index ba49c80e52d5a795052441275660a61b390f5a7b..8723e01ad2e10aac817d402d229822bdddaa8f73 100644 (file)
/*! \file
* Common functions and named definitions. */
+/* Define globals for revision comparing */
+$svn_path = '$HeadURL$';
+$svn_revision = '$Revision$';
+
/* Configuration file location */
if(!isset($_SERVER['CONFIG_DIR'])){
define ("CONFIG_DIR", "/etc/gosa");
define('DES3_CBC_MD5',5);
define('DES3_CBC_SHA1',16);
-/* Define globals for revision comparing */
-$svn_path = '$HeadURL$';
-$svn_revision = '$Revision$';
-
/* Include required files */
require_once("class_location.inc");
require_once ("functions_debug.inc");
* POSIX_FORCE_PASSWORD_CHANGE - The password has to be changed.
* POSIX_DISALLOW_PASSWORD_CHANGE - The password cannot be changed right now.
*
+ *
+ *
+ * shadowLastChange
+ * |
+ * |---- shadowMin ---> | <-- shadowMax --
+ * | | |
+ * |------- shadowWarning -> |
+ * |-- shadowInactive --> DEACTIVATED
+ * |
+ * EXPIRED
+ *
*/
-function ldap_expired_account($config, $userdn, $username)
+function ldap_expired_account($config, $userdn, $uid)
{
+
+ // Skip this for the admin account, we do not want to lock him out.
+ if($uid == 'admin') return(0);
+
$ldap= $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
$ldap->cat($userdn);
// the account expiration by the amount of days specified in (shadowInactive).
if($shadowExpire != null && $shadowExpire >= $current){
- // The account seems to be inactive, but we've to check 'shadowInactive' additionally.
+ // The account seems to be expired, but we've to check 'shadowInactive' additionally.
// ShadowInactive specifies an amount of days we've to reprieve the user.
// It some kind of x days' grace.
- if($shadowExpire == null || $shadowExpire + $shadowExpire >= $current){
+ if($shadowInactive == null || $current > $shadowExpire + $shadowInactive){
// Finally we've detect that the account is deactivated.
return(POSIX_ACCOUNT_EXPIRED);
}
}
+ // -- I guess this is the correct detection, isn't it?
+ if($shadowLastChange != null && $shadowWarning != null && $shadowMax != null){
+ $daysRemaining = ($shadowLastChange + $shadowMax) - $current ;
+ if($daysRemaining > 0 && $daysRemaining <= $shadowWarning){
+ return(POSIX_WARN_ABOUT_EXPIRATION);
+ }
+ }
+
+
// Check if we've to force the user to change his password.
// --------------------------------------------------------
}
}
- return(NULL);
+ return(0);
}
{
global $config;
+ // Strip out non ascii chars
+ foreach($attributes as $name => $value){
+ $value = iconv('UTF-8', 'US-ASCII//TRANSLIT', $value);
+ $value = preg_replace('/[^(\x20-\x7F)]*/','',$value);
+ $attributes[$name] = $value;
+ }
+
/* Search for keys and fill the variables array with all
possible values for that key. */
$part= "";
msg_dialog::display(_("Internal error"), sprintf(_("File '%s' could not be deleted."), $directory."/".$file), ERROR_DIALOG);
// This should never be reached
}
- } elseif(is_dir($directory."/".$file) &&
- is_writable($directory."/".$file)) {
- // Just recursively delete it
- rmdirRecursive($directory."/".$file);
}
}
// We should now create a fresh revision file
$command= $config->get_cfg_value("baseIdHook");
if ($command != ""){
- $command.= " '".LDAP::fix($dn)."' $attrib";
+ $command.= " ".escapeshellarg(LDAP::fix($dn))." ".escapeshellarg($attrib);
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
exec($command, $output);
// Not for groups
if ($mode == 0){
- // Create SMB Password
- $attrs= generate_smb_nt_hash($password);
- if ($shadow != 0){
- $attrs['shadowLastChange']= $shadow;
- }
+ // Create SMB Password
+ if ($config->get_cfg_value('sambaHashHook', NULL)) {
+ $attrs= generate_smb_nt_hash($password);
+
+ if ($shadow != 0){
+ $attrs['shadowLastChange']= $shadow;
+ }
+ }
}
$attrs['userPassword']= array();
if ($command != ""){
/* Walk through attribute list */
- $command= preg_replace("/%userPassword/", $password, $command);
- $command= preg_replace("/%dn/", $dn, $command);
+ $command= preg_replace("/%userPassword/", escapeshellarg($password), $command);
+ $command= preg_replace("/%dn/", escapeshellarg($dn), $command);
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
/* Call base hook */
$base= get_base_from_hook($dn, $attrib);
}
- for ($id= $base; $id++; $id < pow(2,32)){
+ for ($id= $base; $id++; $id < $hwm){
if (!in_array($id, $ids)){
return ($id);
}