1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2004-2005 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 class sambaAccount extends plugin
22 {
23 /* Definitions */
24 var $plHeadline= "Samba";
25 var $plDescription= "This does something";
26 var $view_logged = FALSE;
28 // Domaind information, gid, sid, rid
29 var $uid= "";
30 var $uidNumber= 65535;
31 var $gidNumber= 65535;
32 var $SID= "";
33 var $ridBase= 0;
34 var $sambaSID= "";
35 var $orig_sambaDomainName= "";
36 var $sambaDomainName= "";
38 // Some of these attributes are just used to
39 // display the domain information dialog, and
40 // thus not writte back to the ldap.
41 var $sambaBadPasswordCount= "";
42 var $sambaBadPasswordTime= "";
43 var $sambaPasswordHistory= "";
44 var $sambaLogonHours= "";
45 var $sambaPwdLastSet= "0";
46 var $sambaLogonTime= "0";
47 var $sambaLogoffTime= "2147483647";
48 var $sambaKickoffTime= "2147483647";
49 var $sambaPwdCanChange= "";
50 var $sambaPwdMustChange= "0";
52 // Flags (checkboxes) to restrict account settings.
53 var $sambaAcctFlags= "[UX ]";
54 var $flag_enforcePasswordChange = FALSE;
55 var $flag_passwordNeverExpires = FALSE;
56 var $flag_noPasswordRequired = FALSE;
57 var $flag_temporaryDisabled = FALSE;
58 var $flag_cannotChangePassword = FALSE;
60 // String values
61 var $sambaHomePath= "";
62 var $sambaHomeDrive= "";
63 var $sambaLogonScript= "";
64 var $sambaProfilePath= "";
65 var $sambaPrimaryGroupSID= "";
66 var $sambaUserWorkstations= "";
68 // Munged object.
69 var $sambaMungedDial= "";
70 var $mungedObject;
72 /* Helper */
73 var $cache = array();
74 var $trustSelect= FALSE;
76 /* attribute list for save action */
77 var $ctxattributes= array();
78 var $attributes= array("sambaSID", "sambaPwdLastSet", "sambaLogonTime",
79 "sambaLogoffTime", "sambaKickoffTime", "sambaPwdCanChange",
80 "sambaPwdMustChange", "sambaAcctFlags", "uid", "sambaMungedDial",
81 "sambaHomePath", "sambaHomeDrive", "sambaLogonScript",
82 "sambaProfilePath", "sambaPrimaryGroupSID", "sambaDomainName",
83 "sambaUserWorkstations", "sambaPasswordHistory",
84 "sambaLogonHours", "sambaBadPasswordTime",
85 "sambaBadPasswordCount");
86 var $objectclasses= array('sambaSamAccount');
88 var $CopyPasteVars = array("mungedObject","orig_sambaDomainName");
90 var $multiple_support = TRUE;
91 var $multiple_sambaUserWorkstations = array();
94 function sambaAccount (&$config, $dn= NULL)
95 {
97 plugin::plugin ($config, $dn);
99 // Set current uid if possible.
100 if(isset($this->attrs['uid'][0])){
101 $this->uid = $this->attrs['uid'][0];
102 }
104 // Get samba domain and its sid/rid base
105 if ($this->sambaSID != ""){
106 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
107 $ldap= $this->config->get_ldap_link();
108 $ldap->cd($this->config->current['BASE']);
109 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase","sambaDomainName"));
110 if ($ldap->count() != 0){
111 $attrs= $ldap->fetch();
112 if(isset($attrs['sambaAlgorithmicRidBase'])){
113 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
114 } else {
115 $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
116 }
117 if ($this->sambaDomainName == ""){
118 $this->sambaDomainName= $attrs['sambaDomainName'][0];
119 }
120 } else {
122 // Fall back to a 'DEFAULT' domain, if none was found in LDAP.
123 if ($this->sambaDomainName == "") $this->sambaDomainName= "DEFAULT";
125 // Nothing in ldap, use configured sid and rid values.
126 $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
127 $this->SID= $this->config->get_cfg_value("sambaSid");
128 }
129 }
131 // Keep original domain name and plugin status, to be able to detect modifications.
132 $this->orig_sambaDomainName= $this->sambaDomainName;
133 $this->initially_was_account= $this->is_account;
135 // Instantiate munged object and load info.
136 $this->mungedObject= new sambaMungedDial;
137 $this->ctxattributes= $this->mungedObject->ctxattributes;
138 if (isset($this->attrs['sambaMungedDial'])){
139 $this->mungedObject->load($this->sambaMungedDial);
140 }
143 // Samba flag description
144 // ----------------------
145 // The Official Samba 3.2.x HOWTO and Reference Guide
146 // Jelmer R. Vernooij, John H. Terpstra, and Gerald (Jerry) Carter
147 // May 27, 2009
148 // ----------------------
149 // D - Account is disabled.
150 // H - A home directory is required.
151 // I - An inter-domain trust account.
152 // L - Account has been auto-locked.
153 // M - An MNS (Microsoft network service) logon account.
154 // N - Password not required.
155 // S - A server trust account.
156 // T - Temporary duplicate account entry.
157 // U - A normal user account.
158 // W - A workstation trust account.
159 // X - Password does not expire.
161 // sambaPwdCanChange
162 // _______________
163 // Specifies the time (UNIX time format) after which the user is allowed to change his password.
164 // If this attribute is not set, the user will be free to change his password whenever he wants.
166 // sambaPwdLastSet
167 // _______________
168 // The integer time in seconds since 1970 when the sambaLMPassword and sambaNTPassword attributes were last set.
170 // sambaPwdMustChange
171 // _______________
172 // Specifies the time (UNIX time format) when the user is forced to change his password. If this
173 // value is set to 0, the user will have to change his password at first login. If this attribute is not
174 // set, then the password will never expire.
177 // A password change is enforced by using a timestamp in sambaPwdMustChange.
178 // We simple set it to '0' to enforce a change.
179 // --------------------------------
180 // Normally it contains a timestamp, which specifies and expiration date.
181 $this->flag_enforcePasswordChange = (isset($this->attrs['sambaPwdMustChange']) && $this->attrs['sambaPwdMustChange'][0] == '0');
183 // A user cannot change his password until the given timestamp has reached.
184 // We simply set it to max int to disallow a password change till the timestamp reaches 4294967295,
185 // this is definitly far in the future and thus disallows a password change at all.
186 // --------------------------------
187 // The user is not able to change his password while sambaPwdCanChange is 4294967295 (Integer 32 Bit max)
188 $this->flag_cannotChangePassword = (isset($this->attrs['sambaPwdCanChange']) && $this->attrs['sambaPwdCanChange'][0] == '4294967295');
190 // A password never expires if 'sambaAcctFlags' contains 'X'.
191 // (See flags above for details)
192 $this->flag_passwordNeverExpires = preg_match("/X/i", $this->sambaAcctFlags);
194 // A password is NOT required if 'sambaAcctFlags' contains 'N'.
195 // (See flags above for details)
196 $this->flag_noPasswordRequired = preg_match("/N/i", $this->sambaAcctFlags);
198 // A account is locked if if 'sambaAcctFlags' contains 'L' or 'D'.
199 // (See flags above for details)
200 $this->flag_temporaryDisabled = preg_match("/L/i", $this->sambaAcctFlags) ||
201 preg_match("/D/i", $this->sambaAcctFlags);
202 }
204 function execute()
205 {
206 /* Call parent execute */
207 plugin::execute();
209 /* Log view */
210 if($this->is_account && !$this->view_logged){
211 $this->view_logged = TRUE;
212 new log("view","users/".get_class($this),$this->dn);
213 }
215 /* Do we need to flip is_account state? */
216 if (isset($_POST['modify_state'])){
217 $this->is_account= !$this->is_account;
218 }
219 /* Do we represent a valid account? */
220 if (!$this->is_account && $this->parent === NULL){
221 $display= "<img alt=\"\"src=\"images/small-error.png\" align=\"middle\"> <b>".
222 msgPool::noValidExtension(_("Samba"))."</b>";
223 $display.= back_to_main();
224 return ($display);
225 }
227 $display ="";
228 if(!$this->multiple_support_active){
230 // Show tab heades to activate and deactivate the samba extension.
231 $display= "";
232 if ($this->parent !== NULL){
233 if ($this->is_account){
234 $display= $this->show_disable_header(msgPool::removeFeaturesButton(_("Samba")),
235 msgPool::featuresEnabled(_("Samba")));
236 } else {
238 // Samba3 dependency on posix accounts are enabled in the moment, because I need to rely on unique
239 // uidNumbers. There'll be a better solution later on.
240 $obj= $this->parent->by_object['posixAccount'];
241 if ($obj->is_account){
242 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
243 msgPool::featuresDisabled(_("Samba")));
244 } else {
245 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
246 msgPool::featuresDisabled(_("Samba"), _("POSIX")), TRUE);
247 }
248 return ($display);
249 }
250 }
251 }
253 // Editing from the MyAccount/Personal section may be disabled until we've pressed the 'edit' button.
254 $SkipWrite = (!isset($this->parent) || !$this->parent) && !session::is_set('edit');
257 // Handle the samba logon hours dialog here, instantiate it on request.
258 if(isset($_POST['SetSambaLogonHours']) && $this->acl_is_readable("sambaLogonHours")){
259 $this->dialog = new sambaLogonHours($this->config,$this->dn,$this->sambaLogonHours, $this->getacl('sambaLogonHours'));
260 }
261 if(isset($_POST['cancel_logonHours'])){
262 $this->dialog = FALSE;
263 }
264 if(isset($_POST['save_logonHours'])){
265 $this->dialog->save_object();
266 if($this->acl_is_writeable("sambaLogonHours")){
267 $this->sambaLogonHours = $this->dialog->save();
268 }
269 $this->dialog = FALSE;
270 }
271 if((isset($this->dialog)) && (is_object($this->dialog))){
272 $this->dialog->save_object();
273 return($this->dialog->execute());
274 }
277 // Get smarty
278 $smarty= get_smarty();
279 $smarty->assign("usePrototype", "true");
281 // Assign GOsa ACLs
282 $tmp = $this->plInfo();
283 foreach($tmp['plProvidedAcls'] as $var => $rest){
284 $smarty->assign($var."ACL",$this->getacl($var,$SkipWrite));
285 }
287 if(!session::is_set('edit') && !isset($this->parent)){
288 $smarty->assign("sambaLogonHoursACL","");
289 }
292 // Handle workstation list - Remove entries.
293 if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
294 if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){
295 if($this->multiple_support_active){
296 foreach($_POST['workstation_list'] as $name){
297 if(isset($this->multiple_sambaUserWorkstations[trim($name)])){
298 unset($this->multiple_sambaUserWorkstations[trim($name)]);
299 }
300 }
301 }else{
302 $tmp= $this->sambaUserWorkstations;
303 foreach($_POST['workstation_list'] as $name){
304 $tmp= preg_replace("/$name/", '', $tmp);
305 $this->is_modified= TRUE;
306 }
307 $tmp= preg_replace('/,+/', ',', $tmp);
308 $this->sambaUserWorkstations= trim($tmp, ',');
309 }
310 }
311 }
313 // Handle trust maschines/accessTo list
314 if (isset($_POST["add_ws"])){
315 if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){
316 $this->trustSelect= new trustSelect($this->config,get_userinfo());
317 $this->dialog= TRUE;
318 }
319 }
321 // Dialog canceled
322 if (isset($_POST["add_ws_cancel"])){
323 $this->trustSelect= FALSE;
324 $this->dialog= FALSE;
325 }
327 // Add selected machines to trusted ones.
328 if (isset($_POST["add_ws_finish"]) && $this->trustSelect){
329 $trusts = $this->trustSelect->detectPostActions();
330 if(isset($trusts['targets'])){
331 $headpage = $this->trustSelect->getHeadpage();
332 if($this->multiple_support_active){
333 foreach($trusts['targets'] as $id){
334 $attrs = $headpage->getEntry($id);
335 $we =$attrs['cn'][0];
336 $this->multiple_sambaUserWorkstations[trim($we)] = array("Name" => trim($ws), "UsedByAllUsers" => TRUE);
337 }
338 }else{
340 $tmp= $this->sambaUserWorkstations;
341 foreach($trusts['targets'] as $id){
342 $attrs = $headpage->getEntry($id);
343 $we =$attrs['cn'][0];
344 $tmp.= ",$we";
345 }
346 $tmp= preg_replace('/,+/', ',', $tmp);
347 $this->sambaUserWorkstations= trim($tmp, ',');
348 }
350 $this->is_modified= TRUE;
351 }
352 $this->trustSelect= NULL;
353 $this->dialog= FALSE;
354 }
356 // Display trust dialog
357 if ($this->trustSelect){
358 session::set('filterBlacklist', array('cn' => preg_split('/,/',$this->sambaUserWorkstations)));
359 return($this->trustSelect->execute());
360 }
363 // Fill domain selection.
364 $domains= array_keys($this->config->data['SERVERS']['SAMBA']);
365 $smarty->assign("domains", $domains);
367 // Fill drive letters.
368 $letters= array("");
369 for ($i= 68; $i<91; $i++){
370 $letters[]= chr($i).":";
371 }
372 $smarty->assign("drives", $letters);
375 // Fill terminal server setttings
376 foreach ($this->ctxattributes as $attr){
377 if (isset($this->mungedObject->ctx[$attr])){
378 $smarty->assign("$attr", $this->mungedObject->ctx[$attr]);
380 // Set field to blank if value is 0
381 if(in_array($attr, array("CtxMaxConnectionTime", "CtxMaxDisconnectionTime", "CtxMaxIdleTime"))) {
382 if($this->mungedObject->ctx[$attr] == 0) {
383 $smarty->assign("$attr", "");
384 }
385 }
386 } else {
387 $smarty->assign("$attr", "");
388 }
389 }
391 // Assign enum values for preset items.
392 $shadowModeVals= array(
393 "0" => _("disabled"),
394 "1" => _("input on, notify on"),
395 "2" => _("input on, notify off"),
396 "3" => _("input off, notify on"),
397 "4" => _("input off, nofify off"));
398 $brokenConnModeVals= array(
399 "0" => _("disconnect"),
400 "1" => _("reset"));
401 $reConnModeVals= array( "0" => _("from any client"),
402 "1" => _("from previous client only"));
403 $smarty->assign("shadow", $shadowModeVals);
404 $smarty->assign("brokenconn", $brokenConnModeVals);
405 $smarty->assign("reconn", $reConnModeVals);
407 // Fill preset items with values
408 $smarty->assign("shadowmode", $this->mungedObject->getShadow());
409 $smarty->assign("brokenconnmode", $this->mungedObject->getBrokenConn());
410 $smarty->assign("reconnmode", $this->mungedObject->getReConn());
413 // Set form elements to disabled/enable state
414 $smarty->assign("tsloginstate", $this->mungedObject->getTsLogin()?"":"disabled");
415 $smarty->assign("inheritstate", "");
416 if($this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)){
417 $smarty->assign("inheritstate", $this->mungedObject->getInheritMode()?"disabled":"");
418 }
420 // Set checkboxes to checked or unchecked state
421 $smarty->assign("tslogin", $this->mungedObject->getTsLogin()?"checked":"");
422 $smarty->assign("inherit", $this->mungedObject->getInheritMode()?"checked":"");
423 $smarty->assign("connectclientdrives",
424 $this->mungedObject->getConnectClientDrives()?"checked":"");
425 $smarty->assign("connectclientprinters",
426 $this->mungedObject->getConnectClientPrinters()?"checked":"");
427 $smarty->assign("defaultprinter",
428 $this->mungedObject->getDefaultPrinter()?"checked":"");
429 $smarty->assign("CtxMaxConnectionTimeF",
430 $this->mungedObject->getCtxMaxConnectionTimeF()?"checked":"");
431 $smarty->assign("CtxMaxDisconnectionTimeF",
432 $this->mungedObject->getCtxMaxDisconnectionTimeF()?"checked":"");
433 $smarty->assign("CtxMaxIdleTimeF",
434 $this->mungedObject->getCtxMaxIdleTimeF()?"checked":"");
437 // Fill sambaUserWorkstations
438 $ws= explode(",", $this->sambaUserWorkstations);
439 sort($ws);
441 // Tidy checks for empty option, and smarty will produce one if array[0]=""
442 if(($ws[0]=="")&&(count($ws)==1)) $ws=array();
443 if($this->multiple_support_active){
444 $smarty->assign("multiple_workstations",$this->multiple_sambaUserWorkstations);
445 }
446 $smarty->assign("workstations", $ws);
449 // Assign plugin values
450 foreach($this->attributes as $val){
451 $smarty->assign("$val", $this->$val);
452 }
454 // Assign munged attributes
455 foreach($this->mungedObject->getOnDemandFlags() as $key => $value) {
456 $smarty->assign("$key", "$value");
457 }
459 // Assign selected multi edit checkbox values.
460 foreach($this->attributes as $attr){
461 if(in_array($attr,$this->multi_boxes)){
462 $smarty->assign("use_".$attr,TRUE);
463 }else{
464 $smarty->assign("use_".$attr,FALSE);
465 }
466 }
467 foreach(array("tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
468 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF",
469 "CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
470 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
471 "onnectclientprinters","defaultprinter","shadow","brokenconn",
472 "reconn","connectclientprinters","SetSambaLogonHours",
473 "workstation_list",
474 "enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
475 "temporaryDisabled","cannotChangePassword") as $attr){
477 if(in_array($attr,$this->multi_boxes)){
478 $smarty->assign("use_".$attr,TRUE);
479 }else{
480 $smarty->assign("use_".$attr,FALSE);
481 }
482 }
484 if($this->multiple_support_active){
485 $smarty->assign("tsloginstate","");
486 }
488 // Create additional info for sambaKickOffTime and sambaPwdMustChange.
489 // e.g. Display effective kickoff time. Domain policy + user settings.
490 $additional_info_PwdMustChange = "";
492 // Calculate effective max Password Age
493 // This can only be calculated if sambaPwdLastSet ist set.
494 if(isset($this->attrs['sambaPwdLastSet'][0])){
495 $last = $this->attrs['sambaPwdLastSet'][0];
496 $sid = $this->get_domain_info();
497 if(isset($sid['sambaMaxPwdAge'][0])){
498 $d = ($last + $sid['sambaMaxPwdAge'][0]) - time();
500 // A negative value means the password is outdated
501 if($d < 0){
502 $additional_info_PwdMustChange = sprintf(_("The password is outdated since %s, by domain policy."),
503 date("d.m.Y H:i:s",$last + $sid['sambaMaxPwdAge'][0]));
504 }else{
505 if($this->password_expires && ($last + $sid['sambaMaxPwdAge'][0]) > $this->sambaPwdMustChange){
506 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by user policy."),
507 date("d.m.Y H:i:s", $this->sambaPwdMustChange));
508 }else{
509 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by domain policy."),
510 date("d.m.Y H:i:s", ($last + $sid['sambaMaxPwdAge'][0])));
511 }
512 }
513 }
514 }
516 // Assign flags
517 foreach(array("flag_enforcePasswordChange", "flag_passwordNeverExpires", "flag_noPasswordRequired",
518 "flag_temporaryDisabled","flag_cannotChangePassword") as $attr){
519 $smarty->assign($attr, $this->$attr);
520 }
522 $smarty->assign("additional_info_PwdMustChange",$additional_info_PwdMustChange);
523 $smarty->assign("multiple_support",$this->multiple_support_active);
524 $display.= $smarty->fetch (get_template_path('samba3.tpl', TRUE, dirname(__FILE__)));
525 return ($display);
526 }
529 /*! \brief Returns the samba Domain object, selected in the samba tab.
530 */
531 function get_domain_info()
532 {
533 /* Only search once, return last result if available
534 */
535 if(!isset($this->cache['DOMAIN'][$this->sambaDomainName])){
536 $this->cache['DOMAIN'][$this->sambaDomainName] = array();
537 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
538 $cfg = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName];
539 $ldap = $this->config->get_ldap_link();
540 $ldap->cd($this->config->current['BASE']);
541 $ldap->search("(&(objectClass=sambaDomain)(sambaSID=".$cfg['SID']."))",array("*"));
542 if($ldap->count()){
543 $this->cache['DOMAIN'][$this->sambaDomainName] = $ldap->fetch();
544 }
545 }
546 }
547 return($this->cache['DOMAIN'][$this->sambaDomainName]);
548 }
552 function get_samba_information()
553 {
554 $zone = timezone::get_default_timezone();
556 /* Defaults
557 */
558 $sambaMinPwdLength = "unset";
559 $sambaPwdHistoryLength = "unset";
560 $sambaLogonToChgPwd = "unset";
561 $sambaMaxPwdAge = "unset";
562 $sambaMinPwdAge = "unset";
563 $sambaLockoutDuration = "unset";
564 $sambaLockoutThreshold = "unset";
565 $sambaForceLogoff = "unset";
566 $sambaRefuseMachinePwdChange = "unset";
567 $sambaPwdLastSet = "unset";
568 $sambaLogonTime = "unset";
569 $sambaLogoffTime = "unset";
571 $sambaKickoffTime = "unset";
572 $sambaPwdCanChange = "unset";
573 $sambaPwdMustChange = "unset";
574 $sambaBadPasswordCount = "unset";
575 $sambaBadPasswordTime = "unset";
577 /* Domain attributes
578 */
579 $domain_attributes = array("sambaMinPwdLength","sambaPwdHistoryLength","sambaMaxPwdAge",
580 "sambaMinPwdAge","sambaLockoutDuration","sambaRefuseMachinePwdChange",
581 "sambaLogonToChgPwd","sambaLockoutThreshold","sambaForceLogoff");
583 /* User attributes
584 */
585 $user_attributes = array("sambaBadPasswordTime","sambaPwdLastSet","sambaLogonTime","sambaLogoffTime",
586 "sambaKickoffTime","sambaPwdCanChange","sambaPwdMustChange","sambaBadPasswordCount", "sambaSID");
588 /* Get samba SID object and parse settings.
589 */
590 $ldap = $this->config->get_ldap_link();
591 $ldap->cd($this->config->current['BASE']);
592 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
593 $attrs = $this->get_domain_info();
594 foreach($domain_attributes as $attr){
595 if(isset($attrs[$attr])){
596 $$attr = $attrs[$attr][0];
597 }
598 }
599 }
601 /* Get user infos
602 */
603 foreach($user_attributes as $attr){
604 if(isset($this->attrs[$attr])){
605 $$attr = $this->attrs[$attr][0];
606 }
607 }
608 if($this->password_expires){
609 $sambaPwdMustChange = $this->sambaPwdMustChange;
610 } else {
611 if (is_numeric($sambaPwdMustChange)) {
612 $sambaPwdMustChange= date('d.m.Y', $sambaPwdMustChange);
613 }
614 }
615 if($this->kickoff_time_set){
616 $sambaKickoffTime = $this->sambaKickoffTime;
617 } else {
618 if (is_numeric($sambaKickoffTime)) {
619 $sambaKickoffTime= date('d.m.Y', $sambaKickoffTime);
620 }
621 }
622 $sambaPwdCanChange = $this->sambaPwdCanChange;
625 /* DOMAIN Attributes
626 */
628 /* sambaMinPwdLength: Password length has a default of 5
629 */
630 if($sambaMinPwdLength == "unset" || $sambaMinPwdLength == 5){
631 $sambaMinPwdLength = "5 <i>("._("default").")</i>";
632 }
634 /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
635 */
636 if($sambaPwdHistoryLength == "unset" || $sambaPwdHistoryLength == 0){
637 $sambaPwdHistoryLength = _("Off")." <i>("._("default").")</i>";
638 }
640 /* sambaLogonToChgPwd: Force Users to logon for password change (default: 0 => off, 2 => on)
641 */
642 if($sambaLogonToChgPwd == "unset" || $sambaLogonToChgPwd == 0){
643 $sambaLogonToChgPwd = _("Off")." <i>("._("default").")</i>";
644 }else{
645 $sambaLogonToChgPwd = _("On");
646 }
648 /* sambaMaxPwdAge: Maximum password age, in seconds (default: -1 => never expire passwords)'
649 */
650 if($sambaMaxPwdAge == "unset" || $sambaMaxPwdAge == "-1"){
651 $sambaMaxPwdAge = _("disabled")." <i>("._("default").")</i>";
652 }else{
653 $sambaMaxPwdAge .= " "._("seconds");
654 }
656 /* sambaMinPwdAge: Minimum password age, in seconds (default: 0 => allow immediate password change
657 */
658 if($sambaMinPwdAge == "unset" || $sambaMinPwdAge == 0){
659 $sambaMinPwdAge = _("disabled")." <i>("._("default").")</i>";
660 }else{
661 $sambaMinPwdAge .= " "._("seconds");
662 }
664 /* sambaLockoutDuration: Lockout duration in minutes (default: 30, -1 => forever)
665 */
666 if($sambaLockoutDuration == "unset" || $sambaLockoutDuration == 30){
667 $sambaLockoutDuration = "30 "._("minutes")." <i>("._("default").")</i>";
668 }elseif($sambaLockoutDuration == -1){
669 $sambaLockoutDuration = _("forever");
670 }else{
671 $sambaLockoutDuration .= " "._("minutes");
672 }
674 /* sambaLockoutThreshold: Lockout users after bad logon attempts (default: 0 => off
675 */
676 if($sambaLockoutThreshold == "unset" || $sambaLockoutThreshold == 0){
677 $sambaLockoutThreshold = _("disabled")." <i>("._("default").")</i>";
678 }
680 /* sambaForceLogoff: Disconnect Users outside logon hours (default: -1 => off, 0 => on
681 */
682 if($sambaForceLogoff == "unset" || $sambaForceLogoff == -1){
683 $sambaForceLogoff = _("off")." <i>("._("default").")</i>";
684 }else{
685 $sambaForceLogoff = _("on");
686 }
688 /* sambaRefuseMachinePwdChange: Allow Machine Password changes (default: 0 => off
689 */
690 if($sambaRefuseMachinePwdChange == "none" || $sambaRefuseMachinePwdChange == 0){
691 $sambaRefuseMachinePwdChange = _("off")." <i>("._("default").")</i>";
692 }else{
693 $sambaRefuseMachinePwdChange = _("on");
694 }
696 /* USER Attributes
697 */
698 /* sambaBadPasswordTime: Time of the last bad password attempt
699 */
700 if($sambaBadPasswordTime == "unset" || empty($sambaBadPasswordTime)){
701 $sambaBadPasswordTime = "<i>("._("unset").")</i>";
702 }else{
703 $sambaBadPasswordTime = date("d.m.Y H:i:s",$sambaBadPasswordTime);
704 }
706 /* sambaBadPasswordCount: Bad password attempt count
707 */
708 if($sambaBadPasswordCount == "unset" || empty($sambaBadPasswordCount)){
709 $sambaBadPasswordCount = "<i>("._("unset").")</i>";
710 }else{
711 $sambaBadPasswordCount = date("d.m.Y H:i:s",$sambaBadPasswordCount);
712 }
714 /* sambaPwdLastSet: Timestamp of the last password update
715 */
716 if($sambaPwdLastSet == "unset" || empty($sambaPwdLastSet)){
717 $sambaPwdLastSet = "<i>("._("unset").")</i>";
718 }else{
719 $sambaPwdLastSet = date("d.m.Y H:i:s",$sambaPwdLastSet);
720 }
722 /* sambaLogonTime: Timestamp of last logon
723 */
724 if($sambaLogonTime == "unset" || empty($sambaLogonTime)){
725 $sambaLogonTime = "<i>("._("unset").")</i>";
726 }else{
727 $sambaLogonTime = date("d.m.Y H:i:s",$sambaLogonTime);
728 }
730 /* sambaLogoffTime: Timestamp of last logoff
731 */
732 if($sambaLogoffTime == "unset" || empty($sambaLogoffTime)){
733 $sambaLogoffTime = "<i>("._("unset").")</i>";
734 }else{
735 $sambaLogoffTime = date("d.m.Y H:i:s",$sambaLogoffTime);
736 }
738 /* sambaKickoffTime: Timestamp of when the user will be logged off automatically
739 */
740 if($sambaKickoffTime == "unset" || empty($sambaKickoffTime)){
741 $sambaKickoffTime = "<i>("._("unset").")</i>";
742 }
744 /* sambaPwdMustChange: Timestamp of when the password will expire
745 */
746 if($sambaPwdMustChange == "unset" || empty($sambaPwdMustChange)){
747 $sambaPwdMustChange = "<i>("._("unset").")</i>";
748 }
750 /* sambaPwdCanChange: Timestamp of when the user is allowed to update the password
751 */
752 if($sambaPwdCanChange == "unset" || empty($sambaPwdCanChange)){
753 $sambaPwdCanChange = "<i>("._("unset").")</i>";
754 }elseif($sambaPwdCanChange != "unset" && time() > $sambaPwdCanChange){
755 $sambaPwdCanChange = _("immediately") ;
756 }else{
757 $days = floor((($sambaPwdCanChange - time()) / 60 / 60 / 24)) ;
758 $hours = floor((($sambaPwdCanChange - time()) / 60 / 60) % 24) ;
759 $minutes = floor((($sambaPwdCanChange - time()) / 60 ) % 60) ;
761 $sambaPwdCanChange = " ".$days." "._("days");
762 $sambaPwdCanChange.= " ".$hours." "._("hours");
763 $sambaPwdCanChange.= " ".$minutes." "._("minutes");
764 }
766 $str =
767 "\n<div style='height:200px; overflow: auto;'>".
768 "\n<table style='width:100%;'>".
769 "\n<tr><td><b>"._("Domain attributes")."</b></td></tr>".
770 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
771 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
772 "\n<tr><td>"._("Password history").": </td><td>".$sambaPwdHistoryLength."</td></tr>".
773 "\n<tr><td>"._("Force password change").": </td><td>".$sambaLogonToChgPwd."</td></tr>".
774 "\n<tr><td>"._("Maximum password age").": </td><td>".$sambaMaxPwdAge."</td></tr>".
775 "\n<tr><td>"._("Minimum password age").": </td><td>".$sambaMinPwdAge."</td></tr>".
776 "\n<tr><td>"._("Lockout duration").": </td><td>".$sambaLockoutDuration."</td></tr>".
777 "\n<tr><td>"._("Bad lockout attempt").": </td><td>".$sambaLockoutThreshold."</td></tr>".
778 "\n<tr><td>"._("Disconnect time").": </td><td>".$sambaForceLogoff."</td></tr>".
779 "\n<tr><td>"._("Refuse machine password change").":</td><td>".$sambaRefuseMachinePwdChange."</td></tr>".
780 "\n<tr><td> </td></tr>".
781 "\n<tr><td><b>"._("User attributes")."</b></td></tr>".
782 "\n<tr><td>"._("SID").": </td><td>".$sambaSID."</td></tr>".
783 "\n<tr><td>"._("Last failed login").": </td><td>".$sambaBadPasswordTime."</td></tr>".
784 "\n<tr><td>"._("Logon attempts").": </td><td>".$sambaBadPasswordCount."</td></tr>".
785 "\n<tr><td>"._("Last password update").": </td><td>".$sambaPwdLastSet."</td></tr>".
786 "\n<tr><td>"._("Last logon").": </td><td>".$sambaLogonTime."</td></tr>".
787 "\n<tr><td>"._("Last logoff").": </td><td>".$sambaLogoffTime."</td></tr>".
788 "\n<tr><td>"._("Automatic logoff").": </td><td>".$sambaKickoffTime."</td></tr>";
790 if($this->no_expiry){
791 $str .= "\n<tr><td>"._("Password expires").": </td><td>"._("No")."</td></tr>";
792 $str .= "\n<tr><td colspan='2'><font color='gray'>".
793 sprintf(_("The password would expire on %s, but the password expiry is disabled."),$sambaPwdMustChange).
794 "</font></td></tr>";
795 }else{
796 $str .= "\n<tr><td>"._("Password expires").": </td><td>".$sambaPwdMustChange."</td></tr>";
797 }
799 $str .= "\n<tr><td>"._("Password change available").": </td><td>".$sambaPwdCanChange."</td></tr>".
800 "\n</table>";
801 "\n</div>";
802 return($str);
803 }
806 function remove_from_parent()
807 {
808 /* Cancel if there's nothing to do here */
809 if (!$this->initially_was_account){
810 return;
811 }
813 /* include global link_info */
814 $ldap= $this->config->get_ldap_link();
816 plugin::remove_from_parent();
818 /* Keep uid attribute for gosaAccount */
819 unset($this->attrs['uid']);
820 unset($this->attrs['uidNumber']);
821 unset($this->attrs['gidNumber']);
823 /* Remove objectClass for sambaIdmapEntry */
824 $tmp= array();
825 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
826 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
827 $tmp[]= $this->attrs['objectClass'][$i];
828 }
829 }
830 $this->attrs['objectClass']= $tmp;
832 @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
833 $this->attributes, "Save");
834 $ldap->cd($this->dn);
835 $this->cleanup();
836 $ldap->modify ($this->attrs);
838 new log("remove","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
840 if (!$ldap->success()){
841 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
842 }
844 /* Optionally execute a command after we're done */
845 $this->handle_post_events("remove", array("uid" => $this->uid));
846 }
849 /* Check for input problems */
850 function check()
851 {
852 /* Call common method to give check the hook */
853 $message= plugin::check();
855 /* sambaHomePath requires sambaHomeDrive and vice versa */
856 if(!empty($this->sambaHomePath) && empty($this->sambaHomeDrive)){
857 $message[]= msgPool::required(_("Home drive"));
858 }
859 if(!empty($this->sambaHomeDrive) && empty($this->sambaHomePath)){
860 $message[]= msgPool::required(_("Home path"));
861 }
863 /* Strings */
864 foreach (array( "sambaHomePath" => _("Home directory"),
865 "sambaProfilePath" => _("Profile path")) as $key => $val){
866 if (!$this->mungedObject->is_samba_path($this->$key)){
867 $message[]= msgPool::invalid($val);
868 }
869 }
871 /* Numeric values */
872 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
873 "CtxMaxDisconnectionTime" => _("Disconnection"),
874 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
876 if (isset($this->mungedObject->ctx[$key]) && !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
877 $message[]= msgPool::invalid($val);
878 }
879 }
881 /* Too many workstations? Windows usrmgr only supports eight */
882 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
883 $message[]= _("The windows usermanager allows eight clients at maximum!");
884 }
886 return ($message);
887 }
890 /* Save data to object */
891 function save_object()
892 {
894 $SkipWrite = (!isset($this->parent) || !$this->parent) && !session::is_set('edit');
896 /* We only care if we are on the sambaTab... */
897 if (isset($_POST['sambaTab'])){
898 plugin::save_object();
900 // Display domain info dialog
901 if(isset($_POST['display_information'])){
902 msg_dialog::display(_("Information"),
903 $this->get_samba_information(),
904 INFO_DIALOG);
905 }
907 // Get posted flags.
908 foreach(array("enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
909 "temporaryDisabled","cannotChangePassword") as $name){
910 $flag = "flag_{$name}";
911 if($this->acl_is_writeable($name)){
912 $tmp = isset($_POST[$flag]);
913 $this->is_modified |= ($tmp != $this->$flag);
914 $this->$flag = isset($_POST[$flag]);
915 }
916 }
919 // get sambaDomain attribute
920 if ($this->acl_is_writeable("sambaDomainName",$SkipWrite) && isset ($_POST['sambaDomainName'],$SkipWrite)){
921 $this->sambaDomainName= validate($_POST['sambaDomainName']);
922 }
924 // Save CTX values
925 $TsAcl = $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite);
926 foreach($this->ctxattributes as $val){
927 if (isset($_POST[$val]) && $TsAcl){
928 $this->mungedObject->ctx[$val]= get_post($val);
929 }
930 }
932 $this->mungedObject->setTsLogin(!isset($_POST['tslogin']) && $TsAcl);
934 // Need to do some index checking to avoid messages like "index ... not found"
935 if(isset($_POST['brokenconn'])) {
936 $this->mungedObject->setBrokenConn($_POST['brokenconn'] == '1' && $TsAcl);
937 }
938 if(isset($_POST['reconn'])) {
939 $this->mungedObject->setReConn($_POST['reconn'] == '1' && $TsAcl);
940 }
941 $this->mungedObject->setInheritMode(isset($_POST['inherit']) && $TsAcl);
942 $this->mungedObject->setCtxMaxConnectionTimeF(!isset($_POST['CtxMaxConnectionTimeF']) && $TsAcl);
943 $this->mungedObject->setCtxMaxDisconnectionTimeF(!isset($_POST['CtxMaxDisconnectionTimeF']) && $TsAcl);
944 $this->mungedObject->setCtxMaxIdleTimeF(!isset($_POST['CtxMaxIdleTimeF']) && $TsAcl);
945 $this->mungedObject->setConnectClientDrives(isset($_POST['connectclientdrives']) && $TsAcl);
946 $this->mungedObject->setConnectClientPrinters(isset($_POST['connectclientprinters']) && $TsAcl);
947 $this->mungedObject->setDefaultPrinter(isset($_POST['defaultprinter']) && $TsAcl);
949 // Save combo boxes. Takes two values
950 if(isset($_POST['reconn'])) {
951 $this->mungedObject->setShadow(isset($_POST['shadow']) && $TsAcl,$_POST['shadow']);
952 }
954 // Check for changes
955 $this->is_modified |= ($this->sambaMungedDial != $this->mungedObject->getMunged());
956 }
957 }
961 function save()
962 {
963 /* Load uid and gid of this 'dn' */
964 $ldap= $this->config->get_ldap_link();
965 $ldap->cat($this->dn, array('uidNumber', 'gidNumber'));
966 $tmp= $ldap->fetch();
967 $this->uidNumber= $tmp['uidNumber'][0];
968 $this->gidNumber= $tmp['gidNumber'][0];
970 plugin::save();
972 /* Remove objectClass for sambaIdmapEntry */
973 $tmp= array();
974 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
975 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
976 $tmp[]= $this->attrs['objectClass'][$i];
977 }
978 }
979 $this->attrs['objectClass']= $tmp;
982 // Handle "enforce password change" flag.
983 if($this->flag_enforcePasswordChange){
984 $this->attrs['sambaPwdMustChange'] = 0;
985 }else{
987 // Keep old values if given.
988 if ($this->sambaPwdMustChange != "0"){
989 $this->attrs['sambaPwdMustChange']= $this->sambaPwdMustChange;
990 } else {
991 $this->attrs['sambaPwdMustChange']= array();
992 }
993 }
995 // Handle "Cannot change password" flag.
996 if($this->flag_cannotChangePassword){
997 $this->attrs['sambaPwdCanChange'] = 4294967295;
998 }else{
1000 // Keep old values if given.
1001 if ($this->sambaPwdCanChange != 4294967295){
1002 $this->attrs['sambaPwdCanChange']= $this->sambaPwdCanChange;
1003 } else {
1004 $this->attrs['sambaPwdCanChange']= array();
1005 }
1006 }
1008 // Create sambaAcctFlags
1009 $tmp = "U";
1010 if($this->flag_passwordNeverExpires) $tmp .="X";
1011 if($this->flag_noPasswordRequired) $tmp .="N";
1012 if($this->flag_temporaryDisabled){
1013 if(preg_match("/L/i", $this->sambaAcctFlags)){
1014 $tmp .= "L";
1015 }else{
1016 $tmp .= "D";
1017 }
1018 }
1020 // Fill flag list with whitespaces
1021 $fill= "";
1022 for ($i= strlen($tmp); $i<12; $i++){
1023 $fill.= " ";
1024 }
1025 $this->attrs['sambaAcctFlags'] = "[{$tmp}{$fill}]";
1028 // Generate rid / primaryGroupId
1029 if (!isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
1030 msg_dialog::display(_("Warning"), _("Undefined Samba SID detected. Please fix this problem manually!"), WARNING_DIALOG);
1031 } else {
1032 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
1033 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
1034 }
1036 // Need to generate a new uniqe uid/gid combination?
1037 if ($this->sambaSID == "" || $this->orig_sambaDomainName != $this->sambaDomainName){
1038 $uidNumber= $this->uidNumber;
1039 while(TRUE){
1040 $sid= $this->SID."-".($uidNumber*2 + $this->ridBase);
1041 $ldap->cd($this->config->current['BASE']);
1042 $ldap->search("(sambaSID=$sid)", array("sambaSID"));
1043 if ($ldap->count() == 0){
1044 break;
1045 }
1046 $uidNumber++;
1047 }
1048 $this->attrs['sambaSID']= $sid;
1050 // Check for users primary group
1051 $ldap->cd($this->config->current['BASE']);
1052 $ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
1053 if ($ldap->count() != 1){
1054 msg_dialog::display(_("Warning"),
1055 _("Cannot convert primary group to samba group: group cannot be identified!"),
1056 WARNING_DIALOG);
1057 } else {
1058 $attrs= $ldap->fetch();
1059 $g= new group($this->config, $ldap->getDN());
1060 if ($g->sambaSID == ""){
1061 $g->sambaDomainName= $this->sambaDomainName;
1062 $g->smbgroup= TRUE;
1063 $g->save ();
1064 }
1065 $this->attrs['sambaPrimaryGroupSID']= $g->sambaSID;
1066 }
1067 }
1069 // Set or reset homeDrive - Why is this done seperataly?
1070 if ($this->sambaHomeDrive == ""){
1071 $this->attrs["sambaHomeDrive"]= array();
1072 }
1074 // Generate munged dial value
1075 $this->attrs["sambaMungedDial"]= $this->mungedObject->getMunged();
1077 // User wants me to fake the idMappings? This is useful for
1078 // making winbind resolve the user names in a reasonable amount
1079 // of time in combination with larger databases.
1080 if ($this->config->get_cfg_value("sambaidmapping") == "true"){
1081 $this->attrs['objectClass'][]= "sambaIdmapEntry";
1082 }
1084 // Write back to ldap
1085 $ldap->cd($this->dn);
1086 $this->cleanup();
1087 $ldap->modify ($this->attrs);
1088 if (!$ldap->success()){
1089 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
1090 }else{
1091 if ($this->initially_was_account == $this->is_account){
1092 if ($this->is_modified){
1093 $this->handle_post_events("modify", array("uid" => $this->uid));
1094 new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1095 }
1096 } else {
1097 $this->handle_post_events("add", array("uid" => $this->uid));
1098 new log("create","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1099 }
1100 }
1101 }
1104 /* Force password set, if this account doesn't have any samba passwords */
1105 function password_change_needed()
1106 {
1107 if(!$this->initially_was_account && $this->is_account){
1108 $ldap = $this->config->get_ldap_link();
1109 $ldap->cat($this->dn,array("sambaLMPassword","sambaNTPassword"));
1110 $attrs = $ldap->fetch();
1111 if(!isset($attrs['sambaLMPassword']) || !isset($attrs['sambaNTPassword'])){
1112 return(TRUE);
1113 }
1114 }
1115 return(FALSE);
1116 }
1119 function adapt_from_template($dn, $skip= array())
1120 {
1121 plugin::adapt_from_template($dn, $skip);
1124 $this->sambaSID= "";
1125 $this->sambaPrimaryGroupSID= "";
1127 /* Fill mungedDial field */
1128 if (isset($this->attrs['sambaMungedDial']) && !in_array('sambaMungedDial', $skip)){
1129 $this->mungedObject->load($this->sambaMungedDial);
1130 }
1132 /* Adapt munged attributes */
1133 foreach($this->ctxattributes as $attr){
1134 if(isset($this->mungedObject->ctx[$attr]))
1135 $val = $this->mungedObject->ctx[$attr];
1137 foreach (array("sn", "givenName", "uid") as $repl){
1138 if (preg_match("/%$repl/i", $val)){
1139 $val= preg_replace ("/%$repl/i", $this->parent->$repl, $val);
1140 }
1141 }
1142 $this->mungedObject->ctx[$attr] = $val;
1143 }
1145 // If you make changes here, please make the same changes in the constructor!
1147 // A password change is enforced by using a timestamp in sambaPwdMustChange.
1148 // We simple set it to '0' to enforce a change.
1149 // --------------------------------
1150 // Normally it contains a timestamp, which specifies and expiration date.
1151 $this->flag_enforcePasswordChange = (isset($this->attrs['sambaPwdMustChange']) && $this->attrs['sambaPwdMustChange'][0] == '0');
1153 // A user cannot change his password until the given timestamp has reached.
1154 // We simply set it to max int to disallow a password change till the timestamp reaches 4294967295,
1155 // this is definitly far in the future and thus disallows a password change at all.
1156 // --------------------------------
1157 // The user is not able to change his password while sambaPwdCanChange is 4294967295 (Integer 32 Bit max)
1158 $this->flag_cannotChangePassword = (isset($this->attrs['sambaPwdCanChange']) && $this->attrs['sambaPwdCanChange'][0] == '4294967295');
1160 // A password never expires if 'sambaAcctFlags' contains 'X'.
1161 // (See flags above for details)
1162 $this->flag_passwordNeverExpires = preg_match("/X/i", $this->sambaAcctFlags);
1164 // A password is NOT required if 'sambaAcctFlags' contains 'N'.
1165 // (See flags above for details)
1166 $this->flag_noPasswordRequired = preg_match("/N/i", $this->sambaAcctFlags);
1168 // A account is locked if if 'sambaAcctFlags' contains 'L' or 'D'.
1169 // (See flags above for details)
1170 $this->flag_temporaryDisabled = preg_match("/L/i", $this->sambaAcctFlags) ||
1171 preg_match("/D/i", $this->sambaAcctFlags);
1172 }
1175 static function plInfo()
1176 {
1177 return (array(
1178 "plShortName" => _("Samba"),
1179 "plDescription" => _("Samba settings"),
1180 "plSelfModify" => TRUE,
1181 "plDepends" => array("user"),
1182 "plPriority" => 5,
1183 "plSection" => array("personal" => _("My account")),
1184 "plCategory" => array("users"),
1185 "plOptions" => array(),
1187 "plProvidedAcls" => array(
1189 "sambaHomePath" => _("Generic home directory") ,
1190 "sambaHomeDrive" => _("Generic samba home drive") ,
1191 "sambaDomainName" => _("Domain") ,
1192 "sambaLogonScript" => _("Generic script path") ,
1193 "sambaProfilePath" => _("Generic profile path") ,
1194 "AllowLoginOnTerminalServer" => _("Allow login on terminal server"),
1195 "InheritClientConfig" => _("Inherit client config"),
1197 "enforcePasswordChange" => _("Enforce password change"),
1198 "cannotChangePassword" => _("Disallow password change") ,
1199 "noPasswordRequired" => _("Login from windows client requires no password"),
1200 "passwordNeverExpires" => _("Password never expires"),
1201 "temporaryDisabled" => _("Lock samba account"),
1203 "sambaLogonHours" => _("Logon hours") ,
1204 "sambaUserWorkstations" => _("Allow connection from"))
1205 ));
1206 }
1208 function enable_multiple_support()
1209 {
1210 plugin::enable_multiple_support();
1211 $this->multiple_support_active = TRUE;
1212 }
1214 function multiple_save_object()
1215 {
1216 if (isset($_POST['sambaTab'])){
1217 $this->save_object();
1218 plugin::multiple_save_object();
1219 foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
1220 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF","CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
1221 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
1222 "onnectclientprinters","defaultprinter","shadow","brokenconn",
1223 "reconn","allow_pwchange","connectclientprinters","no_expiry","no_password_required","temporary_disable",
1224 "password_expires","logon_time_set","logoff_time_set","kickoff_time_set","SetSambaLogonHours",
1225 "workstation_list","enforcePasswordChange","cannotChangePassword") as $attr){
1226 if(isset($_POST["use_".$attr])){
1227 $this->multi_boxes[] = $attr;
1228 }
1229 }
1230 }
1231 }
1234 function multiple_check()
1235 {
1236 $message = plugin::multiple_check();
1238 /* Strings */
1239 foreach (array( "sambaHomePath" => _("Home directory"),
1240 "sambaProfilePath" => _("Profile path")) as $key => $val){
1241 if (in_array($key,$this->multi_boxes) && !$this->mungedObject->is_samba_path($this->$key)){
1242 $message[]= msgPool::invalid($val);
1243 }
1244 }
1246 /* Numeric values */
1247 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
1248 "CtxMaxDisconnectionTime" => _("Disconnection"),
1249 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
1250 if (in_array($key,$this->multi_boxes) &&
1251 isset($this->mungedObject->ctx[$key]) &&
1252 !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
1253 $message[]=msgPool::invalid($val);
1254 }
1255 }
1257 /* Too many workstations? Windows usrmgr only supports eight */
1258 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
1259 $message[]= _("The windows user manager only allows eight clients. You've specified more than eight.");
1260 }
1261 return($message);
1262 }
1265 function get_multi_init_values()
1266 {
1267 $ret = plugin::get_multi_init_values();
1269 /* Parse given sambaUserWorkstations into array
1270 * to allow "init_multiple_support()" to detect multiple used workstations.
1271 * Those workstations will be displayed in light grey.
1272 */
1273 $tmp2 = array("count" => 0);
1274 $tmp = explode(",", $this->sambaUserWorkstations);
1275 foreach($tmp as $station){
1276 $station = trim($station);
1277 if(!empty($station)){
1278 $tmp2[] = $station;
1279 $tmp2['count'] ++;
1280 }
1281 }
1282 $ret['sambaUserWorkstations'] = $tmp2;
1283 return($ret);
1284 }
1288 function init_multiple_support($attrs,$all)
1289 {
1290 plugin::init_multiple_support($attrs,$all);
1292 $this->multiple_sambaUserWorkstations = array();
1293 if(isset($all['sambaUserWorkstations'])){
1294 for($i = 0 ; $i < $all['sambaUserWorkstations']['count'] ; $i++){
1295 $station = trim($all['sambaUserWorkstations'][$i]);
1296 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => FALSE);
1297 }
1298 }
1299 if(isset($attrs['sambaUserWorkstations'])){
1300 for($i = 0 ; $i < $attrs['sambaUserWorkstations']['count'] ; $i++){
1301 $station = trim($attrs['sambaUserWorkstations'][$i]);
1302 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1303 }
1304 }
1305 }
1307 function multiple_execute()
1308 {
1309 return($this->execute());
1310 }
1312 function get_multi_edit_values()
1313 {
1314 $ret = plugin::get_multi_edit_values();
1316 /* Terminal Server */
1317 if(in_array("tslogin",$this->multi_boxes)){
1318 $ret['tslogin'] = $this->mungedObject->getTsLogin();
1319 }
1320 if(in_array("CtxWFHomeDirDrive",$this->multi_boxes)){
1321 $ret['CtxWFHomeDirDrive'] = $this->mungedObject->ctx['CtxWFHomeDirDrive'];
1322 }
1323 if(in_array("CtxWFHomeDir",$this->multi_boxes)){
1324 $ret['CtxWFHomeDir'] = $this->mungedObject->ctx['CtxWFHomeDir'];
1325 }
1326 if(in_array("CtxWFProfilePath",$this->multi_boxes)){
1327 $ret['CtxWFProfilePath'] = $this->mungedObject->ctx['CtxWFProfilePath'];
1328 }
1330 if(in_array("inherit",$this->multi_boxes)){
1331 $ret['inherit'] = $this->mungedObject->getInheritMode();
1332 }
1333 if(in_array("CtxInitialProgram",$this->multi_boxes)){
1334 $ret['CtxInitialProgram'] = $this->mungedObject->ctx['CtxInitialProgram'];
1335 }
1336 if(in_array("CtxWorkDirectory",$this->multi_boxes)){
1337 $ret['CtxWorkDirectory'] = $this->mungedObject->ctx['CtxWorkDirectory'];
1338 }
1340 /* Time Limits. Be careful here, there are some negations */
1341 if(in_array("CtxMaxConnectionTimeF",$this->multi_boxes)){
1342 $ret["CtxMaxConnectionTimeF"] = !$this->mungedObject->getCtxMaxConnectionTimeF();
1343 if(!$ret["CtxMaxConnectionTimeF"]){
1344 $ret["CtxMaxConnectionTime"] = $this->mungedObject->ctx['CtxMaxConnectionTime'];
1345 }
1346 }
1347 if(in_array("CtxMaxDisconnectionTimeF",$this->multi_boxes)){
1348 $ret["CtxMaxDisconnectionTimeF"]= !$this->mungedObject->getCtxMaxDisconnectionTimeF();
1349 if(!$ret["CtxMaxDisconnectionTimeF"]){
1350 $ret["CtxMaxDisconnectionTime"]= $this->mungedObject->ctx['CtxMaxDisconnectionTime'];
1351 }
1352 }
1353 if(in_array("CtxMaxIdleTimeF",$this->multi_boxes)){
1354 $ret["CtxMaxIdleTimeF"] = !$this->mungedObject->getCtxMaxIdleTimeF();
1355 if(!$ret["CtxMaxIdleTimeF"]){
1356 $ret["CtxMaxIdleTime"] = $this->mungedObject->ctx['CtxMaxIdleTime'];
1357 }
1358 }
1360 /* Client Devices */
1361 if(in_array("connectclientdrives",$this->multi_boxes)){
1362 $ret["connectclientdrives"] = $this->mungedObject->getConnectClientDrives();
1363 }
1364 if(in_array("connectclientprinters",$this->multi_boxes)){
1365 $ret["connectclientprinters"] = $this->mungedObject->getConnectClientPrinters();
1366 }
1367 if(in_array("defaultprinter",$this->multi_boxes)){
1368 $ret["defaultprinter"] = $this->mungedObject->getDefaultPrinter();
1369 }
1371 /* Misc */
1372 if(in_array("shadow",$this->multi_boxes)){
1373 $ret["shadow"] =$this->mungedObject->getShadow();
1374 }
1375 if(in_array("brokenconn",$this->multi_boxes)){
1376 $ret["brokenconn"]=$this->mungedObject->getBrokenConn();
1377 }
1378 if(in_array("reconn",$this->multi_boxes)){
1379 $ret["reconn"] =$this->mungedObject->getReConn();
1380 }
1382 // Handle Flags.
1383 foreach(array("flag_enforcePasswordChange", "flag_passwordNeverExpires", "flag_noPasswordRequired",
1384 "flag_temporaryDisabled","flag_cannotChangePassword") as $attr){
1385 $ret[$attr] = $this->$attr;
1386 }
1388 if(in_array("SetSambaLogonHours",$this->multi_boxes)){
1389 $ret['sambaLogonHours'] = $this->sambaLogonHours;
1390 }
1392 if(in_array("workstation_list",$this->multi_boxes)){
1393 $ret['multiple_sambaUserWorkstations'] = $this->multiple_sambaUserWorkstations;
1394 }
1395 return($ret);
1396 }
1398 function set_multi_edit_values($values)
1399 {
1400 plugin::set_multi_edit_values($values);
1402 /* Prepare current workstation settings to be merged
1403 * with multiple edit settings.
1404 */
1405 if(isset($values['multiple_sambaUserWorkstations'])){
1406 $cur_ws = array();
1407 $m_ws = $values['multiple_sambaUserWorkstations'];
1409 /* Prepare current settings to be merged */
1410 if(isset($this->sambaUserWorkstations)){
1411 $ttmp = explode(",",$this->sambaUserWorkstations);
1412 foreach($ttmp as $station){
1413 $station = trim($station);
1414 if(!empty($station)){
1415 $cur_ws[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1416 }
1417 }
1418 }
1420 /* Unset removed workstations */
1421 foreach($cur_ws as $cur_name => $cur_station){
1422 if(!isset($m_ws[$cur_name])){
1423 unset($cur_ws[$cur_name]);
1424 }
1425 }
1427 /* Add all added workstations */
1428 foreach($m_ws as $name => $station){
1429 if($station['UsedByAllUsers']){
1430 $cur_ws[$name] = $station;
1431 }
1432 }
1434 $this->sambaUserWorkstations = "";
1435 foreach($cur_ws as $name => $ws){
1436 $this->sambaUserWorkstations .= $name.",";
1437 }
1438 $this->sambaUserWorkstations=preg_replace("/,$/","",$this->sambaUserWorkstations);
1439 }
1441 /* Enable disabled terminal login, this is inverted somehow */
1442 if(isset($values['tslogin'])) $this->mungedObject->setTsLogin(!$values['tslogin']);
1444 /* Imherit client configuration */
1445 if(isset($values['inherit'])) $this->mungedObject->setInheritMode($values['inherit']);
1447 /* Get all ctx values posted */
1448 $ctx = array("CtxWFHomeDirDrive","CtxWFHomeDir","CtxWFProfilePath","CtxInitialProgram","CtxWorkDirectory",
1449 "CtxMaxConnectionTime","CtxMaxDisconnectionTime","CtxMaxIdleTime");
1450 foreach($ctx as $attr){
1451 if(isset($values[$attr])){
1452 $this->mungedObject->ctx[$attr] = $values[$attr] ;
1453 }
1454 }
1456 if(isset($values['CtxMaxConnectionTimeF'])) $this->mungedObject->setCtxMaxConnectionTimeF($values['CtxMaxConnectionTimeF']);
1457 if(isset($values['CtxMaxDisconnectionTimeF']))$this->mungedObject->setCtxMaxDisconnectionTimeF($values['CtxMaxDisconnectionTimeF']);
1458 if(isset($values['CtxMaxIdleTimeF'])) $this->mungedObject->setCtxMaxIdleTimeF($values['CtxMaxIdleTimeF']);
1460 if(isset($values['connectclientdrives'])) $this->mungedObject->setConnectClientDrives($values['connectclientdrives']);
1461 if(isset($values['connectclientprinters'])) $this->mungedObject->setConnectClientPrinters($values['connectclientprinters']);
1462 if(isset($values['defaultprinter'])) $this->mungedObject->setDefaultPrinter($values['defaultprinter']);
1464 if(isset($values['shadow'])) $this->mungedObject->setShadow($values['shadow'],$values['shadow']);
1465 if(isset($values['brokenconn'])) $this->mungedObject->setBrokenConn($values['brokenconn'],$values['brokenconn']);
1466 if(isset($values['reconn'])) $this->mungedObject->setReConn($values['reconn'],$values['reconn']);
1467 }
1470 function PrepareForCopyPaste($source)
1471 {
1472 plugin::PrepareForCopyPaste($source);
1474 /* Set a new SID */
1475 $this->sambaSID = "";
1477 /* Fill mungedDial field */
1478 if (isset($source['sambaMungedDial'])){
1479 $this->mungedObject->load($source['sambaMungedDial'][0]);
1480 }
1481 }
1483 }
1485 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1486 ?>