1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2004-2005 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 class sambaAccount extends plugin
22 {
23 /* Definitions */
24 var $plHeadline= "Samba";
25 var $plDescription= "This does something";
26 var $view_logged = FALSE;
28 // Domaind information, gid, sid, rid
29 var $uid= "";
30 var $uidNumber= 65535;
31 var $gidNumber= 65535;
32 var $SID= "";
33 var $ridBase= 0;
34 var $sambaSID= "";
35 var $orig_sambaDomainName= "";
36 var $sambaDomainName= "";
38 // Some of these attributes are just used to
39 // display the domain information dialog, and
40 // thus not writte back to the ldap.
41 var $sambaBadPasswordCount= "";
42 var $sambaBadPasswordTime= "";
43 var $sambaPasswordHistory= "";
44 var $sambaLogonHours= "";
45 var $sambaPwdLastSet= "0";
46 var $sambaLogonTime= "0";
47 var $sambaLogoffTime= "2147483647";
48 var $sambaKickoffTime= "2147483647";
49 var $sambaPwdCanChange= "0";
50 var $sambaPwdMustChange= "0";
52 // Flags (checkboxes) to restrict account settings.
53 var $sambaAcctFlags= "[UX ]";
54 var $flag_enforcePasswordChange = FALSE;
55 var $flag_passwordNeverExpires = FALSE;
56 var $flag_noPasswordRequired = FALSE;
57 var $flag_temporaryDisabled = FALSE;
58 var $flag_cannotChangePassword = FALSE;
60 // String values
61 var $sambaHomePath= "";
62 var $sambaHomeDrive= "";
63 var $sambaLogonScript= "";
64 var $sambaProfilePath= "";
65 var $sambaPrimaryGroupSID= "";
66 var $sambaUserWorkstations= "";
68 // Munged object.
69 var $sambaMungedDial= "";
70 var $mungedObject;
72 /* Helper */
73 var $cache = array();
74 var $trustSelect= FALSE;
76 /* attribute list for save action */
77 var $ctxattributes= array();
78 var $attributes= array("sambaSID", "sambaPwdLastSet", "sambaLogonTime",
79 "sambaLogoffTime", "sambaKickoffTime", "sambaPwdCanChange",
80 "sambaPwdMustChange", "sambaAcctFlags", "uid", "sambaMungedDial",
81 "sambaHomePath", "sambaHomeDrive", "sambaLogonScript",
82 "sambaProfilePath", "sambaPrimaryGroupSID", "sambaDomainName",
83 "sambaUserWorkstations", "sambaPasswordHistory",
84 "sambaLogonHours", "sambaBadPasswordTime",
85 "sambaBadPasswordCount");
86 var $objectclasses= array('sambaSamAccount');
88 var $CopyPasteVars = array("mungedObject","orig_sambaDomainName");
90 var $multiple_support = TRUE;
91 var $multiple_sambaUserWorkstations = array();
94 function sambaAccount (&$config, $dn= NULL)
95 {
97 plugin::plugin ($config, $dn);
99 // Set current uid if possible.
100 if(isset($this->attrs['uid'][0])){
101 $this->uid = $this->attrs['uid'][0];
102 }
104 // Get samba domain and its sid/rid base
105 if ($this->sambaSID != ""){
106 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
107 $ldap= $this->config->get_ldap_link();
108 $ldap->cd($this->config->current['BASE']);
109 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase","sambaDomainName"));
110 if ($ldap->count() != 0){
111 $attrs= $ldap->fetch();
112 if(isset($attrs['sambaAlgorithmicRidBase'])){
113 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
114 } else {
115 $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
116 }
117 if ($this->sambaDomainName == ""){
118 $this->sambaDomainName= $attrs['sambaDomainName'][0];
119 }
120 } else {
122 // Fall back to a 'DEFAULT' domain, if none was found in LDAP.
123 if ($this->sambaDomainName == "") $this->sambaDomainName= "DEFAULT";
125 // Nothing in ldap, use configured sid and rid values.
126 $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
127 $this->SID= $this->config->get_cfg_value("core","sambaSid");
128 }
129 }
131 // Keep original domain name and plugin status, to be able to detect modifications.
132 $this->orig_sambaDomainName= $this->sambaDomainName;
133 $this->initially_was_account= $this->is_account;
135 // Instantiate munged object and load info.
136 $this->mungedObject= new sambaMungedDial;
137 $this->ctxattributes= $this->mungedObject->ctxattributes;
138 if (isset($this->attrs['sambaMungedDial'])){
139 $this->mungedObject->load($this->sambaMungedDial);
140 }
142 // Load flags
143 $this->loadFlagsFromSource($this->attrs);
144 }
147 function loadFlagsFromSource($attrs)
148 {
150 // Samba flag description
151 // ----------------------
152 // The Official Samba 3.2.x HOWTO and Reference Guide
153 // Jelmer R. Vernooij, John H. Terpstra, and Gerald (Jerry) Carter
154 // May 27, 2009
155 // ----------------------
156 // D - Account is disabled.
157 // H - A home directory is required.
158 // I - An inter-domain trust account.
159 // L - Account has been auto-locked.
160 // M - An MNS (Microsoft network service) logon account.
161 // N - Password not required.
162 // S - A server trust account.
163 // T - Temporary duplicate account entry.
164 // U - A normal user account.
165 // W - A workstation trust account.
166 // X - Password does not expire.
168 // sambaPwdCanChange
169 // _______________
170 // Specifies the time (UNIX time format) after which the user is allowed to change his password.
171 // If this attribute is not set, the user will be free to change his password whenever he wants.
173 // sambaPwdLastSet
174 // _______________
175 // The integer time in seconds since 1970 when the sambaLMPassword and sambaNTPassword attributes were last set.
177 // sambaPwdMustChange
178 // _______________
179 // Specifies the time (UNIX time format) when the user is forced to change his password. If this
180 // value is set to 0, the user will have to change his password at first login. If this attribute is not
181 // set, then the password will never expire.
184 // A password change is enforced by using a timestamp in sambaPwdMustChange.
185 // We simple set it to '0' to enforce a change.
186 // --------------------------------
187 // Normally it contains a timestamp, which specifies and expiration date.
188 $this->flag_enforcePasswordChange = (isset($attrs['sambaPwdMustChange']) && $attrs['sambaPwdMustChange'][0] == '0');
190 // A user cannot change his password until the given timestamp has reached.
191 // We simply set it to max int to disallow a password change till the timestamp reaches 4294967295,
192 // this is definitly far in the future and thus disallows a password change at all.
193 // --------------------------------
194 // The user is not able to change his password while sambaPwdCanChange is 4294967295 (Integer 32 Bit max)
195 $this->flag_cannotChangePassword = (isset($attrs['sambaPwdCanChange']) && $attrs['sambaPwdCanChange'][0] == '4294967295');
197 // Load samba account flags
198 if(isset($attrs['sambaAcctFlags'][0])){
199 $this->sambaAcctFlags = $attrs['sambaAcctFlags'][0];
201 // A password never expires if 'sambaAcctFlags' contains 'X'.
202 // (See flags above for details)
203 $this->flag_passwordNeverExpires = preg_match("/X/i", $this->sambaAcctFlags);
205 // A password is NOT required if 'sambaAcctFlags' contains 'N'.
206 // (See flags above for details)
207 $this->flag_noPasswordRequired = preg_match("/N/i", $this->sambaAcctFlags);
209 // A account is locked if if 'sambaAcctFlags' contains 'L' or 'D'.
210 // (See flags above for details)
211 $this->flag_temporaryDisabled = preg_match("/L/i", $this->sambaAcctFlags) ||
212 preg_match("/D/i", $this->sambaAcctFlags);
214 }
215 }
217 function execute()
218 {
219 /* Call parent execute */
220 plugin::execute();
222 /* Log view */
223 if($this->is_account && !$this->view_logged){
224 $this->view_logged = TRUE;
225 new log("view","users/".get_class($this),$this->dn);
226 }
228 /* Do we need to flip is_account state? */
229 if (isset($_POST['modify_state'])){
230 $this->is_account= !$this->is_account;
231 }
232 /* Do we represent a valid account? */
233 if (!$this->is_account && $this->parent === NULL){
234 $display= "<img alt=\"\"src=\"images/small-error.png\" align=\"middle\"> <b>".
235 msgPool::noValidExtension(_("Samba"))."</b>";
236 $display.= back_to_main();
237 return ($display);
238 }
240 $display ="";
241 if(!$this->multiple_support_active){
243 // Show tab heades to activate and deactivate the samba extension.
244 $display= "";
245 if ($this->parent !== NULL){
246 if ($this->is_account){
247 $display= $this->show_disable_header(msgPool::removeFeaturesButton(_("Samba")),
248 msgPool::featuresEnabled(_("Samba")));
249 } else {
251 // Samba3 dependency on posix accounts are enabled in the moment, because I need to rely on unique
252 // uidNumbers. There'll be a better solution later on.
253 $obj= $this->parent->by_object['posixAccount'];
254 if ($obj->is_account){
255 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
256 msgPool::featuresDisabled(_("Samba")));
257 } else {
258 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
259 msgPool::featuresDisabled(_("Samba"), _("POSIX")), TRUE);
260 }
261 return ($display);
262 }
263 }
264 }
266 // Editing from the MyAccount/Personal section may be disabled until we've pressed the 'edit' button.
267 $SkipWrite = (!isset($this->parent) || !$this->parent) && !session::is_set('edit');
270 // Handle the samba logon hours dialog here, instantiate it on request.
271 if(isset($_POST['SetSambaLogonHours']) && $this->acl_is_readable("sambaLogonHours")){
272 $this->dialog = new sambaLogonHours($this->config,$this->dn,$this->sambaLogonHours, $this->getacl('sambaLogonHours'));
273 }
274 if(isset($_POST['cancel_logonHours'])){
275 $this->dialog = FALSE;
276 }
277 if(isset($_POST['save_logonHours'])){
278 $this->dialog->save_object();
279 if($this->acl_is_writeable("sambaLogonHours")){
280 $this->sambaLogonHours = $this->dialog->save();
281 }
282 $this->dialog = FALSE;
283 }
284 if((isset($this->dialog)) && (is_object($this->dialog))){
285 $this->dialog->save_object();
286 return($this->dialog->execute());
287 }
290 // Get smarty
291 $smarty= get_smarty();
292 $smarty->assign("usePrototype", "true");
294 // Assign GOsa ACLs
295 $tmp = $this->plInfo();
296 foreach($tmp['plProvidedAcls'] as $var => $rest){
297 $smarty->assign($var."ACL",$this->getacl($var,$SkipWrite));
298 }
300 if(!session::is_set('edit') && !isset($this->parent)){
301 $smarty->assign("sambaLogonHoursACL","");
302 }
305 // Handle workstation list - Remove entries.
306 if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
307 if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){
308 if($this->multiple_support_active){
309 foreach($_POST['workstation_list'] as $name){
310 if(isset($this->multiple_sambaUserWorkstations[trim($name)])){
311 unset($this->multiple_sambaUserWorkstations[trim($name)]);
312 }
313 }
314 }else{
315 $tmp= $this->sambaUserWorkstations;
316 foreach($_POST['workstation_list'] as $name){
317 $tmp= preg_replace("/$name/", '', $tmp);
318 $this->is_modified= TRUE;
319 }
320 $tmp= preg_replace('/,+/', ',', $tmp);
321 $this->sambaUserWorkstations= trim($tmp, ',');
322 }
323 }
324 }
326 // Handle trust maschines/accessTo list
327 if (isset($_POST["add_ws"])){
328 if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){
329 $this->trustSelect= new trustSelect($this->config,get_userinfo());
330 $this->dialog= TRUE;
331 }
332 }
334 // Dialog canceled
335 if (isset($_POST["add_ws_cancel"])){
336 $this->trustSelect= FALSE;
337 $this->dialog= FALSE;
338 }
340 // Add selected machines to trusted ones.
341 if (isset($_POST["add_ws_finish"]) && $this->trustSelect){
342 $trusts = $this->trustSelect->detectPostActions();
343 if(isset($trusts['targets'])){
344 $headpage = $this->trustSelect->getHeadpage();
345 if($this->multiple_support_active){
346 foreach($trusts['targets'] as $id){
347 $attrs = $headpage->getEntry($id);
348 $we =$attrs['cn'][0];
349 $this->multiple_sambaUserWorkstations[trim($we)] = array("Name" => trim($ws), "UsedByAllUsers" => TRUE);
350 }
351 }else{
353 $tmp= $this->sambaUserWorkstations;
354 foreach($trusts['targets'] as $id){
355 $attrs = $headpage->getEntry($id);
356 $we =$attrs['cn'][0];
357 $tmp.= ",$we";
358 }
359 $tmp= preg_replace('/,+/', ',', $tmp);
360 $this->sambaUserWorkstations= trim($tmp, ',');
361 }
363 $this->is_modified= TRUE;
364 }
365 $this->trustSelect= NULL;
366 $this->dialog= FALSE;
367 }
369 // Display trust dialog
370 if ($this->trustSelect){
371 session::set('filterBlacklist', array('cn' => preg_split('/,/',$this->sambaUserWorkstations)));
372 return($this->trustSelect->execute());
373 }
376 // Fill domain selection.
377 $domains= array_keys($this->config->data['SERVERS']['SAMBA']);
378 $smarty->assign("domains", set_post($domains));
380 // Fill drive letters.
381 $letters= array("");
382 for ($i= 68; $i<91; $i++){
383 $letters[]= chr($i).":";
384 }
385 $smarty->assign("drives", $letters);
388 // Fill terminal server setttings
389 foreach ($this->ctxattributes as $attr){
390 if (isset($this->mungedObject->ctx[$attr])){
391 $smarty->assign("$attr", set_post($this->mungedObject->ctx[$attr]));
393 // Set field to blank if value is 0
394 if(in_array($attr, array("CtxMaxConnectionTime", "CtxMaxDisconnectionTime", "CtxMaxIdleTime"))) {
395 if($this->mungedObject->ctx[$attr] == 0) {
396 $smarty->assign("$attr", "");
397 }
398 }
399 } else {
400 $smarty->assign("$attr", "");
401 }
402 }
404 // Assign enum values for preset items.
405 $shadowModeVals= array(
406 "0" => _("disabled"),
407 "1" => _("input on, notify on"),
408 "2" => _("input on, notify off"),
409 "3" => _("input off, notify on"),
410 "4" => _("input off, notify off"));
411 $brokenConnModeVals= array(
412 "0" => _("disconnect"),
413 "1" => _("reset"));
414 $reConnModeVals= array( "0" => _("from any client"),
415 "1" => _("from previous client only"));
416 $smarty->assign("shadow", set_post($shadowModeVals));
417 $smarty->assign("brokenconn", set_post($brokenConnModeVals));
418 $smarty->assign("reconn", set_post($reConnModeVals));
420 // Fill preset items with values
421 $smarty->assign("shadowmode", set_post($this->mungedObject->getShadow()));
422 $smarty->assign("brokenconnmode", set_post($this->mungedObject->getBrokenConn()));
423 $smarty->assign("reconnmode", set_post($this->mungedObject->getReConn()));
426 // Set form elements to disabled/enable state
427 $smarty->assign("tsloginstate", $this->mungedObject->getTsLogin()?"":"disabled");
428 $smarty->assign("inheritstate", "");
429 if($this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)){
430 $smarty->assign("inheritstate", $this->mungedObject->getInheritMode()?"disabled":"");
431 }
433 // Set checkboxes to checked or unchecked state
434 $smarty->assign("tslogin", $this->mungedObject->getTsLogin()?"checked":"");
435 $smarty->assign("inherit", $this->mungedObject->getInheritMode()?"checked":"");
436 $smarty->assign("connectclientdrives",
437 $this->mungedObject->getConnectClientDrives()?"checked":"");
438 $smarty->assign("connectclientprinters",
439 $this->mungedObject->getConnectClientPrinters()?"checked":"");
440 $smarty->assign("defaultprinter",
441 $this->mungedObject->getDefaultPrinter()?"checked":"");
442 $smarty->assign("CtxMaxConnectionTimeF",
443 $this->mungedObject->getCtxMaxConnectionTimeF()?"checked":"");
444 $smarty->assign("CtxMaxDisconnectionTimeF",
445 $this->mungedObject->getCtxMaxDisconnectionTimeF()?"checked":"");
446 $smarty->assign("CtxMaxIdleTimeF",
447 $this->mungedObject->getCtxMaxIdleTimeF()?"checked":"");
450 // Fill sambaUserWorkstations
451 $ws= explode(",", $this->sambaUserWorkstations);
452 sort($ws);
454 // Tidy checks for empty option, and smarty will produce one if array[0]=""
455 if(($ws[0]=="")&&(count($ws)==1)) $ws=array();
456 if($this->multiple_support_active){
457 $smarty->assign("multiple_workstations",$this->multiple_sambaUserWorkstations);
458 }
459 $smarty->assign("workstations", set_post($ws));
462 // Assign plugin values
463 foreach($this->attributes as $val){
464 $smarty->assign("$val", set_post($this->$val));
465 }
467 // Assign munged attributes
468 foreach($this->mungedObject->getOnDemandFlags() as $key => $value) {
469 $smarty->assign("$key", set_post($value));
470 }
472 // Assign selected multi edit checkbox values.
473 foreach($this->attributes as $attr){
474 if(in_array($attr,$this->multi_boxes)){
475 $smarty->assign("use_".$attr,TRUE);
476 }else{
477 $smarty->assign("use_".$attr,FALSE);
478 }
479 }
480 foreach(array("tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
481 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF",
482 "CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
483 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
484 "onnectclientprinters","defaultprinter","shadow","brokenconn",
485 "reconn","connectclientprinters","SetSambaLogonHours",
486 "workstation_list",
487 "enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
488 "temporaryDisabled","cannotChangePassword") as $attr){
490 if(in_array($attr,$this->multi_boxes)){
491 $smarty->assign("use_".$attr,TRUE);
492 }else{
493 $smarty->assign("use_".$attr,FALSE);
494 }
495 }
497 if($this->multiple_support_active){
498 $smarty->assign("tsloginstate","");
499 }
501 // Create additional info for sambaKickOffTime and sambaPwdMustChange.
502 // e.g. Display effective kickoff time. Domain policy + user settings.
503 $additional_info_PwdMustChange = "";
505 // Calculate effective max Password Age
506 // This can only be calculated if sambaPwdLastSet ist set.
507 if(isset($this->attrs['sambaPwdLastSet'][0])){
508 $last = $this->attrs['sambaPwdLastSet'][0];
509 $sid = $this->get_domain_info();
510 if(isset($sid['sambaMaxPwdAge'][0])){
511 $d = ($last + $sid['sambaMaxPwdAge'][0]) - time();
513 // A negative value means the password is outdated
514 if($d < 0){
515 $additional_info_PwdMustChange = sprintf(_("The password is outdated since %s, by domain policy."),
516 date("d.m.Y H:i:s",$last + $sid['sambaMaxPwdAge'][0]));
517 }else{
518 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s."),
519 date("d.m.Y H:i:s", ($last + $sid['sambaMaxPwdAge'][0])));
520 }
521 }
522 }
524 // Assign flags
525 foreach(array("flag_enforcePasswordChange", "flag_passwordNeverExpires", "flag_noPasswordRequired",
526 "flag_temporaryDisabled","flag_cannotChangePassword") as $attr){
527 $smarty->assign($attr, set_post($this->$attr));
528 }
530 $smarty->assign("additional_info_PwdMustChange",set_post($additional_info_PwdMustChange));
531 $smarty->assign("multiple_support",$this->multiple_support_active);
532 $display.= $smarty->fetch (get_template_path('samba3.tpl', TRUE, dirname(__FILE__)));
533 return ($display);
534 }
537 /*! \brief Returns the samba Domain object, selected in the samba tab.
538 */
539 function get_domain_info()
540 {
541 /* Only search once, return last result if available
542 */
543 if(!isset($this->cache['DOMAIN'][$this->sambaDomainName])){
544 $this->cache['DOMAIN'][$this->sambaDomainName] = array();
545 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
546 $cfg = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName];
547 $ldap = $this->config->get_ldap_link();
548 $ldap->cd($this->config->current['BASE']);
549 $ldap->search("(&(objectClass=sambaDomain)(sambaSID=".$cfg['SID']."))",array("*"));
550 if($ldap->count()){
551 $this->cache['DOMAIN'][$this->sambaDomainName] = $ldap->fetch();
552 }
553 }
554 }
555 return($this->cache['DOMAIN'][$this->sambaDomainName]);
556 }
560 function get_samba_information()
561 {
562 $zone = timezone::get_default_timezone();
564 /* Defaults
565 */
566 $sambaMinPwdLength = "unset";
567 $sambaPwdHistoryLength = "unset";
568 $sambaLogonToChgPwd = "unset";
569 $sambaMaxPwdAge = "unset";
570 $sambaMinPwdAge = "unset";
571 $sambaLockoutDuration = "unset";
572 $sambaLockoutThreshold = "unset";
573 $sambaForceLogoff = "unset";
574 $sambaRefuseMachinePwdChange = "unset";
575 $sambaPwdLastSet = "unset";
576 $sambaLogonTime = "unset";
577 $sambaLogoffTime = "unset";
579 $sambaKickoffTime = "unset";
580 $sambaPwdCanChange = "unset";
581 $sambaPwdMustChange = "unset";
582 $sambaBadPasswordCount = "unset";
583 $sambaBadPasswordTime = "unset";
585 /* Domain attributes
586 */
587 $domain_attributes = array("sambaMinPwdLength","sambaPwdHistoryLength","sambaMaxPwdAge",
588 "sambaMinPwdAge","sambaLockoutDuration","sambaRefuseMachinePwdChange",
589 "sambaLogonToChgPwd","sambaLockoutThreshold","sambaForceLogoff");
591 /* User attributes
592 */
593 $user_attributes = array("sambaBadPasswordTime","sambaPwdLastSet","sambaLogonTime","sambaLogoffTime",
594 "sambaKickoffTime","sambaPwdCanChange","sambaPwdMustChange","sambaBadPasswordCount", "sambaSID");
596 /* Get samba SID object and parse settings.
597 */
598 $ldap = $this->config->get_ldap_link();
599 $ldap->cd($this->config->current['BASE']);
600 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
601 $attrs = $this->get_domain_info();
602 foreach($domain_attributes as $attr){
603 if(isset($attrs[$attr])){
604 $$attr = $attrs[$attr][0];
605 }
606 }
607 }
609 /* Get user infos
610 */
611 foreach($user_attributes as $attr){
612 if(isset($this->attrs[$attr])){
613 $$attr = $this->attrs[$attr][0];
614 }
615 }
616 if (is_numeric($sambaPwdMustChange)) {
617 $sambaPwdMustChange= date('d.m.Y', $sambaPwdMustChange);
618 }
619 if (is_numeric($sambaKickoffTime)) {
620 $sambaKickoffTime= date('d.m.Y', $sambaKickoffTime);
621 }
622 $sambaPwdCanChange = $this->sambaPwdCanChange;
625 /* DOMAIN Attributes
626 */
628 /* sambaMinPwdLength: Password length has a default of 5
629 */
630 if($sambaMinPwdLength == "unset" || $sambaMinPwdLength == 5){
631 $sambaMinPwdLength = "5 <i>("._("default").")</i>";
632 }
634 /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
635 */
636 if($sambaPwdHistoryLength == "unset" || $sambaPwdHistoryLength == 0){
637 $sambaPwdHistoryLength = _("Off")." <i>("._("default").")</i>";
638 }
640 /* sambaLogonToChgPwd: Force Users to logon for password change (default: 0 => off, 2 => on)
641 */
642 if($sambaLogonToChgPwd == "unset" || $sambaLogonToChgPwd == 0){
643 $sambaLogonToChgPwd = _("Off")." <i>("._("default").")</i>";
644 }else{
645 $sambaLogonToChgPwd = _("On");
646 }
648 /* sambaMaxPwdAge: Maximum password age, in seconds (default: -1 => never expire passwords)'
649 */
650 if($sambaMaxPwdAge == "unset" || $sambaMaxPwdAge == "-1"){
651 $sambaMaxPwdAge = _("disabled")." <i>("._("default").")</i>";
652 }else{
653 $sambaMaxPwdAge .= " "._("seconds");
654 }
656 /* sambaMinPwdAge: Minimum password age, in seconds (default: 0 => allow immediate password change
657 */
658 if($sambaMinPwdAge == "unset" || $sambaMinPwdAge == 0){
659 $sambaMinPwdAge = _("disabled")." <i>("._("default").")</i>";
660 }else{
661 $sambaMinPwdAge .= " "._("seconds");
662 }
664 /* sambaLockoutDuration: Lockout duration in minutes (default: 30, -1 => forever)
665 */
666 if($sambaLockoutDuration == "unset" || $sambaLockoutDuration == 30){
667 $sambaLockoutDuration = "30 "._("minutes")." <i>("._("default").")</i>";
668 }elseif($sambaLockoutDuration == -1){
669 $sambaLockoutDuration = _("forever");
670 }else{
671 $sambaLockoutDuration .= " "._("minutes");
672 }
674 /* sambaLockoutThreshold: Lockout users after bad logon attempts (default: 0 => off
675 */
676 if($sambaLockoutThreshold == "unset" || $sambaLockoutThreshold == 0){
677 $sambaLockoutThreshold = _("disabled")." <i>("._("default").")</i>";
678 }
680 /* sambaForceLogoff: Disconnect Users outside logon hours (default: -1 => off, 0 => on
681 */
682 if($sambaForceLogoff == "unset" || $sambaForceLogoff == -1){
683 $sambaForceLogoff = _("off")." <i>("._("default").")</i>";
684 }else{
685 $sambaForceLogoff = _("on");
686 }
688 /* sambaRefuseMachinePwdChange: Allow Machine Password changes (default: 0 => off
689 */
690 if($sambaRefuseMachinePwdChange == "none" || $sambaRefuseMachinePwdChange == 0){
691 $sambaRefuseMachinePwdChange = _("off")." <i>("._("default").")</i>";
692 }else{
693 $sambaRefuseMachinePwdChange = _("on");
694 }
696 /* USER Attributes
697 */
698 /* sambaBadPasswordTime: Time of the last bad password attempt
699 */
700 if($sambaBadPasswordTime == "unset" || empty($sambaBadPasswordTime)){
701 $sambaBadPasswordTime = "<i>("._("unset").")</i>";
702 }else{
703 $sambaBadPasswordTime = date("d.m.Y H:i:s",$sambaBadPasswordTime);
704 }
706 /* sambaBadPasswordCount: Bad password attempt count
707 */
708 if($sambaBadPasswordCount == "unset" || empty($sambaBadPasswordCount)){
709 $sambaBadPasswordCount = "<i>("._("unset").")</i>";
710 }else{
711 $sambaBadPasswordCount = date("d.m.Y H:i:s",$sambaBadPasswordCount);
712 }
714 /* sambaPwdLastSet: Timestamp of the last password update
715 */
716 if($sambaPwdLastSet == "unset" || empty($sambaPwdLastSet)){
717 $sambaPwdLastSet = "<i>("._("unset").")</i>";
718 }else{
719 $sambaPwdLastSet = date("d.m.Y H:i:s",$sambaPwdLastSet);
720 }
722 /* sambaLogonTime: Timestamp of last logon
723 */
724 if($sambaLogonTime == "unset" || empty($sambaLogonTime)){
725 $sambaLogonTime = "<i>("._("unset").")</i>";
726 }else{
727 $sambaLogonTime = date("d.m.Y H:i:s",$sambaLogonTime);
728 }
730 /* sambaLogoffTime: Timestamp of last logoff
731 */
732 if($sambaLogoffTime == "unset" || empty($sambaLogoffTime)){
733 $sambaLogoffTime = "<i>("._("unset").")</i>";
734 }else{
735 $sambaLogoffTime = date("d.m.Y H:i:s",$sambaLogoffTime);
736 }
738 /* sambaKickoffTime: Timestamp of when the user will be logged off automatically
739 */
740 if($sambaKickoffTime == "unset" || empty($sambaKickoffTime)){
741 $sambaKickoffTime = "<i>("._("unset").")</i>";
742 }
744 /* sambaPwdMustChange: Timestamp of when the password will expire
745 */
746 if($sambaPwdMustChange == "unset" || empty($sambaPwdMustChange)){
747 $sambaPwdMustChange = "<i>("._("unset").")</i>";
748 }
750 /* sambaPwdCanChange: Timestamp of when the user is allowed to update the password
751 */
752 if($sambaPwdCanChange == "unset" || empty($sambaPwdCanChange)){
753 $sambaPwdCanChange = "<i>("._("unset").")</i>";
754 }elseif($sambaPwdCanChange != "unset" && time() > $sambaPwdCanChange){
755 $sambaPwdCanChange = _("immediately") ;
756 }else{
757 $days = floor((($sambaPwdCanChange - time()) / 60 / 60 / 24)) ;
758 $hours = floor((($sambaPwdCanChange - time()) / 60 / 60) % 24) ;
759 $minutes = floor((($sambaPwdCanChange - time()) / 60 ) % 60) ;
761 $sambaPwdCanChange = " ".$days." "._("days");
762 $sambaPwdCanChange.= " ".$hours." "._("hours");
763 $sambaPwdCanChange.= " ".$minutes." "._("minutes");
764 }
766 $str =
767 "\n<div style='height:200px; overflow: auto;'>".
768 "\n<table style='width:100%;'>".
769 "\n<tr><td><b>"._("Domain attributes")."</b></td></tr>".
770 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
771 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
772 "\n<tr><td>"._("Password history").": </td><td>".$sambaPwdHistoryLength."</td></tr>".
773 "\n<tr><td>"._("Force password change").": </td><td>".$sambaLogonToChgPwd."</td></tr>".
774 "\n<tr><td>"._("Maximum password age").": </td><td>".$sambaMaxPwdAge."</td></tr>".
775 "\n<tr><td>"._("Minimum password age").": </td><td>".$sambaMinPwdAge."</td></tr>".
776 "\n<tr><td>"._("Lockout duration").": </td><td>".$sambaLockoutDuration."</td></tr>".
777 "\n<tr><td>"._("Bad lockout attempt").": </td><td>".$sambaLockoutThreshold."</td></tr>".
778 "\n<tr><td>"._("Disconnect time").": </td><td>".$sambaForceLogoff."</td></tr>".
779 "\n<tr><td>"._("Refuse machine password change").":</td><td>".$sambaRefuseMachinePwdChange."</td></tr>".
780 "\n<tr><td> </td></tr>".
781 "\n<tr><td><b>"._("User attributes")."</b></td></tr>".
782 "\n<tr><td>"._("SID").": </td><td>".$sambaSID."</td></tr>".
783 "\n<tr><td>"._("Last failed login").": </td><td>".$sambaBadPasswordTime."</td></tr>".
784 "\n<tr><td>"._("Log on attempts").": </td><td>".$sambaBadPasswordCount."</td></tr>".
785 "\n<tr><td>"._("Last password update").": </td><td>".$sambaPwdLastSet."</td></tr>".
786 "\n<tr><td>"._("Last log on").": </td><td>".$sambaLogonTime."</td></tr>".
787 "\n<tr><td>"._("Last log off").": </td><td>".$sambaLogoffTime."</td></tr>".
788 "\n<tr><td>"._("Automatic log off").": </td><td>".$sambaKickoffTime."</td></tr>";
790 if($this->flag_passwordNeverExpires){
791 $str .= "\n<tr><td>"._("Password expires").": </td><td>"._("No")."</td></tr>";
792 $str .= "\n<tr><td colspan='2'><font color='gray'>".
793 sprintf(_("The password would expire on %s, but the password expiry is disabled."),$sambaPwdMustChange).
794 "</font></td></tr>";
795 }else{
796 $str .= "\n<tr><td>"._("Password expires").": </td><td>".$sambaPwdMustChange."</td></tr>";
797 }
799 $str .= "\n<tr><td>"._("Password change available").": </td><td>".$sambaPwdCanChange."</td></tr>".
800 "\n</table>";
801 "\n</div>";
802 return($str);
803 }
806 function remove_from_parent()
807 {
808 /* Cancel if there's nothing to do here */
809 if (!$this->initially_was_account){
810 return;
811 }
813 /* include global link_info */
814 $ldap= $this->config->get_ldap_link();
816 plugin::remove_from_parent();
818 /* Keep uid attribute for gosaAccount */
819 unset($this->attrs['uid']);
820 unset($this->attrs['uidNumber']);
821 unset($this->attrs['gidNumber']);
823 /* Remove objectClass for sambaIdmapEntry */
824 $tmp= array();
825 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
826 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
827 $tmp[]= $this->attrs['objectClass'][$i];
828 }
829 }
830 $this->attrs['objectClass']= $tmp;
832 @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
833 $this->attributes, "Save");
834 $ldap->cd($this->dn);
835 $this->cleanup();
836 $ldap->modify ($this->attrs);
838 new log("remove","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
840 if (!$ldap->success()){
841 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
842 }
844 /* Optionally execute a command after we're done */
845 $this->handle_post_events("remove", array("uid" => $this->uid));
846 }
849 /* Check for input problems */
850 function check()
851 {
852 /* Call common method to give check the hook */
853 $message= plugin::check();
855 /* sambaHomePath requires sambaHomeDrive and vice versa */
856 if(!empty($this->sambaHomePath) && empty($this->sambaHomeDrive)){
857 $message[]= msgPool::required(_("Home drive"));
858 }
859 if(!empty($this->sambaHomeDrive) && empty($this->sambaHomePath)){
860 $message[]= msgPool::required(_("Home path"));
861 }
863 /* Strings */
864 foreach (array( "sambaHomePath" => _("Home directory"),
865 "sambaProfilePath" => _("Profile path")) as $key => $val){
866 if (!$this->mungedObject->is_samba_path($this->$key)){
867 $message[]= msgPool::invalid($val);
868 }
869 }
871 /* Numeric values */
872 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
873 "CtxMaxDisconnectionTime" => _("Disconnection"),
874 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
876 if (isset($this->mungedObject->ctx[$key]) && !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
877 $message[]= msgPool::invalid($val);
878 }
879 }
881 /* Too many workstations? Windows usrmgr only supports eight */
882 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
883 $message[]= _("The windows user manager allows eight clients at maximum!");
884 }
886 return ($message);
887 }
890 /* Save data to object */
891 function save_object()
892 {
894 $SkipWrite = (!isset($this->parent) || !$this->parent) && !session::is_set('edit');
896 /* We only care if we are on the sambaTab... */
897 if (isset($_POST['sambaTab'])){
898 plugin::save_object();
900 // Display domain info dialog
901 if(isset($_POST['display_information'])){
902 msg_dialog::display(_("Information"),
903 $this->get_samba_information(),
904 INFO_DIALOG);
905 }
907 // Get posted flags.
908 foreach(array("enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
909 "temporaryDisabled","cannotChangePassword") as $name){
910 $flag = "flag_{$name}";
911 if($this->acl_is_writeable($name)){
912 $tmp = isset($_POST[$flag]);
913 $this->is_modified |= ($tmp != $this->$flag);
914 $this->$flag = isset($_POST[$flag]);
915 }
916 }
919 // get sambaDomain attribute
920 if ($this->acl_is_writeable("sambaDomainName",$SkipWrite) && isset ($_POST['sambaDomainName'],$SkipWrite)){
921 $this->sambaDomainName= get_post('sambaDomainName');
922 }
924 // Save CTX values
925 $TsAcl = $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite);
926 foreach($this->ctxattributes as $val){
927 if (isset($_POST[$val]) && $TsAcl){
928 $this->mungedObject->ctx[$val]= get_post($val);
929 }
930 }
932 $this->mungedObject->setTsLogin(!isset($_POST['tslogin']) && $TsAcl);
934 // Need to do some index checking to avoid messages like "index ... not found"
935 if(isset($_POST['brokenconn'])) {
936 $this->mungedObject->setBrokenConn($_POST['brokenconn'] == '1' && $TsAcl);
937 }
938 if(isset($_POST['reconn'])) {
939 $this->mungedObject->setReConn($_POST['reconn'] == '1' && $TsAcl);
940 }
941 $this->mungedObject->setInheritMode(isset($_POST['inherit']) && $TsAcl);
942 $this->mungedObject->setCtxMaxConnectionTimeF(!isset($_POST['CtxMaxConnectionTimeF']) && $TsAcl);
943 $this->mungedObject->setCtxMaxDisconnectionTimeF(!isset($_POST['CtxMaxDisconnectionTimeF']) && $TsAcl);
944 $this->mungedObject->setCtxMaxIdleTimeF(!isset($_POST['CtxMaxIdleTimeF']) && $TsAcl);
945 $this->mungedObject->setConnectClientDrives(isset($_POST['connectclientdrives']) && $TsAcl);
946 $this->mungedObject->setConnectClientPrinters(isset($_POST['connectclientprinters']) && $TsAcl);
947 $this->mungedObject->setDefaultPrinter(isset($_POST['defaultprinter']) && $TsAcl);
949 // Save combo boxes. Takes two values
950 if(isset($_POST['reconn'])) {
951 $this->mungedObject->setShadow(isset($_POST['shadow']) && $TsAcl,get_post('shadow'));
952 }
954 // Check for changes
955 $this->is_modified |= ($this->sambaMungedDial != $this->mungedObject->getMunged());
956 }
957 }
961 function save()
962 {
963 /* Load uid and gid of this 'dn' */
964 $ldap= $this->config->get_ldap_link();
965 $ldap->cat($this->dn, array('uidNumber', 'gidNumber'));
966 $tmp= $ldap->fetch();
967 $this->uidNumber= $tmp['uidNumber'][0];
968 $this->gidNumber= $tmp['gidNumber'][0];
970 plugin::save();
972 /* Remove objectClass for sambaIdmapEntry */
973 $tmp= array();
974 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
975 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
976 $tmp[]= $this->attrs['objectClass'][$i];
977 }
978 }
979 $this->attrs['objectClass']= $tmp;
982 // Handle "enforce password change" flag.
983 if($this->flag_enforcePasswordChange){
984 $this->attrs['sambaPwdMustChange'] = 0;
985 }else{
987 // Keep old values if given.
988 if ($this->sambaPwdMustChange != "0"){
989 $this->attrs['sambaPwdMustChange']= $this->sambaPwdMustChange;
990 } else {
991 $this->attrs['sambaPwdMustChange']= array();
992 }
993 }
995 // Handle "Cannot change password" flag.
996 if($this->flag_cannotChangePassword){
997 $this->attrs['sambaPwdCanChange'] = 4294967295;
998 }else{
1000 // Keep old values if given.
1001 if ($this->sambaPwdCanChange != 4294967295 && !empty($this->sambaPwdCanChange)){
1002 $this->attrs['sambaPwdCanChange']= $this->sambaPwdCanChange;
1003 } else {
1004 $this->attrs['sambaPwdCanChange']= array();
1005 }
1006 }
1008 // Create sambaAcctFlags
1009 $tmp = "U";
1010 if($this->flag_passwordNeverExpires) $tmp .="X";
1011 if($this->flag_noPasswordRequired) $tmp .="N";
1012 if($this->flag_temporaryDisabled){
1013 if(preg_match("/L/i", $this->sambaAcctFlags)){
1014 $tmp .= "L";
1015 }else{
1016 $tmp .= "D";
1017 }
1018 }
1020 // Fill flag list with whitespaces
1021 $fill= "";
1022 for ($i= strlen($tmp); $i<12; $i++){
1023 $fill.= " ";
1024 }
1025 $this->attrs['sambaAcctFlags'] = "[{$tmp}{$fill}]";
1028 // Generate rid / primaryGroupId
1029 if (!isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
1030 msg_dialog::display(_("Warning"), _("Undefined Samba SID detected. Please fix this problem manually!"), WARNING_DIALOG);
1031 } else {
1032 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
1033 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
1034 }
1036 // Need to generate a new uniqe uid/gid combination?
1037 if ($this->sambaSID == "" || $this->orig_sambaDomainName != $this->sambaDomainName){
1038 $uidNumber= $this->uidNumber;
1039 while(TRUE){
1040 $sid= $this->SID."-".($uidNumber*2 + $this->ridBase);
1041 $ldap->cd($this->config->current['BASE']);
1042 $ldap->search("(sambaSID=$sid)", array("sambaSID"));
1043 if ($ldap->count() == 0){
1044 break;
1045 }
1046 $uidNumber++;
1047 }
1048 $this->attrs['sambaSID']= $sid;
1050 // Check for users primary group
1051 $ldap->cd($this->config->current['BASE']);
1052 $ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
1053 if ($ldap->count() != 1){
1054 msg_dialog::display(_("Warning"),
1055 _("Cannot convert primary group to samba group: group cannot be identified!"),
1056 WARNING_DIALOG);
1057 } else {
1058 $attrs= $ldap->fetch();
1059 $g= new group($this->config, $ldap->getDN());
1060 if ($g->sambaSID == ""){
1061 $g->sambaDomainName= $this->sambaDomainName;
1062 $g->smbgroup= TRUE;
1063 $g->save ();
1064 }
1065 $this->attrs['sambaPrimaryGroupSID']= $g->sambaSID;
1066 }
1067 }
1069 // Set or reset homeDrive - Why is this done seperataly?
1070 if ($this->sambaHomeDrive == ""){
1071 $this->attrs["sambaHomeDrive"]= array();
1072 }
1074 // Generate munged dial value
1075 $this->attrs["sambaMungedDial"]= $this->mungedObject->getMunged();
1077 // User wants me to fake the idMappings? This is useful for
1078 // making winbind resolve the user names in a reasonable amount
1079 // of time in combination with larger databases.
1080 if ($this->config->boolValueIsTrue("core","sambaidmapping")){
1081 $this->attrs['objectClass'][]= "sambaIdmapEntry";
1082 }
1084 // Write back to ldap
1085 $ldap->cd($this->dn);
1086 $this->cleanup();
1087 $ldap->modify ($this->attrs);
1088 if (!$ldap->success()){
1089 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
1090 }else{
1091 if ($this->initially_was_account == $this->is_account){
1092 if ($this->is_modified){
1093 $this->handle_post_events("modify", array("uid" => $this->uid));
1094 new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1095 }
1096 } else {
1097 $this->handle_post_events("add", array("uid" => $this->uid));
1098 new log("create","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1099 }
1100 }
1101 }
1104 /* Force password set, if this account doesn't have any samba passwords */
1105 function password_change_needed()
1106 {
1107 if(!$this->initially_was_account && $this->is_account){
1108 $ldap = $this->config->get_ldap_link();
1109 $ldap->cat($this->dn,array("sambaLMPassword","sambaNTPassword"));
1110 $attrs = $ldap->fetch();
1111 if(!isset($attrs['sambaLMPassword']) || !isset($attrs['sambaNTPassword'])){
1112 return(TRUE);
1113 }
1114 }
1115 return(FALSE);
1116 }
1119 function adapt_from_template($dn, $skip= array())
1120 {
1121 plugin::adapt_from_template($dn, $skip);
1124 $this->sambaSID= "";
1125 $this->sambaPrimaryGroupSID= "";
1127 /* Fill mungedDial field */
1128 if (isset($this->attrs['sambaMungedDial']) && !in_array('sambaMungedDial', $skip)){
1129 $this->mungedObject->load($this->sambaMungedDial);
1130 }
1132 /* Adapt munged attributes */
1133 foreach($this->ctxattributes as $attr){
1134 if(isset($this->mungedObject->ctx[$attr]))
1135 $val = $this->mungedObject->ctx[$attr];
1137 foreach (array("sn", "givenName", "uid") as $repl){
1138 if (preg_match("/%$repl/i", $val)){
1139 $val= preg_replace ("/%$repl/i", $this->parent->$repl, $val);
1140 }
1141 }
1142 $this->mungedObject->ctx[$attr] = $val;
1143 }
1145 // Load flags from source.
1146 $this->loadFlagsFromSource($this->attrs);
1147 }
1150 static function plInfo()
1151 {
1152 return (array(
1153 "plShortName" => _("Samba"),
1154 "plDescription" => _("Samba settings"),
1155 "plSelfModify" => TRUE,
1156 "plDepends" => array("user"),
1157 "plPriority" => 5,
1158 "plSection" => array("personal" => _("My account")),
1159 "plCategory" => array("users"),
1160 "plOptions" => array(),
1161 "plRequirements"=>array(
1162 'ldapSchema' => array('sambaSamAccount' =>''),
1163 'onFailureDisablePlugin' => array(get_class())),
1164 "plProvidedAcls" => array(
1165 "sambaHomePath" => _("Generic home directory") ,
1166 "sambaHomeDrive" => _("Generic samba home drive") ,
1167 "sambaDomainName" => _("Domain") ,
1168 "sambaLogonScript" => _("Generic script path") ,
1169 "sambaProfilePath" => _("Generic profile path") ,
1170 "AllowLoginOnTerminalServer" => _("Allow login on terminal server"),
1171 "InheritClientConfig" => _("Inherit client configuration"),
1173 "enforcePasswordChange" => _("Enforce password change"),
1174 "cannotChangePassword" => _("Disallow password change") ,
1175 "noPasswordRequired" => _("Login from windows client requires no password"),
1176 "passwordNeverExpires" => _("Password never expires"),
1177 "temporaryDisabled" => _("Lock samba account"),
1179 "sambaLogonHours" => _("Log on hours") ,
1180 "sambaUserWorkstations" => _("Allow connection from"))
1181 ));
1182 }
1184 function enable_multiple_support()
1185 {
1186 plugin::enable_multiple_support();
1187 $this->multiple_support_active = TRUE;
1188 }
1190 function multiple_save_object()
1191 {
1192 if (isset($_POST['sambaTab'])){
1193 $this->save_object();
1194 plugin::multiple_save_object();
1195 foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
1196 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF",
1197 "CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
1198 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
1199 "onnectclientprinters","defaultprinter","shadow","brokenconn",
1200 "reconn","connectclientprinters","SetSambaLogonHours","workstation_list",
1201 "enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
1202 "temporaryDisabled","cannotChangePassword"
1203 ) as $attr){
1204 if(isset($_POST["use_".$attr]) || isset($_POST["use_flag_".$attr]) ){
1205 $this->multi_boxes[] = $attr;
1206 }
1207 }
1208 }
1209 }
1212 function multiple_check()
1213 {
1214 $message = plugin::multiple_check();
1216 /* Strings */
1217 foreach (array( "sambaHomePath" => _("Home directory"),
1218 "sambaProfilePath" => _("Profile path")) as $key => $val){
1219 if (in_array($key,$this->multi_boxes) && !$this->mungedObject->is_samba_path($this->$key)){
1220 $message[]= msgPool::invalid($val);
1221 }
1222 }
1224 /* Numeric values */
1225 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
1226 "CtxMaxDisconnectionTime" => _("Disconnection"),
1227 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
1228 if (in_array($key,$this->multi_boxes) &&
1229 isset($this->mungedObject->ctx[$key]) &&
1230 !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
1231 $message[]=msgPool::invalid($val);
1232 }
1233 }
1235 /* Too many workstations? Windows usrmgr only supports eight */
1236 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
1237 $message[]= _("The windows user manager only allows eight clients. You've specified more than eight.");
1238 }
1239 return($message);
1240 }
1243 function get_multi_init_values()
1244 {
1245 $ret = plugin::get_multi_init_values();
1247 /* Parse given sambaUserWorkstations into array
1248 * to allow "init_multiple_support()" to detect multiple used workstations.
1249 * Those workstations will be displayed in light grey.
1250 */
1251 $tmp2 = array("count" => 0);
1252 $tmp = explode(",", $this->sambaUserWorkstations);
1253 foreach($tmp as $station){
1254 $station = trim($station);
1255 if(!empty($station)){
1256 $tmp2[] = $station;
1257 $tmp2['count'] ++;
1258 }
1259 }
1260 $ret['sambaUserWorkstations'] = $tmp2;
1261 return($ret);
1262 }
1266 function init_multiple_support($attrs,$all)
1267 {
1268 plugin::init_multiple_support($attrs,$all);
1270 $this->multiple_sambaUserWorkstations = array();
1271 if(isset($all['sambaUserWorkstations'])){
1272 for($i = 0 ; $i < $all['sambaUserWorkstations']['count'] ; $i++){
1273 $station = trim($all['sambaUserWorkstations'][$i]);
1274 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => FALSE);
1275 }
1276 }
1277 if(isset($attrs['sambaUserWorkstations'])){
1278 for($i = 0 ; $i < $attrs['sambaUserWorkstations']['count'] ; $i++){
1279 $station = trim($attrs['sambaUserWorkstations'][$i]);
1280 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1281 }
1282 }
1283 }
1285 function multiple_execute()
1286 {
1287 return($this->execute());
1288 }
1290 function get_multi_edit_values()
1291 {
1292 $ret = plugin::get_multi_edit_values();
1294 /* Terminal Server */
1295 if(in_array("tslogin",$this->multi_boxes)){
1296 $ret['tslogin'] = $this->mungedObject->getTsLogin();
1297 }
1298 if(in_array("CtxWFHomeDirDrive",$this->multi_boxes)){
1299 $ret['CtxWFHomeDirDrive'] = $this->mungedObject->ctx['CtxWFHomeDirDrive'];
1300 }
1301 if(in_array("CtxWFHomeDir",$this->multi_boxes)){
1302 $ret['CtxWFHomeDir'] = $this->mungedObject->ctx['CtxWFHomeDir'];
1303 }
1304 if(in_array("CtxWFProfilePath",$this->multi_boxes)){
1305 $ret['CtxWFProfilePath'] = $this->mungedObject->ctx['CtxWFProfilePath'];
1306 }
1308 if(in_array("inherit",$this->multi_boxes)){
1309 $ret['inherit'] = $this->mungedObject->getInheritMode();
1310 }
1311 if(in_array("CtxInitialProgram",$this->multi_boxes)){
1312 $ret['CtxInitialProgram'] = $this->mungedObject->ctx['CtxInitialProgram'];
1313 }
1314 if(in_array("CtxWorkDirectory",$this->multi_boxes)){
1315 $ret['CtxWorkDirectory'] = $this->mungedObject->ctx['CtxWorkDirectory'];
1316 }
1318 /* Time Limits. Be careful here, there are some negations */
1319 if(in_array("CtxMaxConnectionTimeF",$this->multi_boxes)){
1320 $ret["CtxMaxConnectionTimeF"] = !$this->mungedObject->getCtxMaxConnectionTimeF();
1321 if(!$ret["CtxMaxConnectionTimeF"]){
1322 $ret["CtxMaxConnectionTime"] = $this->mungedObject->ctx['CtxMaxConnectionTime'];
1323 }
1324 }
1325 if(in_array("CtxMaxDisconnectionTimeF",$this->multi_boxes)){
1326 $ret["CtxMaxDisconnectionTimeF"]= !$this->mungedObject->getCtxMaxDisconnectionTimeF();
1327 if(!$ret["CtxMaxDisconnectionTimeF"]){
1328 $ret["CtxMaxDisconnectionTime"]= $this->mungedObject->ctx['CtxMaxDisconnectionTime'];
1329 }
1330 }
1331 if(in_array("CtxMaxIdleTimeF",$this->multi_boxes)){
1332 $ret["CtxMaxIdleTimeF"] = !$this->mungedObject->getCtxMaxIdleTimeF();
1333 if(!$ret["CtxMaxIdleTimeF"]){
1334 $ret["CtxMaxIdleTime"] = $this->mungedObject->ctx['CtxMaxIdleTime'];
1335 }
1336 }
1338 /* Client Devices */
1339 if(in_array("connectclientdrives",$this->multi_boxes)){
1340 $ret["connectclientdrives"] = $this->mungedObject->getConnectClientDrives();
1341 }
1342 if(in_array("connectclientprinters",$this->multi_boxes)){
1343 $ret["connectclientprinters"] = $this->mungedObject->getConnectClientPrinters();
1344 }
1345 if(in_array("defaultprinter",$this->multi_boxes)){
1346 $ret["defaultprinter"] = $this->mungedObject->getDefaultPrinter();
1347 }
1349 /* Misc */
1350 if(in_array("shadow",$this->multi_boxes)){
1351 $ret["shadow"] =$this->mungedObject->getShadow();
1352 }
1353 if(in_array("brokenconn",$this->multi_boxes)){
1354 $ret["brokenconn"]=$this->mungedObject->getBrokenConn();
1355 }
1356 if(in_array("reconn",$this->multi_boxes)){
1357 $ret["reconn"] =$this->mungedObject->getReConn();
1358 }
1360 // Handle Flags.
1361 foreach(array("flag_enforcePasswordChange", "flag_passwordNeverExpires", "flag_noPasswordRequired",
1362 "flag_temporaryDisabled","flag_cannotChangePassword") as $attr){
1363 $ret[$attr] = $this->$attr;
1364 }
1366 if(in_array("SetSambaLogonHours",$this->multi_boxes)){
1367 $ret['sambaLogonHours'] = $this->sambaLogonHours;
1368 }
1370 if(in_array("workstation_list",$this->multi_boxes)){
1371 $ret['multiple_sambaUserWorkstations'] = $this->multiple_sambaUserWorkstations;
1372 }
1373 return($ret);
1374 }
1376 function set_multi_edit_values($values)
1377 {
1378 plugin::set_multi_edit_values($values);
1380 /* Prepare current workstation settings to be merged
1381 * with multiple edit settings.
1382 */
1383 if(isset($values['multiple_sambaUserWorkstations'])){
1384 $cur_ws = array();
1385 $m_ws = $values['multiple_sambaUserWorkstations'];
1387 /* Prepare current settings to be merged */
1388 if(isset($this->sambaUserWorkstations)){
1389 $ttmp = explode(",",$this->sambaUserWorkstations);
1390 foreach($ttmp as $station){
1391 $station = trim($station);
1392 if(!empty($station)){
1393 $cur_ws[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1394 }
1395 }
1396 }
1398 /* Unset removed workstations */
1399 foreach($cur_ws as $cur_name => $cur_station){
1400 if(!isset($m_ws[$cur_name])){
1401 unset($cur_ws[$cur_name]);
1402 }
1403 }
1405 /* Add all added workstations */
1406 foreach($m_ws as $name => $station){
1407 if($station['UsedByAllUsers']){
1408 $cur_ws[$name] = $station;
1409 }
1410 }
1412 $this->sambaUserWorkstations = "";
1413 foreach($cur_ws as $name => $ws){
1414 $this->sambaUserWorkstations .= $name.",";
1415 }
1416 $this->sambaUserWorkstations=preg_replace("/,$/","",$this->sambaUserWorkstations);
1417 }
1419 /* Enable disabled terminal login, this is inverted somehow */
1420 if(isset($values['tslogin'])) $this->mungedObject->setTsLogin(!$values['tslogin']);
1422 /* Imherit client configuration */
1423 if(isset($values['inherit'])) $this->mungedObject->setInheritMode($values['inherit']);
1425 /* Get all ctx values posted */
1426 $ctx = array("CtxWFHomeDirDrive","CtxWFHomeDir","CtxWFProfilePath","CtxInitialProgram","CtxWorkDirectory",
1427 "CtxMaxConnectionTime","CtxMaxDisconnectionTime","CtxMaxIdleTime");
1428 foreach($ctx as $attr){
1429 if(isset($values[$attr])){
1430 $this->mungedObject->ctx[$attr] = $values[$attr] ;
1431 }
1432 }
1434 if(isset($values['CtxMaxConnectionTimeF'])) $this->mungedObject->setCtxMaxConnectionTimeF($values['CtxMaxConnectionTimeF']);
1435 if(isset($values['CtxMaxDisconnectionTimeF']))$this->mungedObject->setCtxMaxDisconnectionTimeF($values['CtxMaxDisconnectionTimeF']);
1436 if(isset($values['CtxMaxIdleTimeF'])) $this->mungedObject->setCtxMaxIdleTimeF($values['CtxMaxIdleTimeF']);
1438 if(isset($values['connectclientdrives'])) $this->mungedObject->setConnectClientDrives($values['connectclientdrives']);
1439 if(isset($values['connectclientprinters'])) $this->mungedObject->setConnectClientPrinters($values['connectclientprinters']);
1440 if(isset($values['defaultprinter'])) $this->mungedObject->setDefaultPrinter($values['defaultprinter']);
1442 if(isset($values['shadow'])) $this->mungedObject->setShadow($values['shadow'],$values['shadow']);
1443 if(isset($values['brokenconn'])) $this->mungedObject->setBrokenConn($values['brokenconn'],$values['brokenconn']);
1444 if(isset($values['reconn'])) $this->mungedObject->setReConn($values['reconn'],$values['reconn']);
1445 }
1448 function PrepareForCopyPaste($source)
1449 {
1450 plugin::PrepareForCopyPaste($source);
1452 /* Set a new SID */
1453 $this->sambaSID = "";
1455 /* Fill mungedDial field */
1456 if (isset($source['sambaMungedDial'])){
1457 $this->mungedObject->load($source['sambaMungedDial'][0]);
1458 }
1460 // Load flags from source.
1461 $this->loadFlagsFromSource($source);
1462 }
1464 }
1466 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1467 ?>