![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2004-2005 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 class sambaAccount extends plugin
22 {
23 /* Definitions */
24 var $plHeadline= "Samba";
25 var $plDescription= "This does something";
26 var $view_logged = FALSE;
27 var $password_expires= 0;
29 /* Switch for Samba version */
30 var $uidNumber= 65535;
31 var $gidNumber= 65535;
33 /* Samba attributes */
34 var $SID= "";
35 var $ridBase= 0;
36 var $sambaSID= "";
37 var $sambaPwdLastSet= "0";
38 var $sambaLogonTime= "0";
39 var $sambaLogoffTime= "2147483647";
40 var $sambaKickoffTime= "2147483647";
41 var $sambaPwdCanChange= "";
42 var $sambaPwdMustChange= "0";
43 var $sambaAcctFlags= "[UX ]";
44 var $sambaHomePath= "";
45 var $sambaHomeDrive= "";
46 var $sambaLogonScript= "";
47 var $sambaProfilePath= "";
48 var $sambaPrimaryGroupSID= "";
49 var $sambaDomainName= "";
50 var $sambaUserWorkstations= "";
51 var $sambaBadPasswordCount= "";
52 var $sambaBadPasswordTime= "";
53 var $sambaPasswordHistory= "";
54 var $sambaLogonHours= "";
55 var $orig_sambaDomainName= "";
56 var $sambaMungedDial= "";
57 var $mungedObject;
59 /* Helper */
60 var $cache = array();
61 var $trustSelect= FALSE;
62 var $logon_time_set= 0;
63 var $logoff_time_set= 0;
64 var $kickoff_time_set= 0;
66 /* attribute list for save action */
67 var $ctxattributes= array();
68 var $attributes= array();
69 var $objectclasses= array();
71 var $uid= "";
72 var $CopyPasteVars = array("kickoff_time_set","logoff_time_set","logon_time_set","mungedObject","orig_sambaDomainName");
74 var $multiple_support = TRUE;
76 /* Only used for multiple edit */
77 var $temporary_disable = FALSE;
78 var $no_password_required = FALSE;
79 var $no_expiry = FALSE;
80 var $multiple_sambaUserWorkstations = array();
82 function sambaAccount (&$config, $dn= NULL)
83 {
84 /* Load attributes depending on the samba version */
85 $this->attributes= array ("sambaSID", "sambaPwdLastSet", "sambaLogonTime",
86 "sambaLogoffTime", "sambaKickoffTime", "sambaPwdCanChange",
87 "sambaPwdMustChange", "sambaAcctFlags", "uid", "sambaMungedDial",
88 "sambaHomePath", "sambaHomeDrive", "sambaLogonScript",
89 "sambaProfilePath", "sambaPrimaryGroupSID", "sambaDomainName",
90 "sambaUserWorkstations", "sambaPasswordHistory",
91 "sambaLogonHours", "sambaBadPasswordTime",
92 "sambaBadPasswordCount");
93 $this->objectclasses= array ("sambaSamAccount");
94 $this->mungedObject= new sambaMungedDial;
95 $this->ctxattributes= $this->mungedObject->ctxattributes;
97 plugin::plugin ($config, $dn);
99 /* Setting uid to default */
100 if(isset($this->attrs['uid'][0])){
101 $this->uid = $this->attrs['uid'][0];
102 }
104 /* Get samba Domain in case of samba 3 */
105 if ($this->sambaSID != ""){
106 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
107 $ldap= $this->config->get_ldap_link();
108 $ldap->cd($this->config->current['BASE']);
109 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase","sambaDomainName"));
110 if ($ldap->count() != 0){
111 $attrs= $ldap->fetch();
112 if(isset($attrs['sambaAlgorithmicRidBase'])){
113 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
114 } else {
115 $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
116 }
117 if ($this->sambaDomainName == ""){
118 $this->sambaDomainName= $attrs['sambaDomainName'][0];
119 }
120 } else {
121 if ($this->sambaDomainName == ""){
122 $this->sambaDomainName= "DEFAULT";
123 }
124 $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
125 $this->SID= $this->config->get_cfg_value("sambaSid");
126 }
128 /* Save in order to compare later on */
129 $this->orig_sambaDomainName= $this->sambaDomainName;
130 }
132 /* Fill mungedDial field */
133 if (isset($this->attrs['sambaMungedDial'])){
134 $this->mungedObject->load($this->sambaMungedDial);
135 }
137 /* Password expiery */
138 if(isset($this->attrs['sambaPwdMustChange']) &&
139 $this->attrs['sambaPwdMustChange'][0] != 0){
140 $this->password_expires= 1;
141 }
143 if(isset($this->attrs['sambaLogonTime']) && ! (
144 $this->attrs['sambaLogonTime'][0] == 0 ||
145 $this->attrs['sambaLogonTime'][0] == 2147483647
146 )){
147 $this->logon_time_set= 1;
148 }
149 if(isset($this->attrs['sambaLogoffTime']) && ! (
150 $this->attrs['sambaLogoffTime'][0] == 0 ||
151 $this->attrs['sambaLogoffTime'][0] == 2147483647
152 )){
153 $this->logoff_time_set= 1;
154 }
156 /* Account expiery */
157 if(isset($this->attrs['sambaKickoffTime']) && ! (
158 $this->attrs['sambaKickoffTime'][0] == 0 ||
159 $this->attrs['sambaKickoffTime'][0] == 2147483647
160 )){
161 $this->kickoff_time_set= 1;
162 }
164 /* Save initial account state */
165 $this->initially_was_account= $this->is_account;
167 /* Convert kickoff */
168 #TODO: use date format
169 $this->sambaKickoffTime= $this->sambaKickoffTime == 0?"":date('d.m.Y', $this->sambaKickoffTime);
170 $this->sambaPwdMustChange= $this->sambaPwdMustChange == 2147483647?"":date('d.m.Y', $this->sambaPwdMustChange);
171 }
173 function execute()
174 {
175 /* Call parent execute */
176 plugin::execute();
178 /* Log view */
179 if($this->is_account && !$this->view_logged){
180 $this->view_logged = TRUE;
181 new log("view","users/".get_class($this),$this->dn);
182 }
184 /* Do we need to flip is_account state? */
185 if (isset($_POST['modify_state'])){
186 $this->is_account= !$this->is_account;
187 }
188 /* Do we represent a valid account? */
189 if (!$this->is_account && $this->parent === NULL){
190 $display= "<img alt=\"\"src=\"images/small-error.png\" align=\"middle\"> <b>".
191 msgPool::noValidExtension(_("Samba"))."</b>";
192 $display.= back_to_main();
193 return ($display);
194 }
196 $display ="";
197 if(!$this->multiple_support_active){
199 /* Show tab dialog headers */
200 $display= "";
201 if ($this->parent !== NULL){
202 if ($this->is_account){
203 $display= $this->show_disable_header(msgPool::removeFeaturesButton(_("Samba")),
204 msgPool::featuresEnabled(_("Samba")));
205 } else {
206 $obj= $this->parent->by_object['posixAccount'];
208 /* Samba3 dependency on posix accounts are enabled
209 in the moment, because I need to rely on unique
210 uidNumbers. There'll be a better solution later
211 on. */
212 if ($obj->is_account){
213 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
214 msgPool::featuresDisabled(_("Samba")));
215 } else {
216 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
217 msgPool::featuresDisabled(_("Samba"), _("POSIX")), TRUE);
218 }
219 return ($display);
220 }
221 }
222 }
224 /* Open Samaba Logong hours dialog */
225 if(isset($_POST['SetSambaLogonHours']) && $this->acl_is_readable("sambaLogonHours")){
226 $this->dialog = new sambaLogonHours($this->config,$this->dn,$this->sambaLogonHours);
227 }
229 /* Cancel dialog */
230 if(isset($_POST['cancel_logonHours'])){
231 $this->dialog = FALSE;
232 }
234 /* Save selected logon hours */
235 if(isset($_POST['save_logonHours'])){
236 $this->dialog->save_object();
237 if($this->acl_is_writeable("sambaLogonHours")){
238 $this->sambaLogonHours = $this->dialog->save();
239 }
240 $this->dialog = FALSE;
241 }
243 /* Display dialog */
244 if((isset($this->dialog)) && (is_object($this->dialog))){
245 $this->dialog->save_object();
246 return($this->dialog->execute());
247 }
249 /* Prepare templating */
250 $smarty= get_smarty();
251 $smarty->assign("usePrototype", "true");
253 $tmp = $this->plInfo();
254 foreach($tmp['plProvidedAcls'] as $var => $rest){
255 $smarty->assign($var."ACL",$this->getacl($var));
256 }
258 if(!session::is_set('edit') && !isset($this->parent)){
259 $smarty->assign("sambaLogonHoursACL","");
260 }
262 if ($this->sambaLogonTime=="2147483647" || $this->sambaLogonTime=="0"){
263 $sambaLogonTime_date= getdate();
264 } else {
265 $sambaLogonTime_date= getdate($this->sambaLogonTime);
266 }
268 if ($this->sambaLogoffTime=="2147483647" || $this->sambaLogoffTime=="0"){
269 $sambaLogoffTime_date= getdate();
270 } else {
271 $sambaLogoffTime_date= getdate($this->sambaLogoffTime);
272 }
274 /* Remove user workstations? */
275 if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
277 if($this->acl_is_writeable("sambaUserWorkstations")){
279 if($this->multiple_support_active){
280 foreach($_POST['workstation_list'] as $name){
281 if(isset($this->multiple_sambaUserWorkstations[trim($name)])){
282 unset($this->multiple_sambaUserWorkstations[trim($name)]);
283 }
284 }
285 }else{
286 $tmp= $this->sambaUserWorkstations;
287 foreach($_POST['workstation_list'] as $name){
288 $tmp= preg_replace("/$name/", '', $tmp);
289 $this->is_modified= TRUE;
290 }
291 $tmp= preg_replace('/,+/', ',', $tmp);
292 $this->sambaUserWorkstations= trim($tmp, ',');
293 }
294 }
295 }
297 /* Add user workstation? */
298 if (isset($_POST["add_ws"])){
299 if($this->acl_is_writeable("sambaUserWorkstations")){
300 $this->trustSelect= new trustSelect($this->config,get_userinfo());
301 $this->dialog= TRUE;
302 }
303 }
305 /* Add user workstation finished? */
306 if (isset($_POST["add_ws_cancel"])){
307 $this->trustSelect= FALSE;
308 $this->dialog= FALSE;
309 }
311 // Add selected machines to trusted ones.
312 if (isset($_POST["add_ws_finish"]) && $this->trustSelect){
313 $trusts = $this->trustSelect->detectPostActions();
314 if(isset($trusts['targets'])){
316 $headpage = $this->trustSelect->getHeadpage();
317 if($this->multiple_support_active){
318 foreach($trusts['targets'] as $id){
319 $attrs = $headpage->getEntry($id);
320 $we =$attrs['cn'][0];
321 $this->multiple_sambaUserWorkstations[trim($we)] = array("Name" => trim($ws), "UsedByAllUsers" => TRUE);
322 }
323 }else{
325 $tmp= $this->sambaUserWorkstations;
326 foreach($trusts['targets'] as $id){
327 $attrs = $headpage->getEntry($id);
328 $we =$attrs['cn'][0];
329 $tmp.= ",$we";
330 }
331 $tmp= preg_replace('/,+/', ',', $tmp);
332 $this->sambaUserWorkstations= trim($tmp, ',');
333 }
335 $this->is_modified= TRUE;
336 }
337 $this->trustSelect= NULL;
338 $this->dialog= FALSE;
339 }
341 /* Show ws dialog */
342 if ($this->trustSelect){
344 // Build up blocklist
345 session::set('filterBlacklist', array('cn' => preg_split('/,/',$this->sambaUserWorkstations)));
346 return($this->trustSelect->execute());
347 }
349 /* Fill boxes */
350 $domains= array();
351 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
352 $domains[]= $name;
353 }
354 $smarty->assign("domains", $domains);
355 $letters= array(" ");
356 for ($i= 68; $i<91; $i++){
357 $letters[]= chr($i).":";
358 }
359 $smarty->assign("drives", $letters);
361 /* Fill terminal server settings */
362 foreach ($this->ctxattributes as $attr){
363 /* Fill common attributes */
364 if (isset($this->mungedObject->ctx[$attr])){
365 $smarty->assign("$attr", $this->mungedObject->ctx[$attr]);
366 // Set field to blank if value is 0
367 if(in_array($attr, array("CtxMaxConnectionTime", "CtxMaxDisconnectionTime", "CtxMaxIdleTime"))) {
368 if($this->mungedObject->ctx[$attr] == 0) {
369 $smarty->assign("$attr", "");
370 }
371 }
372 } else {
373 $smarty->assign("$attr", "");
374 }
375 }
377 /* Assign enum values for preset items */
378 $shadowModeVals= array( "0" => _("disabled"),
379 "1" => _("input on, notify on"),
380 "2" => _("input on, notify off"),
381 "3" => _("input off, notify on"),
382 "4" => _("input off, nofify off"));
384 $brokenConnModeVals= array( "0" => _("disconnect"),
385 "1" => _("reset"));
387 $reConnModeVals= array( "0" => _("from any client"),
388 "1" => _("from previous client only"));
390 /* Fill preset items */
391 $smarty->assign("shadow", $shadowModeVals);
392 $smarty->assign("brokenconn", $brokenConnModeVals);
393 $smarty->assign("reconn", $reConnModeVals);
395 /* Fill preset items with values */
396 $smarty->assign("shadowmode", $this->mungedObject->getShadow());
397 $smarty->assign("brokenconnmode", $this->mungedObject->getBrokenConn());
398 $smarty->assign("reconnmode", $this->mungedObject->getReConn());
400 if(session::get('js')){
401 /* Set form elements to disabled/enable state */
402 $smarty->assign("tsloginstate", $this->mungedObject->getTsLogin()?"":"disabled");
404 $smarty->assign("inheritstate", "");
405 if($this->acl_is_writeable("AllowLoginOnTerminalServer")){
406 $smarty->assign("inheritstate", $this->mungedObject->getInheritMode()?"disabled":"");
407 }
408 }else{
409 $smarty->assign("tsloginstate", "");
410 $smarty->assign("inheritstate", "");
411 }
413 /* Set checkboxes to checked or unchecked state */
414 $smarty->assign("tslogin", $this->mungedObject->getTsLogin()?"checked":"");
415 $smarty->assign("inherit", $this->mungedObject->getInheritMode()?"checked":"");
416 $smarty->assign("connectclientdrives",
417 $this->mungedObject->getConnectClientDrives()?"checked":"");
418 $smarty->assign("connectclientprinters",
419 $this->mungedObject->getConnectClientPrinters()?"checked":"");
420 $smarty->assign("defaultprinter",
421 $this->mungedObject->getDefaultPrinter()?"checked":"");
422 $smarty->assign("CtxMaxConnectionTimeF",
423 $this->mungedObject->getCtxMaxConnectionTimeF()?"checked":"");
424 $smarty->assign("CtxMaxDisconnectionTimeF",
425 $this->mungedObject->getCtxMaxDisconnectionTimeF()?"checked":"");
426 $smarty->assign("CtxMaxIdleTimeF",
427 $this->mungedObject->getCtxMaxIdleTimeF()?"checked":"");
430 /* Fill sambaUserWorkstations */
431 $ws= explode(",", $this->sambaUserWorkstations);
432 sort($ws);
434 /* Tidy checks for empty option, and smarty will produce one if array[0]="" */
435 if(($ws[0]=="")&&(count($ws)==1)) $ws=array();
437 if($this->multiple_support_active){
438 $smarty->assign("multiple_workstations",$this->multiple_sambaUserWorkstations);
439 }
441 $smarty->assign("workstations", $ws);
444 /* Variables */
445 foreach($this->attributes as $val){
446 $smarty->assign("$val", $this->$val);
447 }
449 /* 'sambaAcctFlags' checkboxes */
450 /* Check for 'lock-account'-flag: 'D' or 'L' */
451 if (is_integer(strpos($this->sambaAcctFlags, "D")) ||
452 is_integer(strpos($this->sambaAcctFlags, "L"))) {
453 $smarty->assign("flagsD", "checked");
454 } else {
455 $smarty->assign("flagsD", "");
456 }
458 /* Check for no_password_required flag 'N' */
459 if (is_integer(strpos($this->sambaAcctFlags, "N"))) {
460 $smarty->assign("flagsN", "checked");
461 } else {
462 $smarty->assign("flagsN", "");
463 }
465 // check if password never expires
466 if (is_integer(strpos($this->sambaAcctFlags, "X"))) {
467 $smarty->assign("flagsX", "checked");
468 } else {
469 $smarty->assign("flagsX", "");
470 }
472 if ($this->sambaPwdCanChange=="1"){
473 $smarty->assign("flagsP", "checked");
474 } else {
475 $smarty->assign("flagsP", "");
476 }
478 if ($this->password_expires=="1"){
479 $smarty->assign("flagsC", "checked");
480 } else {
481 $smarty->assign("flagsC", "");
482 }
483 if ($this->logon_time_set=="1"){
484 $smarty->assign("flagsT", "checked");
485 } else {
486 $smarty->assign("flagsT", "");
487 }
488 if ($this->logoff_time_set=="1"){
489 $smarty->assign("flagsO", "checked");
490 } else {
491 $smarty->assign("flagsO", "");
492 }
493 if ($this->kickoff_time_set=="1"){
494 $smarty->assign("flagsK", "checked");
495 } else {
496 $smarty->assign("flagsK", "");
497 }
500 /* In case of javascript, disable some fields on demand */
501 foreach($this->mungedObject->getOnDemandFlags() as $key => $value) {
502 $smarty->assign("$key", "$value");
503 }
506 foreach($this->attributes as $attr){
507 if(in_array($attr,$this->multi_boxes)){
508 $smarty->assign("use_".$attr,TRUE);
509 }else{
510 $smarty->assign("use_".$attr,FALSE);
511 }
512 }
513 foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
514 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF","CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
515 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
516 "onnectclientprinters","defaultprinter","shadow","brokenconn",
517 "reconn","allow_pwchange","connectclientprinters","no_expiry","no_password_required","temporary_disable",
518 "password_expires","logon_time_set","logoff_time_set","kickoff_time_set","SetSambaLogonHours",
519 "workstation_list") as $attr){
520 if(in_array($attr,$this->multi_boxes)){
521 $smarty->assign("use_".$attr,TRUE);
522 }else{
523 $smarty->assign("use_".$attr,FALSE);
524 }
525 }
527 if($this->multiple_support_active){
528 $smarty->assign("tsloginstate","");
529 }
531 /* Create additional info for sambaKickOffTime and sambaPwdMustChange.
532 e.g. Display effective kickoff time. Domain policy + user settings.
533 */
534 $additional_info_PwdMustChange = "";
536 /* Calculate effective max Password Age
537 This can only be calculated if sambaPwdLastSet ist set.
538 */
539 if(isset($this->attrs['sambaPwdLastSet'][0])){
540 $last = $this->attrs['sambaPwdLastSet'][0];
542 $sid = $this->get_domain_info();
543 if(isset($sid['sambaMaxPwdAge'][0])){
544 $d = ($last + $sid['sambaMaxPwdAge'][0]) - time();
546 /* A negative value means the password is outdated
547 */
548 if($d < 0){
549 $additional_info_PwdMustChange = sprintf(_("The password is outdated since %s, by domain policy."),
550 date("d.m.Y H:i:s",$last + $sid['sambaMaxPwdAge'][0]));
551 }else{
552 if($this->password_expires && ($last + $sid['sambaMaxPwdAge'][0]) > $this->sambaPwdMustChange){
553 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by user policy."),
554 date("d.m.Y H:i:s", $this->sambaPwdMustChange));
555 }else{
556 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by domain policy."),
557 date("d.m.Y H:i:s", ($last + $sid['sambaMaxPwdAge'][0])));
558 }
559 }
560 }
561 }
562 $smarty->assign("additional_info_PwdMustChange",$additional_info_PwdMustChange);
563 $smarty->assign("no_expiry",$this->no_expiry);
565 /* Show main page */
566 $smarty->assign("multiple_support",$this->multiple_support_active);
567 $display.= $smarty->fetch (get_template_path('samba3.tpl', TRUE, dirname(__FILE__)));
569 return ($display);
570 }
573 /*! \brief Returns the samba Domain object, selected in the samba tab.
574 */
575 function get_domain_info()
576 {
577 /* Only search once, return last result if available
578 */
579 if(!isset($this->cache['DOMAIN'][$this->sambaDomainName])){
580 $this->cache['DOMAIN'][$this->sambaDomainName] = array();
581 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
582 $cfg = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName];
583 $ldap = $this->config->get_ldap_link();
584 $ldap->cd($this->config->current['BASE']);
585 $ldap->search("(&(objectClass=sambaDomain)(sambaSID=".$cfg['SID']."))",array("*"));
586 if($ldap->count()){
587 $this->cache['DOMAIN'][$this->sambaDomainName] = $ldap->fetch();
588 }
589 }
590 }
591 return($this->cache['DOMAIN'][$this->sambaDomainName]);
592 }
596 function get_samba_information()
597 {
599 /* Defaults
600 */
601 $sambaMinPwdLength = "unset";
602 $sambaPwdHistoryLength = "unset";
603 $sambaLogonToChgPwd = "unset";
604 $sambaMaxPwdAge = "unset";
605 $sambaMinPwdAge = "unset";
606 $sambaLockoutDuration = "unset";
607 $sambaLockoutThreshold = "unset";
608 $sambaForceLogoff = "unset";
609 $sambaRefuseMachinePwdChange = "unset";
610 $sambaPwdLastSet = "unset";
611 $sambaLogonTime = "unset";
612 $sambaLogoffTime = "unset";
614 $sambaKickoffTime = "unset";
615 $sambaPwdCanChange = "unset";
616 $sambaPwdMustChange = "unset";
617 $sambaBadPasswordCount = "unset";
618 $sambaBadPasswordTime = "unset";
620 /* Domain attributes
621 */
622 $domain_attributes = array("sambaMinPwdLength","sambaPwdHistoryLength","sambaMaxPwdAge",
623 "sambaMinPwdAge","sambaLockoutDuration","sambaRefuseMachinePwdChange",
624 "sambaLogonToChgPwd","sambaLockoutThreshold","sambaForceLogoff");
626 /* User attributes
627 */
628 $user_attributes = array("sambaBadPasswordTime","sambaPwdLastSet","sambaLogonTime","sambaLogoffTime",
629 "sambaKickoffTime","sambaPwdCanChange","sambaPwdMustChange","sambaBadPasswordCount", "sambaSID");
631 /* Get samba SID object and parse settings.
632 */
633 $ldap = $this->config->get_ldap_link();
634 $ldap->cd($this->config->current['BASE']);
635 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
636 $attrs = $this->get_domain_info();
637 foreach($domain_attributes as $attr){
638 if(isset($attrs[$attr])){
639 $$attr = $attrs[$attr][0];
640 }
641 }
642 }
644 /* Get user infos
645 */
646 foreach($user_attributes as $attr){
647 if(isset($this->attrs[$attr])){
648 $$attr = $this->attrs[$attr][0];
649 }
650 }
651 if($this->password_expires){
652 $sambaPwdMustChange = $this->sambaPwdMustChange;
653 } else {
654 if (is_numeric($sambaPwdMustChange)) {
655 $sambaPwdMustChange= date('d.m.Y', $sambaPwdMustChange);
656 }
657 }
658 if($this->kickoff_time_set){
659 $sambaKickoffTime = $this->sambaKickoffTime;
660 } else {
661 if (is_numeric($sambaKickoffTime)) {
662 $sambaKickoffTime= date('d.m.Y', $sambaKickoffTime);
663 }
664 }
665 $sambaPwdCanChange = $this->sambaPwdCanChange;
668 /* DOMAIN Attributes
669 */
671 /* sambaMinPwdLength: Password length has a default of 5
672 */
673 if($sambaMinPwdLength == "unset" || $sambaMinPwdLength == 5){
674 $sambaMinPwdLength = "5 <i>("._("default").")</i>";
675 }
677 /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
678 */
679 if($sambaPwdHistoryLength == "unset" || $sambaPwdHistoryLength == 0){
680 $sambaPwdHistoryLength = _("Off")." <i>("._("default").")</i>";
681 }
683 /* sambaLogonToChgPwd: Force Users to logon for password change (default: 0 => off, 2 => on)
684 */
685 if($sambaLogonToChgPwd == "unset" || $sambaLogonToChgPwd == 0){
686 $sambaLogonToChgPwd = _("Off")." <i>("._("default").")</i>";
687 }else{
688 $sambaLogonToChgPwd = _("On");
689 }
691 /* sambaMaxPwdAge: Maximum password age, in seconds (default: -1 => never expire passwords)'
692 */
693 if($sambaMaxPwdAge == "unset" || $sambaMaxPwdAge == "-1"){
694 $sambaMaxPwdAge = _("disabled")." <i>("._("default").")</i>";
695 }else{
696 $sambaMaxPwdAge .= " "._("seconds");
697 }
699 /* sambaMinPwdAge: Minimum password age, in seconds (default: 0 => allow immediate password change
700 */
701 if($sambaMinPwdAge == "unset" || $sambaMinPwdAge == 0){
702 $sambaMinPwdAge = _("disabled")." <i>("._("default").")</i>";
703 }else{
704 $sambaMinPwdAge .= " "._("seconds");
705 }
707 /* sambaLockoutDuration: Lockout duration in minutes (default: 30, -1 => forever)
708 */
709 if($sambaLockoutDuration == "unset" || $sambaLockoutDuration == 30){
710 $sambaLockoutDuration = "30 "._("minutes")." <i>("._("default").")</i>";
711 }elseif($sambaLockoutDuration == -1){
712 $sambaLockoutDuration = _("forever");
713 }else{
714 $sambaLockoutDuration .= " "._("minutes");
715 }
717 /* sambaLockoutThreshold: Lockout users after bad logon attempts (default: 0 => off
718 */
719 if($sambaLockoutThreshold == "unset" || $sambaLockoutThreshold == 0){
720 $sambaLockoutThreshold = _("disabled")." <i>("._("default").")</i>";
721 }
723 /* sambaForceLogoff: Disconnect Users outside logon hours (default: -1 => off, 0 => on
724 */
725 if($sambaForceLogoff == "unset" || $sambaForceLogoff == -1){
726 $sambaForceLogoff = _("off")." <i>("._("default").")</i>";
727 }else{
728 $sambaForceLogoff = _("on");
729 }
731 /* sambaRefuseMachinePwdChange: Allow Machine Password changes (default: 0 => off
732 */
733 if($sambaRefuseMachinePwdChange == "none" || $sambaRefuseMachinePwdChange == 0){
734 $sambaRefuseMachinePwdChange = _("off")." <i>("._("default").")</i>";
735 }else{
736 $sambaRefuseMachinePwdChange = _("on");
737 }
739 /* USER Attributes
740 */
741 /* sambaBadPasswordTime: Time of the last bad password attempt
742 */
743 if($sambaBadPasswordTime == "unset" || empty($sambaBadPasswordTime)){
744 $sambaBadPasswordTime = "<i>("._("unset").")</i>";
745 }else{
746 $sambaBadPasswordTime = date("d.m.Y H:i:s",$sambaBadPasswordTime);
747 }
749 /* sambaBadPasswordCount: Bad password attempt count
750 */
751 if($sambaBadPasswordCount == "unset" || empty($sambaBadPasswordCount)){
752 $sambaBadPasswordCount = "<i>("._("unset").")</i>";
753 }else{
754 $sambaBadPasswordCount = date("d.m.Y H:i:s",$sambaBadPasswordCount);
755 }
757 /* sambaPwdLastSet: Timestamp of the last password update
758 */
759 if($sambaPwdLastSet == "unset" || empty($sambaPwdLastSet)){
760 $sambaPwdLastSet = "<i>("._("unset").")</i>";
761 }else{
762 $sambaPwdLastSet = date("d.m.Y H:i:s",$sambaPwdLastSet);
763 }
765 /* sambaLogonTime: Timestamp of last logon
766 */
767 if($sambaLogonTime == "unset" || empty($sambaLogonTime)){
768 $sambaLogonTime = "<i>("._("unset").")</i>";
769 }else{
770 $sambaLogonTime = date("d.m.Y H:i:s",$sambaLogonTime);
771 }
773 /* sambaLogoffTime: Timestamp of last logoff
774 */
775 if($sambaLogoffTime == "unset" || empty($sambaLogoffTime)){
776 $sambaLogoffTime = "<i>("._("unset").")</i>";
777 }else{
778 $sambaLogoffTime = date("d.m.Y H:i:s",$sambaLogoffTime);
779 }
781 /* sambaKickoffTime: Timestamp of when the user will be logged off automatically
782 */
783 if($sambaKickoffTime == "unset" || empty($sambaKickoffTime)){
784 $sambaKickoffTime = "<i>("._("unset").")</i>";
785 }
787 /* sambaPwdMustChange: Timestamp of when the password will expire
788 */
789 if($sambaPwdMustChange == "unset" || empty($sambaPwdMustChange)){
790 $sambaPwdMustChange = "<i>("._("unset").")</i>";
791 }
793 /* sambaPwdCanChange: Timestamp of when the user is allowed to update the password
794 */
795 if($sambaPwdCanChange == "unset" || empty($sambaPwdCanChange)){
796 $sambaPwdCanChange = "<i>("._("unset").")</i>";
797 }elseif($sambaPwdCanChange != "unset" && time() > $sambaPwdCanChange){
798 $sambaPwdCanChange = _("immediately") ;
799 }else{
800 $days = floor((($sambaPwdCanChange - time()) / 60 / 60 / 24)) ;
801 $hours = floor((($sambaPwdCanChange - time()) / 60 / 60) % 24) ;
802 $minutes = floor((($sambaPwdCanChange - time()) / 60 ) % 60) ;
804 $sambaPwdCanChange = " ".$days." "._("days");
805 $sambaPwdCanChange.= " ".$hours." "._("hours");
806 $sambaPwdCanChange.= " ".$minutes." "._("minutes");
807 }
809 $str =
810 "\n<div style='height:200px; overflow: auto;'>".
811 "\n<table style='width:100%;'>".
812 "\n<tr><td><b>"._("Domain attributes")."</b></td></tr>".
813 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
814 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
815 "\n<tr><td>"._("Password history").": </td><td>".$sambaPwdHistoryLength."</td></tr>".
816 "\n<tr><td>"._("Force password change").": </td><td>".$sambaLogonToChgPwd."</td></tr>".
817 "\n<tr><td>"._("Maximum password age").": </td><td>".$sambaMaxPwdAge."</td></tr>".
818 "\n<tr><td>"._("Minimum password age").": </td><td>".$sambaMinPwdAge."</td></tr>".
819 "\n<tr><td>"._("Lockout duration").": </td><td>".$sambaLockoutDuration."</td></tr>".
820 "\n<tr><td>"._("Bad lockout attempt").": </td><td>".$sambaLockoutThreshold."</td></tr>".
821 "\n<tr><td>"._("Disconnect time").": </td><td>".$sambaForceLogoff."</td></tr>".
822 "\n<tr><td>"._("Refuse machine password change").":</td><td>".$sambaRefuseMachinePwdChange."</td></tr>".
823 "\n<tr><td> </td></tr>".
824 "\n<tr><td><b>"._("User attributes")."</b></td></tr>".
825 "\n<tr><td>"._("SID").": </td><td>".$sambaSID."</td></tr>".
826 "\n<tr><td>"._("Last failed login").": </td><td>".$sambaBadPasswordTime."</td></tr>".
827 "\n<tr><td>"._("Logon attempts").": </td><td>".$sambaBadPasswordCount."</td></tr>".
828 "\n<tr><td>"._("Last password update").": </td><td>".$sambaPwdLastSet."</td></tr>".
829 "\n<tr><td>"._("Last logon").": </td><td>".$sambaLogonTime."</td></tr>".
830 "\n<tr><td>"._("Last logoff").": </td><td>".$sambaLogoffTime."</td></tr>".
831 "\n<tr><td>"._("Automatic logoff").": </td><td>".$sambaKickoffTime."</td></tr>";
833 if($this->no_expiry){
834 $str .= "\n<tr><td>"._("Password expires").": </td><td>"._("No")."</td></tr>";
835 $str .= "\n<tr><td colspan='2'><font color='gray'>".
836 sprintf(_("The password would expire on %s, but the password expiry is disabled."),$sambaPwdMustChange).
837 "</font></td></tr>";
838 }else{
839 $str .= "\n<tr><td>"._("Password expires").": </td><td>".$sambaPwdMustChange."</td></tr>";
840 }
842 $str .= "\n<tr><td>"._("Password change available").": </td><td>".$sambaPwdCanChange."</td></tr>".
843 "\n</table>";
844 "\n</div>";
845 return($str);
846 }
849 function remove_from_parent()
850 {
851 /* Cancel if there's nothing to do here */
852 if (!$this->initially_was_account){
853 return;
854 }
856 /* include global link_info */
857 $ldap= $this->config->get_ldap_link();
859 plugin::remove_from_parent();
861 /* Keep uid attribute for gosaAccount */
862 unset($this->attrs['uid']);
863 unset($this->attrs['uidNumber']);
864 unset($this->attrs['gidNumber']);
866 /* Remove objectClass for sambaIdmapEntry */
867 $tmp= array();
868 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
869 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
870 $tmp[]= $this->attrs['objectClass'][$i];
871 }
872 }
873 $this->attrs['objectClass']= $tmp;
875 @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
876 $this->attributes, "Save");
877 $ldap->cd($this->dn);
878 $this->cleanup();
879 $ldap->modify ($this->attrs);
881 new log("remove","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
883 if (!$ldap->success()){
884 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
885 }
887 /* Optionally execute a command after we're done */
888 $this->handle_post_events("remove", array("uid" => $this->uid));
889 }
892 /* Check for input problems */
893 function check()
894 {
895 /* Call common method to give check the hook */
896 $message= plugin::check();
898 /* sambaHomePath requires sambaHomeDrive and vice versa */
899 if(!empty($this->sambaHomePath) && empty($this->sambaHomeDrive)){
900 $message[]= msgPool::required(_("Home drive"));
901 }
902 if(!empty($this->sambaHomeDrive) && empty($this->sambaHomePath)){
903 $message[]= msgPool::required(_("Home path"));
904 }
906 /* Strings */
907 foreach (array( "sambaHomePath" => _("Home directory"),
908 "sambaProfilePath" => _("Profile path")) as $key => $val){
909 if (!$this->mungedObject->is_samba_path($this->$key)){
910 $message[]= msgPool::invalid($val);
911 }
912 }
914 /* Numeric values */
915 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
916 "CtxMaxDisconnectionTime" => _("Disconnection"),
917 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
919 if (isset($this->mungedObject->ctx[$key]) && !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
920 $message[]= msgPool::invalid($val);
921 }
922 }
924 /* Check dates */
925 if (!tests::is_date($this->sambaKickoffTime)){
926 $message[]= msgPool::invalid(_("Account expires after"), $this->sambaKickoffTime,"" ,"23.02.2009");
927 }
928 if (!tests::is_date($this->sambaPwdMustChange)){
929 $message[]= msgPool::invalid(_("Password expires on"), $this->sambaPwdMustChange,"" ,"23.02.2009");
930 }
932 /* Too many workstations? Windows usrmgr only supports eight */
933 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
934 $message[]= _("The windows usermanager allows eight clients at maximum!");
935 }
937 return ($message);
938 }
941 /* Save data to object */
942 function save_object()
943 {
944 /* We only care if we are on the sambaTab... */
945 if (isset($_POST['sambaTab'])){
946 plugin::save_object();
948 if(isset($_POST['display_information'])){
949 msg_dialog::display(_("Information"),
950 $this->get_samba_information(),
951 INFO_DIALOG);
952 }
954 /* Take care about access options */
955 if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){
956 $attrname= "sambaPwdCanChange";
957 if (isset($_POST["allow_pwchange"]) && $_POST["allow_pwchange"] == 1){
958 $tmp= 1;
959 } else {
960 $tmp= 0;
961 }
962 if ($this->$attrname != $tmp){
963 $this->is_modified= TRUE;
964 }
965 $this->sambaPwdCanChange= $tmp;
966 }
967 $tmp= "U";
969 $this->no_expiry = FALSE;
970 if (isset($_POST["no_expiry"])){
971 if ($_POST["no_expiry"] == 1){
972 $tmp.= "X";
973 $this->no_expiry = TRUE;
974 }
975 }
977 $this->no_password_required = FALSE;
978 if (isset($_POST["no_password_required"])){
979 if ($_POST["no_password_required"] == 1){
980 $tmp.= "N";
981 $this->no_password_required = TRUE;
982 }
983 }
984 if (isset($_POST["password_expires"])){
985 if ($_POST["password_expires"] == 1){
986 $this->password_expires= 1;
987 }
988 } else {
989 $this->password_expires= 0;
990 }
991 $this->temporary_disable = FALSE;
992 if (isset($_POST["temporary_disable"])){
993 if ($_POST["temporary_disable"] == 1){
994 $this->temporary_disable = TRUE;
995 if (is_integer(strpos($this->sambaAcctFlags, "L"))) {
996 $tmp.= "L";
997 } else {
998 $tmp.= "D";
999 }
1000 }
1001 }
1002 if (isset($_POST["logon_time_set"])){
1003 if ($_POST["logon_time_set"] == 1){
1004 $this->logon_time_set= 1;
1005 }
1006 } else {
1007 $this->logon_time_set= 0;
1008 }
1009 if (isset($_POST["logoff_time_set"])){
1010 if ($_POST["logoff_time_set"] == 1){
1011 $this->logoff_time_set= 1;
1012 }
1013 } else {
1014 $this->logoff_time_set= 0;
1015 }
1016 if (isset($_POST["kickoff_time_set"])){
1017 if ($_POST["kickoff_time_set"] == 1){
1018 $this->kickoff_time_set= 1;
1019 }
1020 } else {
1021 $this->kickoff_time_set= 0;
1022 }
1024 $fill= "";
1025 for ($i= strlen($tmp); $i<12; $i++){
1026 $fill.= " ";
1027 }
1029 $tmp= "[$tmp$fill]";
1031 /* Only save if acl's are set */
1032 if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){
1033 $attrname= "sambaAcctFlags";
1034 if ($this->$attrname != $tmp){
1035 $this->is_modified= TRUE;
1036 }
1037 $this->$attrname= $tmp;
1038 }
1040 /* Save sambaDomain attribute */
1041 if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
1042 $this->sambaDomainName= validate($_POST['sambaDomainName']);
1043 }
1045 /* Save CTX values */
1046 /* Save obvious values */
1047 foreach($this->ctxattributes as $val){
1048 if (isset($_POST[$val]) && $this->acl_is_writeable("AllowLoginOnTerminalServer")){
1049 if (get_magic_quotes_gpc()) {
1050 $this->mungedObject->ctx[$val]= stripcslashes(validate($_POST[$val]));
1051 } else {
1052 $this->mungedObject->ctx[$val]= validate($_POST[$val]);
1053 }
1054 }
1055 }
1057 /* Save checkbox states. */
1058 $this->mungedObject->setTsLogin(!isset($_POST['tslogin'])
1059 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1060 // Need to do some index checking to avoid messages like "index ... not found"
1061 if(isset($_POST['brokenconn'])) {
1062 $this->mungedObject->setBrokenConn($_POST['brokenconn'] == '1'
1063 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1064 }
1065 if(isset($_POST['reconn'])) {
1066 $this->mungedObject->setReConn($_POST['reconn'] == '1'
1067 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1068 }
1069 $this->mungedObject->setInheritMode(isset($_POST['inherit'])
1070 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1071 $this->mungedObject->setCtxMaxConnectionTimeF(!isset($_POST['CtxMaxConnectionTimeF'])
1072 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1073 $this->mungedObject->setCtxMaxDisconnectionTimeF(
1074 !isset($_POST['CtxMaxDisconnectionTimeF'])
1075 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1076 $this->mungedObject->setCtxMaxIdleTimeF(!isset($_POST['CtxMaxIdleTimeF'])
1077 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1078 $this->mungedObject->setConnectClientDrives(isset($_POST['connectclientdrives'])
1079 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1080 $this->mungedObject->setConnectClientPrinters(isset($_POST['connectclientprinters'])
1081 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1082 $this->mungedObject->setDefaultPrinter(isset($_POST['defaultprinter'])
1083 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1085 /* Save combo boxes. Takes two values */
1086 if(isset($_POST['reconn'])) {
1087 $this->mungedObject->setShadow(isset($_POST['shadow']) && $this->acl_is_writeable("AllowLoginOnTerminalServer"),$_POST['shadow']);
1088 }
1090 /* Check for changes */
1091 if ($this->sambaMungedDial != $this->mungedObject->getMunged()){
1092 $this->is_modified= TRUE;
1093 }
1095 }
1096 }
1099 /* Save to LDAP */
1100 function save()
1101 {
1102 /* Load uid and gid of this 'dn' */
1103 $ldap= $this->config->get_ldap_link();
1104 $ldap->cat($this->dn, array('uidNumber', 'gidNumber'));
1105 $tmp= $ldap->fetch();
1106 $this->uidNumber= $tmp['uidNumber'][0];
1107 $this->gidNumber= $tmp['gidNumber'][0];
1109 plugin::save();
1111 /* Remove objectClass for sambaIdmapEntry */
1112 $tmp= array();
1113 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
1114 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
1115 $tmp[]= $this->attrs['objectClass'][$i];
1116 }
1117 }
1118 $this->attrs['objectClass']= $tmp;
1120 /* Generate rid / primaryGroupId */
1121 if (!isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
1122 msg_dialog::display(_("Warning"), _("Undefined Samba SID detected. Please fix this problem manually!"), WARNING_DIALOG);
1123 } else {
1124 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
1125 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
1126 }
1128 /* Need to generate a new uniqe uid/gid combination? */
1129 if ($this->sambaSID == "" || $this->orig_sambaDomainName != $this->sambaDomainName){
1130 $uidNumber= $this->uidNumber;
1131 while(TRUE){
1132 $sid= $this->SID."-".($uidNumber*2 + $this->ridBase);
1133 $ldap->cd($this->config->current['BASE']);
1134 $ldap->search("(sambaSID=$sid)", array("sambaSID"));
1135 if ($ldap->count() == 0){
1136 break;
1137 }
1138 $uidNumber++;
1139 }
1140 $this->attrs['sambaSID']= $sid;
1142 /* Check for users primary group */
1143 $ldap->cd($this->config->current['BASE']);
1144 $ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
1145 if ($ldap->count() != 1){
1146 msg_dialog::display(_("Warning"), _("Cannot convert primary group to samba group: group cannot be identified!"), WARNING_DIALOG);
1147 } else {
1148 $attrs= $ldap->fetch();
1149 $g= new group($this->config, $ldap->getDN());
1150 if ($g->sambaSID == ""){
1151 $g->sambaDomainName= $this->sambaDomainName;
1152 $g->smbgroup= TRUE;
1153 $g->save ();
1154 }
1155 $this->attrs['sambaPrimaryGroupSID']= $g->sambaSID;
1156 }
1157 }
1159 if ($this->sambaHomeDrive == ""){
1160 $this->attrs["sambaHomeDrive"]= array();
1161 }
1163 /* Generate munged dial value */
1164 $this->attrs["sambaMungedDial"]= $this->mungedObject->getMunged();
1166 /* User wants me to fake the idMappings? This is useful for
1167 making winbind resolve the user names in a reasonable amount
1168 of time in combination with larger databases. */
1169 if ($this->config->get_cfg_value("sambaidmapping") == "true"){
1170 $this->attrs['objectClass'][]= "sambaIdmapEntry";
1171 }
1174 /* Password expiery */
1175 if ($this->password_expires == "1"){
1176 #TODO: check for date format
1177 if ($this->attrs['sambaPwdMustChange'] == ""){
1178 $this->attrs['sambaPwdMustChange']= 0;
1179 } else {
1180 list($day, $month, $year)= explode('.', $this->sambaPwdMustChange);
1181 $this->attrs['sambaPwdMustChange']= mktime(0,0,0,$month, $day, $year);
1182 }
1183 } else {
1184 $this->attrs['sambaPwdMustChange']= array();
1185 }
1186 /* Make sure not to save zero in sambaPwdLastset */
1187 if ($this->sambaPwdLastSet != "0"){
1188 $this->attrs['sambaPwdLastSet']= $this->sambaPwdLastSet;
1189 } else {
1190 $this->attrs['sambaPwdLastSet']= array();
1191 }
1192 /* Account expiery */
1193 if ($this->logon_time_set == "1"){
1194 $this->attrs['sambaLogonTime']= $this->sambaLogonTime;
1195 } else {
1196 $this->attrs['sambaLogonTime']= array();
1197 }
1198 if ($this->logoff_time_set == "1"){
1199 $this->attrs['sambaLogoffTime']= $this->sambaLogoffTime;
1200 } else {
1201 $this->attrs['sambaLogoffTime']= array();
1202 }
1203 if ($this->kickoff_time_set == "1"){
1204 /* Adapt values to be timestamps */
1205 #TODO: check for date format
1206 if ($this->attrs['sambaKickoffTime'] == ""){
1207 $this->attrs['sambaKickoffTime']= 2147483647;
1208 } else {
1209 list($day, $month, $year)= explode('.', $this->sambaKickoffTime);
1210 $this->attrs['sambaKickoffTime']= mktime(0,0,0,$month, $day, $year);
1211 }
1212 } else {
1213 $this->attrs['sambaKickoffTime']= array();
1214 }
1216 /* Write back to ldap */
1217 $ldap->cd($this->dn);
1218 $this->cleanup();
1219 $ldap->modify ($this->attrs);
1221 if($this->initially_was_account){
1222 new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1223 }else{
1224 new log("create","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1225 }
1227 if (!$ldap->success()){
1228 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
1229 }
1231 /* Optionally execute a command after we're done */
1232 if ($this->initially_was_account == $this->is_account){
1233 if ($this->is_modified){
1234 $this->handle_post_events("modify", array("uid" => $this->uid));
1235 }
1236 } else {
1237 $this->handle_post_events("add", array("uid" => $this->uid));
1238 }
1239 }
1242 /* Force password set, if this account doesn't have any samba passwords */
1243 function password_change_needed()
1244 {
1245 if(!$this->initially_was_account && $this->is_account){
1246 $ldap = $this->config->get_ldap_link();
1247 $ldap->cat($this->dn,array("sambaLMPassword","sambaNTPassword"));
1248 $attrs = $ldap->fetch();
1249 if(!isset($attrs['sambaLMPassword']) || !isset($attrs['sambaNTPassword'])){
1250 return(TRUE);
1251 }
1252 }
1253 return(FALSE);
1254 }
1257 function adapt_from_template($dn, $skip= array())
1258 {
1259 plugin::adapt_from_template($dn, $skip);
1262 $this->sambaSID= "";
1263 $this->sambaPrimaryGroupSID= "";
1265 /* Fill mungedDial field */
1266 if (isset($this->attrs['sambaMungedDial']) && !in_array('sambaMungedDial', $skip)){
1267 $this->mungedObject->load($this->sambaMungedDial);
1268 }
1270 /* Adapt munged attributes */
1271 foreach($this->ctxattributes as $attr){
1272 if(isset($this->mungedObject->ctx[$attr]))
1273 $val = $this->mungedObject->ctx[$attr];
1275 foreach (array("sn", "givenName", "uid") as $repl){
1276 if (preg_match("/%$repl/i", $val)){
1277 $val= preg_replace ("/%$repl/i", $this->parent->$repl, $val);
1278 }
1279 }
1280 $this->mungedObject->ctx[$attr] = $val;
1281 }
1283 /* Password expiery */
1284 if(isset($this->attrs['sambaPwdMustChange']) &&
1285 $this->attrs['sambaPwdMustChange'][0] != 0 && !in_array('sambaPwdMustChange', $skip)){
1286 $this->password_expires= 1;
1287 }
1289 if(isset($this->attrs['sambaLogonTime']) && ! (
1290 $this->attrs['sambaLogonTime'][0] == 0 ||
1291 $this->attrs['sambaLogonTime'][0] == 2147483647
1292 ) && !in_array('sambaLogonTime', $skip)){
1293 $this->logon_time_set= 1;
1294 }
1295 if(isset($this->attrs['sambaLogoffTime']) && ! (
1296 $this->attrs['sambaLogoffTime'][0] == 0 ||
1297 $this->attrs['sambaLogoffTime'][0] == 2147483647
1298 ) && !in_array('sambaLogonTime', $skip)){
1299 $this->logoff_time_set= 1;
1300 }
1302 /* Account expiery */
1303 if(isset($this->attrs['sambaKickoffTime']) && ! (
1304 $this->attrs['sambaKickoffTime'][0] == 0 ||
1305 $this->attrs['sambaKickoffTime'][0] == 2147483647
1306 ) && !in_array('sambaKickoffTime', $skip)){
1307 $this->kickoff_time_set= 1;
1308 }
1310 /* Get global filter config */
1311 if (!session::is_set("sambafilter")){
1312 $ui= get_userinfo();
1313 $base= get_base_from_people($ui->dn);
1314 $sambafilter= array( "depselect" => $base, "regex" => "*");
1315 session::set("sambafilter", $sambafilter);
1316 }
1317 }
1320 static function plInfo()
1321 {
1322 return (array(
1323 "plShortName" => _("Samba"),
1324 "plDescription" => _("Samba settings"),
1325 "plSelfModify" => TRUE,
1326 "plDepends" => array("user"),
1327 "plPriority" => 5,
1328 "plSection" => array("personal" => _("My account")),
1329 "plCategory" => array("users"),
1330 "plOptions" => array(),
1332 "plProvidedAcls" => array(
1334 "sambaHomePath" => _("Generic home directory") ,
1335 "sambaHomeDrive" => _("Generic samba home drive") ,
1336 "sambaDomainName" => _("Domain") ,
1337 "sambaLogonScript" => _("Generic script path") ,
1338 "sambaProfilePath" => _("Generic profile path") ,
1339 "AllowLoginOnTerminalServer" => _("Allow login on terminal server"),
1340 "InheritClientConfig" => _("Inherit client config"),
1341 "sambaPwdCanChange" => _("Allow user to change password") ,
1342 "sambaAcctFlagsN" => _("Login from windows client requires no password"),
1343 "sambaAcctFlagsX" => _("Password never expires"),
1344 "sambaAcctFlagsL" => _("Lock samba account"),
1345 "sambaKickoffTime" => _("Account expires") ,
1346 "sambaPwdMustChange" => _("Password expires") ,
1347 "sambaLogonTime" => _("Limit Logon Time") ,
1348 "sambaLogoffTime" => _("Limit Logoff Time") ,
1349 "sambaLogonHours" => _("Logon hours") ,
1350 "sambaUserWorkstations" => _("Allow connection from"))
1351 ));
1352 }
1354 function enable_multiple_support()
1355 {
1356 plugin::enable_multiple_support();
1357 $this->multiple_support_active = TRUE;
1358 }
1360 function multiple_save_object()
1361 {
1362 if (isset($_POST['sambaTab'])){
1363 $this->save_object();
1364 plugin::multiple_save_object();
1365 foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
1366 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF","CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
1367 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
1368 "onnectclientprinters","defaultprinter","shadow","brokenconn",
1369 "reconn","allow_pwchange","connectclientprinters","no_expiry","no_password_required","temporary_disable",
1370 "password_expires","logon_time_set","logoff_time_set","kickoff_time_set","SetSambaLogonHours",
1371 "workstation_list") as $attr){
1372 if(isset($_POST["use_".$attr])){
1373 $this->multi_boxes[] = $attr;
1374 }
1375 }
1376 }
1377 }
1380 function multiple_check()
1381 {
1382 $message = plugin::multiple_check();
1384 /* Strings */
1385 foreach (array( "sambaHomePath" => _("Home directory"),
1386 "sambaProfilePath" => _("Profile path")) as $key => $val){
1387 if (in_array($key,$this->multi_boxes) && !$this->mungedObject->is_samba_path($this->$key)){
1388 $message[]= msgPool::invalid($val);
1389 }
1390 }
1392 /* Numeric values */
1393 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
1394 "CtxMaxDisconnectionTime" => _("Disconnection"),
1395 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
1396 if (in_array($key,$this->multi_boxes) &&
1397 isset($this->mungedObject->ctx[$key]) &&
1398 !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
1399 $message[]=msgPool::invalid($val);
1400 }
1401 }
1403 /* Too many workstations? Windows usrmgr only supports eight */
1404 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
1405 $message[]= _("The windows user manager only allows eight clients. You've specified more than eight.");
1406 }
1407 return($message);
1408 }
1411 function get_multi_init_values()
1412 {
1413 $ret = plugin::get_multi_init_values();
1415 /* Parse given sambaUserWorkstations into array
1416 * to allow "init_multiple_support()" to detect multiple used workstations.
1417 * Those workstations will be displayed in light grey.
1418 */
1419 $tmp2 = array("count" => 0);
1420 $tmp = explode(",", $this->sambaUserWorkstations);
1421 foreach($tmp as $station){
1422 $station = trim($station);
1423 if(!empty($station)){
1424 $tmp2[] = $station;
1425 $tmp2['count'] ++;
1426 }
1427 }
1428 $ret['sambaUserWorkstations'] = $tmp2;
1429 return($ret);
1430 }
1434 function init_multiple_support($attrs,$all)
1435 {
1436 plugin::init_multiple_support($attrs,$all);
1438 $this->multiple_sambaUserWorkstations = array();
1439 if(isset($all['sambaUserWorkstations'])){
1440 for($i = 0 ; $i < $all['sambaUserWorkstations']['count'] ; $i++){
1441 $station = trim($all['sambaUserWorkstations'][$i]);
1442 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => FALSE);
1443 }
1444 }
1445 if(isset($attrs['sambaUserWorkstations'])){
1446 for($i = 0 ; $i < $attrs['sambaUserWorkstations']['count'] ; $i++){
1447 $station = trim($attrs['sambaUserWorkstations'][$i]);
1448 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1449 }
1450 }
1451 }
1453 function multiple_execute()
1454 {
1455 return($this->execute());
1456 }
1458 function get_multi_edit_values()
1459 {
1460 $ret = plugin::get_multi_edit_values();
1462 /* Terminal Server */
1463 if(in_array("tslogin",$this->multi_boxes)){
1464 $ret['tslogin'] = $this->mungedObject->getTsLogin();
1465 }
1466 if(in_array("CtxWFHomeDirDrive",$this->multi_boxes)){
1467 $ret['CtxWFHomeDirDrive'] = $this->mungedObject->ctx['CtxWFHomeDirDrive'];
1468 }
1469 if(in_array("CtxWFHomeDir",$this->multi_boxes)){
1470 $ret['CtxWFHomeDir'] = $this->mungedObject->ctx['CtxWFHomeDir'];
1471 }
1472 if(in_array("CtxWFProfilePath",$this->multi_boxes)){
1473 $ret['CtxWFProfilePath'] = $this->mungedObject->ctx['CtxWFProfilePath'];
1474 }
1476 if(in_array("inherit",$this->multi_boxes)){
1477 $ret['inherit'] = $this->mungedObject->getInheritMode();
1478 }
1479 if(in_array("CtxInitialProgram",$this->multi_boxes)){
1480 $ret['CtxInitialProgram'] = $this->mungedObject->ctx['CtxInitialProgram'];
1481 }
1482 if(in_array("CtxWorkDirectory",$this->multi_boxes)){
1483 $ret['CtxWorkDirectory'] = $this->mungedObject->ctx['CtxWorkDirectory'];
1484 }
1486 /* Time Limits. Be careful here, there are some negations */
1487 if(in_array("CtxMaxConnectionTimeF",$this->multi_boxes)){
1488 $ret["CtxMaxConnectionTimeF"] = !$this->mungedObject->getCtxMaxConnectionTimeF();
1489 if(!$ret["CtxMaxConnectionTimeF"]){
1490 $ret["CtxMaxConnectionTime"] = $this->mungedObject->ctx['CtxMaxConnectionTime'];
1491 }
1492 }
1493 if(in_array("CtxMaxDisconnectionTimeF",$this->multi_boxes)){
1494 $ret["CtxMaxDisconnectionTimeF"]= !$this->mungedObject->getCtxMaxDisconnectionTimeF();
1495 if(!$ret["CtxMaxDisconnectionTimeF"]){
1496 $ret["CtxMaxDisconnectionTime"]= $this->mungedObject->ctx['CtxMaxDisconnectionTime'];
1497 }
1498 }
1499 if(in_array("CtxMaxIdleTimeF",$this->multi_boxes)){
1500 $ret["CtxMaxIdleTimeF"] = !$this->mungedObject->getCtxMaxIdleTimeF();
1501 if(!$ret["CtxMaxIdleTimeF"]){
1502 $ret["CtxMaxIdleTime"] = $this->mungedObject->ctx['CtxMaxIdleTime'];
1503 }
1504 }
1506 /* Client Devices */
1507 if(in_array("connectclientdrives",$this->multi_boxes)){
1508 $ret["connectclientdrives"] = $this->mungedObject->getConnectClientDrives();
1509 }
1510 if(in_array("connectclientprinters",$this->multi_boxes)){
1511 $ret["connectclientprinters"] = $this->mungedObject->getConnectClientPrinters();
1512 }
1513 if(in_array("defaultprinter",$this->multi_boxes)){
1514 $ret["defaultprinter"] = $this->mungedObject->getDefaultPrinter();
1515 }
1517 /* Misc */
1518 if(in_array("shadow",$this->multi_boxes)){
1519 $ret["shadow"] =$this->mungedObject->getShadow();
1520 }
1521 if(in_array("brokenconn",$this->multi_boxes)){
1522 $ret["brokenconn"]=$this->mungedObject->getBrokenConn();
1523 }
1524 if(in_array("reconn",$this->multi_boxes)){
1525 $ret["reconn"] =$this->mungedObject->getReConn();
1526 }
1528 /* Flags */
1529 if(in_array("allow_pwchange",$this->multi_boxes)){
1530 $ret['sambaPwdCanChange'] = $this->sambaPwdCanChange;
1531 }
1533 if(in_array("password_expires",$this->multi_boxes)){
1534 $ret['password_expires'] = $this->password_expires;
1535 $ret['sambaPwdMustChange']= $this->sambaPwdMustChange;
1536 }
1537 if(in_array("logon_time_set",$this->multi_boxes)){
1538 $ret['logon_time_set'] = $this->logon_time_set;
1539 $ret['sambaLogonTime'] = $this->sambaLogonTime;
1540 }
1541 if(in_array("logoff_time_set",$this->multi_boxes)){
1542 $ret['logoff_time_set'] = $this->logoff_time_set;
1543 $ret['sambaLogoffTime'] = $this->sambaLogoffTime;
1544 }
1545 if(in_array("kickoff_time_set",$this->multi_boxes)){
1546 $ret['kickoff_time_set'] = $this->kickoff_time_set;
1547 $ret['sambaKickoffTime'] = $this->sambaKickoffTime;
1548 }
1550 if(in_array("no_password_required",$this->multi_boxes)){
1551 $ret['no_password_required'] = $this->no_password_required;
1552 }
1554 if(in_array("no_expiry",$this->multi_boxes)){
1555 $ret['no_expiry'] = $this->no_expiry;
1556 }
1558 if(in_array("temporary_disable",$this->multi_boxes)){
1559 $ret['temporary_disable'] = $this->temporary_disable;
1560 }
1562 if(in_array("SetSambaLogonHours",$this->multi_boxes)){
1563 $ret['sambaLogonHours'] = $this->sambaLogonHours;
1564 }
1566 if(in_array("workstation_list",$this->multi_boxes)){
1567 $ret['multiple_sambaUserWorkstations'] = $this->multiple_sambaUserWorkstations;
1568 }
1569 return($ret);
1570 }
1572 function set_multi_edit_values($values)
1573 {
1574 plugin::set_multi_edit_values($values);
1576 /* Prepare current workstation settings to be merged
1577 * with multiple edit settings.
1578 */
1579 if(isset($values['multiple_sambaUserWorkstations'])){
1580 $cur_ws = array();
1581 $m_ws = $values['multiple_sambaUserWorkstations'];
1583 /* Prepare current settings to be merged */
1584 if(isset($this->sambaUserWorkstations)){
1585 $ttmp = explode(",",$this->sambaUserWorkstations);
1586 foreach($ttmp as $station){
1587 $station = trim($station);
1588 if(!empty($station)){
1589 $cur_ws[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1590 }
1591 }
1592 }
1594 /* Unset removed workstations */
1595 foreach($cur_ws as $cur_name => $cur_station){
1596 if(!isset($m_ws[$cur_name])){
1597 unset($cur_ws[$cur_name]);
1598 }
1599 }
1601 /* Add all added workstations */
1602 foreach($m_ws as $name => $station){
1603 if($station['UsedByAllUsers']){
1604 $cur_ws[$name] = $station;
1605 }
1606 }
1608 $this->sambaUserWorkstations = "";
1609 foreach($cur_ws as $name => $ws){
1610 $this->sambaUserWorkstations .= $name.",";
1611 }
1612 $this->sambaUserWorkstations=preg_replace("/,$/","",$this->sambaUserWorkstations);
1613 }
1615 /* Enable disabled terminal login, this is inverted somehow */
1616 if(isset($values['tslogin'])) $this->mungedObject->setTsLogin(!$values['tslogin']);
1618 /* Imherit client configuration */
1619 if(isset($values['inherit'])) $this->mungedObject->setInheritMode($values['inherit']);
1621 /* Get all ctx values posted */
1622 $ctx = array("CtxWFHomeDirDrive","CtxWFHomeDir","CtxWFProfilePath","CtxInitialProgram","CtxWorkDirectory",
1623 "CtxMaxConnectionTime","CtxMaxDisconnectionTime","CtxMaxIdleTime");
1624 foreach($ctx as $attr){
1625 if(isset($values[$attr])){
1626 $this->mungedObject->ctx[$attr] = $values[$attr] ;
1627 }
1628 }
1630 if(isset($values['CtxMaxConnectionTimeF'])) $this->mungedObject->setCtxMaxConnectionTimeF($values['CtxMaxConnectionTimeF']);
1631 if(isset($values['CtxMaxDisconnectionTimeF']))$this->mungedObject->setCtxMaxDisconnectionTimeF($values['CtxMaxDisconnectionTimeF']);
1632 if(isset($values['CtxMaxIdleTimeF'])) $this->mungedObject->setCtxMaxIdleTimeF($values['CtxMaxIdleTimeF']);
1634 if(isset($values['connectclientdrives'])) $this->mungedObject->setConnectClientDrives($values['connectclientdrives']);
1635 if(isset($values['connectclientprinters'])) $this->mungedObject->setConnectClientPrinters($values['connectclientprinters']);
1636 if(isset($values['defaultprinter'])) $this->mungedObject->setDefaultPrinter($values['defaultprinter']);
1638 if(isset($values['shadow'])) $this->mungedObject->setShadow($values['shadow'],$values['shadow']);
1639 if(isset($values['brokenconn'])) $this->mungedObject->setBrokenConn($values['brokenconn'],$values['brokenconn']);
1640 if(isset($values['reconn'])) $this->mungedObject->setReConn($values['reconn'],$values['reconn']);
1643 if(isset($values['sambaPwdCanChange'])) $this->sambaPwdCanChange = $values['sambaPwdCanChange'];
1648 if(isset($values['password_expires'])){
1649 $this->password_expires = $values['password_expires'];
1650 $this->sambaPwdMustChange = $values['sambaPwdMustChange'];
1651 }
1652 if(isset($values['logon_time_set'])){
1653 $this->logon_time_set = $values['logon_time_set'];
1654 $this->sambaLogonTime = $values['sambaLogonTime'];
1655 }
1656 if(isset($values['logoff_time_set'])){
1657 $this->logoff_time_set = $values['logoff_time_set'];
1658 $this->sambaLogoffTime = $values['sambaLogoffTime'];
1659 }
1660 if(isset($values['kickoff_time_set'])){
1661 $this->kickoff_time_set = $values['kickoff_time_set'];
1662 $this->sambaKickoffTime = $values['sambaKickoffTime'];
1663 }
1665 if(isset($values['no_password_required'])){
1666 if($values['no_password_required']){
1667 if(!preg_match("/N/",$this->sambaAcctFlags)) {
1668 $this->sambaAcctFlags = preg_replace("/ /","N",$this->sambaAcctFlags,1);
1669 }
1670 }else{
1671 $this->sambaAcctFlags = preg_replace("/N/"," ",$this->sambaAcctFlags,1);
1672 }
1673 }
1675 if(isset($values['no_expiry'])){
1676 if($values['no_expiry']){
1677 if(!preg_match("/N/",$this->sambaAcctFlags)) {
1678 $this->sambaAcctFlags = preg_replace("/ /","N",$this->sambaAcctFlags,1);
1679 }
1680 }else{
1681 $this->sambaAcctFlags = preg_replace("/N/"," ",$this->sambaAcctFlags,1);
1682 }
1683 }
1685 if(isset($values['temporary_disable'])){
1686 if($values['temporary_disable']){
1687 if(preg_match("/L/",$this->sambaAcctFlags)) {
1688 // Keep L
1689 }else{
1690 $this->sambaAcctFlags = preg_replace("/ /","D",$this->sambaAcctFlags,1);
1691 }
1692 }else{
1693 $this->sambaAcctFlags = preg_replace("/D/"," ",$this->sambaAcctFlags,1);
1694 }
1695 }
1696 }
1699 function PrepareForCopyPaste($source)
1700 {
1701 plugin::PrepareForCopyPaste($source);
1703 /* Set a new SID */
1704 $this->sambaSID = "";
1705 }
1707 }
1709 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1710 ?>