From f4e4f2b3dfd6cbe28c50b2c826acf4ef51b6ce1c Mon Sep 17 00:00:00 2001
From: katagia <katagia>
Date: Sun, 24 Oct 2004 17:23:23 +0000
Subject: [PATCH] Added "Umlaut" handling for attributes which don''t allow
 them. Added $this->attribute to ldap class. This variable contains a list of
 all attributes and their syntax

---
 lam/lib/account.inc              | 10 ----
 lam/lib/baseModule.inc           | 44 ++++++++++++++++++
 lam/lib/cache.inc                |  1 +
 lam/lib/ldap.inc                 | 79 ++++++++++++++++++++++++++++++--
 lam/lib/modules.inc              |  5 ++
 lam/lib/modules/posixAccount.inc |  5 ++
 6 files changed, 131 insertions(+), 13 deletions(-)

diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index c9d882e1..8d5d6c12 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -59,16 +59,6 @@ function getshells() {
 * fixme ***
 * In order to map all non-ascii characters this function should be changed
 */
-function replace_umlaut($text) {
-	$aTranslate = array("�"=>"ae", "�"=>"Ae",
-		"�"=>"oe", "�"=>"Oe",
-		"�"=>"ue", "�"=>"Ue",
-		"�"=>"ss"
-		);
-	return strtr($text, $aTranslate);
-	}
-
-
 /* This function will return all values from $array without values of $values
 * $values, $array and $return are arrays
 */
diff --git a/lam/lib/baseModule.inc b/lam/lib/baseModule.inc
index 006dd1f8..c7a96766 100644
--- a/lam/lib/baseModule.inc
+++ b/lam/lib/baseModule.inc
@@ -63,6 +63,9 @@ class baseModule {
 	/** contains all error messages of a module */
 	var $messages;
 
+	/** contains syntax of all */
+	var $syntax;
+
 	/**
 	* Creates a new base module class
 	*
@@ -507,6 +510,47 @@ class baseModule {
 		}
 	}
 
+	function input_check() {
+		/* We have to some string checks now. Not every ldap attributes allow utf8
+		 * strings. Therefore we do a syntax check here and change utf8 strings to ascci
+		 * strings. Only "7bit" ascci is allowed
+		 * We check als the max length as defined in ldap.
+		*/
+		// Do a check for every ldap attribute
+		$attributes = array_keys($this->attributes);
+		for ($i=0; $i<count($attributes); $i++) {
+			if ($_SESSION['ldap']->attributes[$attributes[$i]]['SYNTAX']=='1.3.6.1.4.1.1466.115.121.1.36') {
+				// found numeric attribute
+				for ($j=0; $j<count($this->attributes[$attributes[$i]]); $j++)
+					if ($this->attributes[$attributes[$i]][$j]!=intval($this->attributes[$attributes[$i]][$j])) {
+					$this->attributes[$attributes[$i]][$j] = intval($this->attributes[$attributes[$i]][$j]);
+					$messages[$attributes[$i]] = array('WARN', _($attributes[$i]), _('Changed value %s because only numeric values are allowed.'));
+					}
+			}
+			else if ($_SESSION['ldap']->attributes[$attributes[$i]]['SYNTAX']=='1.3.6.1.4.1.1466.115.121.1.26' ||
+				$_SESSION['ldap']->attributes[$attributes[$i]]['SYNTAX']=='1.3.6.1.4.1.1466.115.121.1.44' ||
+				$_SESSION['ldap']->attributes[$attributes[$i]]['SYNTAX']=='1.3.6.1.4.1.1466.115.121.1.11') {
+				// found "7bit" ascii attribute
+				// convert utf8 in us-ascii
+				$convert = array ( 'ä' => 'ae', 'Ä' => 'Ae', 'ö' => 'Oe', 'ü' => 'ue', 'Ü' => 'ue',
+					'ß' => 'ss', 'é' => 'e', 'è' => 'e', 'ô' => 'o'
+					);
+				$index = array_keys($convert);
+				for ($j=0; $j<count($this->attributes[$attributes[$i]]); $j++)
+					for ($k=0; $k<count($index); $k++) {
+						$temp = str_replace($index[$k], $convert[$index[$k]], $this->attributes[$attributes[$i]][$j]);
+						if ($temp!=$this->attributes[$attributes[$i]][$j]) {
+							$this->attributes[$attributes[$i]][$j] = $temp;						
+							$messages[$attributes[$i]][] = array('WARN', _($attributes[$i]), _('Changed value s because only US-ASCII allowed.')); //, array($attributes[$i]));
+						}
+					}
+			}
+		// TODO length check
+		}
+	if (count($messages)!=0) return $messages;
+		else return 0;
+	}
+	
 	/**
 	* This function executes one post upload action.
 	*
diff --git a/lam/lib/cache.inc b/lam/lib/cache.inc
index 884828cc..3a6203bf 100644
--- a/lam/lib/cache.inc
+++ b/lam/lib/cache.inc
@@ -294,6 +294,7 @@ class cache {
 		$dn_groups = $_SESSION['cache']->get_cache('gidNumber', 'posixGroup', 'group');
 		$DNs = array_keys($dn_groups);
 		foreach ($DNs as $DN) {
+			// TODO doesn't work when groupname is part of DN
 			if (strpos($DN, $groupname))
 				return $dn_groups[$DN][0];
 			}
diff --git a/lam/lib/ldap.inc b/lam/lib/ldap.inc
index b8f52fb0..79262fd4 100644
--- a/lam/lib/ldap.inc
+++ b/lam/lib/ldap.inc
@@ -64,6 +64,8 @@ class Ldap{
 
 	/** Array with all objectClass strings from the LDAP server */
 	var $objectClasses;
+	/** Array with all attribute strings from the LDAP server */
+	var $attributes;
 
 	// Capabilities of the LDAP server
 	/** Host attribute in inetOrgPerson */
@@ -182,11 +184,82 @@ class Ldap{
 			if ($info) {
 				$this->objectClasses = $info[0]['objectclasses'];
 				array_shift($this->objectClasses);
-				return;
 			}
 		}
 		// if search failed save empty result
-		$this->objectClasses = array();
+		else $this->objectClasses = array();
+
+		// read from default cn
+		$sr = @ldap_read($this->server, 'cn=subschema', '(objectClass=*)', array('attributetypes'));
+		// if default was not correct check different cn
+		if (!$sr) $sr = @ldap_read($this->server, 'cn=schema', '(objectClass=*)', array('attributetypes'));
+		if ($sr) {
+			// get search result and save it
+			$info = @ldap_get_entries($this->server,$sr);
+			if ($info) {
+				$attributes = $info[0]['attributetypes'];
+				array_shift($attributes);
+			}
+		}
+		// build Attribute list
+		for ($i=0; $i<count($attributes); $i++) {
+			// TODO: is it save to use while in lower code?
+			// find oid of attribute
+			$start = 0;
+			while (!get_preg($attributes[$i][$start], 'digit')) $start++;
+			$end = $start;
+			while ($attributes[$i][$end+1] != ' ') $end++; // find limiter
+			$values['oid'] = substr($attributes[$i], $start, $end-$start);
+			// find DESC of attribute			
+			$start = strpos($attributes[$i], 'DESC');
+			if ($start) {
+				$start = $start + 6;
+				$end = $start;
+				while ($attributes[$i][$end]!='\'') $end++; // find limiter
+				$values['DESC'] = substr($attributes[$i], $start, $end-$start);
+			}
+			// find SYNTAX of attribute			
+			$start = strpos($attributes[$i], 'SYNTAX');
+			if ($start) {
+				$start = $start + 7;
+				$end = $start;
+				while ($attributes[$i][$end]!='{' && $attributes[$i][$end]!=' ') $end++; // find limiter
+				$values['SYNTAX'] = substr($attributes[$i], $start, $end-$start);
+			}
+			// find length of attribute			
+			$start = strpos($attributes[$i], 'SYNTAX');
+			if ($start) {
+				$start = $start + 8;
+				while ($attributes[$i][$start]!='{' && $attributes[$i][$start]!=' ') $start++; // find limiter
+				if ($attributes[$i][$start]=='{') {
+					$end = $start;
+					while ($attributes[$i][$end]!='}') $end++; // find limiter
+					$values['LENGTH'] = substr($attributes[$i], $start, $end-$start);
+				}
+			}
+			$start = strpos($attributes[$i], "NAME") + 6;
+			if ($attributes[$i][$start-1]=='(') {
+				// found multiple possible names
+				$start = $start +2;
+				$count = 1;
+				// repeat until all names are found
+				while ($attributes[$i][$start-1]!=')') {
+					// search for end
+					$end = $start;
+					while ($attributes[$i][$end]!='\'') $end++; // find limiter
+					$count++;
+					$name = substr($attributes[$i], $start, $end-$start);
+					$this->attributes[$name] = $values;
+					$start = $end + 3;
+				}
+			}
+			else {
+				$end = $start;
+				while ($attributes[$i][$end]!='\'') $end++;
+				$name = substr($attributes[$i], $start, $end-$start);
+				$this->attributes[$name] = $values;
+			}
+		}
 	}
 
 	/** Updates the capabilities values (var $supports_*) */
@@ -214,7 +287,7 @@ class Ldap{
 		$this->close();
 		// define which attributes to save
 		return array("conf", "username", "password", "ldapUserAttributes", "ldapGroupAttributes",
-			"ldapHostAttributes", "objectClasses", "supports_unix_hosts", "supports_samba2_schema",
+			"ldapHostAttributes", "objectClasses", "attributes", "supports_unix_hosts", "supports_samba2_schema",
 			"supports_samba3_schema", "rand");
 	}
 
diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc
index bbafbafd..cac13ce0 100644
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@@ -1326,6 +1326,11 @@ class accountContainer {
 					}
 				}
 			}
+		/* We have to some string checks now. Not every ldap attributes allow utf8
+		 * strings. Therefore we do a syntax check here and change utf8 strings to ascci
+		 * strings. Only "7bit" ascci is allowed
+		*/
+		// TODO how do we interact with the user and show him what has been changed
 		// Complete dn with uid or cn=
 		if ($this->type=='group') $search = 'cn';
 			else $search = 'uid';
diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index e9ae117d..ea8b85f3 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -753,6 +753,10 @@ class posixAccount extends baseModule {
 			if (!get_preg($this->userPassword(), 'password'))
 			$triggered_messages['userPassword'][] = $this->messages['userPassword'][1];
 		}
+	
+	$temp = $this->input_check();
+	// TODO is this really OK?
+	if (is_array($temp)) $triggered_messages = array_merge_recursive($triggered_messages, $temp);
 	// Return error-messages
 	if (count($triggered_messages)!=0) {
 		$this->triggered_messages = $triggered_messages;
@@ -844,6 +848,7 @@ class posixAccount extends baseModule {
 			array ($this->attributes['loginShell'][0])),
 			2 => array ('kind' => 'help', 'value' => 'loginShell'));
 		}
+	return $return;
 	}
 
 	function display_html_delete($post) {