![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
3 function check_schema_version($description, $version)
4 {
5 $desc= preg_replace("/^.* DESC\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $description);
7 return preg_match("/\(v$version\)/", $desc);
8 }
10 function view_schema_check($table)
11 {
12 $message="<table class=\"check\">";
13 foreach ($table as $key => $values){
14 $msg = $values['msg'];
15 $message.= "<tr><td class=\"check\">$msg";
16 if($values['status']) {
17 $message.="</td><td style='text-align:center' ><img src=images/true.png alt='true' /></td></tr>";
18 }
19 else
20 {
21 $message.="</td><td style='text-align:center' ><img src=images/button_cancel.png alt='false' /></td></tr>";}
22 }
23 $message.="</table>";
24 return $message;
25 }
27 function schema_check($server, $admin, $password,$aff=0)
28 {
29 global $config;
32 $messages= array();
33 $required_classes= array(
34 "gosaObject" => array("version" => "2.4"),
35 "gosaAccount" => array("version" => "2.4"),
36 "gosaLockEntry" => array("version" => "2.4"),
37 "gosaCacheEntry" => array("version" => "2.4"),
38 "gosaDepartment" => array("version" => "2.4"),
40 "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
41 "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
42 "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
44 "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"),
45 "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"),
46 "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
47 "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
48 "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
50 "GOhard" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
51 "gotoTerminal" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
52 "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"),
53 "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
54 "goNfsServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
55 "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
56 "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
57 "goLdapServer" => array("version" => "2.4"),
58 "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),),
59 "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3.schema"),
60 "goKrbServer" => array("version" => "2.4"),
61 "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"),
63 );
65 /* Build LDAP connection */
66 $ds= ldap_connect ($server);
67 if (!$ds) {
68 return (array(array("msg" => _("Can't bind to LDAP. No schema check possible!"), "status" => FALSE)));
69 }
70 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
71 $r= ldap_bind ($ds, $admin, $password);
73 /* Get base to look for schema */
74 $sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
75 $attr= @ldap_get_entries($ds,$sr);
76 if (!isset($attr[0]['subschemasubentry'][0])){
77 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
78 }
80 /* Get list of objectclasses */
81 $nb= $attr[0]['subschemasubentry'][0];
82 $objectclasses= array();
83 $sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
84 $attrs= ldap_get_entries($ds,$sr);
85 if (!isset($attrs[0])){
86 return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE)));
87 }
88 foreach ($attrs[0]['objectclasses'] as $val){
89 $name= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
90 if ($name != $val){
91 $objectclasses[$name]= $val;
92 }
93 }
94 /* Walk through objectclasses and check if they are needed or not */
95 foreach ($required_classes as $key => $value){
96 if (isset($value['class'])){
97 if (!is_array($value['class'])){
98 $classes= array($value['class']);
99 } else {
100 $classes= $value['class'];
101 }
103 /* Check if we are using the class that requires */
104 foreach($classes as $class){
105 if (!isset($objectclasses[$key])){
106 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' is not present in LDAP setup"), $key, $class);
107 $messages[$key]['status'] = FALSE;
108 } else {
109 if (!check_schema_version($objectclasses[$key], $value['version'])){
110 $messages[$key]['msg']= sprintf(_("Optional objectclass '%s' required by plugin '%s' does not have version %s"), $key, $class, $value['version']);
111 $messages[$key]['status'] =FALSE;
112 }else {
113 if(!isset($affich2[$class])){
114 $affich2[$class]['msg'] = sprintf(_("Support for '%s' enabled"), $class)."<td class=\"check\"> ".$value['file']."</td>";
115 $affich2[$class]['status']= TRUE;
116 }
117 }
118 }
120 }
121 } else {
122 /* Required class */
123 if (!isset($objectclasses[$key])){
124 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' is not present in LDAP setup"), $key);
125 $messages[$key]['status'] = FALSE;
126 } else {
127 if (!check_schema_version($objectclasses[$key], $value['version'])){
128 $messages[$key]['msg']= sprintf(_("Required objectclass '%s' does not have version %s"), $key, $value['version']);
129 $messages[$key]['status'] = FALSE;
130 }
131 }
132 }
133 }
135 /* Check for correct samba parameters */
136 if (!isset($objectclasses['sambaSamAccount'])){
137 $messages['samba3']['msg'] = _("SAMBA 3 support disabled, no schema seems to be installed");
138 $affich['samba3']['msg'] = $messages['samba3']['msg']."<td class=\"check\">gosa+samba3.schema</td>";
139 $messages['samba3']['status'] = FALSE;
140 $affich['samba3']['status'] = FALSE;
141 }else{
142 $affich['samba3']['msg'] = _("SAMBA 3 support enabled")."<td class=\"check\">gosa+samba3.schema</td>";
143 $affich['samba3']['status'] = TRUE;
144 }
146 if (!isset($objectclasses['sambaAccount'])){
147 $messages['samba2']['msg'] = _("SAMBA 2 support disabled, no schema seems to be installed");
148 $affich['samba2']['msg'] = $messages['samba2']['msg']."<td class=\"check\">samba.schema</td>";
149 $messages['samba2']['status'] = FALSE;
150 $affich['samba2']['status'] = FALSE;
151 }else{
152 $affich['samba2']['msg'] = _("SAMBA 2 support enabled")."<td class=\"check\">samba.schema</td>";
153 $affich['samba2']['status'] = TRUE;
154 }
156 /* Check pureftp/dns/ */
157 if (!isset($objectclasses['PureFTPdUser'])){
158 $messages['pureftp']['msg'] = _("Support for pureftp disabled, no schema seems to be installed");
159 $affich['pureftp']['msg'] = $messages['pureftp']['msg']."<td class=\"check\">pureftpd.schema</td>";
160 $messages['pureftp']['status'] = FALSE;
161 $affich['pureftp']['status'] = FALSE;
162 }else{
163 $affich['pureftp']['msg'] = _("Support for pureftp enabled")."<td class=\"check\">pureftpd.schema</td>";
164 $affich['pureftp']['status'] = TRUE;
165 }
167 if (!isset($objectclasses['gosaWebdavAccount'])){
168 $messages['webdav']['msg'] = _("Support for WebDAV disabled, no schema seems to be installed");
169 $affich['webdav']['msg'] = $messages['webdav']['msg']."<td class=\"check\"></td>";
170 $messages['webdav']['status'] = FALSE;
171 $affich['webdav']['status'] = FALSE;
172 }else{
173 $affich['webdav']['msg']=_("Support for WebDAV enabled")."<td class=\"check\">gosa+samba3.schema</td>";
174 $affich['webdav']['status'] = TRUE;
175 }
177 if (!isset($objectclasses['phpgwAccount'])){
178 $messages['phpgroupware']['msg'] = _("Support for phpgroupware disabled, no schema seems to be installed");
179 $affich['phpgroupware']['msg']=$messages['phpgroupware']['msg']."<td class=\"check\">phpgwaccount.schema</td>";
180 $messages['phpgroupware']['status'] = FALSE;
181 $affich['phpgroupware']['status'] = FALSE;
182 }else{
183 $affich['phpgroupware']['msg'] = _("Support for phpgroupware enabled")."<td class=\"check\">phpgwaccount.schema</td>";
184 $affich['phpgroupware']['status'] = TRUE;
185 }
187 if (!isset($objectclasses['goFonAccount'])){
188 $messages['phoneaccount']['msg'] = _("Support for gofon disabled, no schema seems to be installed");
189 $affich['phoneaccount']['msg'] = $messages['phoneaccount']['msg']."<td class=\"check\">gofon.schema</td>";
190 $messages['phoneaccount']['status'] = FALSE;
191 $affich['phoneaccount']['status'] = FALSE;
192 }else{
193 $affich['phoneaccount']['msg'] = _("Support for gofon enabled")."<td class=\"check\">gofon.schema</td>";
194 $affich['phoneaccount']['status'] = true;
195 }
198 if(($_SESSION['ldapconf']['mail_methods'][$_SESSION['ldapconf']['mail']] == "kolab")){
199 if(!isset($objectclasses['kolabInetOrgPerson']))
200 {
201 $messages['kolab']['msg'] = _("Support for Kolab disabled, no schema seems to be installed, setting mail-method to cyrus");
202 $affich['kolab']['msg'] =$messages['kolab']['msg']."<td class=\"check\">kolab2.schema</td>";
204 $tmp = array_flip($_SESSION['ldapconf']['mail_methods']);
205 $_SESSION['ldapconf']['mail'] =$tmp['cyrus'];
207 $messages['kolab']['status'] = FALSE;
208 $affich['kolab']['status'] = FALSE;
209 }else{
210 $affich['kolab']['msg'] =_("Support for Kolab enabled")."<td class=\"check\">gofon.schema</td>";
211 $affich['kolab']['status'] = TRUE;
212 }
213 }
214 if($aff==0)return ($messages);
215 else return(array_merge($affich,$affich2));
218 }
222 function check(&$faults, $message, $description, $test, $required= TRUE)
223 {
224 $msg= "<table class='check'><tr><td class='check' style='font-size:14px;'>$message</td><td rowspan=2 style='vertical-align:middle; text-align:center;width:45px;'>";
225 if ($test){
226 $msg.= _("OK")."<br>";
227 } else {
228 if (!$required){
229 $msg.="<font color=red>"._("Ignored")."</font><br>";
230 } else {
231 $msg.="<font color=red>"._("Failed")."</font><br>";
232 $faults++;
233 }
234 }
235 $msg.= "</td></tr><tr><td class='check' style='padding-left:20px;background-color:#F0F0F0;'>$description</td></tr></table><br>";
237 return $msg;
238 }
240 function perform_php_checks(&$faults)
241 {
242 global $check_globals;
244 $faults= 0;
245 $msg= "";
247 $msg.= "<h1>"._("PHP setup inspection")."</h1>";
248 $msg.= check ( $faults, _("Checking for PHP version (>=4.1.0)"),
249 _("PHP must be of version 4.1.0 or above for some functions and known bugs in PHP language."),
250 version_compare(phpversion(), "4.1.0")>=0);
252 $msg.= check ( $faults, _("Checking if register_globals is set to 'off'"),
253 _("register_globals is a PHP mechanism to register all global varibales to be accessible from scripts without changing the scope. This may be a security risk. GOsa will run in both modes."),
254 $check_globals == 0, FALSE);
256 $msg.= check ( $faults, _("Checking for ldap module"),
257 _("This is the main module used by GOsa and therefore really required."),
258 function_exists('ldap_bind'));
260 $msg.= check ( $faults, _("Checking for gettext support"),
261 _("Gettext support is required for internationalized GOsa."), function_exists('bindtextdomain'));
263 $msg.= check ( $faults, _("Checking for iconv support"),
264 _("This module is used by GOsa to convert samba munged dial informations and is therefore required."),
265 function_exists('iconv'));
267 $msg.= check ( $faults, _("Checking for mhash module"),
268 _("To use SSHA encryption, you'll need this module. If you are just using crypt or md5 encryption, ignore this message. GOsa will run without it."),
269 function_exists('mhash'), FALSE);
271 $msg.= check ( $faults, _("Checking for imap module"),
272 _("The IMAP module is needed to communicate with the IMAP server. It gets status informations, creates and deletes mail users."),
273 function_exists('imap_open'));
274 $msg.= check ( $faults, _("Checking for getacl in imap"),
275 _("The getacl support is needed for shared folder permissions. The standard IMAP module is not capable of reading acl's. You need a recend PHP version for this feature."),
276 function_exists('imap_getacl'), FALSE);
277 $msg.= check ( $faults, _("Checking for mysql module"),
278 _("MySQL support is needed for reading GOfax reports from databases."),
279 function_exists('mysql_query'), FALSE);
280 $msg.= check ( $faults, _("Checking for cups module"),
281 _("In order to read available printers from IPP protocol instead of printcap files, you've to install the CUPS module."),
282 function_exists('cups_get_dest_list'), FALSE);
283 $msg.= check ( $faults, _("Checking for kadm5 module"),
284 _("Managing users in kerberos requires the kadm5 module which is downloadable via PEAR network."),
285 function_exists('kadm5_init_with_password'), FALSE);
286 return ($msg);
287 }
290 function perform_additional_checks(&$faults)
291 {
292 # Programm check
293 $msg= "<h1>"._("Checking for some additional programms")."</h1>";
295 # Image Magick
296 $query= "LC_ALL=C LANG=C convert -help";
297 $output= shell_exec ($query);
298 if ($output != ""){
299 $lines= split ("\n", $output);
300 $version= preg_replace ("/^Version:[^I]+ImageMagick ([^\s]+).*/", "\\1", $lines[0]);
301 list($major, $minor)= split("\.", $version);
302 $msg.= check ( $faults, _("Checking for ImageMagick (>=5.4.0)"),
303 _("ImageMagick is used to convert user supplied images to fit the suggested size and the unified JPEG format."),
304 ($major > 5 || ($major == 5 && $minor >= 4)));
305 } else {
306 $msg.= check ( $faults, _("Checking imagick module for PHP"),
307 _("Imagick is used to convert user supplied images to fit the suggested size and the unified JPEG format from PHP script."), function_exists('imagick_blob2image'), TRUE);
308 }
310 # Check for fping
311 $query= "LC_ALL=C LANG=C fping -v 2>&1";
312 $output= shell_exec ($query);
313 $have_fping= preg_match("/^fping:/", $output);
314 $msg.= check ( $faults, _("Checking for fping utility"),
315 _("The fping utility is only used if you've got a thin client based terminal environment running."),
316 $have_fping, FALSE);
318 # Check for smb hash generation tool
319 $query= "mkntpwd 2>&1";
320 $output= shell_exec ($query);
321 $have_mkntpwd= preg_match("/^Usage: mkntpwd /", $output);
322 $alt = 0;
324 if (!$have_mkntpwd){
325 $query= "LC_ALL=C LANG=C perl -MCrypt::SmbHash -e 'ntlmgen \"PASSWD\", \$lm, \$nt; print \"\${lm}:\${nt}\\n\";' &>/dev/null";
326 system ($query, $ret);
327 $alt= ($ret == 0);
328 }
330 $msg.= check ( $faults, _("Checking for a way to generate LM/NT password hashes"),
331 _("In order to use SAMBA 2/3, you've to install some additional packages to generate password hashes."),
332 ($have_mkntpwd || $alt));
333 # checking for some PHP.ini Options
335 /* seesio.auto_start should be off, in order to without trouble*/
337 $arra = ini_get_all();
339 /* This array contains folling info now :
340 global_value 0
341 local_value 0
342 access 7
344 -->Access types
345 PHP_INI_USER 1 Entry can be set in user scripts
346 PHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.conf
347 PHP_INI_SYSTEM 4 Entry can be set in php.ini or httpd.conf
348 PHP_INI_ALL 7 Entry can be set anywhere
350 */
352 $session_auto_start = ($arra['session.auto_start']);
353 $implicit_flush = ($arra['implicit_flush']);
354 $max_execution_time = ($arra['max_execution_time']);
355 $memory_limit = ($arra['memory_limit']);
356 $expose_php = ($arra['expose_php']);
357 $magic_quotes_gpc = ($arra['magic_quotes_gpc']);
358 $register_globals = ($arra['register_globals']);
361 // auto_register
362 $msg.= check ( $faults, _("php.ini check -> session.auto_register"),
363 _("In Order to use GOsa without any trouble, the session.auto_register option in your php.ini must be set to 'Off'."), (!$session_auto_start['local_value']));
367 //implicit_flush
368 $msg.= check ( $faults, _("php.ini check -> implicit_flush"),
369 _("This option influences the Output handling. Turn this Option off, to increase performance."),
370 !$implicit_flush['local_value'],0,false);
372 //max_execution_time
373 if($max_execution_time['local_value'] < 30 ){
374 $max_execution_time['local_value']=false;
375 }
376 $msg.= check ( $faults, _("php.ini check -> max_execution_time"),
377 _("The Execution time should be at least 30 seconds, because some actions may consume more time."),
378 $max_execution_time['local_value'],0,false);
380 //memory_limit
381 if($memory_limit['local_value'] < 8 ){
382 $memory_limit['local_value']=false;
383 }
384 $msg.= check ( $faults, _("php.ini check -> memory_limit"),
385 _("GOsa needs at least 8MB of memory, less will cause unpredictable errors! An optimal setting would be 16MB, increase it for larger setups."),
386 !$implicit_flush['local_value'],0,false);
388 //expose_php
389 $msg.= check ( $faults, _("php.ini check -> expose_php"),
390 _("Increase the server security by setting expose_php to 'off'. PHP won't send any Information about the server you are running in this case."),
391 !$implicit_flush['local_value'],0,false);
393 //magic_quotes_gpc
394 $msg.= check ( $faults, _("php.ini check -> magic_quotes_gpc"),
395 _("Increase your server security by setting magic_quotes_gpc to 'on'. PHP will escape all quotes in strings in this case."),
396 $magic_quotes_gpc['local_value'],0,false);
398 return $msg;
399 }
403 //! Added by Hickert
404 //
405 // Parse /contrib/gosa.conf to set user defined values
406 //This function may create the ldap.conf
407 // Lets try
408 function parse_contrib_conf()
409 {
410 /* First gather all needed informations */
414 /* Variables */
415 $str = "";
416 $used_samba_version = 0;
417 $query = "";
418 $fp = false;
419 $output = "";
420 $needridbase_sid = false;
421 $pwdhash = "";
422 $replacements = array();
423 $ldapconf = $_SESSION['ldapconf']; // The Installation information
424 $classes = $_SESSION['classes']; // Class information needed to define which features are enabled
425 $possible_plugins = array();
427 if(isset($classes['samba3'])) // means Samba 3 is disabled
428 $used_samba_version = 2;
429 else
430 $used_samba_version = 3;
433 if(file_exists("/usr/lib/gosa/mkntpasswd")) {
434 $pwdhash = "/usr/lib/gosa/mkntpasswd";
435 }
436 elseif (preg_match("/^Usage: mkntpwd /", shell_exec ("mkntpwd 2>&1"))) {
437 $pwdhash= "mkntpwd";
438 } else {
439 $pwdhash=addslashes(' perl -MCrypt::SmbHash -e "ntlmgen \"\$ARGV[0]\", \$lm, \$nt; print \"\${lm}:\${nt}\n\";" $1');
440 // $pwdhash= 'perl -MCrypt::SmbHash -e \"ntlmgen \\"\\$ARGV[0]\\", \\$lm, \\$nt; print \\"\\${lm}:\\${nt}\\\";\"';
441 }
444 // Define which variables will be replaced
445 $replacements['{LOCATIONNAME}'] = $ldapconf['location'];
446 $replacements['{SAMBAVERSION}'] = $used_samba_version;
447 $replacements['{LDAPBASE}'] = $ldapconf['base'];
448 $replacements['{LDAPADMIN}'] = $ldapconf['admin'];
449 $replacements['{DNMODE}'] = $ldapconf['peopledn'];
450 $replacements['{LDAPHOST}'] = $ldapconf['uri'];
451 $replacements['{PASSWORD}'] = $ldapconf['password'];
452 $replacements['{CRYPT}'] = $ldapconf['arr_cryptkeys'][$ldapconf['arr_crypts']];
453 $replacements['{SID}'] = "";
454 $replacements['{RIDBASE}'] = "";
455 $replacements['{MAILMETHOD}'] = $ldapconf['mail_methods'][$ldapconf['mail']];
456 $replacements['{SMBHASH}'] = $pwdhash;
457 $replacements['{GOVERNMENTMODE}'] = "false";
458 $replacements['{kolabAccount}'] = "";
459 $replacements['{servKolab}'] = "";
462 // This array contains all preg_replace syntax to delete all unused plugins
463 // THE kEY MUST BE THE CLASSNAME so we can check it with $ldapconf['classes']
465 $possible_plugins['fonreport'][] ="'\n.*<plugin.*fonreport+.*\n.*>.*\n'i";
466 $possible_plugins['phoneaccount'][] ="'\n.*<tab.*phoneAccount.*>.*\n'i";
468 $possible_plugins['logview'][] ="'\n.*<plugin.*logview+.*\n.*>.*\n'i";
470 $possible_plugins['pureftp'][] ="'\n.*<tab.*pureftp.*>.*\n'i";
472 $possible_plugins['webdav'][] ="'\n.*<tab.*webdav.*>.*\n'i";
474 $possible_plugins['phpgroupware'][] ="'\n.*<tab.*phpgroupware.*>'i";
477 // Header information
478 // Needed to send the generated gosa.conf to the browser
479 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
480 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
481 header("Cache-Control: no-cache");
482 header("Pragma: no-cache");
483 header("Cache-Control: post-check=0, pre-check=0");
484 header("Content-type: text/plain");
486 if (preg_match('/MSIE 5.5/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 6.0/', $_SERVER['HTTP_USER_AGENT']))
487 {
488 header('Content-Disposition: filename="gosa.conf"');
489 } else {
490 header('Content-Disposition: attachment; filename="gosa.conf"');
491 }
494 if(!$fp=fopen(CONFIG_TEMPLATE_DIR."/gosa.conf","r"))
495 {
496 echo "Can't open file ".CONFIG_TEMPLATE_DIR."/gosa.conf";
497 // Don't write anything else
498 }
499 else
500 {
501 // Read out Data .....
502 while(!feof($fp))
503 {
504 $str.= fread($fp,512);
505 }
509 if($ldapconf['mail_methods'][$ldapconf['mail']]=="kolab")
510 {
511 $replacements['{kolabAccount}'] ="<tab class=\"kolabAccount\" />";
512 $replacements['{servKolab}'] ="<tab class=\"servkolab\" name=\"Kolab\" />";
513 }
519 // Lets check which samba version we will use
521 // in case of samba 2 we don't need to add additional objets in gosa.conf
522 // in case of samba 3 we musst detect if theres an objectType = SambaObjekt defined
523 // if theres is one, then do nothing, because the setup will detect the the SID themself
524 // if theres none defined add SID and RIDBASE to gosa.conf
527 if($used_samba_version == 2)
528 {
529 // Do nothing ...
530 }
531 else
532 {
533 // Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
534 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
537 // Try to find a Samba Domain Objekt
538 $ldap->search("(objectClass=sambaDomain)");
540 // Something found ??? so we need to define ridbase an SID by ourselfs
541 if($ldap->count()< 1)
542 {
543 $replacements['{SID}'] = "sid=\"123412-11\"";
544 $replacements['{RIDBASE}'] = "ridbase=\"1000\"";
545 }
546 }// else --> $used_samba_version == 2
548 // Data readed, types replaced, samba version detected and checked if we need to add SID and RIDBASE
551 // Check if there is an ivbbEntry in the LDAP tree, in this case we will set the governmentmode to true
552 // Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
554 if(!isset($ldap))
555 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
558 // Try to find a Samba Domain Objekt
559 $ldap->search("(objectClass=ivbbEntry)");
561 // Something found ??? so we need to define ridbase an SID by ourselfs
562 if($ldap->count()> 0)
563 {
564 $replacements['{GOVERNMENTMODE}'] = "true";
565 }
568 // Replace all colleted information with placeholder
569 foreach($replacements as $key => $val)
570 {
571 $str = preg_replace("/".$key."/",$val,$str);
572 // $str = ereg_replace($key,$val,$str);
573 }
575 // Remove all unused plugins
576 foreach($possible_plugins as $plugin)
577 {
578 foreach($plugin as $key=>$val)
579 {
580 if(in_array($plugin,$classes))
581 {
582 $str = preg_replace($val,"\n",$str);
583 }
584 }
585 }
588 }// else --> !$fp=fopen("../contrib/gosa.conf","r")
590 return ((($str)));
591 }
594 // This ist the first page shown in setup
595 // This page test some packages, like php version, ldap_module aso
596 // The funtion don't save anything, it tests only, when withoutput = false
597 // (called from setup.php);
598 function show_setup_page1($withoutput = true)
599 {
600 $smarty = get_smarty();
602 $smarty->assign ("content", get_template_path('setup_introduction.tpl'));
603 $smarty->assign ("tests", perform_php_checks($faults));
607 // This var is true if there is anything went wrong
608 if ($faults)
609 {
610 $smarty->assign("mode", "disabled");
611 }
613 // This line displays the template only if (withoutput is set)
614 if($withoutput)
615 $smarty->display (get_template_path('headers.tpl'));
617 if (isset($_SESSION['errors']))
618 {
619 $smarty->assign("errors", $_SESSION['errors']);
620 }
622 if($withoutput)
623 $smarty->display (get_template_path('setup.tpl'));
625 return (!$faults);
626 }
634 /* Shows Setup_page 2*/
635 function show_setup_page2($withoutput = true)
636 {
637 $smarty = get_smarty();
639 $smarty->assign ("content", get_template_path('setup_step2.tpl'));
640 $smarty->assign ("tests", perform_additional_checks($faults));
642 if ($faults) {
643 $smarty->assign("mode", "disabled");
644 }
645 if($withoutput){
646 $smarty->display (get_template_path('headers.tpl'));
647 }
649 if (isset($_SESSION['errors'])) {
650 $smarty->assign("errors", $_SESSION['errors']);
651 }
652 if($withoutput){
653 $smarty->display (get_template_path('setup.tpl'));
654 }
655 return (!$faults);
656 }
659 /* Setup page 3 asks for the server address
660 "Now we're going to include your LDAP server and create an initial configuration"*/
661 function show_setup_page3($withoutput = true)
662 {
664 // Take the Post oder the Sessioin saved data
665 if(isset($_POST['uri']))
666 $uri = $_POST['uri'];
667 elseif(isset($_SESSION['ldapconf']['uri']))
668 $uri = $_SESSION['ldapconf']['uri'];
670 // If Page called first time, field is empty
671 if((!isset($uri))||(empty($uri)))
672 $uri = "ldap://localhost:389";
675 $smarty = get_smarty();
677 // if isset $uri save it to session
678 if(isset($uri))
679 {
680 $_SESSION['ldapconf']['uri'] = $uri;
681 $smarty->assign ("uri", validate($uri));
682 }
685 // No error till now
686 $fault = false;
689 // If we pushed the Button continue
690 if(isset($_POST['continue3']))
691 if(!isset($uri))
692 {
693 $fault = true;
694 // Output the Error
695 if($withoutput)
696 {
697 print_red (_("You've to specify an ldap server before continuing!"));
698 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
699 }
700 }
701 elseif (!$ds = @ldap_connect (validate($uri)))
702 {
703 $fault =true;
704 // Output the Error
705 if($withoutput)
706 {
707 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
708 $smarty->assign ("uri", validate($uri));
709 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
710 }
711 }
712 else
713 {
714 // Try to bind the connection
715 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
717 // if we can't bind , print error
718 if (!$r = @ldap_bind ($ds))
719 {
720 $fault = true;
721 // Output the Error
722 if($withoutput)
723 {
724 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
725 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
726 $smarty->assign ("uri", validate($uri));
727 }
728 }
729 else
730 {
731 $fault = false;
732 }
733 }
736 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
739 // Load Header
740 if($withoutput)
741 $smarty->display (get_template_path('headers.tpl'));
743 // Set Errors to Smarty
744 if (isset($_SESSION['errors']))
745 {
746 $smarty->assign("errors", $_SESSION['errors']);
747 }
749 // Print out Template
750 if($withoutput)
751 $smarty->display (get_template_path('setup.tpl'));
755 return (!$fault);
756 }
760 // Setup page 4
761 // This page asked for detailed info, like base dn or admin user
762 // if evrything is ok , but there's a missing user with ACL :all we show a a user creation page before we show page 5
763 function show_setup_page4($withoutput = true)
764 {
767 require_once("class_password-methods.inc");
769 error_reporting(E_ALL);
774 $fault = false; // If an error occures we set this var to true
775 $smarty = get_smarty(); // Our smarty instance
776 $uri = $_SESSION['ldapconf']['uri']; // This is the the connect path to the ldapserver like ldap://lo..
777 $ldapconf = $_SESSION['ldapconf']; // The ldap Configuration informations, we collected while setup
778 $arr_crypts = array(); // array which includes contains all possible password crypting methods
779 $temp = ""; // Temp
780 $checkvars = array("location","admin","password","peopleou","peopledn","arr_crypts","mail","uidbase");
783 if(!isset($_SESSION['ldapconf']['arr_cryptkeys']))
784 {
785 require_once("class_password-methods.inc");
786 $tmp = passwordMethod::get_available_methods_if_not_loaded();
787 $_SESSION['ldapconf']['arr_cryptkeys']= $tmp['name'];
788 }
792 if(!isset($_SESSION['ldapconf']['mail_methods']))
793 {
794 $_SESSION['ldapconf']['mail_methods']=array();
795 $temp = get_available_mail_classes();
796 $_SESSION['ldapconf']['mail_methods']= $temp['name'];
797 }
802 // If there are some empty vars in ldapconnect
803 // This values also represent out default values
805 # first try to get $base
806 if(!$ds = @ldap_connect (validate($uri)))
807 {
808 $fault = true;
809 if($withoutput)
810 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
811 }
812 elseif(!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
813 {
814 $fault = true;
815 if($withoutput)
816 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
817 }
818 elseif(! $r = @ldap_bind ($ds))
819 {
820 $fault = true;
821 if($withoutput)
822 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
823 }
824 else
825 {
826 $sr= @ldap_search ($ds, "", "objectClass=*", array("namingContexts"));
829 $attr= @ldap_get_entries($ds,$sr);
830 if((empty($attr)))
831 {
832 $base= "dc=example,dc=net";
835 if($withoutput)
836 print_red(_("Bind to server successful, but the server seems to be completly empty, please check all informations twice"));
838 }
839 else
840 {
841 $base= $attr[0]['dn'];
842 }
843 }
847 if(!isset($_SESSION['ldapconf']['base'])) $_SESSION['ldapconf']['base'] = $base;
848 if(!isset($_SESSION['ldapconf']['admin'])) $_SESSION['ldapconf']['admin'] = "cn=ldapadmin,".$base;
849 if(!isset($_SESSION['ldapconf']['peopleou'])) $_SESSION['ldapconf']['peopleou'] = "ou=people";
850 if(!isset($_SESSION['ldapconf']['groupou'])) $_SESSION['ldapconf']['groupou'] = "ou=groups";
851 if(!isset($_SESSION['ldapconf']['peopledn'])) $_SESSION['ldapconf']['peopledn'] = "cn";
852 if(!isset($_SESSION['ldapconf']['password'])) $_SESSION['ldapconf']['password'] = "";
853 if(!isset($_SESSION['ldapconf']['location'])) $_SESSION['ldapconf']['location'] = "Example";
854 if(!isset($_SESSION['ldapconf']['uidbase'])) $_SESSION['ldapconf']['uidbase'] = "1000";
855 if(!isset($_SESSION['ldapconf']['mail'])) $_SESSION['ldapconf']['mail'] = 0;
856 $tmp = array_flip($_SESSION['ldapconf']['arr_cryptkeys']);
857 if(!isset($_SESSION['ldapconf']['arr_crypts'])) $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5'];
860 // check Post data
862 if(isset($_POST['check']))
863 {
864 // Check if all needed vars are submitted
865 foreach($checkvars as $key)
866 {
867 if((isset($_POST[$key]))&&($_POST[$key]!=""))
868 {
869 $_SESSION['ldapconf'][$key] = $_POST[$key];
870 }
871 else
872 {
873 if($withoutput)
874 {
875 print_red(sprintf(_("You're missing the required attribute '%s' from this formular. Please complete!"), $key));
876 }
877 $fault = true;
878 }
879 }
881 // check if another base is given ... (ldapadmin...dc=base,dc=de) ..
883 $base = $_SESSION['ldapconf']['admin'];
884 $tmp = array_reverse ( split(",",$base));
885 $base = $tmp[1].",".$tmp[0];
886 $_SESSION['ldapconf']['base'] = $base;
889 }
893 $smarty->assign("arr_cryptkeys",$_SESSION['ldapconf']['arr_cryptkeys']);
894 $smarty->assign("mail_methods", $_SESSION['ldapconf']['mail_methods']);
896 foreach($_SESSION['ldapconf'] as $key => $val)
897 {
898 $smarty->assign($key,$val);
899 }
901 if(isset($_POST['check']))
902 {
903 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
905 $m= schema_check($_SESSION['ldapconf']['uri'], $_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password']);
906 $_SESSION['classes']= $m;
908 if ($ldap->error != "Success")
909 {
910 if($withoutput)
911 {
912 print_red(sprintf(_("Can't log into LDAP server. Reason was: %s."), $ldap->get_error()));
913 }
914 $fault = true;
915 }
916 }
920 // Set smarty output
921 $smarty->assign ("content", get_template_path('setup_step4.tpl'));
923 $smarty->assign ("peopledns", array("cn", "uid"));
924 if($withoutput)
925 $smarty->display (get_template_path('headers.tpl'));
927 if(isset($_SESSION['errors']))
928 {
929 $smarty->assign("errors", $_SESSION['errors']);
930 }
931 if($withoutput)
932 $smarty->display (get_template_path('setup.tpl'));
935 return (!$fault);
938 }
943 // This page shows your configuration
944 // and wants you to download the gosa.conf ....
945 function show_setup_page5($withoutput=true)
946 {
947 // Get ldapconf
948 $ldapconf= $_SESSION['ldapconf'];
950 // get smarty
951 $smarty = get_smarty();
953 if(isset($_SESSION['classes']))
954 $classes = $_SESSION['classes'];
956 $info= posix_getgrgid(posix_getgid());
957 $smarty->assign ("webgroup", $info['name']);
958 $smarty->assign ("path", CONFIG_DIR);
959 $message = "";
960 $message.="<table class=\"check\">";
961 $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1);
963 if($withoutput)
964 {
965 $smarty->assign ("schemas", view_schema_check($m));
966 $smarty->assign ("content", get_template_path('setup_finish.tpl'));
967 }
968 // Output templates ....
970 if($withoutput)
971 $smarty->display (get_template_path('headers.tpl'));
973 if (isset($_SESSION['errors']))
974 {
975 $smarty->assign("errors", $_SESSION['errors']);
976 }
977 if($withoutput)
978 $smarty->display (get_template_path('setup.tpl'));
979 return(true);
980 }
993 // this function is called by setup step 5, in order to create a missinf Administrator
994 // and or Administrational user
995 // on success go on with setup_page5
996 // else show this page aggain
997 function create_user_for_setup($withoutput=true)
998 {
1000 error_reporting(E_ALL);
1002 global $samba;
1004 $ldapconf = $_SESSION['ldapconf'];
1005 $smarty = get_smarty();
1009 if(isset($_SESSION['classes']))
1010 $classes= $_SESSION['classes'];
1012 // Everything runns perfect ...
1013 // So we do a last test on this page
1014 // is there a user with ACLs :all which will be able to adminsitrate GOsa
1015 // We check that, if this user or group is missing we ask for creating them
1017 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
1019 // $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
1021 // Now we are testing for a group, with the rights :all
1022 $ldap->cd($ldapconf['base']);
1023 $ldap->search("(&(objectClass=gosaObject)(gosaSubtreeACL=:all))");
1025 $group_cnt = $ldap->count();
1026 $data = $ldap->fetch();
1027 $create_user = false;
1029 // We need to create Administrative user and group
1030 // Because theres no Group found
1031 if($group_cnt < 1)
1032 {
1033 // Set var to create user
1034 $create_user = true;
1036 // Output error
1037 if(($withoutput)&&(!isset($_POST['new_admin'])))
1038 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1039 }
1040 else
1041 {
1043 // We found an Administrative Group, is there a user too
1044 if(isset($data['memberUid'][0]))
1045 {
1046 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person))",array("uid=".$data['memberUid'][0]));
1047 $data2 = $ldap->fetch();
1048 $user_cnt = $ldap->count();
1049 }
1051 // We must create a user
1052 if (($ldap->count() < 1)||(!isset($data2)))
1053 {
1054 $create_user = true;
1055 if(($withoutput)&&(!isset($_POST['new_admin'])))
1056 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1057 }
1058 else
1059 {
1060 // We don't need to add a user
1061 return(true);
1062 }
1064 }// if($group_cn)
1066 // We need to create a new user with group
1067 if(isset($_POST['new_admin']))
1068 {
1069 // Is there a running user ?
1070 // Then add additional
1072 if (isset($classes['samba3']))
1073 {
1074 $samba= "2";
1075 $lmPassword = "lmPassword";
1076 $ntPassword = "ntPassword";
1077 } else {
1078 $samba= "3";
1079 $lmPassword = "sambaLMPassword";
1080 $ntPassword = "sambaNtPassword";
1081 }
1084 // Nothing submitted
1085 if(( (empty($_POST['admin_name']))||(empty($_POST['admin_pass'])) )&&(!$create_user))
1086 {
1087 return(true);
1088 }
1090 // We have the order to create on Admin ^^
1091 // Detect Samba version to define the Attribute names shown below
1092 // go to base
1093 $ldap->cd($ldapconf['base']);
1095 // Define the user we are going to create
1096 $dn = "cn=".$_POST['admin_name'].",".$ldapconf['peopleou'].",".$ldapconf['base'];
1099 $arr['objectClass'][0] ="person";
1100 $arr['objectClass'][1] ="organizationalPerson";
1101 $arr['objectClass'][2] ="inetOrgPerson";
1102 $arr['objectClass'][3] ="gosaAccount";
1103 $arr['uid'] = $_POST['admin_name'];
1104 $arr['cn'] = $_POST['admin_name'];
1105 $arr['sn'] = $_POST['admin_name'];
1107 $arr['givenName'] = "GOsa main administrator";
1108 $arr[$lmPassword] = "10974C6EFC0AEE1917306D272A9441BB";
1109 $arr[$ntPassword] = "38F3951141D0F71A039CFA9D1EC06378";
1110 $arr['userPassword'] = crypt_single($_POST['admin_pass'],"md5");
1111 if( ! $ldap->dn_exists ( $dn )) {
1112 $ldap->cd($dn);
1113 $ldap->create_missing_trees($dn);
1114 $ldap->add($arr);
1115 if($ldap->error!="Success") {
1116 print_red("Can't create user, and / or Group, possibly this problem depends on an empty LDAP server. Check your configuration and try again!");
1117 }
1118 }
1120 // theres already a group for administrator, so we only need to add the user
1121 if($group_cnt)
1122 {
1123 if(!isset($data['memberUid']))
1124 {
1125 $arrr['memberUid']= $_POST['admin_name'];
1126 }
1127 else
1128 {
1129 $data['memberUid'][$data['memberUid']['count']]=$_POST['admin_name'];
1130 $arrr['memberUid'] = $data['memberUid'];
1131 unset($arrr['memberUid']['count']);
1132 }
1133 $ldap->cd($data['dn']);
1134 $ldap->modify($arrr);
1135 }
1136 else
1137 {
1138 // there was no group defined, so we must create one
1139 $dn = "cn=administrators,".$ldapconf['groupou'].",".$ldapconf['base'];
1140 $arrr['objectClass'][0] = "gosaObject";
1141 $arrr['objectClass'][1] = "posixGroup";
1142 $arrr['gosaSubtreeACL'] = ":all";
1143 $arrr['cn'] = "administrators";
1144 $arrr['gidNumber'] = "999";
1145 $arrr['memberUid'] = $_POST['admin_name'];
1146 $ldap->cd($dn);
1147 $ldap->add($arrr);
1148 }
1151 // We created the Group and the user, so we can go on with the next setup step
1152 return(true);
1153 }
1154 else
1155 {
1156 if(!($create_user))
1157 {
1158 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1159 $smarty->assign("exists",true);
1160 }
1161 else
1162 {
1163 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1164 $smarty->assign("exists",false);
1165 }
1166 }
1169 // Smarty outout
1171 if($withoutput)
1172 $smarty->display (get_template_path('headers.tpl'));
1174 if (isset($_SESSION['errors']))
1175 {
1176 $smarty->assign("errors", $_SESSION['errors']);
1177 }
1178 if($withoutput)
1179 $smarty->display (get_template_path('setup.tpl'));
1182 return(false);
1183 }
1186 // Returns the classnames auf the mail classes
1187 function get_available_mail_classes()
1188 {
1189 $dir = opendir( "../include");
1190 $methods = array();
1191 $suffix = "class_mail-methods-";
1192 $lensuf = strlen($suffix);
1193 $prefix = ".inc";
1194 $lenpre = strlen($prefix);
1197 $i = 0;
1198 while (($file = readdir($dir)) !== false)
1199 {
1200 if(stristr($file,$suffix))
1201 {
1202 $lenfile = strlen($file);
1203 $methods['name'][$i] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1204 $methods['file'][$i] = $file;
1205 $methods[$i]['file'] = $file;
1206 $methods[$i]['name'] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1207 $i++;
1208 }
1209 }
1210 return($methods);
1211 }
1219 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1220 ?>