![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/personal/posix/class_posixAccount.inc b/plugins/personal/posix/class_posixAccount.inc
index 2845c16ec4099e872d68988ecfaf0fda2a1082f5..1578b8592c672000b8acb815e56c1a41c2ef60dd 100644 (file)
var $plHeadline= "UNIX";
var $plDescription= "This does something";
- /* CLI vars */
- var $cli_summary= "Manage users posix account";
- var $cli_description= "Some longer text\nfor help";
- var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
-
/* Plugin specific values */
var $homeDirectory= "";
var $loginShell= "/bin/bash";
var $use_shadowExpire= "0";
var $must_change_password= "0";
var $force_ids= 0;
- var $printerList= array();
var $group_dialog= FALSE;
var $show_ws_dialog= FALSE;
var $secondaryGroups= array();
var $grouplist = array();
var $ui = array();
+ var $GroupRegex = "*";
+ var $GroupUserRegex = "*";
+ var $SubSearch = false;
+
/* attribute list for save action */
- var $CopyPasteVars = array("grouplist","groupMembership");
+ var $CopyPasteVars = array("grouplist","groupMembership","use_shadowMin","use_shadowMax","use_shadowWarning","use_shadowInactive","use_shadowExpire","must_change_password","grouplist","savedGidNumber","savedUidNumber");
var $attributes = array("homeDirectory", "loginShell", "uidNumber", "gidNumber", "gecos",
"shadowMin", "shadowMax", "shadowWarning", "shadowInactive", "shadowLastChange",
"shadowExpire", "gosaDefaultPrinter", "gosaDefaultLanguage", "uid","accessTo","trustModel");
var $objectclasses= array("posixAccount", "shadowAccount");
+ var $uid ="";
/* constructor, if 'dn' is set, the node loads the given
'dn' from LDAP */
- function posixAccount ($config, $dn= NULL)
+ function posixAccount ($config, $dn= NULL, $parent= NULL)
{
/* Configuration is fine, allways */
$this->config= $config;
/* Load bases attributes */
- plugin::plugin($config, $dn);
+ plugin::plugin($config, $dn, $parent);
+
+ /* set user id */
+ if(isset($this->attrs['uid'])){
+ $this->uid = $this->attrs['uid'][0];
+ }
$ldap= $this->config->get_ldap_link();
/* Generate status text */
$current= date("U");
+
+ $current= floor($current / 60 /60 / 24);
+
if (($current >= $this->shadowExpire) && $this->shadowExpire){
- $this->status= "expired";
- if (($this->shadowExpire - $current) < $this->shadowInactive){
- $this->status.= ", grace time active";
+ $this->status= _("expired");
+ if (($current - $this->shadowExpire) < $this->shadowInactive){
+ $this->status.= ", "._("grace time active");
}
} elseif (($this->shadowLastChange + $this->shadowMin) >= $current){
- $this->status= "active, password not changable";
+ $this->status= _("active, password not changable");
} elseif (($this->shadowLastChange + $this->shadowMax) >= $current){
- $this->status= "active, password expired";
+ $this->status= _("active, password expired");
} else {
- $this->status= "active";
+ $this->status= _("active");
}
/* Get group membership */
}
/* Convert to seconds */
- if ($this->shadowExpire != 0){
- $this->shadowExpire*= 60 * 60 * 24;
- } else {
- $date= getdate();
- $this->shadowExpire= floor($date[0] / (60*60*24)) * 60 * 60 * 24;
- }
+ $this->shadowExpire= $this->convertToSeconds($this->shadowExpire);
- /* Generate shell list from /etc/gosa/shells */
- if (file_exists('/etc/gosa/shells')){
- $shells = file ('/etc/gosa/shells');
+ /* Generate shell list from CONFIG_DIR./shells */
+ if (file_exists(CONFIG_DIR.'/shells')){
+ $shells = file (CONFIG_DIR.'/shells');
foreach ($shells as $line){
if (!preg_match ("/^#/", $line)){
$this->loginShellList[]= trim($line);
$this->loginShellList[]= $this->loginShell;
}
- /* Generate printer list */
- if (isset($this->config->data['SERVERS']['CUPS'])){
- $this->printerList= get_printer_list ($this->config->data['SERVERS']['CUPS']);
- asort($this->printerList);
+ /* Set tag attribute if we've tagging activated */
+ $filter= "(objectClass=posixGroup)";
+ $ui= get_userinfo();
+ if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) &&
+ preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){
+ $filter= "(&(objectClass=posixGroup)(gosaUnitTag=".$ui->gosaUnitTag."))";
}
/* Generate group list */
$ldap->cd($this->config->current['BASE']);
- $ldap->search("(objectClass=posixGroup)", array("cn", "gidNumber"));
+ $ldap->search("$filter", array("cn", "gidNumber"));
$this->secondaryGroups[]= "- "._("automatic")." -";
while ($attrs= $ldap->fetch()){
$this->secondaryGroups[$attrs['gidNumber'][0]]= $attrs['cn'][0];
plugin::execute();
$display= "";
+ /* Department has changed? */
+ if(isset($_POST['depselect'])){
+ $_SESSION['CurrentMainBase']= validate($_POST['depselect']);
+ }
+
if(!$isCopyPaste){
+
+ $required = (isset($this->parent->by_object['sambaAccount']) && $this->parent->by_object['sambaAccount']->is_account) ||
+ (isset($this->parent->by_object['environment'] ) && $this->parent->by_object['environment'] ->is_account);
+
/* Do we need to flip is_account state? */
if (isset($_POST['modify_state'])){
- $this->is_account= !$this->is_account;
+ if($this->is_account && $this->acl == "#all#" && !$required ){
+ $this->is_account= !$this->is_account;
+ }elseif(!$this->is_account && chkacl($this->acl,"create") == ""){
+ $this->is_account= !$this->is_account;
+ }
}
/* Do we represent a valid posixAccount? */
}
/* Add user workstation? */
- if (isset($_POST["add_ws"])){
+ if (isset($_POST["add_ws"]) && chkacl($this->acl,"allowedHosts") == ""){
$this->show_ws_dialog= TRUE;
$this->dialog= TRUE;
}
}
/* Remove user workstations? */
- if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
+ if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list']) && chkacl($this->acl,"allowedHosts") == ""){
foreach($_POST['workstation_list'] as $name){
unset ($this->accessTo[$name]);
}
$acl= array($this->config->current['BASE'] => ":all");
$regex= $sysfilter['regex'];
$filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))";
- $res= get_list($acl, "$filter", TRUE, $sysfilter['depselect'], array("cn"), TRUE);
+ $res= get_list($filter, $acl, $sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT);
$wslist= array();
foreach ($res as $attrs){
$wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
if ($this->group_dialog){
/* Get global filter config */
- if (!is_global("groupfilter")){
- $base= get_base_from_people($ui->dn);
- $groupfilter= array("primarygroups" => "checked",
- "mailgroups" => "checked",
- "sambagroups" => "checked",
- "appgroups" => "checked",
- "functionalgroups" => "checked",
- "guser" => "*",
- "subsearch" => "",
- "depselect" => $base,
- "regex" => "*");
- register_global("groupfilter", $groupfilter);
- }
-
- /* Save data */
- $groupfilter= get_global("groupfilter");
- foreach( array("depselect", "guser", "regex") as $type){
- if (isset($_POST[$type])){
- $groupfilter[$type]= $_POST[$type];
- }
- }
- if (isset($_POST['depselect'])){
- foreach( array("primarygroups", "sambagroups", "mailgroups", "appgroups",
- "functionalgroups") as $type){
-
- if (isset($_POST[$type])) {
- $groupfilter[$type]= "checked";
- } else {
- $groupfilter[$type]= "";
- }
- }
- }
- if (isset($_GET['search'])){
- $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
- if ($s == "**"){
- $s= "*";
- }
- $groupfilter['regex']= $s;
- }
- register_global("groupfilter", $groupfilter);
-
- /* Calculate actual groups */
-
$this->reload();
+
+ /* remove already assigned groups */
$glist= array();
foreach ($this->grouplist as $key => $value){
if (!isset($this->groupMembership[$key])){
}
}
+ if($this->SubSearch){
+ $smarty->assign("SubSearchCHK"," checked ");
+ }else{
+ $smarty->assign("SubSearchCHK","");
+ }
+
+ $smarty->assign("regex",$this->GroupRegex);
+ $smarty->assign("guser",$this->GroupUserRegex);
$smarty->assign("groups", $glist);
$smarty->assign("search_image", get_template_path('images/search.png'));
$smarty->assign("launchimage", get_template_path('images/small_filter.png'));
$smarty->assign("tree_image", get_template_path('images/tree.png'));
$smarty->assign("deplist", $this->config->idepartments);
$smarty->assign("alphabet", generate_alphabet());
- foreach( array("depselect", "guser", "regex", "primarygroups", "mailgroups",
- "appgroups", "sambagroups", "functionalgroups") as $type){
- $smarty->assign("$type", $groupfilter[$type]);
- }
+ $smarty->assign("depselect",$_SESSION['CurrentMainBase']);
$smarty->assign("hint", print_sizelimit_warning());
$smarty->assign("apply", apply_filter());
}
/* Fill calendar */
- $date= getdate($this->shadowExpire);
+
+ /* If this $this->shadowExpire is empty
+ use current date as base for calculating selectbox values.
+ (This attribute is empty if this is a new user )*/
+ if(empty($this->shadowExpire)){
+ $date= getdate(time());
+ }else{
+ $date= getdate($this->shadowExpire);
+ }
$days= array();
for($d= 1; $d<32; $d++){
} else {
$smarty->assign("groups", "");
}
- $smarty->assign("printerList", $this->printerList);
$smarty->assign("languages", $this->config->data['MAIN']['LANGUAGES']);
/* Avoid "Undefined index: forceMode" */
$this->attributes, "Save");
$ldap->cd($this->dn);
$this->cleanup();
-$ldap->modify ($this->attrs);
+ $ldap->modify ($this->attrs);
- show_ldap_error($ldap->get_error());
+ show_ldap_error($ldap->get_error(), _("Removing UNIX account failed"));
/* Delete group only if cn is uid and there are no other
members inside */
}
/* Optionally execute a command after we're done */
- $this->handle_post_events("remove");
+ $this->handle_post_events("remove", array("uid" => $this->uid));
}
$this->is_modified= TRUE;
}
$this->primaryGroup= $_POST['primaryGroup'];
+ if ($this->primaryGroup != 0){
+ $this->gidNumber= $this->primaryGroup;
+ }
}
/* Save pwmode dependent attributes, curently hardcoded because there're
}
/* Trust mode - special handling */
- if (isset($_POST['trustmode'])){
+ if (isset($_POST['trustmode']) && chkacl($this->acl,"allowedHosts") == ""){
$saved= $this->trustModel;
if ($_POST['trustmode'] == "1"){
$this->trustModel= "fullaccess";
}
}
}
+
+ /* Get regex from alphabet */
+ if(isset($_GET['search'])){
+ $this->GroupRegex = $_GET['search']."*";
+ }
+
+ /* Check checkboxes and regexes */
+ if(isset($_POST["PosixGroupDialogPosted"])){
+ if(isset($_POST['SubSearch']) && ($_POST['SubSearch'])){
+ $this->SubSearch = true;
+ }else{
+ $this->SubSearch = false;
+ }
+
+ if(isset($_POST['guser'])){
+ $this->GroupUserRegex = $_POST['guser'];
+ }
+ if(isset($_POST['regex'])){
+ $this->GroupRegex = $_POST['regex'];
+ }
+ }
+ $this->GroupRegex = preg_replace("/\*\**/","*",$this->GroupRegex);
+ $this->GroupUserRegex = preg_replace("/\*\**/","*",$this->GroupUserRegex);
}
}
add_lock ("uidnumber", "gosa");
- $this->uidNumber= $this->get_next_id("uidNumber");
+ $this->uidNumber= $this->get_next_id("uidNumber", $this->dn);
if ($this->savedGidNumber != ""){
$this->gidNumber= $this->savedGidNumber;
} else {
- $this->gidNumber= $this->get_next_id("gidNumber");
+ $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
}
}
/* Fill gecos */
if (isset($this->parent) && $this->parent != NULL){
$this->gecos= rewrite($this->parent->by_object['user']->cn);
- if (!preg_match('/[a-z0-9 -]/i', $this->gecos)){
+ if (!preg_match('/^[a-z0-9 -]+$/i', $this->gecos)){
$this->gecos= "";
}
}
unset($this->attrs['uid']);
$ldap->modify ($this->attrs);
- show_ldap_error($ldap->get_error());
+ show_ldap_error($ldap->get_error(), _("Saving UNIX account failed"));
/* Remove lock needed for unique id generation */
del_lock ("uidnumber");
- /* Posix accounts have group interrelationship, take care about these here. */
- if ($this->force_ids == 0 && $this->primaryGroup == 0){
+ /* Posix accounts have group interrelationship,
+ take care about these here if this is a new user without forced gidNumber. */
+ if ($this->force_ids == 0 && $this->primaryGroup == 0 && !$this->initially_was_account){
$ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
/* Create group if it doesn't exist */
if ($ldap->count() == 0){
$groupdn= preg_replace ('/^'.$this->config->current['DNMODE'].'=[^,]+,'.get_people_ou().'/i', 'cn='.$this->uid.','.get_groups_ou(), $this->dn);
-
$g= new group($this->config, $groupdn);
$g->cn= $this->uid;
$g->force_gid= 1;
/* Take care about groupMembership values: add to groups */
foreach ($this->groupMembership as $key => $value){
- $g= new group($this->config, $key);
- $g->addUser ($this->uid);
- $g->save();
-
- /* May need to save the mail part, too */
- if ($g->has_mailAccount){
- $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key);
- $g->by_object['group']->removeUser ($this->uid);
+ if (!isset($this->savedGroupMembership[$key])){
+ $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key, false);
+ $g->by_object['group']->addUser($this->uid);
$g->save();
}
}
/* Remove from groups not listed in groupMembership */
foreach ($this->savedGroupMembership as $key => $value){
if (!isset($this->groupMembership[$key])){
-
- $g= new group($this->config, $key);
- $g->removeUser ($this->uid);
+ $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key);
+ $g->by_object['group']->removeUser ($this->uid);
$g->save();
-
- /* May need to save the mail part, too */
- if ($g->has_mailAccount){
- $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key);
- $g->by_object['group']->removeUser ($this->uid);
- $g->save();
- }
}
}
/* Optionally execute a command after we're done */
if ($this->initially_was_account == $this->is_account){
if ($this->is_modified){
- $this->handle_post_events("mofify");
+ $this->handle_post_events("modify",array("uid" => $this->uid));
}
} else {
- $this->handle_post_events("add");
+ $this->handle_post_events("add",array("uid" , $this->uid));
}
}
/* Include global link_info */
$ldap= $this->config->get_ldap_link();
- /* Reset message array */
- $message= array();
+ /* Call common method to give check the hook */
+ $message= plugin::check();
/* must: homeDirectory */
if ($this->homeDirectory == ""){
/* Walk through groups and add the descriptive entry if not exists */
foreach ($groups as $value){
if (!array_key_exists($value, $this->groupMembership)){
- $ldap->cat($value);
+ $ldap->cat($value, array('cn', 'description', 'dn'));
$attrs= $ldap->fetch();
error_reporting (0);
if (!isset($attrs['description'][0])){
$entry= $attrs["cn"][0]." [$dsc]";
}
error_reporting (E_ALL);
- $this->groupMembership[$ldap->getDN()]= $entry;
+ $this->groupMembership[$attrs['dn']]= $entry;
}
}
$this->primaryGroup= $this->gidNumber;
}
- $ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaUserTemplate)(uid=".$template."))", array("cn","accessTo"));
- while($attr = $ldap->fetch()){
- $tmp = $attr['accessTo'];
- unset ($tmp['count']);
- $this->accessTo = $tmp;
- }
-
- /* Adjust shadow checkboxes */
- foreach (array("shadowMin", "shadowMax", "shadowWarning", "shadowInactive",
- "shadowExpire") as $val){
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaUserTemplate)(uid=".$template.")(accessTo=*))", array("cn","accessTo"));
+ while($attr = $ldap->fetch()){
+ $tmp = $attr['accessTo'];
+ unset ($tmp['count']);
+ $this->accessTo = $tmp;
+ }
+
+ /* Adjust shadow checkboxes */
+ foreach (array("shadowMin", "shadowMax", "shadowWarning", "shadowInactive") as $val){
if ($this->$val != 0){
$oval= "use_".$val;
$this->$oval= "1";
}
}
+
+ /*
+ * If shadowExpire is not enabled in the template, it's a UNIX timestamp - so don't convert it to seconds.
+ * The check is a hack - if difference between timestamp generated above and here is max 1 day.
+ */
+ if(abs($this->shadowExpire - time())>86400) {
+ $this->shadowExpire= $this->convertToSeconds($this->shadowExpire);
+ }
+
+ /* Only enable checkbox, if shadowExpire is in the future */
+ if($this->shadowExpire > time()) {
+ $this->use_shadowExpire= "1";
+ }
}
- function get_next_id($attrib)
+ function get_next_id($attrib, $dn)
{
$ids= array();
$ldap= $this->config->get_ldap_link();
$ids[]= (int)$attrs["$attrib"][0];
}
+ /* Add the nobody id */
+ $ids[]= 65534;
+
/* Find out next free id near to UID_BASE */
- for ($id= $this->config->current['UIDBASE']; $id++; $id<65000){
+ if (!isset($this->config->current['BASE_HOOK'])){
+ $base= $this->config->current['UIDBASE'];
+ } else {
+ /* Call base hook */
+ $base= get_base_from_hook($dn, $attrib);
+ }
+ for ($id= $base; $id++; $id < pow(2,32)){
if (!in_array($id, $ids)){
return ($id);
}
}
- /* Should not happen */
- if ($id == 65000){
- print_red(_("Too many users, can't allocate a free ID!"));
+ /* Check if current id reaches the maximum of 32 bit */
+ if ($id >= pow(2,32)){
+ echo _("Too many users, can't allocate a free ID!");
exit;
}
-
}
function reload()
{
-
- /* Get config */
- $groupfilter= get_global('groupfilter');
-
/* Set base for all searches */
- $base= $groupfilter['depselect'];
-
- /* Regex filter? */
- if ($groupfilter['regex'] != ""){
- $regex= $groupfilter['regex'];
+ $base = $_SESSION['CurrentMainBase'];
+ $ldap = $this->config->get_ldap_link();
+ $attrs = array("cn", "description", "gidNumber");
+ $Flags = GL_SIZELIMIT;
+
+ /* Get groups */
+ if ($this->GroupUserRegex == '*'){
+ $filter = "(&(objectClass=posixGroup)(cn=".$this->GroupRegex."))";
} else {
- $regex= "*";
+ $filter= "(&(objectClass=posixGroup)(cn=".$this->GroupRegex.")(memberUid=".$this->GroupUserRegex."))";
+ }
+ if($this->SubSearch){
+ $Flags |= GL_SUBSEARCH;
+ }else{
+ $base = get_groups_ou().$base;
}
- $error = "";
- $ldap = $this->config->get_ldap_link();
- $base= get_groups_ou().$base;
- $res= get_list($this->ui->subtreeACL, "(objectClass=posixGroup)", FALSE, $base, array("cn", "description", "gidNumber"), TRUE);
- if (preg_match("/size limit/i", $error)){
+ $res= get_list($filter, $this->ui->subtreeACL, $base,$attrs, $Flags);
+
+ /* check sizelimit */
+ if (preg_match("/size limit/i", $ldap->error)){
$_SESSION['limit_exceeded']= TRUE;
}
- $error = $ldap->error;
+ /* Create a list of users */
$this->grouplist = array();
foreach ($res as $value){
$this->grouplist[$value['gidNumber'][0]]= $value;
reset ($this->grouplist);
}
+
+ /* Get posts from copy & paste dialog */
+ function saveCopyDialog()
+ {
+ if(isset($_POST['homeDirectory'])){
+ $this->homeDirectory = $_POST['homeDirectory'];
+ if (isset ($_POST['force_ids'])){
+ $data= 1;
+ $this->gidNumber = $_POST['gidNumber'];
+ $this->uidNumber = $_POST['uidNumber'];
+ } else {
+ $data= 0;
+ }
+ if ($this->force_ids != $data){
+ $this->is_modified= TRUE;
+ }
+ $this->force_ids= $data;
+ }
+ }
+
+
+ /* Create the posix dialog part for copy & paste */
function getCopyDialog()
{
+ /* Skip dialog creation if this is not a valid account */
if(!$this->is_account) return("");
if ($this->force_ids == 1){
$force_ids = "checked";
$sta = "";
+ /* Open group add dialog */
if(isset($_POST['edit_groupmembership'])){
$this->group_dialog = TRUE;
$sta = "SubDialog";
}
+ /* If the group-add dialog is closed, call execute
+ to ensure that the membership is updatd */
if(isset($_POST['add_groups_finish']) || isset($_POST['add_groups_cancel'])){
$this->execute();
$this->group_dialog =FALSE;
return($ret);
}
+ /* If a group member should be deleted, simply call execute */
if(isset($_POST['delete_groupmembership'])){
$this->execute();
}
+ /* Assigned informations to smarty */
$smarty = get_smarty();
$smarty->assign("homeDirectory",$this->homeDirectory);
$smarty->assign("uidNumber",$this->uidNumber);
$smarty->assign("gidNumber",$this->gidNumber);
$smarty->assign("forceMode",$forceMode);
$smarty->assign("force_ids",$force_ids);
- if (!count($this->groupMembership)){
+ if (!count($this->groupMembership)){
$smarty->assign("groupMembership", array(" "));
} else {
$smarty->assign("groupMembership", $this->groupMembership);
}
+
+ /* Display wars message if there are more than 16 group members */
if (count($this->groupMembership) > 16){
$smarty->assign("groups", "too_many_for_nfs");
} else {
return($ret);
}
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+
+ /* Avoid using the same gid/uid number as source user */
+ $this->savedUidNumber = $this->get_next_id("gidNumber", $this->dn);
+ $this->savedGidNumber = $this->get_next_id("uidNumber", $this->dn);
+ }
+
+ function convertToSeconds($val)
+ {
+ if ($val != 0){
+ $val*= 60 * 60 * 24;
+ } else {
+ $date= getdate();
+ $val= floor($date[0] / (60*60*24)) * 60 * 60 * 24;
+ }
+ return($val);
+ }
+
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: