![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/include/functions.inc b/include/functions.inc
index 09f90acced0c579ef6888a8d1d886a979fe7db78..d8f0cd4ac90ee12d6d961e79a4c4215102597ac9 100644 (file)
--- a/include/functions.inc
+++ b/include/functions.inc
define ("CONFIG_TEMPLATE_DIR", "../contrib/");
define ("HELP_BASEDIR", "/var/www/doc/");
+/* Define get_list flags */
+define("GL_NONE", 0);
+define("GL_SUBSEARCH", 1);
+define("GL_SIZELIMIT", 2);
+define("GL_CONVERT" , 4);
+
/* Define globals for revision comparing */
$svn_path = '$HeadURL$';
$svn_revision = '$Revision$';
/* Sadly we've no proper return values here. Use the error message instead. */
if (!preg_match("/Success/i", $ldap->error)){
- print_red(sprintf(_("Error when connecting the LDAP. Server said '%s'."),
- $ldap->get_error()));
- echo $_SESSION['errors'];
-
- /* Hard error. We'd like to use the LDAP, anyway... */
- exit;
+ echo sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error());
+ exit();
}
/* Preset connection base to $base and return to caller */
$ldap = $config->get_ldap_link();
if (!preg_match("/Success/i", $ldap->error)){
print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error()));
- echo $_SESSION['errors'];
- exit;
+ $smarty= get_smarty();
+ $smarty->display(get_template_path('headers.tpl'));
+ echo "<body>".$_SESSION['errors']."</body></html>";
+ exit();
}
$ldap->cd($config->current['BASE']);
$ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid"));
}
+function ldap_expired_account($config, $userdn, $username)
+{
+ //$this->config= $config;
+ $ldap= $config->get_ldap_link();
+ $ldap->cat($userdn);
+ $attrs= $ldap->fetch();
+
+ /* default value no errors */
+ $expired = 0;
+
+ $sExpire = 0;
+ $sLastChange = 0;
+ $sMax = 0;
+ $sMin = 0;
+ $sInactive = 0;
+ $sWarning = 0;
+
+ $current= date("U");
+
+ $current= floor($current /60 /60 /24);
+
+ /* special case of the admin, should never been locked */
+ /* FIXME should allow any name as user admin */
+ if($username != "admin")
+ {
+
+ if(isset($attrs['shadowExpire'][0])){
+ $sExpire= $attrs['shadowExpire'][0];
+ } else {
+ $sExpire = 0;
+ }
+
+ if(isset($attrs['shadowLastChange'][0])){
+ $sLastChange= $attrs['shadowLastChange'][0];
+ } else {
+ $sLastChange = 0;
+ }
+
+ if(isset($attrs['shadowMax'][0])){
+ $sMax= $attrs['shadowMax'][0];
+ } else {
+ $smax = 0;
+ }
+
+ if(isset($attrs['shadowMin'][0])){
+ $sMin= $attrs['shadowMin'][0];
+ } else {
+ $sMin = 0;
+ }
+
+ if(isset($attrs['shadowInactive'][0])){
+ $sInactive= $attrs['shadowInactive'][0];
+ } else {
+ $sInactive = 0;
+ }
+
+ if(isset($attrs['shadowWarning'][0])){
+ $sWarning= $attrs['shadowWarning'][0];
+ } else {
+ $sWarning = 0;
+ }
+
+ /* is the account locked */
+ /* shadowExpire + shadowInactive (option) */
+ if($sExpire >0){
+ if($current >= ($sExpire+$sInactive)){
+ return(1);
+ }
+ }
+
+ /* the user should be warned to change is password */
+ if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){
+ if (($sExpire - $current) < $sWarning){
+ return(2);
+ }
+ }
+
+ /* force user to change password */
+ if(($sLastChange >0) && ($sMax) >0){
+ if($current >= ($sLastChange+$sMax)){
+ return(3);
+ }
+ }
+
+ /* the user should not be able to change is password */
+ if(($sLastChange >0) && ($sMin >0)){
+ if (($sLastChange + $sMin) >= $current){
+ return(4);
+ }
+ }
+ }
+ return($expired);
+}
+
function add_lock ($object, $user)
{
global $config;
}
-function get_list2($subtreeACL, $filter, $subsearch= TRUE, $base="", $attrs= array(), $flag= FALSE)
+function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
{
- global $config;
+ global $config, $ui;
- /* Base the search on default base if not set */
- $ldap= $config->get_ldap_link($flag);
+ /* Get LDAP link */
+ $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
+
+ /* Set search base to configured base if $base is empty */
if ($base == ""){
$ldap->cd ($config->current['BASE']);
} else {
$ldap->cd ($base);
}
- /* Perform ONE or SUB scope searches? */
- $ldap->ls ($filter);
-
- /* Check for size limit exceeded messages for GUI feedback */
- if (preg_match("/size limit/i", $ldap->error)){
- $_SESSION['limit_exceeded']= TRUE;
- } else {
- $_SESSION['limit_exceeded']= FALSE;
- }
- $result= array();
-
-
- /* Crawl through reslut entries and perform the migration to the
- result array */
- while($attrs = $ldap->fetch()) {
- $dn= $ldap->getDN();
- foreach ($subtreeACL as $key => $value){
- if (preg_match("/$key/", $dn)){
- $attrs["dn"]= convert_department_dn($dn);
- $result[]= $attrs;
- break;
- }
- }
- }
-
-
- return ($result);
-
-}
-
-function get_list($subtreeACL, $filter, $subsearch= TRUE, $base="", $attrs= array(), $flag= FALSE)
-{
- global $config;
-
- /* Base the search on default base if not set */
- $ldap= $config->get_ldap_link($flag);
- if ($base == ""){
- $ldap->cd ($config->current['BASE']);
- } else {
- $ldap->cd ($base);
+ /* Strict filter for administrative units? */
+ if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) &&
+ preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){
+ $filter= "(&(gosaUnitTag=".$ui->gosaUnitTag.")$filter)";
}
/* Perform ONE or SUB scope searches? */
- if ($subsearch) {
- $ldap->search ($filter, $attrs);
+ if ($flags & GL_SUBSEARCH) {
+ $ldap->search ($filter, $attributes);
} else {
- $ldap->ls ($filter);
+ $ldap->ls ($filter,$base,$attributes);
}
/* Check for size limit exceeded messages for GUI feedback */
if (preg_match("/size limit/i", $ldap->error)){
$_SESSION['limit_exceeded']= TRUE;
- } else {
- $_SESSION['limit_exceeded']= FALSE;
}
/* Crawl through reslut entries and perform the migration to the
@@ -557,9 +619,17 @@ function get_list($subtreeACL, $filter, $subsearch= TRUE, $base="", $attrs= arra
$result= array();
while($attrs = $ldap->fetch()) {
$dn= $ldap->getDN();
+
foreach ($subtreeACL as $key => $value){
if (preg_match("/$key/", $dn)){
- $attrs["dn"]= $dn;
+
+ if ($flags & GL_CONVERT){
+ $attrs["dn"]= convert_department_dn($dn);
+ } else {
+ $attrs["dn"]= $dn;
+ }
+
+ /* We found what we were looking for, break speeds things up */
$result[]= $attrs;
break;
}
/* Build a sub-directory style list of the tree level
specified in $dn */
- foreach (split (',', $dn) as $val){
+ foreach (split(',', $dn) as $rdn){
/* We're only interested in organizational units... */
- if (preg_match ("/ou=/", $val)){
- $dep= substr($val,3)."/$dep";
+ if (substr($rdn,0,3) == 'ou='){
+ $dep= substr($rdn,3)."/$dep";
}
/* ... and location objects */
- if (preg_match ("/l=/", $val)){
- $dep= substr($val,2)."/$dep";
+ if (substr($rdn,0,2) == 'l='){
+ $dep= substr($rdn,2)."/$dep";
}
}
/* Return and remove accidently trailing slashes */
- return @ldap::fix(rtrim($dep, "/"));
+ return rtrim($dep, "/");
}
-function convert_department_dn2($dn)
-{
- $dep= "";
-
- /* Build a sub-directory style list of the tree level
- specified in $dn */
- $deps = array_flip($_SESSION['config']->idepartments);
- if(isset($deps[$dn])){
- $dn= $deps[$dn];
- $dep = preg_replace("/^.*=/","",$dn);
- }else{
- $dep= preg_replace("%^.*/([^/]+)$%", "\\1", $dn);
- }
-
- /* Return and remove accidently trailing slashes */
- $tmp = rtrim($dep, "/");
- return @ldap::fix($tmp);
+/* Strip off the last sub department part of a '/level1/level2/.../'
+ * style value. It removes the trailing '/', too. */
+function get_sub_department($value)
+{
+ return (@LDAP::fix(preg_replace("%^.*/([^/]+)/?$%", "\\1", $value)));
}
{
global $config;
- $ou= $config->current[$name];
+ /* Preset ou... */
+ if (isset($config->current[$name])){
+ $ou= $config->current[$name];
+ } else {
+ return "";
+ }
+
if ($ou != ""){
if (!preg_match('/^[^=]+=[^=]+/', $ou)){
- return "ou=$ou,";
+ return @LDAP::convert("ou=$ou,");
} else {
- return "$ou,";
+ return @LDAP::convert("$ou,");
}
} else {
return "";
{
global $config;
- $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/";
+ $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/i";
$base= preg_replace($pattern, '', $dn);
/* Set to base, if we're not on a correct subtree */
}
-function get_departments($ignore_dn= "")
-{
- global $config;
-
- /* Initialize result hash */
- $result= array();
- $result['/']= $config->current['BASE'];
-
- /* Get list of department objects */
- $ldap= $config->get_ldap_link();
- $ldap->cd ($config->current['BASE']);
- $ldap->search ("(objectClass=gosaDepartment)", array("ou"));
- while ($attrs= $ldap->fetch()){
- $dn= $ldap->getDN();
- if ($dn == $ignore_dn){
- continue;
- }
- $result[convert_department_dn($dn)]= $dn;
- }
-
- return ($result);
-}
-
-
function chkacl($acl, $name)
{
/* Look for attribute in ACL */
return (TRUE);
}
- return preg_match ("/^[0-9 ()+*-]+$/", $nr);
+ return preg_match ("/^[\/0-9 ()+*-]+$/", $nr);
}
}
+function is_ip($ip)
+{
+ return preg_match("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/", $ip);
+}
+
+
function is_id($id)
{
if ($id == ""){
if (isset($_SESSION['DEBUGLEVEL'])){
if($_SESSION['LastError'] == $string){
-
+
if((!isset($_SESSION['errorsAlreadyPosted'][$string]))){
$_SESSION['errorsAlreadyPosted'][$string] = 1;
}
- $_SESSION['errorsAlreadyPosted'][$string] ++;
+ $_SESSION['errorsAlreadyPosted'][$string]++;
}else{
- if((!empty($_SESSION['LastError'])) && ($_SESSION['errorsAlreadyPosted'][$_SESSION['LastError']]>1)){
- $_SESSION['errors'].= "<div align=\"left\" style=\"border-width:5px;".
- "border-style:solid;border-color:red; background-color:black;".
- "margin-bottom:10px; padding:8px;\"><table style='width:100%' summary=''><tr><td><img alt=\"\" src=\"".
- get_template_path('images/warning.png')."\"></td>".
- "<td width=\"100%\" style=\"text-align:center\"><font color=\"#FFFFFF\">".
- "<b style='font-size:16px;'>".sprintf(_("Last message repeated %s times."),$_SESSION['errorsAlreadyPosted'][$_SESSION['LastError']])."</b></font></td><td>".
- "<img alt=\"\"src=\"".get_template_path('images/warning.png').
- "\"></td></tr></table></div>\n";
- }
-
if($string != NULL){
- $_SESSION['errors'].= "<div align=\"left\" style=\"border-width:5px;".
- "border-style:solid;border-color:red; background-color:black;".
- "margin-bottom:10px; padding:8px;\"><table style='width:100%' summary=''><tr><td><img alt=\"\" src=\"".
- get_template_path('images/warning.png')."\"></td>".
- "<td width=\"100%\" style=\"text-align:center\"><font color=\"#FFFFFF\">".
- "<b style='font-size:16px;'>$string</b></font></td><td>".
- "<img alt=\"\"src=\"".get_template_path('images/warning.png').
- "\"></td></tr></table></div>\n";
+ if (preg_match("/"._("LDAP error:")."/", $string)){
+ $addmsg= _("Problems with the LDAP server mean that you probably lost the last changes. Please check your LDAP setup for possible errors and try again.");
+ $img= "images/error.png";
+ } else {
+ if (!preg_match('/[.!?]$/', $string)){
+ $string.= ".";
+ }
+ $string= preg_replace('/<br>/', ' ', $string);
+ $img= "images/warning.png";
+ $addmsg= _("Please check your input and fix the error. Press 'OK' to close this message box.");
+ }
+
+ if(isset($_SESSION['errors']) && strlen($_SESSION['errors'])==0) {
+ $_SESSION['errors'].= "<div style='margin-left:15%;margin-top:100px;".
+ "background-color:white;padding:5px;border:5px solid red;width:55%;z-index:150;".
+ "position:absolute' id='e_layer'><table style='width:100%' summary='' border=0>".
+ "<tr><td style='vertical-align:top;padding:10px'><img alt='' src='".
+ get_template_path($img)."'></td>".
+ "<td style='width:100%'><h1>"._("An error occured while processing your request").
+ "</h1><b>$string</b><br><br>$addmsg</td></tr><tr><td colspan='2' align='center'><br><button ".
+ (($_SESSION['js']==FALSE)?"type='submit'":"type='button'").
+ " style='width:80px' onClick='hide(\"e_layer\")'>".
+ _("OK")."</button></td></tr></table></div>";
+ }
+
}else{
return;
}
- $_SESSION['errorsAlreadyPosted'] = array();
$_SESSION['errorsAlreadyPosted'][$string] = 1;
}
echo "Error: $string\n";
}
$_SESSION['LastError'] = $string;
-
}
$_SESSION['dn']= $dn;
$ldap= $config->get_ldap_link();
- $ldap->cat ($user);
+ $ldap->cat ($user, array('uid', 'cn'));
$attrs= $ldap->fetch();
- $uid= $attrs["uid"][0];
- // print_a($_POST);
- // print_a($_GET);
+ /* Stop if we have no user here... */
+ if (count($attrs)){
+ $uid= $attrs["uid"][0];
+ $cn= $attrs["cn"][0];
+ } else {
+ $uid= $attrs["uid"][0];
+ $cn= $attrs["cn"][0];
+ }
+
+ $remove= false;
if((isset($_SESSION['LOCK_VARS_TO_USE']))&&(count($_SESSION['LOCK_VARS_TO_USE']))){
$_SESSION['LOCK_VARS_USED'] =array();
/* Prepare and show template */
$smarty= get_smarty();
$smarty->assign ("dn", $dn);
- $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry '%s' which appears to be used by '%s'. Please contact the person in order to clarify proceedings."), $dn, "<a href=\"main.php?plug=0&viewid=$uid\">$uid</a>"));
+ if ($remove){
+ $smarty->assign ("action", _("Continue anyway"));
+ } else {
+ $smarty->assign ("action", _("Edit anyway"));
+ }
+ $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry '%s' which appears to be used by '%s'. Please contact the person in order to clarify proceedings."), "<b>".$dn."</b>", "<b><a href=\"main.php?plug=0&viewid=$uid\">$cn</a></b>"));
return ($smarty->fetch (get_template_path('islocked.tpl')));
}
$ar = false;
exec("lpstat -p", $ar);
foreach($ar as $val){
- list($dummy, $printer, $rest)= split(' ', $val, 3);
+ @list($dummy, $printer, $rest)= split(' ', $val, 3);
if (preg_match('/^[^@]+$/', $printer)){
$res[$printer]= "$printer";
}
}
-function show_ldap_error($message)
+function show_ldap_error($message, $addon= "")
{
if (!preg_match("/Success/i", $message)){
- print_red (_("LDAP error:")." $message");
+ if ($addon == ""){
+ print_red (_("LDAP error: $message"));
+ } else {
+ print_red ("$addon<br><br><b>"._("LDAP error:")."</b> $message");
+ }
return TRUE;
} else {
return FALSE;
global $config;
if (get_people_ou() != ""){
- $dn= preg_replace('/,'.get_people_ou().'/' , ',', $dn);
+ $dn= preg_replace('/,'.get_people_ou().'/i' , ',', $dn);
}
if (get_groups_ou() != ""){
- $dn= preg_replace('/,'.get_groups_ou().'/' , ',', $dn);
+ $dn= preg_replace('/,'.get_groups_ou().'/i' , ',', $dn);
}
$base= preg_replace ('/^[^,]+,/i', '', $dn);
$display.= " ";
$display.= "</div>\n";
}
+ if (isset($_SESSION['errors'])){
+ $display.= $_SESSION['errors'];
+ }
return ($display);
}
}
+function saveFilter($a_filter, $values)
+{
+ if (isset($_POST['regexit'])){
+ $a_filter["regex"]= $_POST['regexit'];
+
+ foreach($values as $type){
+ if (isset($_POST[$type])) {
+ $a_filter[$type]= "checked";
+ } else {
+ $a_filter[$type]= "";
+ }
+ }
+ }
+
+ /* React on alphabet links if needed */
+ if (isset($_GET['search'])){
+ $s= mb_substr(validate($_GET['search']), 0, 1, "UTF8")."*";
+ if ($s == "**"){
+ $s= "*";
+ }
+ $a_filter['regex']= $s;
+ }
+
+ return ($a_filter);
+}
+
+
+/* Escape all preg_* relevant characters */
+function normalizePreg($input)
+{
+ return (addcslashes($input, '[]()|/.*+-'));
+}
+
+
+/* Escape all LDAP filter relevant characters */
+function normalizeLdap($input)
+{
+ return (addcslashes($input, '()|'));
+}
+
+
+/* Resturns the difference between to microtime() results in float */
+function get_MicroTimeDiff($start , $stop)
+{
+ $a = split("\ ",$start);
+ $b = split("\ ",$stop);
+
+ $secs = $b[1] - $a[1];
+ $msecs= $b[0] - $a[0];
+
+ $ret = (float) ($secs+ $msecs);
+ return($ret);
+}
+
+
+/* Check if the given department name is valid */
+function is_department_name_reserved($name,$base)
+{
+ $reservedName = array("systems","apps","incomming","internal","accounts","fax","addressbook",
+ preg_replace("/ou=(.*),/","\\1",get_people_ou()),
+ preg_replace("/ou=(.*),/","\\1",get_groups_ou()));
+ $follwedNames['/ou=fai,ou=configs,ou=systems,/'] = array("fai","hooks","templates","scripts","disk","packages","variables","profiles");
+
+ /* Check if name is one of the reserved names */
+ if(in_array_ics($name,$reservedName)) {
+ return(true);
+ }
+
+ /* Check all follow combinations if name is in array && parent base == array_key, return false*/
+ foreach($follwedNames as $key => $names){
+ if((in_array_ics($name,$names)) && (preg_match($key,$base))){
+ return(true);
+ }
+ }
+ return(false);
+}
+
+
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>