![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
3 function check_schema_version($description, $version)
4 {
5 $desc= preg_replace("/^.* DESC\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $description);
7 return preg_match("/\(v$version\)/", $desc);
8 }
11 function view_schema_check($table)
12 {
13 $message="<table summary=\"\" class=\"check\">";
15 foreach ($table as $key => $values){
16 $msg = $values['msg'];
17 $message.= "<tr><td class=\"check\">$msg";
19 if($values['status']) {
20 $message.="</td><td style='text-align:center' >
21 <img src=images/true.png alt='true' /></td></tr>";
22 } else {
23 $message.="</td><td style='text-align:center' >
24 <img src=images/button_cancel.png alt='false' /></td></tr>";
25 }
26 }
27 $message.="</table>";
29 return $message;
30 }
33 function is_schema_readable($server, $admin, $password)
34 {
35 $ds= ldap_connect ($server);
36 if (!$ds) {
37 return (false);
38 }
39 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
40 $r= ldap_bind ($ds, $admin, $password);
42 /* Get base to look for schema */
43 $sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
44 $attr= @ldap_get_entries($ds,$sr);
45 if (!isset($attr[0]['subschemasubentry'][0])){
46 return (false);
47 }
49 $nb= $attr[0]['subschemasubentry'][0];
50 $objectclasses= array();
51 $sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
52 $attrs= ldap_get_entries($ds,$sr);
53 if (!isset($attrs[0])){
54 return (false);
55 }
56 return(true);
57 }
59 function schema_check($server, $admin, $password, $aff=0,$CalledByIndexPhP=false)
60 {
61 global $config;
63 $messages= array();
64 $required_classes= array(
65 "gosaObject" => array("version" => "2.4"),
66 "gosaAccount" => array("version" => "2.4"),
67 "gosaLockEntry" => array("version" => "2.4"),
68 "gosaCacheEntry" => array("version" => "2.4"),
69 "gosaDepartment" => array("version" => "2.4"),
71 "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
72 "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
73 "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
75 "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"),
76 "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"),
77 "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
78 "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
79 "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
81 "GOhard" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
82 "gotoTerminal" => array("version" => "2.0", "class" => "terminals","file" => "goto.schema"),
83 "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"),
84 "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
85 "goNfsServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
86 "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
87 "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
88 "goLdapServer" => array("version" => "2.4"),
89 "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),),
90 "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3.schema"),
91 "goKrbServer" => array("version" => "2.4"),
92 "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"),
93 );
95 /* Build LDAP connection */
96 $ds= ldap_connect ($server);
97 if (!$ds) {
98 return (array(array("msg" => _("Can't bind to LDAP. No schema check possible!"), "status" => FALSE)));
99 }
100 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
101 $r= ldap_bind ($ds, $admin, $password);
103 /* Get base to look for schema */
104 $sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
105 $attr= @ldap_get_entries($ds,$sr);
106 if (!isset($attr[0]['subschemasubentry'][0])){
107 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
108 }
110 /* Get list of objectclasses */
111 $nb= $attr[0]['subschemasubentry'][0];
112 $objectclasses= array();
113 $sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
114 $attrs= ldap_get_entries($ds,$sr);
115 if (!isset($attrs[0])){
116 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
117 }
118 foreach ($attrs[0]['objectclasses'] as $val){
119 $name= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
120 if ($name != $val){
121 $objectclasses[$name]= $val;
122 }
123 }
124 /* Walk through objectclasses and check if they are needed or not */
125 foreach ($required_classes as $key => $value){
126 if (isset($value['class'])){
127 if (!is_array($value['class'])){
128 $classes= array($value['class']);
129 } else {
130 $classes= $value['class'];
131 }
133 /* Check if we are using the class that requires */
134 foreach($classes as $class){
135 if (!isset($objectclasses[$key])){
136 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' is not present in LDAP setup"), $key, $class);
137 $messages[$key]['status'] = FALSE;
138 } else {
139 if (!check_schema_version($objectclasses[$key], $value['version'])){
140 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' does not have version %s"), $key, $class, $value['version']);
141 $messages[$key]['needonstartup'] = TRUE;
142 $messages[$key]['status'] =FALSE;
143 }else {
144 if(!isset($affich2[$class])){
145 $affich2[$class]['msg'] = sprintf(_("Support for '%s' enabled"), $class)."<td class=\"check\"> ".$value['file']."</td>";
146 $affich2[$class]['status']= TRUE;
147 }
148 }
149 }
151 }
152 } else {
153 /* Required class */
154 if (!isset($objectclasses[$key])){
155 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' is not present in LDAP setup"), $key);
156 $messages[$key]['status'] = FALSE;
157 } else {
158 if (!check_schema_version($objectclasses[$key], $value['version'])){
159 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' does not have version %s"), $key, $value['version']);
160 $messages[$key]['status'] = FALSE;
161 $messages[$key]['needonstartup'] = TRUE;
162 }
164 }
165 }
166 }
168 /* Check for correct samba parameters */
169 if (!isset($objectclasses['sambaSamAccount'])){
170 $messages['samba3']['msg']= _("SAMBA 3 support disabled, no schema seems to be installed");
171 $affich['samba3']['msg']= $messages['samba3']['msg']."<td class=\"check\">gosa+samba3.schema</td>";
172 $messages['samba3']['status']= FALSE;
173 $affich['samba3']['status']= FALSE;
174 }else{
175 $affich['samba3']['msg']= _("SAMBA 3 support enabled")."<td class=\"check\">gosa+samba3.schema</td>";
176 $affich['samba3']['status']= TRUE;
177 }
179 if (!isset($objectclasses['sambaAccount'])){
180 $messages['samba2']['msg']= _("SAMBA 2 support disabled, no schema seems to be installed");
181 $affich['samba2']['msg']= $messages['samba2']['msg']."<td class=\"check\">samba.schema</td>";
182 $messages['samba2']['status']= FALSE;
183 $affich['samba2']['status']= FALSE;
184 }else{
185 $affich['samba2']['msg']= _("SAMBA 2 support enabled")."<td class=\"check\">samba.schema</td>";
186 $affich['samba2']['status']= TRUE;
187 }
189 /* Check pureftp/dns/ */
190 if (!isset($objectclasses['PureFTPdUser'])){
191 $messages['pureftp']['msg']= _("Support for pureftp disabled, no schema seems to be installed");
192 $affich['pureftp']['msg']= $messages['pureftp']['msg']."<td class=\"check\">pureftpd.schema</td>";
193 $messages['pureftp']['status']= FALSE;
194 $affich['pureftp']['status']= FALSE;
195 }else{
196 $affich['pureftp']['msg']= _("Support for pureftp enabled")."<td class=\"check\">pureftpd.schema</td>";
197 $affich['pureftp']['status']= TRUE;
198 }
200 if (!isset($objectclasses['gosaWebdavAccount'])){
201 $messages['webdav']['msg']= _("Support for WebDAV disabled, no schema seems to be installed");
202 $affich['webdav']['msg']= $messages['webdav']['msg']."<td class=\"check\"></td>";
203 $messages['webdav']['status']= FALSE;
204 $affich['webdav']['status']= FALSE;
205 }else{
206 $affich['webdav']['msg']=_("Support for WebDAV enabled")."<td class=\"check\">gosa+samba3.schema</td>";
207 $affich['webdav']['status']= TRUE;
208 }
210 if (!isset($objectclasses['phpgwAccount'])){
211 $messages['phpgroupware']['msg']= _("Support for phpgroupware disabled, no schema seems to be installed");
212 $affich['phpgroupware']['msg']= $messages['phpgroupware']['msg']."<td class=\"check\">phpgwaccount.schema</td>";
213 $messages['phpgroupware']['status']= FALSE;
214 $affich['phpgroupware']['status']= FALSE;
215 }else{
216 $affich['phpgroupware']['msg']= _("Support for phpgroupware enabled")."<td class=\"check\">phpgwaccount.schema</td>";
217 $affich['phpgroupware']['status']= TRUE;
218 }
220 if (!isset($objectclasses['goFonAccount'])){
221 $messages['phoneaccount']['msg']= _("Support for gofon disabled, no schema seems to be installed");
222 $affich['phoneaccount']['msg']= $messages['phoneaccount']['msg']."<td class=\"check\">gofon.schema</td>";
223 $messages['phoneaccount']['status']= FALSE;
224 $affich['phoneaccount']['status']= FALSE;
225 }else{
226 $affich['phoneaccount']['msg']= _("Support for gofon enabled")."<td class=\"check\">gofon.schema</td>";
227 $affich['phoneaccount']['status']= true;
228 }
230 if(($_SESSION['ldapconf']['mail_methods'][$_SESSION['ldapconf']['mail']] == "kolab")&&(!$CalledByIndexPhP)){
231 if(!isset($objectclasses['kolabInetOrgPerson'])) {
232 $messages['kolab']['msg']= _("Support for Kolab disabled, no schema seems to be installed, setting mail-method to cyrus");
233 $affich['kolab']['msg']=$messages['kolab']['msg']."<td class=\"check\">kolab2.schema</td>";
235 $tmp= array_flip($_SESSION['ldapconf']['mail_methods']);
236 $_SESSION['ldapconf']['mail']=$tmp['cyrus'];
237 $messages['kolab']['status']= FALSE;
238 $affich['kolab']['status']= FALSE;
239 }else{
240 $affich['kolab']['msg']=_("Support for Kolab enabled")."<td class=\"check\">gofon.schema</td>";
241 $affich['kolab']['status']= TRUE;
242 }
243 }
244 if($aff==0){
245 return ($messages);
246 } else {
247 return(array_merge($affich,$affich2));
248 }
249 }
252 function check(&$faults, $message, $description, $test, $required= TRUE)
253 {
254 $msg= "<table summary=\"\" class='check'><tr><td class='check' style='font-size:14px;'>$message</td>
255 <td rowspan=2 style='vertical-align:middle; text-align:center;width:45px;'>";
256 if ($test){
257 $msg.= _("OK")."<br>";
258 } else {
259 if (!$required){
260 $msg.="<font color=red>"._("Ignored")."</font><br>";
261 } else {
262 $msg.="<font color=red>"._("Failed")."</font><br>";
263 $faults++;
264 }
265 }
266 $msg.= "</td></tr><tr><td class='check' style='padding-left:20px;".
267 "background-color:#F0F0F0;'>$description</td></tr></table><br>";
269 return $msg;
270 }
272 function perform_php_checks(&$faults)
273 {
274 global $check_globals;
276 $faults= 0;
277 $msg= "";
279 $msg.= "<h1>"._("PHP setup inspection")."</h1>";
280 $msg.= check ( $faults, _("Checking for PHP version (>=4.1.0)"),
281 _("PHP must be of version 4.1.0 or above for some functions and known bugs in PHP language."),
282 version_compare(phpversion(), "4.1.0")>=0);
284 $msg.= check ( $faults, _("Checking if register_globals is set to 'off'"),
285 _("register_globals is a PHP mechanism to register all global varibales to be accessible from scripts without changing the scope. This may be a security risk. GOsa will run in both modes."),
286 $check_globals == 0, FALSE);
288 $msg.= check ( $faults, _("Checking for ldap module"),
289 _("This is the main module used by GOsa and therefore really required."),
290 function_exists('ldap_bind'));
292 $msg.= check ( $faults, _("Checking for XML functions"),
293 _("XML functions are required to parse the configuration file."),
294 function_exists('xml_parser_create'));
296 $msg.= check ( $faults, _("Checking for gettext support"),
297 _("Gettext support is required for internationalized GOsa."), function_exists('bindtextdomain'));
299 $msg.= check ( $faults, _("Checking for iconv support"),
300 _("This module is used by GOsa to convert samba munged dial informations and is therefore required."),
301 function_exists('iconv'));
303 $msg.= check ( $faults, _("Checking for mhash module"),
304 _("To use SSHA encryption, you'll need this module. If you are just using crypt or md5 encryption, ignore this message. GOsa will run without it."),
305 function_exists('mhash'), FALSE);
307 $msg.= check ( $faults, _("Checking for imap module"),
308 _("The IMAP module is needed to communicate with the IMAP server. It gets status informations, creates and deletes mail users."),
309 function_exists('imap_open'));
311 $msg.= check ( $faults, _("Checking for getacl in imap"),
312 _("The getacl support is needed for shared folder permissions. The standard IMAP module is not capable of reading acl's. You need a recend PHP version for this feature."),
313 function_exists('imap_getacl'), FALSE);
315 $msg.= check ( $faults, _("Checking for mysql module"),
316 _("MySQL support is needed for reading GOfax reports from databases."),
317 function_exists('mysql_query'), FALSE);
319 $msg.= check ( $faults, _("Checking for cups module"),
320 _("In order to read available printers from IPP protocol instead of printcap files, you've to install the CUPS module."),
321 function_exists('cups_get_dest_list'), FALSE);
323 $msg.= check ( $faults, _("Checking for kadm5 module"),
324 _("Managing users in kerberos requires the kadm5 module which is downloadable via PEAR network."),
325 function_exists('kadm5_init_with_password'), FALSE);
327 $msg.= check ( $faults, _("Checking for snmp Module"),
328 _("Simple Network Management Protocol (SNMP) is required for client monitoring."),
329 function_exists('snmpget'), FALSE);
330 return ($msg);
331 }
334 function perform_additional_checks(&$faults)
335 {
336 /* Programm check */
337 $msg= "<h1>"._("Checking for some additional programms")."</h1>";
339 /* Image Magick */
340 $query= "LC_ALL=C LANG=C convert -help";
341 $output= shell_exec ($query);
342 if ($output != ""){
343 $lines= split ("\n", $output);
344 $version= preg_replace ("/^Version:.+Magick ([^\s]+).*/", "\\1", $lines[0]);
345 list($major, $minor)= split("\.", $version);
346 $msg.= check ( $faults, _("Checking for ImageMagick (>=5.4.0)"),
347 _("ImageMagick is used to convert user supplied images to fit the suggested size and the unified JPEG format."),
348 ($major > 5 || ($major == 5 && $minor >= 4)));
349 } else {
350 $msg.= check ( $faults, _("Checking imagick module for PHP"),
351 _("Imagick is used to convert user supplied images to fit the suggested size and the unified JPEG format from PHP script."), function_exists('imagick_blob2image'), TRUE);
352 }
354 /* Check for fping */
355 $query= "LC_ALL=C LANG=C fping -v 2>&1";
356 $output= shell_exec ($query);
357 $have_fping= preg_match("/^fping:/", $output);
358 $msg.= check ( $faults, _("Checking for fping utility"),
359 _("The fping utility is only used if you've got a thin client based terminal environment running."),
360 $have_fping, FALSE);
362 /* Check for smb hash generation tool */
363 $query= "mkntpwd 2>&1";
364 $output= shell_exec ($query);
365 $have_mkntpwd= preg_match("/^Usage: mkntpwd /", $output);
366 $alt = 0;
368 if (!$have_mkntpwd){
369 $query= "LC_ALL=C LANG=C perl -MCrypt::SmbHash -e 'ntlmgen \"PASSWD\", \$lm, \$nt; print \"\${lm}:\${nt}\\n\";' &>/dev/null";
370 system ($query, $ret);
371 $alt= ($ret == 0);
372 }
374 $msg.= check ( $faults, _("Checking for a way to generate LM/NT password hashes"),
375 _("In order to use SAMBA 2/3, you've to install some additional packages to generate password hashes."),
376 ($have_mkntpwd || $alt));
378 /* seesio.auto_start should be off, in order to without trouble*/
379 $session_auto_start = ini_get('session.auto_start');
380 $implicit_flush = ini_get('implicit_flush');
381 $max_execution_time = ini_get('max_execution_time');
382 $memory_limit = ini_get('memory_limit');
383 $expose_php = ini_get('expose_php');
384 $magic_quotes_gpc = ini_get('magic_quotes_gpc');
385 $register_globals = ini_get('register_globals');
387 /* auto_register */
388 $msg.= check ( $faults, _("php.ini check -> session.auto_register"),
389 _("In Order to use GOsa without any trouble, the session.auto_register option in your php.ini must be set to 'Off'."), (!$session_auto_start['local_value']));
391 /* implicit_flush */
392 $msg.= check ( $faults, _("php.ini check -> implicit_flush"),
393 _("This option influences the Output handling. Turn this Option off, to increase performance."),
394 !$implicit_flush['local_value'],0,false);
396 /* max_execution_time */
397 if($max_execution_time['local_value'] < 30 ){
398 $max_execution_time['local_value']=false;
399 }
400 $msg.= check ( $faults, _("php.ini check -> max_execution_time"),
401 _("The Execution time should be at least 30 seconds, because some actions may consume more time."),
402 $max_execution_time['local_value'],0,false);
404 /* memory_limit */
405 if($memory_limit['local_value'] < 16 ){
406 $memory_limit['local_value']=false;
407 }
408 $msg.= check ( $faults, _("php.ini check -> memory_limit"),
409 _("GOsa needs at least 16MB of memory, less will cause unpredictable errors! Increase it for larger setups."),
410 !$implicit_flush['local_value'],0,false);
412 /* expose_php */
413 $msg.= check ( $faults, _("php.ini check -> expose_php"),
414 _("Increase the server security by setting expose_php to 'off'. PHP won't send any Information about the server you are running in this case."),
415 !$implicit_flush['local_value'],0,false);
417 /* magic_quotes_gpc */
418 $msg.= check ( $faults, _("php.ini check -> magic_quotes_gpc"),
419 _("Increase your server security by setting magic_quotes_gpc to 'on'. PHP will escape all quotes in strings in this case."),
420 $magic_quotes_gpc['local_value'],0,false);
422 return $msg;
423 }
426 function parse_contrib_conf()
427 {
429 $str = "";
430 $used_samba_version = 0;
431 $query = "";
432 $fp = false;
433 $output = "";
434 $needridbase_sid = false;
435 $pwdhash = "";
436 $replacements = array();
437 $ldapconf = $_SESSION['ldapconf']; // The Installation information
438 $classes = $_SESSION['classes']; // Class information needed to define which features are enabled
439 $possible_plugins = array();
441 /* Which samba version do we use? */
442 if(isset($classes['samba3'])){
443 $used_samba_version = 2;
444 } else {
445 $used_samba_version = 3;
446 }
448 /* Look for samba password generation method */
449 if(file_exists("/usr/lib/gosa/mkntpasswd")){
450 $pwdhash = "/usr/lib/gosa/mkntpasswd";
451 } elseif (preg_match("/^Usage: mkntpwd /", shell_exec ("mkntpwd 2>&1"))){
452 $pwdhash= "mkntpwd";
453 } else {
454 $pwdhash=('perl -MCrypt::SmbHash -e "ntlmgen \"\$ARGV[0]\", \$lm, \$nt; print \"\${lm}:\${nt}\n\";" $1');
455 }
457 /* Define which variables will be replaced */
458 $replacements['{LOCATIONNAME}'] = $ldapconf['location'];
459 $replacements['{SAMBAVERSION}'] = $used_samba_version;
460 $replacements['{LDAPBASE}'] = $ldapconf['base'];
461 $replacements['{LDAPADMIN}'] = $ldapconf['admin'];
462 $replacements['{DNMODE}'] = $ldapconf['peopledn'];
463 $replacements['{LDAPHOST}'] = $ldapconf['uri'];
464 $replacements['{PASSWORD}'] = $ldapconf['password'];
465 $replacements['{CRYPT}'] = $ldapconf['arr_cryptkeys'][$ldapconf['arr_crypts']];
466 $replacements['{SID}'] = "";
467 $replacements['{RIDBASE}'] = "";
468 if($ldapconf['mail'] != "disabled"){
469 $replacements['{MAILMETHOD}'] = $ldapconf['mail_methods'][$ldapconf['mail']];
470 }
471 $replacements['{SMBHASH}'] = $pwdhash;
472 $replacements['{GOVERNMENTMODE}']= "false";
473 $replacements['{kolabAccount}'] = "";
474 $replacements['{servKolab}'] = "";
475 $replacements['{errorlvl}'] = $ldapconf['errorlvl'];
477 /* This array contains all preg_replace syntax to delete all unused plugins
478 THE kEY MUST BE THE CLASSNAME so we can check it with $ldapconf['classes'] */
480 $possible_plugins['fonreport'][] = "'\n.*<plugin.*fonreport+.*\n.*>.*\n'i";
481 $possible_plugins['phoneaccount'][]= "'\n.*<tab.*phoneAccount.*>.*\n'i";
482 $possible_plugins['logview'][] = "'\n.*<plugin.*logview+.*\n.*>.*\n'i";
483 $possible_plugins['pureftp'][] = "'\n.*<tab.*pureftp.*>.*\n'i";
484 $possible_plugins['webdav'][] = "'\n.*<tab.*webdav.*>.*\n'i";
485 $possible_plugins['phpgroupware'][]= "'\n.*<tab.*phpgroupware.*>.*\n'i";
487 /*Header information
488 Needed to send the generated gosa.conf to the browser */
489 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
490 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
491 header("Cache-Control: no-cache");
492 header("Pragma: no-cache");
493 header("Cache-Control: post-check=0, pre-check=0");
494 header("Content-type: text/plain");
496 if (preg_match('/MSIE 5.5/', $_SERVER['HTTP_USER_AGENT']) ||
497 preg_match('/MSIE 6.0/', $_SERVER['HTTP_USER_AGENT'])){
498 header('Content-Disposition: filename="gosa.conf"');
499 } else {
500 header('Content-Disposition: attachment; filename="gosa.conf"');
501 }
503 if(!$fp=fopen(CONFIG_TEMPLATE_DIR."/gosa.conf","r")) {
504 echo "Can't open file ".CONFIG_TEMPLATE_DIR."/gosa.conf";
505 } else {
506 while(!feof($fp)) {
507 $str.= fread($fp,512);
508 }
510 if($ldapconf['mail_methods'][$ldapconf['mail']]=="kolab") {
511 $replacements['{kolabAccount}'] ="<tab class=\"kolabAccount\" />\n ";
512 $replacements['{servKolab}'] ="<tab class=\"servkolab\" name=\"Kolab\" />";
513 }
515 if($used_samba_version == 2) {
516 /* Do nothing for samba 2... */
517 } else {
518 /* Create LDAP connection, to check if there's a domain
519 object defined in the LDAP schema */
520 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
522 /* Try to find a Samba Domain Objekt */
523 $ldap->search("(objectClass=sambaDomain)");
525 /* Something found ??? so we need to define ridbase an SID by ourselfs */
526 if($ldap->count()< 1) {
527 $replacements['{SID}']= "sid=\"123412-11\"";
528 $replacements['{RIDBASE}']= "ridbase=\"1000\"";
529 }
530 }
532 /* Data readed, types replaced, samba version detected and checked if
533 we need to add SID and RIDBASE. Check if there is an ivbbEntry in
534 the LDAP tree, in this case we will set the governmentmode to true.
535 Create LDAP connection, to check if theres a domain Objekt definen
536 in the LDAP schema. */
537 if(!isset($ldap)){
538 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
539 }
541 /* Try to find a Samba Domain Objekt */
542 $ldap->search("(objectClass=ivbbEntry)");
544 /* Something found ??? so we need to define ridbase an SID by ourselfs */
545 if($ldap->count()> 0) {
546 $replacements['{GOVERNMENTMODE}']= "true";
547 }
549 /* Replace all colleted information with placeholder */
550 foreach($replacements as $key => $val) {
551 $str = preg_replace("/".$key."/",$val,$str);
552 }
554 if($ldapconf['mail'] == "disabled"){
555 $str = str_replace("mailMethod=\"{MAILMETHOD}\"","",$str);
556 }
559 /* Remove all unused plugins */
560 foreach($possible_plugins as $key=> $plugin) {
561 foreach($plugin as $key=>$val) {
562 if(in_array($plugin,$classes)) {
563 $str = preg_replace($val,"\n",$str);
564 }
565 }
566 }
567 }
569 return ((($str)));
570 }
573 /* Show setup_page 1 */
574 function show_setup_page1($withoutput = true)
575 {
576 $smarty = get_smarty();
577 $smarty->assign ("content", get_template_path('setup_introduction.tpl'));
578 $smarty->assign ("tests", perform_php_checks($faults));
580 /* This var is true if anything went wrong */
581 if ($faults){
582 $smarty->assign("mode", "disabled");
583 }
585 /* This line displays the template only if (withoutput is set) */
586 if($withoutput){
587 $smarty->display (get_template_path('headers.tpl'));
588 }
590 if (isset($_SESSION['errors'])){
591 $smarty->assign("errors", $_SESSION['errors']);
592 }
594 if($withoutput){
595 $smarty->display (get_template_path('setup.tpl'));
596 }
598 return (!$faults);
599 }
602 /* Show setup_page 2 */
603 function show_setup_page2($withoutput = true)
604 {
605 $smarty = get_smarty();
606 $smarty->assign ("content", get_template_path('setup_step2.tpl'));
607 $smarty->assign ("tests", perform_additional_checks($faults));
609 if ($faults) {
610 $smarty->assign("mode", "disabled");
611 }
612 if($withoutput){
613 $smarty->display (get_template_path('headers.tpl'));
614 }
615 if (isset($_SESSION['errors'])) {
616 $smarty->assign("errors", $_SESSION['errors']);
617 }
618 if($withoutput){
619 $smarty->display (get_template_path('setup.tpl'));
620 }
622 return (!$faults);
623 }
626 function show_setup_page3($withoutput = true)
627 {
628 $smarty = get_smarty();
630 /* Take the Post oder the Sessioin saved data */
631 if(isset($_POST['uri'])){
632 $uri = $_POST['uri'];
633 } elseif(isset($_SESSION['ldapconf']['uri'])){
634 $uri = $_SESSION['ldapconf']['uri'];
635 }
637 /* If Page called first time, field is empty */
638 if((!isset($uri))||(empty($uri))){
639 $uri = "ldap://localhost:389";
640 }
642 /* if isset $uri save it to session */
643 if(isset($uri)) {
644 $_SESSION['ldapconf']['uri'] = $uri;
645 $smarty->assign ("uri", validate($uri));
646 }
648 /* No error till now */
649 $fault = false;
651 /* If we pushed the Button continue */
652 if(isset($_POST['continue3'])){
653 if(!isset($uri)) {
654 $fault = true;
656 /* Output the Error */
657 if($withoutput) {
658 print_red (_("You've to specify an ldap server before continuing!"));
659 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
660 }
661 }
662 } elseif (!$ds = @ldap_connect (validate($uri))) {
663 $fault =true;
665 /* Output the Error */
666 if($withoutput) {
667 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
668 $smarty->assign ("uri", validate($uri));
669 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
670 }
671 } else {
672 /* Try to bind the connection */
673 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
675 /* if we can't bind , print error */
676 if (!$r = @ldap_bind ($ds)) {
677 $fault = true;
679 /* Output the Error */
680 if($withoutput) {
681 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
682 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
683 $smarty->assign ("uri", validate($uri));
684 }
685 } else {
686 $fault = false;
687 }
688 }
690 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
692 /* Load Header */
693 if($withoutput){
694 $smarty->display (get_template_path('headers.tpl'));
695 }
697 /* Set Errors to Smarty */
698 if (isset($_SESSION['errors'])) {
699 $smarty->assign("errors", $_SESSION['errors']);
700 }
702 /* Print out Template */
703 if($withoutput){
704 $smarty->display (get_template_path('setup.tpl'));
705 }
707 return (!$fault);
708 }
711 function show_setup_page4($withoutput = true)
712 {
713 $smarty= get_smarty();
715 if(!isset($_SESSION['ldapconf']['base'])){
716 $_SESSION['ldapconf']['base']= $base;
717 }
719 if(!isset($_SESSION['ldapconf']['base'])){
720 $_SESSION['ldapconf']['base']= $base;
721 }
722 require_once("class_password-methods.inc");
724 $fault = false;
725 $uri = $_SESSION['ldapconf']['uri'];
726 $ldapconf = $_SESSION['ldapconf'];
727 $arr_crypts= array();
728 $temp = "";
729 $checkvars = array("location", "admin", "password", "peopleou", "base",
730 "peopledn", "arr_crypts", "mail", "uidbase","errorlvl");
732 if(!isset($_SESSION['ldapconf']['arr_cryptkeys'])) {
733 require_once("class_password-methods.inc");
734 $tmp= passwordMethod::get_available_methods_if_not_loaded();
735 $_SESSION['ldapconf']['arr_cryptkeys']= $tmp['name'];
736 }
738 if(!isset($_SESSION['ldapconf']['mail_methods'])) {
739 $_SESSION['ldapconf']['mail_methods']=array();
740 $temp = get_available_mail_classes();
741 $_SESSION['ldapconf']['mail_methods']= $temp['name'];
742 }
744 /* If there are some empty vars in ldapconnect -
745 these values also represent out default values */
746 if(!$ds = @ldap_connect (validate($uri))){
747 $fault = true;
748 if($withoutput){
749 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
750 }
751 } elseif(!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)){
752 $fault = true;
753 if($withoutput){
754 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
755 }
756 } elseif(!$r= @ldap_bind ($ds)){
757 $fault = true;
758 if($withoutput){
759 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
760 }
761 } else {
762 $sr= @ldap_search ($ds, "", "objectClass=*", array("namingContexts"));
763 $attr= @ldap_get_entries($ds,$sr);
765 if((empty($attr))) {
766 $base= "dc=example,dc=net";
768 if($withoutput){
769 print_red(_("Bind to server successful, but the server seems to be completly empty, please check all informations twice"));
770 }
772 } else {
773 $base= $attr[0]['dn'];
774 }
775 }
777 if(!isset($_SESSION['ldapconf']['base'])){
778 $_SESSION['ldapconf']['base']= $base;
779 }
780 if(!isset($_SESSION['ldapconf']['admin'])){
781 $_SESSION['ldapconf']['admin']= "cn=ldapadmin,".$base;
782 }
783 if(!isset($_SESSION['ldapconf']['peopleou'])){
784 $_SESSION['ldapconf']['peopleou']= "ou=people";
785 }
786 if(!isset($_SESSION['ldapconf']['groupou'])){
787 $_SESSION['ldapconf']['groupou']= "ou=groups";
788 }
789 if(!isset($_SESSION['ldapconf']['peopledn'])){
790 $_SESSION['ldapconf']['peopledn']= "cn";
791 }
792 if(!isset($_SESSION['ldapconf']['password'])){
793 $_SESSION['ldapconf']['password']= "";
794 }
795 if(!isset($_SESSION['ldapconf']['location'])){
796 $_SESSION['ldapconf']['location']= "Example";
797 }
798 if(!isset($_SESSION['ldapconf']['uidbase'])){
799 $_SESSION['ldapconf']['uidbase']= "1000";
800 }
801 if(!isset($_SESSION['ldapconf']['mail'])){
802 $_SESSION['ldapconf']['mail']= 0;
803 }
804 $tmp= array_flip($_SESSION['ldapconf']['arr_cryptkeys']);
805 if(!isset($_SESSION['ldapconf']['arr_crypts'])){
806 $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5'];
807 }
809 /* check POST data */
810 if(isset($_POST['check'])) {
812 /* Check if all needed vars are submitted */
813 foreach($checkvars as $key) {
814 if($key == "peopleou"){
815 continue;
816 }
817 if($key == "groupou"){
818 continue;
819 }
821 if((isset($_POST[$key]))&&($_POST[$key]!="")) {
822 $_SESSION['ldapconf'][$key] = $_POST[$key];
823 } else {
824 if($withoutput) {
825 print_red(sprintf(_("You're missing the required attribute '%s' from this formular. Please complete!"), $key));
826 }
827 $fault = true;
828 }
829 }
830 }
832 /* Transfer base */
833 if(isset($_POST['base'])){
834 $_SESSION['ldapconf']['base']= $_POST['base'];
835 }
837 $smarty->assign("arr_cryptkeys",$_SESSION['ldapconf']['arr_cryptkeys']);
838 $smarty->assign("mail_methods", $_SESSION['ldapconf']['mail_methods']);
840 foreach($_SESSION['ldapconf'] as $key => $val) {
841 $smarty->assign($key,$val);
842 }
844 if(isset($_POST['check'])) {
845 $ldap= new LDAP($_SESSION['ldapconf']['admin'],
846 $_SESSION['ldapconf']['password'],
847 $_SESSION['ldapconf']['uri']);
849 $m= schema_check($_SESSION['ldapconf']['uri'],
850 $_SESSION['ldapconf']['admin'],
851 $_SESSION['ldapconf']['password']);
852 $_SESSION['classes']= $m;
854 if(!is_schema_readable($ldapconf['uri'],$ldapconf['admin'],$ldapconf['password'])){
855 if($withoutput){
856 print_red(_("Can't read schema informations, GOsa needs to know your schema setup. Please verify that it is readable for GOsa"));
857 }
858 $fault=true;
859 }
863 if ($ldap->error != "Success") {
864 if($withoutput) {
865 print_red(sprintf(_("Can't log into LDAP server. Reason was: %s."), $ldap->get_error()));
866 }
867 $fault = true;
868 }
869 }
871 /* Set smarty output */
872 $smarty->assign ("content", get_template_path('setup_step4.tpl'));
873 $smarty->assign ("peopledns", array("cn", "uid"));
874 if($withoutput){
875 $smarty->display (get_template_path('headers.tpl'));
876 }
877 if(isset($_SESSION['errors'])) {
878 $smarty->assign("errors", $_SESSION['errors']);
879 }
880 if($withoutput){
881 $smarty->display (get_template_path('setup.tpl'));
882 }
883 return (!$fault);
884 }
887 function show_setup_page5($withoutput=true)
888 {
889 /* Get ldapconf */
890 $ldapconf= $_SESSION['ldapconf'];
892 /* get smarty */
893 $smarty = get_smarty();
895 if(isset($_SESSION['classes'])){
896 $classes = $_SESSION['classes'];
897 }
899 $info= posix_getgrgid(posix_getgid());
900 $smarty->assign("webgroup", $info['name']);
901 $smarty->assign("path", CONFIG_DIR);
902 $message= "<table summary=\"\" class=\"check\">";
903 $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1);
905 if($withoutput) {
906 $smarty->assign ("schemas", view_schema_check($m));
907 $smarty->assign ("content", get_template_path('setup_finish.tpl'));
908 }
910 /* Output templates... */
911 if($withoutput){
912 $smarty->display (get_template_path('headers.tpl'));
913 }
914 if (isset($_SESSION['errors'])) {
915 $smarty->assign("errors", $_SESSION['errors']);
916 }
917 if($withoutput){
918 $smarty->display (get_template_path('setup.tpl'));
919 }
921 return(true);
922 }
925 function create_user_for_setup($withoutput=true)
926 {
927 global $samba;
929 $ldapconf = $_SESSION['ldapconf'];
930 $smarty = get_smarty();
932 $need_to_create_group = false;
933 $need_to_create_user = false;
935 $str_there="";
937 if(isset($_SESSION['classes'])){
938 $classes= $_SESSION['classes'];
939 }
941 /* Everything runns perfect ...
942 So we do a last test on this page
943 is there a user with ACLs :all which will be able to adminsitrate GOsa
944 We check that, if this user or group is missing we ask for creating them */
945 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
947 /*
948 Now we are testing for a group, with the rights :all
949 */
951 $ldap->cd($ldapconf['base']);
952 $ldap->search("(&(objectClass=gosaObject)(gosaSubtreeACL=:all))");
954 $group_cnt = $ldap->count();
955 $data = $ldap->fetch();
957 // $str_there = "Searching for Aminitrative users <br><br>";
959 /*
960 We need to create administrative user and group because theres no group found
961 */
962 if($group_cnt < 1) {
964 /*
965 Set var to create user
966 */
967 // $str_there = "no group found<br>";
969 $need_to_create_group = true;
970 $need_to_create_user = true;
973 /* Output error */
974 if(($withoutput)&&(!isset($_POST['new_admin']))){
975 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
976 }
977 } else {
979 // $str_there = "Group found <br>".$data['dn'];
981 $need_to_create_group = false;
983 $ldap->clearResult();
985 /* We found an Administrative Group, is there a user, too */
986 if(isset($data['memberUid'][0])) {
987 $str = "uid=".$data['memberUid']['0'];
988 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)(".$str."))");
989 $data2 = $ldap->fetch();
991 /* We must create a user */
992 if (($ldap->count() < 1)||(!isset($data2))) {
993 // $str_there.="Missing user";
995 $need_to_create_user = true;
997 if(($withoutput)&&(!isset($_POST['new_admin']))){
998 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
999 }
1000 }else {
1001 // $str_there.="<br>User found <br>".$data2['dn'];
1002 $need_to_create_user = false;
1003 }
1004 } else {
1005 $need_to_create_user=true;
1006 if(($withoutput)&&(!isset($_POST['new_admin']))){
1007 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1008 }
1009 // $str_there.="<br>No User found <br>";
1010 }
1011 }
1013 if(!($need_to_create_user&&$need_to_create_group))
1014 return(true);
1016 /* We need to create a new user with group */
1017 if(isset($_POST['new_admin']))
1018 {
1020 /* Adjust password attributes according to the samba version */
1021 if (isset($classes['samba3'])) {
1022 $samba= "2";
1023 $lmPassword = "lmPassword";
1024 $ntPassword = "ntPassword";
1025 } else {
1026 $samba= "3";
1027 $lmPassword = "sambaLMPassword";
1028 $ntPassword = "sambaNtPassword";
1029 }
1031 /* Nothing submitted */
1032 if(((empty($_POST['admin_name']))||(empty($_POST['admin_pass'])))) {
1033 return(true);
1034 }
1036 if($need_to_create_user) {
1037 /* We have the order to create an Admin */
1038 /* Define the user we are going to create */
1039 $dn= "cn=".$_POST['admin_name'].",".$ldapconf['peopleou'].",".$ldapconf['base'];
1040 $arr['objectClass'][0] ="person";
1041 $arr['objectClass'][1] ="organizationalPerson";
1042 $arr['objectClass'][2] ="inetOrgPerson";
1043 $arr['objectClass'][3] ="gosaAccount";
1044 $arr['uid'] = $_POST['admin_name'];
1045 $arr['cn'] = $_POST['admin_name'];
1046 $arr['sn'] = $_POST['admin_name'];
1047 $arr['givenName'] = "GOsa main administrator";
1048 $arr[$lmPassword] = "10974C6EFC0AEE1917306D272A9441BB";
1049 $arr[$ntPassword] = "38F3951141D0F71A039CFA9D1EC06378";
1050 $arr['userPassword'] = crypt_single($_POST['admin_pass'],"md5");
1053 if(!$ldap->dn_exists($dn)){
1054 $ldap->cd($dn);
1055 $ldap->create_missing_trees($dn);
1056 $ldap->cd($dn);
1057 $ldap->add($arr);
1058 if($ldap->error!="Success"){
1059 print_red($ldap->error);
1060 print_red("Can't create user, and / or Group, possibly this problem depends on an empty LDAP server. Check your configuration and try again!");
1061 }
1062 }
1063 }
1065 /* There's already a group for administrator, so we only need to add the user */
1066 if(!$need_to_create_group) {
1067 if(!isset($data['memberUid'])) {
1068 $arrr['memberUid']= $_POST['admin_name'];
1069 } else {
1070 $data['memberUid'][$data['memberUid']['count']]=$_POST['admin_name'];
1071 $arrr['memberUid'] = $data['memberUid'];
1072 unset($arrr['memberUid']['count']);
1074 $tmp = array_reverse($arrr['memberUid']);
1075 foreach($tmp as $tt){
1076 $tmp2[]=$tt;
1077 }
1078 $arrr['memberUid']= $tmp2;
1079 // $str_there="Group found<br>".$data['dn'];
1080 }
1082 $ldap->cd($data['dn']);
1083 $ldap->modify($arrr);
1085 } else {
1086 $dn = "cn=administrators,".$ldapconf['groupou'].",".$ldapconf['base'];
1087 $arrr['objectClass'][0]= "gosaObject";
1088 $arrr['objectClass'][1]= "posixGroup";
1089 $arrr['gosaSubtreeACL']= ":all";
1090 $arrr['cn'] = "administrators";
1091 $arrr['gidNumber'] = "999";
1092 $arrr['memberUid'] = $_POST['admin_name'];
1094 $ldap->cd($dn);
1095 $ldap->create_missing_trees($dn);
1096 $ldap->cd($dn);
1098 $ldap->add($arrr);
1099 }
1100 return(true);
1101 } else {
1103 if(!($create_user)) {
1104 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1105 $smarty->assign("exists",true);
1106 } else {
1107 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1108 $smarty->assign("exists",false);
1109 }
1111 }
1113 /* Smarty output */
1114 if($withoutput){
1115 $smarty->display (get_template_path('headers.tpl'));
1116 }
1117 if (isset($_SESSION['errors'])) {
1118 $smarty->assign("errors", $_SESSION['errors']);
1119 }
1120 $smarty->assign("str_there",$str_there);
1121 if($withoutput){
1122 $smarty->display (get_template_path('setup.tpl'));
1123 }
1124 return(false);
1125 }
1128 /* Returns the classnames auf the mail classes */
1129 function get_available_mail_classes()
1130 {
1131 $dir = opendir( "../include");
1132 $methods = array();
1133 $suffix = "class_mail-methods-";
1134 $lensuf = strlen($suffix);
1135 $prefix = ".inc";
1136 $lenpre = strlen($prefix);
1138 $i = 0;
1139 while (($file = readdir($dir)) !== false){
1141 if(stristr($file,$suffix)) {
1142 $lenfile = strlen($file);
1143 $methods['name'][$i] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1144 $methods['file'][$i] = $file;
1145 $methods[$i]['file'] = $file;
1146 $methods[$i]['name'] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1147 $i++;
1148 }
1150 }
1152 return($methods);
1153 }
1155 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1156 ?>