0a165b2f65cce0f08ddea6f3ddedbeb77da70a07
1 <?php
3 function check_schema_version($description, $version)
4 {
5 $desc= preg_replace("/^.* DESC\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $description);
7 return preg_match("/\(v$version\)/", $desc);
8 }
11 function view_schema_check($table)
12 {
13 $message="<table summary=\"\" class=\"check\">";
15 foreach ($table as $key => $values){
16 $msg = $values['msg'];
17 $message.= "<tr><td class=\"check\">$msg";
19 if($values['status']) {
20 $message.="</td><td style='text-align:center' >
21 <img src=images/true.png alt='true' /></td></tr>";
22 } else {
23 $message.="</td><td style='text-align:center' >
24 <img src=images/button_cancel.png alt='false' /></td></tr>";
25 }
26 }
27 $message.="</table>";
29 return $message;
30 }
33 function schema_check($server, $admin, $password, $aff=0)
34 {
35 global $config;
37 $messages= array();
38 $required_classes= array(
39 "gosaObject" => array("version" => "2.4"),
40 "gosaAccount" => array("version" => "2.4"),
41 "gosaLockEntry" => array("version" => "2.4"),
42 "gosaCacheEntry" => array("version" => "2.4"),
43 "gosaDepartment" => array("version" => "2.4"),
45 "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
46 "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
47 "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
49 "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"),
50 "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"),
51 "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
52 "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
53 "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
55 "GOhard" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
56 "gotoTerminal" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
57 "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"),
58 "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
59 "goNfsServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
60 "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
61 "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
62 "goLdapServer" => array("version" => "2.4"),
63 "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),),
64 "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3.schema"),
65 "goKrbServer" => array("version" => "2.4"),
66 "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"),
67 );
69 /* Build LDAP connection */
70 $ds= ldap_connect ($server);
71 if (!$ds) {
72 return (array(array("msg" => _("Can't bind to LDAP. No schema check possible!"), "status" => FALSE)));
73 }
74 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
75 $r= ldap_bind ($ds, $admin, $password);
77 /* Get base to look for schema */
78 $sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
79 $attr= @ldap_get_entries($ds,$sr);
80 if (!isset($attr[0]['subschemasubentry'][0])){
81 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
82 }
84 /* Get list of objectclasses */
85 $nb= $attr[0]['subschemasubentry'][0];
86 $objectclasses= array();
87 $sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
88 $attrs= ldap_get_entries($ds,$sr);
89 if (!isset($attrs[0])){
90 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
91 }
92 foreach ($attrs[0]['objectclasses'] as $val){
93 $name= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
94 if ($name != $val){
95 $objectclasses[$name]= $val;
96 }
97 }
98 /* Walk through objectclasses and check if they are needed or not */
99 foreach ($required_classes as $key => $value){
100 if (isset($value['class'])){
101 if (!is_array($value['class'])){
102 $classes= array($value['class']);
103 } else {
104 $classes= $value['class'];
105 }
107 /* Check if we are using the class that requires */
108 foreach($classes as $class){
109 if (!isset($objectclasses[$key])){
110 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' is not present in LDAP setup"), $key, $class);
111 $messages[$key]['status'] = FALSE;
112 } else {
113 if (!check_schema_version($objectclasses[$key], $value['version'])){
114 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' does not have version %s"), $key, $class, $value['version']);
115 $messages[$key]['status'] =FALSE;
116 }else {
117 if(!isset($affich2[$class])){
118 $affich2[$class]['msg'] = sprintf(_("Support for '%s' enabled"), $class)."<td class=\"check\"> ".$value['file']."</td>";
119 $affich2[$class]['status']= TRUE;
120 }
121 }
122 }
124 }
125 } else {
126 /* Required class */
127 if (!isset($objectclasses[$key])){
128 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' is not present in LDAP setup"), $key);
129 $messages[$key]['status'] = FALSE;
130 } else {
131 if (!check_schema_version($objectclasses[$key], $value['version'])){
132 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' does not have version %s"), $key, $value['version']);
133 $messages[$key]['status'] = FALSE;
134 }
135 }
136 }
137 }
139 /* Check for correct samba parameters */
140 if (!isset($objectclasses['sambaSamAccount'])){
141 $messages['samba3']['msg']= _("SAMBA 3 support disabled, no schema seems to be installed");
142 $affich['samba3']['msg']= $messages['samba3']['msg']."<td class=\"check\">gosa+samba3.schema</td>";
143 $messages['samba3']['status']= FALSE;
144 $affich['samba3']['status']= FALSE;
145 }else{
146 $affich['samba3']['msg']= _("SAMBA 3 support enabled")."<td class=\"check\">gosa+samba3.schema</td>";
147 $affich['samba3']['status']= TRUE;
148 }
150 if (!isset($objectclasses['sambaAccount'])){
151 $messages['samba2']['msg']= _("SAMBA 2 support disabled, no schema seems to be installed");
152 $affich['samba2']['msg']= $messages['samba2']['msg']."<td class=\"check\">samba.schema</td>";
153 $messages['samba2']['status']= FALSE;
154 $affich['samba2']['status']= FALSE;
155 }else{
156 $affich['samba2']['msg']= _("SAMBA 2 support enabled")."<td class=\"check\">samba.schema</td>";
157 $affich['samba2']['status']= TRUE;
158 }
160 /* Check pureftp/dns/ */
161 if (!isset($objectclasses['PureFTPdUser'])){
162 $messages['pureftp']['msg']= _("Support for pureftp disabled, no schema seems to be installed");
163 $affich['pureftp']['msg']= $messages['pureftp']['msg']."<td class=\"check\">pureftpd.schema</td>";
164 $messages['pureftp']['status']= FALSE;
165 $affich['pureftp']['status']= FALSE;
166 }else{
167 $affich['pureftp']['msg']= _("Support for pureftp enabled")."<td class=\"check\">pureftpd.schema</td>";
168 $affich['pureftp']['status']= TRUE;
169 }
171 if (!isset($objectclasses['gosaWebdavAccount'])){
172 $messages['webdav']['msg']= _("Support for WebDAV disabled, no schema seems to be installed");
173 $affich['webdav']['msg']= $messages['webdav']['msg']."<td class=\"check\"></td>";
174 $messages['webdav']['status']= FALSE;
175 $affich['webdav']['status']= FALSE;
176 }else{
177 $affich['webdav']['msg']=_("Support for WebDAV enabled")."<td class=\"check\">gosa+samba3.schema</td>";
178 $affich['webdav']['status']= TRUE;
179 }
181 if (!isset($objectclasses['phpgwAccount'])){
182 $messages['phpgroupware']['msg']= _("Support for phpgroupware disabled, no schema seems to be installed");
183 $affich['phpgroupware']['msg']= $messages['phpgroupware']['msg']."<td class=\"check\">phpgwaccount.schema</td>";
184 $messages['phpgroupware']['status']= FALSE;
185 $affich['phpgroupware']['status']= FALSE;
186 }else{
187 $affich['phpgroupware']['msg']= _("Support for phpgroupware enabled")."<td class=\"check\">phpgwaccount.schema</td>";
188 $affich['phpgroupware']['status']= TRUE;
189 }
191 if (!isset($objectclasses['goFonAccount'])){
192 $messages['phoneaccount']['msg']= _("Support for gofon disabled, no schema seems to be installed");
193 $affich['phoneaccount']['msg']= $messages['phoneaccount']['msg']."<td class=\"check\">gofon.schema</td>";
194 $messages['phoneaccount']['status']= FALSE;
195 $affich['phoneaccount']['status']= FALSE;
196 }else{
197 $affich['phoneaccount']['msg']= _("Support for gofon enabled")."<td class=\"check\">gofon.schema</td>";
198 $affich['phoneaccount']['status']= true;
199 }
201 if(($_SESSION['ldapconf']['mail_methods'][$_SESSION['ldapconf']['mail']] == "kolab")){
202 if(!isset($objectclasses['kolabInetOrgPerson']))
203 {
204 $messages['kolab']['msg']= _("Support for Kolab disabled, no schema seems to be installed, setting mail-method to cyrus");
205 $affich['kolab']['msg']=$messages['kolab']['msg']."<td class=\"check\">kolab2.schema</td>";
207 $tmp= array_flip($_SESSION['ldapconf']['mail_methods']);
208 $_SESSION['ldapconf']['mail']=$tmp['cyrus'];
209 $messages['kolab']['status']= FALSE;
210 $affich['kolab']['status']= FALSE;
211 }else{
212 $affich['kolab']['msg']=_("Support for Kolab enabled")."<td class=\"check\">gofon.schema</td>";
213 $affich['kolab']['status']= TRUE;
214 }
215 }
216 if($aff==0){
217 return ($messages);
218 } else {
219 return(array_merge($affich,$affich2));
220 }
221 }
224 function check(&$faults, $message, $description, $test, $required= TRUE)
225 {
226 $msg= "<table summary=\"\" class='check'><tr><td class='check' style='font-size:14px;'>$message</td>
227 <td rowspan=2 style='vertical-align:middle; text-align:center;width:45px;'>";
228 if ($test){
229 $msg.= _("OK")."<br>";
230 } else {
231 if (!$required){
232 $msg.="<font color=red>"._("Ignored")."</font><br>";
233 } else {
234 $msg.="<font color=red>"._("Failed")."</font><br>";
235 $faults++;
236 }
237 }
238 $msg.= "</td></tr><tr><td class='check' style='padding-left:20px;".
239 "background-color:#F0F0F0;'>$description</td></tr></table><br>";
241 return $msg;
242 }
244 function perform_php_checks(&$faults)
245 {
246 global $check_globals;
248 $faults= 0;
249 $msg= "";
251 $msg.= "<h1>"._("PHP setup inspection")."</h1>";
252 $msg.= check ( $faults, _("Checking for PHP version (>=4.1.0)"),
253 _("PHP must be of version 4.1.0 or above for some functions and known bugs in PHP language."),
254 version_compare(phpversion(), "4.1.0")>=0);
256 $msg.= check ( $faults, _("Checking if register_globals is set to 'off'"),
257 _("register_globals is a PHP mechanism to register all global varibales to be accessible from scripts without changing the scope. This may be a security risk. GOsa will run in both modes."),
258 $check_globals == 0, FALSE);
260 $msg.= check ( $faults, _("Checking for ldap module"),
261 _("This is the main module used by GOsa and therefore really required."),
262 function_exists('ldap_bind'));
264 $msg.= check ( $faults, _("Checking for XML functions"),
265 _("XML functions are required to parse the configuration file."),
266 function_exists('xml_parser_create'));
268 $msg.= check ( $faults, _("Checking for gettext support"),
269 _("Gettext support is required for internationalized GOsa."), function_exists('bindtextdomain'));
271 $msg.= check ( $faults, _("Checking for iconv support"),
272 _("This module is used by GOsa to convert samba munged dial informations and is therefore required."),
273 function_exists('iconv'));
275 $msg.= check ( $faults, _("Checking for mhash module"),
276 _("To use SSHA encryption, you'll need this module. If you are just using crypt or md5 encryption, ignore this message. GOsa will run without it."),
277 function_exists('mhash'), FALSE);
279 $msg.= check ( $faults, _("Checking for imap module"),
280 _("The IMAP module is needed to communicate with the IMAP server. It gets status informations, creates and deletes mail users."),
281 function_exists('imap_open'));
283 $msg.= check ( $faults, _("Checking for getacl in imap"),
284 _("The getacl support is needed for shared folder permissions. The standard IMAP module is not capable of reading acl's. You need a recend PHP version for this feature."),
285 function_exists('imap_getacl'), FALSE);
287 $msg.= check ( $faults, _("Checking for mysql module"),
288 _("MySQL support is needed for reading GOfax reports from databases."),
289 function_exists('mysql_query'), FALSE);
291 $msg.= check ( $faults, _("Checking for cups module"),
292 _("In order to read available printers from IPP protocol instead of printcap files, you've to install the CUPS module."),
293 function_exists('cups_get_dest_list'), FALSE);
295 $msg.= check ( $faults, _("Checking for kadm5 module"),
296 _("Managing users in kerberos requires the kadm5 module which is downloadable via PEAR network."),
297 function_exists('kadm5_init_with_password'), FALSE);
299 $msg.= check ( $faults, _("Checking for snmp Module"),
300 _("Simple Network Management Protocol (SNMP) is required for client monitoring."),
301 function_exists('snmpget'), FALSE);
302 return ($msg);
303 }
306 function perform_additional_checks(&$faults)
307 {
308 /* Programm check */
309 $msg= "<h1>"._("Checking for some additional programms")."</h1>";
311 /* Image Magick */
312 $query= "LC_ALL=C LANG=C convert -help";
313 $output= shell_exec ($query);
314 if ($output != ""){
315 $lines= split ("\n", $output);
316 $version= preg_replace ("/^Version:.+Magick ([^\s]+).*/", "\\1", $lines[0]);
317 list($major, $minor)= split("\.", $version);
318 $msg.= check ( $faults, _("Checking for ImageMagick (>=5.4.0)"),
319 _("ImageMagick is used to convert user supplied images to fit the suggested size and the unified JPEG format."),
320 ($major > 5 || ($major == 5 && $minor >= 4)));
321 } else {
322 $msg.= check ( $faults, _("Checking imagick module for PHP"),
323 _("Imagick is used to convert user supplied images to fit the suggested size and the unified JPEG format from PHP script."), function_exists('imagick_blob2image'), TRUE);
324 }
326 /* Check for fping */
327 $query= "LC_ALL=C LANG=C fping -v 2>&1";
328 $output= shell_exec ($query);
329 $have_fping= preg_match("/^fping:/", $output);
330 $msg.= check ( $faults, _("Checking for fping utility"),
331 _("The fping utility is only used if you've got a thin client based terminal environment running."),
332 $have_fping, FALSE);
334 /* Check for smb hash generation tool */
335 $query= "mkntpwd 2>&1";
336 $output= shell_exec ($query);
337 $have_mkntpwd= preg_match("/^Usage: mkntpwd /", $output);
338 $alt = 0;
340 if (!$have_mkntpwd){
341 $query= "LC_ALL=C LANG=C perl -MCrypt::SmbHash -e 'ntlmgen \"PASSWD\", \$lm, \$nt; print \"\${lm}:\${nt}\\n\";' &>/dev/null";
342 system ($query, $ret);
343 $alt= ($ret == 0);
344 }
346 $msg.= check ( $faults, _("Checking for a way to generate LM/NT password hashes"),
347 _("In order to use SAMBA 2/3, you've to install some additional packages to generate password hashes."),
348 ($have_mkntpwd || $alt));
350 /* seesio.auto_start should be off, in order to without trouble*/
351 $session_auto_start = ini_get('session.auto_start');
352 $implicit_flush = ini_get('implicit_flush');
353 $max_execution_time = ini_get('max_execution_time');
354 $memory_limit = ini_get('memory_limit');
355 $expose_php = ini_get('expose_php');
356 $magic_quotes_gpc = ini_get('magic_quotes_gpc');
357 $register_globals = ini_get('register_globals');
359 /* auto_register */
360 $msg.= check ( $faults, _("php.ini check -> session.auto_register"),
361 _("In Order to use GOsa without any trouble, the session.auto_register option in your php.ini must be set to 'Off'."), (!$session_auto_start['local_value']));
363 /* implicit_flush */
364 $msg.= check ( $faults, _("php.ini check -> implicit_flush"),
365 _("This option influences the Output handling. Turn this Option off, to increase performance."),
366 !$implicit_flush['local_value'],0,false);
368 /* max_execution_time */
369 if($max_execution_time['local_value'] < 30 ){
370 $max_execution_time['local_value']=false;
371 }
372 $msg.= check ( $faults, _("php.ini check -> max_execution_time"),
373 _("The Execution time should be at least 30 seconds, because some actions may consume more time."),
374 $max_execution_time['local_value'],0,false);
376 /* memory_limit */
377 if($memory_limit['local_value'] < 16 ){
378 $memory_limit['local_value']=false;
379 }
380 $msg.= check ( $faults, _("php.ini check -> memory_limit"),
381 _("GOsa needs at least 16MB of memory, less will cause unpredictable errors! Increase it for larger setups."),
382 !$implicit_flush['local_value'],0,false);
384 /* expose_php */
385 $msg.= check ( $faults, _("php.ini check -> expose_php"),
386 _("Increase the server security by setting expose_php to 'off'. PHP won't send any Information about the server you are running in this case."),
387 !$implicit_flush['local_value'],0,false);
389 /* magic_quotes_gpc */
390 $msg.= check ( $faults, _("php.ini check -> magic_quotes_gpc"),
391 _("Increase your server security by setting magic_quotes_gpc to 'on'. PHP will escape all quotes in strings in this case."),
392 $magic_quotes_gpc['local_value'],0,false);
394 return $msg;
395 }
398 function parse_contrib_conf()
399 {
401 $str = "";
402 $used_samba_version = 0;
403 $query = "";
404 $fp = false;
405 $output = "";
406 $needridbase_sid = false;
407 $pwdhash = "";
408 $replacements = array();
409 $ldapconf = $_SESSION['ldapconf']; // The Installation information
410 $classes = $_SESSION['classes']; // Class information needed to define which features are enabled
411 $possible_plugins = array();
413 /* Which samba version do we use? */
414 if(isset($classes['samba3'])){
415 $used_samba_version = 2;
416 } else {
417 $used_samba_version = 3;
418 }
420 /* Look for samba password generation method */
421 if(file_exists("/usr/lib/gosa/mkntpasswd")){
422 $pwdhash = "/usr/lib/gosa/mkntpasswd";
423 } elseif (preg_match("/^Usage: mkntpwd /", shell_exec ("mkntpwd 2>&1"))){
424 $pwdhash= "mkntpwd";
425 } else {
426 $pwdhash=('perl -MCrypt::SmbHash -e "ntlmgen \"\$ARGV[0]\", \$lm, \$nt; print \"\${lm}:\${nt}\n\";" $1');
427 }
429 /* Define which variables will be replaced */
430 $replacements['{LOCATIONNAME}'] = $ldapconf['location'];
431 $replacements['{SAMBAVERSION}'] = $used_samba_version;
432 $replacements['{LDAPBASE}'] = $ldapconf['base'];
433 $replacements['{LDAPADMIN}'] = $ldapconf['admin'];
434 $replacements['{DNMODE}'] = $ldapconf['peopledn'];
435 $replacements['{LDAPHOST}'] = $ldapconf['uri'];
436 $replacements['{PASSWORD}'] = $ldapconf['password'];
437 $replacements['{CRYPT}'] = $ldapconf['arr_cryptkeys'][$ldapconf['arr_crypts']];
438 $replacements['{SID}'] = "";
439 $replacements['{RIDBASE}'] = "";
440 if($ldapconf['mail'] != "disabled"){
441 $replacements['{MAILMETHOD}'] = $ldapconf['mail_methods'][$ldapconf['mail']];
442 }
443 $replacements['{SMBHASH}'] = $pwdhash;
444 $replacements['{GOVERNMENTMODE}']= "false";
445 $replacements['{kolabAccount}'] = "";
446 $replacements['{servKolab}'] = "";
448 /* This array contains all preg_replace syntax to delete all unused plugins
449 THE kEY MUST BE THE CLASSNAME so we can check it with $ldapconf['classes'] */
451 $possible_plugins['fonreport'][] = "'\n.*<plugin.*fonreport+.*\n.*>.*\n'i";
452 $possible_plugins['phoneaccount'][]= "'\n.*<tab.*phoneAccount.*>.*\n'i";
453 $possible_plugins['logview'][] = "'\n.*<plugin.*logview+.*\n.*>.*\n'i";
454 $possible_plugins['pureftp'][] = "'\n.*<tab.*pureftp.*>.*\n'i";
455 $possible_plugins['webdav'][] = "'\n.*<tab.*webdav.*>.*\n'i";
456 $possible_plugins['phpgroupware'][]= "'\n.*<tab.*phpgroupware.*>.*\n'i";
458 /* Header information
459 Needed to send the generated gosa.conf to the browser
460 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
461 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
462 header("Cache-Control: no-cache");
463 header("Pragma: no-cache");
464 header("Cache-Control: post-check=0, pre-check=0");
465 header("Content-type: text/plain");
467 if (preg_match('/MSIE 5.5/', $_SERVER['HTTP_USER_AGENT']) ||
468 preg_match('/MSIE 6.0/', $_SERVER['HTTP_USER_AGENT'])){
469 header('Content-Disposition: filename="gosa.conf"');
470 } else {
471 header('Content-Disposition: attachment; filename="gosa.conf"');
472 }
473 */
474 if(!$fp=fopen(CONFIG_TEMPLATE_DIR."/gosa.conf","r")) {
475 echo "Can't open file ".CONFIG_TEMPLATE_DIR."/gosa.conf";
476 } else {
477 while(!feof($fp)) {
478 $str.= fread($fp,512);
479 }
481 if($ldapconf['mail_methods'][$ldapconf['mail']]=="kolab") {
482 $replacements['{kolabAccount}'] ="<tab class=\"kolabAccount\" />\n ";
483 $replacements['{servKolab}'] ="<tab class=\"servkolab\" name=\"Kolab\" />";
484 }
486 if($used_samba_version == 2) {
487 /* Do nothing for samba 2... */
488 } else {
489 /* Create LDAP connection, to check if there's a domain
490 object defined in the LDAP schema */
491 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
493 /* Try to find a Samba Domain Objekt */
494 $ldap->search("(objectClass=sambaDomain)");
496 /* Something found ??? so we need to define ridbase an SID by ourselfs */
497 if($ldap->count()< 1) {
498 $replacements['{SID}']= "sid=\"123412-11\"";
499 $replacements['{RIDBASE}']= "ridbase=\"1000\"";
500 }
501 }
503 /* Data readed, types replaced, samba version detected and checked if
504 we need to add SID and RIDBASE. Check if there is an ivbbEntry in
505 the LDAP tree, in this case we will set the governmentmode to true.
506 Create LDAP connection, to check if theres a domain Objekt definen
507 in the LDAP schema. */
508 if(!isset($ldap)){
509 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
510 }
512 /* Try to find a Samba Domain Objekt */
513 $ldap->search("(objectClass=ivbbEntry)");
515 /* Something found ??? so we need to define ridbase an SID by ourselfs */
516 if($ldap->count()> 0) {
517 $replacements['{GOVERNMENTMODE}']= "true";
518 }
520 /* Replace all colleted information with placeholder */
521 foreach($replacements as $key => $val) {
522 $str = preg_replace("/".$key."/",$val,$str);
523 }
525 if($ldapconf['mail'] == "disabled"){
526 $str = str_replace("mailMethod=\"{MAILMETHOD}\"","",$str);
527 }
530 /* Remove all unused plugins */
531 foreach($possible_plugins as $key=> $plugin) {
532 foreach($plugin as $key=>$val) {
533 if(in_array($plugin,$classes)) {
534 $str = preg_replace($val,"\n",$str);
535 }
536 }
537 }
538 }
540 return (nl2br(htmlentities($str)));
541 }
544 /* Show setup_page 1 */
545 function show_setup_page1($withoutput = true)
546 {
547 $smarty = get_smarty();
548 $smarty->assign ("content", get_template_path('setup_introduction.tpl'));
549 $smarty->assign ("tests", perform_php_checks($faults));
551 /* This var is true if anything went wrong */
552 if ($faults){
553 $smarty->assign("mode", "disabled");
554 }
556 /* This line displays the template only if (withoutput is set) */
557 if($withoutput){
558 $smarty->display (get_template_path('headers.tpl'));
559 }
561 if (isset($_SESSION['errors'])){
562 $smarty->assign("errors", $_SESSION['errors']);
563 }
565 if($withoutput){
566 $smarty->display (get_template_path('setup.tpl'));
567 }
569 return (!$faults);
570 }
573 /* Show setup_page 2 */
574 function show_setup_page2($withoutput = true)
575 {
576 $smarty = get_smarty();
577 $smarty->assign ("content", get_template_path('setup_step2.tpl'));
578 $smarty->assign ("tests", perform_additional_checks($faults));
580 if ($faults) {
581 $smarty->assign("mode", "disabled");
582 }
583 if($withoutput){
584 $smarty->display (get_template_path('headers.tpl'));
585 }
586 if (isset($_SESSION['errors'])) {
587 $smarty->assign("errors", $_SESSION['errors']);
588 }
589 if($withoutput){
590 $smarty->display (get_template_path('setup.tpl'));
591 }
593 return (!$faults);
594 }
597 function show_setup_page3($withoutput = true)
598 {
599 $smarty = get_smarty();
601 /* Take the Post oder the Sessioin saved data */
602 if(isset($_POST['uri'])){
603 $uri = $_POST['uri'];
604 } elseif(isset($_SESSION['ldapconf']['uri'])){
605 $uri = $_SESSION['ldapconf']['uri'];
606 }
608 /* If Page called first time, field is empty */
609 if((!isset($uri))||(empty($uri))){
610 $uri = "ldap://localhost:389";
611 }
613 /* if isset $uri save it to session */
614 if(isset($uri)) {
615 $_SESSION['ldapconf']['uri'] = $uri;
616 $smarty->assign ("uri", validate($uri));
617 }
619 /* No error till now */
620 $fault = false;
622 /* If we pushed the Button continue */
623 if(isset($_POST['continue3'])){
624 if(!isset($uri)) {
625 $fault = true;
627 /* Output the Error */
628 if($withoutput) {
629 print_red (_("You've to specify an ldap server before continuing!"));
630 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
631 }
632 }
633 } elseif (!$ds = @ldap_connect (validate($uri))) {
634 $fault =true;
636 /* Output the Error */
637 if($withoutput) {
638 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
639 $smarty->assign ("uri", validate($uri));
640 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
641 }
642 } else {
643 /* Try to bind the connection */
644 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
646 /* if we can't bind , print error */
647 if (!$r = @ldap_bind ($ds)) {
648 $fault = true;
650 /* Output the Error */
651 if($withoutput) {
652 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
653 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
654 $smarty->assign ("uri", validate($uri));
655 }
656 } else {
657 $fault = false;
658 }
659 }
661 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
663 /* Load Header */
664 if($withoutput){
665 $smarty->display (get_template_path('headers.tpl'));
666 }
668 /* Set Errors to Smarty */
669 if (isset($_SESSION['errors'])) {
670 $smarty->assign("errors", $_SESSION['errors']);
671 }
673 /* Print out Template */
674 if($withoutput){
675 $smarty->display (get_template_path('setup.tpl'));
676 }
678 return (!$fault);
679 }
682 function show_setup_page4($withoutput = true)
683 {
684 $smarty= get_smarty();
686 if(!isset($_SESSION['ldapconf']['base'])){
687 $_SESSION['ldapconf']['base']= $base;
688 }
690 if(!isset($_SESSION['ldapconf']['base'])){
691 $_SESSION['ldapconf']['base']= $base;
692 }
693 require_once("class_password-methods.inc");
695 $fault = false;
696 $uri = $_SESSION['ldapconf']['uri'];
697 $ldapconf = $_SESSION['ldapconf'];
698 $arr_crypts= array();
699 $temp = "";
700 $checkvars = array("location", "admin", "password", "peopleou", "base",
701 "peopledn", "arr_crypts", "mail", "uidbase");
703 if(!isset($_SESSION['ldapconf']['arr_cryptkeys'])) {
704 require_once("class_password-methods.inc");
705 $tmp= passwordMethod::get_available_methods_if_not_loaded();
706 $_SESSION['ldapconf']['arr_cryptkeys']= $tmp['name'];
707 }
709 if(!isset($_SESSION['ldapconf']['mail_methods'])) {
710 $_SESSION['ldapconf']['mail_methods']=array();
711 $temp = get_available_mail_classes();
712 $_SESSION['ldapconf']['mail_methods']= $temp['name'];
713 }
715 /* If there are some empty vars in ldapconnect -
716 these values also represent out default values */
717 if(!$ds = @ldap_connect (validate($uri))){
718 $fault = true;
719 if($withoutput){
720 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
721 }
722 } elseif(!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)){
723 $fault = true;
724 if($withoutput){
725 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
726 }
727 } elseif(!$r= @ldap_bind ($ds)){
728 $fault = true;
729 if($withoutput){
730 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
731 }
732 } else {
733 $sr= @ldap_search ($ds, "", "objectClass=*", array("namingContexts"));
734 $attr= @ldap_get_entries($ds,$sr);
736 if((empty($attr))) {
737 $base= "dc=example,dc=net";
739 if($withoutput){
740 print_red(_("Bind to server successful, but the server seems to be completly empty, please check all informations twice"));
741 }
743 } else {
744 $base= $attr[0]['dn'];
745 }
746 }
748 if(!isset($_SESSION['ldapconf']['base'])){
749 $_SESSION['ldapconf']['base']= $base;
750 }
751 if(!isset($_SESSION['ldapconf']['admin'])){
752 $_SESSION['ldapconf']['admin']= "cn=ldapadmin,".$base;
753 }
754 if(!isset($_SESSION['ldapconf']['peopleou'])){
755 $_SESSION['ldapconf']['peopleou']= "ou=people";
756 }
757 if(!isset($_SESSION['ldapconf']['groupou'])){
758 $_SESSION['ldapconf']['groupou']= "ou=groups";
759 }
760 if(!isset($_SESSION['ldapconf']['peopledn'])){
761 $_SESSION['ldapconf']['peopledn']= "cn";
762 }
763 if(!isset($_SESSION['ldapconf']['password'])){
764 $_SESSION['ldapconf']['password']= "";
765 }
766 if(!isset($_SESSION['ldapconf']['location'])){
767 $_SESSION['ldapconf']['location']= "Example";
768 }
769 if(!isset($_SESSION['ldapconf']['uidbase'])){
770 $_SESSION['ldapconf']['uidbase']= "1000";
771 }
772 if(!isset($_SESSION['ldapconf']['mail'])){
773 $_SESSION['ldapconf']['mail']= 0;
774 }
775 $tmp= array_flip($_SESSION['ldapconf']['arr_cryptkeys']);
776 if(!isset($_SESSION['ldapconf']['arr_crypts'])){
777 $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5'];
778 }
780 /* check POST data */
781 if(isset($_POST['check'])) {
783 /* Check if all needed vars are submitted */
784 foreach($checkvars as $key) {
785 if($key == "peopleou"){
786 continue;
787 }
788 if($key == "groupou"){
789 continue;
790 }
792 if((isset($_POST[$key]))&&($_POST[$key]!="")) {
793 $_SESSION['ldapconf'][$key] = $_POST[$key];
794 } else {
795 if($withoutput) {
796 print_red(sprintf(_("You're missing the required attribute '%s' from this formular. Please complete!"), $key));
797 }
798 $fault = true;
799 }
800 }
801 }
803 /* Transfer base */
804 if(isset($_POST['base'])){
805 $_SESSION['ldapconf']['base']= $_POST['base'];
806 }
808 $smarty->assign("arr_cryptkeys",$_SESSION['ldapconf']['arr_cryptkeys']);
809 $smarty->assign("mail_methods", $_SESSION['ldapconf']['mail_methods']);
811 foreach($_SESSION['ldapconf'] as $key => $val) {
812 $smarty->assign($key,$val);
813 }
815 if(isset($_POST['check'])) {
816 $ldap= new LDAP($_SESSION['ldapconf']['admin'],
817 $_SESSION['ldapconf']['password'],
818 $_SESSION['ldapconf']['uri']);
820 $m= schema_check($_SESSION['ldapconf']['uri'],
821 $_SESSION['ldapconf']['admin'],
822 $_SESSION['ldapconf']['password']);
823 $_SESSION['classes']= $m;
825 if ($ldap->error != "Success") {
826 if($withoutput) {
827 print_red(sprintf(_("Can't log into LDAP server. Reason was: %s."), $ldap->get_error()));
828 }
829 $fault = true;
830 }
831 }
833 /* Set smarty output */
834 $smarty->assign ("content", get_template_path('setup_step4.tpl'));
835 $smarty->assign ("peopledns", array("cn", "uid"));
836 if($withoutput){
837 $smarty->display (get_template_path('headers.tpl'));
838 }
839 if(isset($_SESSION['errors'])) {
840 $smarty->assign("errors", $_SESSION['errors']);
841 }
842 if($withoutput){
843 $smarty->display (get_template_path('setup.tpl'));
844 }
846 return (!$fault);
847 }
850 function show_setup_page5($withoutput=true)
851 {
852 /* Get ldapconf */
853 $ldapconf= $_SESSION['ldapconf'];
855 /* get smarty */
856 $smarty = get_smarty();
858 if(isset($_SESSION['classes'])){
859 $classes = $_SESSION['classes'];
860 }
862 $info= posix_getgrgid(posix_getgid());
863 $smarty->assign("webgroup", $info['name']);
864 $smarty->assign("path", CONFIG_DIR);
865 $message= "<table summary=\"\" class=\"check\">";
866 $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1);
868 if($withoutput) {
869 $smarty->assign ("schemas", view_schema_check($m));
870 $smarty->assign ("content", get_template_path('setup_finish.tpl'));
871 }
873 /* Output templates... */
874 if($withoutput){
875 $smarty->display (get_template_path('headers.tpl'));
876 }
877 if (isset($_SESSION['errors'])) {
878 $smarty->assign("errors", $_SESSION['errors']);
879 }
880 if($withoutput){
881 $smarty->display (get_template_path('setup.tpl'));
882 }
884 return(true);
885 }
888 function create_user_for_setup($withoutput=true)
889 {
890 global $samba;
892 $ldapconf = $_SESSION['ldapconf'];
893 $smarty = get_smarty();
895 $need_to_create_group = false;
896 $need_to_create_user = false;
898 $str_there="";
900 if(isset($_SESSION['classes'])){
901 $classes= $_SESSION['classes'];
902 }
904 /* Everything runns perfect ...
905 So we do a last test on this page
906 is there a user with ACLs :all which will be able to adminsitrate GOsa
907 We check that, if this user or group is missing we ask for creating them */
908 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
910 /*
911 Now we are testing for a group, with the rights :all
912 */
914 $ldap->cd($ldapconf['base']);
915 $ldap->search("(&(objectClass=gosaObject)(gosaSubtreeACL=:all))");
917 $group_cnt = $ldap->count();
918 $data = $ldap->fetch();
920 // $str_there = "Searching for Aminitrative users <br><br>";
922 /*
923 We need to create administrative user and group because theres no group found
924 */
925 if($group_cnt < 1) {
927 /*
928 Set var to create user
929 */
930 // $str_there = "no group found<br>";
932 $need_to_create_group = true;
933 $need_to_create_user = true;
936 /* Output error */
937 if(($withoutput)&&(!isset($_POST['new_admin']))){
938 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
939 }
940 } else {
942 // $str_there = "Group found <br>".$data['dn'];
944 $need_to_create_group = false;
946 $ldap->clearResult();
948 /* We found an Administrative Group, is there a user, too */
949 if(isset($data['memberUid'][0])) {
950 $str = "uid=".$data['memberUid']['0'];
951 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)(".$str."))");
952 $data2 = $ldap->fetch();
954 /* We must create a user */
955 if (($ldap->count() < 1)||(!isset($data2))) {
956 // $str_there.="Missing user";
958 $need_to_create_user = true;
960 if(($withoutput)&&(!isset($_POST['new_admin']))){
961 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
962 }
963 }else {
964 // $str_there.="<br>User found <br>".$data2['dn'];
965 $need_to_create_user = false;
966 }
967 } else {
968 $need_to_create_user=true;
969 if(($withoutput)&&(!isset($_POST['new_admin']))){
970 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
971 }
972 // $str_there.="<br>No User found <br>";
973 }
974 }
976 if(!($need_to_create_user&&$need_to_create_group))
977 return(true);
979 /* We need to create a new user with group */
980 if(isset($_POST['new_admin']))
981 {
983 /* Adjust password attributes according to the samba version */
984 if (isset($classes['samba3'])) {
985 $samba= "2";
986 $lmPassword = "lmPassword";
987 $ntPassword = "ntPassword";
988 } else {
989 $samba= "3";
990 $lmPassword = "sambaLMPassword";
991 $ntPassword = "sambaNtPassword";
992 }
994 /* Nothing submitted */
995 if(((empty($_POST['admin_name']))||(empty($_POST['admin_pass'])))) {
996 return(true);
997 }
999 if($need_to_create_user) {
1000 /* We have the order to create an Admin */
1001 /* Define the user we are going to create */
1002 $dn= "cn=".$_POST['admin_name'].",".$ldapconf['peopleou'].",".$ldapconf['base'];
1003 $arr['objectClass'][0] ="person";
1004 $arr['objectClass'][1] ="organizationalPerson";
1005 $arr['objectClass'][2] ="inetOrgPerson";
1006 $arr['objectClass'][3] ="gosaAccount";
1007 $arr['uid'] = $_POST['admin_name'];
1008 $arr['cn'] = $_POST['admin_name'];
1009 $arr['sn'] = $_POST['admin_name'];
1010 $arr['givenName'] = "GOsa main administrator";
1011 $arr[$lmPassword] = "10974C6EFC0AEE1917306D272A9441BB";
1012 $arr[$ntPassword] = "38F3951141D0F71A039CFA9D1EC06378";
1013 $arr['userPassword'] = crypt_single($_POST['admin_pass'],"md5");
1016 if(!$ldap->dn_exists($dn)){
1017 $ldap->cd($dn);
1018 $ldap->create_missing_trees($dn);
1019 $ldap->cd($dn);
1020 $ldap->add($arr);
1021 if($ldap->error!="Success"){
1022 print_red($ldap->error);
1023 print_red("Can't create user, and / or Group, possibly this problem depends on an empty LDAP server. Check your configuration and try again!");
1024 }
1025 }
1026 }
1028 /* There's already a group for administrator, so we only need to add the user */
1029 if(!$need_to_create_group) {
1030 if(!isset($data['memberUid'])) {
1031 $arrr['memberUid']= $_POST['admin_name'];
1032 } else {
1033 $data['memberUid'][$data['memberUid']['count']]=$_POST['admin_name'];
1034 $arrr['memberUid'] = $data['memberUid'];
1035 unset($arrr['memberUid']['count']);
1037 $tmp = array_reverse($arrr['memberUid']);
1038 foreach($tmp as $tt){
1039 $tmp2[]=$tt;
1040 }
1041 $arrr['memberUid']= $tmp2;
1042 // $str_there="Group found<br>".$data['dn'];
1043 }
1045 $ldap->cd($data['dn']);
1046 $ldap->modify($arrr);
1048 } else {
1049 $dn = "cn=administrators,".$ldapconf['groupou'].",".$ldapconf['base'];
1050 $arrr['objectClass'][0]= "gosaObject";
1051 $arrr['objectClass'][1]= "posixGroup";
1052 $arrr['gosaSubtreeACL']= ":all";
1053 $arrr['cn'] = "administrators";
1054 $arrr['gidNumber'] = "999";
1055 $arrr['memberUid'] = $_POST['admin_name'];
1057 $ldap->cd($dn);
1058 $ldap->create_missing_trees($dn);
1059 $ldap->cd($dn);
1061 $ldap->add($arrr);
1062 }
1063 return(true);
1064 } else {
1066 if(!($create_user)) {
1067 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1068 $smarty->assign("exists",true);
1069 } else {
1070 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1071 $smarty->assign("exists",false);
1072 }
1074 }
1076 /* Smarty output */
1077 if($withoutput){
1078 $smarty->display (get_template_path('headers.tpl'));
1079 }
1080 if (isset($_SESSION['errors'])) {
1081 $smarty->assign("errors", $_SESSION['errors']);
1082 }
1083 $smarty->assign("str_there",$str_there);
1084 if($withoutput){
1085 $smarty->display (get_template_path('setup.tpl'));
1086 }
1087 return(false);
1088 }
1091 /* Returns the classnames auf the mail classes */
1092 function get_available_mail_classes()
1093 {
1094 $dir = opendir( "../include");
1095 $methods = array();
1096 $suffix = "class_mail-methods-";
1097 $lensuf = strlen($suffix);
1098 $prefix = ".inc";
1099 $lenpre = strlen($prefix);
1101 $i = 0;
1102 while (($file = readdir($dir)) !== false){
1104 if(stristr($file,$suffix)) {
1105 $lenfile = strlen($file);
1106 $methods['name'][$i] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1107 $methods['file'][$i] = $file;
1108 $methods[$i]['file'] = $file;
1109 $methods[$i]['name'] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1110 $i++;
1111 }
1113 }
1115 return($methods);
1116 }
1118 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1119 ?>