diff --git a/plugins/personal/posix/class_posixAccount.inc b/plugins/personal/posix/class_posixAccount.inc
index 2af3bc0fa1c2b4ee5d70ffe2102a0b9535da937c..2a59d5b86323e1051632f534a586f1367022dd07 100644 (file)
var $plHeadline= "UNIX";
var $plDescription= "This does something";
- /* CLI vars */
- var $cli_summary= "Manage users posix account";
- var $cli_description= "Some longer text\nfor help";
- var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
-
/* Plugin specific values */
var $homeDirectory= "";
var $loginShell= "/bin/bash";
var $shadowInactive= "0";
var $shadowExpire= "0";
var $gosaDefaultPrinter= "";
- var $gosaDefaultLanguage= "";
var $accessTo= array();
var $trustModel= "";
var $use_shadowExpire= "0";
var $must_change_password= "0";
var $force_ids= 0;
- var $printerList= array();
var $group_dialog= FALSE;
var $show_ws_dialog= FALSE;
var $secondaryGroups= array();
var $GroupRegex = "*";
var $GroupUserRegex = "*";
+ var $SubSearch = false;
+ var $memberGroup = array();
/* attribute list for save action */
- var $CopyPasteVars = array("grouplist","groupMembership","use_shadowMin","use_shadowMax","use_shadowWarning","use_shadowInactive","use_shadowExpire","must_change_password","force_ids","printerList","grouplist","savedGidNumber","savedUidNumber","savedGroupMembership");
+ var $CopyPasteVars = array("grouplist","groupMembership","use_shadowMin","use_shadowMax","use_shadowWarning","use_shadowInactive","use_shadowExpire","must_change_password","grouplist","savedGidNumber","savedUidNumber");
var $attributes = array("homeDirectory", "loginShell", "uidNumber", "gidNumber", "gecos",
"shadowMin", "shadowMax", "shadowWarning", "shadowInactive", "shadowLastChange",
- "shadowExpire", "gosaDefaultPrinter", "gosaDefaultLanguage", "uid","accessTo","trustModel");
+ "shadowExpire", "gosaDefaultPrinter", "uid","accessTo","trustModel");
var $objectclasses= array("posixAccount", "shadowAccount");
+ var $uid ="";
/* constructor, if 'dn' is set, the node loads the given
'dn' from LDAP */
- function posixAccount ($config, $dn= NULL)
+ function posixAccount ($config, $dn= NULL, $parent= NULL)
{
/* Configuration is fine, allways */
$this->config= $config;
/* Load bases attributes */
- plugin::plugin($config, $dn);
+ plugin::plugin($config, $dn, $parent);
+
+ /* set user id */
+ if(isset($this->attrs['uid'])){
+ $this->uid = $this->attrs['uid'][0];
+ }
$ldap= $this->config->get_ldap_link();
}
/* Convert to seconds */
- if ($this->shadowExpire != 0){
- $this->shadowExpire*= 60 * 60 * 24;
- } else {
- $date= getdate();
- $this->shadowExpire= floor($date[0] / (60*60*24)) * 60 * 60 * 24;
- }
+ $this->shadowExpire= $this->convertToSeconds($this->shadowExpire);
- /* Generate shell list from /etc/gosa/shells */
- if (file_exists('/etc/gosa/shells')){
- $shells = file ('/etc/gosa/shells');
+ /* Generate shell list from CONFIG_DIR./shells */
+ if (file_exists(CONFIG_DIR.'/shells')){
+ $shells = file (CONFIG_DIR.'/shells');
foreach ($shells as $line){
if (!preg_match ("/^#/", $line)){
$this->loginShellList[]= trim($line);
$this->loginShellList[]= $this->loginShell;
}
- /* Generate printer list */
- if (isset($this->config->data['SERVERS']['CUPS'])){
- $this->printerList= get_printer_list ($this->config->data['SERVERS']['CUPS']);
- asort($this->printerList);
+ /* Set tag attribute if we've tagging activated */
+ $filter= "(objectClass=posixGroup)";
+ $ui= get_userinfo();
+ if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) &&
+ preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){
+ $filter= "(&(objectClass=posixGroup)(gosaUnitTag=".$ui->gosaUnitTag."))";
}
/* Generate group list */
$ldap->cd($this->config->current['BASE']);
- $ldap->search("(objectClass=posixGroup)", array("cn", "gidNumber"));
+ $ldap->search("$filter", array("cn", "gidNumber"));
$this->secondaryGroups[]= "- "._("automatic")." -";
while ($attrs= $ldap->fetch()){
$this->secondaryGroups[$attrs['gidNumber'][0]]= $attrs['cn'][0];
}
if(!$isCopyPaste){
+
+ $required = (isset($this->parent->by_object['sambaAccount']) && $this->parent->by_object['sambaAccount']->is_account) ||
+ (isset($this->parent->by_object['environment'] ) && $this->parent->by_object['environment'] ->is_account);
+
/* Do we need to flip is_account state? */
if (isset($_POST['modify_state'])){
- $this->is_account= !$this->is_account;
+ if($this->is_account && $this->acl == "#all#" && !$required ){
+ $this->is_account= !$this->is_account;
+ }elseif(!$this->is_account && chkacl($this->acl,"create") == ""){
+ $this->is_account= !$this->is_account;
+ }
}
/* Do we represent a valid posixAccount? */
}
/* Add user workstation? */
- if (isset($_POST["add_ws"])){
+ if (isset($_POST["add_ws"]) && chkacl($this->acl,"allowedHosts") == ""){
$this->show_ws_dialog= TRUE;
$this->dialog= TRUE;
}
}
/* Remove user workstations? */
- if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
+ if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list']) && chkacl($this->acl,"allowedHosts") == ""){
foreach($_POST['workstation_list'] as $name){
unset ($this->accessTo[$name]);
}
/* Manage group add dialog */
if ($this->group_dialog){
- /* Get Posts */
- if(isset($_POST['depselect'])){
- if(isset($_POST['regex'])){
- $this->GroupRegex = $_POST['regex'];
- }
- if(isset($_POST['guser'])){
- $this->GroupUserRegex = $_POST['guser'];
- }
- }
-
/* Get global filter config */
$this->reload();
}
}
+ if($this->SubSearch){
+ $smarty->assign("SubSearchCHK"," checked ");
+ }else{
+ $smarty->assign("SubSearchCHK","");
+ }
+
$smarty->assign("regex",$this->GroupRegex);
$smarty->assign("guser",$this->GroupUserRegex);
$smarty->assign("groups", $glist);
}
/* Fill calendar */
- $date= getdate($this->shadowExpire);
+
+ /* If this $this->shadowExpire is empty
+ use current date as base for calculating selectbox values.
+ (This attribute is empty if this is a new user )*/
+ if(empty($this->shadowExpire)){
+ $date= getdate(time());
+ }else{
+ $date= getdate($this->shadowExpire);
+ }
$days= array();
for($d= 1; $d<32; $d++){
} else {
$smarty->assign("groups", "");
}
- $smarty->assign("printerList", $this->printerList);
- $smarty->assign("languages", $this->config->data['MAIN']['LANGUAGES']);
/* Avoid "Undefined index: forceMode" */
$smarty->assign("forceMode", "");
}
/* Optionally execute a command after we're done */
- $this->handle_post_events("remove");
+ $this->handle_post_events("remove", array("uid" => $this->uid));
}
$this->is_modified= TRUE;
}
$this->primaryGroup= $_POST['primaryGroup'];
+ if ($this->primaryGroup != 0){
+ $this->gidNumber= $this->primaryGroup;
+ }
}
/* Save pwmode dependent attributes, curently hardcoded because there're
}
/* Trust mode - special handling */
- if (isset($_POST['trustmode'])){
+ if (isset($_POST['trustmode']) && chkacl($this->acl,"allowedHosts") == ""){
$saved= $this->trustModel;
if ($_POST['trustmode'] == "1"){
$this->trustModel= "fullaccess";
}
}
}
+
+ /* Get regex from alphabet */
+ if(isset($_GET['search'])){
+ $this->GroupRegex = $_GET['search']."*";
+ }
+
+ /* Check checkboxes and regexes */
+ if(isset($_POST["PosixGroupDialogPosted"])){
+ if(isset($_POST['SubSearch']) && ($_POST['SubSearch'])){
+ $this->SubSearch = true;
+ }else{
+ $this->SubSearch = false;
+ }
+
+ if(isset($_POST['guser'])){
+ $this->GroupUserRegex = $_POST['guser'];
+ }
+ if(isset($_POST['regex'])){
+ $this->GroupRegex = $_POST['regex'];
+ }
+ }
+ $this->GroupRegex = preg_replace("/\*\**/","*",$this->GroupRegex);
+ $this->GroupUserRegex = preg_replace("/\*\**/","*",$this->GroupUserRegex);
}
}
add_lock ("uidnumber", "gosa");
- $this->uidNumber= $this->get_next_id("uidNumber");
+ $this->uidNumber= $this->get_next_id("uidNumber", $this->dn);
if ($this->savedGidNumber != ""){
$this->gidNumber= $this->savedGidNumber;
} else {
- $this->gidNumber= $this->get_next_id("gidNumber");
+ $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
}
}
/* Fill gecos */
if (isset($this->parent) && $this->parent != NULL){
$this->gecos= rewrite($this->parent->by_object['user']->cn);
- if (!preg_match('/[a-z0-9 -]/i', $this->gecos)){
+ if (!preg_match('/^[a-z0-9 -]+$/i', $this->gecos)){
$this->gecos= "";
}
}
del_lock ("uidnumber");
- /* Posix accounts have group interrelationship, take care about these here. */
- if ($this->force_ids == 0 && $this->primaryGroup == 0){
+ /* Posix accounts have group interrelationship,
+ take care about these here if this is a new user without forced gidNumber. */
+ if ($this->force_ids == 0 && $this->primaryGroup == 0 && !$this->initially_was_account){
$ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
/* Create group if it doesn't exist */
if ($ldap->count() == 0){
$groupdn= preg_replace ('/^'.$this->config->current['DNMODE'].'=[^,]+,'.get_people_ou().'/i', 'cn='.$this->uid.','.get_groups_ou(), $this->dn);
-
$g= new group($this->config, $groupdn);
$g->cn= $this->uid;
$g->force_gid= 1;
/* Take care about groupMembership values: add to groups */
foreach ($this->groupMembership as $key => $value){
- $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key);
- $g->by_object['group']->addUser($this->uid);
- $g->save();
+ if (!isset($this->savedGroupMembership[$key])){
+ $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key, false);
+ $g->by_object['group']->addUser($this->uid);
+ $g->save();
+ }
}
/* Remove from groups not listed in groupMembership */
/* Optionally execute a command after we're done */
if ($this->initially_was_account == $this->is_account){
if ($this->is_modified){
- $this->handle_post_events("mofify");
+ $this->handle_post_events("modify",array("uid" => $this->uid));
}
} else {
- $this->handle_post_events("add");
+ $this->handle_post_events("add",array("uid" , $this->uid));
}
}
/* Include global link_info */
$ldap= $this->config->get_ldap_link();
+ /* Append groups as memberGroup: to check hook
+ */
+ $tmp_attributes = $this->attributes;
+ $this->attributes[] = "memberGroup";
+ $this->memberGroup = array();
+ foreach($this->groupMembership as $dn => $name){
+ $this->memberGroup[] = $name;
+ }
+
/* Call common method to give check the hook */
$message= plugin::check();
+ $this->attributes = $tmp_attributes;
/* must: homeDirectory */
if ($this->homeDirectory == ""){
$this->primaryGroup= $this->gidNumber;
}
- $ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaUserTemplate)(uid=".$template."))", array("cn","accessTo"));
- while($attr = $ldap->fetch()){
- $tmp = $attr['accessTo'];
- unset ($tmp['count']);
- $this->accessTo = $tmp;
- }
-
- /* Adjust shadow checkboxes */
- foreach (array("shadowMin", "shadowMax", "shadowWarning", "shadowInactive",
- "shadowExpire") as $val){
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaUserTemplate)(uid=".$template.")(accessTo=*))", array("cn","accessTo"));
+
+ while($attr = $ldap->fetch()){
+ $tmp = $attr['accessTo'];
+ unset ($tmp['count']);
+ $this->accessTo = $tmp;
+ }
+ /* Adjust shadow checkboxes */
+ foreach (array("shadowMin", "shadowMax", "shadowWarning", "shadowInactive") as $val){
if ($this->$val != 0){
$oval= "use_".$val;
$this->$oval= "1";
}
}
+
+ /*
+ * If shadowExpire is not enabled in the template, it's a UNIX timestamp - so don't convert it to seconds.
+ * The check is a hack - if difference between timestamp generated above and here is max 1 day.
+ */
+ if(abs($this->shadowExpire - time())>86400) {
+ $this->shadowExpire= $this->convertToSeconds($this->shadowExpire);
+ }
+
+ /* Only enable checkbox, if shadowExpire is in the future */
+ if($this->shadowExpire > time()) {
+ $this->use_shadowExpire= "1";
+ }
}
- function get_next_id($attrib)
+ function get_next_id($attrib, $dn)
{
$ids= array();
$ldap= $this->config->get_ldap_link();
$ids[]= (int)$attrs["$attrib"][0];
}
+ /* Add the nobody id */
+ $ids[]= 65534;
+
/* Find out next free id near to UID_BASE */
- for ($id= $this->config->current['UIDBASE']; $id++; $id<65000){
+ if (!isset($this->config->current['BASE_HOOK'])){
+ $base= $this->config->current['UIDBASE'];
+ } else {
+ /* Call base hook */
+ $base= get_base_from_hook($dn, $attrib);
+ }
+ for ($id= $base; $id++; $id < pow(2,32)){
if (!in_array($id, $ids)){
return ($id);
}
}
- /* Should not happen */
- if ($id == 65000){
- print_red(_("Too many users, can't allocate a free ID!"));
+ /* Check if current id reaches the maximum of 32 bit */
+ if ($id >= pow(2,32)){
+ echo _("Too many users, can't allocate a free ID!");
exit;
}
-
}
function reload()
{
-
/* Set base for all searches */
$base = $_SESSION['CurrentMainBase'];
- $base = get_groups_ou().$base;
$ldap = $this->config->get_ldap_link();
$attrs = array("cn", "description", "gidNumber");
+ $Flags = GL_SIZELIMIT;
/* Get groups */
if ($this->GroupUserRegex == '*'){
- $filter = "(objectClass=posixGroup)";
+ $filter = "(&(objectClass=posixGroup)(cn=".$this->GroupRegex."))";
} else {
$filter= "(&(objectClass=posixGroup)(cn=".$this->GroupRegex.")(memberUid=".$this->GroupUserRegex."))";
}
- $res= get_list($filter, $this->ui->subtreeACL, $base,$attrs, GL_SIZELIMIT);
+ if($this->SubSearch){
+ $Flags |= GL_SUBSEARCH;
+ }else{
+ $base = get_groups_ou().$base;
+ }
+
+
+ $res= get_list($filter, $this->ui->subtreeACL, $base,$attrs, $Flags);
/* check sizelimit */
if (preg_match("/size limit/i", $ldap->error)){
reset ($this->grouplist);
}
+
+ /* Get posts from copy & paste dialog */
+ function saveCopyDialog()
+ {
+ if(isset($_POST['homeDirectory'])){
+ $this->homeDirectory = $_POST['homeDirectory'];
+ if (isset ($_POST['force_ids'])){
+ $data= 1;
+ $this->gidNumber = $_POST['gidNumber'];
+ $this->uidNumber = $_POST['uidNumber'];
+ } else {
+ $data= 0;
+ }
+ if ($this->force_ids != $data){
+ $this->is_modified= TRUE;
+ }
+ $this->force_ids= $data;
+ }
+ }
+
/* Create the posix dialog part for copy & paste */
function getCopyDialog()
{
- /* Skip dialog creation if this is not a valid account*/
+ /* Skip dialog creation if this is not a valid account */
if(!$this->is_account) return("");
if ($this->force_ids == 1){
$force_ids = "checked";
return($ret);
}
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+
+ /* Avoid using the same gid/uid number as source user */
+ $this->savedUidNumber = $this->get_next_id("uidNumber", $this->dn);
+ $this->savedGidNumber = $this->get_next_id("gidNumber", $this->dn);
+ }
+
+ function convertToSeconds($val)
+ {
+ if ($val != 0){
+ $val*= 60 * 60 * 24;
+ } else {
+ $date= getdate();
+ $val= floor($date[0] / (60*60*24)) * 60 * 60 * 24;
+ }
+ return($val);
+ }
+
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: