548 lines
17 KiB
PHP
548 lines
17 KiB
PHP
<?php
|
|
/*
|
|
$Id$
|
|
|
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
|
Copyright (C) 2013 - 2015 Roland Gruber
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
*/
|
|
|
|
/**
|
|
* Multi edit tool that allows LDAP operations on multiple entries.
|
|
*
|
|
* @author Roland Gruber
|
|
* @package tools
|
|
*/
|
|
|
|
/** security functions */
|
|
include_once("../lib/security.inc");
|
|
/** access to configuration data */
|
|
include_once("../lib/config.inc");
|
|
/** access LDAP server */
|
|
include_once("../lib/ldap.inc");
|
|
/** used to print status messages */
|
|
include_once("../lib/status.inc");
|
|
|
|
// start session
|
|
startSecureSession();
|
|
|
|
// die if no write access
|
|
if (!checkIfWriteAccessIsAllowed()) die();
|
|
|
|
checkIfToolIsActive('toolMultiEdit');
|
|
|
|
setlanguage();
|
|
|
|
if (!empty($_POST)) {
|
|
validateSecurityToken();
|
|
}
|
|
|
|
define('ADD', 'add');
|
|
define('MOD', 'mod');
|
|
define('DEL', 'del');
|
|
|
|
define('STAGE_START', 'start');
|
|
define('STAGE_READ_FINISHED', 'readFinished');
|
|
define('STAGE_ACTIONS_CALCULATED', 'actionsCalculated');
|
|
define('STAGE_WRITING', 'writing');
|
|
define('STAGE_FINISHED', 'finished');
|
|
|
|
if (isset($_GET['ajaxStatus'])) {
|
|
runAjaxActions();
|
|
}
|
|
else {
|
|
displayStartPage();
|
|
}
|
|
|
|
/**
|
|
* Displays the main page of the multi edit tool.
|
|
*/
|
|
function displayStartPage() {
|
|
// display main page
|
|
include 'main_header.php';
|
|
echo '<div class="user-bright smallPaddingContent">';
|
|
echo "<form action=\"multiEdit.php\" method=\"post\">\n";
|
|
$errors = array();
|
|
$tabindex = 1;
|
|
$container = new htmlTable();
|
|
$container->addElement(new htmlTitle(_("Multi edit")), true);
|
|
// LDAP suffix
|
|
$showRules = array('-' => array('otherSuffix'));
|
|
$hideRules = array();
|
|
$container->addElement(new htmlOutputText(_('LDAP suffix')));
|
|
$suffixGroup = new htmlTable();
|
|
$types = $_SESSION['config']->get_ActiveTypes();
|
|
$suffixes = array();
|
|
foreach ($types as $type) {
|
|
$suffixes[getTypeAlias($type)] = $_SESSION['config']->get_Suffix($type);
|
|
$hideRules[$_SESSION['config']->get_Suffix($type)] = array('otherSuffix');
|
|
}
|
|
$treeSuffix = $_SESSION['config']->get_Suffix('tree');
|
|
if (!empty($treeSuffix)) {
|
|
$suffixes[_('Tree view')] = $_SESSION['config']->get_Suffix('tree');
|
|
$hideRules[$_SESSION['config']->get_Suffix('tree')] = array('otherSuffix');
|
|
}
|
|
$suffixes = array_flip($suffixes);
|
|
natcasesort($suffixes);
|
|
$suffixes = array_flip($suffixes);
|
|
$suffixes[_('Other')] = '-';
|
|
$suffixValues = array_values($suffixes);
|
|
$valSuffix = empty($_POST['suffix']) ? $suffixValues[0] : $_POST['suffix'];
|
|
$suffixSelect = new htmlSelect('suffix', $suffixes, array($valSuffix));
|
|
$suffixSelect->setHasDescriptiveElements(true);
|
|
$suffixSelect->setSortElements(false);
|
|
$suffixSelect->setTableRowsToShow($showRules);
|
|
$suffixSelect->setTableRowsToHide($hideRules);
|
|
$suffixGroup->addElement($suffixSelect);
|
|
$otherSuffixTable = new htmlTable();
|
|
$valOtherSuffix = empty($_POST['otherSuffix']) ? '' : $_POST['otherSuffix'];
|
|
$otherSuffixTable->addElement(new htmlInputField('otherSuffix'));
|
|
$suffixGroup->addElement($otherSuffixTable);
|
|
$container->addElement($suffixGroup);
|
|
$container->addElement(new htmlHelpLink('700'), true);
|
|
// LDAP filter
|
|
$valFilter = empty($_POST['filter']) ? '(objectClass=inetOrgPerson)' : $_POST['filter'];
|
|
$container->addElement(new htmlTableExtendedInputField(_('LDAP filter'), 'filter', $valFilter, '701'), true);
|
|
// operation fields
|
|
$container->addElement(new htmlSubTitle(_('Operations')), true);
|
|
$container->addElement(new htmlOutputText(_('Type')));
|
|
$container->addElement(new htmlOutputText(_('Attribute name')));
|
|
$container->addElement(new htmlOutputText(_('Value')));
|
|
$container->addElement(new htmlHelpLink('702'), true);
|
|
$opCount = empty($_POST['opcount']) ? '3' : $_POST['opcount'];
|
|
if (isset($_POST['addFields'])) {
|
|
$opCount += 3;
|
|
}
|
|
$operations = array(_('Add') => ADD, _('Modify') => MOD, _('Delete') => DEL);
|
|
for ($i = 0; $i < $opCount; $i++) {
|
|
// operation type
|
|
$selOp = empty($_POST['op_' . $i]) ? ADD : $_POST['op_' . $i];
|
|
$opSelect = new htmlSelect('op_' . $i, $operations, array($selOp));
|
|
$opSelect->setHasDescriptiveElements(true);
|
|
$container->addElement($opSelect);
|
|
// attribute name
|
|
$attrVal = empty($_POST['attr_' . $i]) ? '' : $_POST['attr_' . $i];
|
|
$container->addElement(new htmlInputField('attr_' . $i, $attrVal));
|
|
$valVal = empty($_POST['val_' . $i]) ? '' : $_POST['val_' . $i];
|
|
$container->addElement(new htmlInputField('val_' . $i, $valVal), true);
|
|
// check input
|
|
if (($selOp == ADD) && !empty($attrVal) && empty($valVal)) {
|
|
$errors[] = new htmlStatusMessage('ERROR', _('Please enter a value to add.'), htmlspecialchars($attrVal));
|
|
}
|
|
if (($selOp == MOD) && !empty($attrVal) && empty($valVal)) {
|
|
$errors[] = new htmlStatusMessage('ERROR', _('Please enter a value to modify.'), htmlspecialchars($attrVal));
|
|
}
|
|
}
|
|
// add more fields
|
|
$container->addVerticalSpace('5px');
|
|
$container->addElement(new htmlButton('addFields', _('Add more fields')));
|
|
$container->addElement(new htmlHiddenInput('opcount', $opCount), true);
|
|
// error messages
|
|
if (sizeof($errors) > 0) {
|
|
$container->addVerticalSpace('20px');
|
|
foreach ($errors as $error) {
|
|
$error->colspan = 5;
|
|
$container->addElement($error, true);
|
|
}
|
|
}
|
|
// action buttons
|
|
$container->addVerticalSpace('20px');
|
|
$buttonGroup = new htmlGroup();
|
|
$buttonGroup->colspan = 3;
|
|
$dryRunButton = new htmlButton('dryRun', _('Dry run'));
|
|
$dryRunButton->setIconClass('dryRunButton');
|
|
$buttonGroup->addElement($dryRunButton);
|
|
$buttonGroup->addElement(new htmlSpacer('10px', null));
|
|
$applyButton = new htmlButton('applyChanges', _('Apply changes'));
|
|
$applyButton->setIconClass('saveButton');
|
|
$buttonGroup->addElement($applyButton);
|
|
$container->addElement($buttonGroup, true);
|
|
$container->addVerticalSpace('10px');
|
|
|
|
// run actions
|
|
if ((sizeof($errors) == 0) && (isset($_POST['dryRun']) || isset($_POST['applyChanges']))) {
|
|
runActions($container);
|
|
}
|
|
|
|
addSecurityTokenToMetaHTML($container);
|
|
|
|
parseHtml(null, $container, array(), false, $tabindex, 'user');
|
|
echo ("</form>\n");
|
|
echo '</div>';
|
|
include 'main_footer.php';
|
|
}
|
|
|
|
/**
|
|
* Runs the dry run and change actions.
|
|
*
|
|
* @param htmlTable $container container
|
|
*/
|
|
function runActions(&$container) {
|
|
// LDAP suffix
|
|
if ($_POST['suffix'] == '-') {
|
|
$suffix = trim($_POST['otherSuffix']);
|
|
}
|
|
else {
|
|
$suffix = $_POST['suffix'];
|
|
}
|
|
if (empty($suffix)) {
|
|
$error = new htmlStatusMessage('ERROR', _('LDAP Suffix is invalid!'));
|
|
$error->colspan = 5;
|
|
$container->addElement($error);
|
|
return;
|
|
}
|
|
// LDAP filter
|
|
$filter = trim($_POST['filter']);
|
|
// operations
|
|
$operations = array();
|
|
for ($i = 0; $i < $_POST['opcount']; $i++) {
|
|
if (!empty($_POST['attr_' . $i])) {
|
|
$operations[] = array($_POST['op_' . $i], strtolower(trim($_POST['attr_' . $i])), trim($_POST['val_' . $i]));
|
|
}
|
|
}
|
|
if (sizeof($operations) == 0) {
|
|
$error = new htmlStatusMessage('ERROR', _('Please specify at least one operation.'));
|
|
$error->colspan = 5;
|
|
$container->addElement($error);
|
|
return;
|
|
}
|
|
$_SESSION['multiEdit_suffix'] = $suffix;
|
|
$_SESSION['multiEdit_filter'] = $filter;
|
|
$_SESSION['multiEdit_operations'] = $operations;
|
|
$_SESSION['multiEdit_status'] = array('stage' => STAGE_START);
|
|
$_SESSION['multiEdit_dryRun'] = isset($_POST['dryRun']);
|
|
// disable all input elements
|
|
$jsContent = '
|
|
jQuery(\'input\').attr(\'disabled\', true);
|
|
jQuery(\'select\').attr(\'disabled\', true);
|
|
jQuery(\'button\').attr(\'disabled\', true);
|
|
';
|
|
$container->addElement(new htmlJavaScript($jsContent), true);
|
|
// progress area
|
|
$container->addElement(new htmlSubTitle(_('Progress')), true);
|
|
$progressBarDiv = new htmlDiv('progressBar', '');
|
|
$progressBarDiv->colspan = 5;
|
|
$container->addElement($progressBarDiv, true);
|
|
$progressDiv = new htmlDiv('progressArea', '');
|
|
$progressDiv->colspan = 5;
|
|
$container->addElement($progressDiv, true);
|
|
// JS block for AJAX status update
|
|
$ajaxBlock = '
|
|
jQuery.get(\'multiEdit.php?ajaxStatus\', null, function(data) {handleReply(data);}, \'json\');
|
|
|
|
function handleReply(data) {
|
|
jQuery(\'#progressBar\').progressbar({value: data.progress, max: 120});
|
|
jQuery(\'#progressArea\').html(data.content);
|
|
if (data.status != "finished") {
|
|
jQuery.get(\'multiEdit.php?ajaxStatus\', null, function(data) {handleReply(data);}, \'json\');
|
|
}
|
|
else {
|
|
jQuery(\'input\').removeAttr(\'disabled\');
|
|
jQuery(\'select\').removeAttr(\'disabled\');
|
|
jQuery(\'button\').removeAttr(\'disabled\');
|
|
jQuery(\'#progressBar\').hide();
|
|
}
|
|
}
|
|
';
|
|
$container->addElement(new htmlJavaScript($ajaxBlock), true);
|
|
}
|
|
|
|
/**
|
|
* Performs the modify operations.
|
|
*/
|
|
function runAjaxActions() {
|
|
$jsonReturn = array(
|
|
'status' => STAGE_START,
|
|
'progress' => 0,
|
|
'content' => ''
|
|
);
|
|
switch ($_SESSION['multiEdit_status']['stage']) {
|
|
case STAGE_START:
|
|
$jsonReturn = readLDAPData();
|
|
break;
|
|
case STAGE_READ_FINISHED:
|
|
$jsonReturn = generateActions();
|
|
break;
|
|
case STAGE_ACTIONS_CALCULATED:
|
|
case STAGE_WRITING:
|
|
if ($_SESSION['multiEdit_dryRun']) {
|
|
$jsonReturn = dryRun();
|
|
}
|
|
else {
|
|
$jsonReturn = doModify();
|
|
}
|
|
break;
|
|
}
|
|
echo json_encode($jsonReturn);
|
|
}
|
|
|
|
/**
|
|
* Reads the LDAP entries from the directory.
|
|
*
|
|
* @return array status
|
|
*/
|
|
function readLDAPData() {
|
|
$suffix = $_SESSION['multiEdit_suffix'];
|
|
$filter = $_SESSION['multiEdit_filter'];
|
|
if (empty($filter)) {
|
|
$filter = '(objectClass=*)';
|
|
}
|
|
$operations = $_SESSION['multiEdit_operations'];
|
|
$attributes = array();
|
|
foreach ($operations as $op) {
|
|
if (!in_array(strtolower($op[1]), $attributes)) {
|
|
$attributes[] = strtolower($op[1]);
|
|
}
|
|
}
|
|
// run LDAP query
|
|
$results = searchLDAP($suffix, $filter, $attributes);
|
|
// print error message if no data returned
|
|
if (empty($results)) {
|
|
$code = ldap_errno($_SESSION['ldap']->server());
|
|
if ($code !== 0) {
|
|
$msg = new htmlStatusMessage('ERROR', _('Encountered an error while performing search.'), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
|
}
|
|
else {
|
|
$msg = new htmlStatusMessage('ERROR', _('No objects found!'));
|
|
}
|
|
$content = getMessageHTML($msg);
|
|
return array(
|
|
'status' => STAGE_FINISHED,
|
|
'progress' => 120,
|
|
'content' => $content
|
|
);
|
|
}
|
|
// save LDAP data
|
|
$_SESSION['multiEdit_status']['entries'] = $results;
|
|
$_SESSION['multiEdit_status']['stage'] = STAGE_READ_FINISHED;
|
|
return array(
|
|
'status' => STAGE_READ_FINISHED,
|
|
'progress' => 10,
|
|
'content' => ''
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Generates the required actions based on the read LDAP data.
|
|
*
|
|
* @return array status
|
|
*/
|
|
function generateActions() {
|
|
$actions = array();
|
|
foreach ($_SESSION['multiEdit_status']['entries'] as $entry) {
|
|
$dn = $entry['dn'];
|
|
foreach ($_SESSION['multiEdit_operations'] as $op) {
|
|
$opType = $op[0];
|
|
$attr = $op[1];
|
|
$val = $op[2];
|
|
switch ($opType) {
|
|
case ADD:
|
|
if (empty($entry[$attr]) || !in_array_ignore_case($val, $entry[$attr])) {
|
|
$actions[] = array(ADD, $dn, $attr, $val);
|
|
}
|
|
break;
|
|
case MOD:
|
|
if (empty($entry[$attr])) {
|
|
// attribute not yet exists, add it
|
|
$actions[] = array(ADD, $dn, $attr, $val);
|
|
}
|
|
elseif (!empty($entry[$attr]) && !in_array_ignore_case($val, $entry[$attr])) {
|
|
// attribute exists and value is not included, replace old values
|
|
$actions[] = array(MOD, $dn, $attr, $val);
|
|
}
|
|
break;
|
|
case DEL:
|
|
if (empty($val) && !empty($entry[$attr])) {
|
|
$actions[] = array(DEL, $dn, $attr, null);
|
|
}
|
|
elseif (!empty($val) && in_array($val, $entry[$attr])) {
|
|
$actions[] = array(DEL, $dn, $attr, $val);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
// save actions
|
|
$_SESSION['multiEdit_status']['actions'] = $actions;
|
|
$_SESSION['multiEdit_status']['stage'] = STAGE_ACTIONS_CALCULATED;
|
|
return array(
|
|
'status' => STAGE_ACTIONS_CALCULATED,
|
|
'progress' => 20,
|
|
'content' => ''
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Prints the dryRun output.
|
|
*
|
|
* @return array status
|
|
*/
|
|
function dryRun() {
|
|
$pro = isLAMProVersion() ? ' Pro' : '';
|
|
$ldif = '# LDAP Account Manager' . $pro . ' ' . LAMVersion() . "\n\nversion: 1\n\n";
|
|
$log = '';
|
|
// fill LDIF and log file
|
|
$lastDN = '';
|
|
foreach ($_SESSION['multiEdit_status']['actions'] as $action) {
|
|
$opType = $action[0];
|
|
$dn = $action[1];
|
|
$attr = $action[2];
|
|
$val = $action[3];
|
|
if ($lastDN != $dn) {
|
|
if ($lastDN != '') {
|
|
$log .= "\r\n";
|
|
}
|
|
$lastDN = $dn;
|
|
$log .= $dn . "\r\n";
|
|
}
|
|
if ($lastDN != '') {
|
|
$ldif .= "\n";
|
|
}
|
|
$ldif .= 'dn: ' . $dn . "\n";
|
|
$ldif .= 'changetype: modify' . "\n";
|
|
switch ($opType) {
|
|
case ADD:
|
|
$log .= '+' . $attr . '=' . $val . "\r\n";
|
|
$ldif .= 'add: ' . $attr . "\n";
|
|
$ldif .= $attr . ': ' . $val . "\n";
|
|
break;
|
|
case DEL:
|
|
$ldif .= 'delete: ' . $attr . "\n";
|
|
if (empty($val)) {
|
|
$log .= '-' . $attr . "\r\n";
|
|
}
|
|
else {
|
|
$log .= '-' . $attr . '=' . $val . "\r\n";
|
|
$ldif .= $attr . ': ' . $val . "\n";
|
|
}
|
|
break;
|
|
case MOD:
|
|
$log .= '*' . $attr . '=' . $val . "\r\n";
|
|
$ldif .= 'replace: ' . $attr . "\n";
|
|
$ldif .= $attr . ': ' . $val . "\n";
|
|
break;
|
|
}
|
|
}
|
|
// build meta HTML
|
|
$container = new htmlTable();
|
|
$container->addElement(new htmlOutputText(_('Dry run finished.')), true);
|
|
$container->addVerticalSpace('20px');
|
|
// store LDIF
|
|
$filename = 'ldif' . getRandomNumber() . '.ldif';
|
|
$out = @fopen(dirname(__FILE__) . '/../tmp/' . $filename, "wb");
|
|
fwrite($out, $ldif);
|
|
$container->addElement(new htmlOutputText(_('LDIF file')), true);
|
|
$ldifLink = new htmlLink($filename, '../tmp/' . $filename);
|
|
$ldifLink->setTargetWindow('_blank');
|
|
$container->addElement($ldifLink, true);
|
|
$container->addVerticalSpace('20px');
|
|
$container->addElement(new htmlOutputText(_('Log output')), true);
|
|
$container->addElement(new htmlInputTextarea('log', $log, 100, 30), true);
|
|
// generate HTML
|
|
fclose ($out);
|
|
ob_start();
|
|
$tabindex = 1;
|
|
parseHtml(null, $container, array(), true, $tabindex, 'user');
|
|
$content = ob_get_contents();
|
|
ob_end_clean();
|
|
return array(
|
|
'status' => STAGE_FINISHED,
|
|
'progress' => 120,
|
|
'content' => $content
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Runs the actual modifications.
|
|
*
|
|
* @return array status
|
|
*/
|
|
function doModify() {
|
|
// initial action index
|
|
if (!isset($_SESSION['multiEdit_status']['index'])) {
|
|
$_SESSION['multiEdit_status']['index'] = 0;
|
|
}
|
|
// initial content
|
|
if (!isset($_SESSION['multiEdit_status']['modContent'])) {
|
|
$_SESSION['multiEdit_status']['modContent'] = '';
|
|
}
|
|
// run 10 modifications in each call
|
|
$localCount = 0;
|
|
while (($localCount < 10) && ($_SESSION['multiEdit_status']['index'] < sizeof($_SESSION['multiEdit_status']['actions']))) {
|
|
$action = $_SESSION['multiEdit_status']['actions'][$_SESSION['multiEdit_status']['index']];
|
|
$opType = $action[0];
|
|
$dn = $action[1];
|
|
$attr = $action[2];
|
|
$val = $action[3];
|
|
$_SESSION['multiEdit_status']['modContent'] .= htmlspecialchars($dn) . "<br>";
|
|
// run LDAP commands
|
|
$success = false;
|
|
switch ($opType) {
|
|
case ADD:
|
|
$success = @ldap_mod_add($_SESSION['ldap']->server(), $dn, array($attr => array($val)));
|
|
break;
|
|
case DEL:
|
|
if (empty($val)) {
|
|
$success = ldap_modify($_SESSION['ldap']->server(), $dn, array($attr => array()));
|
|
}
|
|
else {
|
|
$success = ldap_mod_del($_SESSION['ldap']->server(), $dn, array($attr => array($val)));
|
|
}
|
|
break;
|
|
case MOD:
|
|
$success = ldap_modify($_SESSION['ldap']->server(), $dn, array($attr => array($val)));
|
|
break;
|
|
}
|
|
if (!$success) {
|
|
$msg = new htmlStatusMessage('ERROR', getDefaultLDAPErrorString($_SESSION['ldap']->server()));
|
|
$_SESSION['multiEdit_status']['modContent'] .= getMessageHTML($msg);
|
|
}
|
|
$localCount++;
|
|
$_SESSION['multiEdit_status']['index']++;
|
|
}
|
|
// check if finished
|
|
if ($_SESSION['multiEdit_status']['index'] == sizeof($_SESSION['multiEdit_status']['actions'])) {
|
|
$_SESSION['multiEdit_status']['modContent'] .= '<br><br>' . _('Finished all operations.');
|
|
return array(
|
|
'status' => STAGE_FINISHED,
|
|
'progress' => 120,
|
|
'content' => $_SESSION['multiEdit_status']['modContent']
|
|
);
|
|
}
|
|
// return current status
|
|
return array(
|
|
'status' => STAGE_WRITING,
|
|
'progress' => 20 + (($_SESSION['multiEdit_status']['index'] / sizeof($_SESSION['multiEdit_status']['actions'])) * 100),
|
|
'content' => $_SESSION['multiEdit_status']['modContent']
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Returns the HTML code for a htmlStatusMessage
|
|
*
|
|
* @param htmlStatusMessage $msg message
|
|
* @return String HTML code
|
|
*/
|
|
function getMessageHTML($msg) {
|
|
$tabindex = 0;
|
|
ob_start();
|
|
parseHtml(null, $msg, array(), true, $tabindex, 'user');
|
|
$content = ob_get_contents();
|
|
ob_end_clean();
|
|
return $content;
|
|
}
|