![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2004-2005 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 class sambaAccount extends plugin
22 {
23 /* Definitions */
24 var $plHeadline= "Samba";
25 var $plDescription= "This does something";
26 var $view_logged = FALSE;
27 var $password_expires= 0;
29 /* Switch for Samba version */
30 var $uidNumber= 65535;
31 var $gidNumber= 65535;
33 /* Samba attributes */
34 var $SID= "";
35 var $ridBase= 0;
36 var $sambaSID= "";
37 var $sambaPwdLastSet= "0";
38 var $sambaLogonTime= "0";
39 var $sambaLogoffTime= "2147483647";
40 var $sambaKickoffTime= "2147483647";
41 var $sambaPwdCanChange= "";
42 var $sambaPwdMustChange= "0";
43 var $sambaAcctFlags= "[UX ]";
44 var $sambaHomePath= "";
45 var $sambaHomeDrive= "";
46 var $sambaLogonScript= "";
47 var $sambaProfilePath= "";
48 var $sambaPrimaryGroupSID= "";
49 var $sambaDomainName= "";
50 var $sambaUserWorkstations= "";
51 var $sambaBadPasswordCount= "";
52 var $sambaBadPasswordTime= "";
53 var $sambaPasswordHistory= "";
54 var $sambaLogonHours= "";
55 var $orig_sambaDomainName= "";
56 var $sambaMungedDial= "";
57 var $mungedObject;
59 /* Helper */
60 var $cache = array();
61 var $trustSelect= FALSE;
62 var $logon_time_set= 0;
63 var $logoff_time_set= 0;
64 var $kickoff_time_set= 0;
66 /* attribute list for save action */
67 var $ctxattributes= array();
68 var $attributes= array("sambaSID", "sambaPwdLastSet", "sambaLogonTime",
69 "sambaLogoffTime", "sambaKickoffTime", "sambaPwdCanChange",
70 "sambaPwdMustChange", "sambaAcctFlags", "uid", "sambaMungedDial",
71 "sambaHomePath", "sambaHomeDrive", "sambaLogonScript",
72 "sambaProfilePath", "sambaPrimaryGroupSID", "sambaDomainName",
73 "sambaUserWorkstations", "sambaPasswordHistory",
74 "sambaLogonHours", "sambaBadPasswordTime",
75 "sambaBadPasswordCount");
76 var $objectclasses= array('sambaSamAccount');
78 var $uid= "";
79 var $CopyPasteVars = array("kickoff_time_set","logoff_time_set","logon_time_set","mungedObject","orig_sambaDomainName");
81 var $multiple_support = TRUE;
83 /* Only used for multiple edit */
84 var $temporary_disable = FALSE;
85 var $no_password_required = FALSE;
86 var $no_expiry = FALSE;
87 var $multiple_sambaUserWorkstations = array();
89 function sambaAccount (&$config, $dn= NULL)
90 {
91 $this->mungedObject= new sambaMungedDial;
92 $this->ctxattributes= $this->mungedObject->ctxattributes;
94 plugin::plugin ($config, $dn);
96 /* Setting uid to default */
97 if(isset($this->attrs['uid'][0])){
98 $this->uid = $this->attrs['uid'][0];
99 }
101 /* Get samba Domain in case of samba 3 */
102 if ($this->sambaSID != ""){
103 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
104 $ldap= $this->config->get_ldap_link();
105 $ldap->cd($this->config->current['BASE']);
106 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase","sambaDomainName"));
107 if ($ldap->count() != 0){
108 $attrs= $ldap->fetch();
109 if(isset($attrs['sambaAlgorithmicRidBase'])){
110 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
111 } else {
112 $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
113 }
114 if ($this->sambaDomainName == ""){
115 $this->sambaDomainName= $attrs['sambaDomainName'][0];
116 }
117 } else {
118 if ($this->sambaDomainName == ""){
119 $this->sambaDomainName= "DEFAULT";
120 }
121 $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
122 $this->SID= $this->config->get_cfg_value("core","sambaSid");
123 }
125 /* Save in order to compare later on */
126 $this->orig_sambaDomainName= $this->sambaDomainName;
127 }
129 /* Fill mungedDial field */
130 if (isset($this->attrs['sambaMungedDial'])){
131 $this->mungedObject->load($this->sambaMungedDial);
132 }
134 /* Password expiery */
135 if(isset($this->attrs['sambaPwdMustChange']) &&
136 $this->attrs['sambaPwdMustChange'][0] != 0){
137 $this->password_expires= 1;
138 }
140 if(isset($this->attrs['sambaLogonTime']) && ! (
141 $this->attrs['sambaLogonTime'][0] == 0 ||
142 $this->attrs['sambaLogonTime'][0] == 2147483647
143 )){
144 $this->logon_time_set= 1;
145 }
146 if(isset($this->attrs['sambaLogoffTime']) && ! (
147 $this->attrs['sambaLogoffTime'][0] == 0 ||
148 $this->attrs['sambaLogoffTime'][0] == 2147483647
149 )){
150 $this->logoff_time_set= 1;
151 }
153 /* Account expiery */
154 if(isset($this->attrs['sambaKickoffTime']) && ! (
155 $this->attrs['sambaKickoffTime'][0] == 0 ||
156 $this->attrs['sambaKickoffTime'][0] == 2147483647
157 )){
158 $this->kickoff_time_set= 1;
159 }
161 /* Save initial account state */
162 $this->initially_was_account= $this->is_account;
164 /* Convert kickoff */
165 #TODO: use date format
166 $this->sambaKickoffTime= $this->sambaKickoffTime == 0?"":date('d.m.Y', $this->sambaKickoffTime);
167 $this->sambaPwdMustChange= $this->sambaPwdMustChange == 2147483647?"":date('d.m.Y', $this->sambaPwdMustChange);
168 }
170 function execute()
171 {
172 /* Call parent execute */
173 plugin::execute();
175 /* Log view */
176 if($this->is_account && !$this->view_logged){
177 $this->view_logged = TRUE;
178 new log("view","users/".get_class($this),$this->dn);
179 }
181 /* Do we need to flip is_account state? */
182 if (isset($_POST['modify_state'])){
183 $this->is_account= !$this->is_account;
184 }
185 /* Do we represent a valid account? */
186 if (!$this->is_account && $this->parent === NULL){
187 $display= "<img alt=\"\"src=\"images/small-error.png\" align=\"middle\"> <b>".
188 msgPool::noValidExtension(_("Samba"))."</b>";
189 $display.= back_to_main();
190 return ($display);
191 }
193 $display ="";
194 if(!$this->multiple_support_active){
196 /* Show tab dialog headers */
197 $display= "";
198 if ($this->parent !== NULL){
199 if ($this->is_account){
200 $display= $this->show_disable_header(msgPool::removeFeaturesButton(_("Samba")),
201 msgPool::featuresEnabled(_("Samba")));
202 } else {
203 $obj= $this->parent->by_object['posixAccount'];
205 /* Samba3 dependency on posix accounts are enabled
206 in the moment, because I need to rely on unique
207 uidNumbers. There'll be a better solution later
208 on. */
209 if ($obj->is_account){
210 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
211 msgPool::featuresDisabled(_("Samba")));
212 } else {
213 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
214 msgPool::featuresDisabled(_("Samba"), _("POSIX")), TRUE);
215 }
216 return ($display);
217 }
218 }
219 }
221 /* Open Samaba Logong hours dialog */
222 if(isset($_POST['SetSambaLogonHours']) && $this->acl_is_readable("sambaLogonHours")){
223 $this->dialog = new sambaLogonHours($this->config,$this->dn,$this->sambaLogonHours, $this->getacl('sambaLogonHours'));
224 }
226 /* Cancel dialog */
227 if(isset($_POST['cancel_logonHours'])){
228 $this->dialog = FALSE;
229 }
231 /* Save selected logon hours */
232 if(isset($_POST['save_logonHours']) && $this->dialog instanceOf sambaLogonHours){
233 $this->dialog->save_object();
234 if($this->acl_is_writeable("sambaLogonHours")){
235 $this->sambaLogonHours = $this->dialog->save();
236 }
237 $this->dialog = FALSE;
238 }
240 /* Display dialog */
241 if((isset($this->dialog)) && (is_object($this->dialog))){
242 $this->dialog->save_object();
243 return($this->dialog->execute());
244 }
246 /* Prepare templating */
247 $smarty= get_smarty();
250 $tmp = $this->plInfo();
251 foreach($tmp['plProvidedAcls'] as $var => $rest){
252 $smarty->assign($var."ACL",$this->getacl($var));
253 }
255 if(!session::is_set('edit') && !isset($this->parent)){
256 $smarty->assign("sambaLogonHoursACL","");
257 }
259 if ($this->sambaLogonTime=="2147483647" || $this->sambaLogonTime=="0"){
260 $sambaLogonTime_date= getdate();
261 } else {
262 $sambaLogonTime_date= getdate($this->sambaLogonTime);
263 }
265 if ($this->sambaLogoffTime=="2147483647" || $this->sambaLogoffTime=="0"){
266 $sambaLogoffTime_date= getdate();
267 } else {
268 $sambaLogoffTime_date= getdate($this->sambaLogoffTime);
269 }
271 /* Remove user workstations? */
272 if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
274 if($this->acl_is_writeable("sambaUserWorkstations")){
276 if($this->multiple_support_active){
277 foreach($_POST['workstation_list'] as $name){
278 if(isset($this->multiple_sambaUserWorkstations[trim($name)])){
279 unset($this->multiple_sambaUserWorkstations[trim($name)]);
280 }
281 }
282 }else{
283 $tmp= $this->sambaUserWorkstations;
284 foreach($_POST['workstation_list'] as $name){
285 $tmp= preg_replace("/$name/", '', $tmp);
286 $this->is_modified= TRUE;
287 }
288 $tmp= preg_replace('/,+/', ',', $tmp);
289 $this->sambaUserWorkstations= trim($tmp, ',');
290 }
291 }
292 }
294 /* Add user workstation? */
295 if (isset($_POST["add_ws"])){
296 if($this->acl_is_writeable("sambaUserWorkstations")){
297 $this->trustSelect= new trustSelect($this->config,get_userinfo());
298 $this->dialog= TRUE;
299 }
300 }
302 /* Add user workstation finished? */
303 if (isset($_POST["add_ws_cancel"])){
304 $this->trustSelect= FALSE;
305 $this->dialog= FALSE;
306 }
308 // Add selected machines to trusted ones.
309 if (isset($_POST["add_ws_finish"]) && $this->trustSelect){
310 $trusts = $this->trustSelect->detectPostActions();
311 if(isset($trusts['targets'])){
313 $headpage = $this->trustSelect->getHeadpage();
314 if($this->multiple_support_active){
315 foreach($trusts['targets'] as $id){
316 $attrs = $headpage->getEntry($id);
317 $we =$attrs['cn'][0];
318 $this->multiple_sambaUserWorkstations[trim($we)] = array("Name" => trim($ws), "UsedByAllUsers" => TRUE);
319 }
320 }else{
322 $tmp= $this->sambaUserWorkstations;
323 foreach($trusts['targets'] as $id){
324 $attrs = $headpage->getEntry($id);
325 $we =$attrs['cn'][0];
326 $tmp.= ",$we";
327 }
328 $tmp= preg_replace('/,+/', ',', $tmp);
329 $this->sambaUserWorkstations= trim($tmp, ',');
330 }
332 $this->is_modified= TRUE;
333 }
334 $this->trustSelect= NULL;
335 $this->dialog= FALSE;
336 }
338 /* Show ws dialog */
339 if ($this->trustSelect){
341 // Build up blocklist
342 session::set('filterBlacklist', array('cn' => preg_split('/,/',$this->sambaUserWorkstations)));
343 return($this->trustSelect->execute());
344 }
346 /* Fill boxes */
347 $domains= array();
348 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
349 $domains[]= $name;
350 }
351 $smarty->assign("domains", $domains);
352 $letters= array(" ");
353 for ($i= 68; $i<91; $i++){
354 $letters[]= chr($i).":";
355 }
356 $smarty->assign("drives", $letters);
358 /* Fill terminal server settings */
359 foreach ($this->ctxattributes as $attr){
360 /* Fill common attributes */
361 if (isset($this->mungedObject->ctx[$attr])){
362 $smarty->assign("$attr", $this->mungedObject->ctx[$attr]);
363 // Set field to blank if value is 0
364 if(in_array($attr, array("CtxMaxConnectionTime", "CtxMaxDisconnectionTime", "CtxMaxIdleTime"))) {
365 if($this->mungedObject->ctx[$attr] == 0) {
366 $smarty->assign("$attr", "");
367 }
368 }
369 } else {
370 $smarty->assign("$attr", "");
371 }
372 }
374 /* Assign enum values for preset items */
375 $shadowModeVals= array( "0" => _("disabled"),
376 "1" => _("input on, notify on"),
377 "2" => _("input on, notify off"),
378 "3" => _("input off, notify on"),
379 "4" => _("input off, nofify off"));
381 $brokenConnModeVals= array( "0" => _("disconnect"),
382 "1" => _("reset"));
384 $reConnModeVals= array( "0" => _("from any client"),
385 "1" => _("from previous client only"));
387 /* Fill preset items */
388 $smarty->assign("shadow", $shadowModeVals);
389 $smarty->assign("brokenconn", $brokenConnModeVals);
390 $smarty->assign("reconn", $reConnModeVals);
392 /* Fill preset items with values */
393 $smarty->assign("shadowmode", $this->mungedObject->getShadow());
394 $smarty->assign("brokenconnmode", $this->mungedObject->getBrokenConn());
395 $smarty->assign("reconnmode", $this->mungedObject->getReConn());
397 if(session::get('js')){
398 /* Set form elements to disabled/enable state */
399 $smarty->assign("tsloginstate", $this->mungedObject->getTsLogin()?"":"disabled");
401 $smarty->assign("inheritstate", "");
402 if($this->acl_is_writeable("AllowLoginOnTerminalServer")){
403 $smarty->assign("inheritstate", $this->mungedObject->getInheritMode()?"disabled":"");
404 }
405 }else{
406 $smarty->assign("tsloginstate", "");
407 $smarty->assign("inheritstate", "");
408 }
410 /* Set checkboxes to checked or unchecked state */
411 $smarty->assign("tslogin", $this->mungedObject->getTsLogin()?"checked":"");
412 $smarty->assign("inherit", $this->mungedObject->getInheritMode()?"checked":"");
413 $smarty->assign("connectclientdrives",
414 $this->mungedObject->getConnectClientDrives()?"checked":"");
415 $smarty->assign("connectclientprinters",
416 $this->mungedObject->getConnectClientPrinters()?"checked":"");
417 $smarty->assign("defaultprinter",
418 $this->mungedObject->getDefaultPrinter()?"checked":"");
419 $smarty->assign("CtxMaxConnectionTimeF",
420 $this->mungedObject->getCtxMaxConnectionTimeF()?"checked":"");
421 $smarty->assign("CtxMaxDisconnectionTimeF",
422 $this->mungedObject->getCtxMaxDisconnectionTimeF()?"checked":"");
423 $smarty->assign("CtxMaxIdleTimeF",
424 $this->mungedObject->getCtxMaxIdleTimeF()?"checked":"");
427 /* Fill sambaUserWorkstations */
428 $ws= explode(",", $this->sambaUserWorkstations);
429 sort($ws);
431 /* Tidy checks for empty option, and smarty will produce one if array[0]="" */
432 if(($ws[0]=="")&&(count($ws)==1)) $ws=array();
434 if($this->multiple_support_active){
435 $smarty->assign("multiple_workstations",$this->multiple_sambaUserWorkstations);
436 }
438 $smarty->assign("workstations", $ws);
441 /* Variables */
442 foreach($this->attributes as $val){
443 $smarty->assign("$val", $this->$val);
444 }
446 /* 'sambaAcctFlags' checkboxes */
447 /* Check for 'lock-account'-flag: 'D' or 'L' */
448 if (is_integer(strpos($this->sambaAcctFlags, "D")) ||
449 is_integer(strpos($this->sambaAcctFlags, "L"))) {
450 $smarty->assign("flagsD", "checked");
451 } else {
452 $smarty->assign("flagsD", "");
453 }
455 /* Check for no_password_required flag 'N' */
456 if (is_integer(strpos($this->sambaAcctFlags, "N"))) {
457 $smarty->assign("flagsN", "checked");
458 } else {
459 $smarty->assign("flagsN", "");
460 }
462 // check if password never expires
463 if (is_integer(strpos($this->sambaAcctFlags, "X"))) {
464 $smarty->assign("flagsX", "checked");
465 } else {
466 $smarty->assign("flagsX", "");
467 }
469 if ($this->sambaPwdCanChange=="1"){
470 $smarty->assign("flagsP", "checked");
471 } else {
472 $smarty->assign("flagsP", "");
473 }
475 if ($this->password_expires=="1"){
476 $smarty->assign("flagsC", "checked");
477 } else {
478 $smarty->assign("flagsC", "");
479 }
480 if ($this->logon_time_set=="1"){
481 $smarty->assign("flagsT", "checked");
482 } else {
483 $smarty->assign("flagsT", "");
484 }
485 if ($this->logoff_time_set=="1"){
486 $smarty->assign("flagsO", "checked");
487 } else {
488 $smarty->assign("flagsO", "");
489 }
490 if ($this->kickoff_time_set=="1"){
491 $smarty->assign("flagsK", "checked");
492 } else {
493 $smarty->assign("flagsK", "");
494 }
497 /* In case of javascript, disable some fields on demand */
498 foreach($this->mungedObject->getOnDemandFlags() as $key => $value) {
499 $smarty->assign("$key", "$value");
500 }
503 foreach($this->attributes as $attr){
504 if(in_array($attr,$this->multi_boxes)){
505 $smarty->assign("use_".$attr,TRUE);
506 }else{
507 $smarty->assign("use_".$attr,FALSE);
508 }
509 }
510 foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
511 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF","CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
512 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
513 "onnectclientprinters","defaultprinter","shadow","brokenconn",
514 "reconn","allow_pwchange","connectclientprinters","no_expiry","no_password_required","temporary_disable",
515 "password_expires","logon_time_set","logoff_time_set","kickoff_time_set","SetSambaLogonHours",
516 "workstation_list") as $attr){
517 if(in_array($attr,$this->multi_boxes)){
518 $smarty->assign("use_".$attr,TRUE);
519 }else{
520 $smarty->assign("use_".$attr,FALSE);
521 }
522 }
524 if($this->multiple_support_active){
525 $smarty->assign("tsloginstate","");
526 }
528 /* Create additional info for sambaKickOffTime and sambaPwdMustChange.
529 e.g. Display effective kickoff time. Domain policy + user settings.
530 */
531 $additional_info_PwdMustChange = "";
533 /* Calculate effective max Password Age
534 This can only be calculated if sambaPwdLastSet ist set.
535 */
536 if(isset($this->attrs['sambaPwdLastSet'][0])){
537 $last = $this->attrs['sambaPwdLastSet'][0];
539 $sid = $this->get_domain_info();
540 if(isset($sid['sambaMaxPwdAge'][0])){
541 $d = ($last + $sid['sambaMaxPwdAge'][0]) - time();
543 /* A negative value means the password is outdated
544 */
545 if($d < 0){
546 $additional_info_PwdMustChange = sprintf(_("The password is outdated since %s, by domain policy."),
547 date("d.m.Y H:i:s",$last + $sid['sambaMaxPwdAge'][0]));
548 }else{
549 if($this->password_expires && ($last + $sid['sambaMaxPwdAge'][0]) > $this->sambaPwdMustChange){
550 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by user policy."),
551 date("d.m.Y H:i:s", $this->sambaPwdMustChange));
552 }else{
553 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by domain policy."),
554 date("d.m.Y H:i:s", ($last + $sid['sambaMaxPwdAge'][0])));
555 }
556 }
557 }
558 }
559 $smarty->assign("additional_info_PwdMustChange",$additional_info_PwdMustChange);
560 $smarty->assign("no_expiry",$this->no_expiry);
562 /* Show main page */
563 $smarty->assign("multiple_support",$this->multiple_support_active);
564 $display.= $smarty->fetch (get_template_path('samba3.tpl', TRUE, dirname(__FILE__)));
566 return ($display);
567 }
570 /*! \brief Returns the samba Domain object, selected in the samba tab.
571 */
572 function get_domain_info()
573 {
574 /* Only search once, return last result if available
575 */
576 if(!isset($this->cache['DOMAIN'][$this->sambaDomainName])){
577 $this->cache['DOMAIN'][$this->sambaDomainName] = array();
578 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
579 $cfg = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName];
580 $ldap = $this->config->get_ldap_link();
581 $ldap->cd($this->config->current['BASE']);
582 $ldap->search("(&(objectClass=sambaDomain)(sambaSID=".$cfg['SID']."))",array("*"));
583 if($ldap->count()){
584 $this->cache['DOMAIN'][$this->sambaDomainName] = $ldap->fetch();
585 }
586 }
587 }
588 return($this->cache['DOMAIN'][$this->sambaDomainName]);
589 }
593 function get_samba_information()
594 {
595 $zone = timezone::get_default_timezone();
597 /* Defaults
598 */
599 $sambaMinPwdLength = "unset";
600 $sambaPwdHistoryLength = "unset";
601 $sambaLogonToChgPwd = "unset";
602 $sambaMaxPwdAge = "unset";
603 $sambaMinPwdAge = "unset";
604 $sambaLockoutDuration = "unset";
605 $sambaLockoutThreshold = "unset";
606 $sambaForceLogoff = "unset";
607 $sambaRefuseMachinePwdChange = "unset";
608 $sambaPwdLastSet = "unset";
609 $sambaLogonTime = "unset";
610 $sambaLogoffTime = "unset";
612 $sambaKickoffTime = "unset";
613 $sambaPwdCanChange = "unset";
614 $sambaPwdMustChange = "unset";
615 $sambaBadPasswordCount = "unset";
616 $sambaBadPasswordTime = "unset";
618 /* Domain attributes
619 */
620 $domain_attributes = array("sambaMinPwdLength","sambaPwdHistoryLength","sambaMaxPwdAge",
621 "sambaMinPwdAge","sambaLockoutDuration","sambaRefuseMachinePwdChange",
622 "sambaLogonToChgPwd","sambaLockoutThreshold","sambaForceLogoff");
624 /* User attributes
625 */
626 $user_attributes = array("sambaBadPasswordTime","sambaPwdLastSet","sambaLogonTime","sambaLogoffTime",
627 "sambaKickoffTime","sambaPwdCanChange","sambaPwdMustChange","sambaBadPasswordCount", "sambaSID");
629 /* Get samba SID object and parse settings.
630 */
631 $ldap = $this->config->get_ldap_link();
632 $ldap->cd($this->config->current['BASE']);
633 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
634 $attrs = $this->get_domain_info();
635 foreach($domain_attributes as $attr){
636 if(isset($attrs[$attr])){
637 $$attr = $attrs[$attr][0];
638 }
639 }
640 }
642 /* Get user infos
643 */
644 foreach($user_attributes as $attr){
645 $$attr = "unset";
646 if(isset($this->attrs[$attr])){
647 $$attr = $this->attrs[$attr][0];
648 }
649 }
650 if($this->password_expires){
651 $sambaPwdMustChange = $this->sambaPwdMustChange;
652 } else {
653 if (is_numeric($sambaPwdMustChange)) {
654 $sambaPwdMustChange= date('d.m.Y', $sambaPwdMustChange);
655 }
656 }
657 if($this->kickoff_time_set){
658 $sambaKickoffTime = $this->sambaKickoffTime;
659 } else {
660 if (is_numeric($sambaKickoffTime)) {
661 $sambaKickoffTime= date('d.m.Y', $sambaKickoffTime);
662 }
663 }
664 $sambaPwdCanChange = $this->sambaPwdCanChange;
667 /* DOMAIN Attributes
668 */
670 /* sambaMinPwdLength: Password length has a default of 5
671 */
672 if($sambaSID == "unset"){
673 $sambaSID = "<i>("._("unset").")</i>";
674 }
676 /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
677 /* sambaMinPwdLength: Password length has a default of 5
678 */
679 if($sambaMinPwdLength == "unset" || $sambaMinPwdLength == 5){
680 $sambaMinPwdLength = "5 <i>("._("default").")</i>";
681 }
683 /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
684 */
685 if($sambaPwdHistoryLength == "unset" || $sambaPwdHistoryLength == 0){
686 $sambaPwdHistoryLength = _("Off")." <i>("._("default").")</i>";
687 }
689 /* sambaLogonToChgPwd: Force Users to logon for password change (default: 0 => off, 2 => on)
690 */
691 if($sambaLogonToChgPwd == "unset" || $sambaLogonToChgPwd == 0){
692 $sambaLogonToChgPwd = _("Off")." <i>("._("default").")</i>";
693 }else{
694 $sambaLogonToChgPwd = _("On");
695 }
697 /* sambaMaxPwdAge: Maximum password age, in seconds (default: -1 => never expire passwords)'
698 */
699 if($sambaMaxPwdAge == "unset" || $sambaMaxPwdAge == "-1"){
700 $sambaMaxPwdAge = _("disabled")." <i>("._("default").")</i>";
701 }else{
702 $sambaMaxPwdAge .= " "._("seconds");
703 }
705 /* sambaMinPwdAge: Minimum password age, in seconds (default: 0 => allow immediate password change
706 */
707 if($sambaMinPwdAge == "unset" || $sambaMinPwdAge == 0){
708 $sambaMinPwdAge = _("disabled")." <i>("._("default").")</i>";
709 }else{
710 $sambaMinPwdAge .= " "._("seconds");
711 }
713 /* sambaLockoutDuration: Lockout duration in minutes (default: 30, -1 => forever)
714 */
715 if($sambaLockoutDuration == "unset" || $sambaLockoutDuration == 30){
716 $sambaLockoutDuration = "30 "._("minutes")." <i>("._("default").")</i>";
717 }elseif($sambaLockoutDuration == -1){
718 $sambaLockoutDuration = _("forever");
719 }else{
720 $sambaLockoutDuration .= " "._("minutes");
721 }
723 /* sambaLockoutThreshold: Lockout users after bad logon attempts (default: 0 => off
724 */
725 if($sambaLockoutThreshold == "unset" || $sambaLockoutThreshold == 0){
726 $sambaLockoutThreshold = _("disabled")." <i>("._("default").")</i>";
727 }
729 /* sambaForceLogoff: Disconnect Users outside logon hours (default: -1 => off, 0 => on
730 */
731 if($sambaForceLogoff == "unset" || $sambaForceLogoff == -1){
732 $sambaForceLogoff = _("off")." <i>("._("default").")</i>";
733 }else{
734 $sambaForceLogoff = _("on");
735 }
737 /* sambaRefuseMachinePwdChange: Allow Machine Password changes (default: 0 => off
738 */
739 if($sambaRefuseMachinePwdChange == "none" || $sambaRefuseMachinePwdChange == 0){
740 $sambaRefuseMachinePwdChange = _("off")." <i>("._("default").")</i>";
741 }else{
742 $sambaRefuseMachinePwdChange = _("on");
743 }
745 /* USER Attributes
746 */
747 /* sambaBadPasswordTime: Time of the last bad password attempt
748 */
749 if($sambaBadPasswordTime == "unset" || empty($sambaBadPasswordTime)){
750 $sambaBadPasswordTime = "<i>("._("unset").")</i>";
751 }else{
752 $sambaBadPasswordTime = date("d.m.Y H:i:s",$sambaBadPasswordTime);
753 }
755 /* sambaBadPasswordCount: Bad password attempt count
756 */
757 if($sambaBadPasswordCount == "unset" || empty($sambaBadPasswordCount)){
758 $sambaBadPasswordCount = "<i>("._("unset").")</i>";
759 }else{
760 $sambaBadPasswordCount = date("d.m.Y H:i:s",$sambaBadPasswordCount);
761 }
763 /* sambaPwdLastSet: Timestamp of the last password update
764 */
765 if($sambaPwdLastSet == "unset" || empty($sambaPwdLastSet)){
766 $sambaPwdLastSet = "<i>("._("unset").")</i>";
767 }else{
768 $sambaPwdLastSet = date("d.m.Y H:i:s",$sambaPwdLastSet);
769 }
771 /* sambaLogonTime: Timestamp of last logon
772 */
773 if($sambaLogonTime == "unset" || empty($sambaLogonTime)){
774 $sambaLogonTime = "<i>("._("unset").")</i>";
775 }else{
776 $sambaLogonTime = date("d.m.Y H:i:s",$sambaLogonTime);
777 }
779 /* sambaLogoffTime: Timestamp of last logoff
780 */
781 if($sambaLogoffTime == "unset" || empty($sambaLogoffTime)){
782 $sambaLogoffTime = "<i>("._("unset").")</i>";
783 }else{
784 $sambaLogoffTime = date("d.m.Y H:i:s",$sambaLogoffTime);
785 }
787 /* sambaKickoffTime: Timestamp of when the user will be logged off automatically
788 */
789 if($sambaKickoffTime == "unset" || empty($sambaKickoffTime)){
790 $sambaKickoffTime = "<i>("._("unset").")</i>";
791 }
793 /* sambaPwdMustChange: Timestamp of when the password will expire
794 */
795 if($sambaPwdMustChange == "unset" || empty($sambaPwdMustChange)){
796 $sambaPwdMustChange = "<i>("._("unset").")</i>";
797 }
799 /* sambaPwdCanChange: Timestamp of when the user is allowed to update the password
800 */
801 if($sambaPwdCanChange == "unset" || empty($sambaPwdCanChange)){
802 $sambaPwdCanChange = "<i>("._("unset").")</i>";
803 }elseif($sambaPwdCanChange != "unset" && time() > $sambaPwdCanChange){
804 $sambaPwdCanChange = _("immediately") ;
805 }else{
806 $days = floor((($sambaPwdCanChange - time()) / 60 / 60 / 24)) ;
807 $hours = floor((($sambaPwdCanChange - time()) / 60 / 60) % 24) ;
808 $minutes = floor((($sambaPwdCanChange - time()) / 60 ) % 60) ;
810 $sambaPwdCanChange = " ".$days." "._("days");
811 $sambaPwdCanChange.= " ".$hours." "._("hours");
812 $sambaPwdCanChange.= " ".$minutes." "._("minutes");
813 }
815 $str =
816 "\n<div style='height:200px; overflow: auto;'>".
817 "\n<table style='width:100%;' summary=\""._("Domain settings")."\">".
818 "\n<tr><td><b>"._("Domain attributes")."</b></td></tr>".
819 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
820 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
821 "\n<tr><td>"._("Password history").": </td><td>".$sambaPwdHistoryLength."</td></tr>".
822 "\n<tr><td>"._("Force password change").": </td><td>".$sambaLogonToChgPwd."</td></tr>".
823 "\n<tr><td>"._("Maximum password age").": </td><td>".$sambaMaxPwdAge."</td></tr>".
824 "\n<tr><td>"._("Minimum password age").": </td><td>".$sambaMinPwdAge."</td></tr>".
825 "\n<tr><td>"._("Lockout duration").": </td><td>".$sambaLockoutDuration."</td></tr>".
826 "\n<tr><td>"._("Bad lockout attempt").": </td><td>".$sambaLockoutThreshold."</td></tr>".
827 "\n<tr><td>"._("Disconnect time").": </td><td>".$sambaForceLogoff."</td></tr>".
828 "\n<tr><td>"._("Refuse machine password change").":</td><td>".$sambaRefuseMachinePwdChange."</td></tr>".
829 "\n<tr><td> </td></tr>".
830 "\n<tr><td><b>"._("User attributes")."</b></td></tr>".
831 "\n<tr><td>"._("SID").": </td><td>".$sambaSID."</td></tr>".
832 "\n<tr><td>"._("Last failed login").": </td><td>".$sambaBadPasswordTime."</td></tr>".
833 "\n<tr><td>"._("Logon attempts").": </td><td>".$sambaBadPasswordCount."</td></tr>".
834 "\n<tr><td>"._("Last password update").": </td><td>".$sambaPwdLastSet."</td></tr>".
835 "\n<tr><td>"._("Last logon").": </td><td>".$sambaLogonTime."</td></tr>".
836 "\n<tr><td>"._("Last logoff").": </td><td>".$sambaLogoffTime."</td></tr>".
837 "\n<tr><td>"._("Automatic logoff").": </td><td>".$sambaKickoffTime."</td></tr>";
839 if($this->no_expiry){
840 $str .= "\n<tr><td>"._("Password expires").": </td><td>"._("No")."</td></tr>";
841 $str .= "\n<tr><td colspan='2'><font color='gray'>".
842 sprintf(_("The password would expire on %s, but the password expiry is disabled."),$sambaPwdMustChange).
843 "</font></td></tr>";
844 }else{
845 $str .= "\n<tr><td>"._("Password expires").": </td><td>".$sambaPwdMustChange."</td></tr>";
846 }
848 $str .= "\n<tr><td>"._("Password change available").": </td><td>".$sambaPwdCanChange."</td></tr>".
849 "\n</table>";
850 "\n</div>";
851 return($str);
852 }
855 function remove_from_parent()
856 {
857 /* Cancel if there's nothing to do here */
858 if (!$this->initially_was_account){
859 return;
860 }
862 /* include global link_info */
863 $ldap= $this->config->get_ldap_link();
865 plugin::remove_from_parent();
867 /* Keep uid attribute for gosaAccount */
868 unset($this->attrs['uid']);
869 unset($this->attrs['uidNumber']);
870 unset($this->attrs['gidNumber']);
872 /* Remove objectClass for sambaIdmapEntry */
873 $tmp= array();
874 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
875 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
876 $tmp[]= $this->attrs['objectClass'][$i];
877 }
878 }
879 $this->attrs['objectClass']= $tmp;
881 @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
882 $this->attributes, "Save");
883 $ldap->cd($this->dn);
884 $this->cleanup();
885 $ldap->modify ($this->attrs);
887 new log("remove","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
889 if (!$ldap->success()){
890 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
891 }
893 /* Optionally execute a command after we're done */
894 $this->handle_post_events("remove", array("uid" => $this->uid));
895 }
898 /* Check for input problems */
899 function check()
900 {
901 /* Call common method to give check the hook */
902 $message= plugin::check();
904 /* sambaHomePath requires sambaHomeDrive and vice versa */
905 if(!empty($this->sambaHomePath) && empty($this->sambaHomeDrive)){
906 $message[]= msgPool::required(_("Home drive"));
907 }
908 if(!empty($this->sambaHomeDrive) && empty($this->sambaHomePath)){
909 $message[]= msgPool::required(_("Home path"));
910 }
912 /* Strings */
913 foreach (array( "sambaHomePath" => _("Home directory"),
914 "sambaProfilePath" => _("Profile path")) as $key => $val){
915 if (!$this->mungedObject->is_samba_path($this->$key)){
916 $message[]= msgPool::invalid($val);
917 }
918 }
920 /* Numeric values */
921 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
922 "CtxMaxDisconnectionTime" => _("Disconnection"),
923 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
925 if (isset($this->mungedObject->ctx[$key]) && !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
926 $message[]= msgPool::invalid($val);
927 }
928 }
930 /* Check dates */
931 if (!tests::is_date($this->sambaKickoffTime)){
932 $message[]= msgPool::invalid(_("Account expires after"), $this->sambaKickoffTime,"" ,"23.02.2009");
933 }
934 if (!tests::is_date($this->sambaPwdMustChange)){
935 $message[]= msgPool::invalid(_("Password expires on"), $this->sambaPwdMustChange,"" ,"23.02.2009");
936 }
938 /* Too many workstations? Windows usrmgr only supports eight */
939 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
940 $message[]= _("The windows usermanager allows eight clients at maximum!");
941 }
943 return ($message);
944 }
947 /* Save data to object */
948 function save_object()
949 {
950 /* We only care if we are on the sambaTab... */
951 if (isset($_POST['sambaTab'])){
952 plugin::save_object();
954 if(isset($_POST['display_information'])){
955 msg_dialog::display(_("Information"),
956 $this->get_samba_information(),
957 INFO_DIALOG);
958 }
960 /* Take care about access options */
961 if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){
962 $attrname= "sambaPwdCanChange";
963 if (isset($_POST["allow_pwchange"]) && $_POST["allow_pwchange"] == 1){
964 $tmp= 1;
965 } else {
966 $tmp= 0;
967 }
968 if ($this->$attrname != $tmp){
969 $this->is_modified= TRUE;
970 }
971 $this->sambaPwdCanChange= $tmp;
972 }
973 $tmp= "U";
975 $this->no_expiry = FALSE;
976 if (isset($_POST["no_expiry"])){
977 if ($_POST["no_expiry"] == 1){
978 $tmp.= "X";
979 $this->no_expiry = TRUE;
980 }
981 }
983 $this->no_password_required = FALSE;
984 if (isset($_POST["no_password_required"])){
985 if ($_POST["no_password_required"] == 1){
986 $tmp.= "N";
987 $this->no_password_required = TRUE;
988 }
989 }
990 if (isset($_POST["password_expires"])){
991 if ($_POST["password_expires"] == 1){
992 $this->password_expires= 1;
993 }
994 } else {
995 $this->password_expires= 0;
996 }
997 $this->temporary_disable = FALSE;
998 if (isset($_POST["temporary_disable"])){
999 if ($_POST["temporary_disable"] == 1){
1000 $this->temporary_disable = TRUE;
1001 if (is_integer(strpos($this->sambaAcctFlags, "L"))) {
1002 $tmp.= "L";
1003 } else {
1004 $tmp.= "D";
1005 }
1006 }
1007 }
1008 if (isset($_POST["logon_time_set"])){
1009 if ($_POST["logon_time_set"] == 1){
1010 $this->logon_time_set= 1;
1011 }
1012 } else {
1013 $this->logon_time_set= 0;
1014 }
1015 if (isset($_POST["logoff_time_set"])){
1016 if ($_POST["logoff_time_set"] == 1){
1017 $this->logoff_time_set= 1;
1018 }
1019 } else {
1020 $this->logoff_time_set= 0;
1021 }
1022 if (isset($_POST["kickoff_time_set"])){
1023 if ($_POST["kickoff_time_set"] == 1){
1024 $this->kickoff_time_set= 1;
1025 }
1026 } else {
1027 $this->kickoff_time_set= 0;
1028 }
1030 $fill= "";
1031 for ($i= strlen($tmp); $i<12; $i++){
1032 $fill.= " ";
1033 }
1035 $tmp= "[$tmp$fill]";
1037 /* Only save if acl's are set */
1038 if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){
1039 $attrname= "sambaAcctFlags";
1040 if ($this->$attrname != $tmp){
1041 $this->is_modified= TRUE;
1042 }
1043 $this->$attrname= $tmp;
1044 }
1046 /* Save sambaDomain attribute */
1047 if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
1048 $this->sambaDomainName= validate($_POST['sambaDomainName']);
1049 }
1051 /* Save CTX values */
1052 /* Save obvious values */
1053 foreach($this->ctxattributes as $val){
1054 if (isset($_POST[$val]) && $this->acl_is_writeable("AllowLoginOnTerminalServer")){
1055 if (get_magic_quotes_gpc()) {
1056 $this->mungedObject->ctx[$val]= stripcslashes(validate($_POST[$val]));
1057 } else {
1058 $this->mungedObject->ctx[$val]= validate($_POST[$val]);
1059 }
1060 }
1061 }
1063 /* Save checkbox states. */
1064 $this->mungedObject->setTsLogin(!isset($_POST['tslogin'])
1065 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1066 // Need to do some index checking to avoid messages like "index ... not found"
1067 if(isset($_POST['brokenconn'])) {
1068 $this->mungedObject->setBrokenConn($_POST['brokenconn'] == '1'
1069 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1070 }
1071 if(isset($_POST['reconn'])) {
1072 $this->mungedObject->setReConn($_POST['reconn'] == '1'
1073 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1074 }
1075 $this->mungedObject->setInheritMode(isset($_POST['inherit'])
1076 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1077 $this->mungedObject->setCtxMaxConnectionTimeF(!isset($_POST['CtxMaxConnectionTimeF'])
1078 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1079 $this->mungedObject->setCtxMaxDisconnectionTimeF(
1080 !isset($_POST['CtxMaxDisconnectionTimeF'])
1081 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1082 $this->mungedObject->setCtxMaxIdleTimeF(!isset($_POST['CtxMaxIdleTimeF'])
1083 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1084 $this->mungedObject->setConnectClientDrives(isset($_POST['connectclientdrives'])
1085 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1086 $this->mungedObject->setConnectClientPrinters(isset($_POST['connectclientprinters'])
1087 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1088 $this->mungedObject->setDefaultPrinter(isset($_POST['defaultprinter'])
1089 && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
1091 /* Save combo boxes. Takes two values */
1092 if(isset($_POST['reconn'])) {
1093 $this->mungedObject->setShadow(isset($_POST['shadow']) && $this->acl_is_writeable("AllowLoginOnTerminalServer"),$_POST['shadow']);
1094 }
1096 /* Check for changes */
1097 if ($this->sambaMungedDial != $this->mungedObject->getMunged()){
1098 $this->is_modified= TRUE;
1099 }
1101 }
1102 }
1105 /* Save to LDAP */
1106 function save()
1107 {
1108 /* Load uid and gid of this 'dn' */
1109 $ldap= $this->config->get_ldap_link();
1110 $ldap->cat($this->dn, array('uidNumber', 'gidNumber'));
1111 $tmp= $ldap->fetch();
1112 $this->uidNumber= $tmp['uidNumber'][0];
1113 $this->gidNumber= $tmp['gidNumber'][0];
1115 plugin::save();
1117 /* Remove objectClass for sambaIdmapEntry */
1118 $tmp= array();
1119 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
1120 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
1121 $tmp[]= $this->attrs['objectClass'][$i];
1122 }
1123 }
1124 $this->attrs['objectClass']= $tmp;
1126 /* Generate rid / primaryGroupId */
1127 if (!isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
1128 msg_dialog::display(_("Warning"), _("Undefined Samba SID detected. Please fix this problem manually!"), WARNING_DIALOG);
1129 } else {
1130 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
1131 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
1132 }
1134 /* Need to generate a new uniqe uid/gid combination? */
1135 if ($this->sambaSID == "" || $this->orig_sambaDomainName != $this->sambaDomainName){
1136 $uidNumber= $this->uidNumber;
1137 while(TRUE){
1138 $sid= $this->SID."-".($uidNumber*2 + $this->ridBase);
1139 $ldap->cd($this->config->current['BASE']);
1140 $ldap->search("(sambaSID=$sid)", array("sambaSID"));
1141 if ($ldap->count() == 0){
1142 break;
1143 }
1144 $uidNumber++;
1145 }
1146 $this->attrs['sambaSID']= $sid;
1148 /* Check for users primary group */
1149 $ldap->cd($this->config->current['BASE']);
1150 $ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
1151 if ($ldap->count() != 1){
1152 msg_dialog::display(_("Warning"), _("Cannot convert primary group to samba group: group cannot be identified!"), WARNING_DIALOG);
1153 } else {
1154 $attrs= $ldap->fetch();
1155 $g= new group($this->config, $ldap->getDN());
1156 if ($g->sambaSID == ""){
1157 $g->sambaDomainName= $this->sambaDomainName;
1158 $g->smbgroup= TRUE;
1159 $g->save ();
1160 }
1161 $this->attrs['sambaPrimaryGroupSID']= $g->sambaSID;
1162 }
1163 }
1165 if ($this->sambaHomeDrive == ""){
1166 $this->attrs["sambaHomeDrive"]= array();
1167 }
1169 /* Generate munged dial value */
1170 $this->attrs["sambaMungedDial"]= $this->mungedObject->getMunged();
1172 /* User wants me to fake the idMappings? This is useful for
1173 making winbind resolve the user names in a reasonable amount
1174 of time in combination with larger databases. */
1175 if ($this->config->get_cfg_value("core","sambaidmapping") == "true"){
1176 $this->attrs['objectClass'][]= "sambaIdmapEntry";
1177 }
1180 /* Password expiery */
1181 if ($this->password_expires == "1"){
1182 #TODO: check for date format
1183 if ($this->attrs['sambaPwdMustChange'] == ""){
1184 $this->attrs['sambaPwdMustChange']= 0;
1185 } else {
1186 list($day, $month, $year)= explode('.', $this->sambaPwdMustChange);
1187 $this->attrs['sambaPwdMustChange']= mktime(0,0,0,$month, $day, $year);
1188 }
1189 } else {
1190 $this->attrs['sambaPwdMustChange']= array();
1191 }
1192 /* Make sure not to save zero in sambaPwdLastset */
1193 if ($this->sambaPwdLastSet != "0"){
1194 $this->attrs['sambaPwdLastSet']= $this->sambaPwdLastSet;
1195 } else {
1196 $this->attrs['sambaPwdLastSet']= array();
1197 }
1198 /* Account expiery */
1199 if ($this->logon_time_set == "1"){
1200 $this->attrs['sambaLogonTime']= $this->sambaLogonTime;
1201 } else {
1202 $this->attrs['sambaLogonTime']= array();
1203 }
1204 if ($this->logoff_time_set == "1"){
1205 $this->attrs['sambaLogoffTime']= $this->sambaLogoffTime;
1206 } else {
1207 $this->attrs['sambaLogoffTime']= array();
1208 }
1209 if ($this->kickoff_time_set == "1"){
1210 /* Adapt values to be timestamps */
1211 #TODO: check for date format
1212 if ($this->attrs['sambaKickoffTime'] == ""){
1213 $this->attrs['sambaKickoffTime']= 2147483647;
1214 } else {
1215 list($day, $month, $year)= explode('.', $this->sambaKickoffTime);
1216 $this->attrs['sambaKickoffTime']= mktime(0,0,0,$month, $day, $year);
1217 }
1218 } else {
1219 $this->attrs['sambaKickoffTime']= array();
1220 }
1222 /* Write back to ldap */
1223 $ldap->cd($this->dn);
1224 $this->cleanup();
1225 $ldap->modify ($this->attrs);
1227 if($this->initially_was_account){
1228 new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1229 }else{
1230 new log("create","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1231 }
1233 if (!$ldap->success()){
1234 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
1235 }
1237 /* Optionally execute a command after we're done */
1238 if ($this->initially_was_account == $this->is_account){
1239 if ($this->is_modified){
1240 $this->handle_post_events("modify", array("uid" => $this->uid));
1241 }
1242 } else {
1243 $this->handle_post_events("add", array("uid" => $this->uid));
1244 }
1245 }
1248 /* Force password set, if this account doesn't have any samba passwords */
1249 function password_change_needed()
1250 {
1251 if(!$this->initially_was_account && $this->is_account){
1252 $ldap = $this->config->get_ldap_link();
1253 $ldap->cat($this->dn,array("sambaLMPassword","sambaNTPassword"));
1254 $attrs = $ldap->fetch();
1255 if(!isset($attrs['sambaLMPassword']) || !isset($attrs['sambaNTPassword'])){
1256 return(TRUE);
1257 }
1258 }
1259 return(FALSE);
1260 }
1263 function adapt_from_template($dn, $skip= array())
1264 {
1265 plugin::adapt_from_template($dn, $skip);
1268 $this->sambaSID= "";
1269 $this->sambaPrimaryGroupSID= "";
1271 /* Fill mungedDial field */
1272 if (isset($this->attrs['sambaMungedDial']) && !in_array('sambaMungedDial', $skip)){
1273 $this->mungedObject->load($this->sambaMungedDial);
1274 }
1276 /* Adapt munged attributes */
1277 foreach($this->ctxattributes as $attr){
1278 if(isset($this->mungedObject->ctx[$attr]))
1279 $val = $this->mungedObject->ctx[$attr];
1281 foreach (array("sn", "givenName", "uid") as $repl){
1282 if (preg_match("/%$repl/i", $val)){
1283 $val= preg_replace ("/%$repl/i", $this->parent->$repl, $val);
1284 }
1285 }
1286 $this->mungedObject->ctx[$attr] = $val;
1287 }
1289 /* Password expiery */
1290 if(isset($this->attrs['sambaPwdMustChange']) &&
1291 $this->attrs['sambaPwdMustChange'][0] != 0 && !in_array('sambaPwdMustChange', $skip)){
1292 $this->password_expires= 1;
1293 }
1295 if(isset($this->attrs['sambaLogonTime']) && ! (
1296 $this->attrs['sambaLogonTime'][0] == 0 ||
1297 $this->attrs['sambaLogonTime'][0] == 2147483647
1298 ) && !in_array('sambaLogonTime', $skip)){
1299 $this->logon_time_set= 1;
1300 }
1301 if(isset($this->attrs['sambaLogoffTime']) && ! (
1302 $this->attrs['sambaLogoffTime'][0] == 0 ||
1303 $this->attrs['sambaLogoffTime'][0] == 2147483647
1304 ) && !in_array('sambaLogonTime', $skip)){
1305 $this->logoff_time_set= 1;
1306 }
1308 /* Account expiery */
1309 if(isset($this->attrs['sambaKickoffTime']) && ! (
1310 $this->attrs['sambaKickoffTime'][0] == 0 ||
1311 $this->attrs['sambaKickoffTime'][0] == 2147483647
1312 ) && !in_array('sambaKickoffTime', $skip)){
1313 $this->kickoff_time_set= 1;
1314 }
1316 /* Get global filter config */
1317 if (!session::is_set("sambafilter")){
1318 $ui= get_userinfo();
1319 $base= get_base_from_people($ui->dn);
1320 $sambafilter= array( "depselect" => $base, "regex" => "*");
1321 session::set("sambafilter", $sambafilter);
1322 }
1323 }
1326 static function plInfo()
1327 {
1328 return (array(
1329 "plShortName" => _("Samba"),
1330 "plDescription" => _("Samba settings"),
1331 "plSelfModify" => TRUE,
1332 "plDepends" => array("user"),
1333 "plPriority" => 5,
1334 "plSection" => array("personal" => _("My account")),
1335 "plCategory" => array("users"),
1336 "plOptions" => array(),
1338 "plProvidedAcls" => array(
1340 "sambaHomePath" => _("Generic home directory") ,
1341 "sambaHomeDrive" => _("Generic samba home drive") ,
1342 "sambaDomainName" => _("Domain") ,
1343 "sambaLogonScript" => _("Generic script path") ,
1344 "sambaProfilePath" => _("Generic profile path") ,
1345 "AllowLoginOnTerminalServer" => _("Allow login on terminal server"),
1346 "InheritClientConfig" => _("Inherit client config"),
1347 "sambaPwdCanChange" => _("Allow user to change password") ,
1348 "sambaAcctFlagsN" => _("Login from windows client requires no password"),
1349 "sambaAcctFlagsX" => _("Password never expires"),
1350 "sambaAcctFlagsL" => _("Lock samba account"),
1351 "sambaKickoffTime" => _("Account expires") ,
1352 "sambaPwdMustChange" => _("Password expires") ,
1353 "sambaLogonTime" => _("Limit Logon Time") ,
1354 "sambaLogoffTime" => _("Limit Logoff Time") ,
1355 "sambaLogonHours" => _("Logon hours") ,
1356 "sambaUserWorkstations" => _("Allow connection from"))
1357 ));
1358 }
1360 function enable_multiple_support()
1361 {
1362 plugin::enable_multiple_support();
1363 $this->multiple_support_active = TRUE;
1364 }
1366 function multiple_save_object()
1367 {
1368 if (isset($_POST['sambaTab'])){
1369 $this->save_object();
1370 plugin::multiple_save_object();
1371 foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
1372 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF","CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
1373 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
1374 "onnectclientprinters","defaultprinter","shadow","brokenconn",
1375 "reconn","allow_pwchange","connectclientprinters","no_expiry","no_password_required","temporary_disable",
1376 "password_expires","logon_time_set","logoff_time_set","kickoff_time_set","SetSambaLogonHours",
1377 "workstation_list") as $attr){
1378 if(isset($_POST["use_".$attr])){
1379 $this->multi_boxes[] = $attr;
1380 }
1381 }
1382 }
1383 }
1386 function multiple_check()
1387 {
1388 $message = plugin::multiple_check();
1390 /* Strings */
1391 foreach (array( "sambaHomePath" => _("Home directory"),
1392 "sambaProfilePath" => _("Profile path")) as $key => $val){
1393 if (in_array($key,$this->multi_boxes) && !$this->mungedObject->is_samba_path($this->$key)){
1394 $message[]= msgPool::invalid($val);
1395 }
1396 }
1398 /* Numeric values */
1399 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
1400 "CtxMaxDisconnectionTime" => _("Disconnection"),
1401 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
1402 if (in_array($key,$this->multi_boxes) &&
1403 isset($this->mungedObject->ctx[$key]) &&
1404 !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
1405 $message[]=msgPool::invalid($val);
1406 }
1407 }
1409 /* Too many workstations? Windows usrmgr only supports eight */
1410 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
1411 $message[]= _("The windows user manager only allows eight clients. You've specified more than eight.");
1412 }
1413 return($message);
1414 }
1417 function get_multi_init_values()
1418 {
1419 $ret = plugin::get_multi_init_values();
1421 /* Parse given sambaUserWorkstations into array
1422 * to allow "init_multiple_support()" to detect multiple used workstations.
1423 * Those workstations will be displayed in light grey.
1424 */
1425 $tmp2 = array("count" => 0);
1426 $tmp = explode(",", $this->sambaUserWorkstations);
1427 foreach($tmp as $station){
1428 $station = trim($station);
1429 if(!empty($station)){
1430 $tmp2[] = $station;
1431 $tmp2['count'] ++;
1432 }
1433 }
1434 $ret['sambaUserWorkstations'] = $tmp2;
1435 return($ret);
1436 }
1440 function init_multiple_support($attrs,$all)
1441 {
1442 plugin::init_multiple_support($attrs,$all);
1444 $this->multiple_sambaUserWorkstations = array();
1445 if(isset($all['sambaUserWorkstations'])){
1446 for($i = 0 ; $i < $all['sambaUserWorkstations']['count'] ; $i++){
1447 $station = trim($all['sambaUserWorkstations'][$i]);
1448 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => FALSE);
1449 }
1450 }
1451 if(isset($attrs['sambaUserWorkstations'])){
1452 for($i = 0 ; $i < $attrs['sambaUserWorkstations']['count'] ; $i++){
1453 $station = trim($attrs['sambaUserWorkstations'][$i]);
1454 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1455 }
1456 }
1457 }
1459 function multiple_execute()
1460 {
1461 return($this->execute());
1462 }
1464 function get_multi_edit_values()
1465 {
1466 $ret = plugin::get_multi_edit_values();
1468 /* Terminal Server */
1469 if(in_array("tslogin",$this->multi_boxes)){
1470 $ret['tslogin'] = $this->mungedObject->getTsLogin();
1471 }
1472 if(in_array("CtxWFHomeDirDrive",$this->multi_boxes)){
1473 $ret['CtxWFHomeDirDrive'] = $this->mungedObject->ctx['CtxWFHomeDirDrive'];
1474 }
1475 if(in_array("CtxWFHomeDir",$this->multi_boxes)){
1476 $ret['CtxWFHomeDir'] = $this->mungedObject->ctx['CtxWFHomeDir'];
1477 }
1478 if(in_array("CtxWFProfilePath",$this->multi_boxes)){
1479 $ret['CtxWFProfilePath'] = $this->mungedObject->ctx['CtxWFProfilePath'];
1480 }
1482 if(in_array("inherit",$this->multi_boxes)){
1483 $ret['inherit'] = $this->mungedObject->getInheritMode();
1484 }
1485 if(in_array("CtxInitialProgram",$this->multi_boxes)){
1486 $ret['CtxInitialProgram'] = $this->mungedObject->ctx['CtxInitialProgram'];
1487 }
1488 if(in_array("CtxWorkDirectory",$this->multi_boxes)){
1489 $ret['CtxWorkDirectory'] = $this->mungedObject->ctx['CtxWorkDirectory'];
1490 }
1492 /* Time Limits. Be careful here, there are some negations */
1493 if(in_array("CtxMaxConnectionTimeF",$this->multi_boxes)){
1494 $ret["CtxMaxConnectionTimeF"] = !$this->mungedObject->getCtxMaxConnectionTimeF();
1495 if(!$ret["CtxMaxConnectionTimeF"]){
1496 $ret["CtxMaxConnectionTime"] = $this->mungedObject->ctx['CtxMaxConnectionTime'];
1497 }
1498 }
1499 if(in_array("CtxMaxDisconnectionTimeF",$this->multi_boxes)){
1500 $ret["CtxMaxDisconnectionTimeF"]= !$this->mungedObject->getCtxMaxDisconnectionTimeF();
1501 if(!$ret["CtxMaxDisconnectionTimeF"]){
1502 $ret["CtxMaxDisconnectionTime"]= $this->mungedObject->ctx['CtxMaxDisconnectionTime'];
1503 }
1504 }
1505 if(in_array("CtxMaxIdleTimeF",$this->multi_boxes)){
1506 $ret["CtxMaxIdleTimeF"] = !$this->mungedObject->getCtxMaxIdleTimeF();
1507 if(!$ret["CtxMaxIdleTimeF"]){
1508 $ret["CtxMaxIdleTime"] = $this->mungedObject->ctx['CtxMaxIdleTime'];
1509 }
1510 }
1512 /* Client Devices */
1513 if(in_array("connectclientdrives",$this->multi_boxes)){
1514 $ret["connectclientdrives"] = $this->mungedObject->getConnectClientDrives();
1515 }
1516 if(in_array("connectclientprinters",$this->multi_boxes)){
1517 $ret["connectclientprinters"] = $this->mungedObject->getConnectClientPrinters();
1518 }
1519 if(in_array("defaultprinter",$this->multi_boxes)){
1520 $ret["defaultprinter"] = $this->mungedObject->getDefaultPrinter();
1521 }
1523 /* Misc */
1524 if(in_array("shadow",$this->multi_boxes)){
1525 $ret["shadow"] =$this->mungedObject->getShadow();
1526 }
1527 if(in_array("brokenconn",$this->multi_boxes)){
1528 $ret["brokenconn"]=$this->mungedObject->getBrokenConn();
1529 }
1530 if(in_array("reconn",$this->multi_boxes)){
1531 $ret["reconn"] =$this->mungedObject->getReConn();
1532 }
1534 /* Flags */
1535 if(in_array("allow_pwchange",$this->multi_boxes)){
1536 $ret['sambaPwdCanChange'] = $this->sambaPwdCanChange;
1537 }
1539 if(in_array("password_expires",$this->multi_boxes)){
1540 $ret['password_expires'] = $this->password_expires;
1541 $ret['sambaPwdMustChange']= $this->sambaPwdMustChange;
1542 }
1543 if(in_array("logon_time_set",$this->multi_boxes)){
1544 $ret['logon_time_set'] = $this->logon_time_set;
1545 $ret['sambaLogonTime'] = $this->sambaLogonTime;
1546 }
1547 if(in_array("logoff_time_set",$this->multi_boxes)){
1548 $ret['logoff_time_set'] = $this->logoff_time_set;
1549 $ret['sambaLogoffTime'] = $this->sambaLogoffTime;
1550 }
1551 if(in_array("kickoff_time_set",$this->multi_boxes)){
1552 $ret['kickoff_time_set'] = $this->kickoff_time_set;
1553 $ret['sambaKickoffTime'] = $this->sambaKickoffTime;
1554 }
1556 if(in_array("no_password_required",$this->multi_boxes)){
1557 $ret['no_password_required'] = $this->no_password_required;
1558 }
1560 if(in_array("no_expiry",$this->multi_boxes)){
1561 $ret['no_expiry'] = $this->no_expiry;
1562 }
1564 if(in_array("temporary_disable",$this->multi_boxes)){
1565 $ret['temporary_disable'] = $this->temporary_disable;
1566 }
1568 if(in_array("SetSambaLogonHours",$this->multi_boxes)){
1569 $ret['sambaLogonHours'] = $this->sambaLogonHours;
1570 }
1572 if(in_array("workstation_list",$this->multi_boxes)){
1573 $ret['multiple_sambaUserWorkstations'] = $this->multiple_sambaUserWorkstations;
1574 }
1575 return($ret);
1576 }
1578 function set_multi_edit_values($values)
1579 {
1580 plugin::set_multi_edit_values($values);
1582 /* Prepare current workstation settings to be merged
1583 * with multiple edit settings.
1584 */
1585 if(isset($values['multiple_sambaUserWorkstations'])){
1586 $cur_ws = array();
1587 $m_ws = $values['multiple_sambaUserWorkstations'];
1589 /* Prepare current settings to be merged */
1590 if(isset($this->sambaUserWorkstations)){
1591 $ttmp = explode(",",$this->sambaUserWorkstations);
1592 foreach($ttmp as $station){
1593 $station = trim($station);
1594 if(!empty($station)){
1595 $cur_ws[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1596 }
1597 }
1598 }
1600 /* Unset removed workstations */
1601 foreach($cur_ws as $cur_name => $cur_station){
1602 if(!isset($m_ws[$cur_name])){
1603 unset($cur_ws[$cur_name]);
1604 }
1605 }
1607 /* Add all added workstations */
1608 foreach($m_ws as $name => $station){
1609 if($station['UsedByAllUsers']){
1610 $cur_ws[$name] = $station;
1611 }
1612 }
1614 $this->sambaUserWorkstations = "";
1615 foreach($cur_ws as $name => $ws){
1616 $this->sambaUserWorkstations .= $name.",";
1617 }
1618 $this->sambaUserWorkstations=preg_replace("/,$/","",$this->sambaUserWorkstations);
1619 }
1621 /* Enable disabled terminal login, this is inverted somehow */
1622 if(isset($values['tslogin'])) $this->mungedObject->setTsLogin(!$values['tslogin']);
1624 /* Imherit client configuration */
1625 if(isset($values['inherit'])) $this->mungedObject->setInheritMode($values['inherit']);
1627 /* Get all ctx values posted */
1628 $ctx = array("CtxWFHomeDirDrive","CtxWFHomeDir","CtxWFProfilePath","CtxInitialProgram","CtxWorkDirectory",
1629 "CtxMaxConnectionTime","CtxMaxDisconnectionTime","CtxMaxIdleTime");
1630 foreach($ctx as $attr){
1631 if(isset($values[$attr])){
1632 $this->mungedObject->ctx[$attr] = $values[$attr] ;
1633 }
1634 }
1636 if(isset($values['CtxMaxConnectionTimeF'])) $this->mungedObject->setCtxMaxConnectionTimeF($values['CtxMaxConnectionTimeF']);
1637 if(isset($values['CtxMaxDisconnectionTimeF']))$this->mungedObject->setCtxMaxDisconnectionTimeF($values['CtxMaxDisconnectionTimeF']);
1638 if(isset($values['CtxMaxIdleTimeF'])) $this->mungedObject->setCtxMaxIdleTimeF($values['CtxMaxIdleTimeF']);
1640 if(isset($values['connectclientdrives'])) $this->mungedObject->setConnectClientDrives($values['connectclientdrives']);
1641 if(isset($values['connectclientprinters'])) $this->mungedObject->setConnectClientPrinters($values['connectclientprinters']);
1642 if(isset($values['defaultprinter'])) $this->mungedObject->setDefaultPrinter($values['defaultprinter']);
1644 if(isset($values['shadow'])) $this->mungedObject->setShadow($values['shadow'],$values['shadow']);
1645 if(isset($values['brokenconn'])) $this->mungedObject->setBrokenConn($values['brokenconn'],$values['brokenconn']);
1646 if(isset($values['reconn'])) $this->mungedObject->setReConn($values['reconn'],$values['reconn']);
1649 if(isset($values['sambaPwdCanChange'])) $this->sambaPwdCanChange = $values['sambaPwdCanChange'];
1654 if(isset($values['password_expires'])){
1655 $this->password_expires = $values['password_expires'];
1656 $this->sambaPwdMustChange = $values['sambaPwdMustChange'];
1657 }
1658 if(isset($values['logon_time_set'])){
1659 $this->logon_time_set = $values['logon_time_set'];
1660 $this->sambaLogonTime = $values['sambaLogonTime'];
1661 }
1662 if(isset($values['logoff_time_set'])){
1663 $this->logoff_time_set = $values['logoff_time_set'];
1664 $this->sambaLogoffTime = $values['sambaLogoffTime'];
1665 }
1666 if(isset($values['kickoff_time_set'])){
1667 $this->kickoff_time_set = $values['kickoff_time_set'];
1668 $this->sambaKickoffTime = $values['sambaKickoffTime'];
1669 }
1671 if(isset($values['no_password_required'])){
1672 if($values['no_password_required']){
1673 if(!preg_match("/N/",$this->sambaAcctFlags)) {
1674 $this->sambaAcctFlags = preg_replace("/ /","N",$this->sambaAcctFlags,1);
1675 }
1676 }else{
1677 $this->sambaAcctFlags = preg_replace("/N/"," ",$this->sambaAcctFlags,1);
1678 }
1679 }
1681 if(isset($values['no_expiry'])){
1682 if($values['no_expiry']){
1683 if(!preg_match("/N/",$this->sambaAcctFlags)) {
1684 $this->sambaAcctFlags = preg_replace("/ /","N",$this->sambaAcctFlags,1);
1685 }
1686 }else{
1687 $this->sambaAcctFlags = preg_replace("/N/"," ",$this->sambaAcctFlags,1);
1688 }
1689 }
1691 if(isset($values['temporary_disable'])){
1692 if($values['temporary_disable']){
1693 if(preg_match("/L/",$this->sambaAcctFlags)) {
1694 // Keep L
1695 }else{
1696 $this->sambaAcctFlags = preg_replace("/ /","D",$this->sambaAcctFlags,1);
1697 }
1698 }else{
1699 $this->sambaAcctFlags = preg_replace("/D/"," ",$this->sambaAcctFlags,1);
1700 }
1701 }
1702 }
1705 function PrepareForCopyPaste($source)
1706 {
1707 plugin::PrepareForCopyPaste($source);
1709 /* Set a new SID */
1710 $this->sambaSID = "";
1712 /* Fill mungedDial field */
1713 if (isset($source['sambaMungedDial'])){
1714 $this->mungedObject->load($source['sambaMungedDial'][0]);
1715 }
1717 /* Password expiery */
1718 if(isset($source['sambaPwdMustChange']) &&
1719 $source['sambaPwdMustChange'][0] != 0){
1720 $this->password_expires= 1;
1721 }
1723 if(isset($source['sambaLogonTime']) && ! (
1724 $source['sambaLogonTime'][0] == 0 ||
1725 $source['sambaLogonTime'][0] == 2147483647
1726 )){
1727 $this->logon_time_set= 1;
1728 }
1729 if(isset($source['sambaLogoffTime']) && ! (
1730 $source['sambaLogoffTime'][0] == 0 ||
1731 $source['sambaLogoffTime'][0] == 2147483647
1732 )){
1733 $this->logoff_time_set= 1;
1734 }
1736 /* Account expiery */
1737 if(isset($source['sambaKickoffTime']) && ! (
1738 $source['sambaKickoffTime'][0] == 0 ||
1739 $source['sambaKickoffTime'][0] == 2147483647
1740 )){
1741 $this->kickoff_time_set= 1;
1742 }
1745 if(isset($source['sambaKickoffTime'][0])){
1746 $this->sambaKickoffTime = date('d.m.Y', $source['sambaKickoffTime'][0]);
1747 }
1748 }
1750 }
1752 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1753 ?>