index 4962bb11f2eb1dec3bdb7459eadee2bed2de01e2..1ec22f9c8ed277d71848605817745c0a5ada8a34 100644 (file)
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-/* Configuration file location */
+/*! \file
+ * Common functions and named definitions. */
-/* Allow setting the config patj in the apache configuration
- e.g. SetEnv CONFIG_FILE /etc/path
- */
+/* Define globals for revision comparing */
+$svn_path = '$HeadURL$';
+$svn_revision = '$Revision$';
+
+/* Configuration file location */
if(!isset($_SERVER['CONFIG_DIR'])){
define ("CONFIG_DIR", "/etc/gosa");
}else{
define ("CONFIG_FILE",$_SERVER['CONFIG_FILE']);
}
+/* Define common locatitions */
define ("CONFIG_TEMPLATE_DIR", "../contrib");
define ("TEMP_DIR","/var/cache/gosa/tmp");
define('DES3_CBC_MD5',5);
define('DES3_CBC_SHA1',16);
-/* Define globals for revision comparing */
-$svn_path = '$HeadURL$';
-$svn_revision = '$Revision$';
-
/* Include required files */
require_once("class_location.inc");
require_once ("functions_debug.inc");
require_once ("accept-to-gettext.inc");
/* Define constants for debugging */
-define ("DEBUG_TRACE", 1);
-define ("DEBUG_LDAP", 2);
-define ("DEBUG_MYSQL", 4);
-define ("DEBUG_SHELL", 8);
-define ("DEBUG_POST", 16);
-define ("DEBUG_SESSION",32);
-define ("DEBUG_CONFIG", 64);
-define ("DEBUG_ACL", 128);
-define ("DEBUG_SI", 256);
-define ("DEBUG_MAIL", 512); // mailAccounts, imap, sieve etc.
+define ("DEBUG_TRACE", 1); /*! Debug level for tracing of common actions (save, check, etc.) */
+define ("DEBUG_LDAP", 2); /*! Debug level for LDAP queries */
+define ("DEBUG_MYSQL", 4); /*! Debug level for mysql operations */
+define ("DEBUG_SHELL", 8); /*! Debug level for shell commands */
+define ("DEBUG_POST", 16); /*! Debug level for POST content */
+define ("DEBUG_SESSION",32); /*! Debug level for SESSION content */
+define ("DEBUG_CONFIG", 64); /*! Debug level for CONFIG information */
+define ("DEBUG_ACL", 128); /*! Debug level for ACL infos */
+define ("DEBUG_SI", 256); /*! Debug level for communication with gosa-si */
+define ("DEBUG_MAIL", 512); /*! Debug level for all about mail (mailAccounts, imap, sieve etc.) */
define ("DEBUG_FAI", 1024); // FAI (incomplete)
+
+// Define shadow states
+define ("POSIX_ACCOUNT_EXPIRED", 1);
+define ("POSIX_WARN_ABOUT_EXPIRATION", 2);
+define ("POSIX_FORCE_PASSWORD_CHANGE", 4);
+define ("POSIX_DISALLOW_PASSWORD_CHANGE", 8);
+
/* Rewrite german 'umlauts' and spanish 'accents'
to get better results */
$REWRITE= array( "ä" => "ae",
"Ñ" => "Ny" );
-/* Class autoloader */
-function __autoload($class_name) {
+/*! \brief Does autoloading for classes used in GOsa.
+ *
+ * Takes the list generated by 'update-gosa' and loads the
+ * file containing the requested class.
+ *
+ * \param string 'class_name' The currently requested class
+ */
+function __gosa_autoload($class_name) {
global $class_mapping, $BASE_DIR;
if ($class_mapping === NULL){
exit;
}
}
+spl_autoload_register('__gosa_autoload');
/*! \brief Checks if a class is available.
- * @param name String The class name.
- * @return boolean True if class is available, else false.
+ * \param string 'name' The subject of the test
+ * \return boolean True if class is available, else false.
*/
function class_available($name)
{
}
-/* Check if plugin is avaliable */
+/*! \brief Check if plugin is available
+ *
+ * Checks if a given plugin is available and readable.
+ *
+ * \param string 'plugin' the subject of the check
+ * \return boolean True if plugin is available, else FALSE.
+ */
function plugin_available($plugin)
{
global $class_mapping, $BASE_DIR;
}
-/* Create seed with microseconds */
+/*! \brief Create seed with microseconds
+ *
+ * Example:
+ * \code
+ * srand(make_seed());
+ * $random = rand();
+ * \endcode
+ *
+ * \return float a floating point number which can be used to feed srand() with it
+ * */
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
-/* Debug level action */
+/*! \brief Debug level action
+ *
+ * Print a DEBUG level if specified debug level of the level matches the
+ * the configured debug level.
+ *
+ * \param int 'level' The log level of the message (should use the constants,
+ * defined in functions.in (DEBUG_TRACE, DEBUG_LDAP, etc.)
+ * \param int 'line' Define the line of the logged action (using __LINE__ is common)
+ * \param string 'function' Define the function where the logged action happened in
+ * (using __FUNCTION__ is common)
+ * \param string 'file' Define the file where the logged action happend in
+ * (using __FILE__ is common)
+ * \param mixed 'data' The data to log. Can be a message or an array, which is printed
+ * with print_a
+ * \param string 'info' Optional: Additional information
+ *
+ * */
function DEBUG($level, $line, $function, $file, $data, $info="")
{
if (session::global_get('DEBUGLEVEL') & $level){
}
+/*! \brief Determine which language to show to the user
+ *
+ * Determines which language should be used to present gosa content
+ * to the user. It does so by looking at several possibilites and returning
+ * the first setting that can be found.
+ *
+ * -# Language configured by the user
+ * -# Global configured language
+ * -# Language as returned by al2gt (as configured in the browser)
+ *
+ * \return string gettext locale string
+ */
function get_browser_language()
{
/* Try to use users primary language */
}
-/* Rewrite ui object to another dn */
+/*! \brief Rewrite ui object to another dn
+ *
+ * Usually used when a user is renamed. In this case the dn
+ * in the user object must be updated in order to point
+ * to the correct DN.
+ *
+ * \param string 'dn' the old DN
+ * \param string 'newdn' the new DN
+ * */
function change_ui_dn($dn, $newdn)
{
$ui= session::global_get('ui');
}
-/* Return theme path for specified file */
+/*! \brief Return themed path for specified base file
+ *
+ * Depending on its parameters, this function returns the full
+ * path of a template file. First match wins while searching
+ * in this order:
+ *
+ * - load theme depending file
+ * - load global theme depending file
+ * - load default theme file
+ * - load global default theme file
+ *
+ * \param string 'filename' The base file name
+ * \param boolean 'plugin' Flag to take the plugin directory as search base
+ * \param string 'path' User specified path to take as search base
+ * \return string Full path to the template file
+ */
function get_template_path($filename= '', $plugin= FALSE, $path= "")
{
global $config, $BASE_DIR;
/* Return plugin dir or root directory? */
if ($plugin){
if ($path == ""){
- $nf= preg_replace("!^".$BASE_DIR."/!", "", session::global_get('plugin_dir'));
+ $nf= preg_replace("!^".$BASE_DIR."/!", "", preg_replace('/^\.\.\//', '', session::global_get('plugin_dir')));
} else {
$nf= preg_replace("!^".$BASE_DIR."/!", "", $path);
}
}
+/*! \brief Remove multiple entries from an array
+ *
+ * Removes every element that is in $needles from the
+ * array given as $haystack
+ *
+ * \param array 'needles' array of the entries to remove
+ * \param array 'haystack' original array to remove the entries from
+ */
function array_remove_entries($needles, $haystack)
{
return (array_merge(array_diff($haystack, $needles)));
}
+/*! \brief Remove multiple entries from an array (case-insensitive)
+ *
+ * Same as array_remove_entries(), but case-insensitive. */
function array_remove_entries_ics($needles, $haystack)
{
// strcasecmp will work, because we only compare ASCII values here
}
+/*! Merge to array but remove duplicate entries
+ *
+ * Merges two arrays and removes duplicate entries. Triggers
+ * an error if first or second parametre is not an array.
+ *
+ * \param array 'ar1' first array
+ * \param array 'ar2' second array-
+ * \return array
+ */
function gosa_array_merge($ar1,$ar2)
{
if(!is_array($ar1) || !is_array($ar2)){
}
+/*! \brief Generate a system log info
+ *
+ * Creates a syslog message, containing user information.
+ *
+ * \param string 'message' the message to log
+ * */
function gosa_log ($message)
{
global $ui;
/* Preset to something reasonable */
- $username= " unauthenticated";
+ $username= "[unauthenticated]";
/* Replace username if object is present */
if (isset($ui)){
if ($ui->username != ""){
$username= "[$ui->username]";
} else {
- $username= "unknown";
+ $username= "[unknown]";
}
}
}
+/*! \brief Initialize a LDAP connection
+ *
+ * Initializes a LDAP connection.
+ *
+ * \param string 'server'
+ * \param string 'base'
+ * \param string 'binddn' Default: empty
+ * \param string 'pass' Default: empty
+ *
+ * \return LDAP object
+ */
function ldap_init ($server, $base, $binddn='', $pass='')
{
global $config;
}
+/* \brief Process htaccess authentication */
function process_htaccess ($username, $kerberos= FALSE)
{
global $config;
}
+/*! \brief Verify user login against htaccess
+ *
+ * Checks if the specified username is available in apache, maps the user
+ * to an LDAP user. The password has been checked by apache already.
+ *
+ * \param string 'username'
+ * \return
+ * - TRUE on SUCCESS, NULL or FALSE on error
+ */
function ldap_login_user_htaccess ($username)
{
global $config;
$ui->loadACL();
/* TODO: check java script for htaccess authentication */
- session::global_set('js',true);
+ session::global_set('js', true);
return ($ui);
}
+/*! \brief Verify user login against LDAP directory
+ *
+ * Checks if the specified username is in the LDAP and verifies if the
+ * password is correct by binding to the LDAP with the given credentials.
+ *
+ * \param string 'username'
+ * \param string 'password'
+ * \return
+ * - TRUE on SUCCESS, NULL or FALSE on error
+ */
function ldap_login_user ($username, $password)
{
global $config;
$allowed_attributes = array("uid","mail");
$verify_attr = array();
if($config->get_cfg_value("loginAttribute") != ""){
- $tmp = split(",", $config->get_cfg_value("loginAttribute"));
+ $tmp = explode(",", $config->get_cfg_value("loginAttribute"));
foreach($tmp as $attr){
if(in_array($attr,$allowed_attributes)){
$verify_attr[] = $attr;
}
-function ldap_expired_account($config, $userdn, $username)
+/*! \brief Checks the posixAccount status by comparing the shadow attributes.
+ *
+ * @param Object The GOsa configuration object.
+ * @param String The 'dn' of the user to test the account status for.
+ * @param String The 'uid' of the user we're going to test.
+ * @return Const
+ * POSIX_ACCOUNT_EXPIRED - If the account is expired.
+ * POSIX_WARN_ABOUT_EXPIRATION - If the account is going to expire.
+ * POSIX_FORCE_PASSWORD_CHANGE - The password has to be changed.
+ * POSIX_DISALLOW_PASSWORD_CHANGE - The password cannot be changed right now.
+ *
+ *
+ *
+ * shadowLastChange
+ * |
+ * |---- shadowMin ---> | <-- shadowMax --
+ * | | |
+ * |------- shadowWarning -> |
+ * |-- shadowInactive --> DEACTIVATED
+ * |
+ * EXPIRED
+ *
+ */
+function ldap_expired_account($config, $userdn, $uid)
{
+
+ // Skip this for the admin account, we do not want to lock him out.
+ if($uid == 'admin') return(0);
+
$ldap= $config->get_ldap_link();
+ $ldap->cd($config->current['BASE']);
$ldap->cat($userdn);
$attrs= $ldap->fetch();
-
- /* default value no errors */
- $expired = 0;
-
- $sExpire = 0;
- $sLastChange = 0;
- $sMax = 0;
- $sMin = 0;
- $sInactive = 0;
- $sWarning = 0;
-
- $current= date("U");
-
- $current= floor($current /60 /60 /24);
-
- /* special case of the admin, should never been locked */
- /* FIXME should allow any name as user admin */
- if($username != "admin")
- {
+ $current= floor(date("U") /60 /60 /24);
- if(isset($attrs['shadowExpire'][0])){
- $sExpire= $attrs['shadowExpire'][0];
- } else {
- $sExpire = 0;
- }
-
- if(isset($attrs['shadowLastChange'][0])){
- $sLastChange= $attrs['shadowLastChange'][0];
- } else {
- $sLastChange = 0;
- }
-
- if(isset($attrs['shadowMax'][0])){
- $sMax= $attrs['shadowMax'][0];
- } else {
- $smax = 0;
- }
+ // Fetch required attributes
+ foreach(array('shadowExpire','shadowLastChange','shadowMax','shadowMin',
+ 'shadowInactive','shadowWarning') as $attr){
+ $$attr = (isset($attrs[$attr][0]))? $attrs[$attr][0] : null;
+ }
- if(isset($attrs['shadowMin'][0])){
- $sMin= $attrs['shadowMin'][0];
- } else {
- $sMin = 0;
- }
-
- if(isset($attrs['shadowInactive'][0])){
- $sInactive= $attrs['shadowInactive'][0];
- } else {
- $sInactive = 0;
- }
-
- if(isset($attrs['shadowWarning'][0])){
- $sWarning= $attrs['shadowWarning'][0];
- } else {
- $sWarning = 0;
- }
-
- /* is the account locked */
- /* shadowExpire + shadowInactive (option) */
- if($sExpire >0){
- if($current >= ($sExpire+$sInactive)){
- return(1);
+
+ // Check if the account has expired.
+ // ---------------------------------
+ // An account is locked/expired once its expiration date has reached (shadowExpire).
+ // If the optional attribute (shadowInactive) is set, we've to postpone
+ // the account expiration by the amount of days specified in (shadowInactive).
+ if($shadowExpire != null && $shadowExpire >= $current){
+
+ // The account seems to be expired, but we've to check 'shadowInactive' additionally.
+ // ShadowInactive specifies an amount of days we've to reprieve the user.
+ // It some kind of x days' grace.
+ if($shadowInactive == null || $current > $shadowExpire + $shadowInactive){
+
+ // Finally we've detect that the account is deactivated.
+ return(POSIX_ACCOUNT_EXPIRED);
}
- }
-
- /* the user should be warned to change is password */
- if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){
- if (($sExpire - $current) < $sWarning){
- return(2);
+ }
+
+ // The users password is going to expire.
+ // --------------------------------------
+ // We've to warn the user in the case of an expiring account.
+ // An account is going to expire when it reaches its expiration date (shadowExpire).
+ // The user has to be warned, if the days left till expiration, match the
+ // configured warning period (shadowWarning)
+ // --> shadowWarning: Warn x days before account expiration.
+ if($shadowExpire != null && $shadowWarning != null){
+
+ // Check if the account is still active and not already expired.
+ if($shadowExpire >= $current){
+
+ // Check if we've to warn the user by comparing the remaining
+ // number of days till expiration with the configured amount
+ // of days in shadowWarning.
+ if(($shadowExpire - $current) <= $shadowWarning){
+ return(POSIX_WARN_ABOUT_EXPIRATION);
+ }
}
- }
-
- /* force user to change password */
- if(($sLastChange >0) && ($sMax) >0){
- if($current >= ($sLastChange+$sMax)){
- return(3);
+ }
+
+ // -- I guess this is the correct detection, isn't it?
+ if($shadowLastChange != null && $shadowWarning != null && $shadowMax != null){
+ $daysRemaining = ($shadowLastChange + $shadowMax) - $current ;
+ if($daysRemaining > 0 && $daysRemaining <= $shadowWarning){
+ return(POSIX_WARN_ABOUT_EXPIRATION);
}
- }
-
- /* the user should not be able to change is password */
- if(($sLastChange >0) && ($sMin >0)){
- if (($sLastChange + $sMin) >= $current){
- return(4);
+ }
+
+
+
+ // Check if we've to force the user to change his password.
+ // --------------------------------------------------------
+ // A password change is enforced when the password is older than
+ // the configured amount of days (shadowMax).
+ // The age of the current password (shadowLastChange) plus the maximum
+ // amount amount of days (shadowMax) has to be smaller than the
+ // current timestamp.
+ if($shadowLastChange != null && $shadowMax != null){
+
+ // Check if we've an outdated password.
+ if($current >= ($shadowLastChange + $shadowMax)){
+ return(POSIX_FORCE_PASSWORD_CHANGE);
}
- }
}
- return($expired);
+
+
+ // Check if we've to freeze the users password.
+ // --------------------------------------------
+ // Once a user has changed his password, he cannot change it again
+ // for a given amount of days (shadowMin).
+ // We should not allow to change the password within GOsa too.
+ if($shadowLastChange != null && $shadowMin != null){
+
+ // Check if we've an outdated password.
+ if(($shadowLastChange + $shadowMin) >= $current){
+ return(POSIX_DISALLOW_PASSWORD_CHANGE);
+ }
+ }
+
+ return(0);
}
+/*! \brief Add a lock for object(s)
+ *
+ * Adds a lock by the specified user for one ore multiple objects.
+ * If the lock for that object already exists, an error is triggered.
+ *
+ * \param mixed 'object' object or array of objects to lock
+ * \param string 'user' the user who shall own the lock
+ * */
function add_lock($object, $user)
{
global $config;
}
+/*! \brief Remove a lock for object(s)
+ *
+ * Does the opposite of add_lock().
+ *
+ * \param mixed 'object' object or array of objects for which a lock shall be removed
+ * */
function del_lock ($object)
{
global $config;
}
+/*! \brief Remove all locks owned by a specific userdn
+ *
+ * For a given userdn remove all existing locks. This is usually
+ * called on logout.
+ *
+ * \param string 'userdn' the subject whose locks shall be deleted
+ */
function del_user_locks($userdn)
{
global $config;
}
+/*! \brief Get a lock for a specific object
+ *
+ * Searches for a lock on a given object.
+ *
+ * \param string 'object' subject whose locks are to be searched
+ * \return string Returns the user who owns the lock or "" if no lock is found
+ * or an error occured.
+ */
function get_lock ($object)
{
global $config;
}
+/*! Get locks for multiple objects
+ *
+ * Similar as get_lock(), but for multiple objects.
+ *
+ * \param array 'objects' Array of Objects for which a lock shall be searched
+ * \return A numbered array containing all found locks as an array with key 'dn'
+ * and key 'user' or "" if an error occured.
+ */
function get_multiple_locks($objects)
{
global $config;
}
-/* \!brief This function searches the ldap database.
- It search in $sub_bases,*,$base for all objects matching the $filter.
-
- @param $filter String The ldap search filter
- @param $category String The ACL category the result objects belongs
- @param $sub_bases String The sub base we want to search for e.g. "ou=apps"
- @param $base String The ldap base from which we start the search
- @param $attributes Array The attributes we search for.
- @param $flags Long A set of Flags
+/*! \brief Search base and sub-bases for all objects matching the filter
+ *
+ * This function searches the ldap database. It searches in $sub_bases,*,$base
+ * for all objects matching the $filter.
+ * \param string 'filter' The ldap search filter
+ * \param string 'category' The ACL category the result objects belongs
+ * \param string 'sub_bases' The sub base we want to search for e.g. "ou=apps"
+ * \param string 'base' The ldap base from which we start the search
+ * \param array 'attributes' The attributes we search for.
+ * \param long 'flags' A set of Flags
*/
function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
{
@@ -968,6 +1172,10 @@ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= arra
}
+/*! \brief Search base for all objects matching the filter
+ *
+ * Just like get_sub_list(), but without sub base search.
+ * */
function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
{
global $config, $ui;
@@ -1036,6 +1244,7 @@ function get_list($filter, $category, $base= "", $attributes= array(), $flags= G
}
+/*! \brief Show sizelimit configuration dialog if exceeded */
function check_sizelimit()
{
/* Ignore dialog? */
return ("");
}
-
+/*! \brief Print a sizelimit warning */
function print_sizelimit_warning()
{
if (session::global_is_set('size_limit') && session::global_get('size_limit') >= 10000000 ||
}
+/*! \brief Handle sizelimit dialog related posts */
function eval_sizelimit()
{
if (isset($_POST['set_size_action'])){
}
+/*! \brief Return the current userinfo object */
function &get_userinfo()
{
global $ui;
}
+/*! \brief Get global smarty object */
function &get_smarty()
{
global $smarty;
}
+/*! \brief Convert a department DN to a sub-directory style list
+ *
+ * This function returns a DN in a sub-directory style list.
+ * Examples:
+ * - ou=1.1.1,ou=limux becomes limux/1.1.1
+ * - cn=bla,ou=foo,dc=local becomes foo/bla or foo/bla/local, depending
+ * on the value for $base.
+ *
+ * If the specified DN contains a basedn which either matches
+ * the specified base or $config->current['BASE'] it is stripped.
+ *
+ * \param string 'dn' the subject for the conversion
+ * \param string 'base' the base dn, default: $this->config->current['BASE']
+ * \return a string in the form as described above
+ */
function convert_department_dn($dn, $base = NULL)
{
global $config;
$dep= "";
- foreach (split(',', $dn) as $rdn){
+ foreach (explode(',', $dn) as $rdn){
$dep = preg_replace("/^[^=]+=/","",$rdn)."/".$dep;
}
}
-/* Strip off the last sub department part of a '/level1/level2/.../'
- * style value. It removes the trailing '/', too. */
+/*! \brief Return the last sub department part of a '/level1/level2/.../' style value.
+ *
+ * Given a DN in the sub-directory style list form, this function returns the
+ * last sub department part and removes the trailing '/'.
+ *
+ * Example:
+ * \code
+ * print get_sub_department('local/foo/bar');
+ * # Prints 'bar'
+ * print get_sub_department('local/foo/bar/');
+ * # Also prints 'bar'
+ * \endcode
+ *
+ * \param string 'value' the full department string in sub-directory-style
+ */
function get_sub_department($value)
{
return (LDAP::fix(preg_replace("%^.*/([^/]+)/?$%", "\\1", $value)));
}
+/*! \brief Get the OU of a certain RDN
+ *
+ * Given a certain RDN name (ogroupRDN, applicationRDN etc.) this
+ * function returns either a configured OU or the default
+ * for the given RDN.
+ *
+ * Example:
+ * \code
+ * # Determine LDAP base where systems are stored
+ * $base = get_ou('systemRDN') . $this->config->current['BASE'];
+ * $ldap->cd($base);
+ * \endcode
+ * */
function get_ou($name)
{
global $config;
return "";
}
-
if ($ou != ""){
if (!preg_match('/^[^=]+=[^=]+/', $ou)){
$ou = @LDAP::convert("ou=$ou");
}
+/*! \brief Get the OU for users
+ *
+ * Frontend for get_ou() with userRDN
+ * */
function get_people_ou()
{
return (get_ou("userRDN"));
}
+/*! \brief Get the OU for groups
+ *
+ * Frontend for get_ou() with groupRDN
+ */
function get_groups_ou()
{
return (get_ou("groupRDN"));
}
+/*! \brief Get the OU for winstations
+ *
+ * Frontend for get_ou() with sambaMachineAccountRDN
+ */
function get_winstations_ou()
{
return (get_ou("sambaMachineAccountRDN"));
}
+/*! \brief Return a base from a given user DN
+ *
+ * \code
+ * get_base_from_people('cn=Max Muster,dc=local')
+ * # Result is 'dc=local'
+ * \endcode
+ *
+ * \param string 'dn' a DN
+ * */
function get_base_from_people($dn)
{
global $config;
}
+/*! \brief Check if strict naming rules are configured
+ *
+ * Return TRUE or FALSE depending on weither strictNamingRules
+ * are configured or not.
+ *
+ * \return Returns TRUE if strictNamingRules is set to true or if the
+ * config object is not available, otherwise FALSE.
+ */
function strict_uid_mode()
{
global $config;
}
+/*! \brief Get regular expression for checking uids based on the naming
+ * rules.
+ * \return string Returns the desired regular expression
+ */
function get_uid_regexp()
{
/* STRICT adds spaces and case insenstivity to the uid check.
}
+/*! \brief Generate a lock message
+ *
+ * This message shows a warning to the user, that a certain object is locked
+ * and presents some choices how the user can proceed. By default this
+ * is 'Cancel' or 'Edit anyway', but depending on the function call
+ * its possible to allow readonly access, too.
+ *
+ * Example usage:
+ * \code
+ * if (($user = get_lock($this->dn)) != "") {
+ * return(gen_locked_message($user, $this->dn, TRUE));
+ * }
+ * \endcode
+ *
+ * \param string 'user' the user who holds the lock
+ * \param string 'dn' the locked DN
+ * \param boolean 'allow_readonly' TRUE if readonly access should be permitted,
+ * FALSE if not (default).
+ *
+ *
+ */
function gen_locked_message($user, $dn, $allow_readonly = FALSE)
{
global $plug, $config;
}
+/*! \brief Return a string/HTML representation of an array
+ *
+ * This returns a string representation of a given value.
+ * It can be used to dump arrays, where every value is printed
+ * on its own line. The output is targetted at HTML output, it uses
+ * '<br>' for line breaks. If the value is already a string its
+ * returned unchanged.
+ *
+ * \param mixed 'value' Whatever needs to be printed.
+ * \return string
+ */
function to_string ($value)
{
/* If this is an array, generate a text blob */
}
+/*! \brief Return a list of all printers in the current base
+ *
+ * Returns an array with the CNs of all printers (objects with
+ * objectClass gotoPrinter) in the current base.
+ * ($config->current['BASE']).
+ *
+ * Example:
+ * \code
+ * $this->printerList = get_printer_list();
+ * \endcode
+ *
+ * \return array an array with the CNs of the printers as key and value.
+ * */
function get_printer_list()
{
global $config;
}
+/*! \brief Function to rewrite some problematic characters
+ *
+ * This function takes a string and replaces all possibly characters in it
+ * with less problematic characters, as defined in $REWRITE.
+ *
+ * \param string 's' the string to rewrite
+ * \return string 's' the result of the rewrite
+ * */
function rewrite($s)
{
global $REWRITE;
}
+/*! \brief Return the base of a given DN
+ *
+ * \param string 'dn' a DN
+ * */
function dn2base($dn)
{
global $config;
}
-
+/*! \brief Check if a given command exists and is executable
+ *
+ * Test if a given cmdline contains an executable command. Strips
+ * arguments from the given cmdline.
+ *
+ * \param string 'cmdline' the cmdline to check
+ * \return TRUE if command exists and is executable, otherwise FALSE.
+ * */
function check_command($cmdline)
{
$cmd= preg_replace("/ .*$/", "", $cmdline);
}
+/*! \brief Print plugin HTML header
+ *
+ * \param string 'image' the path of the image to be used next to the headline
+ * \param string 'image' the headline
+ * \param string 'info' additional information to print
+ */
function print_header($image, $headline, $info= "")
{
$display= "<div class=\"plugtop\">\n";
}
+/*! \brief Print page number selector for paged lists
+ *
+ * \param int 'dcnt' Number of entries
+ * \param int 'start' Page to start
+ * \param int 'range' Number of entries per page
+ * \param string 'post_var' POST variable to check for range
+ */
function range_selector($dcnt,$start,$range=25,$post_var=false)
{
}
+/*! \brief Generate HTML for the 'Apply filter' button */
function apply_filter()
{
$apply= "";
}
+/*! \brief Generate HTML for the 'Back' button */
function back_to_main()
{
$string= '<br><p class="plugbottom"><input type=submit name="password_back" value="'.
}
+/*! \brief Put netmask in n.n.n.n format
+ * \param string 'netmask' The netmask
+ * \return string Converted netmask
+ */
function normalize_netmask($netmask)
{
/* Check for notation of netmask */
}
+/*! \brief Return the number of set bits in the netmask
+ *
+ * For a given subnetmask (for example 255.255.255.0) this returns
+ * the number of set bits.
+ *
+ * Example:
+ * \code
+ * $bits = netmask_to_bits('255.255.255.0') # Returns 24
+ * $bits = netmask_to_bits('255.255.254.0') # Returns 23
+ * \endcode
+ *
+ * Be aware of the fact that the function does not check
+ * if the given subnet mask is actually valid. For example:
+ * Bad examples:
+ * \code
+ * $bits = netmask_to_bits('255.0.0.255') # Returns 16
+ * $bits = netmask_to_bits('255.255.0.255') # Returns 24
+ * \endcode
+ */
function netmask_to_bits($netmask)
{
- list($nm0, $nm1, $nm2, $nm3)= split('\.', $netmask);
+ list($nm0, $nm1, $nm2, $nm3)= explode('.', $netmask);
$res= 0;
for ($n= 0; $n<4; $n++){
}
+/*! \brief Recursion helper for gen_id() */
function recurse($rule, $variables)
{
$result= array();
}
+/*! \brief Expands user ID based on possible rules
+ *
+ * Unroll given rule string by filling in attributes.
+ *
+ * \param string 'rule' The rule string from gosa.conf.
+ * \param array 'attributes' A dictionary of attribute/value mappings
+ * \return string Expanded string, still containing the id keyword.
+ */
function expand_id($rule, $attributes)
{
/* Check for id rule */
- if(preg_match('/^id(:|#)\d+$/',$rule)){
- return (array("\{$rule}"));
+ if(preg_match('/^id(:|#|!)\d+$/',$rule)){
+ return (array("{$rule}"));
}
/* Check for clean attribute */
}
+/*! \brief Generate a list of uid proposals based on a rule
+ *
+ * Unroll given rule string by filling in attributes and replacing
+ * all keywords.
+ *
+ * \param string 'rule' The rule string from gosa.conf.
+ * \param array 'attributes' A dictionary of attribute/value mappings
+ * \return array List of valid not used uids
+ */
function gen_uids($rule, $attributes)
{
global $config;
+ // Strip out non ascii chars
+ foreach($attributes as $name => $value){
+ $value = iconv('UTF-8', 'US-ASCII//TRANSLIT', $value);
+ $value = preg_replace('/[^(\x20-\x7F)]*/','',$value);
+ $attributes[$name] = $value;
+ }
+
/* Search for keys and fill the variables array with all
possible values for that key. */
$part= "";
/* Recurse through all possible combinations */
$proposed= recurse($stripped, $variables);
-# /* Get list of used ID's */
-# $used= array();
- $ldap= $config->get_ldap_link();
- $ldap->cd($config->current['BASE']);
-# $ldap->search('(uid=*)');
-#
-# while($attrs= $ldap->fetch()){
-# $used[]= $attrs['uid'][0];
-# }
+ /* Get list of used ID's */
+ $ldap= $config->get_ldap_link();
+ $ldap->cd($config->current['BASE']);
/* Remove used uids and watch out for id tags */
$ret= array();
foreach($proposed as $uid){
/* Check for id tag and modify uid if needed */
- if(preg_match('/\{id:\d+}/',$uid)){
- $size= preg_replace('/^.*{id:(\d+)}.*$/', '\\1', $uid);
+ if(preg_match('/\{id(:|!)\d+}/',$uid, $m)){
+ $size= preg_replace('/^.*{id(:|!)(\d+)}.*$/', '\\2', $uid);
- for ($i= 0, $p= pow(10,$size); $i < $p; $i++){
- $number= sprintf("%0".$size."d", $i);
- $res= preg_replace('/{id:(\d+)}/', $number, $uid);
+ $start= $m[1]==":"?0:-1;
+ for ($i= $start, $p= pow(10,$size)-1; $i < $p; $i++){
+ if ($i == -1) {
+ $number= "";
+ } else {
+ $number= sprintf("%0".$size."d", $i+1);
+ }
+ $res= preg_replace('/{id(:|!)\d+}/', $number, $uid);
- $ldap->search("uid={$res}",array('dn'));
- if(!count($ldap)){
+ $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn'));
+ if($ldap->count() == 0){
$uid= $res;
break;
}
}
+
+ /* Remove link if nothing has been found */
+ $uid= preg_replace('/{id(:|!)\d+}/', '', $uid);
}
if(preg_match('/\{id#\d+}/',$uid)){
mt_srand((double) microtime()*1000000);
$number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1));
$res= preg_replace('/{id#(\d+)}/', $number, $uid);
- $ldap->search("uid={$res}",array('dn'));
- if(!count($ldap)){
+ $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn'));
+ if($ldap->count() == 0){
$uid= $res;
break;
}
}
+
+ /* Remove link if nothing has been found */
+ $uid= preg_replace('/{id#\d+}/', '', $uid);
}
/* Don't assign used ones */
- $ldap->search("uid={$uid}",array('dn'));
- if(!count($ldap)){
+ $ldap->search("(uid=".preg_replace('/[{}]/', '', $uid).")",array('dn'));
+ if($ldap->count() == 0){
/* Add uid, but remove {} first. These are invalid anyway. */
$ret[]= preg_replace('/[{}]/', '', $uid);
}
}
-/* Sadly values like memory_limit are perpended by K, M, G, etc.
- Need to convert... */
+/*! \brief Convert various data sizes to bytes
+ *
+ * Given a certain value in the format n(g|m|k), where n
+ * is a value and (g|m|k) stands for Gigabyte, Megabyte and Kilobyte
+ * this function returns the byte value.
+ *
+ * \param string 'value' a value in the above specified format
+ * \return a byte value or the original value if specified string is simply
+ * a numeric value
+ *
+ */
function to_byte($value) {
$value= strtolower(trim($value));
}
+/*! \brief Check if a value exists in an array (case-insensitive)
+ *
+ * This is just as http://php.net/in_array except that the comparison
+ * is case-insensitive.
+ *
+ * \param string 'value' needle
+ * \param array 'items' haystack
+ */
function in_array_ics($value, $items)
{
return preg_grep('/^'.preg_quote($value, '/').'$/i', $items);
}
+/*! \brief Generate a clickable alphabet */
function generate_alphabet($count= 10)
{
$characters= _("*ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
}
+/*! \brief Removes malicious characters from a (POST) string. */
function validate($string)
{
return (strip_tags(str_replace('\0', '', $string)));
}
+/*! \brief Evaluate the current GOsa version from the build in revision string */
function get_gosa_version()
{
- global $svn_revision, $svn_path;
+ global $svn_revision, $svn_path;
- /* Extract informations */
- $revision= preg_replace('/^[^0-9]*([0-9]+)[^0-9]*$/', '\1', $svn_revision);
+ /* Extract informations */
+ $revision= preg_replace('/^[^0-9]*([0-9]+)[^0-9]*$/', '\1', $svn_revision);
+
+ // Extract the relevant part out of the svn url
+ $release= preg_replace('%^.*/gosa/(.*)/include/functions.inc.*$%', '\1', $svn_path);
+
+ // Remove stuff which is not interesting
+ if(preg_match("/gosa-core/i", $release)) $release = preg_replace("/[\/]gosa-core/i","",$release);
+
+ // A Tagged Version
+ if(preg_match("#/tags/#i", $svn_path)){
+ $release = preg_replace("/tags[\/]*/i","",$release);
+ $release = preg_replace("/\//","",$release) ;
+ return (sprintf(_("GOsa %s"),$release));
+ }
+
+ // A Branched Version
+ if(preg_match("#/branches/#i", $svn_path)){
+ $release = preg_replace("/branches[\/]*/i","",$release);
+ $release = preg_replace("/\//","",$release) ;
+ return (sprintf(_("GOsa %s snapshot (Rev %s)"),$release , $revision));
+ }
+
+ // The trunk version
+ if(preg_match("#/trunk/#i", $svn_path)){
+ return (sprintf(_("GOsa development snapshot (Rev %s)"), $revision));
+ }
- /* Release or development? */
- if (preg_match('%/gosa/trunk/%', $svn_path)){
- return (sprintf(_("GOsa development snapshot (Rev %s)"), $revision));
- } else {
- $release= preg_replace('%^.*/([^/]+)/include/functions.inc.*$%', '\1', $svn_path);
return (sprintf(_("GOsa $release"), $revision));
- }
}
+/*! \brief Recursively delete a path in the file system
+ *
+ * Will delete the given path and all its files recursively.
+ * Can also follow links if told so.
+ *
+ * \param string 'path'
+ * \param boolean 'followLinks' TRUE to follow links, FALSE (default)
+ * for not following links
+ */
function rmdirRecursive($path, $followLinks=false) {
$dir= opendir($path);
while($entry= readdir($dir)) {
}
+/*! \brief Get directory content information
+ *
+ * Returns the content of a directory as an array in an
+ * ascended sorted manner.
+ *
+ * \param string 'path'
+ * \param boolean weither to sort the content descending.
+ */
function scan_directory($path,$sort_desc=false)
{
$ret = false;
}
+/*! \brief Clean the smarty compile dir */
function clean_smarty_compile_dir($directory)
{
global $svn_revision;
msg_dialog::display(_("Internal error"), sprintf(_("File '%s' could not be deleted."), $directory."/".$file), ERROR_DIALOG);
// This should never be reached
}
- } elseif(is_dir($directory."/".$file) &&
- is_writable($directory."/".$file)) {
- // Just recursively delete it
- rmdirRecursive($directory."/".$file);
}
}
// We should now create a fresh revision file
}
+/*! \brief Return HTML for a progressbar
+ *
+ * \code
+ * $smarty->assign("installprogress", progressbar($current_progress_in_percent),100,15,true);
+ * \endcode
+ *
+ * \param int 'percentage' Value to display
+ * \param int 'width' width of the resulting output
+ * \param int 'height' height of the resulting output
+ * \param boolean 'showvalue' weither to show the percentage in the progressbar or not
+ * */
function progressbar($percentage,$width=100,$height=15,$showvalue=false)
{
return("<img src='progress.php?x=$width&y=$height&p=$percentage'>");
}
+/*! \brief Lookup a key in an array case-insensitive
+ *
+ * Given an associative array this can lookup the value of
+ * a certain key, regardless of the case.
+ *
+ * \code
+ * $items = array ('FOO' => 'blub', 'bar' => 'blub');
+ * array_key_ics('foo', $items); # Returns 'blub'
+ * array_key_ics('BAR', $items); # Returns 'blub'
+ * \endcode
+ *
+ * \param string 'key' needle
+ * \param array 'items' haystack
+ */
function array_key_ics($ikey, $items)
{
$tmp= array_change_key_case($items, CASE_LOWER);
}
+/*! \brief Determine if two arrays are different
+ *
+ * \param array 'src'
+ * \param array 'dst'
+ * \return boolean TRUE or FALSE
+ * */
function array_differs($src, $dst)
{
/* If the count is differing, the arrays differ */
}
-/* Escape all LDAP filter relevant characters */
+/*! \brief Escape all LDAP filter relevant characters */
function normalizeLdap($input)
{
return (addcslashes($input, '()|'));
}
-/* Resturns the difference between to microtime() results in float */
-function get_MicroTimeDiff($start , $stop)
-{
- $a = split("\ ",$start);
- $b = split("\ ",$stop);
-
- $secs = $b[1] - $a[1];
- $msecs= $b[0] - $a[0];
-
- $ret = (float) ($secs+ $msecs);
- return($ret);
-}
-
-
+/*! \brief Return the gosa base directory */
function get_base_dir()
{
global $BASE_DIR;
}
+/*! \brief Test weither we are allowed to read the object */
function obj_is_readable($dn, $object, $attribute)
{
global $ui;
}
+/*! \brief Test weither we are allowed to change the object */
function obj_is_writable($dn, $object, $attribute)
{
global $ui;
}
+/*! \brief Explode a DN into its parts
+ *
+ * Similar to explode (http://php.net/explode), but a bit more specific
+ * for the needs when splitting, exploding LDAP DNs.
+ *
+ * \param string 'dn' the DN to split
+ * \param config-object a config object. only neeeded if DN shall be verified in the LDAP
+ * \param boolean verify_in_ldap check weither DN is valid
+ *
+ */
function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false)
{
/* Initialize variables */
$command= $config->get_cfg_value("baseIdHook");
if ($command != ""){
- $command.= " '".LDAP::fix($dn)."' $attrib";
+ $command.= " ".escapeshellarg(LDAP::fix($dn))." ".escapeshellarg($attrib);
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
exec($command, $output);
}
+/*! \brief Check if schema version matches the requirements */
function check_schema_version($class, $version)
{
return preg_match("/\(v$version\)/", $class['DESC']);
}
+/*! \brief Check if LDAP schema matches the requirements */
function check_schema($cfg,$rfc2307bis = FALSE)
{
$messages= array();
/* The gosa base schema */
$checks['gosaObject'] = $def_check;
$checks['gosaObject']['REQUIRED_VERSION'] = "2.6.1";
- $checks['gosaObject']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema");
+ $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema");
$checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject");
$checks['gosaObject']['IS_MUST_HAVE'] = TRUE;
/* GOsa Account class */
$checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6";
- $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema");
+ $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema");
$checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount");
$checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE;
$checks["gosaAccount"]["INFO"] = _("Used to store account specific informations.");
/* GOsa lock entry, used to mark currently edited objects as 'in use' */
$checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.6.1";
- $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema");
+ $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema");
$checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry");
$checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE;
$checks["gosaLockEntry"]["INFO"] = _("Used to lock currently edited entries to avoid multiple changes at the same time.");
/* Some other checks */
foreach(array(
- "gosaCacheEntry" => array("version" => "2.6.1"),
- "gosaDepartment" => array("version" => "2.6.1"),
+ "gosaCacheEntry" => array("version" => "2.6.1", "class" => "gosaAccount"),
+ "gosaDepartment" => array("version" => "2.6.1", "class" => "gosaAccount"),
"goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"gosaUserTemplate" => array("version" => "2.6.1", "class" => "posixAccount","file" => "nis.schema"),
- "gosaMailAccount" => array("version" => "2.6.1", "class" => "mailAccount","file" => "gosa+samba3.schema"),
- "gosaProxyAccount" => array("version" => "2.6.1", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
+ "gosaMailAccount" => array("version" => "2.6.1", "class" => "mailAccount","file" => "gosa-samba3.schema"),
+ "gosaProxyAccount" => array("version" => "2.6.1", "class" => "proxyAccount","file" => "gosa-samba3.schema"),
"gosaApplication" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"),
"gosaApplicationGroup" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"),
"GOhard" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"gotoTerminal" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
- "goServer" => array("version" => "2.6.1","class" => "server","file" => "goserver.schema"),
+ "goServer" => array("version" => "2.6.1", "class" => "server","file" => "goserver.schema"),
"goTerminalServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"goShareServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"goNtpServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"goSyslogServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
- "goLdapServer" => array("version" => "2.6.1"),
+ "goLdapServer" => array("version" => "2.6.1", "class" => "goServer"),
"goCupsServer" => array("version" => "2.6.1", "class" => array("posixAccount", "terminals"),),
- "goImapServer" => array("version" => "2.6.1", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3. schema"),
- "goKrbServer" => array("version" => "2.6.1"),
+ "goImapServer" => array("version" => "2.6.1", "class" => array("mailAccount", "mailgroup"),"file" => "gosa-samba3.schema"),
+ "goKrbServer" => array("version" => "2.6.1", "class" => "goServer"),
"goFaxServer" => array("version" => "2.6.1", "class" => "gofaxAccount","file" => "gofax.schema"),
) as $name => $values){
if(isset($values['file'])){
$checks[$name]["SCHEMA_FILES"] = array($values['file']);
}
- $checks[$name]["CLASSES_REQUIRED"] = array($name);
+ if (isset($values['class'])) {
+ $checks[$name]["CLASSES_REQUIRED"] = is_array($values['class'])?$values['class']:array($values['class']);
+ }
}
foreach($checks as $name => $value){
foreach($value['CLASSES_REQUIRED'] as $class){
if(!isset($objectclasses[$name])){
- $checks[$name]['STATUS'] = FALSE;
if($value['IS_MUST_HAVE']){
+ $checks[$name]['STATUS'] = FALSE;
$checks[$name]['MSG'] = sprintf(_("Missing required object class '%s'!"),$class);
- }else{
+ } else {
+ $checks[$name]['STATUS'] = TRUE;
$checks[$name]['MSG'] = sprintf(_("Missing optional object class '%s'!"),$class);
}
}elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){
$checks[$name]['STATUS'] = FALSE;
- if($value['IS_MUST_HAVE']){
- $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']);
- }else{
- $checks[$name]['MSG'] = sprintf(_("Version mismatch for optional object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']);
- }
+ $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']);
}else{
$checks[$name]['STATUS'] = TRUE;
$checks[$name]['MSG'] = sprintf(_("Class(es) available"));
/* The gosa base schema */
$checks['posixGroup'] = $def_check;
$checks['posixGroup']['REQUIRED_VERSION'] = "2.6.1";
- $checks['posixGroup']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema");
+ $checks['posixGroup']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema");
$checks['posixGroup']['CLASSES_REQUIRED'] = array("posixGroup");
$checks['posixGroup']['STATUS'] = TRUE;
$checks['posixGroup']['IS_MUST_HAVE'] = TRUE;
@@ -2409,22 +2910,30 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA
}
-/* Returns contents of the given POST variable and check magic quotes settings */
+/*! \brief Returns contents of the given POST variable and check magic quotes settings
+ *
+ * Depending on the magic quotes settings this returns a stripclashed'ed version of
+ * a certain POST variable.
+ *
+ * \param string 'name' the POST var to return ($_POST[$name])
+ * \return string
+ * */
function get_post($name)
{
if(!isset($_POST[$name])){
trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
return(FALSE);
}
+
if(get_magic_quotes_gpc()){
- return(stripcslashes($_POST[$name]));
+ return(stripcslashes(validate($_POST[$name])));
}else{
- return($_POST[$name]);
+ return(validate($_POST[$name]));
}
}
-/* Return class name in correct case */
+/*! \brief Return class name in correct case */
function get_correct_class_name($cls)
{
global $class_mapping;
}
-// change_password, changes the Password, of the given dn
+/*! \brief Change the password of a given DN
+ *
+ * Change the password of a given DN with the specified hash.
+ *
+ * \param string 'dn' the DN whose password shall be changed
+ * \param string 'password' the password
+ * \param int mode
+ * \param string 'hash' which hash to use to encrypt it, default is empty
+ * for cleartext storage.
+ * \return boolean TRUE on success FALSE on error
+ */
function change_password ($dn, $password, $mode=0, $hash= "")
{
global $config;
// Get all available encryption Methods
// NON STATIC CALL :)
- $methods = new passwordMethod(session::get('config'));
+ $methods = new passwordMethod(session::get('config'),$dn);
$available = $methods->get_available_methods();
// read current password entry for $dn, to detect the encryption Method
} else {
// User MD5 by default
$hash= "md5";
- $test = new $available['md5']($config);
+ $test = new $available['md5']($config, $dn);
}
if($test instanceOf passwordMethod){
// Not for groups
if ($mode == 0){
- if ($shadow != 0){
- $attrs['shadowLastChange']= $shadow;
- }
+ // Create SMB Password
+ if ($config->get_cfg_value('sambaHashHook', NULL)) {
+ $attrs= generate_smb_nt_hash($password);
- // Create SMB Password
- $attrs= generate_smb_nt_hash($password);
+ if ($shadow != 0){
+ $attrs['shadowLastChange']= $shadow;
+ }
+ }
}
$attrs['userPassword']= array();
if ($command != ""){
/* Walk through attribute list */
- $command= preg_replace("/%userPassword/", $password, $command);
- $command= preg_replace("/%dn/", $dn, $command);
+ $command= preg_replace("/%userPassword/", escapeshellarg($password), $command);
+ $command= preg_replace("/%dn/", escapeshellarg($dn), $command);
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
}
-// Return something like array['sambaLMPassword']= "lalla..."
+/*! \brief Generate samba hashes
+ *
+ * Given a certain password this constructs an array like
+ * array['sambaLMPassword'] etc.
+ *
+ * \param string 'password'
+ * \return array contains several keys for lmPassword, ntPassword, pwdLastSet, etc. depending
+ * on the samba version
+ */
function generate_smb_nt_hash($password)
{
global $config;
}
}
- list($lm,$nt)= split (":", trim($hash));
+ list($lm,$nt)= explode(":", trim($hash));
- if ($config->get_cfg_value("sambaversion") == 3) {
- $attrs['sambaLMPassword']= $lm;
- $attrs['sambaNTPassword']= $nt;
- $attrs['sambaPwdLastSet']= date('U');
- $attrs['sambaBadPasswordCount']= "0";
- $attrs['sambaBadPasswordTime']= "0";
- } else {
- $attrs['lmPassword']= $lm;
- $attrs['ntPassword']= $nt;
- $attrs['pwdLastSet']= date('U');
- }
+ $attrs['sambaLMPassword']= $lm;
+ $attrs['sambaNTPassword']= $nt;
+ $attrs['sambaPwdLastSet']= date('U');
+ $attrs['sambaBadPasswordCount']= "0";
+ $attrs['sambaBadPasswordTime']= "0";
return($attrs);
}
+/*! \brief Get the Change Sequence Number of a certain DN
+ *
+ * To verify if a given object has been changed outside of Gosa
+ * in the meanwhile, this function can be used to get the entryCSN
+ * from the LDAP directory. It uses the attribute as configured
+ * in modificationDetectionAttribute
+ *
+ * \param string 'dn'
+ * \return either the result or "" in any other case
+ */
function getEntryCSN($dn)
{
global $config;
}
-/* Add a given objectClass to an attrs entry */
+/*! \brief Add (a) given objectClass(es) to an attrs entry
+ *
+ * The function adds the specified objectClass(es) to the given
+ * attrs entry.
+ *
+ * \param mixed 'classes' Either a single objectClass or several objectClasses
+ * as an array
+ * \param array 'attrs' The attrs array to be modified.
+ *
+ * */
function add_objectClass($classes, &$attrs)
{
if (is_array($classes)){
}
-/* Removes a given objectClass from the attrs entry */
+/*! \brief Removes a given objectClass from the attrs entry
+ *
+ * Similar to add_objectClass, except that it removes the given
+ * objectClasses. See it for the params.
+ * */
function remove_objectClass($classes, &$attrs)
{
if (isset($attrs['objectClass'])){
}
}
+
/*! \brief Initialize a file download with given content, name and data type.
- * @param data String The content to send.
- * @param name String The name of the file.
- * @param type String The content identifier, default value is "application/octet-stream";
+ * \param string data The content to send.
+ * \param string name The name of the file.
+ * \param string type The content identifier, default value is "application/octet-stream";
*/
function send_binary_content($data,$name,$type = "application/octet-stream")
{
/*! \brief Encode special string characters so we can use the string in \
HTML output, without breaking quotes.
- @param The String we want to encode.
- @return The encoded String
+ \param string The String we want to encode.
+ \return string The encoded String
*/
function xmlentities($str)
{
/*! \brief Updates all accessTo attributes from a given value to a new one.
For example if a host is renamed.
- @param String $from The source accessTo name.
- @param String $to The destination accessTo name.
+ \param String $from The source accessTo name.
+ \param String $to The destination accessTo name.
*/
function update_accessTo($from,$to)
{
}
+/*! \brief Returns a random char */
function get_random_char () {
$randno = rand (0, 63);
if ($randno < 12) {
}
+function get_next_id($attrib, $dn)
+{
+ global $config;
+
+ switch ($config->get_cfg_value("idAllocationMethod", "traditional")){
+ case "pool":
+ return get_next_id_pool($attrib);
+ case "traditional":
+ return get_next_id_traditional($attrib, $dn);
+ }
+
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG);
+ return null;
+}
+
+
+function get_next_id_pool($attrib) {
+ global $config;
+
+ /* Fill informational values */
+ $min= $config->get_cfg_value("${attrib}PoolMin", 10000);
+ $max= $config->get_cfg_value("${attrib}PoolMax", 40000);
+
+ /* Sanity check */
+ if ($min >= $max) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), $attrib), ERROR_DIALOG);
+ return null;
+ }
+
+ /* ID to skip */
+ $ldap= $config->get_ldap_link();
+ $id= null;
+
+ /* Try to allocate the ID several times before failing */
+ $tries= 3;
+ while ($tries--) {
+
+ /* Look for ID map entry */
+ $ldap->cd ($config->current['BASE']);
+ $ldap->search ("(&(objectClass=sambaUnixIdPool)($attrib=*))", array("$attrib"));
+
+ /* If it does not exist, create one with these defaults */
+ if ($ldap->count() == 0) {
+ /* Fill informational values */
+ $minUserId= $config->get_cfg_value("uidPoolMin", 10000);
+ $minGroupId= $config->get_cfg_value("gidPoolMin", 10000);
+
+ /* Add as default */
+ $attrs= array("objectClass" => array("organizationalUnit", "sambaUnixIdPool"));
+ $attrs["ou"]= "idmap";
+ $attrs["uidNumber"]= $minUserId;
+ $attrs["gidNumber"]= $minGroupId;
+ $ldap->cd("ou=idmap,".$config->current['BASE']);
+ $ldap->add($attrs);
+ if ($ldap->error != "Success") {
+ msg_dialog::display(_("Error"), _("Cannot create sambaUnixIdPool entry!"), ERROR_DIALOG);
+ return null;
+ }
+ $tries++;
+ continue;
+ }
+ /* Bail out if it's not unique */
+ if ($ldap->count() != 1) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG);
+ return null;
+ }
+
+ /* Store old attrib and generate new */
+ $attrs= $ldap->fetch();
+ $dn= $ldap->getDN();
+ $oldAttr= $attrs[$attrib][0];
+ $newAttr= $oldAttr + 1;
+
+ /* Sanity check */
+ if ($newAttr >= $max) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG);
+ return null;
+ }
+ if ($newAttr < $min) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG);
+ return null;
+ }
+
+ #FIXME: PHP is not able to do a modification of "del: .../add: ...", so this
+ # is completely unsafe in the moment.
+ #/* Remove old attr, add new attr */
+ #$attrs= array($attrib => $oldAttr);
+ #$ldap->rm($attrs, $dn);
+ #if ($ldap->error != "Success") {
+ # continue;
+ #}
+ $ldap->cd($dn);
+ $ldap->modify(array($attrib => $newAttr));
+ if ($ldap->error != "Success") {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".$ldap->get_error(), ERROR_DIALOG);
+ return null;
+ } else {
+ return $oldAttr;
+ }
+ }
+
+ /* Bail out if we had problems getting the next id */
+ if (!$tries) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("maximum tries exceeded!"), ERROR_DIALOG);
+ }
+
+ return $id;
+}
+
+
+function get_next_id_traditional($attrib, $dn)
+{
+ global $config;
+
+ $ids= array();
+ $ldap= $config->get_ldap_link();
+
+ $ldap->cd ($config->current['BASE']);
+ if (preg_match('/gidNumber/i', $attrib)){
+ $oc= "posixGroup";
+ } else {
+ $oc= "posixAccount";
+ }
+ $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
+
+ /* Get list of ids */
+ while ($attrs= $ldap->fetch()){
+ $ids[]= (int)$attrs["$attrib"][0];
+ }
+
+ /* Add the nobody id */
+ $ids[]= 65534;
+
+ /* get the ranges */
+ $tmp = array('0'=> 1000);
+ if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("uidNumberBase") != ""){
+ $tmp= explode('-',$config->get_cfg_value("uidNumberBase"));
+ } elseif($config->get_cfg_value("gidNumberBase") != ""){
+ $tmp= explode('-',$config->get_cfg_value("gidNumberBase"));
+ }
+
+ /* Set hwm to max if not set - for backward compatibility */
+ $lwm= $tmp[0];
+ if (isset($tmp[1])){
+ $hwm= $tmp[1];
+ } else {
+ $hwm= pow(2,32);
+ }
+ /* Find out next free id near to UID_BASE */
+ if ($config->get_cfg_value("baseIdHook") == ""){
+ $base= $lwm;
+ } else {
+ /* Call base hook */
+ $base= get_base_from_hook($dn, $attrib);
+ }
+ for ($id= $base; $id++; $id < pow(2,32)){
+ if (!in_array($id, $ids)){
+ return ($id);
+ }
+ }
+
+ /* Should not happen */
+ if ($id == $hwm){
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
+ exit;
+ }
+}
+
+
+/* Mark the occurance of a string with a span */
+function mark($needle, $haystack, $ignorecase= true)
+{
+ $result= "";
+
+ while (preg_match('/^(.*)('.preg_quote($needle).')(.*)$/i', $haystack, $matches)) {
+ $result.= $matches[1]."<span class='mark'>".$matches[2]."</span>";
+ $haystack= $matches[3];
+ }
+
+ return $result.$haystack;
+}
+
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>