![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/include/functions.inc b/include/functions.inc
index 2ac55c8a466e31a0a311bedbbc8d8ab37afea035..65c9fa53a16f485c081ec2d128c2b1441f04b0f4 100644 (file)
--- a/include/functions.inc
+++ b/include/functions.inc
/* Include required files */
require_once ("class_ldap.inc");
require_once ("class_config.inc");
-require_once ("class_userinfo.inc");
require_once ("class_plugin.inc");
+require_once ("class_acl.inc");
require_once ("class_pluglist.inc");
+require_once ("class_userinfo.inc");
require_once ("class_tabs.inc");
require_once ("class_mail-methods.inc");
-require_once("class_password-methods.inc");
+require_once ("class_password-methods.inc");
require_once ("functions_debug.inc");
require_once ("functions_dns.inc");
require_once ("class_MultiSelectWindow.inc");
{
global $config;
- $ldap = new LDAP ($binddn, $pass, $server, isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true",
+ $ldap = new LDAP ($binddn, $pass, $server,
+ isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true",
isset($config->current['TLS']) && $config->current['TLS'] == "true");
/* Sadly we've no proper return values here. Use the error message instead. */
function ldap_expired_account($config, $userdn, $username)
{
- //$this->config= $config;
$ldap= $config->get_ldap_link();
$ldap->cat($userdn);
$attrs= $ldap->fetch();
}
-function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
+function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
{
global $config, $ui;
@@ -596,12 +597,6 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags=
$ldap->cd ($base);
}
- /* Strict filter for administrative units? */
- if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) &&
- preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){
- $filter= "(&(gosaUnitTag=".$ui->gosaUnitTag.")$filter)";
- }
-
/* Perform ONE or SUB scope searches? */
if ($flags & GL_SUBSEARCH) {
$ldap->search ($filter, $attributes);
@@ -617,12 +612,26 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags=
/* Crawl through reslut entries and perform the migration to the
result array */
$result= array();
+
while($attrs = $ldap->fetch()) {
$dn= $ldap->getDN();
- foreach ($subtreeACL as $key => $value){
- if (preg_match("/$key/", $dn)){
+ /* Sort in every value that fits the permissions */
+ if (is_array($category)){
+ foreach ($category as $o){
+ if ($ui->get_category_permissions($dn, $o) != ""){
+ if ($flags & GL_CONVERT){
+ $attrs["dn"]= convert_department_dn($dn);
+ } else {
+ $attrs["dn"]= $dn;
+ }
+ /* We found what we were looking for, break speeds things up */
+ $result[]= $attrs;
+ }
+ }
+ } else {
+ if ($ui->get_category_permissions($dn, $category) != ""){
if ($flags & GL_CONVERT){
$attrs["dn"]= convert_department_dn($dn);
} else {
@@ -631,7 +640,6 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags=
/* We found what we were looking for, break speeds things up */
$result[]= $attrs;
- break;
}
}
}
}
}
-function get_permissions ($dn, $subtreeACL)
-{
- global $config;
-
- $base= $config->current['BASE'];
- $tmp= "d,".$dn;
- $sacl= array();
-
- /* Sort subacl's for lenght to simplify matching
- for subtrees */
- foreach ($subtreeACL as $key => $value){
- $sacl[$key]= strlen($key);
- }
- arsort ($sacl);
- reset ($sacl);
-
- /* Successively remove leading parts of the dn's until
- it doesn't contain commas anymore */
- $tmp_dn= preg_replace('/\\\\,/', '<GOSA#REPLACED#KOMMA>', $tmp);
- while (preg_match('/,/', $tmp_dn)){
- $tmp_dn= ltrim(strstr($tmp_dn, ","), ",");
- $tmp= preg_replace('/\<GOSA#REPLACED#KOMMA\>/', '\\,', $tmp);
-
- /* Check for acl that may apply */
- foreach ($sacl as $key => $value){
- if (preg_match("/$key$/", $tmp)){
- return ($subtreeACL[$key]);
- }
- }
- }
+function get_permissions ()
+{
+ /* Look for attribute in ACL */
+ trigger_error("Don't use get_permissions() its obsolete. Use userinfo::get_permissions() instead.");
return array("");
}
-function get_module_permission($acl_array, $module, $dn)
+function get_module_permission()
{
- global $ui;
-
- $final= "";
- foreach($acl_array as $acl){
-
- /* Check for selfflag (!) in ACL to determine if
- the user is allowed to change parts of his/her
- own account */
- if (preg_match("/^!/", $acl)){
- if ($dn != "" && $dn != $ui->dn){
-
- /* No match for own DN, give up on this ACL */
- continue;
-
- } else {
-
- /* Matches own DN, remove the selfflag */
- $acl= preg_replace("/^!/", "", $acl);
-
- }
- }
-
- /* Remove leading garbage */
- $acl= preg_replace("/^:/", "", $acl);
-
- /* Discover if we've access to the submodule by comparing
- all allowed submodules specified in the ACL */
- $tmp= split(",", $acl);
- foreach ($tmp as $mod){
- if (preg_match("/^$module#/", $mod)){
- $final= strstr($mod, "#")."#";
- continue;
- }
- if (preg_match("/[^#]$module$/", $mod)){
- return ("#all#");
- }
- if (preg_match("/^all$/", $mod)){
- return ("#all#");
- }
- }
- }
-
- /* Return assembled ACL, or none */
- if ($final != ""){
- return (preg_replace('/##/', '#', $final));
- }
-
- /* Nothing matches - disable access for this object */
+ trigger_error("Don't use get_module_permission() its obsolete.");
return ("#none#");
}
}
-function chkacl($acl, $name)
+function chkacl()
{
/* Look for attribute in ACL */
- if (preg_match("/#$name#/", $acl) || $acl == "#all#"){
- return ("");
- }
-
- /* Optically disable html object for no match */
- return (" disabled ");
+ trigger_error("Don't use chkacl() its obsolete. Use userinfo::getacl() instead.");
+ return("-deprecated-");
}
/* STRICT adds spaces and case insenstivity to the uid check.
This is dangerous and should not be used. */
- if (isset($config->current['STRICT']) && preg_match('/^no$/i', $config->current['STRICT'])){
+ if (isset($config->current['STRICT']) && preg_match('/^(no|false)$/i', $config->current['STRICT'])){
return preg_match ("/^[a-z0-9 _.-]+$/i", $uid);
} else {
return preg_match ("/^[a-z0-9_-]+$/", $uid);
}
+function is_mac($mac)
+{
+ return preg_match("/^[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]$/i", $mac);
+}
+
+
+/* Checks if the given ip address dosen't match
+ "is_ip" because there is also a sub net mask given */
+function is_ip_with_subnetmask($ip)
+{
+ /* Generate list of valid submasks */
+ $res = array();
+ for($e = 0 ; $e <= 32; $e++){
+ $res[$e] = $e;
+ }
+ $i[0] =255;
+ $i[1] =255;
+ $i[2] =255;
+ $i[3] =255;
+ for($a= 3 ; $a >= 0 ; $a --){
+ $c = 1;
+ while($i[$a] > 0 ){
+ $str = $i[0].".".$i[1].".".$i[2].".".$i[3];
+ $res[$str] = $str;
+ $i[$a] -=$c;
+ $c = 2*$c;
+ }
+ }
+ $res["0.0.0.0"] = "0.0.0.0";
+ if(preg_match("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.".
+ "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.".
+ "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.".
+ "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/", $ip)){
+ $mask = preg_replace("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.".
+ "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.".
+ "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.".
+ "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/","",$ip);
+
+ $mask = preg_replace("/^\//","",$mask);
+ if((in_array("$mask",$res)) && preg_match("/^[0-9\.]/",$mask)){
+ return(TRUE);
+ }
+ }
+ return(FALSE);
+}
+
+/* Simple is domain check, it checks if the given string looks like "string(...).string" */
+function is_domain($str)
+{
+ return(preg_match("/^([a-z0-9i\-]*)\.[a-z0-9]*$/i",$str));
+}
+
+
+
function is_id($id)
{
if ($id == ""){
function get_printer_list($cups_server)
{
global $config;
-
- $res= array();
-
- /* Use CUPS, if we've access to it */
- if (function_exists('cups_get_dest_list')){
- $dest_list= cups_get_dest_list ($cups_server);
-
- foreach ($dest_list as $prt){
- $attr= cups_get_printer_attributes ($cups_server, $prt->name);
-
- foreach ($attr as $prt_info){
- if ($prt_info->name == "printer-info"){
- $info= $prt_info->value;
- break;
- }
- }
- $res[$prt->name]= "$info [$prt->name]";
- }
-
- /* CUPS is not available, try lpstat as a replacement */
- } else {
- $ar = false;
- exec("lpstat -p", $ar);
- foreach($ar as $val){
- @list($dummy, $printer, $rest)= split(' ', $val, 3);
- if (preg_match('/^[^@]+$/', $printer)){
- $res[$printer]= "$printer";
- }
- }
- }
-
- /* Merge in printers from LDAP */
- $ldap= $config->get_ldap_link();
- $ldap->cd ($config->current['BASE']);
- $ldap->search('(objectClass=gotoPrinter)', array('cn'));
- while ($attrs= $ldap->fetch()){
- $res[$attrs["cn"][0]]= $attrs["cn"][0];
+ $res = array();
+ $data = get_list('(objectClass=gotoPrinter)',"printer",$config->current['BASE'], array('cn'));
+ foreach($data as $attrs ){
+ $res[$attrs['cn'][0]] = $attrs['cn'][0];
}
-
return $res;
}
return $BASE_DIR;
}
+
+function obj_is_readable($dn, $object, $attribute)
+{
+ global $ui;
+
+ return preg_match('/r/', $ui->get_permissions($dn, $object, $attribute));
+}
+
+
+function obj_is_writable($dn, $object, $attribute)
+{
+ global $ui;
+
+ return preg_match('/w/', $ui->get_permissions($dn, $object, $attribute));
+}
+
+
+function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false)
+{
+ /* Initialize variables */
+ $ret = array("count" => 0); // Set count to 0
+ $next = true; // if false, then skip next loops and return
+ $cnt = 0; // Current number of loops
+ $max = 100; // Just for security, prevent looops
+ $ldap = NULL; // To check if created result a valid
+ $keep = ""; // save last failed parse string
+
+ /* Check each parsed dn in ldap ? */
+ if($config!=NULL && $verify_in_ldap){
+ $ldap = $config->get_ldap_link();
+ }
+
+ /* Lets start */
+ $called = false;
+ while(preg_match("/,/",$dn) && $next && $cnt < $max){
+
+ $cnt ++;
+ if(!preg_match("/,/",$dn)){
+ $next = false;
+ }
+ $object = preg_replace("/[,].*$/","",$dn);
+ $dn = preg_replace("/^[^,]+,/","",$dn);
+
+ $called = true;
+
+ /* Check if current dn is valid */
+ if($ldap!=NULL){
+ $ldap->cd($dn);
+ $ldap->cat($dn,array("dn"));
+ if($ldap->count()){
+ $ret[] = $keep.$object;
+ $keep = "";
+ }else{
+ $keep .= $object.",";
+ }
+ }else{
+ $ret[] = $keep.$object;
+ $keep = "";
+ }
+ }
+
+ /* No dn was posted */
+ if($cnt == 0 && !empty($dn)){
+ $ret[] = $dn;
+ }
+
+ /* Append the rest */
+ $test = $keep.$dn;
+ if($called && !empty($test)){
+ $ret[] = $keep.$dn;
+ }
+ $ret['count'] = count($ret) - 1;
+
+ return($ret);
+}
+
+function is_php4()
+{
+ return (preg_match('/^4/', phpversion()));
+}
+
+/* Add "str_split" if this function is missing.
+ * This function is only available in PHP5
+ */
+ if(!function_exists("str_split")){
+ function str_split($str,$length =1)
+ {
+ if($length < 1 ) $length =1;
+
+ $ret = array();
+ for($i = 0 ; $i < strlen($str); $i = $i +$length){
+ $ret[] = substr($str,$i ,$length);
+ }
+ return($ret);
+ }
+ }
+
+
+function get_base_from_hook($dn, $attrib)
+{
+ global $config;
+
+ if (isset($config->current['BASE_HOOK'])){
+
+ /* Call hook script - if present */
+ $command= $config->current['BASE_HOOK'];
+
+ if ($command != ""){
+ $command.= " '$dn' $attrib";
+ if (check_command($command)){
+ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
+ exec($command, $output);
+ if (preg_match("/^[0-9]+$/", $output)){
+ return ($output[0]);
+ } else {
+ print_red(_("Warning - base_hook is not avialable. Using default base."));
+ return ($config->current['UIDBASE']);
+ }
+ } else {
+ print_red(_("Warning - base_hook is not avialable. Using default base."));
+ return ($config->current['UIDBASE']);
+ }
+
+ } else {
+
+ print_red(_("Warning - no base_hook defined. Using default base."));
+ return ($config->current['UIDBASE']);
+
+ }
+ }
+}
+
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>