From f3f5a170cdf93fd486eda8193c25ea20282b5407 Mon Sep 17 00:00:00 2001
From: katagia <katagia>
Date: Mon, 11 Aug 2003 12:40:06 +0000
Subject: [PATCH] Added Readme-File Host-Attribute should worl now

---
 lam/docs/README.hosts | 28 +++++++++++++++++++++++
 lam/lib/account.inc   | 52 ++++++++++++++++++++++++++++++++++++++-----
 lam/lib/lamdaemon.pl  | 21 ++++++++++++++---
 3 files changed, 92 insertions(+), 9 deletions(-)
 create mode 100644 lam/docs/README.hosts

diff --git a/lam/docs/README.hosts b/lam/docs/README.hosts
new file mode 100644
index 00000000..6176ab75
--- /dev/null
+++ b/lam/docs/README.hosts
@@ -0,0 +1,28 @@
+The attribute "host" is only in objectclass account.
+Unfortunatly "account" conflicts with
+"inetorgperson". so there's no perfect way to use
+both.
+
+In order to get attribute host working you have to
+modify schema/inetoergperson and include host:
+
+
+# inetOrgPerson
+# The inetOrgPerson represents people who are associated with an
+# organization in some way.  It is a structural class and is derived
+# from the organizationalPerson which is defined in X.521 [X521].
+objectclass     ( 2.16.840.1.113730.3.2.2
+    NAME 'inetOrgPerson'
+        DESC 'RFC2798: Internet Organizational Person'
+    SUP organizationalPerson
+    STRUCTURAL
+        MAY (
+                audio $ businessCategory $ carLicense $ departmentNumber $
+                displayName $ employeeNumber $ employeeType $ givenName $
+                homePhone $ homePostalAddress $ initials $ jpegPhoto $
+                labeledURI $ mail $ manager $ mobile $ o $ pager $
+                photo $ roomNumber $ secretary $ uid $ userCertificate $
+                x500uniqueIdentifier $ preferredLanguage $
+                userSMIMECertificate $ userPKCS12 $ host )
+        )
+
diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index a79ce5e6..21540cef 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -171,7 +171,7 @@ function checkglobal($values, $type, $values_old=false) { // This functions chec
 			// Check if Homedir is valid
 			$return->general_homedir = str_replace('$group', $values->general_group, $values->general_homedir);
 			if ($values->general_username != '')
-				$return->general_homedir = str_replace('$user', $values->general_username, $values->general_homedir);
+				$return->general_homedir = str_replace('$user', $values->general_username, $return->general_homedir);
 			if ($return->general_homedir != $values->general_homedir) $errors[] = array('INFO', _('Home Directory'), _('Replaced $user or $group in homedir.'));
 			if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $return->general_homedir ))
 				$errors[] = array('ERROR', _('Home Directory'), _('Homedirectory contents invalid characters.'));
@@ -315,7 +315,7 @@ function checkunix($values, $type) { // This function checks all unix account pa
 	if ( !ereg('^(([-][1])|([0-9]*))$', $values->unix_pwdallowlogin))
 		$errors[] = array('ERROR', _('Password Expire'), _('Password Expire must be are natural number or -1.'));
 	if ( !ereg('^([0-9]*)$', $values->unix_pwdwarn)) $errors[] = array('ERROR', _('Password Warn'), _('Password Warn must be are natural number.'));
-	if ((!$values->unix_host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $values->unix_host))
+	if ((!$values->unix_host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $values->unix_host))
 		$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
 	return $errors;
 	}
@@ -706,7 +706,12 @@ function loaduser($dn) { // Will load all needed values from an existing account
 	if (isset($attr['shadowWarning'][0])) $return->unix_pwdwarn = $attr['shadowWarning'][0];
 	if (isset($attr['shadowInactive'][0])) $return->unix_pwdallowlogin = $attr['shadowInactive'][0];
 	if (isset($attr['shadowExpire'][0])) $return->unix_pwdexpire = $attr['shadowExpire'][0]*86400;
-	if (isset($attr['host'][0])) $return->unix_host = $attr['host'][0];
+	$i=0;
+	while (isset($attr['host'][$i])) {
+		if ($i==0) $return->unix_host = $attr['host'][$i];
+			else $return->unix_host = $return->unix_host . ', ' . $attr['host'][$i];
+		$i++;
+		}
 	if ($_SESSION['config']->samba3 == 'yes') {
 		if (isset($attr['sambaAcctFlags'][0])) {
 			if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true;
@@ -947,7 +952,13 @@ function createuser($values) { // Will create the LDAP-Account
 	$attr['gecos'] = $values->general_gecos; // posixAccount_may
 	$attr['description'] = $values->general_gecos; // posixAccount_may sambaAccount_may
 
-	if ($values->unix_host!='') $attr['host'] = $values->unix_host; // account_may
+	$values->unix_host = str_replace(' ', '', $values->unix_host);
+	$hosts = explode (',', $values->unix_host);
+	$i=0;
+	while(isset($hosts[$i])) {
+		$attr['host'][$i] = $hosts[$i];
+		$i++;
+		}
 	if ($values->unix_pwdminage!='') $attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
 	if ($values->unix_pwdmaxage!='') $attr['shadowMax'] = $values->unix_pwdmaxage; // shadowAccount_may
 	if ($values->unix_pwdwarn!='') $attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
@@ -1104,8 +1115,37 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
 		$attr['gecos'] = $values->general_gecos; // posixAccount_may
 		$attr['description'] = $values->general_gecos; // posixAccount_may sambaAccount_may
 		}
-	if (($values->unix_host != $values_old->unix_host) && ($values->unix_host !=''))
-		$attr['host'] = $values->unix_host; // shadowAccount_may
+
+	if (($values->unix_host != $values_old->unix_host)) {
+		$values->unix_host = str_replace(' ', '', $values->unix_host);
+		$hosts = explode (',', $values->unix_host);
+		$values_old->unix_host = str_replace(' ', '', $values_old->unix_host);
+		$hosts_old = explode (',', $values_old->unix_host);
+		$i=0;
+		while (isset($hosts[$i])) {
+			if ( in_array($hosts[$i], $hosts_old) ) unset ($hosts[$i]);
+				else $i++;
+			}
+		}
+	$i=0;
+	$j=0;
+	while(isset($hosts[$i])) {
+		if ($hosts[$i]!='') {
+			$attr['host'][$j] = $hosts[$i];
+			$j++;
+			}
+		$i++;
+		}
+	$i=0;
+	$j=0;
+	while(isset($hosts_old[$i])) {
+		if ($hosts_old[$i]!='') {
+			$attr_rem['host'][$j] = $hosts_old[$i];
+			$j++;
+			}
+		$i++;
+		}
+
 	if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage !=''))
 		$attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
 	if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage ==''))
diff --git a/lam/lib/lamdaemon.pl b/lam/lib/lamdaemon.pl
index 724bd7e0..ab3d9ec6 100755
--- a/lam/lib/lamdaemon.pl
+++ b/lam/lib/lamdaemon.pl
@@ -31,7 +31,12 @@
 @admins = ('cn=Manager,dc=my-domain,dc=com');
 $server="127.0.0.1"; # IP or DNS of ldap-server
 $server_port='389'; # Port used from ldap
-$server_tls='no'; # Use TLS? ************* Not working yet
+$server_tls='no'; # Use TLS?
+$server_tls_verify='require'; # none,optional or require a valid server certificated
+$server_tls_clientcert=''; # path to client certificate
+$server_tls_clientkey=''; # path to client certificate
+$server_tls_decryptkey=''; # To to decrypt clientkey
+$server_tls_cafile=''; # Path to CA-File
 $debug=true; # Show debug messages
 
 # Don't change anything below this line
@@ -92,7 +97,15 @@ foreach my $admin (@admins) { # Check if user is admin
 	}
 if ($found==true) {
 	# Connect to ldap-server and check if password is valid.
-	$ldap = Net::LDAP->new($server, port => $server_port) or die ('Can\'t connect to ldapserver.');
+	$ldap = Net::LDAP->new($server, port => $server_port, version => 3) or die ('Can\'t connect to ldapserver.');
+	if ($server_tls eq 'yes') {
+	    $mesg = $ldap->start_tls(
+		verify => $server_tls_verify,
+		clientcert => $server_tls_clientcert,
+		clientkey => $server_tls_clientkey,
+		decrypte => sub { $server_tls_decryptkey; },
+		cafile => $server_tls_cafile);
+	    }
 	$result = $ldap->bind (dn => $vals[0], password => $vals[1]) ;
 	$ldap->unbind(); # Close ldap connection.
 	if (!$result->code) { # password is valid
@@ -109,7 +122,9 @@ if ($found==true) {
 						($<, $>) = ($>, $<); # Get root privileges
 						if (! -e $path) {
     						    system 'mkdir', '-m 755', '-p', $path; # Create paths to homedir
-						    system 'mkdir', '-m 700', $user[7]; # Create himdir itself
+						    }
+						if (! -e $user[7]) {
+						    system 'mkdir', '-m 755', $user[7]; # Create himdir itself
 						    system "cp -a /etc/skel/* /etc/skel/.[^.]* $user[7]"; # Copy /etc/sekl into homedir
 					    	    system 'chown', '-R', "$user[2]:$user[3]" , $user[7]; # Change owner to new user
 						    system '/usr/sbin/useradd.local', $user[0]; # run useradd-script