1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2004-2005 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 class sambaAccount extends plugin
22 {
23 /* Definitions */
24 var $plHeadline= "Samba";
25 var $plDescription= "This does something";
26 var $view_logged = FALSE;
27 var $password_expires= 0;
29 /* Switch for Samba version */
30 var $uidNumber= 65535;
31 var $gidNumber= 65535;
33 /* Samba attributes */
34 var $SID= "";
35 var $ridBase= 0;
36 var $sambaSID= "";
37 var $sambaPwdLastSet= "0";
38 var $sambaPwdCanChange= "";
39 var $cannotChangePassword = FALSE;
40 var $sambaPwdMustChange= "0";
41 var $sambaAcctFlags= "[UX ]";
42 var $sambaHomePath= "";
43 var $sambaHomeDrive= "";
44 var $sambaLogonScript= "";
45 var $sambaProfilePath= "";
46 var $sambaPrimaryGroupSID= "";
47 var $sambaDomainName= "";
48 var $sambaUserWorkstations= "";
49 var $sambaBadPasswordCount= "";
50 var $sambaBadPasswordTime= "";
51 var $sambaPasswordHistory= "";
52 var $sambaLogonHours= "";
53 var $orig_sambaDomainName= "";
54 var $sambaMungedDial= "";
55 var $mungedObject;
57 /* Helper */
58 var $cache = array();
59 var $trustSelect= FALSE;
61 /* attribute list for save action */
62 var $ctxattributes= array();
63 var $attributes= array("sambaSID", "sambaPwdLastSet", "sambaPwdCanChange",
64 "sambaPwdMustChange", "sambaAcctFlags", "uid", "sambaMungedDial",
65 "sambaHomePath", "sambaHomeDrive", "sambaLogonScript",
66 "sambaProfilePath", "sambaPrimaryGroupSID", "sambaDomainName",
67 "sambaUserWorkstations", "sambaPasswordHistory",
68 "sambaLogonHours", "sambaBadPasswordTime",
69 "sambaBadPasswordCount");
70 var $objectclasses= array('sambaSamAccount');
72 var $uid= "";
73 var $CopyPasteVars = array("mungedObject","orig_sambaDomainName",'enforcePasswordChange','cannotChangePassword');
75 var $multiple_support = TRUE;
77 /* Only used for multiple edit */
78 var $temporary_disable = FALSE;
79 var $no_password_required = FALSE;
80 var $no_expiry = FALSE;
81 var $multiple_sambaUserWorkstations = array();
83 var $enforcePasswordChange = FALSE;
85 function sambaAccount (&$config, $dn= NULL)
86 {
87 $this->mungedObject= new sambaMungedDial;
88 $this->ctxattributes= $this->mungedObject->ctxattributes;
90 plugin::plugin ($config, $dn);
92 /* Setting uid to default */
93 if(isset($this->attrs['uid'][0])){
94 $this->uid = $this->attrs['uid'][0];
95 }
97 /* Get samba Domain in case of samba 3 */
98 if ($this->sambaSID != ""){
99 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
100 $ldap= $this->config->get_ldap_link();
101 $ldap->cd($this->config->current['BASE']);
102 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase","sambaDomainName"));
103 if ($ldap->count() != 0){
104 $attrs= $ldap->fetch();
105 if(isset($attrs['sambaAlgorithmicRidBase'])){
106 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
107 } else {
108 $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
109 }
110 if ($this->sambaDomainName == ""){
111 $this->sambaDomainName= $attrs['sambaDomainName'][0];
112 }
113 } else {
114 if ($this->sambaDomainName == ""){
115 $this->sambaDomainName= "DEFAULT";
116 }
117 $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
118 $this->SID= $this->config->get_cfg_value("core","sambaSID");
119 }
121 /* Save in order to compare later on */
122 $this->orig_sambaDomainName= $this->sambaDomainName;
123 }
125 /* Fill mungedDial field */
126 if (isset($this->attrs['sambaMungedDial'])){
127 $this->mungedObject->load($this->sambaMungedDial);
128 }
130 /* Password expiery */
131 if(isset($this->attrs['sambaPwdMustChange']) &&
132 $this->attrs['sambaPwdMustChange'][0] != 0){
133 $this->password_expires= 1;
134 }
136 /* Save initial account state */
137 $this->initially_was_account= $this->is_account;
139 $this->sambaPwdMustChange= $this->sambaPwdMustChange == 2147483647?"":date('d.m.Y', $this->sambaPwdMustChange);
141 // Enforce password change?
142 // ------------------------
143 // Check if we've the attribute 'sambaPwdLastSet' set and if its value is 0,
144 // in this case a password change is forced for this account.
145 $this->enforcePasswordChange = (isset($this->attrs['sambaPwdLastSet']) && $this->attrs['sambaPwdLastSet'][0] == '0');
147 // User cannot change his password? (sambaPwdLastSet int max(Int))
148 // --------------------------------
149 // The user is not able to change his password while sambaPwdCanChange is 4294967295 (Integer 32 Bit max)
150 $this->cannotChangePassword = (isset($this->attrs['sambaPwdCanChange']) && $this->attrs['sambaPwdCanChange'][0] == '4294967295');
151 }
153 function execute()
154 {
155 /* Call parent execute */
156 plugin::execute();
158 /* Log view */
159 if($this->is_account && !$this->view_logged){
160 $this->view_logged = TRUE;
161 new log("view","users/".get_class($this),$this->dn);
162 }
164 /* Do we need to flip is_account state? */
165 if (isset($_POST['modify_state'])){
166 $this->is_account= !$this->is_account;
167 }
168 /* Do we represent a valid account? */
169 if (!$this->is_account && $this->parent === NULL){
170 $display= "<img alt=\"\"src=\"images/small-error.png\" align=\"middle\"> <b>".
171 msgPool::noValidExtension(_("Samba"))."</b>";
172 $display.= back_to_main();
173 return ($display);
174 }
176 $display ="";
177 if(!$this->multiple_support_active){
179 /* Show tab dialog headers */
180 $display= "";
181 if ($this->parent !== NULL){
182 if ($this->is_account){
183 $display= $this->show_disable_header(msgPool::removeFeaturesButton(_("Samba")),
184 msgPool::featuresEnabled(_("Samba")));
185 } else {
186 $obj= $this->parent->by_object['posixAccount'];
188 /* Samba3 dependency on posix accounts are enabled
189 in the moment, because I need to rely on unique
190 uidNumbers. There'll be a better solution later
191 on. */
192 if ($obj->is_account){
193 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
194 msgPool::featuresDisabled(_("Samba")));
195 } else {
196 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
197 msgPool::featuresDisabled(_("Samba"), _("POSIX")), TRUE);
198 }
199 return ($display);
200 }
201 }
202 }
204 /* Open Samaba Logong hours dialog */
205 if(isset($_POST['SetSambaLogonHours']) && $this->acl_is_readable("sambaLogonHours")){
206 $this->dialog = new sambaLogonHours($this->config,$this->dn,$this->sambaLogonHours, $this->getacl('sambaLogonHours'));
207 }
209 /* Cancel dialog */
210 if(isset($_POST['cancel_logonHours'])){
211 $this->dialog = FALSE;
212 }
214 /* Save selected logon hours */
215 if(isset($_POST['save_logonHours']) && $this->dialog instanceOf sambaLogonHours){
216 $this->dialog->save_object();
217 if($this->acl_is_writeable("sambaLogonHours")){
218 $this->sambaLogonHours = $this->dialog->save();
219 }
220 $this->dialog = FALSE;
221 }
223 /* Display dialog */
224 if((isset($this->dialog)) && (is_object($this->dialog))){
225 $this->dialog->save_object();
226 return($this->dialog->execute());
227 }
229 /* Prepare templating */
230 $smarty= get_smarty();
233 $tmp = $this->plInfo();
234 foreach($tmp['plProvidedAcls'] as $var => $rest){
235 $smarty->assign($var."ACL",$this->getacl($var));
236 }
238 if(!session::is_set('edit') && !isset($this->parent)){
239 $smarty->assign("sambaLogonHoursACL","");
240 }
242 /* Remove user workstations? */
243 if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
245 if($this->acl_is_writeable("sambaUserWorkstations")){
247 if($this->multiple_support_active){
248 foreach($_POST['workstation_list'] as $name){
249 if(isset($this->multiple_sambaUserWorkstations[trim($name)])){
250 unset($this->multiple_sambaUserWorkstations[trim($name)]);
251 }
252 }
253 }else{
254 $tmp= $this->sambaUserWorkstations;
255 foreach($_POST['workstation_list'] as $name){
256 $tmp= preg_replace("/$name/", '', $tmp);
257 $this->is_modified= TRUE;
258 }
259 $tmp= preg_replace('/,+/', ',', $tmp);
260 $this->sambaUserWorkstations= trim($tmp, ',');
261 }
262 }
263 }
265 /* Add user workstation? */
266 if (isset($_POST["add_ws"])){
267 if($this->acl_is_writeable("sambaUserWorkstations")){
268 $this->trustSelect= new trustSelect($this->config,get_userinfo());
269 $this->dialog= TRUE;
270 }
271 }
273 /* Add user workstation finished? */
274 if (isset($_POST["add_ws_cancel"])){
275 $this->trustSelect= FALSE;
276 $this->dialog= FALSE;
277 }
279 // Add selected machines to trusted ones.
280 if (isset($_POST["add_ws_finish"]) && $this->trustSelect){
281 $trusts = $this->trustSelect->detectPostActions();
282 if(isset($trusts['targets'])){
284 $headpage = $this->trustSelect->getHeadpage();
285 if($this->multiple_support_active){
286 foreach($trusts['targets'] as $id){
287 $attrs = $headpage->getEntry($id);
288 $we =$attrs['cn'][0];
289 $this->multiple_sambaUserWorkstations[trim($we)] = array("Name" => trim($ws), "UsedByAllUsers" => TRUE);
290 }
291 }else{
293 $tmp= $this->sambaUserWorkstations;
294 foreach($trusts['targets'] as $id){
295 $attrs = $headpage->getEntry($id);
296 $we =$attrs['cn'][0];
297 $tmp.= ",$we";
298 }
299 $tmp= preg_replace('/,+/', ',', $tmp);
300 $this->sambaUserWorkstations= trim($tmp, ',');
301 }
303 $this->is_modified= TRUE;
304 }
305 $this->trustSelect= NULL;
306 $this->dialog= FALSE;
307 }
309 /* Show ws dialog */
310 if ($this->trustSelect){
312 // Build up blocklist
313 session::set('filterBlacklist', array('cn' => preg_split('/,/',$this->sambaUserWorkstations)));
314 return($this->trustSelect->execute());
315 }
317 /* Fill boxes */
318 $domains= array();
319 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
320 $domains[]= $name;
321 }
322 $smarty->assign("domains", set_post($domains));
323 $letters= array(" ");
324 for ($i= 68; $i<91; $i++){
325 $letters[]= chr($i).":";
326 }
327 $smarty->assign("drives", $letters);
329 /* Fill terminal server settings */
330 foreach ($this->ctxattributes as $attr){
331 /* Fill common attributes */
332 if (isset($this->mungedObject->ctx[$attr])){
333 $smarty->assign("$attr", set_post($this->mungedObject->ctx[$attr]));
334 // Set field to blank if value is 0
335 if(in_array($attr, array("CtxMaxConnectionTime", "CtxMaxDisconnectionTime", "CtxMaxIdleTime"))) {
336 if($this->mungedObject->ctx[$attr] == 0) {
337 $smarty->assign("$attr", "");
338 }
339 }
340 } else {
341 $smarty->assign("$attr", "");
342 }
343 }
345 /* Assign enum values for preset items */
346 $shadowModeVals= array( "0" => _("disabled"),
347 "1" => _("input on, notify on"),
348 "2" => _("input on, notify off"),
349 "3" => _("input off, notify on"),
350 "4" => _("input off, nofify off"));
352 $brokenConnModeVals= array( "0" => _("disconnect"),
353 "1" => _("reset"));
355 $reConnModeVals= array( "0" => _("from any client"),
356 "1" => _("from previous client only"));
358 /* Fill preset items */
359 $smarty->assign("shadow", set_post($shadowModeVals));
360 $smarty->assign("brokenconn", set_post($brokenConnModeVals));
361 $smarty->assign("reconn", set_post($reConnModeVals));
363 /* Fill preset items with values */
364 $smarty->assign("shadowmode", set_post($this->mungedObject->getShadow()));
365 $smarty->assign("brokenconnmode", set_post($this->mungedObject->getBrokenConn()));
366 $smarty->assign("reconnmode", set_post($this->mungedObject->getReConn()));
368 if(session::get('js')){
369 /* Set form elements to disabled/enable state */
370 $smarty->assign("tsloginstate", set_post($this->mungedObject->getTsLogin()?"":"disabled"));
372 $smarty->assign("inheritstate", "");
373 if($this->acl_is_writeable("AllowLoginOnTerminalServer")){
374 $smarty->assign("inheritstate", $this->mungedObject->getInheritMode()?"disabled":"");
375 }
376 }else{
377 $smarty->assign("tsloginstate", "");
378 $smarty->assign("inheritstate", "");
379 }
381 /* Set checkboxes to checked or unchecked state */
382 $smarty->assign("tslogin", $this->mungedObject->getTsLogin()?"checked":"");
383 $smarty->assign("inherit", $this->mungedObject->getInheritMode()?"checked":"");
384 $smarty->assign("connectclientdrives",
385 $this->mungedObject->getConnectClientDrives()?"checked":"");
386 $smarty->assign("connectclientprinters",
387 $this->mungedObject->getConnectClientPrinters()?"checked":"");
388 $smarty->assign("defaultprinter",
389 $this->mungedObject->getDefaultPrinter()?"checked":"");
390 $smarty->assign("CtxMaxConnectionTimeF",
391 $this->mungedObject->getCtxMaxConnectionTimeF()?"checked":"");
392 $smarty->assign("CtxMaxDisconnectionTimeF",
393 $this->mungedObject->getCtxMaxDisconnectionTimeF()?"checked":"");
394 $smarty->assign("CtxMaxIdleTimeF",
395 $this->mungedObject->getCtxMaxIdleTimeF()?"checked":"");
398 /* Fill sambaUserWorkstations */
399 $ws= explode(",", $this->sambaUserWorkstations);
400 sort($ws);
402 /* Tidy checks for empty option, and smarty will produce one if array[0]="" */
403 if(($ws[0]=="")&&(count($ws)==1)) $ws=array();
405 if($this->multiple_support_active){
406 $smarty->assign("multiple_workstations",$this->multiple_sambaUserWorkstations);
407 }
409 $smarty->assign("workstations", set_post($ws));
412 /* Variables */
413 foreach($this->attributes as $val){
414 $smarty->assign("$val", set_post($this->$val));
415 }
417 /* 'sambaAcctFlags' checkboxes */
418 /* Check for 'lock-account'-flag: 'D' or 'L' */
419 if (is_integer(strpos($this->sambaAcctFlags, "D")) ||
420 is_integer(strpos($this->sambaAcctFlags, "L"))) {
421 $smarty->assign("flagsD", "checked");
422 } else {
423 $smarty->assign("flagsD", "");
424 }
426 /* Check for no_password_required flag 'N' */
427 if (is_integer(strpos($this->sambaAcctFlags, "N"))) {
428 $smarty->assign("flagsN", "checked");
429 } else {
430 $smarty->assign("flagsN", "");
431 }
433 // check if password never expires
434 if (is_integer(strpos($this->sambaAcctFlags, "X"))) {
435 $smarty->assign("flagsX", "checked");
436 } else {
437 $smarty->assign("flagsX", "");
438 }
440 if ($this->sambaPwdCanChange=="1"){
441 $smarty->assign("flagsP", "checked");
442 } else {
443 $smarty->assign("flagsP", "");
444 }
446 if ($this->password_expires=="1"){
447 $smarty->assign("flagsC", "checked");
448 } else {
449 $smarty->assign("flagsC", "");
450 }
453 /* In case of javascript, disable some fields on demand */
454 foreach($this->mungedObject->getOnDemandFlags() as $key => $value) {
455 $smarty->assign("$key", set_post($value));
456 }
459 foreach($this->attributes as $attr){
460 if(in_array($attr,$this->multi_boxes)){
461 $smarty->assign("use_".$attr,TRUE);
462 }else{
463 $smarty->assign("use_".$attr,FALSE);
464 }
465 }
466 foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
467 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF","CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
468 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
469 "onnectclientprinters","defaultprinter","shadow","brokenconn",
470 "reconn","allow_pwchange","connectclientprinters","no_expiry","no_password_required","temporary_disable",
471 "password_expires","SetSambaLogonHours",
472 "workstation_list", "enforcePasswordChange", "cannotChangePassword") as $attr){
473 if(in_array($attr,$this->multi_boxes)){
474 $smarty->assign("use_".$attr,TRUE);
475 }else{
476 $smarty->assign("use_".$attr,FALSE);
477 }
478 }
480 if($this->multiple_support_active){
481 $smarty->assign("tsloginstate","");
482 }
484 /* Create additional info for sambaKickOffTime and sambaPwdMustChange.
485 e.g. Display effective kickoff time. Domain policy + user settings.
486 */
487 $additional_info_PwdMustChange = "";
489 /* Calculate effective max Password Age
490 This can only be calculated if sambaPwdLastSet ist set.
491 */
492 if(isset($this->attrs['sambaPwdLastSet'][0])){
493 $last = $this->attrs['sambaPwdLastSet'][0];
495 $sid = $this->get_domain_info();
496 if(isset($sid['sambaMaxPwdAge'][0])){
497 $d = ($last + $sid['sambaMaxPwdAge'][0]) - time();
499 /* A negative value means the password is outdated
500 */
501 if($d < 0){
502 $additional_info_PwdMustChange = sprintf(_("The password is outdated since %s, by domain policy."),
503 date("d.m.Y H:i:s",$last + $sid['sambaMaxPwdAge'][0]));
504 }else{
505 if($this->password_expires && ($last + $sid['sambaMaxPwdAge'][0]) > $this->sambaPwdMustChange){
506 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by user policy."),
507 date("d.m.Y H:i:s", $this->sambaPwdMustChange));
508 }else{
509 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by domain policy."),
510 date("d.m.Y H:i:s", ($last + $sid['sambaMaxPwdAge'][0])));
511 }
512 }
513 }
514 }
515 $smarty->assign("additional_info_PwdMustChange",set_post($additional_info_PwdMustChange));
516 $smarty->assign("no_expiry",set_post($this->no_expiry));
518 /* Show main page */
519 $smarty->assign("multiple_support", set_post($this->multiple_support_active));
520 $smarty->assign('enforcePasswordChange',set_post($this->enforcePasswordChange));
521 $smarty->assign("cannotChangePassword", set_post($this->cannotChangePassword));
522 $display.= $smarty->fetch (get_template_path('samba3.tpl', TRUE, dirname(__FILE__)));
523 return ($display);
524 }
527 /*! \brief Returns the samba Domain object, selected in the samba tab.
528 */
529 function get_domain_info()
530 {
531 /* Only search once, return last result if available
532 */
533 if(!isset($this->cache['DOMAIN'][$this->sambaDomainName])){
534 $this->cache['DOMAIN'][$this->sambaDomainName] = array();
535 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
536 $cfg = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName];
537 $ldap = $this->config->get_ldap_link();
538 $ldap->cd($this->config->current['BASE']);
539 $ldap->search("(&(objectClass=sambaDomain)(sambaSID=".$cfg['SID']."))",array("*"));
540 if($ldap->count()){
541 $this->cache['DOMAIN'][$this->sambaDomainName] = $ldap->fetch();
542 }
543 }
544 }
545 return($this->cache['DOMAIN'][$this->sambaDomainName]);
546 }
550 function get_samba_information()
551 {
552 $zone = timezone::get_default_timezone();
554 /* Defaults
555 */
556 $sambaMinPwdLength = "unset";
557 $sambaPwdHistoryLength = "unset";
558 $sambaLogonToChgPwd = "unset";
559 $sambaMaxPwdAge = "unset";
560 $sambaMinPwdAge = "unset";
561 $sambaLockoutDuration = "unset";
562 $sambaLockoutThreshold = "unset";
563 $sambaForceLogoff = "unset";
564 $sambaRefuseMachinePwdChange = "unset";
565 $sambaPwdLastSet = "unset";
566 $sambaLogonTime = "unset";
567 $sambaLogoffTime = "unset";
569 $sambaKickoffTime = "unset";
570 $sambaPwdCanChange = "unset";
571 $sambaPwdMustChange = "unset";
572 $sambaBadPasswordCount = "unset";
573 $sambaBadPasswordTime = "unset";
575 /* Domain attributes
576 */
577 $domain_attributes = array("sambaMinPwdLength","sambaPwdHistoryLength","sambaMaxPwdAge",
578 "sambaMinPwdAge","sambaLockoutDuration","sambaRefuseMachinePwdChange",
579 "sambaLogonToChgPwd","sambaLockoutThreshold","sambaForceLogoff");
581 /* User attributes
582 */
583 $user_attributes = array("sambaBadPasswordTime","sambaPwdLastSet","sambaLogonTime","sambaLogoffTime",
584 "sambaKickoffTime","sambaPwdCanChange","sambaPwdMustChange","sambaBadPasswordCount", "sambaSID");
586 /* Get samba SID object and parse settings.
587 */
588 $ldap = $this->config->get_ldap_link();
589 $ldap->cd($this->config->current['BASE']);
590 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
591 $attrs = $this->get_domain_info();
592 foreach($domain_attributes as $attr){
593 if(isset($attrs[$attr])){
594 $$attr = $attrs[$attr][0];
595 }
596 }
597 }
599 /* Get user infos
600 */
601 foreach($user_attributes as $attr){
602 $$attr = "unset";
603 if(isset($this->attrs[$attr])){
604 $$attr = $this->attrs[$attr][0];
605 }
606 }
607 if($this->password_expires){
608 $sambaPwdMustChange = $this->sambaPwdMustChange;
609 } else {
610 if (is_numeric($sambaPwdMustChange)) {
611 $sambaPwdMustChange= date('d.m.Y', $sambaPwdMustChange);
612 }
613 }
614 if($this->attrs['sambaKickoffTime']){
615 $sambaKickoffTime = date('d.m.Y', $this->attrs['sambaKickoffTime'][0]);
616 }
617 $sambaPwdCanChange = $this->sambaPwdCanChange;
620 /* DOMAIN Attributes
621 */
623 /* sambaMinPwdLength: Password length has a default of 5
624 */
625 if($sambaSID == "unset"){
626 $sambaSID = "<i>("._("unset").")</i>";
627 }
629 /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
630 /* sambaMinPwdLength: Password length has a default of 5
631 */
632 if($sambaMinPwdLength == "unset" || $sambaMinPwdLength == 5){
633 $sambaMinPwdLength = "5 <i>("._("default").")</i>";
634 }
636 /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
637 */
638 if($sambaPwdHistoryLength == "unset" || $sambaPwdHistoryLength == 0){
639 $sambaPwdHistoryLength = _("Off")." <i>("._("default").")</i>";
640 }
642 /* sambaLogonToChgPwd: Force Users to logon for password change (default: 0 => off, 2 => on)
643 */
644 if($sambaLogonToChgPwd == "unset" || $sambaLogonToChgPwd == 0){
645 $sambaLogonToChgPwd = _("Off")." <i>("._("default").")</i>";
646 }else{
647 $sambaLogonToChgPwd = _("On");
648 }
650 /* sambaMaxPwdAge: Maximum password age, in seconds (default: -1 => never expire passwords)'
651 */
652 if($sambaMaxPwdAge == "unset" || $sambaMaxPwdAge == "-1"){
653 $sambaMaxPwdAge = _("disabled")." <i>("._("default").")</i>";
654 }else{
655 $sambaMaxPwdAge .= " "._("seconds");
656 }
658 /* sambaMinPwdAge: Minimum password age, in seconds (default: 0 => allow immediate password change
659 */
660 if($sambaMinPwdAge == "unset" || $sambaMinPwdAge == 0){
661 $sambaMinPwdAge = _("disabled")." <i>("._("default").")</i>";
662 }else{
663 $sambaMinPwdAge .= " "._("seconds");
664 }
666 /* sambaLockoutDuration: Lockout duration in minutes (default: 30, -1 => forever)
667 */
668 if($sambaLockoutDuration == "unset" || $sambaLockoutDuration == 30){
669 $sambaLockoutDuration = "30 "._("minutes")." <i>("._("default").")</i>";
670 }elseif($sambaLockoutDuration == -1){
671 $sambaLockoutDuration = _("forever");
672 }else{
673 $sambaLockoutDuration .= " "._("minutes");
674 }
676 /* sambaLockoutThreshold: Lockout users after bad logon attempts (default: 0 => off
677 */
678 if($sambaLockoutThreshold == "unset" || $sambaLockoutThreshold == 0){
679 $sambaLockoutThreshold = _("disabled")." <i>("._("default").")</i>";
680 }
682 /* sambaForceLogoff: Disconnect Users outside logon hours (default: -1 => off, 0 => on
683 */
684 if($sambaForceLogoff == "unset" || $sambaForceLogoff == -1){
685 $sambaForceLogoff = _("off")." <i>("._("default").")</i>";
686 }else{
687 $sambaForceLogoff = _("on");
688 }
690 /* sambaRefuseMachinePwdChange: Allow Machine Password changes (default: 0 => off
691 */
692 if($sambaRefuseMachinePwdChange == "none" || $sambaRefuseMachinePwdChange == 0){
693 $sambaRefuseMachinePwdChange = _("off")." <i>("._("default").")</i>";
694 }else{
695 $sambaRefuseMachinePwdChange = _("on");
696 }
698 /* USER Attributes
699 */
700 /* sambaBadPasswordTime: Time of the last bad password attempt
701 */
702 if($sambaBadPasswordTime == "unset" || empty($sambaBadPasswordTime)){
703 $sambaBadPasswordTime = "<i>("._("unset").")</i>";
704 }else{
705 $sambaBadPasswordTime = date("d.m.Y H:i:s",$sambaBadPasswordTime);
706 }
708 /* sambaBadPasswordCount: Bad password attempt count
709 */
710 if($sambaBadPasswordCount == "unset" || empty($sambaBadPasswordCount)){
711 $sambaBadPasswordCount = "<i>("._("unset").")</i>";
712 }else{
713 $sambaBadPasswordCount = date("d.m.Y H:i:s",$sambaBadPasswordCount);
714 }
716 /* sambaPwdLastSet: Timestamp of the last password update
717 */
718 if($sambaPwdLastSet == "unset" || empty($sambaPwdLastSet)){
719 $sambaPwdLastSet = "<i>("._("unset").")</i>";
720 }else{
721 $sambaPwdLastSet = date("d.m.Y H:i:s",$sambaPwdLastSet);
722 }
724 /* sambaLogonTime: Timestamp of last logon
725 */
726 if($sambaLogonTime == "unset" || empty($sambaLogonTime)){
727 $sambaLogonTime = "<i>("._("unset").")</i>";
728 }else{
729 $sambaLogonTime = date("d.m.Y H:i:s",$sambaLogonTime);
730 }
732 /* sambaLogoffTime: Timestamp of last logoff
733 */
734 if($sambaLogoffTime == "unset" || empty($sambaLogoffTime)){
735 $sambaLogoffTime = "<i>("._("unset").")</i>";
736 }else{
737 $sambaLogoffTime = date("d.m.Y H:i:s",$sambaLogoffTime);
738 }
740 /* sambaKickoffTime: Timestamp of when the user will be logged off automatically
741 */
742 if($sambaKickoffTime == "unset" || empty($sambaKickoffTime)){
743 $sambaKickoffTime = "<i>("._("unset").")</i>";
744 }
746 /* sambaPwdMustChange: Timestamp of when the password will expire
747 */
748 if($sambaPwdMustChange == "unset" || empty($sambaPwdMustChange)){
749 $sambaPwdMustChange = "<i>("._("unset").")</i>";
750 }
752 /* sambaPwdCanChange: Timestamp of when the user is allowed to update the password
753 */
754 if($sambaPwdCanChange == "unset" || empty($sambaPwdCanChange)){
755 $sambaPwdCanChange = "<i>("._("unset").")</i>";
756 }elseif($sambaPwdCanChange != "unset" && time() > $sambaPwdCanChange){
757 $sambaPwdCanChange = _("immediately") ;
758 }else{
759 $days = floor((($sambaPwdCanChange - time()) / 60 / 60 / 24)) ;
760 $hours = floor((($sambaPwdCanChange - time()) / 60 / 60) % 24) ;
761 $minutes = floor((($sambaPwdCanChange - time()) / 60 ) % 60) ;
763 $sambaPwdCanChange = " ".$days." "._("days");
764 $sambaPwdCanChange.= " ".$hours." "._("hours");
765 $sambaPwdCanChange.= " ".$minutes." "._("minutes");
766 }
768 $str =
769 "\n<div style='height:200px; overflow: auto;'>".
770 "\n<table style='width:100%;' summary=\""._("Domain settings")."\">".
771 "\n<tr><td><b>"._("Domain attributes")."</b></td></tr>".
772 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
773 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
774 "\n<tr><td>"._("Password history").": </td><td>".$sambaPwdHistoryLength."</td></tr>".
775 "\n<tr><td>"._("Force password change").": </td><td>".$sambaLogonToChgPwd."</td></tr>".
776 "\n<tr><td>"._("Maximum password age").": </td><td>".$sambaMaxPwdAge."</td></tr>".
777 "\n<tr><td>"._("Minimum password age").": </td><td>".$sambaMinPwdAge."</td></tr>".
778 "\n<tr><td>"._("Lockout duration").": </td><td>".$sambaLockoutDuration."</td></tr>".
779 "\n<tr><td>"._("Bad lockout attempt").": </td><td>".$sambaLockoutThreshold."</td></tr>".
780 "\n<tr><td>"._("Disconnect time").": </td><td>".$sambaForceLogoff."</td></tr>".
781 "\n<tr><td>"._("Refuse machine password change").":</td><td>".$sambaRefuseMachinePwdChange."</td></tr>".
782 "\n<tr><td> </td></tr>".
783 "\n<tr><td><b>"._("User attributes")."</b></td></tr>".
784 "\n<tr><td>"._("SID").": </td><td>".$sambaSID."</td></tr>".
785 "\n<tr><td>"._("Last failed login").": </td><td>".$sambaBadPasswordTime."</td></tr>".
786 "\n<tr><td>"._("Logon attempts").": </td><td>".$sambaBadPasswordCount."</td></tr>".
787 "\n<tr><td>"._("Last password update").": </td><td>".$sambaPwdLastSet."</td></tr>".
788 "\n<tr><td>"._("Last logon").": </td><td>".$sambaLogonTime."</td></tr>".
789 "\n<tr><td>"._("Last logoff").": </td><td>".$sambaLogoffTime."</td></tr>".
790 "\n<tr><td>"._("Automatic logoff").": </td><td>".$sambaKickoffTime."</td></tr>";
792 if($this->no_expiry){
793 $str .= "\n<tr><td>"._("Password expires").": </td><td>"._("No")."</td></tr>";
794 $str .= "\n<tr><td colspan='2'><font color='gray'>".
795 sprintf(_("The password would expire on %s, but the password expiry is disabled."),$sambaPwdMustChange).
796 "</font></td></tr>";
797 }else{
798 $str .= "\n<tr><td>"._("Password expires").": </td><td>".$sambaPwdMustChange."</td></tr>";
799 }
801 $str .= "\n<tr><td>"._("Password change available").": </td><td>".$sambaPwdCanChange."</td></tr>".
802 "\n</table>";
803 "\n</div>";
804 return($str);
805 }
808 function remove_from_parent()
809 {
810 /* Cancel if there's nothing to do here */
811 if (!$this->initially_was_account){
812 return;
813 }
815 /* include global link_info */
816 $ldap= $this->config->get_ldap_link();
818 plugin::remove_from_parent();
820 /* Keep uid attribute for gosaAccount */
821 unset($this->attrs['uid']);
822 unset($this->attrs['uidNumber']);
823 unset($this->attrs['gidNumber']);
825 /* Remove objectClass for sambaIdmapEntry */
826 $tmp= array();
827 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
828 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
829 $tmp[]= $this->attrs['objectClass'][$i];
830 }
831 }
832 $this->attrs['objectClass']= $tmp;
834 @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
835 $this->attributes, "Save");
836 $ldap->cd($this->dn);
837 $this->cleanup();
838 $ldap->modify ($this->attrs);
840 new log("remove","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
842 if (!$ldap->success()){
843 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
844 }
846 /* Optionally execute a command after we're done */
847 $this->handle_post_events("remove", array("uid" => $this->uid));
848 }
851 /* Check for input problems */
852 function check()
853 {
854 /* Call common method to give check the hook */
855 $message= plugin::check();
857 /* sambaHomePath requires sambaHomeDrive and vice versa */
858 if(!empty($this->sambaHomePath) && empty($this->sambaHomeDrive)){
859 $message[]= msgPool::required(_("Home drive"));
860 }
861 if(!empty($this->sambaHomeDrive) && empty($this->sambaHomePath)){
862 $message[]= msgPool::required(_("Home path"));
863 }
865 /* Strings */
866 foreach (array( "sambaHomePath" => _("Home directory"),
867 "sambaProfilePath" => _("Profile path")) as $key => $val){
868 if (!$this->mungedObject->is_samba_path($this->$key)){
869 $message[]= msgPool::invalid($val);
870 }
871 }
873 /* Numeric values */
874 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
875 "CtxMaxDisconnectionTime" => _("Disconnection"),
876 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
878 if (isset($this->mungedObject->ctx[$key]) && !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
879 $message[]= msgPool::invalid($val);
880 }
881 }
883 if (!tests::is_date($this->sambaPwdMustChange)){
884 $message[]= msgPool::invalid(_("Password expires on"), $this->sambaPwdMustChange,"" ,"23.02.2009");
885 }
887 /* Too many workstations? Windows usrmgr only supports eight */
888 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
889 $message[]= _("The windows usermanager allows eight clients at maximum!");
890 }
892 return ($message);
893 }
896 /* Save data to object */
897 function save_object()
898 {
899 /* We only care if we are on the sambaTab... */
900 if (isset($_POST['sambaTab'])){
901 plugin::save_object();
903 $this->enforcePasswordChange = (isset($_POST['enforcePasswordChange']));
904 $this->cannotChangePassword = (isset($_POST['cannotChangePassword']));
906 if(isset($_POST['display_information'])){
907 msg_dialog::display(_("Information"),
908 $this->get_samba_information(),
909 INFO_DIALOG);
910 }
912 /* Take care about access options */
913 if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){
914 $attrname= "sambaPwdCanChange";
915 if (isset($_POST["allow_pwchange"]) && $_POST["allow_pwchange"] == 1){
916 $tmp= 1;
917 } else {
918 $tmp= 0;
919 }
920 if ($this->$attrname != $tmp){
921 $this->is_modified= TRUE;
922 }
923 $this->sambaPwdCanChange= $tmp;
924 }
925 $tmp= "U";
927 $this->no_expiry = FALSE;
928 if (isset($_POST["no_expiry"])){
929 if ($_POST["no_expiry"] == 1){
930 $tmp.= "X";
931 $this->no_expiry = TRUE;
932 }
933 }
935 $this->no_password_required = FALSE;
936 if (isset($_POST["no_password_required"])){
937 if ($_POST["no_password_required"] == 1){
938 $tmp.= "N";
939 $this->no_password_required = TRUE;
940 }
941 }
942 if (isset($_POST["password_expires"])){
943 if ($_POST["password_expires"] == 1){
944 $this->password_expires= 1;
945 }
946 } else {
947 $this->password_expires= 0;
948 }
949 $this->temporary_disable = FALSE;
950 if (isset($_POST["temporary_disable"])){
951 if ($_POST["temporary_disable"] == 1){
952 $this->temporary_disable = TRUE;
953 if (is_integer(strpos($this->sambaAcctFlags, "L"))) {
954 $tmp.= "L";
955 } else {
956 $tmp.= "D";
957 }
958 }
959 }
961 $fill= "";
962 for ($i= strlen($tmp); $i<12; $i++){
963 $fill.= " ";
964 }
966 $tmp= "[$tmp$fill]";
968 /* Only save if acl's are set */
969 if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){
970 $attrname= "sambaAcctFlags";
971 if ($this->$attrname != $tmp){
972 $this->is_modified= TRUE;
973 }
974 $this->$attrname= $tmp;
975 }
977 /* Save sambaDomain attribute */
978 if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
979 $this->sambaDomainName= get_post('sambaDomainName');
980 }
982 /* Save CTX values */
983 /* Save obvious values */
984 foreach($this->ctxattributes as $val){
985 if (isset($_POST[$val]) && $this->acl_is_writeable("AllowLoginOnTerminalServer")){
986 $this->mungedObject->ctx[$val]= get_post($val);
987 }
988 }
990 /* Save checkbox states. */
991 $this->mungedObject->setTsLogin(!isset($_POST['tslogin'])
992 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
993 // Need to do some index checking to avoid messages like "index ... not found"
994 if(isset($_POST['brokenconn'])) {
995 $this->mungedObject->setBrokenConn($_POST['brokenconn'] == '1'
996 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
997 }
998 if(isset($_POST['reconn'])) {
999 $this->mungedObject->setReConn($_POST['reconn'] == '1'
1000 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1001 }
1002 $this->mungedObject->setInheritMode(isset($_POST['inherit'])
1003 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1004 $this->mungedObject->setCtxMaxConnectionTimeF(!isset($_POST['CtxMaxConnectionTimeF'])
1005 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1006 $this->mungedObject->setCtxMaxDisconnectionTimeF(
1007 !isset($_POST['CtxMaxDisconnectionTimeF'])
1008 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1009 $this->mungedObject->setCtxMaxIdleTimeF(!isset($_POST['CtxMaxIdleTimeF'])
1010 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1011 $this->mungedObject->setConnectClientDrives(isset($_POST['connectclientdrives'])
1012 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1013 $this->mungedObject->setConnectClientPrinters(isset($_POST['connectclientprinters'])
1014 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1015 $this->mungedObject->setDefaultPrinter(isset($_POST['defaultprinter'])
1016 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1018 /* Save combo boxes. Takes two values */
1019 if(isset($_POST['reconn'])) {
1020 $this->mungedObject->setShadow(isset($_POST['shadow']) && $this->acl_is_writeable("AllowLoginOnTerminalServer"),get_post('shadow'));
1021 }
1023 /* Check for changes */
1024 if ($this->sambaMungedDial != $this->mungedObject->getMunged()){
1025 $this->is_modified= TRUE;
1026 }
1028 }
1029 }
1032 /* Save to LDAP */
1033 function save()
1034 {
1035 /* Load uid and gid of this 'dn' */
1036 $ldap= $this->config->get_ldap_link();
1037 $ldap->cat($this->dn, array('uidNumber', 'gidNumber'));
1038 $tmp= $ldap->fetch();
1039 $this->uidNumber= $tmp['uidNumber'][0];
1040 $this->gidNumber= $tmp['gidNumber'][0];
1042 plugin::save();
1044 /* Remove objectClass for sambaIdmapEntry */
1045 $tmp= array();
1046 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
1047 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
1048 $tmp[]= $this->attrs['objectClass'][$i];
1049 }
1050 }
1051 $this->attrs['objectClass']= $tmp;
1053 // Enforce password change
1054 if($this->enforcePasswordChange){
1055 $this->attrs['sambaPwdLastSet'] = 0;
1056 }else{
1057 if ($this->sambaPwdLastSet != "0"){
1058 $this->attrs['sambaPwdLastSet']= $this->sambaPwdLastSet;
1059 } else {
1060 $this->attrs['sambaPwdLastSet']= array();
1061 }
1062 }
1064 if($this->cannotChangePassword){
1065 $this->attrs['sambaPwdCanChange'] = 4294967295;
1066 }
1068 /* Generate rid / primaryGroupId */
1069 if (!isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
1070 msg_dialog::display(_("Warning"), _("Undefined Samba SID detected. Please fix this problem manually!"), WARNING_DIALOG);
1071 } else {
1072 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
1073 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
1074 }
1076 /* Need to generate a new uniqe uid/gid combination? */
1077 if ($this->sambaSID == "" || $this->orig_sambaDomainName != $this->sambaDomainName){
1078 $uidNumber= $this->uidNumber;
1079 while(TRUE){
1080 $sid= $this->SID."-".($uidNumber*2 + $this->ridBase);
1081 $ldap->cd($this->config->current['BASE']);
1082 $ldap->search("(sambaSID=$sid)", array("sambaSID"));
1083 if ($ldap->count() == 0){
1084 break;
1085 }
1086 $uidNumber++;
1087 }
1088 $this->attrs['sambaSID']= $sid;
1090 /* Check for users primary group */
1091 $ldap->cd($this->config->current['BASE']);
1092 $ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
1093 if ($ldap->count() != 1){
1094 msg_dialog::display(_("Warning"), _("Cannot convert primary group to samba group: group cannot be identified!"), WARNING_DIALOG);
1095 } else {
1096 $attrs= $ldap->fetch();
1097 $g= new group($this->config, $ldap->getDN());
1098 if ($g->sambaSID == ""){
1099 $g->sambaDomainName= $this->sambaDomainName;
1100 $g->smbgroup= TRUE;
1101 $g->save ();
1102 }
1103 $this->attrs['sambaPrimaryGroupSID']= $g->sambaSID;
1104 }
1105 }
1107 if ($this->sambaHomeDrive == ""){
1108 $this->attrs["sambaHomeDrive"]= array();
1109 }
1111 /* Generate munged dial value */
1112 $this->attrs["sambaMungedDial"]= $this->mungedObject->getMunged();
1114 /* User wants me to fake the idMappings? This is useful for
1115 making winbind resolve the user names in a reasonable amount
1116 of time in combination with larger databases. */
1117 if ($this->config->boolValueIsTrue("core","sambaIdMapping")){
1118 $this->attrs['objectClass'][]= "sambaIdmapEntry";
1119 }
1122 /* Password expiery */
1123 if ($this->password_expires == "1"){
1124 #TODO: check for date format
1125 if ($this->attrs['sambaPwdMustChange'] == ""){
1126 $this->attrs['sambaPwdMustChange']= 0;
1127 } else {
1128 list($day, $month, $year)= explode('.', $this->sambaPwdMustChange);
1129 $this->attrs['sambaPwdMustChange']= mktime(0,0,0,$month, $day, $year);
1130 }
1131 } else {
1132 $this->attrs['sambaPwdMustChange']= array();
1133 }
1135 /* Write back to ldap */
1136 $ldap->cd($this->dn);
1137 $this->cleanup();
1138 $ldap->modify ($this->attrs);
1140 if($this->initially_was_account){
1141 new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1142 }else{
1143 new log("create","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1144 }
1146 if (!$ldap->success()){
1147 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
1148 }
1150 /* Optionally execute a command after we're done */
1151 if ($this->initially_was_account == $this->is_account){
1152 if ($this->is_modified){
1153 $this->handle_post_events("modify", array("uid" => $this->uid));
1154 }
1155 } else {
1156 $this->handle_post_events("add", array("uid" => $this->uid));
1157 }
1158 }
1161 /* Force password set, if this account doesn't have any samba passwords */
1162 function password_change_needed()
1163 {
1164 if(!$this->initially_was_account && $this->is_account){
1165 $ldap = $this->config->get_ldap_link();
1166 $ldap->cat($this->dn,array("sambaLMPassword","sambaNTPassword"));
1167 $attrs = $ldap->fetch();
1168 if(!isset($attrs['sambaLMPassword']) || !isset($attrs['sambaNTPassword'])){
1169 return(TRUE);
1170 }
1171 }
1172 return(FALSE);
1173 }
1176 function adapt_from_template($dn, $skip= array())
1177 {
1178 plugin::adapt_from_template($dn, $skip);
1181 $this->sambaSID= "";
1182 $this->sambaPrimaryGroupSID= "";
1184 /* Fill mungedDial field */
1185 if (isset($this->attrs['sambaMungedDial']) && !in_array('sambaMungedDial', $skip)){
1186 $this->mungedObject->load($this->sambaMungedDial);
1187 }
1189 /* Adapt munged attributes */
1190 foreach($this->ctxattributes as $attr){
1191 if(isset($this->mungedObject->ctx[$attr]))
1192 $val = $this->mungedObject->ctx[$attr];
1194 foreach (array("sn", "givenName", "uid") as $repl){
1195 if (preg_match("/%$repl/i", $val)){
1196 $val= preg_replace ("/%$repl/i", $this->parent->$repl, $val);
1197 }
1198 }
1199 $this->mungedObject->ctx[$attr] = $val;
1200 }
1202 /* Password expiery */
1203 if(isset($this->attrs['sambaPwdMustChange']) &&
1204 $this->attrs['sambaPwdMustChange'][0] != 0 && !in_array('sambaPwdMustChange', $skip)){
1205 $this->password_expires= 1;
1206 }
1207 }
1210 static function plInfo()
1211 {
1212 return (array(
1213 "plShortName" => _("Samba"),
1214 "plDescription" => _("Samba settings"),
1215 "plSelfModify" => TRUE,
1216 "plDepends" => array("user"),
1217 "plPriority" => 5,
1218 "plSection" => array("personal" => _("My account")),
1219 "plCategory" => array("users"),
1220 "plOptions" => array(),
1222 "plRequirements"=> array(
1223 'ldapSchema' => array('sambaSamAccount' => ''),
1224 'onFailureDisablePlugin' => array(get_class())
1225 ),
1227 "plProvidedAcls" => array(
1229 "sambaHomePath" => _("Generic home directory") ,
1230 "sambaHomeDrive" => _("Generic samba home drive") ,
1231 "sambaDomainName" => _("Domain") ,
1232 "sambaLogonScript" => _("Generic script path") ,
1233 "sambaProfilePath" => _("Generic profile path") ,
1234 "AllowLoginOnTerminalServer" => _("Allow login on terminal server"),
1235 "InheritClientConfig" => _("Inherit client config"),
1236 "sambaPwdCanChange" => _("Allow user to change password") ,
1237 "sambaAcctFlagsN" => _("Login from windows client requires no password"),
1238 "sambaAcctFlagsX" => _("Password never expires"),
1239 "enforcePasswordChange" => _("Enforce password change"),
1240 "cannotChangePassword" => _("Cannot change password"),
1241 "sambaAcctFlagsL" => _("Lock samba account"),
1242 "sambaLogonHours" => _("Logon hours") ,
1243 "sambaUserWorkstations" => _("Allow connection from"))
1244 ));
1245 }
1247 function enable_multiple_support()
1248 {
1249 plugin::enable_multiple_support();
1250 $this->multiple_support_active = TRUE;
1251 }
1253 function multiple_save_object()
1254 {
1255 if (isset($_POST['sambaTab'])){
1256 $this->save_object();
1257 plugin::multiple_save_object();
1258 foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
1259 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF","CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
1260 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
1261 "onnectclientprinters","defaultprinter","shadow","brokenconn",
1262 "reconn","allow_pwchange","connectclientprinters","no_expiry","no_password_required","temporary_disable",
1263 "password_expires", "SetSambaLogonHours",
1264 "workstation_list", "enforcePasswordChange","cannotChangePassword") as $attr){
1265 if(isset($_POST["use_".$attr])){
1266 $this->multi_boxes[] = $attr;
1267 }
1268 }
1269 }
1270 }
1273 function multiple_check()
1274 {
1275 $message = plugin::multiple_check();
1277 /* Strings */
1278 foreach (array( "sambaHomePath" => _("Home directory"),
1279 "sambaProfilePath" => _("Profile path")) as $key => $val){
1280 if (in_array($key,$this->multi_boxes) && !$this->mungedObject->is_samba_path($this->$key)){
1281 $message[]= msgPool::invalid($val);
1282 }
1283 }
1285 /* Numeric values */
1286 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
1287 "CtxMaxDisconnectionTime" => _("Disconnection"),
1288 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
1289 if (in_array($key,$this->multi_boxes) &&
1290 isset($this->mungedObject->ctx[$key]) &&
1291 !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
1292 $message[]=msgPool::invalid($val);
1293 }
1294 }
1296 /* Too many workstations? Windows usrmgr only supports eight */
1297 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
1298 $message[]= _("The windows user manager only allows eight clients. You've specified more than eight.");
1299 }
1300 return($message);
1301 }
1304 function get_multi_init_values()
1305 {
1306 $ret = plugin::get_multi_init_values();
1308 /* Parse given sambaUserWorkstations into array
1309 * to allow "init_multiple_support()" to detect multiple used workstations.
1310 * Those workstations will be displayed in light grey.
1311 */
1312 $tmp2 = array("count" => 0);
1313 $tmp = explode(",", $this->sambaUserWorkstations);
1314 foreach($tmp as $station){
1315 $station = trim($station);
1316 if(!empty($station)){
1317 $tmp2[] = $station;
1318 $tmp2['count'] ++;
1319 }
1320 }
1321 $ret['sambaUserWorkstations'] = $tmp2;
1322 return($ret);
1323 }
1327 function init_multiple_support($attrs,$all)
1328 {
1329 plugin::init_multiple_support($attrs,$all);
1331 $this->multiple_sambaUserWorkstations = array();
1332 if(isset($all['sambaUserWorkstations'])){
1333 for($i = 0 ; $i < $all['sambaUserWorkstations']['count'] ; $i++){
1334 $station = trim($all['sambaUserWorkstations'][$i]);
1335 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => FALSE);
1336 }
1337 }
1338 if(isset($attrs['sambaUserWorkstations'])){
1339 for($i = 0 ; $i < $attrs['sambaUserWorkstations']['count'] ; $i++){
1340 $station = trim($attrs['sambaUserWorkstations'][$i]);
1341 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1342 }
1343 }
1344 }
1346 function multiple_execute()
1347 {
1348 return($this->execute());
1349 }
1351 function get_multi_edit_values()
1352 {
1353 $ret = plugin::get_multi_edit_values();
1355 /* Terminal Server */
1356 if(in_array("tslogin",$this->multi_boxes)){
1357 $ret['tslogin'] = $this->mungedObject->getTsLogin();
1358 }
1359 if(in_array("CtxWFHomeDirDrive",$this->multi_boxes)){
1360 $ret['CtxWFHomeDirDrive'] = $this->mungedObject->ctx['CtxWFHomeDirDrive'];
1361 }
1362 if(in_array("CtxWFHomeDir",$this->multi_boxes)){
1363 $ret['CtxWFHomeDir'] = $this->mungedObject->ctx['CtxWFHomeDir'];
1364 }
1365 if(in_array("CtxWFProfilePath",$this->multi_boxes)){
1366 $ret['CtxWFProfilePath'] = $this->mungedObject->ctx['CtxWFProfilePath'];
1367 }
1369 if(in_array("inherit",$this->multi_boxes)){
1370 $ret['inherit'] = $this->mungedObject->getInheritMode();
1371 }
1372 if(in_array("CtxInitialProgram",$this->multi_boxes)){
1373 $ret['CtxInitialProgram'] = $this->mungedObject->ctx['CtxInitialProgram'];
1374 }
1375 if(in_array("CtxWorkDirectory",$this->multi_boxes)){
1376 $ret['CtxWorkDirectory'] = $this->mungedObject->ctx['CtxWorkDirectory'];
1377 }
1379 /* Time Limits. Be careful here, there are some negations */
1380 if(in_array("CtxMaxConnectionTimeF",$this->multi_boxes)){
1381 $ret["CtxMaxConnectionTimeF"] = !$this->mungedObject->getCtxMaxConnectionTimeF();
1382 if(!$ret["CtxMaxConnectionTimeF"]){
1383 $ret["CtxMaxConnectionTime"] = $this->mungedObject->ctx['CtxMaxConnectionTime'];
1384 }
1385 }
1386 if(in_array("CtxMaxDisconnectionTimeF",$this->multi_boxes)){
1387 $ret["CtxMaxDisconnectionTimeF"]= !$this->mungedObject->getCtxMaxDisconnectionTimeF();
1388 if(!$ret["CtxMaxDisconnectionTimeF"]){
1389 $ret["CtxMaxDisconnectionTime"]= $this->mungedObject->ctx['CtxMaxDisconnectionTime'];
1390 }
1391 }
1392 if(in_array("CtxMaxIdleTimeF",$this->multi_boxes)){
1393 $ret["CtxMaxIdleTimeF"] = !$this->mungedObject->getCtxMaxIdleTimeF();
1394 if(!$ret["CtxMaxIdleTimeF"]){
1395 $ret["CtxMaxIdleTime"] = $this->mungedObject->ctx['CtxMaxIdleTime'];
1396 }
1397 }
1399 /* Client Devices */
1400 if(in_array("connectclientdrives",$this->multi_boxes)){
1401 $ret["connectclientdrives"] = $this->mungedObject->getConnectClientDrives();
1402 }
1403 if(in_array("connectclientprinters",$this->multi_boxes)){
1404 $ret["connectclientprinters"] = $this->mungedObject->getConnectClientPrinters();
1405 }
1406 if(in_array("defaultprinter",$this->multi_boxes)){
1407 $ret["defaultprinter"] = $this->mungedObject->getDefaultPrinter();
1408 }
1410 /* Misc */
1411 if(in_array("shadow",$this->multi_boxes)){
1412 $ret["shadow"] =$this->mungedObject->getShadow();
1413 }
1414 if(in_array("brokenconn",$this->multi_boxes)){
1415 $ret["brokenconn"]=$this->mungedObject->getBrokenConn();
1416 }
1417 if(in_array("reconn",$this->multi_boxes)){
1418 $ret["reconn"] =$this->mungedObject->getReConn();
1419 }
1421 /* Flags */
1422 if(in_array("allow_pwchange",$this->multi_boxes)){
1423 $ret['sambaPwdCanChange'] = $this->sambaPwdCanChange;
1424 }
1426 if(in_array("enforcePasswordChange",$this->multi_boxes)){
1427 $ret['enforcePasswordChange'] = $this->enforcePasswordChange;
1428 }
1429 if(in_array("cannotChangePassword",$this->multi_boxes)){
1430 $ret['cannotChangePassword'] = $this->cannotChangePassword;
1431 }
1433 if(in_array("password_expires",$this->multi_boxes)){
1434 $ret['password_expires'] = $this->password_expires;
1435 $ret['sambaPwdMustChange']= $this->sambaPwdMustChange;
1436 }
1438 if(in_array("no_password_required",$this->multi_boxes)){
1439 $ret['no_password_required'] = $this->no_password_required;
1440 }
1442 if(in_array("no_expiry",$this->multi_boxes)){
1443 $ret['no_expiry'] = $this->no_expiry;
1444 }
1446 if(in_array("temporary_disable",$this->multi_boxes)){
1447 $ret['temporary_disable'] = $this->temporary_disable;
1448 }
1450 if(in_array("SetSambaLogonHours",$this->multi_boxes)){
1451 $ret['sambaLogonHours'] = $this->sambaLogonHours;
1452 }
1454 if(in_array("workstation_list",$this->multi_boxes)){
1455 $ret['multiple_sambaUserWorkstations'] = $this->multiple_sambaUserWorkstations;
1456 }
1457 return($ret);
1458 }
1460 function set_multi_edit_values($values)
1461 {
1462 plugin::set_multi_edit_values($values);
1464 /* Prepare current workstation settings to be merged
1465 * with multiple edit settings.
1466 */
1467 if(isset($values['multiple_sambaUserWorkstations'])){
1468 $cur_ws = array();
1469 $m_ws = $values['multiple_sambaUserWorkstations'];
1471 /* Prepare current settings to be merged */
1472 if(isset($this->sambaUserWorkstations)){
1473 $ttmp = explode(",",$this->sambaUserWorkstations);
1474 foreach($ttmp as $station){
1475 $station = trim($station);
1476 if(!empty($station)){
1477 $cur_ws[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1478 }
1479 }
1480 }
1482 /* Unset removed workstations */
1483 foreach($cur_ws as $cur_name => $cur_station){
1484 if(!isset($m_ws[$cur_name])){
1485 unset($cur_ws[$cur_name]);
1486 }
1487 }
1489 /* Add all added workstations */
1490 foreach($m_ws as $name => $station){
1491 if($station['UsedByAllUsers']){
1492 $cur_ws[$name] = $station;
1493 }
1494 }
1496 $this->sambaUserWorkstations = "";
1497 foreach($cur_ws as $name => $ws){
1498 $this->sambaUserWorkstations .= $name.",";
1499 }
1500 $this->sambaUserWorkstations=preg_replace("/,$/","",$this->sambaUserWorkstations);
1501 }
1503 /* Enable disabled terminal login, this is inverted somehow */
1504 if(isset($values['tslogin'])) $this->mungedObject->setTsLogin(!$values['tslogin']);
1506 /* Imherit client configuration */
1507 if(isset($values['inherit'])) $this->mungedObject->setInheritMode($values['inherit']);
1509 /* Get all ctx values posted */
1510 $ctx = array("CtxWFHomeDirDrive","CtxWFHomeDir","CtxWFProfilePath","CtxInitialProgram","CtxWorkDirectory",
1511 "CtxMaxConnectionTime","CtxMaxDisconnectionTime","CtxMaxIdleTime");
1512 foreach($ctx as $attr){
1513 if(isset($values[$attr])){
1514 $this->mungedObject->ctx[$attr] = $values[$attr] ;
1515 }
1516 }
1518 if(isset($values['CtxMaxConnectionTimeF'])) $this->mungedObject->setCtxMaxConnectionTimeF($values['CtxMaxConnectionTimeF']);
1519 if(isset($values['CtxMaxDisconnectionTimeF']))$this->mungedObject->setCtxMaxDisconnectionTimeF($values['CtxMaxDisconnectionTimeF']);
1520 if(isset($values['CtxMaxIdleTimeF'])) $this->mungedObject->setCtxMaxIdleTimeF($values['CtxMaxIdleTimeF']);
1522 if(isset($values['connectclientdrives'])) $this->mungedObject->setConnectClientDrives($values['connectclientdrives']);
1523 if(isset($values['connectclientprinters'])) $this->mungedObject->setConnectClientPrinters($values['connectclientprinters']);
1524 if(isset($values['defaultprinter'])) $this->mungedObject->setDefaultPrinter($values['defaultprinter']);
1526 if(isset($values['shadow'])) $this->mungedObject->setShadow($values['shadow'],$values['shadow']);
1527 if(isset($values['brokenconn'])) $this->mungedObject->setBrokenConn($values['brokenconn'],$values['brokenconn']);
1528 if(isset($values['reconn'])) $this->mungedObject->setReConn($values['reconn'],$values['reconn']);
1531 if(isset($values['sambaPwdCanChange'])) $this->sambaPwdCanChange = $values['sambaPwdCanChange'];
1536 if(isset($values['password_expires'])){
1537 $this->password_expires = $values['password_expires'];
1538 $this->sambaPwdMustChange = $values['sambaPwdMustChange'];
1539 }
1541 if(isset($values['no_password_required'])){
1542 if($values['no_password_required']){
1543 if(!preg_match("/N/",$this->sambaAcctFlags)) {
1544 $this->sambaAcctFlags = preg_replace("/ /","N",$this->sambaAcctFlags,1);
1545 }
1546 }else{
1547 $this->sambaAcctFlags = preg_replace("/N/"," ",$this->sambaAcctFlags,1);
1548 }
1549 }
1551 if(isset($values['no_expiry'])){
1552 if($values['no_expiry']){
1553 if(!preg_match("/N/",$this->sambaAcctFlags)) {
1554 $this->sambaAcctFlags = preg_replace("/ /","N",$this->sambaAcctFlags,1);
1555 }
1556 }else{
1557 $this->sambaAcctFlags = preg_replace("/N/"," ",$this->sambaAcctFlags,1);
1558 }
1559 }
1561 if(isset($values['temporary_disable'])){
1562 if($values['temporary_disable']){
1563 if(preg_match("/L/",$this->sambaAcctFlags)) {
1564 // Keep L
1565 }else{
1566 $this->sambaAcctFlags = preg_replace("/ /","D",$this->sambaAcctFlags,1);
1567 }
1568 }else{
1569 $this->sambaAcctFlags = preg_replace("/D/"," ",$this->sambaAcctFlags,1);
1570 }
1571 }
1572 }
1575 function PrepareForCopyPaste($source)
1576 {
1577 plugin::PrepareForCopyPaste($source);
1579 /* Set a new SID */
1580 $this->sambaSID = "";
1582 /* Fill mungedDial field */
1583 if (isset($source['sambaMungedDial'])){
1584 $this->mungedObject->load($source['sambaMungedDial'][0]);
1585 }
1587 /* Password expiery */
1588 if(isset($source['sambaPwdMustChange']) &&
1589 $source['sambaPwdMustChange'][0] != 0){
1590 $this->password_expires= 1;
1591 }
1592 }
1593 }
1595 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1596 ?>