1 <?php
3 function check_schema_version($description, $version)
4 {
5 $desc= preg_replace("/^.* DESC\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $description);
7 return preg_match("/\(v$version\)/", $desc);
8 }
11 function view_schema_check($table)
12 {
13 $message="<table summary=\"\" class=\"check\">";
15 foreach ($table as $key => $values){
16 $msg = $values['msg'];
17 $message.= "<tr><td class=\"check\">$msg";
19 if($values['status']) {
20 $message.="</td><td style='text-align:center' >
21 <img src=images/true.png alt='true' /></td></tr>";
22 } else {
23 $message.="</td><td style='text-align:center' >
24 <img src=images/button_cancel.png alt='false' /></td></tr>";
25 }
26 }
27 $message.="</table>";
29 return $message;
30 }
32 function is_schema_readable($server, $admin, $password)
33 {
34 $ds= ldap_connect ($server);
35 if (!$ds) {
36 return (false);
37 }
38 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
39 $r= ldap_bind ($ds, $admin, $password);
41 /* Get base to look for schema */
42 $sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
43 $attr= @ldap_get_entries($ds,$sr);
44 if (!isset($attr[0]['subschemasubentry'][0])){
45 return (false);
46 }
48 $nb= $attr[0]['subschemasubentry'][0];
49 $objectclasses= array();
50 $sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
51 $attrs= ldap_get_entries($ds,$sr);
52 if (!isset($attrs[0])){
53 return (false);
54 }
55 return(true);
56 }
58 function schema_check($server, $admin, $password, $aff=0)
59 {
60 global $config;
62 $messages= array();
63 $required_classes= array(
64 "gosaObject" => array("version" => "2.4"),
65 "gosaAccount" => array("version" => "2.4"),
66 "gosaLockEntry" => array("version" => "2.4"),
67 "gosaCacheEntry" => array("version" => "2.4"),
68 "gosaDepartment" => array("version" => "2.4"),
70 "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
71 "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
72 "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
74 "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"),
75 "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"),
76 "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
77 "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
78 "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
80 "GOhard" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
81 "gotoTerminal" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
82 "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"),
83 "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
84 "goNfsServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
85 "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
86 "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
87 "goLdapServer" => array("version" => "2.4"),
88 "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),),
89 "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3.schema"),
90 "goKrbServer" => array("version" => "2.4"),
91 "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"),
92 );
94 /* Build LDAP connection */
95 $ds= ldap_connect ($server);
96 if (!$ds) {
97 return (array(array("msg" => _("Can't bind to LDAP. No schema check possible!"), "status" => FALSE)));
98 }
99 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
100 $r= ldap_bind ($ds, $admin, $password);
102 /* Get base to look for schema */
103 $sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
104 $attr= @ldap_get_entries($ds,$sr);
105 if (!isset($attr[0]['subschemasubentry'][0])){
106 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
107 }
109 /* Get list of objectclasses */
110 $nb= $attr[0]['subschemasubentry'][0];
111 $objectclasses= array();
112 $sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
113 $attrs= ldap_get_entries($ds,$sr);
114 if (!isset($attrs[0])){
115 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
116 }
117 foreach ($attrs[0]['objectclasses'] as $val){
118 $name= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
119 if ($name != $val){
120 $objectclasses[$name]= $val;
121 }
122 }
123 /* Walk through objectclasses and check if they are needed or not */
124 foreach ($required_classes as $key => $value){
125 if (isset($value['class'])){
126 if (!is_array($value['class'])){
127 $classes= array($value['class']);
128 } else {
129 $classes= $value['class'];
130 }
132 /* Check if we are using the class that requires */
133 foreach($classes as $class){
134 if (!isset($objectclasses[$key])){
135 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' is not present in LDAP setup"), $key, $class);
136 $messages[$key]['status'] = FALSE;
137 } else {
138 if (!check_schema_version($objectclasses[$key], $value['version'])){
139 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' does not have version %s"), $key, $class, $value['version']);
140 $messages[$key]['status'] =FALSE;
141 }else {
142 if(!isset($affich2[$class])){
143 $affich2[$class]['msg'] = sprintf(_("Support for '%s' enabled"), $class)."<td class=\"check\"> ".$value['file']."</td>";
144 $affich2[$class]['status']= TRUE;
145 }
146 }
147 }
149 }
150 } else {
151 /* Required class */
152 if (!isset($objectclasses[$key])){
153 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' is not present in LDAP setup"), $key);
154 $messages[$key]['status'] = FALSE;
155 } else {
156 if (!check_schema_version($objectclasses[$key], $value['version'])){
157 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' does not have version %s"), $key, $value['version']);
158 $messages[$key]['status'] = FALSE;
159 }
160 }
161 }
162 }
164 /* Check for correct samba parameters */
165 if (!isset($objectclasses['sambaSamAccount'])){
166 $messages['samba3']['msg']= _("SAMBA 3 support disabled, no schema seems to be installed");
167 $affich['samba3']['msg']= $messages['samba3']['msg']."<td class=\"check\">gosa+samba3.schema</td>";
168 $messages['samba3']['status']= FALSE;
169 $affich['samba3']['status']= FALSE;
170 }else{
171 $affich['samba3']['msg']= _("SAMBA 3 support enabled")."<td class=\"check\">gosa+samba3.schema</td>";
172 $affich['samba3']['status']= TRUE;
173 }
175 if (!isset($objectclasses['sambaAccount'])){
176 $messages['samba2']['msg']= _("SAMBA 2 support disabled, no schema seems to be installed");
177 $affich['samba2']['msg']= $messages['samba2']['msg']."<td class=\"check\">samba.schema</td>";
178 $messages['samba2']['status']= FALSE;
179 $affich['samba2']['status']= FALSE;
180 }else{
181 $affich['samba2']['msg']= _("SAMBA 2 support enabled")."<td class=\"check\">samba.schema</td>";
182 $affich['samba2']['status']= TRUE;
183 }
185 /* Check pureftp/dns/ */
186 if (!isset($objectclasses['PureFTPdUser'])){
187 $messages['pureftp']['msg']= _("Support for pureftp disabled, no schema seems to be installed");
188 $affich['pureftp']['msg']= $messages['pureftp']['msg']."<td class=\"check\">pureftpd.schema</td>";
189 $messages['pureftp']['status']= FALSE;
190 $affich['pureftp']['status']= FALSE;
191 }else{
192 $affich['pureftp']['msg']= _("Support for pureftp enabled")."<td class=\"check\">pureftpd.schema</td>";
193 $affich['pureftp']['status']= TRUE;
194 }
196 if (!isset($objectclasses['gosaWebdavAccount'])){
197 $messages['webdav']['msg']= _("Support for WebDAV disabled, no schema seems to be installed");
198 $affich['webdav']['msg']= $messages['webdav']['msg']."<td class=\"check\"></td>";
199 $messages['webdav']['status']= FALSE;
200 $affich['webdav']['status']= FALSE;
201 }else{
202 $affich['webdav']['msg']=_("Support for WebDAV enabled")."<td class=\"check\">gosa+samba3.schema</td>";
203 $affich['webdav']['status']= TRUE;
204 }
206 if (!isset($objectclasses['phpgwAccount'])){
207 $messages['phpgroupware']['msg']= _("Support for phpgroupware disabled, no schema seems to be installed");
208 $affich['phpgroupware']['msg']= $messages['phpgroupware']['msg']."<td class=\"check\">phpgwaccount.schema</td>";
209 $messages['phpgroupware']['status']= FALSE;
210 $affich['phpgroupware']['status']= FALSE;
211 }else{
212 $affich['phpgroupware']['msg']= _("Support for phpgroupware enabled")."<td class=\"check\">phpgwaccount.schema</td>";
213 $affich['phpgroupware']['status']= TRUE;
214 }
216 if (!isset($objectclasses['goFonAccount'])){
217 $messages['phoneaccount']['msg']= _("Support for gofon disabled, no schema seems to be installed");
218 $affich['phoneaccount']['msg']= $messages['phoneaccount']['msg']."<td class=\"check\">gofon.schema</td>";
219 $messages['phoneaccount']['status']= FALSE;
220 $affich['phoneaccount']['status']= FALSE;
221 }else{
222 $affich['phoneaccount']['msg']= _("Support for gofon enabled")."<td class=\"check\">gofon.schema</td>";
223 $affich['phoneaccount']['status']= true;
224 }
226 if(($_SESSION['ldapconf']['mail_methods'][$_SESSION['ldapconf']['mail']] == "kolab")){
227 if(!isset($objectclasses['kolabInetOrgPerson']))
228 {
229 $messages['kolab']['msg']= _("Support for Kolab disabled, no schema seems to be installed, setting mail-method to cyrus");
230 $affich['kolab']['msg']=$messages['kolab']['msg']."<td class=\"check\">kolab2.schema</td>";
232 $tmp= array_flip($_SESSION['ldapconf']['mail_methods']);
233 $_SESSION['ldapconf']['mail']=$tmp['cyrus'];
234 $messages['kolab']['status']= FALSE;
235 $affich['kolab']['status']= FALSE;
236 }else{
237 $affich['kolab']['msg']=_("Support for Kolab enabled")."<td class=\"check\">gofon.schema</td>";
238 $affich['kolab']['status']= TRUE;
239 }
240 }
241 if($aff==0){
242 return ($messages);
243 } else {
244 return(array_merge($affich,$affich2));
245 }
246 }
249 function check(&$faults, $message, $description, $test, $required= TRUE)
250 {
251 $msg= "<table summary=\"\" class='check'><tr><td class='check' style='font-size:14px;'>$message</td>
252 <td rowspan=2 style='vertical-align:middle; text-align:center;width:45px;'>";
253 if ($test){
254 $msg.= _("OK")."<br>";
255 } else {
256 if (!$required){
257 $msg.="<font color=red>"._("Ignored")."</font><br>";
258 } else {
259 $msg.="<font color=red>"._("Failed")."</font><br>";
260 $faults++;
261 }
262 }
263 $msg.= "</td></tr><tr><td class='check' style='padding-left:20px;".
264 "background-color:#F0F0F0;'>$description</td></tr></table><br>";
266 return $msg;
267 }
269 function perform_php_checks(&$faults)
270 {
271 global $check_globals;
273 $faults= 0;
274 $msg= "";
276 $msg.= "<h1>"._("PHP setup inspection")."</h1>";
277 $msg.= check ( $faults, _("Checking for PHP version (>=4.1.0)"),
278 _("PHP must be of version 4.1.0 or above for some functions and known bugs in PHP language."),
279 version_compare(phpversion(), "4.1.0")>=0);
281 $msg.= check ( $faults, _("Checking if register_globals is set to 'off'"),
282 _("register_globals is a PHP mechanism to register all global varibales to be accessible from scripts without changing the scope. This may be a security risk. GOsa will run in both modes."),
283 $check_globals == 0, FALSE);
285 $msg.= check ( $faults, _("Checking for ldap module"),
286 _("This is the main module used by GOsa and therefore really required."),
287 function_exists('ldap_bind'));
289 $msg.= check ( $faults, _("Checking for XML functions"),
290 _("XML functions are required to parse the configuration file."),
291 function_exists('xml_parser_create'));
293 $msg.= check ( $faults, _("Checking for gettext support"),
294 _("Gettext support is required for internationalized GOsa."), function_exists('bindtextdomain'));
296 $msg.= check ( $faults, _("Checking for iconv support"),
297 _("This module is used by GOsa to convert samba munged dial informations and is therefore required."),
298 function_exists('iconv'));
300 $msg.= check ( $faults, _("Checking for mhash module"),
301 _("To use SSHA encryption, you'll need this module. If you are just using crypt or md5 encryption, ignore this message. GOsa will run without it."),
302 function_exists('mhash'), FALSE);
304 $msg.= check ( $faults, _("Checking for imap module"),
305 _("The IMAP module is needed to communicate with the IMAP server. It gets status informations, creates and deletes mail users."),
306 function_exists('imap_open'));
308 $msg.= check ( $faults, _("Checking for getacl in imap"),
309 _("The getacl support is needed for shared folder permissions. The standard IMAP module is not capable of reading acl's. You need a recend PHP version for this feature."),
310 function_exists('imap_getacl'), FALSE);
312 $msg.= check ( $faults, _("Checking for mysql module"),
313 _("MySQL support is needed for reading GOfax reports from databases."),
314 function_exists('mysql_query'), FALSE);
316 $msg.= check ( $faults, _("Checking for cups module"),
317 _("In order to read available printers from IPP protocol instead of printcap files, you've to install the CUPS module."),
318 function_exists('cups_get_dest_list'), FALSE);
320 $msg.= check ( $faults, _("Checking for kadm5 module"),
321 _("Managing users in kerberos requires the kadm5 module which is downloadable via PEAR network."),
322 function_exists('kadm5_init_with_password'), FALSE);
324 $msg.= check ( $faults, _("Checking for snmp Module"),
325 _("Simple Network Management Protocol (SNMP) is required for client monitoring."),
326 function_exists('snmpget'), FALSE);
327 return ($msg);
328 }
331 function perform_additional_checks(&$faults)
332 {
333 /* Programm check */
334 $msg= "<h1>"._("Checking for some additional programms")."</h1>";
336 /* Image Magick */
337 $query= "LC_ALL=C LANG=C convert -help";
338 $output= shell_exec ($query);
339 if ($output != ""){
340 $lines= split ("\n", $output);
341 $version= preg_replace ("/^Version:.+Magick ([^\s]+).*/", "\\1", $lines[0]);
342 list($major, $minor)= split("\.", $version);
343 $msg.= check ( $faults, _("Checking for ImageMagick (>=5.4.0)"),
344 _("ImageMagick is used to convert user supplied images to fit the suggested size and the unified JPEG format."),
345 ($major > 5 || ($major == 5 && $minor >= 4)));
346 } else {
347 $msg.= check ( $faults, _("Checking imagick module for PHP"),
348 _("Imagick is used to convert user supplied images to fit the suggested size and the unified JPEG format from PHP script."), function_exists('imagick_blob2image'), TRUE);
349 }
351 /* Check for fping */
352 $query= "LC_ALL=C LANG=C fping -v 2>&1";
353 $output= shell_exec ($query);
354 $have_fping= preg_match("/^fping:/", $output);
355 $msg.= check ( $faults, _("Checking for fping utility"),
356 _("The fping utility is only used if you've got a thin client based terminal environment running."),
357 $have_fping, FALSE);
359 /* Check for smb hash generation tool */
360 $query= "mkntpwd 2>&1";
361 $output= shell_exec ($query);
362 $have_mkntpwd= preg_match("/^Usage: mkntpwd /", $output);
363 $alt = 0;
365 if (!$have_mkntpwd){
366 $query= "LC_ALL=C LANG=C perl -MCrypt::SmbHash -e 'ntlmgen \"PASSWD\", \$lm, \$nt; print \"\${lm}:\${nt}\\n\";' &>/dev/null";
367 system ($query, $ret);
368 $alt= ($ret == 0);
369 }
371 $msg.= check ( $faults, _("Checking for a way to generate LM/NT password hashes"),
372 _("In order to use SAMBA 2/3, you've to install some additional packages to generate password hashes."),
373 ($have_mkntpwd || $alt));
375 /* seesio.auto_start should be off, in order to without trouble*/
376 $session_auto_start = ini_get('session.auto_start');
377 $implicit_flush = ini_get('implicit_flush');
378 $max_execution_time = ini_get('max_execution_time');
379 $memory_limit = ini_get('memory_limit');
380 $expose_php = ini_get('expose_php');
381 $magic_quotes_gpc = ini_get('magic_quotes_gpc');
382 $register_globals = ini_get('register_globals');
384 /* auto_register */
385 $msg.= check ( $faults, _("php.ini check -> session.auto_register"),
386 _("In Order to use GOsa without any trouble, the session.auto_register option in your php.ini must be set to 'Off'."), (!$session_auto_start['local_value']));
388 /* implicit_flush */
389 $msg.= check ( $faults, _("php.ini check -> implicit_flush"),
390 _("This option influences the Output handling. Turn this Option off, to increase performance."),
391 !$implicit_flush['local_value'],0,false);
393 /* max_execution_time */
394 if($max_execution_time['local_value'] < 30 ){
395 $max_execution_time['local_value']=false;
396 }
397 $msg.= check ( $faults, _("php.ini check -> max_execution_time"),
398 _("The Execution time should be at least 30 seconds, because some actions may consume more time."),
399 $max_execution_time['local_value'],0,false);
401 /* memory_limit */
402 if($memory_limit['local_value'] < 16 ){
403 $memory_limit['local_value']=false;
404 }
405 $msg.= check ( $faults, _("php.ini check -> memory_limit"),
406 _("GOsa needs at least 16MB of memory, less will cause unpredictable errors! Increase it for larger setups."),
407 !$implicit_flush['local_value'],0,false);
409 /* expose_php */
410 $msg.= check ( $faults, _("php.ini check -> expose_php"),
411 _("Increase the server security by setting expose_php to 'off'. PHP won't send any Information about the server you are running in this case."),
412 !$implicit_flush['local_value'],0,false);
414 /* magic_quotes_gpc */
415 $msg.= check ( $faults, _("php.ini check -> magic_quotes_gpc"),
416 _("Increase your server security by setting magic_quotes_gpc to 'on'. PHP will escape all quotes in strings in this case."),
417 $magic_quotes_gpc['local_value'],0,false);
419 return $msg;
420 }
423 function parse_contrib_conf()
424 {
426 $str = "";
427 $used_samba_version = 0;
428 $query = "";
429 $fp = false;
430 $output = "";
431 $needridbase_sid = false;
432 $pwdhash = "";
433 $replacements = array();
434 $ldapconf = $_SESSION['ldapconf']; // The Installation information
435 $classes = $_SESSION['classes']; // Class information needed to define which features are enabled
436 $possible_plugins = array();
438 /* Which samba version do we use? */
439 if(isset($classes['samba3'])){
440 $used_samba_version = 2;
441 } else {
442 $used_samba_version = 3;
443 }
445 /* Look for samba password generation method */
446 if(file_exists("/usr/lib/gosa/mkntpasswd")){
447 $pwdhash = "/usr/lib/gosa/mkntpasswd";
448 } elseif (preg_match("/^Usage: mkntpwd /", shell_exec ("mkntpwd 2>&1"))){
449 $pwdhash= "mkntpwd";
450 } else {
451 $pwdhash=('perl -MCrypt::SmbHash -e "ntlmgen \"\$ARGV[0]\", \$lm, \$nt; print \"\${lm}:\${nt}\n\";" $1');
452 }
454 /* Define which variables will be replaced */
455 $replacements['{LOCATIONNAME}'] = $ldapconf['location'];
456 $replacements['{SAMBAVERSION}'] = $used_samba_version;
457 $replacements['{LDAPBASE}'] = $ldapconf['base'];
458 $replacements['{LDAPADMIN}'] = $ldapconf['admin'];
459 $replacements['{DNMODE}'] = $ldapconf['peopledn'];
460 $replacements['{LDAPHOST}'] = $ldapconf['uri'];
461 $replacements['{PASSWORD}'] = $ldapconf['password'];
462 $replacements['{CRYPT}'] = $ldapconf['arr_cryptkeys'][$ldapconf['arr_crypts']];
463 $replacements['{SID}'] = "";
464 $replacements['{RIDBASE}'] = "";
465 if($ldapconf['mail'] != "disabled"){
466 $replacements['{MAILMETHOD}'] = $ldapconf['mail_methods'][$ldapconf['mail']];
467 }
468 $replacements['{SMBHASH}'] = $pwdhash;
469 $replacements['{GOVERNMENTMODE}']= "false";
470 $replacements['{kolabAccount}'] = "";
471 $replacements['{servKolab}'] = "";
473 /* This array contains all preg_replace syntax to delete all unused plugins
474 THE kEY MUST BE THE CLASSNAME so we can check it with $ldapconf['classes'] */
476 $possible_plugins['fonreport'][] = "'\n.*<plugin.*fonreport+.*\n.*>.*\n'i";
477 $possible_plugins['phoneaccount'][]= "'\n.*<tab.*phoneAccount.*>.*\n'i";
478 $possible_plugins['logview'][] = "'\n.*<plugin.*logview+.*\n.*>.*\n'i";
479 $possible_plugins['pureftp'][] = "'\n.*<tab.*pureftp.*>.*\n'i";
480 $possible_plugins['webdav'][] = "'\n.*<tab.*webdav.*>.*\n'i";
481 $possible_plugins['phpgroupware'][]= "'\n.*<tab.*phpgroupware.*>.*\n'i";
483 /*Header information
484 Needed to send the generated gosa.conf to the browser */
485 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
486 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
487 header("Cache-Control: no-cache");
488 header("Pragma: no-cache");
489 header("Cache-Control: post-check=0, pre-check=0");
490 header("Content-type: text/plain");
492 if (preg_match('/MSIE 5.5/', $_SERVER['HTTP_USER_AGENT']) ||
493 preg_match('/MSIE 6.0/', $_SERVER['HTTP_USER_AGENT'])){
494 header('Content-Disposition: filename="gosa.conf"');
495 } else {
496 header('Content-Disposition: attachment; filename="gosa.conf"');
497 }
499 if(!$fp=fopen(CONFIG_TEMPLATE_DIR."/gosa.conf","r")) {
500 echo "Can't open file ".CONFIG_TEMPLATE_DIR."/gosa.conf";
501 } else {
502 while(!feof($fp)) {
503 $str.= fread($fp,512);
504 }
506 if($ldapconf['mail_methods'][$ldapconf['mail']]=="kolab") {
507 $replacements['{kolabAccount}'] ="<tab class=\"kolabAccount\" />\n ";
508 $replacements['{servKolab}'] ="<tab class=\"servkolab\" name=\"Kolab\" />";
509 }
511 if($used_samba_version == 2) {
512 /* Do nothing for samba 2... */
513 } else {
514 /* Create LDAP connection, to check if there's a domain
515 object defined in the LDAP schema */
516 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
518 /* Try to find a Samba Domain Objekt */
519 $ldap->search("(objectClass=sambaDomain)");
521 /* Something found ??? so we need to define ridbase an SID by ourselfs */
522 if($ldap->count()< 1) {
523 $replacements['{SID}']= "sid=\"123412-11\"";
524 $replacements['{RIDBASE}']= "ridbase=\"1000\"";
525 }
526 }
528 /* Data readed, types replaced, samba version detected and checked if
529 we need to add SID and RIDBASE. Check if there is an ivbbEntry in
530 the LDAP tree, in this case we will set the governmentmode to true.
531 Create LDAP connection, to check if theres a domain Objekt definen
532 in the LDAP schema. */
533 if(!isset($ldap)){
534 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
535 }
537 /* Try to find a Samba Domain Objekt */
538 $ldap->search("(objectClass=ivbbEntry)");
540 /* Something found ??? so we need to define ridbase an SID by ourselfs */
541 if($ldap->count()> 0) {
542 $replacements['{GOVERNMENTMODE}']= "true";
543 }
545 /* Replace all colleted information with placeholder */
546 foreach($replacements as $key => $val) {
547 $str = preg_replace("/".$key."/",$val,$str);
548 }
550 if($ldapconf['mail'] == "disabled"){
551 $str = str_replace("mailMethod=\"{MAILMETHOD}\"","",$str);
552 }
555 /* Remove all unused plugins */
556 foreach($possible_plugins as $key=> $plugin) {
557 foreach($plugin as $key=>$val) {
558 if(in_array($plugin,$classes)) {
559 $str = preg_replace($val,"\n",$str);
560 }
561 }
562 }
563 }
565 return ((($str)));
566 }
569 /* Show setup_page 1 */
570 function show_setup_page1($withoutput = true)
571 {
572 $smarty = get_smarty();
573 $smarty->assign ("content", get_template_path('setup_introduction.tpl'));
574 $smarty->assign ("tests", perform_php_checks($faults));
576 /* This var is true if anything went wrong */
577 if ($faults){
578 $smarty->assign("mode", "disabled");
579 }
581 /* This line displays the template only if (withoutput is set) */
582 if($withoutput){
583 $smarty->display (get_template_path('headers.tpl'));
584 }
586 if (isset($_SESSION['errors'])){
587 $smarty->assign("errors", $_SESSION['errors']);
588 }
590 if($withoutput){
591 $smarty->display (get_template_path('setup.tpl'));
592 }
594 return (!$faults);
595 }
598 /* Show setup_page 2 */
599 function show_setup_page2($withoutput = true)
600 {
601 $smarty = get_smarty();
602 $smarty->assign ("content", get_template_path('setup_step2.tpl'));
603 $smarty->assign ("tests", perform_additional_checks($faults));
605 if ($faults) {
606 $smarty->assign("mode", "disabled");
607 }
608 if($withoutput){
609 $smarty->display (get_template_path('headers.tpl'));
610 }
611 if (isset($_SESSION['errors'])) {
612 $smarty->assign("errors", $_SESSION['errors']);
613 }
614 if($withoutput){
615 $smarty->display (get_template_path('setup.tpl'));
616 }
618 return (!$faults);
619 }
622 function show_setup_page3($withoutput = true)
623 {
624 $smarty = get_smarty();
626 /* Take the Post oder the Sessioin saved data */
627 if(isset($_POST['uri'])){
628 $uri = $_POST['uri'];
629 } elseif(isset($_SESSION['ldapconf']['uri'])){
630 $uri = $_SESSION['ldapconf']['uri'];
631 }
633 /* If Page called first time, field is empty */
634 if((!isset($uri))||(empty($uri))){
635 $uri = "ldap://localhost:389";
636 }
638 /* if isset $uri save it to session */
639 if(isset($uri)) {
640 $_SESSION['ldapconf']['uri'] = $uri;
641 $smarty->assign ("uri", validate($uri));
642 }
644 /* No error till now */
645 $fault = false;
647 /* If we pushed the Button continue */
648 if(isset($_POST['continue3'])){
649 if(!isset($uri)) {
650 $fault = true;
652 /* Output the Error */
653 if($withoutput) {
654 print_red (_("You've to specify an ldap server before continuing!"));
655 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
656 }
657 }
658 } elseif (!$ds = @ldap_connect (validate($uri))) {
659 $fault =true;
661 /* Output the Error */
662 if($withoutput) {
663 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
664 $smarty->assign ("uri", validate($uri));
665 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
666 }
667 } else {
668 /* Try to bind the connection */
669 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
671 /* if we can't bind , print error */
672 if (!$r = @ldap_bind ($ds)) {
673 $fault = true;
675 /* Output the Error */
676 if($withoutput) {
677 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
678 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
679 $smarty->assign ("uri", validate($uri));
680 }
681 } else {
682 $fault = false;
683 }
684 }
686 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
688 /* Load Header */
689 if($withoutput){
690 $smarty->display (get_template_path('headers.tpl'));
691 }
693 /* Set Errors to Smarty */
694 if (isset($_SESSION['errors'])) {
695 $smarty->assign("errors", $_SESSION['errors']);
696 }
698 /* Print out Template */
699 if($withoutput){
700 $smarty->display (get_template_path('setup.tpl'));
701 }
703 return (!$fault);
704 }
707 function show_setup_page4($withoutput = true)
708 {
709 $smarty= get_smarty();
711 if(!isset($_SESSION['ldapconf']['base'])){
712 $_SESSION['ldapconf']['base']= $base;
713 }
715 if(!isset($_SESSION['ldapconf']['base'])){
716 $_SESSION['ldapconf']['base']= $base;
717 }
718 require_once("class_password-methods.inc");
720 $fault = false;
721 $uri = $_SESSION['ldapconf']['uri'];
722 $ldapconf = $_SESSION['ldapconf'];
723 $arr_crypts= array();
724 $temp = "";
725 $checkvars = array("location", "admin", "password", "peopleou", "base",
726 "peopledn", "arr_crypts", "mail", "uidbase");
728 if(!isset($_SESSION['ldapconf']['arr_cryptkeys'])) {
729 require_once("class_password-methods.inc");
730 $tmp= passwordMethod::get_available_methods_if_not_loaded();
731 $_SESSION['ldapconf']['arr_cryptkeys']= $tmp['name'];
732 }
734 if(!isset($_SESSION['ldapconf']['mail_methods'])) {
735 $_SESSION['ldapconf']['mail_methods']=array();
736 $temp = get_available_mail_classes();
737 $_SESSION['ldapconf']['mail_methods']= $temp['name'];
738 }
740 /* If there are some empty vars in ldapconnect -
741 these values also represent out default values */
742 if(!$ds = @ldap_connect (validate($uri))){
743 $fault = true;
744 if($withoutput){
745 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
746 }
747 } elseif(!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)){
748 $fault = true;
749 if($withoutput){
750 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
751 }
752 } elseif(!$r= @ldap_bind ($ds)){
753 $fault = true;
754 if($withoutput){
755 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
756 }
757 } else {
758 $sr= @ldap_search ($ds, "", "objectClass=*", array("namingContexts"));
759 $attr= @ldap_get_entries($ds,$sr);
761 if((empty($attr))) {
762 $base= "dc=example,dc=net";
764 if($withoutput){
765 print_red(_("Bind to server successful, but the server seems to be completly empty, please check all informations twice"));
766 }
768 } else {
769 $base= $attr[0]['dn'];
770 }
771 }
773 if(!isset($_SESSION['ldapconf']['base'])){
774 $_SESSION['ldapconf']['base']= $base;
775 }
776 if(!isset($_SESSION['ldapconf']['admin'])){
777 $_SESSION['ldapconf']['admin']= "cn=ldapadmin,".$base;
778 }
779 if(!isset($_SESSION['ldapconf']['peopleou'])){
780 $_SESSION['ldapconf']['peopleou']= "ou=people";
781 }
782 if(!isset($_SESSION['ldapconf']['groupou'])){
783 $_SESSION['ldapconf']['groupou']= "ou=groups";
784 }
785 if(!isset($_SESSION['ldapconf']['peopledn'])){
786 $_SESSION['ldapconf']['peopledn']= "cn";
787 }
788 if(!isset($_SESSION['ldapconf']['password'])){
789 $_SESSION['ldapconf']['password']= "";
790 }
791 if(!isset($_SESSION['ldapconf']['location'])){
792 $_SESSION['ldapconf']['location']= "Example";
793 }
794 if(!isset($_SESSION['ldapconf']['uidbase'])){
795 $_SESSION['ldapconf']['uidbase']= "1000";
796 }
797 if(!isset($_SESSION['ldapconf']['mail'])){
798 $_SESSION['ldapconf']['mail']= 0;
799 }
800 $tmp= array_flip($_SESSION['ldapconf']['arr_cryptkeys']);
801 if(!isset($_SESSION['ldapconf']['arr_crypts'])){
802 $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5'];
803 }
805 /* check POST data */
806 if(isset($_POST['check'])) {
808 /* Check if all needed vars are submitted */
809 foreach($checkvars as $key) {
810 if($key == "peopleou"){
811 continue;
812 }
813 if($key == "groupou"){
814 continue;
815 }
817 if((isset($_POST[$key]))&&($_POST[$key]!="")) {
818 $_SESSION['ldapconf'][$key] = $_POST[$key];
819 } else {
820 if($withoutput) {
821 print_red(sprintf(_("You're missing the required attribute '%s' from this formular. Please complete!"), $key));
822 }
823 $fault = true;
824 }
825 }
826 }
828 /* Transfer base */
829 if(isset($_POST['base'])){
830 $_SESSION['ldapconf']['base']= $_POST['base'];
831 }
833 $smarty->assign("arr_cryptkeys",$_SESSION['ldapconf']['arr_cryptkeys']);
834 $smarty->assign("mail_methods", $_SESSION['ldapconf']['mail_methods']);
836 foreach($_SESSION['ldapconf'] as $key => $val) {
837 $smarty->assign($key,$val);
838 }
840 if(isset($_POST['check'])) {
841 $ldap= new LDAP($_SESSION['ldapconf']['admin'],
842 $_SESSION['ldapconf']['password'],
843 $_SESSION['ldapconf']['uri']);
845 $m= schema_check($_SESSION['ldapconf']['uri'],
846 $_SESSION['ldapconf']['admin'],
847 $_SESSION['ldapconf']['password']);
848 $_SESSION['classes']= $m;
850 if(!is_schema_readable($ldapconf['uri'],$ldapconf['admin'],$ldapconf['password'])){
851 if($withoutput){
852 print_red(_("Can't read schema informations, GOsa needs to know your schema setup. Pleasy verify taht it is readable for GOsa"));
853 }
854 $fault=true;
855 }
859 if ($ldap->error != "Success") {
860 if($withoutput) {
861 print_red(sprintf(_("Can't log into LDAP server. Reason was: %s."), $ldap->get_error()));
862 }
863 $fault = true;
864 }
865 }
867 /* Set smarty output */
868 $smarty->assign ("content", get_template_path('setup_step4.tpl'));
869 $smarty->assign ("peopledns", array("cn", "uid"));
870 if($withoutput){
871 $smarty->display (get_template_path('headers.tpl'));
872 }
873 if(isset($_SESSION['errors'])) {
874 $smarty->assign("errors", $_SESSION['errors']);
875 }
876 if($withoutput){
877 $smarty->display (get_template_path('setup.tpl'));
878 }
879 return (!$fault);
880 }
883 function show_setup_page5($withoutput=true)
884 {
885 /* Get ldapconf */
886 $ldapconf= $_SESSION['ldapconf'];
888 /* get smarty */
889 $smarty = get_smarty();
891 if(isset($_SESSION['classes'])){
892 $classes = $_SESSION['classes'];
893 }
895 $info= posix_getgrgid(posix_getgid());
896 $smarty->assign("webgroup", $info['name']);
897 $smarty->assign("path", CONFIG_DIR);
898 $message= "<table summary=\"\" class=\"check\">";
899 $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1);
901 if($withoutput) {
902 $smarty->assign ("schemas", view_schema_check($m));
903 $smarty->assign ("content", get_template_path('setup_finish.tpl'));
904 }
906 /* Output templates... */
907 if($withoutput){
908 $smarty->display (get_template_path('headers.tpl'));
909 }
910 if (isset($_SESSION['errors'])) {
911 $smarty->assign("errors", $_SESSION['errors']);
912 }
913 if($withoutput){
914 $smarty->display (get_template_path('setup.tpl'));
915 }
917 return(true);
918 }
921 function create_user_for_setup($withoutput=true)
922 {
923 global $samba;
925 $ldapconf = $_SESSION['ldapconf'];
926 $smarty = get_smarty();
928 $need_to_create_group = false;
929 $need_to_create_user = false;
931 $str_there="";
933 if(isset($_SESSION['classes'])){
934 $classes= $_SESSION['classes'];
935 }
937 /* Everything runns perfect ...
938 So we do a last test on this page
939 is there a user with ACLs :all which will be able to adminsitrate GOsa
940 We check that, if this user or group is missing we ask for creating them */
941 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
943 /*
944 Now we are testing for a group, with the rights :all
945 */
947 $ldap->cd($ldapconf['base']);
948 $ldap->search("(&(objectClass=gosaObject)(gosaSubtreeACL=:all))");
950 $group_cnt = $ldap->count();
951 $data = $ldap->fetch();
953 // $str_there = "Searching for Aminitrative users <br><br>";
955 /*
956 We need to create administrative user and group because theres no group found
957 */
958 if($group_cnt < 1) {
960 /*
961 Set var to create user
962 */
963 // $str_there = "no group found<br>";
965 $need_to_create_group = true;
966 $need_to_create_user = true;
969 /* Output error */
970 if(($withoutput)&&(!isset($_POST['new_admin']))){
971 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
972 }
973 } else {
975 // $str_there = "Group found <br>".$data['dn'];
977 $need_to_create_group = false;
979 $ldap->clearResult();
981 /* We found an Administrative Group, is there a user, too */
982 if(isset($data['memberUid'][0])) {
983 $str = "uid=".$data['memberUid']['0'];
984 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)(".$str."))");
985 $data2 = $ldap->fetch();
987 /* We must create a user */
988 if (($ldap->count() < 1)||(!isset($data2))) {
989 // $str_there.="Missing user";
991 $need_to_create_user = true;
993 if(($withoutput)&&(!isset($_POST['new_admin']))){
994 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
995 }
996 }else {
997 // $str_there.="<br>User found <br>".$data2['dn'];
998 $need_to_create_user = false;
999 }
1000 } else {
1001 $need_to_create_user=true;
1002 if(($withoutput)&&(!isset($_POST['new_admin']))){
1003 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1004 }
1005 // $str_there.="<br>No User found <br>";
1006 }
1007 }
1009 if(!($need_to_create_user&&$need_to_create_group))
1010 return(true);
1012 /* We need to create a new user with group */
1013 if(isset($_POST['new_admin']))
1014 {
1016 /* Adjust password attributes according to the samba version */
1017 if (isset($classes['samba3'])) {
1018 $samba= "2";
1019 $lmPassword = "lmPassword";
1020 $ntPassword = "ntPassword";
1021 } else {
1022 $samba= "3";
1023 $lmPassword = "sambaLMPassword";
1024 $ntPassword = "sambaNtPassword";
1025 }
1027 /* Nothing submitted */
1028 if(((empty($_POST['admin_name']))||(empty($_POST['admin_pass'])))) {
1029 return(true);
1030 }
1032 if($need_to_create_user) {
1033 /* We have the order to create an Admin */
1034 /* Define the user we are going to create */
1035 $dn= "cn=".$_POST['admin_name'].",".$ldapconf['peopleou'].",".$ldapconf['base'];
1036 $arr['objectClass'][0] ="person";
1037 $arr['objectClass'][1] ="organizationalPerson";
1038 $arr['objectClass'][2] ="inetOrgPerson";
1039 $arr['objectClass'][3] ="gosaAccount";
1040 $arr['uid'] = $_POST['admin_name'];
1041 $arr['cn'] = $_POST['admin_name'];
1042 $arr['sn'] = $_POST['admin_name'];
1043 $arr['givenName'] = "GOsa main administrator";
1044 $arr[$lmPassword] = "10974C6EFC0AEE1917306D272A9441BB";
1045 $arr[$ntPassword] = "38F3951141D0F71A039CFA9D1EC06378";
1046 $arr['userPassword'] = crypt_single($_POST['admin_pass'],"md5");
1049 if(!$ldap->dn_exists($dn)){
1050 $ldap->cd($dn);
1051 $ldap->create_missing_trees($dn);
1052 $ldap->cd($dn);
1053 $ldap->add($arr);
1054 if($ldap->error!="Success"){
1055 print_red($ldap->error);
1056 print_red("Can't create user, and / or Group, possibly this problem depends on an empty LDAP server. Check your configuration and try again!");
1057 }
1058 }
1059 }
1061 /* There's already a group for administrator, so we only need to add the user */
1062 if(!$need_to_create_group) {
1063 if(!isset($data['memberUid'])) {
1064 $arrr['memberUid']= $_POST['admin_name'];
1065 } else {
1066 $data['memberUid'][$data['memberUid']['count']]=$_POST['admin_name'];
1067 $arrr['memberUid'] = $data['memberUid'];
1068 unset($arrr['memberUid']['count']);
1070 $tmp = array_reverse($arrr['memberUid']);
1071 foreach($tmp as $tt){
1072 $tmp2[]=$tt;
1073 }
1074 $arrr['memberUid']= $tmp2;
1075 // $str_there="Group found<br>".$data['dn'];
1076 }
1078 $ldap->cd($data['dn']);
1079 $ldap->modify($arrr);
1081 } else {
1082 $dn = "cn=administrators,".$ldapconf['groupou'].",".$ldapconf['base'];
1083 $arrr['objectClass'][0]= "gosaObject";
1084 $arrr['objectClass'][1]= "posixGroup";
1085 $arrr['gosaSubtreeACL']= ":all";
1086 $arrr['cn'] = "administrators";
1087 $arrr['gidNumber'] = "999";
1088 $arrr['memberUid'] = $_POST['admin_name'];
1090 $ldap->cd($dn);
1091 $ldap->create_missing_trees($dn);
1092 $ldap->cd($dn);
1094 $ldap->add($arrr);
1095 }
1096 return(true);
1097 } else {
1099 if(!($create_user)) {
1100 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1101 $smarty->assign("exists",true);
1102 } else {
1103 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1104 $smarty->assign("exists",false);
1105 }
1107 }
1109 /* Smarty output */
1110 if($withoutput){
1111 $smarty->display (get_template_path('headers.tpl'));
1112 }
1113 if (isset($_SESSION['errors'])) {
1114 $smarty->assign("errors", $_SESSION['errors']);
1115 }
1116 $smarty->assign("str_there",$str_there);
1117 if($withoutput){
1118 $smarty->display (get_template_path('setup.tpl'));
1119 }
1120 return(false);
1121 }
1124 /* Returns the classnames auf the mail classes */
1125 function get_available_mail_classes()
1126 {
1127 $dir = opendir( "../include");
1128 $methods = array();
1129 $suffix = "class_mail-methods-";
1130 $lensuf = strlen($suffix);
1131 $prefix = ".inc";
1132 $lenpre = strlen($prefix);
1134 $i = 0;
1135 while (($file = readdir($dir)) !== false){
1137 if(stristr($file,$suffix)) {
1138 $lenfile = strlen($file);
1139 $methods['name'][$i] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1140 $methods['file'][$i] = $file;
1141 $methods[$i]['file'] = $file;
1142 $methods[$i]['name'] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1143 $i++;
1144 }
1146 }
1148 return($methods);
1149 }
1151 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1152 ?>