![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
6 function minimum_version($vercheck)
7 {
8 $needver = split("\.",$vercheck);
9 $curver = split("\.",phpversion());
11 $c1 = count($needver);
12 $c2 = count($curver);
14 if($c2 >= $c1) $c1 = $c2;
16 for($i=0; $i < $c1 ; $i++)
17 {
18 // no success
19 if($needver[$i] > $curver[$i])
20 {
21 return(false);
22 }
23 // current ist higher
24 if($needver[$i] < $curver[$i])
25 {
26 return(true);
27 }
28 // Number is Equal
29 }
30 return (true);
31 }
33 function minimum_versioni2($vercheck)
34 {
35 $minver = (int)str_replace('.', '', $vercheck);
36 $curver = (int)str_replace('.', '', phpversion());
38 if($curver >= $minver){
39 return (true);
40 }
42 return (false);
43 }
46 function check_schema_version($description, $version)
47 {
48 $desc= preg_replace("/^.* DESC\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $description);
50 return preg_match("/\(v$version\)/", $desc);
51 }
53 function view_schema_check($table)
54 {
55 $message="<table class=\"check\">";
56 foreach ($table as $key => $msg){
57 $message.= "<tr><td class=\"check\">$msg";
58 if(strstr($msg,"enabled")) {
59 $message.="</td><td style='text-align:center' ><img src=images/true.png alt='true' /></td></tr>";
60 }
61 else
62 {
63 $message.="</td><td style='text-align:center' ><img src=images/button_cancel.png alt='false' /></td></tr>";}
64 }
65 $message.="</table>";
66 return $message;
67 }
69 function schema_check($server, $admin, $password,$aff=0)
70 {
71 global $config;
74 $messages= array();
75 $required_classes= array(
76 "gosaObject" => array("version" => "2.4"),
77 "gosaAccount" => array("version" => "2.4"),
78 "gosaLockEntry" => array("version" => "2.4"),
79 "gosaCacheEntry" => array("version" => "2.4"),
80 "gosaDepartment" => array("version" => "2.4"),
82 "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
83 "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
84 "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
86 "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"),
87 "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"),
88 "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
89 "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
90 "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
92 "GOhard" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
93 "gotoTerminal" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
94 "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"),
95 "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
96 "goNfsServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
97 "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
98 "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
99 "goLdapServer" => array("version" => "2.4"),
100 "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),),
101 "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3.schema"),
102 "goKrbServer" => array("version" => "2.4"),
103 "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"),
105 );
107 /* Build LDAP connection */
108 $ds= ldap_connect ($server);
109 if (!$ds) {
110 return (array(_("Can't bind to LDAP. No schema check possible!")));
111 }
112 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
113 $r= ldap_bind ($ds, $admin, $password);
115 /* Get base to look for schema */
116 $sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
117 $attr= @ldap_get_entries($ds,$sr);
118 if (!isset($attr[0]['subschemasubentry'][0])){
119 return (array(_("Can't get schema information from server. No schema check possible!")));
120 }
122 /* Get list of objectclasses */
123 $nb= $attr[0]['subschemasubentry'][0];
124 $objectclasses= array();
125 $sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
126 $attrs= ldap_get_entries($ds,$sr);
127 if (!isset($attrs[0])){
128 return (array(_("Can't get schema information from server. No schema check possible!")));
129 }
130 foreach ($attrs[0]['objectclasses'] as $val){
131 $name= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
132 if ($name != $val){
133 $objectclasses[$name]= $val;
134 }
135 }
136 /* Walk through objectclasses and check if they are needed or not */
137 foreach ($required_classes as $key => $value){
138 if (isset($value['class'])){
139 if (!is_array($value['class'])){
140 $classes= array($value['class']);
141 } else {
142 $classes= $value['class'];
143 }
145 /* Check if we are using the class that requires */
146 foreach($classes as $class){
147 if (!isset($objectclasses[$key])){
148 $messages[$key]= sprintf(_("Optional objectclass '%s' required by plugin '%s' is not present in LDAP setup"), $key, $class);
149 } else {
150 if (!check_schema_version($objectclasses[$key], $value['version'])){
151 $messages[$key]= sprintf(_("Optional objectclass '%s' required by plugin '%s' does not have version %s"), $key, $class, $value['version']);
152 }else {
153 if(!isset($affich2[$class])){
154 $affich2[$class]="Support for <b>$class</b> enabled <td class=\"check\"> ".$value['file']."</td>";
155 }
156 }
157 }
159 }
160 } else {
161 /* Required class */
162 if (!isset($objectclasses[$key])){
163 $messages[$key]= sprintf(_("Required objectclass '%s' is not present in LDAP setup"), $key);
164 } else {
165 if (!check_schema_version($objectclasses[$key], $value['version'])){
166 $messages[$key]= sprintf(_("Required objectclass '%s' does not have version %s"), $key, $value['version']);
167 }
168 }
169 }
170 }
172 /* Check for correct samba parameters */
173 if (!isset($objectclasses['sambaSamAccount'])){
174 $messages['samba3']= _("SAMBA 3 support disabled, no schema seems to be installed");
175 $affich['samba3']= $messages['samba3']."<td class=\"check\">gosa+samba3.schema</td>";
176 }else{
177 $affich['samba3']=_("SAMBA 3 support enabled")."<td class=\"check\">gosa+samba3.schema</td>";
178 }
180 if (!isset($objectclasses['sambaAccount'])){
181 $messages['samba2']= _("SAMBA 2 support disabled, no schema seems to be installed");
182 $affich['samba2']=$messages['samba2']."<td class=\"check\">samba.schema</td>";
183 }else{
184 $affich['samba2']=_("SAMBA 2 support enabled")."<td class=\"check\">samba.schema</td>";
185 }
187 /* Check pureftp/dns/ */
188 if (!isset($objectclasses['PureFTPdUser'])){
189 $messages['pureftp']= _("Support for pureftp disabled, no schema seems to be installed");
190 $affich['pureftp']= $messages['pureftp']."<td class=\"check\">pureftpd.schema</td>";
191 }else{
192 $affich['pureftp']=_("Support for pureftp enabled")."<td class=\"check\">pureftpd.schema</td>";
193 }
195 if (!isset($objectclasses['gosaWebdavAccount'])){
196 $messages['webdav']= _("Support for WebDAV disabled, no schema seems to be installed");
197 $affich['webdav']=$messages['webdav']."<td class=\"check\"></td>";
198 }else{
199 $affich['webdav']=_("Support for WebDAV enabled")."<td class=\"check\">gosa+samba3.schema</td>";
200 }
202 if (!isset($objectclasses['phpgwAccount'])){
203 $messages['phpgroupware']= _("Support for phpgroupware disabled, no schema seems to be installed");
204 $affich['phpgroupware']=$messages['phpgroupware']."<td class=\"check\">phpgwaccount.schema</td>";
205 }else{
206 $affich['phpgroupware']=_("Support for phpgroupware enabled")."<td class=\"check\">phpgwaccount.schema</td>";
207 }
209 if (!isset($objectclasses['goFonAccount'])){
210 $messages['phoneaccount']= _("Support for gofon disabled, no schema seems to be installed");
211 $affich['phoneaccount']=$messages['phoneaccount']."<td class=\"check\">gofon.schema</td>";
212 }else{
213 $affich['phoneaccount']=_("Support for gofon enabled")."<td class=\"check\">gofon.schema</td>";
214 }
217 if(($_SESSION['ldapconf']['mail_methods'][$_SESSION['ldapconf']['mail']] == "kolab"))
218 if(!isset($objectclasses['kolabInetOrgPerson']))
219 {
220 $messages['kolab']= _("Support for Kolab disabled, no schema seems to be installed, setting mail-method to cyrus");
221 $tmp = array_flip($_SESSION['ldapconf']['mail_methods']);
222 $_SESSION['ldapconf']['mail']=$tmp['cyrus'];
223 $affich['kolab']=$messages['kolab']."<td class=\"check\">kolab2.schema</td>";
224 }else{
225 $affich['kolab']=_("Support for Kolab enabled")."<td class=\"check\">gofon.schema</td>";
226 }
229 if($aff==0)return ($messages);
230 else return(array_merge($affich,$affich2));
233 }
237 function check(&$faults, $message, $description, $test, $required= TRUE)
238 {
239 $msg= "<table class='check'><tr><td class='check' style='font-size:14px;'>$message</td><td rowspan=2 style='vertical-align:middle; text-align:center;width:45px;'>";
240 if ($test){
241 $msg.= _("OK")."<br>";
242 } else {
243 if (!$required){
244 $msg.="<font color=red>"._("Ignored")."</font><br>";
245 } else {
246 $msg.="<font color=red>"._("Failed")."</font><br>";
247 $faults++;
248 }
249 }
250 $msg.= "</td></tr><tr><td class='check' style='padding-left:20px;background-color:#F0F0F0;'>$description</td></tr></table><br>";
252 return $msg;
253 }
255 function perform_php_checks(&$faults)
256 {
257 global $check_globals;
259 $faults= 0;
260 $msg= "";
262 $msg.= "<h1>"._("PHP setup inspection")."</h1>";
263 $msg.= check ( $faults, _("Checking for PHP version (>=4.1.0)"),
264 _("PHP must be of version 4.1.0 or above for some functions and known bugs in PHP language."),
265 minimum_version('4.1.0'));
267 $msg.= check ( $faults, _("Checking for PHP version (<=5)"),
268 _("PHP must be below version 5."),
269 !minimum_version('5'));
272 $msg.= check ( $faults, _("Checking if register_globals is set to 'off'"),
273 _("register_globals is a PHP mechanism to register all global varibales to be accessible from scripts without changing the scope. This may be a security risk. GOsa will run in both modes."),
274 $check_globals == 0, FALSE);
276 $msg.= check ( $faults, _("Checking for ldap module"),
277 _("This is the main module used by GOsa and therefore really required."),
278 function_exists('ldap_bind'));
280 $msg.= check ( $faults, _("Checking for gettext support"),
281 _("Gettext support is required for internationalized GOsa."), function_exists('bindtextdomain'));
283 $msg.= check ( $faults, _("Checking for iconv support"),
284 _("This module is used by GOsa to convert samba munged dial informations and is therefore required."),
285 function_exists('iconv'));
287 $msg.= check ( $faults, _("Checking for mhash module"),
288 _("To use SSHA encryption, you'll need this module. If you are just using crypt or md5 encryption, ignore this message. GOsa will run without it."),
289 function_exists('mhash'), FALSE);
291 $msg.= check ( $faults, _("Checking for imap module"),
292 _("The IMAP module is needed to communicate with the IMAP server. It gets status informations, creates and deletes mail users."),
293 function_exists('imap_open'));
294 $msg.= check ( $faults, _("Checking for getacl in imap"),
295 _("The getacl support is needed for shared folder permissions. The standard IMAP module is not capable of reading acl's. You need a recend PHP version for this feature."),
296 function_exists('imap_getacl'), FALSE);
297 $msg.= check ( $faults, _("Checking for mysql module"),
298 _("MySQL support is needed for reading GOfax reports from databases."),
299 function_exists('mysql_query'), FALSE);
300 $msg.= check ( $faults, _("Checking for cups module"),
301 _("In order to read available printers from IPP protocol instead of printcap files, you've to install the CUPS module."),
302 function_exists('cups_get_dest_list'), FALSE);
303 $msg.= check ( $faults, _("Checking for kadm5 module"),
304 _("Managing users in kerberos requires the kadm5 module which is downloadable via PEAR network."),
305 function_exists('kadm5_init_with_password'), FALSE);
306 return ($msg);
307 }
310 function perform_additional_checks(&$faults)
311 {
312 # Programm check
313 $msg= "<h1>"._("Checking for some additional programms")."</h1>";
315 # Image Magick
316 $query= "LC_ALL=C LANG=C convert -help";
317 $output= shell_exec ($query);
318 if ($output != ""){
319 $lines= split ("\n", $output);
320 $version= preg_replace ("/^Version:[^I]+ImageMagick ([^\s]+).*/", "\\1", $lines[0]);
321 list($major, $minor)= split("\.", $version);
322 $msg.= check ( $faults, _("Checking for ImageMagick (>=5.4.0)"),
323 _("ImageMagick is used to convert user supplied images to fit the suggested size and the unified JPEG format."),
324 ($major > 5 || ($major == 5 && $minor >= 4)));
325 } else {
326 $msg.= check ( $faults, _("Checking imagick module for PHP"),
327 _("Imagick is used to convert user supplied images to fit the suggested size and the unified JPEG format from PHP script."), function_exists('imagick_blob2image'), TRUE);
328 }
330 # Check for fping
331 $query= "LC_ALL=C LANG=C fping -v 2>&1";
332 $output= shell_exec ($query);
333 $have_fping= preg_match("/^fping:/", $output);
334 $msg.= check ( $faults, _("Checking for fping utility"),
335 _("The fping utility is only used if you've got a thin client based terminal environment running."),
336 $have_fping, FALSE);
338 # Check for smb hash generation tool
339 $query= "mkntpwd 2>&1";
340 $output= shell_exec ($query);
341 $have_mkntpwd= preg_match("/^Usage: mkntpwd /", $output);
342 $alt = 0;
344 if (!$have_mkntpwd){
345 $query= "LC_ALL=C LANG=C perl -MCrypt::SmbHash -e 'ntlmgen \"PASSWD\", \$lm, \$nt; print \"\${lm}:\${nt}\\n\";' &>/dev/null";
346 system ($query, $ret);
347 $alt= ($ret == 0);
348 }
350 $msg.= check ( $faults, _("Checking for a way to generate LM/NT password hashes"),
351 _("In order to use SAMBA 2/3, you've to install some additional packages to generate password hashes."),
352 ($have_mkntpwd || $alt));
353 # checking for some PHP.ini Options
355 /* seesio.auto_start should be off, in order to without trouble*/
357 $arra = ini_get_all();
359 /* This array contains folling info now :
360 global_value 0
361 local_value 0
362 access 7
364 -->Access types
365 PHP_INI_USER 1 Entry can be set in user scripts
366 PHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.conf
367 PHP_INI_SYSTEM 4 Entry can be set in php.ini or httpd.conf
368 PHP_INI_ALL 7 Entry can be set anywhere
370 */
372 $session_auto_start = ($arra['session.auto_start']);
373 $implicit_flush = ($arra['implicit_flush']);
374 $max_execution_time = ($arra['max_execution_time']);
375 $memory_limit = ($arra['memory_limit']);
376 $expose_php = ($arra['expose_php']);
377 $magic_quotes_gpc = ($arra['magic_quotes_gpc']);
378 $register_globals = ($arra['register_globals']);
381 // auto_register
382 $msg.= check ( $faults, _("php.ini check -> session.auto_register"),
383 _("In Order to use GOsa without any trouble, the session.auto_register option in your php.ini must be set to 'Off'."), (!$session_auto_start['local_value']));
387 //implicit_flush
388 $msg.= check ( $faults, _("php.ini check -> implicit_flush"),
389 _("This option influences the Output handling. Turn this Option off, to increase performance."),
390 !$implicit_flush['local_value'],0,false);
392 //max_execution_time
393 if($max_execution_time['local_value'] < 30 ){
394 $max_execution_time['local_value']=false;
395 }
396 $msg.= check ( $faults, _("php.ini check -> max_execution_time"),
397 _("The Execution time should be at least 30 seconds, because some actions may consume more time."),
398 $max_execution_time['local_value'],0,false);
400 //memory_limit
401 if($memory_limit['local_value'] < 8 ){
402 $memory_limit['local_value']=false;
403 }
404 $msg.= check ( $faults, _("php.ini check -> memory_limit"),
405 _("GOsa needs at least 8MB of memory, less will cause unpredictable errors! An optimal setting would be 16MB, increase it for larger setups."),
406 !$implicit_flush['local_value'],0,false);
408 //expose_php
409 $msg.= check ( $faults, _("php.ini check -> expose_php"),
410 _("Increase the server security by setting expose_php to 'off'. PHP won't send any Information about the server you are running in this case."),
411 !$implicit_flush['local_value'],0,false);
413 //magic_quotes_gpc
414 $msg.= check ( $faults, _("php.ini check -> magic_quotes_gpc"),
415 _("Increase your server security by setting magic_quotes_gpc to 'on'. PHP will escape all quotes in strings in this case."),
416 $magic_quotes_gpc['local_value'],0,false);
418 return $msg;
419 }
423 //! Added by Hickert
424 //
425 // Parse /contrib/gosa.conf to set user defined values
426 //This function may create the ldap.conf
427 // Lets try
428 function parse_contrib_conf()
429 {
430 /* First gather all needed informations */
434 /* Variables */
435 $str = "";
436 $used_samba_version = 0;
437 $query = "";
438 $fp = false;
439 $output = "";
440 $needridbase_sid = false;
441 $pwdhash = "";
442 $replacements = array();
443 $ldapconf = $_SESSION['ldapconf']; // The Installation information
444 $classes = $_SESSION['classes']; // Class information needed to define which features are enabled
445 $possible_plugins = array();
447 if(isset($classes['samba3'])) // means Samba 3 is disabled
448 $used_samba_version = 2;
449 else
450 $used_samba_version = 3;
453 if(file_exists("/usr/lib/gosa/mkntpasswd")) {
454 $pwdhash = "/usr/lib/gosa/mkntpasswd";
455 }
456 elseif (preg_match("/^Usage: mkntpwd /", shell_exec ("mkntpwd 2>&1"))) {
457 $pwdhash= "mkntpwd";
458 } else {
459 $pwdhash=addslashes(' perl -MCrypt::SmbHash -e "ntlmgen \"\$ARGV[0]\", \$lm, \$nt; print \"\${lm}:\${nt}\n\";" $1');
460 // $pwdhash= 'perl -MCrypt::SmbHash -e \"ntlmgen \\"\\$ARGV[0]\\", \\$lm, \\$nt; print \\"\\${lm}:\\${nt}\\\";\"';
461 }
464 // Define which variables will be replaced
465 $replacements['{LOCATIONNAME}'] = $ldapconf['location'];
466 $replacements['{SAMBAVERSION}'] = $used_samba_version;
467 $replacements['{LDAPBASE}'] = $ldapconf['base'];
468 $replacements['{LDAPADMIN}'] = $ldapconf['admin'];
469 $replacements['{DNMODE}'] = $ldapconf['peopledn'];
470 $replacements['{LDAPHOST}'] = $ldapconf['uri'];
471 $replacements['{PASSWORD}'] = $ldapconf['password'];
472 $replacements['{CRYPT}'] = $ldapconf['arr_cryptkeys'][$ldapconf['arr_crypts']];
473 $replacements['{SID}'] = "";
474 $replacements['{RIDBASE}'] = "";
475 $replacements['{MAILMETHOD}'] = $ldapconf['mail_methods'][$ldapconf['mail']];
476 $replacements['{SMBHASH}'] = $pwdhash;
477 $replacements['{GOVERNMENTMODE}'] = "false";
478 $replacements['{kolabAccount}'] = "";
479 $replacements['{servKolab}'] = "";
482 // This array contains all preg_replace syntax to delete all unused plugins
483 // THE kEY MUST BE THE CLASSNAME so we can check it with $ldapconf['classes']
485 $possible_plugins['fonreport'][] ="'\n.*<plugin.*fonreport+.*\n.*>.*\n'i";
486 $possible_plugins['phoneaccount'][] ="'\n.*<tab.*phoneAccount.*>.*\n'i";
488 $possible_plugins['logview'][] ="'\n.*<plugin.*logview+.*\n.*>.*\n'i";
490 $possible_plugins['pureftp'][] ="'\n.*<tab.*pureftp.*>.*\n'i";
492 $possible_plugins['webdav'][] ="'\n.*<tab.*webdav.*>.*\n'i";
494 $possible_plugins['phpgroupware'][] ="'\n.*<tab.*phpgroupware.*>'i";
497 // Header information
498 // Needed to send the generated gosa.conf to the browser
499 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
500 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
501 header("Cache-Control: no-cache");
502 header("Pragma: no-cache");
503 header("Cache-Control: post-check=0, pre-check=0");
504 header("Content-type: text/plain");
506 if (preg_match('/MSIE 5.5/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 6.0/', $_SERVER['HTTP_USER_AGENT']))
507 {
508 header('Content-Disposition: filename="gosa.conf"');
509 } else {
510 header('Content-Disposition: attachment; filename="gosa.conf"');
511 }
514 if(!$fp=fopen(CONFIG_TEMPLATE_DIR."/gosa.conf","r"))
515 {
516 echo "Can't open file ".CONFIG_TEMPLATE_DIR."/gosa.conf";
517 // Don't write anything else
518 }
519 else
520 {
521 // Read out Data .....
522 while(!feof($fp))
523 {
524 $str.= fread($fp,512);
525 }
529 if($ldapconf['mail_methods'][$ldapconf['mail']]=="kolab")
530 {
531 $replacements['{kolabAccount}'] ="<tab class=\"kolabAccount\" />";
532 $replacements['{servKolab}'] ="<tab class=\"servkolab\" name=\"Kolab\" />";
533 }
539 // Lets check which samba version we will use
541 // in case of samba 2 we don't need to add additional objets in gosa.conf
542 // in case of samba 3 we musst detect if theres an objectType = SambaObjekt defined
543 // if theres is one, then do nothing, because the setup will detect the the SID themself
544 // if theres none defined add SID and RIDBASE to gosa.conf
547 if($used_samba_version == 2)
548 {
549 // Do nothing ...
550 }
551 else
552 {
553 // Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
554 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
557 // Try to find a Samba Domain Objekt
558 $ldap->search("(objectClass=sambaDomain)");
560 // Something found ??? so we need to define ridbase an SID by ourselfs
561 if($ldap->count()< 1)
562 {
563 $replacements['{SID}'] = "sid=\"123412-11\"";
564 $replacements['{RIDBASE}'] = "ridbase=\"1000\"";
565 }
566 }// else --> $used_samba_version == 2
568 // Data readed, types replaced, samba version detected and checked if we need to add SID and RIDBASE
571 // Check if there is an ivbbEntry in the LDAP tree, in this case we will set the governmentmode to true
572 // Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
574 if(!isset($ldap))
575 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
578 // Try to find a Samba Domain Objekt
579 $ldap->search("(objectClass=ivbbEntry)");
581 // Something found ??? so we need to define ridbase an SID by ourselfs
582 if($ldap->count()> 0)
583 {
584 $replacements['{GOVERNMENTMODE}'] = "true";
585 }
588 // Replace all colleted information with placeholder
589 foreach($replacements as $key => $val)
590 {
591 $str = preg_replace("/".$key."/",$val,$str);
592 // $str = ereg_replace($key,$val,$str);
593 }
595 // Remove all unused plugins
596 foreach($possible_plugins as $plugin)
597 {
598 foreach($plugin as $key=>$val)
599 {
600 if(in_array($plugin,$classes))
601 {
602 $str = preg_replace($val,"\n",$str);
603 }
604 }
605 }
608 }// else --> !$fp=fopen("../contrib/gosa.conf","r")
610 return ((($str)));
611 }
614 // This ist the first page shown in setup
615 // This page test some packages, like php version, ldap_module aso
616 // The funtion don't save anything, it tests only, when withoutput = false
617 // (called from setup.php);
618 function show_setup_page1($withoutput = true)
619 {
620 $smarty = get_smarty();
622 $smarty->assign ("content", get_template_path('setup_introduction.tpl'));
623 $smarty->assign ("tests", perform_php_checks($faults));
627 // This var is true if there is anything went wrong
628 if ($faults)
629 {
630 $smarty->assign("mode", "disabled");
631 }
633 // This line displays the template only if (withoutput is set)
634 if($withoutput)
635 $smarty->display (get_template_path('headers.tpl'));
637 if (isset($_SESSION['errors']))
638 {
639 $smarty->assign("errors", $_SESSION['errors']);
640 }
642 if($withoutput)
643 $smarty->display (get_template_path('setup.tpl'));
645 return (!$faults);
646 }
654 /* Shows Setup_page 2*/
655 function show_setup_page2($withoutput = true)
656 {
657 $smarty = get_smarty();
659 $smarty->assign ("content", get_template_path('setup_step2.tpl'));
660 $smarty->assign ("tests", perform_additional_checks($faults));
662 if ($faults) {
663 $smarty->assign("mode", "disabled");
664 }
665 if($withoutput){
666 $smarty->display (get_template_path('headers.tpl'));
667 }
669 if (isset($_SESSION['errors'])) {
670 $smarty->assign("errors", $_SESSION['errors']);
671 }
672 if($withoutput){
673 $smarty->display (get_template_path('setup.tpl'));
674 }
675 return (!$faults);
676 }
679 /* Setup page 3 asks for the server address
680 "Now we're going to include your LDAP server and create an initial configuration"*/
681 function show_setup_page3($withoutput = true)
682 {
684 // Take the Post oder the Sessioin saved data
685 if(isset($_POST['uri']))
686 $uri = $_POST['uri'];
687 elseif(isset($_SESSION['ldapconf']['uri']))
688 $uri = $_SESSION['ldapconf']['uri'];
690 // If Page called first time, field is empty
691 if((!isset($uri))||(empty($uri)))
692 $uri = "ldap://localhost:389";
695 $smarty = get_smarty();
697 // if isset $uri save it to session
698 if(isset($uri))
699 {
700 $_SESSION['ldapconf']['uri'] = $uri;
701 $smarty->assign ("uri", validate($uri));
702 }
705 // No error till now
706 $fault = false;
709 // If we pushed the Button continue
710 if(isset($_POST['continue3']))
711 if(!isset($uri))
712 {
713 $fault = true;
714 // Output the Error
715 if($withoutput)
716 {
717 print_red (_("You've to specify an ldap server before continuing!"));
718 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
719 }
720 }
721 elseif (!$ds = @ldap_connect (validate($uri)))
722 {
723 $fault =true;
724 // Output the Error
725 if($withoutput)
726 {
727 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
728 $smarty->assign ("uri", validate($uri));
729 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
730 }
731 }
732 else
733 {
734 // Try to bind the connection
735 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
737 // if we can't bind , print error
738 if (!$r = @ldap_bind ($ds))
739 {
740 $fault = true;
741 // Output the Error
742 if($withoutput)
743 {
744 print_red (_("Can't bind to the specified LDAP server! Please make sure that is reachable for GOsa."));
745 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
746 $smarty->assign ("uri", validate($uri));
747 }
748 }
749 else
750 {
751 $fault = false;
752 }
753 }
756 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
759 // Load Header
760 if($withoutput)
761 $smarty->display (get_template_path('headers.tpl'));
763 // Set Errors to Smarty
764 if (isset($_SESSION['errors']))
765 {
766 $smarty->assign("errors", $_SESSION['errors']);
767 }
769 // Print out Template
770 if($withoutput)
771 $smarty->display (get_template_path('setup.tpl'));
775 return (!$fault);
776 }
780 // Setup page 4
781 // This page asked for detailed info, like base dn or admin user
782 // if evrything is ok , but there's a missing user with ACL :all we show a a user creation page before we show page 5
783 function show_setup_page4($withoutput = true)
784 {
787 require_once("class_password-methods.inc");
789 error_reporting(E_ALL);
794 $fault = false; // If an error occures we set this var to true
795 $smarty = get_smarty(); // Our smarty instance
796 $uri = $_SESSION['ldapconf']['uri']; // This is the the connect path to the ldapserver like ldap://lo..
797 $ldapconf = $_SESSION['ldapconf']; // The ldap Configuration informations, we collected while setup
798 $arr_crypts = array(); // array which includes contains all possible password crypting methods
799 $temp = ""; // Temp
800 $checkvars = array("location","admin","password","peopleou","peopledn","arr_crypts","mail","uidbase");
803 if(!isset($_SESSION['ldapconf']['arr_cryptkeys']))
804 {
805 require_once("class_password-methods.inc");
806 $tmp = passwordMethod::get_available_methods_if_not_loaded();
807 $_SESSION['ldapconf']['arr_cryptkeys']= $tmp['name'];
808 }
812 if(!isset($_SESSION['ldapconf']['mail_methods']))
813 {
814 $_SESSION['ldapconf']['mail_methods']=array();
815 $temp = get_available_mail_classes();
816 $_SESSION['ldapconf']['mail_methods']= $temp['name'];
817 }
822 // If there are some empty vars in ldapconnect
823 // This values also represent out default values
825 # first try to get $base
826 if(!$ds = @ldap_connect (validate($uri)))
827 {
828 $fault = true;
829 if($withoutput)
830 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
831 }
832 elseif(!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
833 {
834 $fault = true;
835 if($withoutput)
836 print_red (_("Can't bind to the specified LDAP server!. Please make sure that is reachable for GOsa."));
837 }
838 elseif(! $r = @ldap_bind ($ds))
839 {
840 $fault = true;
841 if($withoutput)
842 print_red (_("Can't bind to the specified LDAP server! Please make sure that is reachable for GOsa."));
843 }
844 else
845 {
846 $sr= @ldap_search ($ds, "", "objectClass=*", array("namingContexts"));
849 $attr= @ldap_get_entries($ds,$sr);
850 if((empty($attr)))
851 {
852 $base= "dc=example,dc=net";
855 if($withoutput)
856 print_red(_("Bind to server successful, but the server seems to be completly empty, please check all informations twice"));
858 }
859 else
860 {
861 $base= $attr[0]['dn'];
862 }
863 }
867 if(!isset($_SESSION['ldapconf']['base'])) $_SESSION['ldapconf']['base'] = $base;
868 if(!isset($_SESSION['ldapconf']['admin'])) $_SESSION['ldapconf']['admin'] = "cn=ldapadmin,".$base;
869 if(!isset($_SESSION['ldapconf']['peopleou'])) $_SESSION['ldapconf']['peopleou'] = "ou=people";
870 if(!isset($_SESSION['ldapconf']['groupou'])) $_SESSION['ldapconf']['groupou'] = "ou=groups";
871 if(!isset($_SESSION['ldapconf']['peopledn'])) $_SESSION['ldapconf']['peopledn'] = "cn";
872 if(!isset($_SESSION['ldapconf']['password'])) $_SESSION['ldapconf']['password'] = "";
873 if(!isset($_SESSION['ldapconf']['location'])) $_SESSION['ldapconf']['location'] = "Example";
874 if(!isset($_SESSION['ldapconf']['uidbase'])) $_SESSION['ldapconf']['uidbase'] = "1000";
875 if(!isset($_SESSION['ldapconf']['mail'])) $_SESSION['ldapconf']['mail'] = 0;
876 $tmp = array_flip($_SESSION['ldapconf']['arr_cryptkeys']);
877 if(!isset($_SESSION['ldapconf']['arr_crypts'])) $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5'];
880 // check Post data
882 if(isset($_POST['check']))
883 {
884 // Check if all needed vars are submitted
885 foreach($checkvars as $key)
886 {
887 if((isset($_POST[$key]))&&($_POST[$key]!=""))
888 {
889 $_SESSION['ldapconf'][$key] = $_POST[$key];
890 }
891 else
892 {
893 if($withoutput)
894 {
895 print_red(sprintf(_("You're missing the required attribute '%s' from this formular. Please complete!"), $key));
896 }
897 $fault = true;
898 }
899 }
901 // check if another base is given ... (ldapadmin...dc=base,dc=de) ..
903 $base = $_SESSION['ldapconf']['admin'];
904 $tmp = array_reverse ( split(",",$base));
905 $base = $tmp[1].",".$tmp[0];
906 $_SESSION['ldapconf']['base'] = $base;
909 }
913 $smarty->assign("arr_cryptkeys",$_SESSION['ldapconf']['arr_cryptkeys']);
914 $smarty->assign("mail_methods", $_SESSION['ldapconf']['mail_methods']);
916 foreach($_SESSION['ldapconf'] as $key => $val)
917 {
918 $smarty->assign($key,$val);
919 }
921 if(isset($_POST['check']))
922 {
923 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
925 $m= schema_check($_SESSION['ldapconf']['uri'], $_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password']);
926 $_SESSION['classes']= $m;
928 if ($ldap->error != "Success")
929 {
930 if($withoutput)
931 {
932 print_red(sprintf(_("Can't log into LDAP server. Reason was: %s."), $ldap->get_error()));
933 }
934 $fault = true;
935 }
936 }
940 // Set smarty output
941 $smarty->assign ("content", get_template_path('setup_step4.tpl'));
943 $smarty->assign ("peopledns", array("cn", "uid"));
944 if($withoutput)
945 $smarty->display (get_template_path('headers.tpl'));
947 if(isset($_SESSION['errors']))
948 {
949 $smarty->assign("errors", $_SESSION['errors']);
950 }
951 if($withoutput)
952 $smarty->display (get_template_path('setup.tpl'));
955 return (!$fault);
958 }
963 // This page shows your configuration
964 // and wants you to download the gosa.conf ....
965 function show_setup_page5($withoutput=true)
966 {
967 // Get ldapconf
968 $ldapconf= $_SESSION['ldapconf'];
970 // get smarty
971 $smarty = get_smarty();
973 if(isset($_SESSION['classes']))
974 $classes = $_SESSION['classes'];
976 $info= posix_getgrgid(posix_getgid());
977 $smarty->assign ("webgroup", $info['name']);
978 $smarty->assign ("path", CONFIG_DIR);
979 $message = "";
980 $message.="<table class=\"check\">";
981 $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1);
983 if($withoutput)
984 {
985 $smarty->assign ("schemas", view_schema_check($m));
986 $smarty->assign ("content", get_template_path('setup_finish.tpl'));
987 }
988 // Output templates ....
990 if($withoutput)
991 $smarty->display (get_template_path('headers.tpl'));
993 if (isset($_SESSION['errors']))
994 {
995 $smarty->assign("errors", $_SESSION['errors']);
996 }
997 if($withoutput)
998 $smarty->display (get_template_path('setup.tpl'));
999 return(true);
1000 }
1013 // this function is called by setup step 5, in order to create a missinf Administrator
1014 // and or Administrational user
1015 // on success go on with setup_page5
1016 // else show this page aggain
1017 function create_user_for_setup($withoutput=true)
1018 {
1020 error_reporting(E_ALL);
1022 global $samba;
1024 $ldapconf = $_SESSION['ldapconf'];
1025 $smarty = get_smarty();
1029 if(isset($_SESSION['classes']))
1030 $classes= $_SESSION['classes'];
1032 // Everything runns perfect ...
1033 // So we do a last test on this page
1034 // is there a user with ACLs :all which will be able to adminsitrate GOsa
1035 // We check that, if this user or group is missing we ask for creating them
1037 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
1039 // $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
1041 // Now we are testing for a group, with the rights :all
1042 $ldap->cd($ldapconf['base']);
1043 $ldap->search("(&(objectClass=gosaObject)(gosaSubtreeACL=:all))");
1045 $group_cnt = $ldap->count();
1046 $data = $ldap->fetch();
1047 $create_user = false;
1049 // We need to create Administrative user and group
1050 // Because theres no Group found
1051 if($group_cnt < 1)
1052 {
1053 // Set var to create user
1054 $create_user = true;
1056 // Output error
1057 if(($withoutput)&&(!isset($_POST['new_admin'])))
1058 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1059 }
1060 else
1061 {
1063 // We found an Administrative Group, is there a user too
1064 if(isset($data['memberUid'][0]))
1065 {
1066 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person))",array("uid=".$data['memberUid'][0]));
1067 $data2 = $ldap->fetch();
1068 $user_cnt = $ldap->count();
1069 }
1071 // We must create a user
1072 if (($ldap->count() < 1)||(!isset($data2)))
1073 {
1074 $create_user = true;
1075 if(($withoutput)&&(!isset($_POST['new_admin'])))
1076 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1077 }
1078 else
1079 {
1080 // We don't need to add a user
1081 return(true);
1082 }
1084 }// if($group_cn)
1086 // We need to create a new user with group
1087 if(isset($_POST['new_admin']))
1088 {
1089 // Is there a running user ?
1090 // Then add additional
1092 if (isset($classes['samba3']))
1093 {
1094 $samba= "2";
1095 $lmPassword = "lmPassword";
1096 $ntPassword = "ntPassword";
1097 } else {
1098 $samba= "3";
1099 $lmPassword = "sambaLMPassword";
1100 $ntPassword = "sambaNtPassword";
1101 }
1104 // Nothing submitted
1105 if(( (empty($_POST['admin_name']))||(empty($_POST['admin_pass'])) )&&(!$create_user))
1106 {
1107 return(true);
1108 }
1110 // We have the order to create on Admin ^^
1111 // Detect Samba version to define the Attribute names shown below
1112 // go to base
1113 $ldap->cd($ldapconf['base']);
1115 // Define the user we are going to create
1116 $dn = "cn=".$_POST['admin_name'].",".$ldapconf['peopleou'].",".$ldapconf['base'];
1119 $arr['objectClass'][0] ="person";
1120 $arr['objectClass'][1] ="organizationalPerson";
1121 $arr['objectClass'][2] ="inetOrgPerson";
1122 $arr['objectClass'][3] ="gosaAccount";
1123 $arr['uid'] = $_POST['admin_name'];
1124 $arr['cn'] = $_POST['admin_name'];
1125 $arr['sn'] = $_POST['admin_name'];
1127 $arr['givenName'] = "GOsa main administrator";
1128 $arr[$lmPassword] = "10974C6EFC0AEE1917306D272A9441BB";
1129 $arr[$ntPassword] = "38F3951141D0F71A039CFA9D1EC06378";
1130 $arr['userPassword'] = crypt_single($_POST['admin_pass'],"md5");
1131 if( ! $ldap->dn_exists ( $dn )) {
1132 $ldap->cd($dn);
1133 $ldap->create_missing_trees($dn);
1134 $ldap->add($arr);
1135 if($ldap->error!="Success") {
1136 print_red("Can't create user, and / or Group, possibly this problem depends on an empty LDAP server. Check your configuration and try again!");
1137 }
1138 }
1140 // theres already a group for administrator, so we only need to add the user
1141 if($group_cnt)
1142 {
1143 if(!isset($data['memberUid']))
1144 {
1145 $arrr['memberUid']= $_POST['admin_name'];
1146 }
1147 else
1148 {
1149 $data['memberUid'][$data['memberUid']['count']]=$_POST['admin_name'];
1150 $arrr['memberUid'] = $data['memberUid'];
1151 unset($arrr['memberUid']['count']);
1152 }
1153 $ldap->cd($data['dn']);
1154 $ldap->modify($arrr);
1155 }
1156 else
1157 {
1158 // there was no group defined, so we must create one
1159 $dn = "cn=administrators,".$ldapconf['groupou'].",".$ldapconf['base'];
1160 $arrr['objectClass'][0] = "gosaObject";
1161 $arrr['objectClass'][1] = "posixGroup";
1162 $arrr['gosaSubtreeACL'] = ":all";
1163 $arrr['cn'] = "administrators";
1164 $arrr['gidNumber'] = "999";
1165 $arrr['memberUid'] = $_POST['admin_name'];
1166 $ldap->cd($dn);
1167 $ldap->add($arrr);
1168 }
1171 // We created the Group and the user, so we can go on with the next setup step
1172 return(true);
1173 }
1174 else
1175 {
1176 if(!($create_user))
1177 {
1178 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1179 $smarty->assign("exists",true);
1180 }
1181 else
1182 {
1183 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1184 $smarty->assign("exists",false);
1185 }
1186 }
1189 // Smarty outout
1191 if($withoutput)
1192 $smarty->display (get_template_path('headers.tpl'));
1194 if (isset($_SESSION['errors']))
1195 {
1196 $smarty->assign("errors", $_SESSION['errors']);
1197 }
1198 if($withoutput)
1199 $smarty->display (get_template_path('setup.tpl'));
1202 return(false);
1203 }
1206 // Returns the classnames auf the mail classes
1207 function get_available_mail_classes()
1208 {
1209 $dir = opendir( "../include");
1210 $methods = array();
1211 $suffix = "class_mail-methods-";
1212 $lensuf = strlen($suffix);
1213 $prefix = ".inc";
1214 $lenpre = strlen($prefix);
1217 $i = 0;
1218 while (($file = readdir($dir)) !== false)
1219 {
1220 if(stristr($file,$suffix))
1221 {
1222 $lenfile = strlen($file);
1223 $methods['name'][$i] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1224 $methods['file'][$i] = $file;
1225 $methods[$i]['file'] = $file;
1226 $methods[$i]['name'] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1227 $i++;
1228 }
1229 }
1230 return($methods);
1231 }
1239 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1240 ?>