diff --git a/include/functions.inc b/include/functions.inc
index c9c50058124e47f6ea7917fbe03e0f95fe42b47c..a4e7b952b0236107faaf1b1f6dd187285e0eefa5 100644 (file)
--- a/include/functions.inc
+++ b/include/functions.inc
/* Include required files */
require_once ("class_ldap.inc");
require_once ("class_config.inc");
-require_once ("class_userinfo.inc");
require_once ("class_plugin.inc");
+require_once ("class_acl.inc");
+require_once ("class_userinfo.inc");
require_once ("class_pluglist.inc");
require_once ("class_tabs.inc");
require_once ("class_mail-methods.inc");
-require_once("class_password-methods.inc");
+require_once ("class_password-methods.inc");
require_once ("functions_debug.inc");
require_once ("functions_dns.inc");
require_once ("class_MultiSelectWindow.inc");
/* Sadly we've no proper return values here. Use the error message instead. */
if (!preg_match("/Success/i", $ldap->error)){
- print_red(sprintf(_("Error when connecting the LDAP. Server said '%s'."),
- $ldap->get_error()));
- echo $_SESSION['errors'];
-
- /* Hard error. We'd like to use the LDAP, anyway... */
- exit;
+ echo sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error());
+ exit();
}
/* Preset connection base to $base and return to caller */
$ldap = $config->get_ldap_link();
if (!preg_match("/Success/i", $ldap->error)){
print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error()));
- echo $_SESSION['errors'];
- exit;
+ $smarty= get_smarty();
+ $smarty->display(get_template_path('headers.tpl'));
+ echo "<body>".$_SESSION['errors']."</body></html>";
+ exit();
}
$ldap->cd($config->current['BASE']);
$ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid"));
}
+function ldap_expired_account($config, $userdn, $username)
+{
+ $ldap= $config->get_ldap_link();
+ $ldap->cat($userdn);
+ $attrs= $ldap->fetch();
+
+ /* default value no errors */
+ $expired = 0;
+
+ $sExpire = 0;
+ $sLastChange = 0;
+ $sMax = 0;
+ $sMin = 0;
+ $sInactive = 0;
+ $sWarning = 0;
+
+ $current= date("U");
+
+ $current= floor($current /60 /60 /24);
+
+ /* special case of the admin, should never been locked */
+ /* FIXME should allow any name as user admin */
+ if($username != "admin")
+ {
+
+ if(isset($attrs['shadowExpire'][0])){
+ $sExpire= $attrs['shadowExpire'][0];
+ } else {
+ $sExpire = 0;
+ }
+
+ if(isset($attrs['shadowLastChange'][0])){
+ $sLastChange= $attrs['shadowLastChange'][0];
+ } else {
+ $sLastChange = 0;
+ }
+
+ if(isset($attrs['shadowMax'][0])){
+ $sMax= $attrs['shadowMax'][0];
+ } else {
+ $smax = 0;
+ }
+
+ if(isset($attrs['shadowMin'][0])){
+ $sMin= $attrs['shadowMin'][0];
+ } else {
+ $sMin = 0;
+ }
+
+ if(isset($attrs['shadowInactive'][0])){
+ $sInactive= $attrs['shadowInactive'][0];
+ } else {
+ $sInactive = 0;
+ }
+
+ if(isset($attrs['shadowWarning'][0])){
+ $sWarning= $attrs['shadowWarning'][0];
+ } else {
+ $sWarning = 0;
+ }
+
+ /* is the account locked */
+ /* shadowExpire + shadowInactive (option) */
+ if($sExpire >0){
+ if($current >= ($sExpire+$sInactive)){
+ return(1);
+ }
+ }
+
+ /* the user should be warned to change is password */
+ if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){
+ if (($sExpire - $current) < $sWarning){
+ return(2);
+ }
+ }
+
+ /* force user to change password */
+ if(($sLastChange >0) && ($sMax) >0){
+ if($current >= ($sLastChange+$sMax)){
+ return(3);
+ }
+ }
+
+ /* the user should not be able to change is password */
+ if(($sLastChange >0) && ($sMin >0)){
+ if (($sLastChange + $sMin) >= $current){
+ return(4);
+ }
+ }
+ }
+ return($expired);
+}
+
function add_lock ($object, $user)
{
global $config;
function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
{
- global $config;
+ global $config, $ui;
/* Get LDAP link */
$ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
@@ -504,6 +596,12 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags=
$ldap->cd ($base);
}
+ /* Strict filter for administrative units? */
+ if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) &&
+ preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){
+ $filter= "(&(gosaUnitTag=".$ui->gosaUnitTag.")$filter)";
+ }
+
/* Perform ONE or SUB scope searches? */
if ($flags & GL_SUBSEARCH) {
$ldap->search ($filter, $attributes);
}
}
+
function get_permissions ($dn, $subtreeACL)
{
global $config;
+echo "get_permissions() - to be removed<br>";
$base= $config->current['BASE'];
$tmp= "d,".$dn;
function get_module_permission($acl_array, $module, $dn)
{
global $ui;
+echo "get_module_permissions() - to be removed<br>";
$final= "";
foreach($acl_array as $acl){
{
global $config;
- $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/";
+ $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/i";
$base= preg_replace($pattern, '', $dn);
/* Set to base, if we're not on a correct subtree */
function chkacl($acl, $name)
{
+ echo "chkacl - to be removed<br>";
/* Look for attribute in ACL */
if (preg_match("/#$name#/", $acl) || $acl == "#all#"){
return ("");
$remove= false;
+ /* Save variables from LOCK_VARS_TO_USE in session - for further editing */
if((isset($_SESSION['LOCK_VARS_TO_USE']))&&(count($_SESSION['LOCK_VARS_TO_USE']))){
$_SESSION['LOCK_VARS_USED'] =array();
foreach($_SESSION['LOCK_VARS_TO_USE'] as $name){
$ar = false;
exec("lpstat -p", $ar);
foreach($ar as $val){
- list($dummy, $printer, $rest)= split(' ', $val, 3);
+ @list($dummy, $printer, $rest)= split(' ', $val, 3);
if (preg_match('/^[^@]+$/', $printer)){
$res[$printer]= "$printer";
}
global $config;
if (get_people_ou() != ""){
- $dn= preg_replace('/,'.get_people_ou().'/' , ',', $dn);
+ $dn= preg_replace('/,'.get_people_ou().'/i' , ',', $dn);
}
if (get_groups_ou() != ""){
- $dn= preg_replace('/,'.get_groups_ou().'/' , ',', $dn);
+ $dn= preg_replace('/,'.get_groups_ou().'/i' , ',', $dn);
}
$base= preg_replace ('/^[^,]+,/i', '', $dn);
}
+/* Check if the given department name is valid */
+function is_department_name_reserved($name,$base)
+{
+ $reservedName = array("systems","apps","incomming","internal","accounts","fax","addressbook",
+ preg_replace("/ou=(.*),/","\\1",get_people_ou()),
+ preg_replace("/ou=(.*),/","\\1",get_groups_ou()));
+ $follwedNames['/ou=fai,ou=configs,ou=systems,/'] = array("fai","hooks","templates","scripts","disk","packages","variables","profiles");
+
+ /* Check if name is one of the reserved names */
+ if(in_array_ics($name,$reservedName)) {
+ return(true);
+ }
+
+ /* Check all follow combinations if name is in array && parent base == array_key, return false*/
+ foreach($follwedNames as $key => $names){
+ if((in_array_ics($name,$names)) && (preg_match($key,$base))){
+ return(true);
+ }
+ }
+ return(false);
+}
+
+
+function get_base_dir()
+{
+ global $BASE_DIR;
+
+ return $BASE_DIR;
+}
+
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>