= $minver){
return (true);
}
return (false);
}
function check_schema_version($description, $version)
{
$desc= preg_replace("/^.* DESC\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $description);
return preg_match("/\(v$version\)/", $desc);
}
function view_schema_check($table)
{
$message="
";
foreach ($table as $key => $msg){
$message.= "$msg";
if(strstr($msg,"enabled")) {
$message.=" | |
";
}
else
{
$message.=" | ";}
}
$message.="
";
return $message;
}
function schema_check($server, $admin, $password,$aff=0)
{
global $config;
$messages= array();
$required_classes= array(
"gosaObject" => array("version" => "2.1"),
"gosaAccount" => array("version" => "2.1.2"),
"gosaLockEntry" => array("version" => "2.1"),
"gosaCacheEntry" => array("version" => "2.1"),
"gosaDepartment" => array("version" => "2.1"),
"goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"gosaUserTemplate" => array("version" => "2.1", "class" => "posixAccount","file" => "nis.schema"),
"gosaMailAccount" => array("version" => "2.1", "class" => "mailAccount","file" => "gosa+samba3.schema"),
"gosaProxyAccount" => array("version" => "2.1.2", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
"gosaApplication" => array("version" => "2.1", "class" => "appgroup","file" => "gosa.schema"),
"gosaApplicationGroup" => array("version" => "2.1", "class" => "appgroup","file" => "gosa.schema"),
"GOhard" => array("version" => "2.1", "class" => "terminals","file" => "goto.schema"),
"gotoTerminal" => array("version" => "2.0", "class" => "terminals","file" => "goto.schema"),
"goServer" => array("version" => "2.1","class" => "server","file" => "goserver.schema"),
"goTerminalServer" => array("version" => "2.1", "class" => "terminals","file" => "goto.schema"),
"goNfsServer" => array("version" => "2.1", "class" => "terminals","file" => "goto.schema"),
"goNtpServer" => array("version" => "2.1", "class" => "terminals","file" => "goto.schema"),
"goSyslogServer" => array("version" => "2.1", "class" => "terminals","file" => "goto.schema"),
"goLdapServer" => array("version" => "2.1"),
"goCupsServer" => array("version" => "2.1", "class" => array("posixAccount", "terminals"),),
"goImapServer" => array("version" => "2.1", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3.schema"),
"goKrbServer" => array("version" => "2.1"),
"goFaxServer" => array("version" => "2.1", "class" => "gofaxAccount","file" => "gofax.schema"),
);
/* Build LDAP connection */
$ds= ldap_connect ($server);
if (!$ds) {
return (array(_("Can't bind to LDAP. No schema check possible!")));
}
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$r= ldap_bind ($ds, $admin, $password);
/* Get base to look for schema */
$sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
$attr= @ldap_get_entries($ds,$sr);
if (!isset($attr[0]['subschemasubentry'][0])){
return (array(_("Can't get schema information from server. No schema check possible!")));
}
/* Get list of objectclasses */
$nb= $attr[0]['subschemasubentry'][0];
$objectclasses= array();
$sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
$attrs= ldap_get_entries($ds,$sr);
if (!isset($attrs[0])){
return (array(_("Can't get schema information from server. No schema check possible!")));
}
foreach ($attrs[0]['objectclasses'] as $val){
$name= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
if ($name != $val){
$objectclasses[$name]= $val;
}
}
/* Walk through objectclasses and check if they are needed or not */
foreach ($required_classes as $key => $value){
if (isset($value['class'])){
if (!is_array($value['class'])){
$classes= array($value['class']);
} else {
$classes= $value['class'];
}
/* Check if we are using the class that requires */
foreach($classes as $class){
if (!isset($objectclasses[$key])){
$messages[$key]= sprintf(_("Optional objectclass '%s' required by plugin '%s' is not present in LDAP setup"), $key, $class);
} else {
if (!check_schema_version($objectclasses[$key], $value['version'])){
$messages[$key]= sprintf(_("Optional objectclass '%s' required by plugin '%s' does not have version %s"), $key, $class, $value['version']);
}else {
if(!isset($affich2[$class])){
$affich2[$class]="Support for $class enabled ".$value['file']." | ";
}
}
}
}
} else {
/* Required class */
if (!isset($objectclasses[$key])){
$messages[$key]= sprintf(_("Required objectclass '%s' is not present in LDAP setup"), $key);
} else {
if (!check_schema_version($objectclasses[$key], $value['version'])){
$messages[$key]= sprintf(_("Required objectclass '%s' does not have version %s"), $key, $value['version']);
}
}
}
}
/* Check for correct samba parameters */
if (!isset($objectclasses['sambaSamAccount'])){
$messages['samba3']= _("SAMBA 3 support disabled, no schema seems to be installed");
$affich['samba3']= $messages['samba3']."gosa+samba3.schema | ";
}else{$affich['samba3']=_("SAMBA 3 support enabledgosa+samba3.schema | ");}
if (!isset($objectclasses['sambaAccount'])){
$messages['samba2']= _("SAMBA 2 support disabled, no schema seems to be installed");
$affich['samba2']=$messages['samba2']."samba.schema | ";
}else{$affich['samba2']=_("SAMBA 2 support enabledsamba.schema | ");}
/* Check pureftp/dns/ */
if (!isset($objectclasses['PureFTPdUser'])){
$messages['pureftp']= _("Support for pureftp disabled, no schema seems to be installed");
$affich['pureftp']= $messages['pureftp']."pureftpd.schema | ";
}else{$affich['pureftp']=_("Support for pureftp enabledpureftpd.schema | ");}
if (!isset($objectclasses['gosaWebdavAccount'])){
$messages['webdav']= _("Support for WebDAV disabled, no schema seems to be installed");
$affich['webdav']=$messages['webdav']." | ";
}else{$affich['webdav']=_("Support for WebDAV enabledgosa+samba3.schema | ");}
if (!isset($objectclasses['phpgwAccount'])){
$messages['phpgroupware']= _("Support for phpgroupware disabled, no schema seems to be installed");
$affich['phpgroupware']=$messages['phpgroupware']."phpgwaccount.schema | ";
}else{$affich['phpgroupware']=_("Support for phpgroupware enabledphpgwaccount.schema | ");}
if (!isset($objectclasses['goFonAccount'])){
$messages['phoneaccount']= _("Support for gofon disabled, no schema seems to be installed");
$affich['phoneaccount']=$messages['phoneaccount']."gofon.schema | ";
}else{$affich['phoneaccount']=_("Support for gofon enabledgofon.schema | ");}
if(($_SESSION['ldapconf']['mail_methods'][$_SESSION['ldapconf']['mail']] == "kolab"))
if(!isset($objectclasses['kolabInetOrgPerson']))
{
$messages['kolab']= _("Support for Kolab disabled, no schema seems to be installed, setting mail-method to cyrus");
$tmp = array_flip($_SESSION['ldapconf']['mail_methods']);
$_SESSION['ldapconf']['mail']=$tmp['cyrus'];
$affich['kolab']=$messages['kolab']."kolab2.schema | ";
}else{$affich['kolab']=_("Support for Kolab enabledgofon.schema | ");}
if($aff==0)return ($messages);
else return(array_merge($affich,$affich2));
}
function check(&$faults, $message, $description, $test, $required= TRUE)
{
$msg= "$message | ";
if ($test){
$msg.= _("OK")." ";
} else {
if (!$required){
$msg.=""._("Ignored")." ";
} else {
$msg.=""._("Failed")." ";
$faults++;
}
}
$msg.= " |
$description |
";
return $msg;
}
function perform_php_checks(&$faults)
{
global $check_globals;
$faults= 0;
$msg= "";
$msg.= ""._("PHP setup inspection")."
";
$msg.= check ( $faults, _("Checking for PHP version (>=4.1.0)"),
_("PHP must be of version 4.1.0 or above for some functions and known bugs in PHP language."),
minimum_version('4.1.0'));
$msg.= check ( $faults, _("Checking if register_globals is set to 'off'"),
_("register_globals is a PHP mechanism to register all global varibales to be accessible from scripts without changing the scope. This may be a security risk. GOsa will run in both modes."),
$check_globals == 0, FALSE);
$msg.= check ( $faults, _("Checking for ldap module"),
_("This is the main module used by GOsa and therefore really required."),
function_exists('ldap_bind'));
$msg.= check ( $faults, _("Checking for gettext support"),
_("Gettext support is required for internationalized GOsa."), function_exists('bindtextdomain'));
$msg.= check ( $faults, _("Checking for iconv support"),
_("This module is used by GOsa to convert samba munged dial informations and is therefore required."),
function_exists('iconv'));
$msg.= check ( $faults, _("Checking for mhash module"),
_("To use SSHA encryption, you'll need this module. If you are just using crypt or md5 encryption, ignore this message. GOsa will run without it."),
function_exists('mhash'), FALSE);
$msg.= check ( $faults, _("Checking for imap module"),
_("The IMAP module is needed to communicate with the IMAP server. It gets status informations, creates and deletes mail users."),
function_exists('imap_open'));
$msg.= check ( $faults, _("Checking for getacl in imap"),
_("The getacl support is needed for shared folder permissions. The standard IMAP module is not capable of reading acl's. You need a recend PHP version for this feature."),
function_exists('imap_getacl'), FALSE);
$msg.= check ( $faults, _("Checking for mysql module"),
_("MySQL support is needed for reading GOfax reports from databases."),
function_exists('mysql_query'), FALSE);
$msg.= check ( $faults, _("Checking for cups module"),
_("In order to read available printers from IPP protocol instead of printcap files, you've to install the CUPS module."),
function_exists('cups_get_dest_list'), FALSE);
$msg.= check ( $faults, _("Checking for kadm5 module"),
_("Managing users in kerberos requires the kadm5 module which is downloadable via PEAR network."),
function_exists('kadm5_init_with_password'), FALSE);
return ($msg);
}
function perform_additional_checks(&$faults)
{
# Programm check
$msg= ""._("Checking for some additional programms")."
";
# Image Magick
$query= "LC_ALL=C LANG=C convert -help";
$output= shell_exec ($query);
if ($output != ""){
$lines= split ("\n", $output);
$version= preg_replace ("/^Version:[^I]+ImageMagick ([^\s]+).*/", "\\1", $lines[0]);
list($major, $minor)= split("\.", $version);
$msg.= check ( $faults, _("Checking for ImageMagick (>=5.4.0)"),
_("ImageMagick is used to convert user supplied images to fit the suggested size and the unified JPEG format."),
($major > 5 || ($major == 5 && $minor >= 4)));
} else {
$msg.= check ( $faults, _("Checking imagick module for PHP"),
_("Imagick is used to convert user supplied images to fit the suggested size and the unified JPEG format from PHP script."), function_exists('imagick_blob2image'), TRUE);
}
# Check for fping
$query= "LC_ALL=C LANG=C fping -v 2>&1";
$output= shell_exec ($query);
$have_fping= preg_match("/^fping:/", $output);
$msg.= check ( $faults, _("Checking for fping utility"),
_("The fping utility is only used if you've got a thin client based terminal environment running."),
$have_fping, FALSE);
# Check for smb hash generation tool
$query= "mkntpwd 2>&1";
$output= shell_exec ($query);
$have_mkntpwd= preg_match("/^Usage: mkntpwd /", $output);
$alt = 0;
if (!$have_mkntpwd){
$query= "LC_ALL=C LANG=C perl -MCrypt::SmbHash -e 'ntlmgen \"PASSWD\", \$lm, \$nt; print \"\${lm}:\${nt}\\n\";' &>/dev/null";
system ($query, $ret);
$alt= ($ret == 0);
}
$msg.= check ( $faults, _("Checking for a way to generate LM/NT password hashes"),
_("In order to use SAMBA 2/3, you've to install some additional packages to generate password hashes."),
($have_mkntpwd || $alt));
# checking for some PHP.ini Options
/* seesio.auto_start should be off, in order to without trouble*/
$arra = ini_get_all();
/* This array contains folling info now :
global_value 0
local_value 0
access 7
-->Access types
PHP_INI_USER 1 Entry can be set in user scripts
PHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.conf
PHP_INI_SYSTEM 4 Entry can be set in php.ini or httpd.conf
PHP_INI_ALL 7 Entry can be set anywhere
*/
$session_auto_start = ($arra['session.auto_start']);
$implicit_flush = ($arra['implicit_flush']);
$max_execution_time = ($arra['max_execution_time']);
$memory_limit = ($arra['memory_limit']);
$expose_php = ($arra['expose_php']);
$magic_quotes_gpc = ($arra['magic_quotes_gpc']);
$register_globals = ($arra['register_globals']);
// auto_register
$msg.= check ( $faults, _("PHP.ini check -> session.auto_register"),
_("In Order to use GOsa without any trouble, the session.auto_register option in your php.ini musst be 'Off'."),
(!$session_auto_start['local_value']));
//implicit_flush
$msg.= check ( $faults, _("PHP.ini check -> implicit_flush"),
_("This Option defines the Ouput handling, turn this Option off, to increase performance."),
!$implicit_flush['local_value'],0,false);
//max_execution_time
if($max_execution_time['local_value'] < 30 )
$max_execution_time['local_value']=false;
$msg.= check ( $faults, _("PHP.ini check -> max_execution_time"),
_("The Execution time, should be 30 seconds minimun, cause some actions will need huge ammount of time ."),
$max_execution_time['local_value'],0,false);
//memory_limit
if($memory_limit['local_value'] < 8 )
$memory_limit['local_value']=false;
$msg.= check ( $faults, _("PHP.ini check -> memory_limit"),
_("GOsa need at least 8M of memory, less will cause unpredictable errors, sometimes without error message!. Best would be 32 M here."),
!$implicit_flush['local_value'],0,false);
//expose_php
$msg.= check ( $faults, _("PHP.ini check -> expose_php"),
_("PHP won't send any Information about the Server you are running, should be a security fact."),
!$implicit_flush['local_value'],0,false);
//magic_quotes_gpc
$msg.= check ( $faults, _("PHP.ini check -> magic_quotes_gpc"),
_("Security option, php will escape all quotes in strings ."),
$magic_quotes_gpc['local_value'],0,false);
return $msg;
}
//! Added by Hickert
//
// Parse /contrib/gosa.conf to set user defined values
//This function may create the ldap.conf
// Lets try
function parse_contrib_conf()
{
/* First gather all needed informations */
/* Variables */
$str = "";
$used_samba_version = 0;
$query = "";
$fp = false;
$output = "";
$needridbase_sid = false;
$pwdhash = "";
$replacements = array();
$ldapconf = $_SESSION['ldapconf']; // The Installation information
$classes = $_SESSION['classes']; // Class information needed to define which features are enabled
$possible_plugins = array();
if(isset($classes['samba3'])) // means Samba 3 is disabled
$used_samba_version = 2;
else
$used_samba_version = 3;
if(file_exists("/usr/lib/gosa/mkntpasswd")) {
$pwdhash = "/usr/lib/gosa/mkntpasswd";
}
elseif (preg_match("/^Usage: mkntpwd /", shell_exec ("mkntpwd 2>&1"))) {
$pwdhash= "mkntpwd";
} else {
$pwdhash=addslashes(' perl -MCrypt::SmbHash -e "ntlmgen \"\$ARGV[0]\", \$lm, \$nt; print \"\${lm}:\${nt}\n\";" $1');
// $pwdhash= 'perl -MCrypt::SmbHash -e \"ntlmgen \\"\\$ARGV[0]\\", \\$lm, \\$nt; print \\"\\${lm}:\\${nt}\\\";\"';
}
// Define which variables will be replaced
$replacements['{LOCATIONNAME}'] = $ldapconf['location'];
$replacements['{SAMBAVERSION}'] = $used_samba_version;
$replacements['{LDAPBASE}'] = $ldapconf['base'];
$replacements['{LDAPADMIN}'] = $ldapconf['admin'];
$replacements['{DNMODE}'] = $ldapconf['peopledn'];
$replacements['{LDAPHOST}'] = $ldapconf['uri'];
$replacements['{PASSWORD}'] = $ldapconf['password'];
$replacements['{CRYPT}'] = $ldapconf['arr_cryptkeys'][$ldapconf['arr_crypts']];
$replacements['{SID}'] = "";
$replacements['{RIDBASE}'] = "";
$replacements['{MAILMETHOD}'] = $ldapconf['mail_methods'][$ldapconf['mail']];
$replacements['{SMBHASH}'] = $pwdhash;
$replacements['{GOVERNMENTMODE}'] = "false";
$replacements['{kolabAccount}'] = "";
$replacements['{servKolab}'] = "";
// This array contains all preg_replace syntax to delete all unused plugins
// THE kEY MUST BE THE CLASSNAME so we can check it with $ldapconf['classes']
$possible_plugins['fonreport'][] ="'\n.*.*\n'i";
$possible_plugins['phoneaccount'][] ="'\n.*.*\n'i";
$possible_plugins['logview'][] ="'\n.*.*\n'i";
$possible_plugins['pureftp'][] ="'\n.*.*\n'i";
$possible_plugins['webdav'][] ="'\n.*.*\n'i";
$possible_plugins['phpgroupware'][] ="'\n.*'i";
// Header information
// Needed to send the generated gosa.conf to the browser
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
header("Cache-Control: post-check=0, pre-check=0");
header("Content-type: text/plain");
if (preg_match('/MSIE 5.5/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 6.0/', $_SERVER['HTTP_USER_AGENT']))
{
header('Content-Disposition: filename="gosa.conf"');
} else {
header('Content-Disposition: attachment; filename="gosa.conf"');
}
if(!$fp=fopen(CONFIG_TEMPLATE_DIR."/gosa.conf","r"))
{
echo "Can't open file ".CONFIG_TEMPLATE_DIR."/gosa.conf";
// Don't write anything else
}
else
{
// Read out Data .....
while(!feof($fp))
{
$str.= fread($fp,512);
}
if($ldapconf['mail_methods'][$ldapconf['mail']]=="kolab")
{
$replacements['{kolabAccount}'] ="";
$replacements['{servKolab}'] ="";
}
// Lets check which samba version we will use
// in case of samba 2 we don't need to add additional objets in gosa.conf
// in case of samba 3 we musst detect if theres an objectType = SambaObjekt defined
// if theres is one, then do nothing, because the setup will detect the the SID themself
// if theres none defined add SID and RIDBASE to gosa.conf
if($used_samba_version == 2)
{
// Do nothing ...
}
else
{
// Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
$ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
// Try to find a Samba Domain Objekt
$ldap->search("(objectClass=sambaDomain)");
// Something found ??? so we need to define ridbase an SID by ourselfs
if($ldap->count()< 1)
{
$replacements['{SID}'] = "sid=\"123412-11\"";
$replacements['{RIDBASE}'] = "ridbase=\"1000\"";
}
}// else --> $used_samba_version == 2
// Data readed, types replaced, samba version detected and checked if we need to add SID and RIDBASE
// Check if there is an ivbbEntry in the LDAP tree, in this case we will set the governmentmode to true
// Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
if(!isset($ldap))
$ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
// Try to find a Samba Domain Objekt
$ldap->search("(objectClass=ivbbEntry)");
// Something found ??? so we need to define ridbase an SID by ourselfs
if($ldap->count()> 0)
{
$replacements['{GOVERNMENTMODE}'] = "true";
}
// Replace all colleted information with placeholder
foreach($replacements as $key => $val)
{
$str = preg_replace("/".$key."/",$val,$str);
// $str = ereg_replace($key,$val,$str);
}
// Remove all unused plugins
foreach($possible_plugins as $plugin)
{
foreach($plugin as $key=>$val)
{
if(in_array($plugin,$classes))
{
$str = preg_replace($val,"\n",$str);
}
}
}
}// else --> !$fp=fopen("../contrib/gosa.conf","r")
return ((($str)));
}
// This ist the first page shown in setup
// This page test some packages, like php version, ldap_module aso
// The funtion don't save anything, it tests only, when withoutput = false
// (called from setup.php);
function show_setup_page1($withoutput = true)
{
$smarty = get_smarty();
$smarty->assign ("content", get_template_path('setup_introduction.tpl'));
$smarty->assign ("tests", perform_php_checks($faults));
// This var is true if there is anything went wrong
if ($faults)
{
$smarty->assign("mode", "disabled");
}
// This line displays the template only if (withoutput is set)
if($withoutput)
$smarty->display (get_template_path('headers.tpl'));
if (isset($_SESSION['errors']))
{
$smarty->assign("errors", $_SESSION['errors']);
}
if($withoutput)
$smarty->display (get_template_path('setup.tpl'));
return (!$faults);
}
/* Shows Setup_page 2*/
function show_setup_page2($withoutput = true)
{
$smarty = get_smarty();
$smarty->assign ("content", get_template_path('setup_step2.tpl'));
$smarty->assign ("tests", perform_additional_checks($faults));
if ($faults) {
$smarty->assign("mode", "disabled");
}
if($withoutput){
$smarty->display (get_template_path('headers.tpl'));
}
if (isset($_SESSION['errors'])) {
$smarty->assign("errors", $_SESSION['errors']);
}
if($withoutput){
$smarty->display (get_template_path('setup.tpl'));
}
return (!$faults);
}
/* Setup page 3 asks for the server address
"Now we're going to include your LDAP server and create an initial configuration"*/
function show_setup_page3($withoutput = true)
{
// Take the Post oder the Sessioin saved data
if(isset($_POST['uri']))
$uri = $_POST['uri'];
elseif(isset($_SESSION['ldapconf']['uri']))
$uri = $_SESSION['ldapconf']['uri'];
// If Page called first time, field is empty
if((!isset($uri))||(empty($uri)))
$uri = "ldap://localhost:389";
$smarty = get_smarty();
// if isset $uri save it to session
if(isset($uri))
{
$_SESSION['ldapconf']['uri'] = $uri;
$smarty->assign ("uri", validate($uri));
}
// No error till now
$fault = false;
// If we pushed the Button continue
if(isset($_POST['continue3']))
if(!isset($uri))
{
$fault = true;
// Output the Error
if($withoutput)
{
print_red (_("You've to specify an ldap server before continuing!"));
$smarty->assign ("content", get_template_path('setup_step3.tpl'));
}
}
elseif (!$ds = @ldap_connect (validate($uri)))
{
$fault =true;
// Output the Error
if($withoutput)
{
print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
$smarty->assign ("uri", validate($uri));
$smarty->assign ("content", get_template_path('setup_step3.tpl'));
}
}
else
{
// Try to bind the connection
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
// if we can't bind , print error
if (!$r = @ldap_bind ($ds))
{
$fault = true;
// Output the Error
if($withoutput)
{
print_red (_("Can't bind to the specified LDAP server! Please make sure that is reachable for GOsa."));
$smarty->assign ("content", get_template_path('setup_step3.tpl'));
$smarty->assign ("uri", validate($uri));
}
}
else
{
$fault = false;
}
}
$smarty->assign ("content", get_template_path('setup_step3.tpl'));
// Load Header
if($withoutput)
$smarty->display (get_template_path('headers.tpl'));
// Set Errors to Smarty
if (isset($_SESSION['errors']))
{
$smarty->assign("errors", $_SESSION['errors']);
}
// Print out Template
if($withoutput)
$smarty->display (get_template_path('setup.tpl'));
return (!$fault);
}
// Setup page 4
// This page asked for detailed info, like base dn or admin user
// if evrything is ok , but there's a missing user with ACL :all we show a a user creation page before we show page 5
function show_setup_page4($withoutput = true)
{
require_once("class_password-methods.inc");
error_reporting(E_ALL);
$fault = false; // If an error occures we set this var to true
$smarty = get_smarty(); // Our smarty instance
$uri = $_SESSION['ldapconf']['uri']; // This is the the connect path to the ldapserver like ldap://lo..
$ldapconf = $_SESSION['ldapconf']; // The ldap Configuration informations, we collected while setup
$arr_crypts = array(); // array which includes contains all possible password crypting methods
$temp = ""; // Temp
$checkvars = array("location","admin","password","peopleou","peopledn","arr_crypts","mail","uidbase");
if(!isset($_SESSION['ldapconf']['arr_cryptkeys']))
{
require_once("class_password-methods.inc");
$tmp = passwordMethod::get_available_methods_if_not_loaded();
$_SESSION['ldapconf']['arr_cryptkeys']= $tmp['name'];
}
if(!isset($_SESSION['ldapconf']['mail_methods']))
{
$_SESSION['ldapconf']['mail_methods']=array();
$temp = get_available_mail_classes();
$_SESSION['ldapconf']['mail_methods']= $temp['name'];
}
// If there are some empty vars in ldapconnect
// This values also represent out default values
# first try to get $base
if(!$ds = @ldap_connect (validate($uri)))
{
$fault = true;
}
elseif(!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
{
$fault = true;
}
elseif(! $r = @ldap_bind ($ds))
{
$fault = true;
}
else
{
$sr= @ldap_search ($ds, "", "objectClass=*", array("namingContexts"));
$attr= @ldap_get_entries($ds,$sr);
if((empty($attr)))
{
$base= "dc=example,dc=net";
if($withoutput)
print_red(_("Bind to server successfull, but the server seems to be completly empty, please check all informations twice"));
}
else
{
$base= $attr[0]['dn'];
}
}
if(!isset($_SESSION['ldapconf']['base'])) $_SESSION['ldapconf']['base'] = $base;
if(!isset($_SESSION['ldapconf']['admin'])) $_SESSION['ldapconf']['admin'] = "cn=ldapadmin,".$base;
if(!isset($_SESSION['ldapconf']['peopleou'])) $_SESSION['ldapconf']['peopleou'] = "ou=people";
if(!isset($_SESSION['ldapconf']['groupou'])) $_SESSION['ldapconf']['groupou'] = "ou=groups";
if(!isset($_SESSION['ldapconf']['peopledn'])) $_SESSION['ldapconf']['peopledn'] = "cn";
if(!isset($_SESSION['ldapconf']['password'])) $_SESSION['ldapconf']['password'] = "";
if(!isset($_SESSION['ldapconf']['location'])) $_SESSION['ldapconf']['location'] = "Example";
if(!isset($_SESSION['ldapconf']['uidbase'])) $_SESSION['ldapconf']['uidbase'] = "1000";
if(!isset($_SESSION['ldapconf']['mail'])) $_SESSION['ldapconf']['mail'] = 0;
$tmp = array_flip($_SESSION['ldapconf']['arr_cryptkeys']);
if(!isset($_SESSION['ldapconf']['arr_crypts'])) $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5'];
// check Post data
if(isset($_POST['check']))
{
// Check if all needed vars are submitted
foreach($checkvars as $key)
{
if((isset($_POST[$key]))&&($_POST[$key]!=""))
{
$_SESSION['ldapconf'][$key] = $_POST[$key];
}
else
{
if($withoutput)
{
print_red(sprintf(_("You're missing the required attribute '%s' from this formular. Please complete!"), $key));
}
$fault = true;
}
}
// check if another base is given ... (ldapadmin...dc=base,dc=de) ..
$base = $_SESSION['ldapconf']['admin'];
$tmp = array_reverse ( split(",",$base));
$base = $tmp[1].",".$tmp[0];
$_SESSION['ldapconf']['base'] = $base;
}
$smarty->assign("arr_cryptkeys",$_SESSION['ldapconf']['arr_cryptkeys']);
$smarty->assign("mail_methods", $_SESSION['ldapconf']['mail_methods']);
foreach($_SESSION['ldapconf'] as $key => $val)
{
$smarty->assign($key,$val);
}
if(isset($_POST['check']))
{
$ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
$m= schema_check($_SESSION['ldapconf']['uri'], $_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password']);
$_SESSION['classes']= $m;
if ($ldap->error != "Success")
{
if($withoutput)
{
print_red(sprintf(_("Can't log into LDAP server. Reason was: %s."), $ldap->get_error()));
}
$fault = true;
}
}
// Set smarty output
$smarty->assign ("content", get_template_path('setup_step4.tpl'));
$smarty->assign ("peopledns", array("cn", "uid"));
if($withoutput)
$smarty->display (get_template_path('headers.tpl'));
if(isset($_SESSION['errors']))
{
$smarty->assign("errors", $_SESSION['errors']);
}
if($withoutput)
$smarty->display (get_template_path('setup.tpl'));
return (!$fault);
}
// This page shows your configuration
// and wants you to download the gosa.conf ....
function show_setup_page5($withoutput=true)
{
// Get ldapconf
$ldapconf= $_SESSION['ldapconf'];
// get smarty
$smarty = get_smarty();
if(isset($_SESSION['classes']))
$classes = $_SESSION['classes'];
$info= posix_getgrgid(posix_getgid());
$smarty->assign ("webgroup", $info['name']);
$smarty->assign ("path", CONFIG_DIR);
$message = "";
$message.="";
$m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1);
if($withoutput)
{
$smarty->assign ("schemas", view_schema_check($m));
$smarty->assign ("content", get_template_path('setup_finish.tpl'));
}
// Output templates ....
if($withoutput)
$smarty->display (get_template_path('headers.tpl'));
if (isset($_SESSION['errors']))
{
$smarty->assign("errors", $_SESSION['errors']);
}
if($withoutput)
$smarty->display (get_template_path('setup.tpl'));
return(true);
}
// this function is called by setup step 5, in order to create a missinf Administrator
// and or Administrational user
// on success go on with setup_page5
// else show this page aggain
function create_user_for_setup($withoutput=true)
{
error_reporting(E_ALL);
global $samba;
$ldapconf = $_SESSION['ldapconf'];
$smarty = get_smarty();
if(isset($_SESSION['classes']))
$classes= $_SESSION['classes'];
// Everything runns perfect ...
// So we do a last test on this page
// is there a user with ACLs :all which will be able to adminsitrate GOsa
// We check that, if this user or group is missing we ask for creating them
$ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
// $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
// Now we are testing for a group, with the rights :all
$ldap->cd($ldapconf['base']);
$ldap->search("(&(objectClass=gosaObject)(gosaSubtreeACL=:all))");
$group_cnt = $ldap->count();
$data = $ldap->fetch();
$create_user = false;
// We need to create Administrative user and group
// Because theres no Group found
if($group_cnt < 1)
{
// Set var to create user
$create_user = true;
// Output error
if(($withoutput)&&(!isset($_POST['new_admin'])))
print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
}
else
{
// We found an Administrative Group, is there a user too
if(isset($data['memberUid'][0]))
{
$ldap->search("(&(objectClass=gosaAccount)(objectClass=person))",array("uid=".$data['memberUid'][0]));
$data2 = $ldap->fetch();
$user_cnt = $ldap->count();
}
// We must create a user
if (($ldap->count() < 1)||(!isset($data2)))
{
$create_user = true;
if(($withoutput)&&(!isset($_POST['new_admin'])))
print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
}
else
{
// We don't need to add a user
return(true);
}
}// if($group_cn)
// We need to create a new user with group
if(isset($_POST['new_admin']))
{
// Is there a running user ?
// Then add additional
if (isset($classes['samba3']))
{
$samba= "2";
$lmPassword = "lmPassword";
$ntPassword = "ntPassword";
} else {
$samba= "3";
$lmPassword = "sambaLMPassword";
$ntPassword = "sambaNtPassword";
}
// Nothing submitted
if(( (empty($_POST['admin_name']))||(empty($_POST['admin_pass'])) )&&(!$create_user))
{
return(true);
}
// We have the order to create on Admin ^^
// Detect Samba version to define the Attribute names shown below
// go to base
$ldap->cd($ldapconf['base']);
// Define the user we are going to create
$dn = "cn=".$_POST['admin_name'].",".$ldapconf['peopleou'].",".$ldapconf['base'];
$arr['objectClass'][0] ="person";
$arr['objectClass'][1] ="organizationalPerson";
$arr['objectClass'][2] ="inetOrgPerson";
$arr['objectClass'][3] ="gosaAccount";
$arr['uid'] = $_POST['admin_name'];
$arr['cn'] = $_POST['admin_name'];
$arr['sn'] = $_POST['admin_name'];
$arr['givenName'] = "GOsa main administrator";
$arr[$lmPassword] = "10974C6EFC0AEE1917306D272A9441BB";
$arr[$ntPassword] = "38F3951141D0F71A039CFA9D1EC06378";
$arr['userPassword'] = crypt_single($_POST['admin_pass'],"md5");
if( ! $ldap->dn_exists ( $dn )) {
$ldap->cd($dn);
$ldap->create_missing_trees($dn);
$ldap->add($arr);
if($ldap->error!="Success") {
print_red("Can't create user, and / or Group, possibly this problem depends on an empty LDAP server. Check your configuration and try again!");
}
}
// theres already a group for administrator, so we only need to add the user
if($group_cnt)
{
if(!isset($data['memberUid']))
{
$arrr['memberUid']= $_POST['admin_name'];
}
else
{
$data['memberUid'][$data['memberUid']['count']]=$_POST['admin_name'];
$arrr['memberUid'] = $data['memberUid'];
unset($arrr['memberUid']['count']);
}
$ldap->cd($data['dn']);
$ldap->modify($arrr);
}
else
{
// there was no group defined, so we must create one
$dn = "cn=administrators,".$ldapconf['groupou'].",".$ldapconf['base'];
$arrr['objectClass'][0] = "gosaObject";
$arrr['objectClass'][1] = "posixGroup";
$arrr['gosaSubtreeACL'] = ":all";
$arrr['cn'] = "administrators";
$arrr['gidNumber'] = "999";
$arrr['memberUid'] = $_POST['admin_name'];
$ldap->cd($dn);
$ldap->add($arrr);
}
// We created the Group and the user, so we can go on with the next setup step
return(true);
}
else
{
if(!($create_user))
{
$smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
$smarty->assign("exists",true);
}
else
{
$smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
$smarty->assign("exists",false);
}
}
// Smarty outout
if($withoutput)
$smarty->display (get_template_path('headers.tpl'));
if (isset($_SESSION['errors']))
{
$smarty->assign("errors", $_SESSION['errors']);
}
if($withoutput)
$smarty->display (get_template_path('setup.tpl'));
return(false);
}
// Returns the classnames auf the mail classes
function get_available_mail_classes()
{
$dir = opendir( "../include");
$methods = array();
$suffix = "class_mail-methods-";
$lensuf = strlen($suffix);
$prefix = ".inc";
$lenpre = strlen($prefix);
$i = 0;
while (($file = readdir($dir)) !== false)
{
if(stristr($file,$suffix))
{
$lenfile = strlen($file);
$methods['name'][$i] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
$methods['file'][$i] = $file;
$methods[$i]['file'] = $file;
$methods[$i]['name'] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
$i++;
}
}
return($methods);
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>