block soft quota contains invalid characters. Only natural numbers are allowed'));
$this->messages['hardblock'][0] = array('ERROR', _('Block hard quota'), _('Block hard quota contains invalid characters. Only natural numbers are allowed'));
$this->messages['softinode'][0] = array('ERROR', _('Inode soft quota'), _('Inode soft quota contains invalid characters. Only natural numbers are allowed'));
$this->messages['hardinode'][0] = array('ERROR', _('Inode hard quota'), _('Inode hard quota contains invalid characters. Only natural numbers are allowed'));
$this->messages['block_cmp'][0] = array('ERROR', _('Block quota'), _('Block soft quota must be smaller than block hard quota'));
$this->messages['inode_cmp'][0] = array('ERROR', _('Inode quota'), _('Inode soft quota must be smaller than inode hard quota'));
}
/** /**
* Returns meta data that is interpreted by parent class * Returns meta data that is interpreted by parent class
* *
@ -94,16 +99,8 @@ class quota extends baseModule {
} }
// Variables // Variables
var $quota; var $quota;
/** regular expression for quota values */
var $regex_quota = '^[0-9]*$';
/** list of possible error messages */
var $messages = array();
function module_ready() { function module_ready() {
if (!isset($_SESSION['config']->scriptPath)) return $false; if (!isset($_SESSION['config']->scriptPath)) return $false;
if ($_SESSION[$this->base]->type=='user' && $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0]=='') return false; if ($_SESSION[$this->base]->type=='user' && $_SESSION[$this->base]->module['posixAccount']->attributes['uid'][0]=='') return false;
@ -240,18 +237,18 @@ class quota extends baseModule {
$this->quota[$i][6] = $post[$i . '_6']; $this->quota[$i][6] = $post[$i . '_6'];
$this->quota[$i][7] = $post[$i . '_7']; $this->quota[$i][7] = $post[$i . '_7'];
// Check if values are OK and set automatic values. if not error-variable will be set // Check if values are OK and set automatic values. if not error-variable will be set
if (!ereg($this->regex_quota, $this->quota[$i][2])) if (!get_preg($this->quota[$i][2], 'digit'))
$errors[$this->quota[$i][2]][] = $this->messages['softblock']; $errors[$this->quota[$i][2]][] = $this->messages['softblock'][0];
if (!ereg($this->regex_quota, $this->quota[$i][3])) if (!get_preg($this->quota[$i][3], 'digit'))
$errors[$this->quota[$i][3]][] = $this->messages['hardblock']; $errors[$this->quota[$i][3]][] = $this->messages['hardblock'][0];
if (!ereg($this->regex_quota, $this->quota[$i][6])) if (!get_preg($this->quota[$i][6], 'digit'))
$errors[$this->quota[$i][6]][] = $this->messages['softinode']; $errors[$this->quota[$i][6]][] = $this->messages['softinode'][0];
if (!ereg($this->regex_quota, $this->quota[$i][7])) if (!get_preg($this->quota[$i][7], 'digit'))
$errors[$this->quota[$i][7]][] = $this->messages['hardinode']; $errors[$this->quota[$i][7]][] = $this->messages['hardinode'][0];
if (intval($this->quota[$i][2]) > intval($this->quota[$i][3])) if (intval($this->quota[$i][2]) > intval($this->quota[$i][3]))
$errors[$this->quota[$i][2]][] = $this->messages['block_cmp']; $errors[$this->quota[$i][2]][] = $this->messages['block_cmp'][0];
if (intval($this->quota[$i][6]) > intval($this->quota[$i][7])) if (intval($this->quota[$i][6]) > intval($this->quota[$i][7]))
$errors[$this->quota[$i][6]][] = $this->messages['inode_cmp']; $errors[$this->quota[$i][6]][] = $this->messages['inode_cmp'][0];
$i++; $i++;
} }
@ -360,12 +357,12 @@ class quota extends baseModule {
$return = array(); $return = array();
$i = 0; $i = 0;
while (isset($options["quota_softblock_$i"])) { while (isset($options["quota_softblock_$i"])) {
if (!ereg($this->regex_quota, $options["quota_softblock_$i"][0])) $return[] = $this->messages['softblock']; if (!get_preg($options["quota_softblock_$i"][0], 'digit')) $return[] = $this->messages['softblock'][0];
if (!ereg($this->regex_quota, $options["quota_hardblock_$i"][0])) $return[] = $this->messages['hardblock']; if (!get_preg($options["quota_hardblock_$i"][0], 'digit')) $return[] = $this->messages['hardblock'][0];
if (!ereg($this->regex_quota, $options["quota_softinode_$i"][0])) $return[] = $this->messages['softinode']; if (!get_preg($options["quota_softinode_$i"][0], 'digit')) $return[] = $this->messages['softinode'][0];
if (!ereg($this->regex_quota, $options["quota_hardinode_$i"][0])) $return[] = $this->messages['hardinode']; if (!get_preg($options["quota_hardinode_$i"][0], 'digit')) $return[] = $this->messages['hardinode'][0];
if (intval($options["quota_softblock_$i"][0]) > $options["quota_hardblock_$i"][0]) $return[] = $this->messages['block_cmp']; if (intval($options["quota_softblock_$i"][0]) > $options["quota_hardblock_$i"][0]) $return[] = $this->messages['block_cmp'][0];
if (intval($options["quota_softinode_$i"][0]) > $options["quota_hardinode_$i"][0]) $return[] = $this->messages['inode_cmp']; if (intval($options["quota_softinode_$i"][0]) > $options["quota_hardinode_$i"][0]) $return[] = $this->messages['inode_cmp'][0];
$i++; $i++;
} }
return $return; return $return;

View File

@ -20,38 +20,6 @@ $Id$
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
/* Session variables which are used:
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
*
* Coockie variables which are used:
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
* External functions which are used
* account.inc: findgroups, incache, get_cache, array_delete, getshells
* ldap.inc: pwd_is_enabled, pwd_hash
*/
/* This class contains all sambaAccount LDAP attributes
* and funtioncs required to deal with sambaAccount
* sambaAccount can only be created when it should be added
* to an array.
* basearray is the same array sambaAccount should be added
* to. If basearray is not given the constructor tries to
* create an array with sambaAccount and all other required
* objects.
* Example: $user[] = new sambaAccount($user);
*
* In container array the following things have to exist:
* account or inetOrgPerson object
* type: 'user' or 'host'
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
*/
class sambaAccount extends baseModule { class sambaAccount extends baseModule {
/** /**
@ -60,16 +28,29 @@ class sambaAccount extends baseModule {
* @param string $scope account type (user, group, host) * @param string $scope account type (user, group, host)
*/ */
function sambaAccount($scope) { function sambaAccount($scope) {
// error messages for input checks
$this->messages['homedir'] = array('ERROR', _('Home path'), _('Home path is invalid.'));
$this->messages['profilePath'] = array('ERROR', _('Profile path'), _('Profile path is invalid!'));
$this->messages['logonScript'] = array('ERROR', _('Script path'), _('Script path is invalid!'));
$this->messages['workstations'] = array('ERROR', _('Samba workstations'), _('Please enter a comma separated list of host names!'));
$this->messages['domain'] = array('ERROR', _('Domain name'), _('Domain name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.'));
// call parent constructor // call parent constructor
parent::baseModule($scope); parent::baseModule($scope);
} }
/** this functin fills the error message array with messages
**/
function load_Messages() {
// error messages for input checks
$this->messages['homePath'][0] = array('ERROR', _('Home path'), _('Home path is invalid.'));
$this->messages['homePath'][1] = array('INFO', _('Home path'), _('Inserted user- or groupname in HomePath.'));
$this->messages['profilePath'][0] = array('ERROR', _('Profile path'), _('Profile path is invalid!'));
$this->messages['profilePath'][1] = array('INFO', _('Profile path'), _('Inserted user- or groupname in profilepath.'));
$this->messages['logonScript'][0] = array('ERROR', _('Script path'), _('Script path is invalid!'));
$this->messages['logonScript'][1] = array('INFO', _('Script path'), _('Inserted user- or groupname in scriptpath.'));
$this->messages['workstations'][0] = array('ERROR', _('Samba workstations'), _('Please enter a comma separated list of host names!'));
$this->messages['domain'][0] = array('ERROR', _('Domain name'), _('Domain name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.'));
$this->messages['lmPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
$this->messages['lmPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
$this->messages['rid'][0] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.'));
$this->messages['rid'][1] = array('ERROR', _('Special user'), _('There can be only one guest per domain.'));
}
/** /**
* Returns meta data that is interpreted by parent class * Returns meta data that is interpreted by parent class
* *
@ -155,16 +136,16 @@ class sambaAccount extends baseModule {
2 => array('kind' => 'help', 'value' => 'TODO') 2 => array('kind' => 'help', 'value' => 'TODO')
); );
// profile checks // profile checks
$return['profile_checks']['sambaAccount_smbhome'] = array('type' => 'regex_i', 'regex' => $this->regex_homedir, $return['profile_checks']['sambaAccount_smbhome'] = array('type' => 'regex_i', 'regex' => 'UNC',
'error_message' => $this->messages['homedir']); 'error_message' => $this->messages['homePath'][0]);
$return['profile_checks']['sambaAccount_profilePath'] = array('type' => 'regex_i', 'regex' => $this->regex_profilePath, $return['profile_checks']['sambaAccount_profilePath'] = array('type' => 'regex_i', 'regex' => 'UNC',
'error_message' => $this->messages['profilePath']); 'error_message' => $this->messages['profilePath'][0]);
$return['profile_checks']['sambaAccount_scriptPath'] = array('type' => 'regex_i', 'regex' => $this->regex_logonScript, $return['profile_checks']['sambaAccount_scriptPath'] = array('type' => 'regex_i', 'regex' => 'logonScript',
'error_message' => $this->messages['logonScript']); 'error_message' => $this->messages['logonScript'][0]);
$return['profile_checks']['sambaAccount_userWorkstations'] = array('type' => 'regex_i', 'regex' => $this->regex_workstations, $return['profile_checks']['sambaAccount_userWorkstations'] = array('type' => 'regex_i', 'regex' => 'unixhost',
'error_message' => $this->messages['workstations']); 'error_message' => $this->messages['workstations'][0]);
$return['profile_checks']['sambaAccount_domain'] = array('type' => 'regex_i', 'regex' => $this->regex_domain, $return['profile_checks']['sambaAccount_domain'] = array('type' => 'regex_i', 'regex' => 'domainname',
'error_message' => $this->messages['domain']); 'error_message' => $this->messages['domain'][0]);
// available PDF fields // available PDF fields
$return['PDF_fields'] = array( 'displayName', $return['PDF_fields'] = array( 'displayName',
'uid', 'uid',
@ -189,31 +170,11 @@ class sambaAccount extends baseModule {
} }
// Variables // Variables
// This variable contains all inetOrgPerson attributes
var $attributes;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig;
// use unix password as samba password? // use unix password as samba password?
var $useunixpwd; var $useunixpwd;
// Array of well known rids // Array of well known rids
var $rids; var $rids;
/** regular expression for home directory */
var $regex_homedir = '^[\][\]([a-z0-9\\.%-])+([\]([a-z0-9\\.%<25><>\$-])+)+$';
/** regular expression for profile path */
var $regex_profilePath = '^([\][\]([a-zA-Z0-9\\.%-])+([\]([a-z0-9\\.%-])+)+)|([/][a-z]([a-z0-9\\._%-])*([/][a-z]([a-z0-9\\._%-])*)*)$';
/** regular expression for logon script */
var $regex_logonScript = '^([/])*([a-z0-9\\._%<25><>])+([/]([a-z0-9\\._%<25><>])+)*((\\.bat)|(\\.cmd))$';
/** regular expression for allowed workstations */
var $regex_workstations = '^([a-z0-9\\._-])+(,[a-z0-9\\._-])*$';
/** regular expression for domain name */
var $regex_domain = '^([a-z0-9_-])+$';
/** list of possible error messages */
var $messages = array();
/* $attribute['lmPassword'] and ntPassword can't accessed directly because it's enrcypted /* $attribute['lmPassword'] and ntPassword can't accessed directly because it's enrcypted
* To read / write password function userPassword is needed * To read / write password function userPassword is needed
* This function will return the unencrypted password when * This function will return the unencrypted password when
@ -287,26 +248,7 @@ class sambaAccount extends baseModule {
* $attr is an array as it's retured from ldap_get_attributes * $attr is an array as it's retured from ldap_get_attributes
*/ */
function load_attributes($attr) { function load_attributes($attr) {
// Load attributes which are displayed $this->load_ldap_attributes($attr);
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) {
$this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
$this->orig[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
}
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->attributes['objectClass'][0] = 'sambaAccount';
return 0; return 0;
} }
@ -410,7 +352,7 @@ class sambaAccount extends baseModule {
if (isset($post['lmPassword'])) { if (isset($post['lmPassword'])) {
if ($post['lmPassword'] != $post['lmPassword2']) { if ($post['lmPassword'] != $post['lmPassword2']) {
$errors['lmPassword'][] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $errors['lmPassword'][] = $this->messages['lmPassword'][0];
unset ($post['lmPassword2']); unset ($post['lmPassword2']);
} }
else $this->lmPassword($post['lmPassword']); else $this->lmPassword($post['lmPassword']);
@ -419,31 +361,30 @@ class sambaAccount extends baseModule {
$this->attributes['rid'][0] = "500"; $this->attributes['rid'][0] = "500";
// Do a check if an administrator already exists // Do a check if an administrator already exists
if ($_SESSION['cache']->in_cache("500", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig) if ($_SESSION['cache']->in_cache("500", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig)
$errors['rid'][] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.')); $errors['rid'][] = $this->messages['rid'][0];
} }
if ($post['rid']== _('Guest')) { if ($post['rid']== _('Guest')) {
$this->attributes['rid'][0] = "501"; $this->attributes['rid'][0] = "501";
// Do a check if an administrator already exists // Do a check if an administrator already exists
if ($_SESSION['cache']->in_cache("501", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig) if ($_SESSION['cache']->in_cache("501", 'rid', 'user')!=$_SESSION[$this->base]->dn_orig)
$errors['rid'][] = array('ERROR', _('Special user'), _('There can be only one guest per domain.')); $errors['rid'][] = $this->messages['rid'][1];
} }
$this->attributes['smbHome'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['smbHome'][0]); $this->attributes['smbHome'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['smbHome'][0]);
$this->attributes['smbHome'][0] = str_replace('$group', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['gid'][0], $this->attributes['smbHome'][0]); $this->attributes['smbHome'][0] = str_replace('$group', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['gid'][0], $this->attributes['smbHome'][0]);
if ($this->attributes['smbHome'][0] != stripslashes($post['smbHome'])) $errors['smbHome'][] = array('INFO', _('Home path'), _('Inserted user- or groupname in HomePath.')); if ($this->attributes['smbHome'][0] != stripslashes($post['smbHome'])) $errors['smbHome'][] = $this->messages['homePath'][1];
$this->attributes['scriptPath'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['scriptPath'][0]); $this->attributes['scriptPath'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['scriptPath'][0]);
$this->attributes['scriptPath'][0] = str_replace('$group', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['gid'][0], $this->attributes['scriptPath'][0]); $this->attributes['scriptPath'][0] = str_replace('$group', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['gid'][0], $this->attributes['scriptPath'][0]);
if ($this->attributes['scriptPath'][0] != stripslashes($post['scriptPath'])) $errors['scriptPath'][] = array('INFO', _('Script path'), _('Inserted user- or groupname in scriptpath.')); if ($this->attributes['scriptPath'][0] != stripslashes($post['scriptPath'])) $errors['scriptPath'][] = $this->messages['logonScript'][1];
$this->attributes['profilePath'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['profilePath'][0]); $this->attributes['profilePath'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['profilePath'][0]);
$this->attributes['profilePath'][0] = str_replace('$group', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['gid'][0], $this->attributes['profilePath'][0]); $this->attributes['profilePath'][0] = str_replace('$group', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['gid'][0], $this->attributes['profilePath'][0]);
if ($this->attributes['profiletPath'][0] != stripslashes($post['profilePath'])) $errors['profilePath'][] = array('INFO', _('Profile path'), _('Inserted user- or groupname in profilepath.')); if ($this->attributes['profiletPath'][0] != stripslashes($post['profilePath'])) $errors['profilePath'][] = $this->messages['profilePath'][1];
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', if ( !get_preg($this->lmPassword(), 'passord')) $errors['lmPassword'][] = $this->messages['lmPassword'][1];
$this->lmPassword())) $errors['lmPassword'][] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); if ( (!$this->attributes['smbHome'][0]=='') && (!get_preg($this->attributes['smbHome'][0], 'UNC')))
if ( (!$this->attributes['smbHome'][0]=='') && (!eregi($this->regex_homedir, $this->attributes['smbHome'][0]))) $errors['smbHome'][] = $this->messages['homedir'][0];
$errors['smbHome'][] = $this->messages['homedir']; if ( (!$this->attributes['scriptPath'][0]=='') && (!get_preg($this->attributes['scriptPath'][0], 'logonscript')))
if ( (!$this->attributes['scriptPath'][0]=='') && (!eregi($this->regex_logonScript, $this->attributes['scriptPath'][0]))) $errors['scriptPath'][] = $this->messages['logonScript'][0];
$errors['scriptPath'][] = $this->messages['logonScript']; if ( (!$this->attributes['profilePath'][0]=='') && (!get_preg($this->attributes['profilePath'][0], 'UNC')))
if ( (!$this->attributes['profilePath'][0]=='') && (!eregi($this->regex_profilePath, $this->attributes['profilePath'][0]))) $errors['profilePath'][] = $this->messages['profilePath'][0];
$errors['profilePath'][] = $this->messages['profilePath'];
} }
else { else {
$smbHome = str_replace('$user', 'user', $this->attributes['smbHome'][0]); $smbHome = str_replace('$user', 'user', $this->attributes['smbHome'][0]);
@ -452,22 +393,21 @@ class sambaAccount extends baseModule {
$scriptPath = str_replace('$group', 'group', $scriptPath); $scriptPath = str_replace('$group', 'group', $scriptPath);
$profilePath = str_replace('$user', 'user', $this->attributes['profilePath'][0]); $profilePath = str_replace('$user', 'user', $this->attributes['profilePath'][0]);
$profilePath = str_replace('$group', 'group', $profilePath); $profilePath = str_replace('$group', 'group', $profilePath);
if ( (!$smbHome=='') && (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%]|[<5B>|[<5B>|[<5B>|[<5B>|[]|[<5B>|[<5B>)+)+$', $smbHome))) if ( (!$smbHome=='') && (!get_preg($smbHome, 'UNC')))
$errors['smbHome'][] = array('ERROR', _('Home path'), _('Home path is invalid.')); $errors['smbHome'][] = $this->messages['homePath'][0];
if ( (!$scriptPath=='') && (!ereg('^([/])*([a-z]|[0-9]|[.]|[-]|[_]|[%]|[<5B>|[<5B>|[<5B>|[<5B>|[]|[<5B>|[<5B>)+([a-z]|[0-9]|[.]|[-]|[_]|[%]|[<5B>|[<5B>|[<5B>|[<5B>|[]|[<5B>|[<5B>)*'. if ( (!$scriptPath=='') && (!get_preg($scriptPath, 'logonscript')))
'([/]([a-z]|[0-9]|[.]|[-]|[_]|[%]|[<5B>|[<5B>|[<5B>|[<5B>|[]|[<5B>|[<5B>)+([a-z]|[0-9]|[.]|[-]|[_]|[%]|[<5B>|[<5B>|[<5B>|[<5B>|[]|[<5B>|[<5B>)*)*(([.][b][a][t])|([.][c][m][d]))$', $scriptPath))) $errors['scriptPath'][] = $this->messages['logonScript'][0];
$errors['scriptPath'][] = array('ERROR', _('Script path'), _('Script path is invalid!')); if ( (!$profilePath=='') && (!get_preg('^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*)*$', $profilePath))
if ( (!$profilePath=='') && (!ereg('^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*)*$', $profilePath)) && (!get_preg($profilePath, 'UNC')))
&& (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+)+$', $profilePath))) $errors['profilePath'][] = $this->messages['profilePath'][0];
$errors['profilePath'][] = array('ERROR', _('Profile path'), _('Profile path is invalid!'));
} }
if ($post['useunixpwd']) $this->useunixpwd = true; if ($post['useunixpwd']) $this->useunixpwd = true;
else $this->useunixpwd = false; else $this->useunixpwd = false;
} }
if ((!$this->attributes['domain'][0]=='') && !eregi($this->regex_domain, $this->attributes['domain'][0])) if ((!$this->attributes['domain'][0]=='') && !get_preg($this->attributes['domain'][0], 'domainname'))
$errors['domain'][] = $this->messages['domain']; $errors['domain'][] = $this->messages['domain'][0];
if (is_array($errors)) return $errors; if (is_array($errors)) return $errors;
if ($post['userWorkstations']) return 'userWorkstations'; if ($post['userWorkstations']) return 'userWorkstations';
@ -541,7 +481,7 @@ class sambaAccount extends baseModule {
if (!$profile) { if (!$profile) {
if ($this->attributes['lmPassword'][0] != $this->orig['lmPassword'][0]) $password=$this->lmPassword(); if ($this->attributes['lmPassword'][0] != $this->orig['lmPassword'][0]) $password=$this->lmPassword();
else $password=''; else if ($this->attributes['lmPassword'][0] != '') $password=$post['lmPassword'];
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Samba password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Samba password') ),
1 => array ( 'kind' => 'input', 'name' => 'lmPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password)); 1 => array ( 'kind' => 'input', 'name' => 'lmPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password));
if ($post['lmPassword2']!='') $password2 = $post['lmPassword2']; if ($post['lmPassword2']!='') $password2 = $post['lmPassword2'];

View File

@ -229,8 +229,8 @@ class sambaGroupMapping extends baseModule {
/** this functin fills the error message array with messages /** this functin fills the error message array with messages
**/ **/
function load_errorMessages() { function load_Messages() {
$this->errormessages['sambaSID'][0] = array('ERROR', _('Special Group'),sprintf( _('There can be only one group %s.'), $rids[$i]), 'sambaSID'); $this->messages['sambaSID'][0] = array('ERROR', _('Special Group'),sprintf( _('There can be only one group %s.'), $rids[$i]), 'sambaSID');
} }
@ -290,7 +290,7 @@ class sambaGroupMapping extends baseModule {
$this->attributes['sambaSID'][0] = $SID."-".$this->rids[$rids[$i]]; $this->attributes['sambaSID'][0] = $SID."-".$this->rids[$rids[$i]];
// Do a check if special grou pis unique // Do a check if special grou pis unique
if ($_SESSION['cache']->in_cache($SID."-".$this->rids[$rids[$i]], 'sambaSID', 'group')) if ($_SESSION['cache']->in_cache($SID."-".$this->rids[$rids[$i]], 'sambaSID', 'group'))
$errors[] = $this->errormessages['sambaSID'][0]; $errors[] = $this->messages['sambaSID'][0];
} }
} }
if (!$wrid) $this->attributes['sambaSID'][0] = $SID . "-" . ($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]*2+$RIDbase+1); if (!$wrid) $this->attributes['sambaSID'][0] = $SID . "-" . ($_SESSION[$this->base]->module['posixGroup']->attributes['gidNumber'][0]*2+$RIDbase+1);

View File

@ -20,38 +20,6 @@ $Id$
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
/* Session variables which are used:
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
*
* Coockie variables which are used:
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
* External functions which are used
* account.inc: findgroups, incache, get_cache, array_delete, getshells
* ldap.inc: pwd_is_enabled, pwd_hash
*/
/* This class contains all sambaSamAccount LDAP attributes
* and funtioncs required to deal with sambaSamAccount
* sambaSamAccount can only be created when it should be added
* to an array.
* basearray is the same array sambaSamAccount should be added
* to. If basearray is not given the constructor tries to
* create an array with sambaSamAccount and all other required
* objects.
* Example: $user[] = new sambaSamAccount($user);
*
* In container array the following things have to exist:
* account or inetOrgPerson object
* type: 'user' or 'host'
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
*/
class sambaSamAccount extends baseModule { class sambaSamAccount extends baseModule {
/** /**
@ -60,15 +28,27 @@ class sambaSamAccount extends baseModule {
* @param string $scope account type (user, group, host) * @param string $scope account type (user, group, host)
*/ */
function sambaSamAccount($scope) { function sambaSamAccount($scope) {
// error messages for input checks
$this->messages['homedir'] = array('ERROR', _('Home path'), _('Home path is invalid.'));
$this->messages['profilePath'] = array('ERROR', _('Profile path'), _('Profile path is invalid!'));
$this->messages['logonScript'] = array('ERROR', _('Script path'), _('Script path is invalid!'));
$this->messages['workstations'] = array('ERROR', _('Samba workstations'), _('Please enter a comma separated list of host names!'));
// call parent constructor // call parent constructor
parent::baseModule($scope); parent::baseModule($scope);
} }
/** this functin fills the error message array with messages
**/
function load_Messages() {
// error messages for input checks
$this->messages['homePath'][0] = array('ERROR', _('Home path'), _('Home path is invalid.'));
$this->messages['homePath'][1] = array('INFO', _('Home path'), _('Inserted user- or groupname in HomePath.'));
$this->messages['profilePath'][0] = array('ERROR', _('Profile path'), _('Profile path is invalid!'));
$this->messages['profilePath'][1] = array('INFO', _('Profile path'), _('Inserted user- or groupname in profilepath.'));
$this->messages['logonScript'][0] = array('ERROR', _('Script path'), _('Script path is invalid!'));
$this->messages['logonScript'][1] = array('INFO', _('Script path'), _('Inserted user- or groupname in scriptpath.'));
$this->messages['workstations'][0] = array('ERROR', _('Samba workstations'), _('Please enter a comma separated list of host names!'));
$this->messages['sambaLMPassword'][0] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'), 'sambaLMPassword');
$this->messages['sambaLMPassword'][1] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
$this->messages['rid'][0] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.'));
$this->messages['rid'][1] = array('ERROR', _('Special user'), _('There can be only one guest per domain.'));
}
/** /**
* Returns meta data that is interpreted by parent class * Returns meta data that is interpreted by parent class
* *
@ -89,14 +69,14 @@ class sambaSamAccount extends baseModule {
// module dependencies // module dependencies
$return['dependencies'] = array('depends' => array('posixAccount'), 'conflicts' => array()); $return['dependencies'] = array('depends' => array('posixAccount'), 'conflicts' => array());
// profile checks // profile checks
$return['profile_checks']['sambaSamAccount_smbhome'] = array('type' => 'regex_i', 'regex' => $this->regex_homedir, $return['profile_checks']['sambaSamAccount_smbhome'] = array('type' => 'regex_i', 'regex' => 'UNC',
'error_message' => $this->messages['homedir']); 'error_message' => $this->messages['homePath'][0]);
$return['profile_checks']['sambaSamAccount_profilePath'] = array('type' => 'regex_i', 'regex' => $this->regex_profilePath, $return['profile_checks']['sambaSamAccount_profilePath'] = array('type' => 'regex_i', 'regex' => 'UNC',
'error_message' => $this->messages['profilePath']); 'error_message' => $this->messages['profilePath'][0]);
$return['profile_checks']['sambaSamAccount_logonScript'] = array('type' => 'regex_i', 'regex' => $this->regex_logonScript, $return['profile_checks']['sambaSamAccount_logonScript'] = array('type' => 'regex_i', 'regex' => 'logonscript',
'error_message' => $this->messages['logonScript']); 'error_message' => $this->messages['logonScript'][0]);
$return['profile_checks']['sambaSamAccount_userWorkstations'] = array('type' => 'regex_i', 'regex' => $this->regex_workstations, $return['profile_checks']['sambaSamAccount_userWorkstations'] = array('type' => 'regex_i', 'regex' => 'unixhost',
'error_message' => $this->messages['workstations']); 'error_message' => $this->messages['workstations'][0]);
// available PDF fields // available PDF fields
$return['PDF_fields'] = array( 'displayName', $return['PDF_fields'] = array( 'displayName',
'uid', 'uid',
@ -122,30 +102,12 @@ class sambaSamAccount extends baseModule {
} }
// Variables // Variables
// This variable contains all inetOrgPerson attributes
var $attributes;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig;
// use unix password as samba password? // use unix password as samba password?
var $useunixpwd; var $useunixpwd;
// Array of well known rids // Array of well known rids
var $rids; var $rids;
/** regular expression for home directory */
var $regex_homedir = '^[\][\]([a-z0-9\\.%-])+([\]([a-z0-9\\.%<25><>\$-])+)+$';
/** regular expression for profile path */
var $regex_profilePath = '^([\][\]([a-zA-Z0-9\\.%-])+([\]([a-z0-9\\.%-])+)+)|([/][a-z]([a-z0-9\\._%-])*([/][a-z]([a-z0-9\\._%-])*)*)$';
/** regular expression for logon script */
var $regex_logonScript = '^([/])*([a-z0-9\\._%<25><>])+([/]([a-z0-9\\._%<25><>])+)*((\\.bat)|(\\.cmd))$';
/** regular expression for allowed workstations */
var $regex_workstations = '^([a-z0-9\\._-])+(,[a-z0-9\\._-])*$';
/** list of possible error messages */
var $messages = array();
/* $attribute['sambaLMPassword'] and sambaNTPassword can't accessed directly because it's enrcypted /* $attribute['sambaLMPassword'] and sambaNTPassword can't accessed directly because it's enrcypted
* To read / write password function userPassword is needed * To read / write password function userPassword is needed
* This function will return the unencrypted password when * This function will return the unencrypted password when
@ -220,26 +182,7 @@ class sambaSamAccount extends baseModule {
* $attr is an array as it's retured from ldap_get_attributes * $attr is an array as it's retured from ldap_get_attributes
*/ */
function load_attributes($attr) { function load_attributes($attr) {
// Load attributes which are displayed $this->load_ldap_attributes($attr);
// unset count entries
unset ($attr['count']);
$attributes = array_keys($attr);
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) {
$this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
$this->orig[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
}
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->attributes['objectClass'][0] = 'sambaSamAccount';
return 0; return 0;
} }
@ -354,7 +297,7 @@ class sambaSamAccount extends baseModule {
if (isset($post['sambaLMPassword']) && !$profile) { if (isset($post['sambaLMPassword']) && !$profile) {
if ($post['sambaLMPassword'] != $post['sambaLMPassword2']) { if ($post['sambaLMPassword'] != $post['sambaLMPassword2']) {
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'), 'sambaLMPassword'); $errors[] = $this->messages['sambaLMPassword'][0];
unset ($post['sambaLMPassword2']); unset ($post['sambaLMPassword2']);
} }
else $this->sambaLMPassword($post['sambaLMPassword']); else $this->sambaLMPassword($post['sambaLMPassword']);
@ -367,13 +310,13 @@ class sambaSamAccount extends baseModule {
$this->attributes['sambaSID'][0] = $SID."-500"; $this->attributes['sambaSID'][0] = $SID."-500";
// Do a check if an administrator already exists // Do a check if an administrator already exists
if ($_SESSION['cache']->in_cache($SID."-500", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig) if ($_SESSION['cache']->in_cache($SID."-500", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig)
$errors['sambaSID'][] = array('ERROR', _('Special user'), _('There can be only one administrator per domain.')); $errors['sambaSID'][] = $this->messages['rid'][0];
} }
if ($post['sambaSID']== _('Guest')) { if ($post['sambaSID']== _('Guest')) {
$this->attributes['sambaSID'][0] = $SID."-501"; $this->attributes['sambaSID'][0] = $SID."-501";
// Do a check if an administrator already exists // Do a check if an administrator already exists
if ($_SESSION['cache']->in_cache($SID."-501", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig) if ($_SESSION['cache']->in_cache($SID."-501", 'sambaSID', 'user')!=$_SESSION[$this->base]->dn_orig)
$errors['sambaSID'][] = array('ERROR', _('Special user'), _('There can be only one guest per domain.')); $errors['sambaSID'][] = $this->messages['rid'][1];
} }
// Check values // Check values
$this->attributes['sambaHomePath'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['sambaHomePath'][0]); $this->attributes['sambaHomePath'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['sambaHomePath'][0]);
@ -385,14 +328,13 @@ class sambaSamAccount extends baseModule {
$this->attributes['sambaProfilePath'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['sambaProfilePath'][0]); $this->attributes['sambaProfilePath'][0] = str_replace('$user', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['uid'][0], $this->attributes['sambaProfilePath'][0]);
$this->attributes['sambaProfilePath'][0] = str_replace('$group', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['gid'][0], $this->attributes['sambaProfilePath'][0]); $this->attributes['sambaProfilePath'][0] = str_replace('$group', $_SESSION[$this->base]->module['inetOrgPerson']->attributes['gid'][0], $this->attributes['sambaProfilePath'][0]);
if ($this->attributes['sambaProfiletPath'][0] != stripslashes($post['sambaProfilePath'])) $errors['sambaProfilePath'][] = array('INFO', _('Profile path'), _('Inserted user- or groupname in profilepath.')); if ($this->attributes['sambaProfiletPath'][0] != stripslashes($post['sambaProfilePath'])) $errors['sambaProfilePath'][] = array('INFO', _('Profile path'), _('Inserted user- or groupname in profilepath.'));
if ( (!$this->attributes['sambaHomePath'][0]=='') && (!ereg($this->regex_homedir, $this->attributes['sambaHomePath'][0]))) if ( (!$this->attributes['sambaHomePath'][0]=='') && (!get_preg($this->attributes['sambaHomePath'][0], 'UNC')))
$errors['sambaHomePath'][] = $this->messages['homedir']; $errors['sambaHomePath'][] = $this->messages['homePath'][0];
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', if ( !get_preg($this->sambaLMPassword(), 'password')) $errors['sambaLMPassword'][] = $this->messages['sambaLMPassword'][1];
$this->sambaLMPassword())) $errors['sambaLMPassword'][] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); if ( (!$this->attributes['sambaLogonScript'][0]=='') && (!get_preg($this->attributes['sambaLogonScript'][0], 'logonscript')))
if ( (!$this->attributes['sambaLogonScript'][0]=='') && (!ereg($this->regex_logonScript, $this->attributes['sambaLogonScript'][0]))) $errors['sambaScriptPath'][] = $this->messages['logonScript'][0];
$errors['sambaScriptPath'][] = $this->messages['logonScript']; if (!($this->attributes['sambaProfilePath'][0] == '') && !get_preg($this->attributes['sambaProfilePath'][0], 'UNC'))
if (!($this->attributes['sambaProfilePath'][0] == '') && !ereg($this->regex_profilePath, $this->attributes['sambaProfilePath'][0])) $errors['sambaProfilePath'][] = $this->messages['profilePath'][0];
$errors['sambaProfilePath'][] = $this->messages['profilePath'];
} }
else { else {
$sambaHomePath = str_replace('$user', 'user', $this->attributes['sambaHomePath'][0]); $sambaHomePath = str_replace('$user', 'user', $this->attributes['sambaHomePath'][0]);
@ -401,16 +343,14 @@ class sambaSamAccount extends baseModule {
$sambaLogonScript = str_replace('$group', 'group', $sambaLogonScript); $sambaLogonScript = str_replace('$group', 'group', $sambaLogonScript);
$sambaProfilePath = str_replace('$user', 'user', $this->attributes['sambaProfilePath'][0]); $sambaProfilePath = str_replace('$user', 'user', $this->attributes['sambaProfilePath'][0]);
$sambaProfilePath = str_replace('$group', 'group', $sambaProfilePath); $sambaProfilePath = str_replace('$group', 'group', $sambaProfilePath);
if ( (!$this->attributes['sambaHomePath'][0]=='') && (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%]|[?]|[?]|[?]|[?]|[?]|[?]|[?])+)+$', $this->attributes['sambaHomePath'][0]))) if ( (!$this->attributes['sambaHomePath'][0]=='') && (!get_preg($this->attributes['sambaHomePath'][0], 'UNC')))
$errors[] = array('ERROR', _('Home path'), _('Home path is invalid.'), 'sambaHomePath'); $errors[] = $this->messages['homePath'][0];
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', if ( !get_preg($this->sambaLMPassword(), 'UNC')) $errors[] = $this->messages['sambaLMPassword'][1];
$this->sambaLMPassword())) $errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'), 'sambaLMPassword'); if ( (!$this->attributes['sambaLogonScript'][0]=='') && (!get_preg($this->attributes['sambaLogonScript'][0], 'logonscript')))
if ( (!$this->attributes['sambaLogonScript'][0]=='') && (!ereg('^([/])*([a-z]|[0-9]|[.]|[-]|[_]|[%]|[?]|[?]|[?]|[?]|[?]|[?]|[?])+([a-z]|[0-9]|[.]|[-]|[_]|[%]|[?]|[?]|[?]|[?]|[?]|[?]|[?])*'. $errors[] = $this->messages['logonScript'][0];
'([/]([a-z]|[0-9]|[.]|[-]|[_]|[%]|[?]|[?]|[?]|[?]|[?]|[?]|[?])+([a-z]|[0-9]|[.]|[-]|[_]|[%]|[?]|[?]|[?]|[?]|[?]|[?]|[?])*)*(([.][b][a][t])|([.][c][m][d]))$', $this->attributes['sambaLogonScript'][0]))) if ( (!$this->attributes['sambaProfilePath'][0]=='') && (!get_preg($this->attributes['sambaProfilePath'][0], 'UNC'))
$errors[] = array('ERROR', _('Script path'), _('Script path is invalid!'), 'sambaScriptPath'); && (!get_preg($this->attributes['sambaProfilePath'][0], 'UNC')))
if ( (!$this->attributes['sambaProfilePath'][0]=='') && (!ereg('^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_]|[%])*)*$', $this->attributes['sambaProfilePath'][0])) $errors[] = $this->messages['profilePath'][0];
&& (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+)+$', $this->attributes['sambaProfilePath'][0])))
$errors[] = array('ERROR', _('Profile path'), _('Profile path is invalid!'), 'sambaProfilePath');
} }
} }
if (is_array($errors)) return $errors; if (is_array($errors)) return $errors;
@ -491,8 +431,8 @@ class sambaSamAccount extends baseModule {
5 => array ( 'kind' => 'input', 'name' => 'sambaPwdMustChange_s', 'type' => 'hidden', 'value' => $mustchangedate['seconds']), 5 => array ( 'kind' => 'input', 'name' => 'sambaPwdMustChange_s', 'type' => 'hidden', 'value' => $mustchangedate['seconds']),
6 => array ( 'kind' => 'input', 'name' => 'sambaAcctFlagsU', 'type' => 'hidden', 'value' => 'true')); 6 => array ( 'kind' => 'input', 'name' => 'sambaAcctFlagsU', 'type' => 'hidden', 'value' => 'true'));
if (!$profile) { if (!$profile) {
if ($this->attributes['lmPassword'][0] != $this->orig['lmPassword'][0]) $password=$this->sambaLMPassword(); if ($this->attributes['sambaLMPassword'][0] != $this->orig['sambaLMPassword'][0]) $password=$this->sambaLMPassword();
else $password=''; else if ($this->attributes['sambaLMPassword'][0] != '') $password=$post['sambaLMPassword'];
$return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Samba password') ), $return[] = array ( 0 => array ( 'kind' => 'text', 'text' => _('Samba password') ),
1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password)); 1 => array ( 'kind' => 'input', 'name' => 'sambaLMPassword', 'type' => 'password', 'size' => '20', 'maxlength' => '255', 'value' => $password));
if ($post['sambaLMPassword2']!='') $password2 = $post['sambaLMPassword2']; if ($post['sambaLMPassword2']!='') $password2 = $post['sambaLMPassword2'];

View File

@ -20,38 +20,6 @@ $Id$
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
/* Session variables which are used:
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
*
* Coockie variables which are used:
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
*
* Variables in basearray which are no objects:
* type: Type of account. Can be user, group, host
* attributes: List of all attributes, how to get them and are theiy required or optional
* dn: current DN without uid= or cn=
* dn_orig: old DN if account was loaded with uid= or cn=
* External functions which are used
* account.inc: findgroups, incache, get_cache, array_delete, getshells
* ldap.inc: pwd_is_enabled, pwd_hash
*/
/* This class contains all shadowAccount LDAP attributes
* and funtioncs required to deal with shadowAccount
* shadowAccount can only be created when it should be added
* to an array.
* basearray is the same array shadowAccount should be added
* to. If basearray is not given the constructor tries to
* create an array with shadowAccount and all other required
* objects.
* Example: $user[] = new shadowAccount($user);
*
* In container array the following things have to exist:
* account or inetOrgPerson object
* type: 'user' or 'host'
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
*/
class shadowAccount extends baseModule { class shadowAccount extends baseModule {
/** /**
@ -60,16 +28,21 @@ class shadowAccount extends baseModule {
* @param string $scope account type (user, group, host) * @param string $scope account type (user, group, host)
*/ */
function shadowAccount($scope) { function shadowAccount($scope) {
// error messages for input checks
$this->messages['shadowMin'] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
$this->messages['shadowMax'] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'));
$this->messages['inactive'] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'));
$this->messages['shadowWarning'] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'));
$this->messages['shadow_cmp'] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
// call parent constructor // call parent constructor
parent::baseModule($scope); parent::baseModule($scope);
} }
/** this functin fills the error message array with messages
**/
function load_Messages() {
// error messages for input checks
$this->messages['shadowMin'][0] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
$this->messages['shadowMax'][0] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'));
$this->messages['inactive'][0] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'));
$this->messages['shadowWarning'][0] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'));
$this->messages['shadow_cmp'][0] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
}
/** /**
* Returns meta data that is interpreted by parent class * Returns meta data that is interpreted by parent class
* *
@ -125,16 +98,16 @@ class shadowAccount extends baseModule {
2 => array('kind' => 'help', 'value' => 'TODO')) 2 => array('kind' => 'help', 'value' => 'TODO'))
); );
// profile checks // profile checks
$return['profile_checks']['shadowAccount_shadowMin'] = array('type' => 'regex', 'regex' => $this->regex_number, $return['profile_checks']['shadowAccount_shadowMin'] = array('type' => 'regex', 'regex' => 'digit',
'error_message' => $this->messages['shadowMin']); 'error_message' => $this->messages['shadowMin'][0]);
$return['profile_checks']['shadowAccount_shadowMax'] = array('type' => 'regex', 'regex' => $this->regex_number, $return['profile_checks']['shadowAccount_shadowMax'] = array('type' => 'regex', 'regex' => 'digit',
'error_message' => $this->messages['shadowMax']); 'error_message' => $this->messages['shadowMax'][0]);
$return['profile_checks']['shadowAccount_cmp'] = array('type' => 'int_greater', 'cmp_name1' => 'shadowAccount_shadowMax', $return['profile_checks']['shadowAccount_cmp'] = array('type' => 'int_greater', 'cmp_name1' => 'shadowAccount_shadowMax',
'cmp_name2' => 'shadowAccount_shadowMin', 'error_message' => $this->messages['shadow_cmp']); 'cmp_name2' => 'shadowAccount_shadowMin', 'error_message' => $this->messages['shadow_cmp'][0]);
$return['profile_checks']['shadowAccount_shadowInactive'] = array('type' => 'regex', 'regex' => $this->regex_inactive, $return['profile_checks']['shadowAccount_shadowInactive'] = array('type' => 'regex', 'regex' => 'digit2',
'error_message' => $this->messages['inactive']); 'error_message' => $this->messages['inactive'][0]);
$return['profile_checks']['shadowAccount_shadowWarning'] = array('type' => 'regex', 'regex' => $this->regex_number, $return['profile_checks']['shadowAccount_shadowWarning'] = array('type' => 'regex', 'regex' => 'digit',
'error_message' => $this->messages['shadowWarning']); 'error_message' => $this->messages['shadowWarning'][0]);
// available PDF fields // available PDF fields
$return['PDF_fields'] = array( 'shadowLastChange', $return['PDF_fields'] = array( 'shadowLastChange',
'shadowWarning', 'shadowWarning',
@ -158,21 +131,6 @@ class shadowAccount extends baseModule {
parent::init($base); parent::init($base);
} }
// Variables
// This variable contains all inetOrgPerson attributes
var $attributes;
/* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes
*/
var $orig;
/** regular expression for numeric values */
var $regex_number = '^([0-9])*$';
/** regular expression for shasowInactive */
var $regex_inactive = '^(([-][1])|([0-9]*))$';
/** list of possible error messages */
var $messages = array();
function module_ready() { function module_ready() {
return true; return true;
@ -207,26 +165,8 @@ class shadowAccount extends baseModule {
* $attr is an array as it's retured from ldap_get_attributes * $attr is an array as it's retured from ldap_get_attributes
*/ */
function load_attributes($attr) { function load_attributes($attr) {
// Load attributes which are displayed $this->load_ldap_attributes($attr);
// unset count entries return 0;
unset ($attr['count']);
$attributes = array_keys($attr);
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
// unset double entries
for ($i=0; $i<count($attr); $i++)
if (isset($attr[$i])) unset($attr[$i]);
foreach ($attributes as $attribute) {
if (isset($this->attributes[$attribute])) {
// decode as unicode
$this->attributes[$attribute] = $attr[$attribute];
for ($i=0; $i<count($this->attributes[$attribute]); $i++) {
$this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
$this->orig[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
}
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->attributes['objectClass'][0] = 'shadowAccount';
} }
/* This function returns an array with 3 entries: /* This function returns an array with 3 entries:
@ -261,11 +201,11 @@ class shadowAccount extends baseModule {
$this->attributes['shadowExpire'][0] = intval(mktime(10, 0, 0, $post['shadowExpire_mon'], $this->attributes['shadowExpire'][0] = intval(mktime(10, 0, 0, $post['shadowExpire_mon'],
$post['shadowExpire_day'], $post['shadowExpire_yea'])/3600/24); $post['shadowExpire_day'], $post['shadowExpire_yea'])/3600/24);
if ( !ereg($this->regex_number, $this->attributes['shadowMin'][0])) $errors['shadowMin'][] = $this->messages['shadowMin']; if ( !get_preg($this->attributes['shadowMin'][0], 'digit')) $errors['shadowMin'][] = $this->messages['shadowMin'][0];
if ( !ereg($this->regex_number, $this->attributes['shadowMax'][0])) $errors['shadowMax'][] = $this->messages['shadowMax']; if ( !get_preg($this->attributes['shadowMax'][0], 'digit')) $errors['shadowMax'][] = $this->messages['shadowMax'][0];
if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0]) $errors['shadowMin'][] = $this->messages['shadow_cmp']; if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0]) $errors['shadowMin'][] = $this->messages['shadow_cmp'][0];
if ( !ereg($this->regex_inactive, $this->attributes['shadowInactive'][0])) $errors['shadowInactive'][] = $this->messages['inactive']; if ( !get_preg($this->attributes['shadowInactive'][0], 'digit2')) $errors['shadowInactive'][] = $this->messages['inactive'][0];
if ( !ereg($this->regex_number, $this->attributes['shadowWarning'][0])) $errors['shadowWarning'][] = $this->messages['shadowWarning']; if ( !get_preg($this->attributes['shadowWarning'][0], 'digit')) $errors['shadowWarning'][] = $this->messages['shadowWarning'][0];
if (is_array($errors)) return $errors; if (is_array($errors)) return $errors;
return 0; return 0;
} }