index 3ce9c19afbc6321d230794a195ac1846cebf3c99..893d1431d386971e9c26885bb3daf41109d5f324 100644 (file)
define ("DEBUG_SI", 256); /*! Debug level for communication with gosa-si */
define ("DEBUG_MAIL", 512); /*! Debug level for all about mail (mailAccounts, imap, sieve etc.) */
define ("DEBUG_FAI", 1024); // FAI (incomplete)
define ("DEBUG_SI", 256); /*! Debug level for communication with gosa-si */
define ("DEBUG_MAIL", 512); /*! Debug level for all about mail (mailAccounts, imap, sieve etc.) */
define ("DEBUG_FAI", 1024); // FAI (incomplete)
+define ("DEBUG_RPC", 2048); /*! Debug level for communication with remote procedures */
+
+// Define shadow states
+define ("POSIX_ACCOUNT_EXPIRED", 1);
+define ("POSIX_WARN_ABOUT_EXPIRATION", 2);
+define ("POSIX_FORCE_PASSWORD_CHANGE", 4);
+define ("POSIX_DISALLOW_PASSWORD_CHANGE", 8);
/* Rewrite german 'umlauts' and spanish 'accents'
to get better results */
/* Rewrite german 'umlauts' and spanish 'accents'
to get better results */
global $class_mapping, $BASE_DIR;
if ($class_mapping === NULL){
global $class_mapping, $BASE_DIR;
if ($class_mapping === NULL){
- echo sprintf(_("Fatal error: no class locations defined - please run '%s' to fix this"), "<b>update-gosa</b>");
+ echo sprintf(_("Fatal error: no class locations defined - please run %s to fix this"), bold("update-gosa"));
exit;
}
if (isset($class_mapping["$class_name"])){
require_once($BASE_DIR."/".$class_mapping["$class_name"]);
} else {
exit;
}
if (isset($class_mapping["$class_name"])){
require_once($BASE_DIR."/".$class_mapping["$class_name"]);
} else {
- echo sprintf(_("Fatal error: cannot instantiate class '%s' - try running '%s' to fix this"), $class_name, "<b>update-gosa</b>");
+ echo sprintf(_("Fatal error: cannot instantiate class %s - try running %s to fix this"), bold($class_name), bold("update-gosa"));
exit;
}
}
exit;
}
}
*/
function class_available($name)
{
*/
function class_available($name)
{
- global $class_mapping;
- return(isset($class_mapping[$name]));
+ global $class_mapping, $config;
+
+ $disabled = array();
+ if($config instanceOf config && $config->configRegistry instanceOf configRegistry){
+ $disabled = $config->configRegistry->getDisabledPlugins();
+ }
+
+ return(isset($class_mapping[$name]) && !isset($disabled[$name]));
}
}
* */
function DEBUG($level, $line, $function, $file, $data, $info="")
{
* */
function DEBUG($level, $line, $function, $file, $data, $info="")
{
- if (session::global_get('DEBUGLEVEL') & $level){
- $output= "DEBUG[$level] ";
- if ($function != ""){
- $output.= "($file:$function():$line) - $info: ";
- } else {
- $output.= "($file:$line) - $info: ";
+ global $config;
+ $debugLevel = 0;
+ if($config instanceOf config){
+ $debugLevel = $config->get_cfg_value('core', 'debugLevel');
}
}
- echo $output;
- if (is_array($data)){
- print_a($data);
- } else {
- echo "'$data'";
+ if ($debugLevel & $level){
+ $output= "DEBUG[$level] ";
+ if ($function != ""){
+ $output.= "($file:$function():$line) - $info: ";
+ } else {
+ $output.= "($file:$line) - $info: ";
+ }
+ echo $output;
+ if (is_array($data)){
+ print_a($data);
+ } else {
+ echo "'$data'";
+ }
+ echo "<br>";
}
}
- echo "<br>";
- }
}
}
}
/* Check for global language settings in gosa.conf */
}
/* Check for global language settings in gosa.conf */
- if (isset ($config) && $config->get_cfg_value('language') != ""){
- $lang = $config->get_cfg_value('language');
+ if (isset ($config) && $config->get_cfg_value("core",'language') != ""){
+ $lang = $config->get_cfg_value("core",'language');
if(!preg_match("/utf/i",$lang)){
$lang .= ".UTF-8";
}
if(!preg_match("/utf/i",$lang)){
$lang .= ".UTF-8";
}
/* Set theme */
if (isset ($config)){
/* Set theme */
if (isset ($config)){
- $theme= $config->get_cfg_value("theme", "default");
+ $theme= $config->get_cfg_value("core","theme");
} else {
$theme= "default";
}
} else {
$theme= "default";
}
/* Sadly we've no proper return values here. Use the error message instead. */
if (!$ldap->success()){
msg_dialog::display(_("Fatal error"),
/* Sadly we've no proper return values here. Use the error message instead. */
if (!$ldap->success()){
msg_dialog::display(_("Fatal error"),
- sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error()),
+ sprintf(_("Error while connecting to LDAP: %s"), $ldap->get_error()),
FATAL_ERROR_DIALOG);
exit();
}
FATAL_ERROR_DIALOG);
exit();
}
$config->set_current($name);
$mode= "kerberos";
$config->set_current($name);
$mode= "kerberos";
- if ($config->get_cfg_value("useSaslForKerberos") == "true"){
+ if ($config->get_cfg_value("core","useSaslForKerberos") == "true"){
$mode= "sasl";
}
$mode= "sasl";
}
$ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid"));
/* Found no uniq match? Strange, because we did above... */
if ($ldap->count() != 1) {
$ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid"));
/* Found no uniq match? Strange, because we did above... */
if ($ldap->count() != 1) {
- msg_dialog::display(_("LDAP error"), _("Username / UID is not unique inside the LDAP tree!"), FATAL_ERROR_DIALOG);
+ msg_dialog::display(_("LDAP error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG);
return (NULL);
}
$attrs= $ldap->fetch();
return (NULL);
}
$attrs= $ldap->fetch();
$ldap->cd($config->current['BASE']);
$allowed_attributes = array("uid","mail");
$verify_attr = array();
$ldap->cd($config->current['BASE']);
$allowed_attributes = array("uid","mail");
$verify_attr = array();
- if($config->get_cfg_value("loginAttribute") != ""){
- $tmp = explode(",", $config->get_cfg_value("loginAttribute"));
+ if($config->get_cfg_value("core","loginAttribute") != ""){
+ $tmp = explode(",", $config->get_cfg_value("core","loginAttribute"));
foreach($tmp as $attr){
if(in_array($attr,$allowed_attributes)){
$verify_attr[] = $attr;
foreach($tmp as $attr){
if(in_array($attr,$allowed_attributes)){
$verify_attr[] = $attr;
/* found more than one matching id */
default:
/* found more than one matching id */
default:
- msg_dialog::display(_("Internal error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), FATAL_ERROR_DIALOG);
+ msg_dialog::display(_("Internal error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG);
return (NULL);
}
return (NULL);
}
}
}
-/*! \brief Test if account is about to expire
+/*! \brief Checks the posixAccount status by comparing the shadow attributes.
*
*
- * \param string 'userdn' the DN of the user
- * \param string 'username' the username
- * \return int Can be one of the following values:
- * - 1 the account is locked
- * - 2 warn the user that the password is about to expire and he should change
- * his password
- * - 3 force the user to change his password
- * - 4 user should not be able to change his password
- * */
-function ldap_expired_account($config, $userdn, $username)
+ * @param Object The GOsa configuration object.
+ * @param String The 'dn' of the user to test the account status for.
+ * @param String The 'uid' of the user we're going to test.
+ * @return Const
+ * POSIX_ACCOUNT_EXPIRED - If the account is expired.
+ * POSIX_WARN_ABOUT_EXPIRATION - If the account is going to expire.
+ * POSIX_FORCE_PASSWORD_CHANGE - The password has to be changed.
+ * POSIX_DISALLOW_PASSWORD_CHANGE - The password cannot be changed right now.
+ *
+ *
+ *
+ * shadowLastChange
+ * |
+ * |---- shadowMin ---> | <-- shadowMax --
+ * | | |
+ * |------- shadowWarning -> |
+ * |-- shadowInactive --> DEACTIVATED
+ * |
+ * EXPIRED
+ *
+ */
+function ldap_expired_account($config, $userdn, $uid)
{
{
+ // Skip this for the admin account, we do not want to lock him out.
+ if($uid == 'admin') return(0);
+
$ldap= $config->get_ldap_link();
$ldap= $config->get_ldap_link();
+ $ldap->cd($config->current['BASE']);
$ldap->cat($userdn);
$attrs= $ldap->fetch();
$ldap->cat($userdn);
$attrs= $ldap->fetch();
-
- /* default value no errors */
- $expired = 0;
-
- $sExpire = 0;
- $sLastChange = 0;
- $sMax = 0;
- $sMin = 0;
- $sInactive = 0;
- $sWarning = 0;
-
- $current= date("U");
-
- $current= floor($current /60 /60 /24);
-
- /* special case of the admin, should never been locked */
- /* FIXME should allow any name as user admin */
- if($username != "admin")
- {
+ $current= floor(date("U") /60 /60 /24);
- if(isset($attrs['shadowExpire'][0])){
- $sExpire= $attrs['shadowExpire'][0];
- } else {
- $sExpire = 0;
- }
-
- if(isset($attrs['shadowLastChange'][0])){
- $sLastChange= $attrs['shadowLastChange'][0];
- } else {
- $sLastChange = 0;
- }
-
- if(isset($attrs['shadowMax'][0])){
- $sMax= $attrs['shadowMax'][0];
- } else {
- $smax = 0;
- }
+ // Fetch required attributes
+ foreach(array('shadowExpire','shadowLastChange','shadowMax','shadowMin',
+ 'shadowInactive','shadowWarning') as $attr){
+ $$attr = (isset($attrs[$attr][0]))? $attrs[$attr][0] : null;
+ }
- if(isset($attrs['shadowMin'][0])){
- $sMin= $attrs['shadowMin'][0];
- } else {
- $sMin = 0;
- }
-
- if(isset($attrs['shadowInactive'][0])){
- $sInactive= $attrs['shadowInactive'][0];
- } else {
- $sInactive = 0;
- }
-
- if(isset($attrs['shadowWarning'][0])){
- $sWarning= $attrs['shadowWarning'][0];
- } else {
- $sWarning = 0;
- }
-
- /* is the account locked */
- /* shadowExpire + shadowInactive (option) */
- if($sExpire >0){
- if($current >= ($sExpire+$sInactive)){
- return(1);
+
+ // Check if the account has expired.
+ // ---------------------------------
+ // An account is locked/expired once its expiration date has reached (shadowExpire).
+ // If the optional attribute (shadowInactive) is set, we've to postpone
+ // the account expiration by the amount of days specified in (shadowInactive).
+ if($shadowExpire != null && $shadowExpire >= $current){
+
+ // The account seems to be expired, but we've to check 'shadowInactive' additionally.
+ // ShadowInactive specifies an amount of days we've to reprieve the user.
+ // It some kind of x days' grace.
+ if($shadowInactive == null || $current > $shadowExpire + $shadowInactive){
+
+ // Finally we've detect that the account is deactivated.
+ return(POSIX_ACCOUNT_EXPIRED);
}
}
- }
-
- /* the user should be warned to change is password */
- if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){
- if (($sExpire - $current) < $sWarning){
- return(2);
+ }
+
+ // The users password is going to expire.
+ // --------------------------------------
+ // We've to warn the user in the case of an expiring account.
+ // An account is going to expire when it reaches its expiration date (shadowExpire).
+ // The user has to be warned, if the days left till expiration, match the
+ // configured warning period (shadowWarning)
+ // --> shadowWarning: Warn x days before account expiration.
+ if($shadowExpire != null && $shadowWarning != null){
+
+ // Check if the account is still active and not already expired.
+ if($shadowExpire >= $current){
+
+ // Check if we've to warn the user by comparing the remaining
+ // number of days till expiration with the configured amount
+ // of days in shadowWarning.
+ if(($shadowExpire - $current) <= $shadowWarning){
+ return(POSIX_WARN_ABOUT_EXPIRATION);
+ }
}
}
- }
-
- /* force user to change password */
- if(($sLastChange >0) && ($sMax) >0){
- if($current >= ($sLastChange+$sMax)){
- return(3);
+ }
+
+ // -- I guess this is the correct detection, isn't it?
+ if($shadowLastChange != null && $shadowWarning != null && $shadowMax != null){
+ $daysRemaining = ($shadowLastChange + $shadowMax) - $current ;
+ if($daysRemaining > 0 && $daysRemaining <= $shadowWarning){
+ return(POSIX_WARN_ABOUT_EXPIRATION);
}
}
- }
-
- /* the user should not be able to change is password */
- if(($sLastChange >0) && ($sMin >0)){
- if (($sLastChange + $sMin) >= $current){
- return(4);
+ }
+
+
+ // Check if we've to force the user to change his password.
+ // --------------------------------------------------------
+ // A password change is enforced when the password is older than
+ // the configured amount of days (shadowMax).
+ // The age of the current password (shadowLastChange) plus the maximum
+ // amount amount of days (shadowMax) has to be smaller than the
+ // current timestamp.
+ if($shadowLastChange != null && $shadowMax != null){
+
+ // Check if we've an outdated password.
+ if($current >= ($shadowLastChange + $shadowMax)){
+ return(POSIX_FORCE_PASSWORD_CHANGE);
}
}
- }
}
}
- return($expired);
+
+
+ // Check if we've to freeze the users password.
+ // --------------------------------------------
+ // Once a user has changed his password, he cannot change it again
+ // for a given amount of days (shadowMin).
+ // We should not allow to change the password within GOsa too.
+ if($shadowLastChange != null && $shadowMin != null){
+
+ // Check if we've an outdated password.
+ if(($shadowLastChange + $shadowMin) >= $current){
+ return(POSIX_DISALLOW_PASSWORD_CHANGE);
+ }
+ }
+
+ return(0);
}
}
+
/*! \brief Add a lock for object(s)
*
* Adds a lock by the specified user for one ore multiple objects.
/*! \brief Add a lock for object(s)
*
* Adds a lock by the specified user for one ore multiple objects.
/* Just a sanity check... */
if ($object == "" || $user == ""){
/* Just a sanity check... */
if ($object == "" || $user == ""){
- msg_dialog::display(_("Internal error"), _("Error while adding a lock. Contact the developers!"), ERROR_DIALOG);
+ msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG);
return;
}
/* Check for existing entries in lock area */
$ldap= $config->get_ldap_link();
return;
}
/* Check for existing entries in lock area */
$ldap= $config->get_ldap_link();
- $ldap->cd ($config->get_cfg_value("config"));
+ $ldap->cd ($config->get_cfg_value("core","config"));
$ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$user)(gosaObject=".base64_encode($object)."))",
array("gosaUser"));
if (!$ldap->success()){
$ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$user)(gosaObject=".base64_encode($object)."))",
array("gosaUser"));
if (!$ldap->success()){
- msg_dialog::display(_("Configuration error"), sprintf(_("Cannot create locking information in LDAP tree. Please contact your administrator!")."<br><br>"._('LDAP server returned: %s'), "<br><br><i>".$ldap->get_error()."</i>"), ERROR_DIALOG);
+ msg_dialog::display(_("Configuration error"), sprintf(_("Cannot store lock information in LDAP!")."<br><br>"._('Error: %s'), "<br><br><i>".$ldap->get_error()."</i>"), ERROR_DIALOG);
return;
}
return;
}
if ($ldap->count() == 0){
$attrs= array();
$name= md5($object);
if ($ldap->count() == 0){
$attrs= array();
$name= md5($object);
- $ldap->cd("cn=$name,".$config->get_cfg_value("config"));
+ $ldap->cd("cn=$name,".$config->get_cfg_value("core","config"));
$attrs["objectClass"] = "gosaLockEntry";
$attrs["gosaUser"] = $user;
$attrs["gosaObject"] = base64_encode($object);
$attrs["cn"] = "$name";
$ldap->add($attrs);
if (!$ldap->success()){
$attrs["objectClass"] = "gosaLockEntry";
$attrs["gosaUser"] = $user;
$attrs["gosaObject"] = base64_encode($object);
$attrs["cn"] = "$name";
$ldap->add($attrs);
if (!$ldap->success()){
- msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "cn=$name,".$config->get_cfg_value("config"), 0, ERROR_DIALOG));
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "cn=$name,".$config->get_cfg_value("core","config"), 0, ERROR_DIALOG));
return;
}
}
return;
}
}
/* Check for existance and remove the entry */
$ldap= $config->get_ldap_link();
/* Check for existance and remove the entry */
$ldap= $config->get_ldap_link();
- $ldap->cd ($config->get_cfg_value("config"));
+ $ldap->cd ($config->get_cfg_value("core","config"));
$ldap->search ("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaObject"));
$attrs= $ldap->fetch();
if ($ldap->getDN() != "" && $ldap->success()){
$ldap->search ("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaObject"));
$attrs= $ldap->fetch();
if ($ldap->getDN() != "" && $ldap->success()){
/* Get LDAP ressources */
$ldap= $config->get_ldap_link();
/* Get LDAP ressources */
$ldap= $config->get_ldap_link();
- $ldap->cd ($config->get_cfg_value("config"));
+ $ldap->cd ($config->get_cfg_value("core","config"));
/* Remove all objects of this user, drop errors silently in this case. */
$ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$userdn))", array("gosaUser"));
/* Remove all objects of this user, drop errors silently in this case. */
$ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$userdn))", array("gosaUser"));
/* Sanity check */
if ($object == ""){
/* Sanity check */
if ($object == ""){
- msg_dialog::display(_("Internal error"), _("Error while adding a lock. Contact the developers!"), ERROR_DIALOG);
+ msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG);
return("");
}
return("");
}
/* Get LDAP link, check for presence of the lock entry */
$user= "";
$ldap= $config->get_ldap_link();
/* Get LDAP link, check for presence of the lock entry */
$user= "";
$ldap= $config->get_ldap_link();
- $ldap->cd ($config->get_cfg_value("config"));
+ $ldap->cd ($config->get_cfg_value("core","config"));
$ldap->search("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaUser"));
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG));
$ldap->search("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaUser"));
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG));
/* Check for broken locking information in LDAP */
if ($ldap->count() > 1){
/* Check for broken locking information in LDAP */
if ($ldap->count() > 1){
- /* Hmm. We're removing broken LDAP information here and issue a warning. */
- msg_dialog::display(_("Warning"), _("Found multiple locks for object to be locked. This should not happen - cleaning up multiple references."), WARNING_DIALOG);
-
/* Clean up these references now... */
while ($attrs= $ldap->fetch()){
$ldap->rmdir($attrs['dn']);
/* Clean up these references now... */
while ($attrs= $ldap->fetch()){
$ldap->rmdir($attrs['dn']);
/* Get LDAP link, check for presence of the lock entry */
$user= "";
$ldap= $config->get_ldap_link();
/* Get LDAP link, check for presence of the lock entry */
$user= "";
$ldap= $config->get_ldap_link();
- $ldap->cd ($config->get_cfg_value("config"));
+ $ldap->cd ($config->get_cfg_value("core","config"));
$ldap->search($filter, array("gosaUser","gosaObject"));
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG));
$ldap->search($filter, array("gosaUser","gosaObject"));
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG));
@@ -1054,7 +1086,7 @@ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= arra
// log($action,$objecttype,$object,$changes_array = array(),$result = "")
new log("debug","all",__FILE__,$attributes,
sprintf("get_sub_list(): Falling back to get_list(), due to empty sub_bases parameter.".
// log($action,$objecttype,$object,$changes_array = array(),$result = "")
new log("debug","all",__FILE__,$attributes,
sprintf("get_sub_list(): Falling back to get_list(), due to empty sub_bases parameter.".
- " This may slow down GOsa. Search was: '%s'",$filter));
+ " This may slow down GOsa. Used filter: %s", $filter));
}
$tmp = get_list($filter, $category,$base,$attributes,$flags);
return($tmp);
}
$tmp = get_list($filter, $category,$base,$attributes,$flags);
return($tmp);
/* Eventually show dialog */
if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){
$smarty= get_smarty();
/* Eventually show dialog */
if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){
$smarty= get_smarty();
- $smarty->assign('warning', sprintf(_("The size limit of %d entries is exceed!"),
+ $smarty->assign('warning', sprintf(_("The current size limit of %d entries is exceeded!"),
session::global_get('size_limit')));
session::global_get('size_limit')));
- $smarty->assign('limit_message', sprintf(_("Set the new size limit to %s and show me this message if the limit still exceeds"), '<input type="text" name="new_limit" maxlength="10" size="5" value="'.(session::global_get('size_limit') +100).'">'));
+ $smarty->assign('limit_message', sprintf(_("Set the size limit to %s"), '<input type="text" name="new_limit" maxlength="10" size="5" value="'.(session::global_get('size_limit') +100).'">'));
return($smarty->fetch(get_template_path('sizelimit.tpl')));
}
return($smarty->fetch(get_template_path('sizelimit.tpl')));
}
{
if (session::global_is_set('size_limit') && session::global_get('size_limit') >= 10000000 ||
(session::is_set('limit_exceeded') && session::get('limit_exceeded'))){
{
if (session::global_is_set('size_limit') && session::global_get('size_limit') >= 10000000 ||
(session::is_set('limit_exceeded') && session::get('limit_exceeded'))){
- $config= "<input type='submit' name='edit_sizelimit' value="._("Configure").">";
+ $config= "<button type='submit' name='edit_sizelimit'>"._("Configure")."</button>";
} else {
$config= "";
}
if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){
} else {
$config= "";
}
if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){
- return ("("._("incomplete").") $config");
+ return ("("._("list is incomplete").") $config");
}
return ("");
}
}
return ("");
}
if (tests::is_id($_POST['new_limit']) &&
isset($_POST['action']) && $_POST['action']=="newlimit"){
if (tests::is_id($_POST['new_limit']) &&
isset($_POST['action']) && $_POST['action']=="newlimit"){
- session::global_set('size_limit', validate($_POST['new_limit']));
+ session::global_set('size_limit', get_post('new_limit'));
session::set('size_ignore', FALSE);
}
session::set('size_ignore', FALSE);
}
* Example:
* \code
* # Determine LDAP base where systems are stored
* Example:
* \code
* # Determine LDAP base where systems are stored
- * $base = get_ou('systemRDN') . $this->config->current['BASE'];
+ * $base = get_ou("systemManagement", "systemRDN") . $this->config->current['BASE'];
* $ldap->cd($base);
* \endcode
* */
* $ldap->cd($base);
* \endcode
* */
-function get_ou($name)
+function get_ou($class,$name)
{
{
- global $config;
+ global $config;
- $map = array(
- "roleRDN" => "ou=roles,",
- "ogroupRDN" => "ou=groups,",
- "applicationRDN" => "ou=apps,",
- "systemRDN" => "ou=systems,",
- "serverRDN" => "ou=servers,ou=systems,",
- "terminalRDN" => "ou=terminals,ou=systems,",
- "workstationRDN" => "ou=workstations,ou=systems,",
- "printerRDN" => "ou=printers,ou=systems,",
- "phoneRDN" => "ou=phones,ou=systems,",
- "componentRDN" => "ou=netdevices,ou=systems,",
- "sambaMachineAccountRDN" => "ou=winstation,",
-
- "faxBlocklistRDN" => "ou=gofax,ou=systems,",
- "systemIncomingRDN" => "ou=incoming,",
- "aclRoleRDN" => "ou=aclroles,",
- "phoneMacroRDN" => "ou=macros,ou=asterisk,ou=configs,ou=systems,",
- "phoneConferenceRDN" => "ou=conferences,ou=asterisk,ou=configs,ou=systems,",
-
- "faiBaseRDN" => "ou=fai,ou=configs,ou=systems,",
- "faiScriptRDN" => "ou=scripts,",
- "faiHookRDN" => "ou=hooks,",
- "faiTemplateRDN" => "ou=templates,",
- "faiVariableRDN" => "ou=variables,",
- "faiProfileRDN" => "ou=profiles,",
- "faiPackageRDN" => "ou=packages,",
- "faiPartitionRDN"=> "ou=disk,",
-
- "sudoRDN" => "ou=sudoers,",
-
- "deviceRDN" => "ou=devices,",
- "mimetypeRDN" => "ou=mime,");
-
- /* Preset ou... */
- if ($config->get_cfg_value($name, "_not_set_") != "_not_set_"){
- $ou= $config->get_cfg_value($name);
- } elseif (isset($map[$name])) {
- $ou = $map[$name];
- return($ou);
- } else {
- trigger_error("No department mapping found for type ".$name);
- return "";
- }
-
- if ($ou != ""){
- if (!preg_match('/^[^=]+=[^=]+/', $ou)){
- $ou = @LDAP::convert("ou=$ou");
- } else {
- $ou = @LDAP::convert("$ou");
+ if(!$config->configRegistry->propertyExists($class,$name)){
+ trigger_error("No department mapping found for type ".$name);
+ return "";
}
}
- if(preg_match("/".preg_quote($config->current['BASE'], '/')."$/",$ou)){
- return($ou);
- }else{
- return("$ou,");
+ $ou = $config->configRegistry->getPropertyValue($class,$name);
+ if ($ou != ""){
+ if (!preg_match('/^[^=]+=[^=]+/', $ou)){
+ $ou = @LDAP::convert("ou=$ou");
+ } else {
+ $ou = @LDAP::convert("$ou");
+ }
+
+ if(preg_match("/".preg_quote($config->current['BASE'], '/')."$/",$ou)){
+ return($ou);
+ }else{
+ if(!preg_match("/,$/", $ou)){
+ return("$ou,");
+ }else{
+ return($ou);
+ }
+ }
+
+ } else {
+ return "";
}
}
-
- } else {
- return "";
- }
}
}
* */
function get_people_ou()
{
* */
function get_people_ou()
{
- return (get_ou("userRDN"));
+ return (get_ou("core", "userRDN"));
}
}
*/
function get_groups_ou()
{
*/
function get_groups_ou()
{
- return (get_ou("groupRDN"));
+ return (get_ou("core", "groupRDN"));
}
}
*/
function get_winstations_ou()
{
*/
function get_winstations_ou()
{
- return (get_ou("sambaMachineAccountRDN"));
+ return (get_ou("wingeneric", "sambaMachineAccountRDN"));
}
}
global $config;
if (isset($config)){
global $config;
if (isset($config)){
- return ($config->get_cfg_value("strictNamingRules") == "true");
+ return ($config->get_cfg_value("core","strictNamingRules") == "true");
}
return (TRUE);
}
}
return (TRUE);
}
/* Prepare and show template */
$smarty= get_smarty();
$smarty->assign("allow_readonly",$allow_readonly);
/* Prepare and show template */
$smarty= get_smarty();
$smarty->assign("allow_readonly",$allow_readonly);
- if(is_array($dn)){
- $msg = "<pre>";
- foreach($dn as $sub_dn){
- $msg .= "\n".$sub_dn.", ";
- }
- $msg = preg_replace("/, $/","</pre>",$msg);
- }else{
- $msg = $dn;
- }
+ $msg= msgPool::buildList($dn);
$smarty->assign ("dn", $msg);
if ($remove){
$smarty->assign ("dn", $msg);
if ($remove){
} else {
$smarty->assign ("action", _("Edit anyway"));
}
} else {
$smarty->assign ("action", _("Edit anyway"));
}
- $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry/entries %s"), "<b>".$msg."</b>", ""));
+
+ $smarty->assign ("message", _("These entries are currently locked:"). $msg);
return ($smarty->fetch (get_template_path('islocked.tpl')));
}
return ($smarty->fetch (get_template_path('islocked.tpl')));
}
* */
function check_command($cmdline)
{
* */
function check_command($cmdline)
{
+ return(TRUE);
$cmd= preg_replace("/ .*$/", "", $cmdline);
/* Check if command exists in filesystem */
$cmd= preg_replace("/ .*$/", "", $cmdline);
/* Check if command exists in filesystem */
}
}
-/*! \brief Generate HTML for the 'Apply filter' button */
-function apply_filter()
-{
- $apply= "";
-
- $apply= ''.
- '<table summary="" width="100%" style="background:#EEEEEE;border-top:1px solid #B0B0B0;"><tr><td width="100%" align="right">'.
- '<input type="submit" name="apply" value="'._("Apply filter").'"></td></tr></table>';
-
- return ($apply);
-}
-
/*! \brief Generate HTML for the 'Back' button */
function back_to_main()
/*! \brief Generate HTML for the 'Back' button */
function back_to_main()
}
}
-/*! \brief Recursion helper for gen_id() */
-function recurse($rule, $variables)
-{
- $result= array();
-
- if (!count($variables)){
- return array($rule);
- }
-
- reset($variables);
- $key= key($variables);
- $val= current($variables);
- unset ($variables[$key]);
-
- foreach($val as $possibility){
- $nrule= str_replace("{$key}", $possibility, $rule);
- $result= array_merge($result, recurse($nrule, $variables));
- }
-
- return ($result);
-}
-
-
-/*! \brief Expands user ID based on possible rules
- *
- * Unroll given rule string by filling in attributes.
- *
- * \param string 'rule' The rule string from gosa.conf.
- * \param array 'attributes' A dictionary of attribute/value mappings
- * \return string Expanded string, still containing the id keyword.
- */
-function expand_id($rule, $attributes)
-{
- /* Check for id rule */
- if(preg_match('/^id(:|#|!)\d+$/',$rule)){
- return (array("{$rule}"));
- }
-
- /* Check for clean attribute */
- if (preg_match('/^%[a-zA-Z0-9]+$/', $rule)){
- $rule= preg_replace('/^%/', '', $rule);
- $val= rewrite(str_replace(' ', '', strtolower($attributes[$rule])));
- return (array($val));
- }
-
- /* Check for attribute with parameters */
- if (preg_match('/^%[a-zA-Z0-9]+\[[0-9-]+\]$/', $rule)){
- $param= preg_replace('/^[^[]+\[([^]]+)]$/', '\\1', $rule);
- $part= preg_replace('/^%/', '', preg_replace('/\[.*$/', '', $rule));
- $val= rewrite(str_replace(' ', '', strtolower($attributes[$part])));
- $start= preg_replace ('/-.*$/', '', $param);
- $stop = preg_replace ('/^[^-]+-/', '', $param);
-
- /* Assemble results */
- $result= array();
- for ($i= $start; $i<= $stop; $i++){
- $result[]= substr($val, 0, $i);
- }
- return ($result);
- }
-
- echo "Error in idGenerator string: don't know how to handle rule $rule.\n";
- return (array($rule));
-}
-
-
-/*! \brief Generate a list of uid proposals based on a rule
- *
- * Unroll given rule string by filling in attributes and replacing
- * all keywords.
- *
- * \param string 'rule' The rule string from gosa.conf.
- * \param array 'attributes' A dictionary of attribute/value mappings
- * \return array List of valid not used uids
- */
-function gen_uids($rule, $attributes)
-{
- global $config;
-
- /* Search for keys and fill the variables array with all
- possible values for that key. */
- $part= "";
- $trigger= false;
- $stripped= "";
- $variables= array();
-
- for ($pos= 0, $l= strlen($rule); $pos < $l; $pos++){
-
- if ($rule[$pos] == "{" ){
- $trigger= true;
- $part= "";
- continue;
- }
-
- if ($rule[$pos] == "}" ){
- $variables[$pos]= expand_id($part, $attributes);
- $stripped.= "{".$pos."}";
- $trigger= false;
- continue;
- }
-
- if ($trigger){
- $part.= $rule[$pos];
- } else {
- $stripped.= $rule[$pos];
- }
- }
-
- /* Recurse through all possible combinations */
- $proposed= recurse($stripped, $variables);
-
- /* Get list of used ID's */
- $ldap= $config->get_ldap_link();
- $ldap->cd($config->current['BASE']);
-
- /* Remove used uids and watch out for id tags */
- $ret= array();
- foreach($proposed as $uid){
-
- /* Check for id tag and modify uid if needed */
- if(preg_match('/\{id(:|!)\d+}/',$uid, $m)){
- $size= preg_replace('/^.*{id(:|!)(\d+)}.*$/', '\\2', $uid);
-
- $start= $m[1]==":"?0:-1;
- for ($i= $start, $p= pow(10,$size)-1; $i < $p; $i++){
- if ($i == -1) {
- $number= "";
- } else {
- $number= sprintf("%0".$size."d", $i+1);
- }
- $res= preg_replace('/{id(:|!)\d+}/', $number, $uid);
-
- $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn'));
- if($ldap->count() == 0){
- $uid= $res;
- break;
- }
- }
-
- /* Remove link if nothing has been found */
- $uid= preg_replace('/{id(:|!)\d+}/', '', $uid);
- }
-
- if(preg_match('/\{id#\d+}/',$uid)){
- $size= preg_replace('/^.*{id#(\d+)}.*$/', '\\1', $uid);
-
- while (true){
- mt_srand((double) microtime()*1000000);
- $number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1));
- $res= preg_replace('/{id#(\d+)}/', $number, $uid);
- $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn'));
- if($ldap->count() == 0){
- $uid= $res;
- break;
- }
- }
-
- /* Remove link if nothing has been found */
- $uid= preg_replace('/{id#\d+}/', '', $uid);
- }
-
- /* Don't assign used ones */
- $ldap->search("(uid=".preg_replace('/[{}]/', '', $uid).")",array('dn'));
- if($ldap->count() == 0){
- /* Add uid, but remove {} first. These are invalid anyway. */
- $ret[]= preg_replace('/[{}]/', '', $uid);
- }
- }
-
- return(array_unique($ret));
-}
-
-
/*! \brief Convert various data sizes to bytes
*
* Given a certain value in the format n(g|m|k), where n
/*! \brief Convert various data sizes to bytes
*
* Given a certain value in the format n(g|m|k), where n
}
}
-/*! \brief Generate a clickable alphabet */
-function generate_alphabet($count= 10)
-{
- $characters= _("*ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
- $alphabet= "";
- $c= 0;
-
- /* Fill cells with charaters */
- for ($i= 0, $l= mb_strlen($characters, 'UTF8'); $i<$l; $i++){
- if ($c == 0){
- $alphabet.= "<tr>";
- }
-
- $ch = mb_substr($characters, $i, 1, "UTF8");
- $alphabet.= "<td><a class=\"alphaselect\" href=\"main.php?plug=".
- validate($_GET['plug'])."&search=".$ch."\"> ".$ch." </a></td>";
-
- if ($c++ == $count){
- $alphabet.= "</tr>";
- $c= 0;
- }
- }
-
- /* Fill remaining cells */
- while ($c++ <= $count){
- $alphabet.= "<td> </td>";
- }
-
- return ($alphabet);
-}
-
-
/*! \brief Removes malicious characters from a (POST) string. */
function validate($string)
{
/*! \brief Removes malicious characters from a (POST) string. */
function validate($string)
{
/*! \brief Evaluate the current GOsa version from the build in revision string */
function get_gosa_version()
{
/*! \brief Evaluate the current GOsa version from the build in revision string */
function get_gosa_version()
{
- global $svn_revision, $svn_path;
+ global $svn_revision, $svn_path;
- /* Extract informations */
- $revision= preg_replace('/^[^0-9]*([0-9]+)[^0-9]*$/', '\1', $svn_revision);
+ /* Extract informations */
+ $revision= preg_replace('/^[^0-9]*([0-9]+)[^0-9]*$/', '\1', $svn_revision);
+
+ // Extract the relevant part out of the svn url
+ $release= preg_replace('%^.*/gosa/(.*)/include/functions.inc.*$%', '\1', $svn_path);
+
+ // Remove stuff which is not interesting
+ if(preg_match("/gosa-core/i", $release)) $release = preg_replace("/[\/]gosa-core/i","",$release);
+
+ // A Tagged Version
+ if(preg_match("#/tags/#i", $svn_path)){
+ $release = preg_replace("/tags[\/]*/i","",$release);
+ $release = preg_replace("/\//","",$release) ;
+ return (sprintf(_("GOsa %s"),$release));
+ }
+
+ // A Branched Version
+ if(preg_match("#/branches/#i", $svn_path)){
+ $release = preg_replace("/branches[\/]*/i","",$release);
+ $release = preg_replace("/\//","",$release) ;
+ return (sprintf(_("GOsa %s snapshot (Rev %s)"),$release , bold($revision)));
+ }
+
+ // The trunk version
+ if(preg_match("#/trunk/#i", $svn_path)){
+ return (sprintf(_("GOsa development snapshot (Rev %s)"), bold($revision)));
+ }
- /* Release or development? */
- if (preg_match('%/gosa/trunk/%', $svn_path)){
- return (sprintf(_("GOsa development snapshot (Rev %s)"), $revision));
- } else {
- $release= preg_replace('%^.*/([^/]+)/include/functions.inc.*$%', '\1', $svn_path);
return (sprintf(_("GOsa $release"), $revision));
return (sprintf(_("GOsa $release"), $revision));
- }
}
}
is_writable($directory."/".$file)) {
// delete file
if(!unlink($directory."/".$file)) {
is_writable($directory."/".$file)) {
// delete file
if(!unlink($directory."/".$file)) {
- msg_dialog::display(_("Internal error"), sprintf(_("File '%s' could not be deleted."), $directory."/".$file), ERROR_DIALOG);
+ msg_dialog::display(_("Internal error"), sprintf(_("File %s cannot be deleted!"), bold($directory."/".$file)), ERROR_DIALOG);
// This should never be reached
}
// This should never be reached
}
- } elseif(is_dir($directory."/".$file) &&
- is_writable($directory."/".$file)) {
- // Just recursively delete it
- rmdirRecursive($directory."/".$file);
- }
+ }
}
// We should now create a fresh revision file
clean_smarty_compile_dir($directory);
}
// We should now create a fresh revision file
clean_smarty_compile_dir($directory);
}
fclose($fh);
} else {
}
fclose($fh);
} else {
- msg_dialog::display(_("Internal error"), _("Cannot write to revision file!"), ERROR_DIALOG);
+ msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG);
}
return $result;
}
return $result;
$result= true;
}
} else {
$result= true;
}
} else {
- msg_dialog::display(_("Internal error"), _("Cannot write to revision file!"), ERROR_DIALOG);
+ msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG);
}
// Close file
fclose($fh);
}
// Close file
fclose($fh);
{
global $config;
{
global $config;
- if ($config->get_cfg_value("baseIdHook") != ""){
+ if ($config->get_cfg_value("core","baseIdHook") != ""){
/* Call hook script - if present */
/* Call hook script - if present */
- $command= $config->get_cfg_value("baseIdHook");
+ $command= $config->get_cfg_value("core","baseIdHook");
if ($command != ""){
$command.= " '".LDAP::fix($dn)."' $attrib";
if ($command != ""){
$command.= " '".LDAP::fix($dn)."' $attrib";
return ($output[0]);
} else {
msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG);
return ($output[0]);
} else {
msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG);
- return ($config->get_cfg_value("uidNumberBase"));
+ return ($config->get_cfg_value("core","uidNumberBase"));
}
} else {
msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG);
}
} else {
msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG);
- return ($config->get_cfg_value("uidNumberBase"));
+ return ($config->get_cfg_value("core","uidNumberBase"));
}
} else {
msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG);
}
} else {
msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG);
- return ($config->get_cfg_value("uidNumberBase"));
+ return ($config->get_cfg_value("core","uidNumberBase"));
}
}
}
}
$ldap = new ldapMultiplexer(new LDAP($cfg['admin'],$cfg['password'],$cfg['connection'] ,FALSE, $cfg['tls']));
$objectclasses = $ldap->get_objectclasses();
if(count($objectclasses) == 0){
$ldap = new ldapMultiplexer(new LDAP($cfg['admin'],$cfg['password'],$cfg['connection'] ,FALSE, $cfg['tls']));
$objectclasses = $ldap->get_objectclasses();
if(count($objectclasses) == 0){
- msg_dialog::display(_("LDAP warning"), _("Cannot get schema information from server. No schema check possible!"), WARNING_DIALOG);
+ msg_dialog::display(_("Warning"), _("Cannot read schema information from LDAP. Schema validation is not possible!"), WARNING_DIALOG);
}
/* This is the default block used for each entry.
}
/* This is the default block used for each entry.
"STATUS" => FALSE,
"IS_MUST_HAVE" => FALSE,
"MSG" => "",
"STATUS" => FALSE,
"IS_MUST_HAVE" => FALSE,
"MSG" => "",
- "INFO" => "");#_("There is currently no information specified for this schema extension."));
+ "INFO" => "");
/* The gosa base schema */
$checks['gosaObject'] = $def_check;
$checks['gosaObject']['REQUIRED_VERSION'] = "2.6.1";
/* The gosa base schema */
$checks['gosaObject'] = $def_check;
$checks['gosaObject']['REQUIRED_VERSION'] = "2.6.1";
- $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema");
+ $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema");
$checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject");
$checks['gosaObject']['IS_MUST_HAVE'] = TRUE;
/* GOsa Account class */
$checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6";
$checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject");
$checks['gosaObject']['IS_MUST_HAVE'] = TRUE;
/* GOsa Account class */
$checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6";
- $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema");
+ $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema");
$checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount");
$checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE;
$checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount");
$checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE;
- $checks["gosaAccount"]["INFO"] = _("Used to store account specific informations.");
+ $checks["gosaAccount"]["INFO"] = _("This class is used to make users appear in GOsa.");
/* GOsa lock entry, used to mark currently edited objects as 'in use' */
$checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.6.1";
/* GOsa lock entry, used to mark currently edited objects as 'in use' */
$checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.6.1";
- $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema");
+ $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema");
$checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry");
$checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE;
$checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry");
$checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE;
- $checks["gosaLockEntry"]["INFO"] = _("Used to lock currently edited entries to avoid multiple changes at the same time.");
+ $checks["gosaLockEntry"]["INFO"] = _("This class is used to lock entries in order to prevent multiple edits at a time.");
/* Some other checks */
foreach(array(
/* Some other checks */
foreach(array(
if(!isset($objectclasses[$name])){
if($value['IS_MUST_HAVE']){
$checks[$name]['STATUS'] = FALSE;
if(!isset($objectclasses[$name])){
if($value['IS_MUST_HAVE']){
$checks[$name]['STATUS'] = FALSE;
- $checks[$name]['MSG'] = sprintf(_("Missing required object class '%s'!"),$class);
+ $checks[$name]['MSG'] = sprintf(_("Required object class %s is missing!"), bold($class));
} else {
$checks[$name]['STATUS'] = TRUE;
} else {
$checks[$name]['STATUS'] = TRUE;
- $checks[$name]['MSG'] = sprintf(_("Missing optional object class '%s'!"),$class);
+ $checks[$name]['MSG'] = sprintf(_("Optional object class %s is missing!"), bold($class));
}
}elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){
$checks[$name]['STATUS'] = FALSE;
}
}elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){
$checks[$name]['STATUS'] = FALSE;
- $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']);
+ $checks[$name]['MSG'] = sprintf(_("Wrong version of required object class %s (!=%s) detected!"), bold($class), bold($value['REQUIRED_VERSION']));
}else{
$checks[$name]['STATUS'] = TRUE;
}else{
$checks[$name]['STATUS'] = TRUE;
- $checks[$name]['MSG'] = sprintf(_("Class(es) available"));
+ $checks[$name]['MSG'] = sprintf(_("Class available"));
}
}
}
}
}
}
if($rfc2307bis && isset($tmp['posixGroup']['STRUCTURAL'])){
$checks['posixGroup']['STATUS'] = FALSE;
if($rfc2307bis && isset($tmp['posixGroup']['STRUCTURAL'])){
$checks['posixGroup']['STATUS'] = FALSE;
- $checks['posixGroup']['MSG'] = _("You have enabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option.");
- $checks['posixGroup']['INFO'] = _("In order to use rfc2307bis conform groups the objectClass 'posixGroup' must be AUXILIARY");
+ $checks['posixGroup']['MSG'] = _("RFC2307bis schema is enabled, but the current LDAP configuration does not support it!");
+ $checks['posixGroup']['INFO'] = _("To use RFC2307bis groups, the objectClass 'posixGroup' must be AUXILIARY.");
}
if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){
$checks['posixGroup']['STATUS'] = FALSE;
}
if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){
$checks['posixGroup']['STATUS'] = FALSE;
- $checks['posixGroup']['MSG'] = _("Your schema is configured to support the rfc2307bis group, but you have disabled this option on the 'ldap setup' step.");
- $checks['posixGroup']['INFO'] = _("The objectClass 'posixGroup' must be STRUCTURAL");
+ $checks['posixGroup']['MSG'] = _("RFC2307bis schema is disabled, but the current LDAP configuration supports it!");
+ $checks['posixGroup']['INFO'] = _("To correct this, the objectClass 'posixGroup' must be STRUCTURAL.");
}
}
}
}
@@ -2863,6 +2653,7 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA
"en_US" => "English",
"nl_NL" => "Dutch",
"pl_PL" => "Polish",
"en_US" => "English",
"nl_NL" => "Dutch",
"pl_PL" => "Polish",
+ "pt_BR" => "Brazilian Portuguese",
#"sv_SE" => "Swedish",
"zh_CN" => "Chinese",
"vi_VN" => "Vietnamese",
#"sv_SE" => "Swedish",
"zh_CN" => "Chinese",
"vi_VN" => "Vietnamese",
@@ -2876,6 +2667,7 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA
"en_US" => _("English"),
"nl_NL" => _("Dutch"),
"pl_PL" => _("Polish"),
"en_US" => _("English"),
"nl_NL" => _("Dutch"),
"pl_PL" => _("Polish"),
+ "pt_BR" => _("Brazilian Portuguese"),
#"sv_SE" => _("Swedish"),
"zh_CN" => _("Chinese"),
"vi_VN" => _("Vietnamese"),
#"sv_SE" => _("Swedish"),
"zh_CN" => _("Chinese"),
"vi_VN" => _("Vietnamese"),
@@ -2927,19 +2719,75 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA
* \return string
* */
function get_post($name)
* \return string
* */
function get_post($name)
+{
+ if(!isset($_POST[$name])){
+ trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
+ return(FALSE);
+ }
+
+ // Handle Posted Arrays
+ $tmp = array();
+ if(is_array($_POST[$name]) && !is_string($_POST[$name])){
+ foreach($_POST[$name] as $key => $val){
+ if(get_magic_quotes_gpc()){
+ $val = stripcslashes($val);
+ }
+ $tmp[$key] = $val;
+ }
+ return($tmp);
+ }else{
+
+ if(get_magic_quotes_gpc()){
+ $val = stripcslashes($_POST[$name]);
+ }else{
+ $val = $_POST[$name];
+ }
+ }
+ return($val);
+}
+
+
+/*! \brief Returns contents of the given POST variable and check magic quotes settings
+ *
+ * Depending on the magic quotes settings this returns a stripclashed'ed version of
+ * a certain POST variable.
+ *
+ * \param string 'name' the POST var to return ($_POST[$name])
+ * \return string
+ * */
+function get_binary_post($name)
{
if(!isset($_POST[$name])){
trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
return(FALSE);
}
{
if(!isset($_POST[$name])){
trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
return(FALSE);
}
+ $p = str_replace('\0', '', $_POST[$name]);
if(get_magic_quotes_gpc()){
if(get_magic_quotes_gpc()){
- return(stripcslashes(validate($_POST[$name])));
+ return(stripcslashes($p));
}else{
}else{
- return(validate($_POST[$name]));
+ return($_POST[$p]);
}
}
}
}
+function set_post($value)
+{
+ // Take care of array, recursivly convert each array entry.
+ if(is_array($value)){
+ foreach($value as $key => $val){
+ $value[$key] = set_post($val);
+ }
+ return($value);
+ }
+
+ // Do not touch boolean values, we may break them.
+ if($value === TRUE || $value === FALSE ) return($value);
+
+ // Return a fixed string which can then be used in HTML fields without
+ // breaking the layout or the values. This allows to use '"<> in input fields.
+ return(htmlentities($value, ENT_QUOTES, 'utf-8'));
+}
+
/*! \brief Return class name in correct case */
function get_correct_class_name($cls)
/*! \brief Return class name in correct case */
function get_correct_class_name($cls)
}
}
-/*! \brief Change the password of a given DN
- *
- * Change the password of a given DN with the specified hash.
- *
- * \param string 'dn' the DN whose password shall be changed
- * \param string 'password' the password
- * \param int mode
- * \param string 'hash' which hash to use to encrypt it, default is empty
- * for cleartext storage.
- * \return boolean TRUE on success FALSE on error
+/*! \brief Change the password for a given object ($dn).
+ * This method uses the specified hashing method to generate a new password
+ * for the object and it also takes care of sambaHashes, if enabled.
+ * Finally the postmodify hook of the class 'user' will be called, if it is set.
+ *
+ * @param String The DN whose password shall be changed.
+ * @param String The new password.
+ * @param Boolean Skip adding samba hashes to the target (sambaNTPassword,sambaLMPassword)
+ * @param String The hashin method to use, default is the global configured default.
+ * @param String The users old password, this allows script based rollback mechanisms,
+ * the prehook will then be called witch switched newPassword/oldPassword.
+ * @return Boolean TRUE on success else FALSE.
*/
*/
-function change_password ($dn, $password, $mode=0, $hash= "")
+function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password = "", &$message = "")
{
{
- global $config;
- $newpass= "";
+ global $config;
+ $newpass= "";
- /* Convert to lower. Methods are lowercase */
- $hash= strtolower($hash);
-
- // Get all available encryption Methods
-
- // NON STATIC CALL :)
- $methods = new passwordMethod(session::get('config'));
- $available = $methods->get_available_methods();
-
- // read current password entry for $dn, to detect the encryption Method
- $ldap = $config->get_ldap_link();
- $ldap->cat ($dn, array("shadowLastChange", "userPassword", "uid"));
- $attrs = $ldap->fetch ();
-
- /* Is ensure that clear passwords will stay clear */
- if($hash == "" && isset($attrs['userPassword'][0]) && !preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0])){
- $hash = "clear";
- }
-
- // Detect the encryption Method
- if ( (isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)) || $hash != ""){
-
- /* Check for supported algorithm */
+ // Not sure, why this is here, but maybe some encryption methods require it.
mt_srand((double) microtime()*1000000);
mt_srand((double) microtime()*1000000);
- /* Extract used hash */
- if ($hash == ""){
- $test = passwordMethod::get_method($attrs['userPassword'][0],$dn);
- } else {
- $test = new $available[$hash]($config,$dn);
- $test->set_hash($hash);
- }
-
- } else {
- // User MD5 by default
- $hash= "md5";
- $test = new $available['md5']($config);
- }
+ // Get a list of all available password encryption methods.
+ $methods = new passwordMethod(session::get('config'),$dn);
+ $available = $methods->get_available_methods();
- if($test instanceOf passwordMethod){
-
- $deactivated = $test->is_locked($config,$dn);
+ // Fetch the current object data, to be able to detect the current hashing method
+ // and to be able to rollback changes once has an error occured.
+ $ldap = $config->get_ldap_link();
+ $ldap->cat ($dn, array("shadowLastChange", "userPassword","sambaNTPassword","sambaLMPassword", "uid"));
+ $attrs = $ldap->fetch ();
+ $initialAttrs = $attrs;
+
+ // If no hashing method is enforced, then detect what method we've to use.
+ $hash = strtolower($hash);
+ if(empty($hash)){
+
+ // Do we need clear-text password for this object?
+ if(isset($attrs['userPassword'][0]) && !preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0])){
+ $hash = "clear";
+ $test = new $available[$hash]($config,$dn);
+ $test->set_hash($hash);
+ }
- /* Feed password backends with information */
- $test->dn= $dn;
- $test->attrs= $attrs;
- $newpass= $test->generate_hash($password);
+ // If we've still no valid hashing method detected, then try to extract if from the userPassword attribute.
+ elseif(isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)){
+ $test = passwordMethod::get_method($attrs['userPassword'][0],$dn);
+ $hash = $test->get_hash_name();
+ }
- // Update shadow timestamp?
- if (isset($attrs["shadowLastChange"][0])){
- $shadow= (int)(date("U") / 86400);
- } else {
- $shadow= 0;
+ // No current password was found and no hash is enforced, so we've to use the config default here.
+ $hash = $config->get_cfg_value('core','passwordDefaultHash');
+ $test = new $available[$hash]($config,$dn);
+ $test->set_hash($hash);
+ }else{
+ $test = new $available[$hash]($config,$dn);
+ $test->set_hash($hash);
}
}
- // Write back modified entry
- $ldap->cd($dn);
- $attrs= array();
-
- // Not for groups
- if ($mode == 0){
- // Create SMB Password
- $attrs= generate_smb_nt_hash($password);
-
- if ($shadow != 0){
- $attrs['shadowLastChange']= $shadow;
- }
- }
+ // We've now a valid password-method-handle and can create the new password hash or don't we?
+ if(!$test instanceOf passwordMethod){
+ $message = _("Cannot detect password hash!");
+ }else{
- $attrs['userPassword']= array();
- $attrs['userPassword']= $newpass;
+ // Feed password backends with object information.
+ $test->dn = $dn;
+ $test->attrs = $attrs;
+ $newpass= $test->generate_hash($password);
+
+ // Do we have to append samba attributes too?
+ // - sambaNTPassword / sambaLMPassword
+ $tmp = $config->get_cfg_value('core','sambaHashHook');
+ $attrs= array();
+ if (!$mode && !empty($tmp)){
+ $attrs= generate_smb_nt_hash($password);
+ $shadow = (isset($attrs["shadowLastChange"][0]))?(int)(date("U") / 86400):0;
+ if ($shadow != 0){
+ $attrs['shadowLastChange']= $shadow;
+ }
+ }
- $ldap->modify($attrs);
+ // Write back the new password hash
+ $ldap->cd($dn);
+ $attrs['userPassword']= $newpass;
- /* Read ! if user was deactivated */
- if($deactivated){
- $test->lock_account($config,$dn);
- }
+ // Prepare a special attribute list, which will be used for event hook calls
+ $attrsEvent = array();
+ foreach($initialAttrs as $name => $value){
+ if(!is_numeric($name))
+ $attrsEvent[$name] = escapeshellarg($value[0]);
+ }
+ $attrsEvent['dn'] = escapeshellarg($initialAttrs['dn']);
+ foreach($attrs as $name => $value){
+ $attrsEvent[$name] = escapeshellarg($value);
+ }
+ $attrsEvent['current_password'] = escapeshellarg($old_password);
+ $attrsEvent['new_password'] = escapeshellarg($password);
+
+ // Call the premodify hook now
+ $passwordPlugin = new password($config,$dn);
+ plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE);
+ if($retCode === 0 && count($output)){
+ $message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output));
+ return(FALSE);
+ }
- new log("modify","users/passwordMethod",$dn,array_keys($attrs),$ldap->get_error());
+ // Perform ldap operations
+ $ldap->modify($attrs);
- if (!$ldap->success()) {
- msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, ERROR_DIALOG));
- } else {
+ // Check if the object was locked before, if it was, lock it again!
+ $deactivated = $test->is_locked($config,$dn);
+ if($deactivated){
+ $test->lock_account($config,$dn);
+ }
- /* Run backend method for change/create */
- if(!$test->set_password($password)){
- return(FALSE);
- }
+ // Check if everything went fine and then call the post event hooks.
+ // If an error occures, then try to rollback the complete actions done.
+ $preRollback = FALSE;
+ $ldapRollback = FALSE;
+ $success = TRUE;
+ if (!$ldap->success()) {
+ new log("modify","users/passwordMethod",$dn,array(),"Password change - ldap modifications! - FAILED");
+ $success =FALSE;
+ $message = msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD);
+ $preRollback =TRUE;
+ } else {
- /* Find postmodify entries for this class */
- $command= $config->search("password", "POSTMODIFY",array('menu'));
+ // Now call the passwordMethod change mechanism.
+ if(!$test->set_password($password)){
+ $ldapRollback = TRUE;
+ $preRollback =TRUE;
+ $success = FALSE;
+ new log("modify","users/passwordMethod",$dn,array(),"Password change - set_password! - FAILED");
+ $message = _("Password change failed!");
+ }else{
+
+ // Execute the password hook
+ plugin::callHook($passwordPlugin, 'POSTMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE);
+ if($retCode === 0){
+ if(count($output)){
+ new log("modify","users/passwordMethod",$dn,array(),"Password change - Post modify hook reported! - FAILED!");
+ $message = sprintf(_("Post-event hook reported a problem: %s. Password change canceled!"),implode($output));
+ $ldapRollback = TRUE;
+ $preRollback = TRUE;
+ $success = FALSE;
+ }else{
+ #new log("modify","users/passwordMethod",$dn,array(),"Password change - successfull!");
+ }
+ }else{
+ $ldapRollback = TRUE;
+ $preRollback = TRUE;
+ $success = FALSE;
+ new log("modify","users/passwordMethod",$dn,array(),"Password change - postmodify hook execution! - FAILED");
+ new log("modify","users/passwordMethod",$dn,array(),$error);
+
+ // Call password method again and send in old password to
+ // keep the database consistency
+ $test->set_password($old_password);
+ }
+ }
+ }
- if ($command != ""){
- /* Walk through attribute list */
- $command= preg_replace("/%userPassword/", $password, $command);
- $command= preg_replace("/%dn/", $dn, $command);
+ // Setting the password in the ldap database or further operation failed, we should now execute
+ // the plugins pre-event hook, using switched passwords, new/old password.
+ // This ensures that passwords which were set outside of GOsa, will be reset to its
+ // starting value.
+ if($preRollback){
+ new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook!");
+ $oldpass= $test->generate_hash($old_password);
+ $attrsEvent['current_password'] = escapeshellarg($password);
+ $attrsEvent['new_password'] = escapeshellarg($old_password);
+ foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){
+ if(isset($initialAttrs[$attr][0])) $attrsEvent[$attr] = $initialAttrs[$attr][0];
+ }
+
+ plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE);
+ if($retCode === 0 && count($output)){
+ $message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output));
+ new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook! - FAILED!");
+ }
+ }
+
+ // We've written the password to the ldap database, but executing the postmodify hook failed.
+ // Now, we've to rollback all password related ldap operations.
+ if($ldapRollback){
+ new log("modify","users/passwordMethod",$dn,array(),"Rolling back ldap modifications!");
+ $attrs = array();
+ foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){
+ if(isset($initialAttrs[$attr][0])) $attrs[$attr] = $initialAttrs[$attr][0];
+ }
+ $ldap->cd($dn);
+ $ldap->modify($attrs);
+ if(!$ldap->success()){
+ $message = msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD);
+ new log("modify","users/passwordMethod",$dn,array(),"Rolling back ldap modifications! - FAILED");
+ }
+ }
- if (check_command($command)){
- @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
- exec($command);
- } else {
- $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, "password");
- msg_dialog::display(_("Configuration error"), $message, ERROR_DIALOG);
+ // Log action.
+ if($success){
+ stats::log('global', 'global', array('users'), $action = 'change_password', $amount = 1, 0, $test->get_hash());
+ new log("modify","users/passwordMethod",$dn,array(),"Password change - successfull!");
+ }else{
+ new log("modify","users/passwordMethod",$dn,array(),"Password change - FAILED!");
}
}
- }
+
+ return($success);
}
}
- return(TRUE);
- }
}
}
{
global $config;
{
global $config;
- # Try to use gosa-si?
- if ($config->get_cfg_value("gosaSupportURI") != ""){
+ // First try to retrieve values via RPC
+ if ($config->get_cfg_value("core","gosaRpcServer") != ""){
+
+ $rpc = $config->getRpcHandle();
+ $hash = $rpc->mksmbhash($password);
+ if(!$rpc->success()){
+ msg_dialog::display(_("Error"),msgPool::rpcError($rpc->get_error()),ERROR_DIALOG);
+ return("");
+ }
+
+ }elseif ($config->get_cfg_value("core","gosaSupportURI") != ""){
+
+ // Try using gosa-si
$res= gosaSupportDaemon::send("gosa_gen_smb_hash", "GOSA", array("password" => $password), TRUE);
if (isset($res['XML']['HASH'])){
$hash= $res['XML']['HASH'];
$res= gosaSupportDaemon::send("gosa_gen_smb_hash", "GOSA", array("password" => $password), TRUE);
if (isset($res['XML']['HASH'])){
$hash= $res['XML']['HASH'];
}
if ($hash == "") {
}
if ($hash == "") {
- msg_dialog::display(_("Configuration error"), _("Cannot generate samba hash!"), ERROR_DIALOG);
+ msg_dialog::display(_("Configuration error"), _("Cannot generate SAMBA hash!"), ERROR_DIALOG);
return ("");
}
} else {
return ("");
}
} else {
- $tmp= $config->get_cfg_value('sambaHashHook')." ".escapeshellarg($password);
+ $tmp = $config->get_cfg_value("core",'sambaHashHook');
+ $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp);
+ $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp);
@DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
exec($tmp, $ar);
@DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
exec($tmp, $ar);
$hash= current($ar);
if ($hash == "") {
$hash= current($ar);
if ($hash == "") {
- msg_dialog::display(_("Configuration error"), sprintf(_("Cannot generate samba hash: running '%s' failed, check the 'sambaHashHook'!"),$config->get_cfg_value('sambaHashHook')), ERROR_DIALOG);
+ msg_dialog::display(_("Configuration error"), sprintf(_("Generating SAMBA hash by running %s failed: check %s!"), bold($config->get_cfg_value("core",'sambaHashHook'), bold("sambaHashHook"))), ERROR_DIALOG);
return ("");
}
}
return ("");
}
}
}
/* Get attribute that we should use as serial number */
}
/* Get attribute that we should use as serial number */
- $attr= $config->get_cfg_value("modificationDetectionAttribute");
+ $attr= $config->get_cfg_value("core","modificationDetectionAttribute");
if($attr != ""){
$ldap = $config->get_ldap_link();
$ldap->cat($dn,array($attr));
if($attr != ""){
$ldap = $config->get_ldap_link();
$ldap->cat($dn,array($attr));
while($attrs = $ldap->fetch()){
$new_attrs = array("accessTo" => array());
$dn = $attrs['dn'];
while($attrs = $ldap->fetch()){
$new_attrs = array("accessTo" => array());
$dn = $attrs['dn'];
- for($i = 0 ; $i < $attrs['objectClass']['count']; $i++){
- $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
- }
for($i = 0 ; $i < $attrs['accessTo']['count']; $i++){
if($attrs['accessTo'][$i] == $from){
if(!empty($to)){
for($i = 0 ; $i < $attrs['accessTo']['count']; $i++){
if($attrs['accessTo'][$i] == $from){
if(!empty($to)){
{
global $config;
{
global $config;
- switch ($config->get_cfg_value("idAllocationMethod", "traditional")){
+ switch ($config->get_cfg_value("core","idAllocationMethod")){
case "pool":
return get_next_id_pool($attrib);
case "traditional":
return get_next_id_traditional($attrib, $dn);
}
case "pool":
return get_next_id_pool($attrib);
case "traditional":
return get_next_id_traditional($attrib, $dn);
}
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG);
+ msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG);
return null;
}
return null;
}
global $config;
/* Fill informational values */
global $config;
/* Fill informational values */
- $min= $config->get_cfg_value("${attrib}PoolMin", 10000);
- $max= $config->get_cfg_value("${attrib}PoolMax", 40000);
+ $min= $config->get_cfg_value("core","${attrib}PoolMin");
+ $max= $config->get_cfg_value("core","${attrib}PoolMax");
/* Sanity check */
if ($min >= $max) {
/* Sanity check */
if ($min >= $max) {
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), $attrib), ERROR_DIALOG);
+ msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), bold($attrib), bold($attrib)), ERROR_DIALOG);
return null;
}
return null;
}
/* If it does not exist, create one with these defaults */
if ($ldap->count() == 0) {
/* Fill informational values */
/* If it does not exist, create one with these defaults */
if ($ldap->count() == 0) {
/* Fill informational values */
- $minUserId= $config->get_cfg_value("uidPoolMin", 10000);
- $minGroupId= $config->get_cfg_value("gidPoolMin", 10000);
+ $minUserId= $config->get_cfg_value("core","uidNumberPoolMin");
+ $minGroupId= $config->get_cfg_value("core","gidNumberPoolMin");
/* Add as default */
$attrs= array("objectClass" => array("organizationalUnit", "sambaUnixIdPool"));
/* Add as default */
$attrs= array("objectClass" => array("organizationalUnit", "sambaUnixIdPool"));
}
/* Bail out if it's not unique */
if ($ldap->count() != 1) {
}
/* Bail out if it's not unique */
if ($ldap->count() != 1) {
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG);
+ msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG);
return null;
}
return null;
}
/* Sanity check */
if ($newAttr >= $max) {
/* Sanity check */
if ($newAttr >= $max) {
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG);
+ msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG);
return null;
}
if ($newAttr < $min) {
return null;
}
if ($newAttr < $min) {
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG);
+ msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG);
return null;
}
return null;
}
$ldap->cd($dn);
$ldap->modify(array($attrib => $newAttr));
if ($ldap->error != "Success") {
$ldap->cd($dn);
$ldap->modify(array($attrib => $newAttr));
if ($ldap->error != "Success") {
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".$ldap->get_error(), ERROR_DIALOG);
+ msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".$ldap->get_error(), ERROR_DIALOG);
return null;
} else {
return $oldAttr;
return null;
} else {
return $oldAttr;
/* Bail out if we had problems getting the next id */
if (!$tries) {
/* Bail out if we had problems getting the next id */
if (!$tries) {
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("maximum tries exceeded!"), ERROR_DIALOG);
+ msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("maximum number of tries exceeded!"), ERROR_DIALOG);
}
return $id;
}
return $id;
/* get the ranges */
$tmp = array('0'=> 1000);
/* get the ranges */
$tmp = array('0'=> 1000);
- if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("uidNumberBase") != ""){
- $tmp= explode('-',$config->get_cfg_value("uidNumberBase"));
- } elseif($config->get_cfg_value("gidNumberBase") != ""){
- $tmp= explode('-',$config->get_cfg_value("gidNumberBase"));
+ if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("core","uidNumberBase") != ""){
+ $tmp= explode('-',$config->get_cfg_value("core","uidNumberBase"));
+ } elseif($config->get_cfg_value("core","gidNumberBase") != ""){
+ $tmp= explode('-',$config->get_cfg_value("core","gidNumberBase"));
}
/* Set hwm to max if not set - for backward compatibility */
}
/* Set hwm to max if not set - for backward compatibility */
$hwm= pow(2,32);
}
/* Find out next free id near to UID_BASE */
$hwm= pow(2,32);
}
/* Find out next free id near to UID_BASE */
- if ($config->get_cfg_value("baseIdHook") == ""){
+ if ($config->get_cfg_value("core","baseIdHook") == ""){
$base= $lwm;
} else {
/* Call base hook */
$base= $lwm;
} else {
/* Call base hook */
/* Should not happen */
if ($id == $hwm){
/* Should not happen */
if ($id == $hwm){
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
+ msg_dialog::display(_("Error"), _("Cannot allocate free ID!"), ERROR_DIALOG);
exit;
}
}
exit;
}
}
// Get theme
if (isset ($config)){
// Get theme
if (isset ($config)){
- $theme= $config->get_cfg_value("theme", "default");
+ $theme= $config->get_cfg_value("core","theme");
} else {
} else {
- # For debuging - avoid that there's no theme set
- die("config not set!");
+
+ // Fall back to default theme
$theme= "default";
}
$theme= "default";
}
}
}
}
}
+/*! \brief Encodes a complex string to be useable in HTML posts.
+ */
+function postEncode($str)
+{
+ return(preg_replace("/=/","_", base64_encode($str)));
+}
+
+/*! \brief Decodes a string encoded by postEncode
+ */
+function postDecode($str)
+{
+ return(base64_decode(preg_replace("/_/","=", $str)));
+}
+
+
+/*! \brief Generate styled output
+ */
+function bold($str)
+{
+ return "<span class='highlight'>$str</span>";
+}
+
+
+
+/*! \brief Detect the special character handling for the currently used ldap database.
+ * For example some convert , to \2C or " to \22.
+ *
+ * @param Config The GOsa configuration object.
+ * @return Array An array containing a character mapping the use.
+ */
+function detectLdapSpecialCharHandling()
+{
+ // The list of chars to test for
+ global $config;
+ if(!$config) return(NULL);
+
+ // In the DN we've to use escaped characters, but the object name (o)
+ // has the be un-escaped.
+ $name = 'GOsaLdapEncoding_,_"_(_)_+';
+ $dnName = 'GOsaLdapEncoding_\,_\"_(_)_\+';
+
+ // Prapare name to be useable in filters
+ $fixed= normalizeLdap(str_replace('\\\\', '\\\\\\', $name));
+ $filterName = str_replace('\\,', '\\\\,', $fixed);
+
+ // Create the target dn
+ $oDN = "o={$dnName},".$config->current['BASE'];
+
+ // Get ldap connection and check if we've already created the character
+ // detection object.
+ $ldapCID = ldap_connect($config->current['SERVER']);
+ ldap_set_option($ldapCID, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_bind($ldapCID, $config->current['ADMINDN'],$config->current['ADMINPASSWORD']);
+ $res = ldap_list($ldapCID, $config->current['BASE'],
+ "(&(o=".$filterName.")(objectClass=organization))",
+ array('dn'));
+
+ // If we haven't created the character-detection object, then create it now.
+ $cnt = ldap_count_entries($ldapCID, $res);
+ if(!$cnt){
+ $obj = array();
+ $obj['objectClass'] = array('top','organization');
+ $obj['o'] = $name;
+ $obj['description'] = 'GOsa character encoding test-object.';
+ if(!@ldap_add($ldapCID, $oDN, $obj)){
+ trigger_error("GOsa couldn't detect the special character handling used by your ldap!");
+ return(NULL);
+ }
+ }
+
+ // Read the character-handling detection entry from the ldap.
+ $res = ldap_list($ldapCID, $config->current['BASE'],
+ "(&(o=".$filterName.")(objectClass=organization))",
+ array('dn','o'));
+ $cnt = ldap_count_entries($ldapCID, $res);
+ if($cnt != 1 || !$res){
+ trigger_error("GOsa couldn't detect the special character handling used by your ldap!");
+ return(NULL);
+ }else{
+
+ // Get the character handling entry from the ldap and check how the
+ // values were written. Compare them with what
+ // we've initially intended to write and create a mapping out
+ // of the results.
+ $re = ldap_first_entry($ldapCID, $res);
+ $attrs = ldap_get_attributes($ldapCID, $re);
+
+ // Extract the interessting characters out of the dn and the
+ // initially used $name for the entry.
+ $mapDNstr = preg_replace("/^o=GOsaLdapEncoding_([^,]*),.*$/","\\1", trim(ldap_get_dn($ldapCID, $re)));
+ $mapDN = preg_split("/_/", $mapDNstr,0, PREG_SPLIT_NO_EMPTY);
+
+ $mapNameStr = preg_replace("/^GOsaLdapEncoding_/","",$dnName);
+ $mapName = preg_split("/_/", $mapNameStr,0, PREG_SPLIT_NO_EMPTY);
+
+ // Create a mapping out of the results.
+ $map = array();
+ foreach($mapName as $key => $entry){
+ $map[$entry] = $mapDN[$key];
+ }
+ return($map);
+ }
+ return(NULL);
+}
+
+
+/*! \brief Replaces placeholder in a given string.
+ * For example:
+ * '%uid@gonicus.de' Replaces '%uid' with 'uid'.
+ * '{%uid[0]@gonicus.de}' Replaces '%uid[0]' with the first char of 'uid'.
+ * '%uid[2-4]@gonicus.de' Replaces '%uid[2-4]' with three chars from 'uid' starting from the second.
+ *
+ * The surrounding {} in example 2 are optional.
+ *
+ * @param String The string to perform the action on.
+ * @param Array An array of replacements.
+ * @return The resulting string.
+ */
+function fillReplacements($str, $attrs, $shellArg = FALSE, $default = "")
+{
+ // Search for '{%...[n-m]}
+ // Get all matching parts of the given string and sort them by
+ // length, to avoid replacing strings like '%uidNumber' with 'uid'
+ // instead of 'uidNumber'; The longest tring at first.
+ preg_match_all('/(\{?%([a-z0-9]+)(\[(([0-9]+)(\-([0-9]+))?)\])?\}?)/i', $str ,$matches, PREG_SET_ORDER);
+ $hits = array();
+ foreach($matches as $match){
+ $hits[strlen($match[2]).$match[0]] = $match;
+ }
+ krsort($hits);
+
+ // Replace the placeholder in the given string now.
+ foreach($hits as $match){
+
+ // Avoid errors about undefined index.
+ $name = $match[2];
+ if(!isset($attrs[$name])) $attrs[$name] = $default;
+
+ // Calculate the replacement
+ $start = (isset($match[5])) ? $match[5] : 0;
+ $end = strlen($attrs[$name]);
+ if(isset($match[5]) && !isset($match[7])){
+ $end = 1;
+ }elseif(isset($match[5]) && isset($match[7])){
+ $end = ($match[7]-$start+1);
+ }
+ $value = substr($attrs[$name], $start, $end);
+
+ // Use values which are valid for shell execution?
+ if($shellArg) $value = escapeshellarg($value);
+
+ // Replace the placeholder within the string.
+ $str = preg_replace("/".preg_quote($match[0],'/')."/", $value, $str);
+ }
+ return($str);
+}
+
+
+/*! \brief Generate a list of uid proposals based on a rule
+ *
+ * Unroll given rule string by filling in attributes and replacing
+ * all keywords.
+ *
+ * \param string 'rule' The rule string from gosa.conf.
+ * \param array 'attributes' A dictionary of attribute/value mappings
+ * \return array List of valid not used uids
+ */
+function gen_uids($rule, $attributes)
+{
+ global $config;
+ $ldap = $config->get_ldap_link();
+ $ldap->cd($config->current['BASE']);
+
+
+ // Strip out non ascii chars
+ foreach($attributes as $name => $value){
+ $value = iconv('UTF-8', 'US-ASCII//TRANSLIT', $value);
+ $value = preg_replace('/[^(\x20-\x7F)]*/','',$value);
+ $attributes[$name] = strtolower($value);
+ }
+
+ // Search for '{%...[n-m]}
+ // Get all matching parts of the given string and sort them by
+ // length, to avoid replacing strings like '%uidNumber' with 'uid'
+ // instead of 'uidNumber'; The longest tring at first.
+ preg_match_all('/(\{?%([a-z0-9]+)(\[(([0-9]+)(\-([0-9]+))?)\])?\}?)/i', $rule ,$matches, PREG_SET_ORDER);
+ $replacements = array();
+ foreach($matches as $match){
+
+ // No start position given, then add the complete value
+ if(!isset($match[5])){
+ $replacements[$match[0]][] = $attributes[$match[2]];
+
+ // Start given but no end, so just add a simple character
+ }elseif(!isset($match[7])){
+ if(isset($attributes[$match[2]][$match[5]])){
+ $replacements[$match[0]][] = $attributes[$match[2]][$match[5]];
+ }
+
+ // Add all values in range
+ }else{
+ $str = "";
+ for($i=$match[5]; $i<= $match[7]; $i++){
+ if(isset($attributes[$match[2]][$i])){
+ $str .= $attributes[$match[2]][$i];
+ $replacements[$match[0]][] = $str;
+ }
+ }
+ }
+ }
+
+ // Create proposal array
+ $rules = array($rule);
+ foreach($replacements as $tag => $values){
+ $rules = gen_uid_proposals($rules, $tag,$values);
+ }
+
+
+ // Search for id tags {id:3} / {id#3}
+ preg_match_all('/\{id(#|:)([0-9])+\}/i', $rule ,$matches, PREG_SET_ORDER);
+ $idReplacements = array();
+ foreach($matches as $match){
+ if(count($match) != 3) continue;
+
+ // Generate random number
+ if($match[1] == '#'){
+ foreach($rules as $id => $ruleStr){
+ $genID = rand(pow(10,$match[2] -1),pow(10, ($match[2])) - 1);
+ $rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/", $genID,$ruleStr);
+ }
+ }
+
+ // Search for next free id
+ if($match[1] == ':'){
+
+ // Walk through rules and replace all occurences of {id:..}
+ foreach($rules as $id => $ruleStr){
+ $genID = 0;
+ $start = TRUE;
+ while($start || $ldap->count()){
+ $start = FALSE;
+ $number= sprintf("%0".$match[2]."d", $genID);
+ $testRule = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr);
+ $ldap->search('uid='.normalizeLdap($testRule));
+ $genID ++;
+ }
+ $rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr);
+ }
+ }
+ }
+
+ // Create result set by checking which uid is already used and which is free.
+ $ret = array();
+ foreach($rules as $rule){
+ $ldap->search('uid='.normalizeLdap($rule));
+ if(!$ldap->count()){
+ $ret[] = $rule;
+ }
+ }
+
+ return($ret);
+}
+
+
+function gen_uid_proposals(&$rules, $tag, $values)
+{
+ $newRules = array();
+ foreach($rules as $rule){
+ foreach($values as $value){
+ $newRules[] = preg_replace("/".preg_quote($tag,'/')."/", $value, $rule);
+ }
+ }
+ return($newRules);
+}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>