1 <?php
3 function check_schema_version($description, $version)
4 {
5 $desc= preg_replace("/^.* DESC\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $description);
7 return preg_match("/\(v$version\)/", $desc);
8 }
10 function view_schema_check($table)
11 {
12 $message="<table class=\"check\">";
13 foreach ($table as $key => $values){
14 $msg = $values['msg'];
15 $message.= "<tr><td class=\"check\">$msg";
16 if($values['status']) {
17 $message.="</td><td style='text-align:center' >
18 <img src=images/true.png alt='true' /></td></tr>";
19 }
20 else
21 {
22 $message.="</td><td style='text-align:center' >
23 <img src=images/button_cancel.png alt='false' /></td></tr>";}
24 }
25 $message.="</table>";
26 return $message;
27 }
29 function schema_check($server, $admin, $password,$aff=0)
30 {
31 global $config;
34 $messages= array();
35 $required_classes= array(
36 "gosaObject" => array("version" => "2.4"),
37 "gosaAccount" => array("version" => "2.4"),
38 "gosaLockEntry" => array("version" => "2.4"),
39 "gosaCacheEntry" => array("version" => "2.4"),
40 "gosaDepartment" => array("version" => "2.4"),
42 "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
43 "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
44 "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
46 "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"),
47 "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"),
48 "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
49 "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
50 "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
52 "GOhard" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
53 "gotoTerminal" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
54 "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"),
55 "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
56 "goNfsServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
57 "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
58 "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
59 "goLdapServer" => array("version" => "2.4"),
60 "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),),
61 "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3.schema"),
62 "goKrbServer" => array("version" => "2.4"),
63 "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"),
65 );
67 /* Build LDAP connection */
68 $ds= ldap_connect ($server);
69 if (!$ds) {
70 return (array(array("msg" => _("Can't bind to LDAP. No schema check possible!"), "status" => FALSE)));
71 }
72 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
73 $r= ldap_bind ($ds, $admin, $password);
75 /* Get base to look for schema */
76 $sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
77 $attr= @ldap_get_entries($ds,$sr);
78 if (!isset($attr[0]['subschemasubentry'][0])){
79 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
80 }
82 /* Get list of objectclasses */
83 $nb= $attr[0]['subschemasubentry'][0];
84 $objectclasses= array();
85 $sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
86 $attrs= ldap_get_entries($ds,$sr);
87 if (!isset($attrs[0])){
88 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
89 }
90 foreach ($attrs[0]['objectclasses'] as $val){
91 $name= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
92 if ($name != $val){
93 $objectclasses[$name]= $val;
94 }
95 }
96 /* Walk through objectclasses and check if they are needed or not */
97 foreach ($required_classes as $key => $value){
98 if (isset($value['class'])){
99 if (!is_array($value['class'])){
100 $classes= array($value['class']);
101 } else {
102 $classes= $value['class'];
103 }
105 /* Check if we are using the class that requires */
106 foreach($classes as $class){
107 if (!isset($objectclasses[$key])){
108 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' is not present in LDAP setup"), $key, $class);
109 $messages[$key]['status'] = FALSE;
110 } else {
111 if (!check_schema_version($objectclasses[$key], $value['version'])){
112 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' does not have version %s"), $key, $class, $value['version']);
113 $messages[$key]['status'] =FALSE;
114 }else {
115 if(!isset($affich2[$class])){
116 $affich2[$class]['msg'] = sprintf(_("Support for '%s' enabled"), $class)."<td class=\"check\"> ".$value['file']."</td>";
117 $affich2[$class]['status']= TRUE;
118 }
119 }
120 }
122 }
123 } else {
124 /* Required class */
125 if (!isset($objectclasses[$key])){
126 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' is not present in LDAP setup"), $key);
127 $messages[$key]['status'] = FALSE;
128 } else {
129 if (!check_schema_version($objectclasses[$key], $value['version'])){
130 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' does not have version %s"), $key, $value['version']);
131 $messages[$key]['status'] = FALSE;
132 }
133 }
134 }
135 }
137 /* Check for correct samba parameters */
138 if (!isset($objectclasses['sambaSamAccount'])){
139 $messages['samba3']['msg'] = _("SAMBA 3 support disabled, no schema seems to be installed");
140 $affich['samba3']['msg'] = $messages['samba3']['msg']."<td class=\"check\">gosa+samba3.schema</td>";
141 $messages['samba3']['status'] = FALSE;
142 $affich['samba3']['status'] = FALSE;
143 }else{
144 $affich['samba3']['msg'] = _("SAMBA 3 support enabled")."<td class=\"check\">gosa+samba3.schema</td>";
145 $affich['samba3']['status'] = TRUE;
146 }
148 if (!isset($objectclasses['sambaAccount'])){
149 $messages['samba2']['msg'] = _("SAMBA 2 support disabled, no schema seems to be installed");
150 $affich['samba2']['msg'] = $messages['samba2']['msg']."<td class=\"check\">samba.schema</td>";
151 $messages['samba2']['status'] = FALSE;
152 $affich['samba2']['status'] = FALSE;
153 }else{
154 $affich['samba2']['msg'] = _("SAMBA 2 support enabled")."<td class=\"check\">samba.schema</td>";
155 $affich['samba2']['status'] = TRUE;
156 }
158 /* Check pureftp/dns/ */
159 if (!isset($objectclasses['PureFTPdUser'])){
160 $messages['pureftp']['msg'] = _("Support for pureftp disabled, no schema seems to be installed");
161 $affich['pureftp']['msg'] = $messages['pureftp']['msg']."<td class=\"check\">pureftpd.schema</td>";
162 $messages['pureftp']['status'] = FALSE;
163 $affich['pureftp']['status'] = FALSE;
164 }else{
165 $affich['pureftp']['msg'] = _("Support for pureftp enabled")."<td class=\"check\">pureftpd.schema</td>";
166 $affich['pureftp']['status'] = TRUE;
167 }
169 if (!isset($objectclasses['gosaWebdavAccount'])){
170 $messages['webdav']['msg'] = _("Support for WebDAV disabled, no schema seems to be installed");
171 $affich['webdav']['msg'] = $messages['webdav']['msg']."<td class=\"check\"></td>";
172 $messages['webdav']['status'] = FALSE;
173 $affich['webdav']['status'] = FALSE;
174 }else{
175 $affich['webdav']['msg']=_("Support for WebDAV enabled")."<td class=\"check\">gosa+samba3.schema</td>";
176 $affich['webdav']['status'] = TRUE;
177 }
179 if (!isset($objectclasses['phpgwAccount'])){
180 $messages['phpgroupware']['msg'] = _("Support for phpgroupware disabled, no schema seems to be installed");
181 $affich['phpgroupware']['msg']=$messages['phpgroupware']['msg']."<td class=\"check\">phpgwaccount.schema</td>";
182 $messages['phpgroupware']['status'] = FALSE;
183 $affich['phpgroupware']['status'] = FALSE;
184 }else{
185 $affich['phpgroupware']['msg'] = _("Support for phpgroupware enabled")."<td class=\"check\">phpgwaccount.schema</td>";
186 $affich['phpgroupware']['status'] = TRUE;
187 }
189 if (!isset($objectclasses['goFonAccount'])){
190 $messages['phoneaccount']['msg'] = _("Support for gofon disabled, no schema seems to be installed");
191 $affich['phoneaccount']['msg'] = $messages['phoneaccount']['msg']."<td class=\"check\">gofon.schema</td>";
192 $messages['phoneaccount']['status'] = FALSE;
193 $affich['phoneaccount']['status'] = FALSE;
194 }else{
195 $affich['phoneaccount']['msg'] = _("Support for gofon enabled")."<td class=\"check\">gofon.schema</td>";
196 $affich['phoneaccount']['status'] = true;
197 }
200 if(($_SESSION['ldapconf']['mail_methods'][$_SESSION['ldapconf']['mail']] == "kolab")){
201 if(!isset($objectclasses['kolabInetOrgPerson']))
202 {
203 $messages['kolab']['msg'] = _("Support for Kolab disabled, no schema seems to be installed, setting mail-method to cyrus");
204 $affich['kolab']['msg'] =$messages['kolab']['msg']."<td class=\"check\">kolab2.schema</td>";
206 $tmp = array_flip($_SESSION['ldapconf']['mail_methods']);
207 $_SESSION['ldapconf']['mail'] =$tmp['cyrus'];
209 $messages['kolab']['status'] = FALSE;
210 $affich['kolab']['status'] = FALSE;
211 }else{
212 $affich['kolab']['msg'] =_("Support for Kolab enabled")."<td class=\"check\">gofon.schema</td>";
213 $affich['kolab']['status'] = TRUE;
214 }
215 }
216 if($aff==0)return ($messages);
217 else return(array_merge($affich,$affich2));
220 }
224 function check(&$faults, $message, $description, $test, $required= TRUE)
225 {
226 $msg= "<table class='check'><tr><td class='check' style='font-size:14px;'>$message</td>
227 <td rowspan=2 style='vertical-align:middle; text-align:center;width:45px;'>";
228 if ($test){
229 $msg.= _("OK")."<br>";
230 } else {
231 if (!$required){
232 $msg.="<font color=red>"._("Ignored")."</font><br>";
233 } else {
234 $msg.="<font color=red>"._("Failed")."</font><br>";
235 $faults++;
236 }
237 }
238 $msg.= "</td></tr><tr><td class='check' style='padding-left:20px;background-color:#F0F0F0;'>$description</td></tr></table><br>";
240 return $msg;
241 }
243 function perform_php_checks(&$faults)
244 {
245 global $check_globals;
247 $faults= 0;
248 $msg= "";
250 $msg.= "<h1>"._("PHP setup inspection")."</h1>";
251 $msg.= check ( $faults, _("Checking for PHP version (>=4.1.0)"),
252 _("PHP must be of version 4.1.0 or above for some functions and known bugs in PHP language."),
253 version_compare(phpversion(), "4.1.0")>=0);
255 $msg.= check ( $faults, _("Checking if register_globals is set to 'off'"),
256 _("register_globals is a PHP mechanism to register all global varibales to be accessible from scripts without changing the scope. This may be a security risk. GOsa will run in both modes."),
257 $check_globals == 0, FALSE);
259 $msg.= check ( $faults, _("Checking for ldap module"),
260 _("This is the main module used by GOsa and therefore really required."),
261 function_exists('ldap_bind'));
263 $msg.= check ( $faults, _("Checking for gettext support"),
264 _("Gettext support is required for internationalized GOsa."), function_exists('bindtextdomain'));
266 $msg.= check ( $faults, _("Checking for iconv support"),
267 _("This module is used by GOsa to convert samba munged dial informations and is therefore required."),
268 function_exists('iconv'));
270 $msg.= check ( $faults, _("Checking for mhash module"),
271 _("To use SSHA encryption, you'll need this module. If you are just using crypt or md5 encryption, ignore this message. GOsa will run without it."),
272 function_exists('mhash'), FALSE);
274 $msg.= check ( $faults, _("Checking for imap module"),
275 _("The IMAP module is needed to communicate with the IMAP server. It gets status informations, creates and deletes mail users."),
276 function_exists('imap_open'));
277 $msg.= check ( $faults, _("Checking for getacl in imap"),
278 _("The getacl support is needed for shared folder permissions. The standard IMAP module is not capable of reading acl's. You need a recend PHP version for this feature."),
279 function_exists('imap_getacl'), FALSE);
280 $msg.= check ( $faults, _("Checking for mysql module"),
281 _("MySQL support is needed for reading GOfax reports from databases."),
282 function_exists('mysql_query'), FALSE);
283 $msg.= check ( $faults, _("Checking for cups module"),
284 _("In order to read available printers from IPP protocol instead of printcap files, you've to install the CUPS module."),
285 function_exists('cups_get_dest_list'), FALSE);
286 $msg.= check ( $faults, _("Checking for kadm5 module"),
287 _("Managing users in kerberos requires the kadm5 module which is downloadable via PEAR network."),
288 function_exists('kadm5_init_with_password'), FALSE);
289 return ($msg);
290 }
293 function perform_additional_checks(&$faults)
294 {
295 # Programm check
296 $msg= "<h1>"._("Checking for some additional programms")."</h1>";
298 # Image Magick
299 $query= "LC_ALL=C LANG=C convert -help";
300 $output= shell_exec ($query);
301 if ($output != ""){
302 $lines= split ("\n", $output);
303 $version= preg_replace ("/^Version:[^I]+ImageMagick ([^\s]+).*/", "\\1", $lines[0]);
304 list($major, $minor)= split("\.", $version);
305 $msg.= check ( $faults, _("Checking for ImageMagick (>=5.4.0)"),
306 _("ImageMagick is used to convert user supplied images to fit the suggested size and the unified JPEG format."),
307 ($major > 5 || ($major == 5 && $minor >= 4)));
308 } else {
309 $msg.= check ( $faults, _("Checking imagick module for PHP"),
310 _("Imagick is used to convert user supplied images to fit the suggested size and the unified JPEG format from PHP script."), function_exists('imagick_blob2image'), TRUE);
311 }
313 # Check for fping
314 $query= "LC_ALL=C LANG=C fping -v 2>&1";
315 $output= shell_exec ($query);
316 $have_fping= preg_match("/^fping:/", $output);
317 $msg.= check ( $faults, _("Checking for fping utility"),
318 _("The fping utility is only used if you've got a thin client based terminal environment running."),
319 $have_fping, FALSE);
321 # Check for smb hash generation tool
322 $query= "mkntpwd 2>&1";
323 $output= shell_exec ($query);
324 $have_mkntpwd= preg_match("/^Usage: mkntpwd /", $output);
325 $alt = 0;
327 if (!$have_mkntpwd){
328 $query= "LC_ALL=C LANG=C perl -MCrypt::SmbHash -e 'ntlmgen \"PASSWD\", \$lm, \$nt; print \"\${lm}:\${nt}\\n\";' &>/dev/null";
329 system ($query, $ret);
330 $alt= ($ret == 0);
331 }
333 $msg.= check ( $faults, _("Checking for a way to generate LM/NT password hashes"),
334 _("In order to use SAMBA 2/3, you've to install some additional packages to generate password hashes."),
335 ($have_mkntpwd || $alt));
336 # checking for some PHP.ini Options
338 /* seesio.auto_start should be off, in order to without trouble*/
340 $arra = ini_get_all();
342 /* This array contains folling info now :
343 global_value 0
344 local_value 0
345 access 7
347 -->Access types
348 PHP_INI_USER 1 Entry can be set in user scripts
349 PHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.conf
350 PHP_INI_SYSTEM 4 Entry can be set in php.ini or httpd.conf
351 PHP_INI_ALL 7 Entry can be set anywhere
353 */
355 $session_auto_start = ($arra['session.auto_start']);
356 $implicit_flush = ($arra['implicit_flush']);
357 $max_execution_time = ($arra['max_execution_time']);
358 $memory_limit = ($arra['memory_limit']);
359 $expose_php = ($arra['expose_php']);
360 $magic_quotes_gpc = ($arra['magic_quotes_gpc']);
361 $register_globals = ($arra['register_globals']);
364 // auto_register
365 $msg.= check ( $faults, _("php.ini check -> session.auto_register"),
366 _("In Order to use GOsa without any trouble, the session.auto_register option in your php.ini must be set to 'Off'."), (!$session_auto_start['local_value']));
370 //implicit_flush
371 $msg.= check ( $faults, _("php.ini check -> implicit_flush"),
372 _("This option influences the Output handling. Turn this Option off, to increase performance."),
373 !$implicit_flush['local_value'],0,false);
375 //max_execution_time
376 if($max_execution_time['local_value'] < 30 ){
377 $max_execution_time['local_value']=false;
378 }
379 $msg.= check ( $faults, _("php.ini check -> max_execution_time"),
380 _("The Execution time should be at least 30 seconds, because some actions may consume more time."),
381 $max_execution_time['local_value'],0,false);
383 //memory_limit
384 if($memory_limit['local_value'] < 8 ){
385 $memory_limit['local_value']=false;
386 }
387 $msg.= check ( $faults, _("php.ini check -> memory_limit"),
388 _("GOsa needs at least 8MB of memory, less will cause unpredictable errors! An optimal setting would be 16MB, increase it for larger setups."),
389 !$implicit_flush['local_value'],0,false);
391 //expose_php
392 $msg.= check ( $faults, _("php.ini check -> expose_php"),
393 _("Increase the server security by setting expose_php to 'off'. PHP won't send any Information about the server you are running in this case."),
394 !$implicit_flush['local_value'],0,false);
396 //magic_quotes_gpc
397 $msg.= check ( $faults, _("php.ini check -> magic_quotes_gpc"),
398 _("Increase your server security by setting magic_quotes_gpc to 'on'. PHP will escape all quotes in strings in this case."),
399 $magic_quotes_gpc['local_value'],0,false);
401 return $msg;
402 }
406 //! Added by Hickert
407 //
408 // Parse /contrib/gosa.conf to set user defined values
409 //This function may create the ldap.conf
410 // Lets try
411 function parse_contrib_conf()
412 {
413 /* First gather all needed informations */
417 /* Variables */
418 $str = "";
419 $used_samba_version = 0;
420 $query = "";
421 $fp = false;
422 $output = "";
423 $needridbase_sid = false;
424 $pwdhash = "";
425 $replacements = array();
426 $ldapconf = $_SESSION['ldapconf']; // The Installation information
427 $classes = $_SESSION['classes']; // Class information needed to define which features are enabled
428 $possible_plugins = array();
430 if(isset($classes['samba3'])) // means Samba 3 is disabled
431 $used_samba_version = 2;
432 else
433 $used_samba_version = 3;
436 if(file_exists("/usr/lib/gosa/mkntpasswd")) {
437 $pwdhash = "/usr/lib/gosa/mkntpasswd";
438 }
439 elseif (preg_match("/^Usage: mkntpwd /", shell_exec ("mkntpwd 2>&1"))) {
440 $pwdhash= "mkntpwd";
441 } else {
443 $pwdhash=('perl -MCrypt::SmbHash -e "ntlmgen \"\$ARGV[0]\", \$lm, \$nt; print \"\${lm}:\${nt}\n\";" $1');
444 // $pwdhash= 'perl -MCrypt::SmbHash -e \"ntlmgen \\"\\$ARGV[0]\\", \\$lm, \\$nt; print \\"\\${lm}:\\${nt}\\\";\"';
445 }
448 // Define which variables will be replaced
449 $replacements['{LOCATIONNAME}'] = $ldapconf['location'];
450 $replacements['{SAMBAVERSION}'] = $used_samba_version;
451 $replacements['{LDAPBASE}'] = $ldapconf['base'];
452 $replacements['{LDAPADMIN}'] = $ldapconf['admin'];
453 $replacements['{DNMODE}'] = $ldapconf['peopledn'];
454 $replacements['{LDAPHOST}'] = $ldapconf['uri'];
455 $replacements['{PASSWORD}'] = $ldapconf['password'];
456 $replacements['{CRYPT}'] = $ldapconf['arr_cryptkeys'][$ldapconf['arr_crypts']];
457 $replacements['{SID}\n'] = "";
458 $replacements['{RIDBASE}\n'] = "";
459 $replacements['{MAILMETHOD}'] = $ldapconf['mail_methods'][$ldapconf['mail']];
460 $replacements['{SMBHASH}'] = $pwdhash;
461 $replacements['{GOVERNMENTMODE}'] = "false";
462 $replacements['{kolabAccount}'] = "";
463 $replacements['{servKolab}'] = "";
466 // This array contains all preg_replace syntax to delete all unused plugins
467 // THE kEY MUST BE THE CLASSNAME so we can check it with $ldapconf['classes']
469 $possible_plugins['fonreport'][] ="'\n.*<plugin.*fonreport+.*\n.*>.*\n'i";
470 $possible_plugins['phoneaccount'][] ="'\n.*<tab.*phoneAccount.*>.*\n'i";
472 $possible_plugins['logview'][] ="'\n.*<plugin.*logview+.*\n.*>.*\n'i";
474 $possible_plugins['pureftp'][] ="'\n.*<tab.*pureftp.*>.*\n'i";
476 $possible_plugins['webdav'][] ="'\n.*<tab.*webdav.*>.*\n'i";
478 $possible_plugins['phpgroupware'][] ="'\n.*<tab.*phpgroupware.*>.*\n'i";
481 // Header information
482 // Needed to send the generated gosa.conf to the browser
483 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
484 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
485 header("Cache-Control: no-cache");
486 header("Pragma: no-cache");
487 header("Cache-Control: post-check=0, pre-check=0");
488 header("Content-type: text/plain");
490 if (preg_match('/MSIE 5.5/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 6.0/', $_SERVER['HTTP_USER_AGENT']))
491 {
492 header('Content-Disposition: filename="gosa.conf"');
493 } else {
494 header('Content-Disposition: attachment; filename="gosa.conf"');
495 }
498 if(!$fp=fopen(CONFIG_TEMPLATE_DIR."/gosa.conf","r"))
499 {
500 echo "Can't open file ".CONFIG_TEMPLATE_DIR."/gosa.conf";
501 // Don't write anything else
502 }
503 else
504 {
505 // Read out Data .....
506 while(!feof($fp))
507 {
508 $str.= fread($fp,512);
509 }
513 if($ldapconf['mail_methods'][$ldapconf['mail']]=="kolab")
514 {
515 $replacements['{kolabAccount}'] ="<tab class=\"kolabAccount\" />\n ";
516 $replacements['{servKolab}'] ="<tab class=\"servkolab\" name=\"Kolab\" />";
517 }
523 // Lets check which samba version we will use
525 // in case of samba 2 we don't need to add additional objets in gosa.conf
526 // in case of samba 3 we musst detect if theres an objectType = SambaObjekt defined
527 // if theres is one, then do nothing, because the setup will detect the the SID themself
528 // if theres none defined add SID and RIDBASE to gosa.conf
531 if($used_samba_version == 2)
532 {
533 // Do nothing ...
534 }
535 else
536 {
537 // Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
538 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
541 // Try to find a Samba Domain Objekt
542 $ldap->search("(objectClass=sambaDomain)");
544 // Something found ??? so we need to define ridbase an SID by ourselfs
545 if($ldap->count()< 1)
546 {
547 $replacements['{SID}'] = "sid=\"123412-11\"";
548 $replacements['{RIDBASE}'] = "ridbase=\"1000\"";
549 }
550 }// else --> $used_samba_version == 2
552 // Data readed, types replaced, samba version detected and checked if we need to add SID and RIDBASE
555 // Check if there is an ivbbEntry in the LDAP tree, in this case we will set the governmentmode to true
556 // Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
558 if(!isset($ldap))
559 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
562 // Try to find a Samba Domain Objekt
563 $ldap->search("(objectClass=ivbbEntry)");
565 // Something found ??? so we need to define ridbase an SID by ourselfs
566 if($ldap->count()> 0)
567 {
568 $replacements['{GOVERNMENTMODE}'] = "true";
569 }
572 // Replace all colleted information with placeholder
573 foreach($replacements as $key => $val)
574 {
575 $str = preg_replace("/".$key."/",$val,$str);
576 // $str = ereg_replace($key,$val,$str);
577 }
579 // Remove all unused plugins
580 foreach($possible_plugins as $plugin)
581 {
582 foreach($plugin as $key=>$val)
583 {
584 if(in_array($plugin,$classes))
585 {
586 $str = preg_replace($val,"\n",$str);
587 }
588 }
589 }
592 }// else --> !$fp=fopen("../contrib/gosa.conf","r")
594 return ((($str)));
595 }
598 // This ist the first page shown in setup
599 // This page test some packages, like php version, ldap_module aso
600 // The funtion don't save anything, it tests only, when withoutput = false
601 // (called from setup.php);
602 function show_setup_page1($withoutput = true)
603 {
604 $smarty = get_smarty();
606 $smarty->assign ("content", get_template_path('setup_introduction.tpl'));
607 $smarty->assign ("tests", perform_php_checks($faults));
611 // This var is true if there is anything went wrong
612 if ($faults)
613 {
614 $smarty->assign("mode", "disabled");
615 }
617 // This line displays the template only if (withoutput is set)
618 if($withoutput)
619 $smarty->display (get_template_path('headers.tpl'));
621 if (isset($_SESSION['errors']))
622 {
623 $smarty->assign("errors", $_SESSION['errors']);
624 }
626 if($withoutput)
627 $smarty->display (get_template_path('setup.tpl'));
629 return (!$faults);
630 }
638 /* Shows Setup_page 2*/
639 function show_setup_page2($withoutput = true)
640 {
641 $smarty = get_smarty();
643 $smarty->assign ("content", get_template_path('setup_step2.tpl'));
644 $smarty->assign ("tests", perform_additional_checks($faults));
646 if ($faults) {
647 $smarty->assign("mode", "disabled");
648 }
649 if($withoutput){
650 $smarty->display (get_template_path('headers.tpl'));
651 }
653 if (isset($_SESSION['errors'])) {
654 $smarty->assign("errors", $_SESSION['errors']);
655 }
656 if($withoutput){
657 $smarty->display (get_template_path('setup.tpl'));
658 }
659 return (!$faults);
660 }
663 /* Setup page 3 asks for the server address
664 "Now we're going to include your LDAP server and create an initial configuration"*/
665 function show_setup_page3($withoutput = true)
666 {
668 // Take the Post oder the Sessioin saved data
669 if(isset($_POST['uri']))
670 $uri = $_POST['uri'];
671 elseif(isset($_SESSION['ldapconf']['uri']))
672 $uri = $_SESSION['ldapconf']['uri'];
674 // If Page called first time, field is empty
675 if((!isset($uri))||(empty($uri)))
676 $uri = "ldap://localhost:389";
679 $smarty = get_smarty();
681 // if isset $uri save it to session
682 if(isset($uri))
683 {
684 $_SESSION['ldapconf']['uri'] = $uri;
685 $smarty->assign ("uri", validate($uri));
686 }
689 // No error till now
690 $fault = false;
693 // If we pushed the Button continue
694 if(isset($_POST['continue3']))
695 if(!isset($uri))
696 {
697 $fault = true;
698 // Output the Error
699 if($withoutput)
700 {
701 print_red (_("You've to specify an ldap server before continuing!"));
702 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
703 }
704 }
705 elseif (!$ds = @ldap_connect (validate($uri)))
706 {
707 $fault =true;
708 // Output the Error
709 if($withoutput)
710 {
711 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
712 $smarty->assign ("uri", validate($uri));
713 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
714 }
715 }
716 else
717 {
718 // Try to bind the connection
719 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
721 // if we can't bind , print error
722 if (!$r = @ldap_bind ($ds))
723 {
724 $fault = true;
725 // Output the Error
726 if($withoutput)
727 {
728 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
729 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
730 $smarty->assign ("uri", validate($uri));
731 }
732 }
733 else
734 {
735 $fault = false;
736 }
737 }
740 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
743 // Load Header
744 if($withoutput)
745 $smarty->display (get_template_path('headers.tpl'));
747 // Set Errors to Smarty
748 if (isset($_SESSION['errors']))
749 {
750 $smarty->assign("errors", $_SESSION['errors']);
751 }
753 // Print out Template
754 if($withoutput)
755 $smarty->display (get_template_path('setup.tpl'));
759 return (!$fault);
760 }
764 // Setup page 4
765 // This page asked for detailed info, like base dn or admin user
766 // if evrything is ok , but there's a missing user with ACL :all we show a a user creation page before we show page 5
767 function show_setup_page4($withoutput = true)
768 {
772 if(!isset($_SESSION['ldapconf']['base'])) $_SESSION['ldapconf']['base'] = $base;
774 if(!isset($_SESSION['ldapconf']['base'])) $_SESSION['ldapconf']['base'] = $base;
775 require_once("class_password-methods.inc");
777 error_reporting(E_ALL);
782 $fault = false; // If an error occures we set this var to true
783 $smarty = get_smarty(); // Our smarty instance
784 $uri = $_SESSION['ldapconf']['uri']; // This is the the connect path to the ldapserver like ldap://lo..
785 $ldapconf = $_SESSION['ldapconf']; // The ldap Configuration informations, we collected while setup
786 $arr_crypts = array(); // array which includes contains all possible password crypting methods
787 $temp = ""; // Temp
788 $checkvars = array("location","admin","password","peopleou","peopledn","arr_crypts","mail","uidbase","base");
791 if(!isset($_SESSION['ldapconf']['arr_cryptkeys']))
792 {
793 require_once("class_password-methods.inc");
794 $tmp = passwordMethod::get_available_methods_if_not_loaded();
795 $_SESSION['ldapconf']['arr_cryptkeys']= $tmp['name'];
796 }
800 if(!isset($_SESSION['ldapconf']['mail_methods']))
801 {
802 $_SESSION['ldapconf']['mail_methods']=array();
803 $temp = get_available_mail_classes();
804 $_SESSION['ldapconf']['mail_methods']= $temp['name'];
805 }
810 // If there are some empty vars in ldapconnect
811 // This values also represent out default values
813 # first try to get $base
814 if(!$ds = @ldap_connect (validate($uri)))
815 {
816 $fault = true;
817 if($withoutput)
818 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
819 }
820 elseif(!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
821 {
822 $fault = true;
823 if($withoutput)
824 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
825 }
826 elseif(! $r = @ldap_bind ($ds))
827 {
828 $fault = true;
829 if($withoutput)
830 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
831 }
832 else
833 {
834 $sr= @ldap_search ($ds, "", "objectClass=*", array("namingContexts"));
837 $attr= @ldap_get_entries($ds,$sr);
838 if((empty($attr)))
839 {
840 $base= "dc=example,dc=net";
843 if($withoutput)
844 print_red(_("Bind to server successful, but the server seems to be completly empty, please check all informations twice"));
846 }
847 else
848 {
849 $base= $attr[0]['dn'];
850 }
851 }
855 if(!isset($_SESSION['ldapconf']['base'])) $_SESSION['ldapconf']['base'] = $base;
856 if(!isset($_SESSION['ldapconf']['admin'])) $_SESSION['ldapconf']['admin'] = "cn=ldapadmin,".$base;
857 if(!isset($_SESSION['ldapconf']['peopleou'])) $_SESSION['ldapconf']['peopleou'] = "ou=people";
858 if(!isset($_SESSION['ldapconf']['groupou'])) $_SESSION['ldapconf']['groupou'] = "ou=groups";
859 if(!isset($_SESSION['ldapconf']['peopledn'])) $_SESSION['ldapconf']['peopledn'] = "cn";
860 if(!isset($_SESSION['ldapconf']['password'])) $_SESSION['ldapconf']['password'] = "";
861 if(!isset($_SESSION['ldapconf']['location'])) $_SESSION['ldapconf']['location'] = "Example";
862 if(!isset($_SESSION['ldapconf']['uidbase'])) $_SESSION['ldapconf']['uidbase'] = "1000";
863 if(!isset($_SESSION['ldapconf']['mail'])) $_SESSION['ldapconf']['mail'] = 0;
864 $tmp = array_flip($_SESSION['ldapconf']['arr_cryptkeys']);
865 if(!isset($_SESSION['ldapconf']['arr_crypts'])) $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5'];
868 // check Post data
870 if(isset($_POST['check']))
871 {
872 // Check if all needed vars are submitted
873 foreach($checkvars as $key)
874 {
875 if($key == "peopleou") continue;
876 if($key == "groupou") continue;
878 if((isset($_POST[$key]))&&($_POST[$key]!=""))
879 {
880 $_SESSION['ldapconf'][$key] = $_POST[$key];
881 }
882 else
883 {
884 if($withoutput)
885 {
886 print_red(sprintf(_("You're missing the required attribute '%s' from this formular. Please complete!"), $key));
887 }
888 $fault = true;
889 }
890 }
892 // check if another base is given ... (ldapadmin...dc=base,dc=de) ..
894 $base = $_SESSION['ldapconf']['admin'];
895 $tmp = array_reverse ( split(",",$base));
896 $base = $tmp[1].",".$tmp[0];
897 $_SESSION['ldapconf']['base'] = $base;
900 }
902 if(isset($_POST['base']))
903 $_SESSION['ldapconf']['base']= $_POST['base'];
905 $smarty->assign("arr_cryptkeys",$_SESSION['ldapconf']['arr_cryptkeys']);
906 $smarty->assign("mail_methods", $_SESSION['ldapconf']['mail_methods']);
908 foreach($_SESSION['ldapconf'] as $key => $val)
909 {
910 $smarty->assign($key,$val);
911 }
913 if(isset($_POST['check']))
914 {
915 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
917 $m= schema_check($_SESSION['ldapconf']['uri'], $_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password']);
918 $_SESSION['classes']= $m;
920 if ($ldap->error != "Success")
921 {
922 if($withoutput)
923 {
924 print_red(sprintf(_("Can't log into LDAP server. Reason was: %s."), $ldap->get_error()));
925 }
926 $fault = true;
927 }
928 }
932 // Set smarty output
933 $smarty->assign ("content", get_template_path('setup_step4.tpl'));
935 $smarty->assign ("peopledns", array("cn", "uid"));
936 if($withoutput)
937 $smarty->display (get_template_path('headers.tpl'));
939 if(isset($_SESSION['errors']))
940 {
941 $smarty->assign("errors", $_SESSION['errors']);
942 }
943 if($withoutput)
944 $smarty->display (get_template_path('setup.tpl'));
947 return (!$fault);
950 }
955 // This page shows your configuration
956 // and wants you to download the gosa.conf ....
957 function show_setup_page5($withoutput=true)
958 {
959 // Get ldapconf
960 $ldapconf= $_SESSION['ldapconf'];
962 // get smarty
963 $smarty = get_smarty();
965 if(isset($_SESSION['classes']))
966 $classes = $_SESSION['classes'];
968 $info= posix_getgrgid(posix_getgid());
969 $smarty->assign ("webgroup", $info['name']);
970 $smarty->assign ("path", CONFIG_DIR);
971 $message = "";
972 $message.="<table class=\"check\">";
973 $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1);
975 if($withoutput)
976 {
977 $smarty->assign ("schemas", view_schema_check($m));
978 $smarty->assign ("content", get_template_path('setup_finish.tpl'));
979 }
980 // Output templates ....
982 if($withoutput)
983 $smarty->display (get_template_path('headers.tpl'));
985 if (isset($_SESSION['errors']))
986 {
987 $smarty->assign("errors", $_SESSION['errors']);
988 }
989 if($withoutput)
990 $smarty->display (get_template_path('setup.tpl'));
991 return(true);
992 }
1005 // this function is called by setup step 5, in order to create a missinf Administrator
1006 // and or Administrational user
1007 // on success go on with setup_page5
1008 // else show this page aggain
1009 function create_user_for_setup($withoutput=true)
1010 {
1012 error_reporting(E_ALL);
1014 global $samba;
1016 $ldapconf = $_SESSION['ldapconf'];
1017 $smarty = get_smarty();
1021 if(isset($_SESSION['classes']))
1022 $classes= $_SESSION['classes'];
1024 // Everything runns perfect ...
1025 // So we do a last test on this page
1026 // is there a user with ACLs :all which will be able to adminsitrate GOsa
1027 // We check that, if this user or group is missing we ask for creating them
1029 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
1031 // $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
1033 // Now we are testing for a group, with the rights :all
1034 $ldap->cd($ldapconf['base']);
1035 $ldap->search("(&(objectClass=gosaObject)(gosaSubtreeACL=:all))");
1037 $group_cnt = $ldap->count();
1038 $data = $ldap->fetch();
1039 $create_user = false;
1041 // We need to create Administrative user and group
1042 // Because theres no Group found
1043 if($group_cnt < 1)
1044 {
1045 // Set var to create user
1046 $create_user = true;
1048 // Output error
1049 if(($withoutput)&&(!isset($_POST['new_admin'])))
1050 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1051 }
1052 else
1053 {
1055 // We found an Administrative Group, is there a user too
1056 if(isset($data['memberUid'][0]))
1057 {
1058 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person))",array("uid=".$data['memberUid'][0]));
1059 $data2 = $ldap->fetch();
1060 $user_cnt = $ldap->count();
1061 }
1063 // We must create a user
1064 if (($ldap->count() < 1)||(!isset($data2)))
1065 {
1066 $create_user = true;
1067 if(($withoutput)&&(!isset($_POST['new_admin'])))
1068 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1069 }
1070 else
1071 {
1072 // We don't need to add a user
1073 return(true);
1074 }
1076 }// if($group_cn)
1078 // We need to create a new user with group
1079 if(isset($_POST['new_admin']))
1080 {
1081 // Is there a running user ?
1082 // Then add additional
1084 if (isset($classes['samba3']))
1085 {
1086 $samba= "2";
1087 $lmPassword = "lmPassword";
1088 $ntPassword = "ntPassword";
1089 } else {
1090 $samba= "3";
1091 $lmPassword = "sambaLMPassword";
1092 $ntPassword = "sambaNtPassword";
1093 }
1096 // Nothing submitted
1097 if(( (empty($_POST['admin_name']))||(empty($_POST['admin_pass'])) )&&(!$create_user))
1098 {
1099 return(true);
1100 }
1102 // We have the order to create on Admin ^^
1103 // Detect Samba version to define the Attribute names shown below
1104 // go to base
1105 $ldap->cd($ldapconf['base']);
1107 // Define the user we are going to create
1108 $dn = "cn=".$_POST['admin_name'].",".$ldapconf['peopleou'].",".$ldapconf['base'];
1111 $arr['objectClass'][0] ="person";
1112 $arr['objectClass'][1] ="organizationalPerson";
1113 $arr['objectClass'][2] ="inetOrgPerson";
1114 $arr['objectClass'][3] ="gosaAccount";
1115 $arr['uid'] = $_POST['admin_name'];
1116 $arr['cn'] = $_POST['admin_name'];
1117 $arr['sn'] = $_POST['admin_name'];
1119 $arr['givenName'] = "GOsa main administrator";
1120 $arr[$lmPassword] = "10974C6EFC0AEE1917306D272A9441BB";
1121 $arr[$ntPassword] = "38F3951141D0F71A039CFA9D1EC06378";
1122 $arr['userPassword'] = crypt_single($_POST['admin_pass'],"md5");
1123 if( ! $ldap->dn_exists ( $dn )) {
1124 $ldap->cd($dn);
1125 $ldap->create_missing_trees($dn);
1126 $ldap->add($arr);
1127 if($ldap->error!="Success") {
1128 print_red("Can't create user, and / or Group, possibly this problem depends on an empty LDAP server. Check your configuration and try again!");
1129 }
1130 }
1132 // theres already a group for administrator, so we only need to add the user
1133 if($group_cnt)
1134 {
1135 if(!isset($data['memberUid']))
1136 {
1137 $arrr['memberUid']= $_POST['admin_name'];
1138 }
1139 else
1140 {
1141 $data['memberUid'][$data['memberUid']['count']]=$_POST['admin_name'];
1142 $arrr['memberUid'] = $data['memberUid'];
1143 unset($arrr['memberUid']['count']);
1144 }
1145 $ldap->cd($data['dn']);
1146 $ldap->modify($arrr);
1147 }
1148 else
1149 {
1150 // there was no group defined, so we must create one
1151 $dn = "cn=administrators,".$ldapconf['groupou'].",".$ldapconf['base'];
1152 $arrr['objectClass'][0] = "gosaObject";
1153 $arrr['objectClass'][1] = "posixGroup";
1154 $arrr['gosaSubtreeACL'] = ":all";
1155 $arrr['cn'] = "administrators";
1156 $arrr['gidNumber'] = "999";
1157 $arrr['memberUid'] = $_POST['admin_name'];
1158 $ldap->cd($dn);
1159 $ldap->add($arrr);
1160 }
1163 // We created the Group and the user, so we can go on with the next setup step
1164 return(true);
1165 }
1166 else
1167 {
1168 if(!($create_user))
1169 {
1170 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1171 $smarty->assign("exists",true);
1172 }
1173 else
1174 {
1175 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1176 $smarty->assign("exists",false);
1177 }
1178 }
1181 // Smarty outout
1183 if($withoutput)
1184 $smarty->display (get_template_path('headers.tpl'));
1186 if (isset($_SESSION['errors']))
1187 {
1188 $smarty->assign("errors", $_SESSION['errors']);
1189 }
1190 if($withoutput)
1191 $smarty->display (get_template_path('setup.tpl'));
1194 return(false);
1195 }
1198 // Returns the classnames auf the mail classes
1199 function get_available_mail_classes()
1200 {
1201 $dir = opendir( "../include");
1202 $methods = array();
1203 $suffix = "class_mail-methods-";
1204 $lensuf = strlen($suffix);
1205 $prefix = ".inc";
1206 $lenpre = strlen($prefix);
1209 $i = 0;
1210 while (($file = readdir($dir)) !== false)
1211 {
1212 if(stristr($file,$suffix))
1213 {
1214 $lenfile = strlen($file);
1215 $methods['name'][$i] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1216 $methods['file'][$i] = $file;
1217 $methods[$i]['file'] = $file;
1218 $methods[$i]['name'] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1219 $i++;
1220 }
1221 }
1222 return($methods);
1223 }
1231 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1232 ?>