![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/personal/posix/class_posixAccount.inc b/plugins/personal/posix/class_posixAccount.inc
index f6616018b166e8a0a47c114025dcd24cc7c69019..a67d03b95f1afda74da42c4534294c8c1963d733 100644 (file)
var $accessTo= array();
var $trustModel= "";
+ var $glist=array();
var $status= "";
var $loginShellList= array();
var $groupMembership= array();
var $use_shadowWarning= "0";
var $use_shadowInactive= "0";
var $use_shadowExpire= "0";
- var $must_change_password= "0";
+ var $mustchangepassword= "0";
var $force_ids= 0;
var $printerList= array();
var $group_dialog= FALSE;
var $primaryGroup= 0;
var $was_trust_account= FALSE;
+ var $grouplist = array();
+ var $ui = array();
+
+ var $GroupRegex = "*";
+ var $GroupUserRegex = "*";
+ var $SubSearch = false;
/* attribute list for save action */
- var $attributes= array("homeDirectory", "loginShell", "uidNumber", "gidNumber", "gecos",
+ var $CopyPasteVars = array("grouplist","groupMembership","use_shadowMin","use_shadowMax",
+ "use_shadowWarning","use_shadowInactive","use_shadowExpire","mustchangepassword",
+ "force_ids","printerList","grouplist","savedGidNumber","savedUidNumber","savedGroupMembership");
+
+ var $attributes = array("homeDirectory", "loginShell", "uidNumber", "gidNumber", "gecos",
"shadowMin", "shadowMax", "shadowWarning", "shadowInactive", "shadowLastChange",
- "shadowExpire", "gosaDefaultPrinter", "gosaDefaultLanguage", "uid");
+ "shadowExpire", "gosaDefaultPrinter", "gosaDefaultLanguage", "uid","accessTo","trustModel");
+
var $objectclasses= array("posixAccount", "shadowAccount");
$this->was_trust_account= FALSE;
$this->trustModel= "";
}
+
+ $this->accessTo = array();
if ($this->is_account && isset($this->attrs['accessTo'])){
for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
$tmp= $this->attrs['accessTo'][$i];
/* Generate status text */
$current= date("U");
+
+ $current= floor($current / 60 /60 / 24);
+
if (($current >= $this->shadowExpire) && $this->shadowExpire){
- $this->status= "expired";
- if (($this->shadowExpire - $current) < $this->shadowInactive){
- $this->status.= ", grace time active";
+ $this->status= _("expired");
+ if (($current - $this->shadowExpire) < $this->shadowInactive){
+ $this->status.= ", "._("grace time active");
}
} elseif (($this->shadowLastChange + $this->shadowMin) >= $current){
- $this->status= "active, password not changable";
+ $this->status= _("active, password not changable");
} elseif (($this->shadowLastChange + $this->shadowMax) >= $current){
- $this->status= "active, password expired";
+ $this->status= _("active, password expired");
} else {
- $this->status= "active";
+ $this->status= _("active");
}
/* Get group membership */
}
/* Generate group list */
+ $this->ui = get_userinfo();
+ $this->secondaryGroups[]= "- "._("automatic")." -";
$ldap->cd($this->config->current['BASE']);
$ldap->search("(objectClass=posixGroup)", array("cn", "gidNumber"));
- $this->secondaryGroups[]= "- "._("automatic")." -";
- while ($attrs= $ldap->fetch()){
+ while($attrs = $ldap->fetch()){
$this->secondaryGroups[$attrs['gidNumber'][0]]= $attrs['cn'][0];
}
asort ($this->secondaryGroups);
"regex" => "*");
register_global("sysfilter", $sysfilter);
}
+ $this->ui = get_userinfo();
}
/* execute generates the html output for this node */
- function execute()
+ function execute($isCopyPaste = false)
{
- /* Do we need to flip is_account state? */
- if (isset($_POST['modify_state'])){
- $this->is_account= !$this->is_account;
- }
+ echo "Fix get_list for group add";
- /* Do we represent a valid posixAccount? */
- if (!$this->is_account && $this->parent == NULL ){
- $display= "<img src=\"images/stop.png\" align=center> <b>".
- _("This account has no unix extensions.")."</b>";
- $display.= back_to_main();
- return ($display);
+ /* Call parent execute */
+ plugin::execute();
+ $display= "";
+
+ /* Department has changed? */
+ if(isset($_POST['depselect'])){
+ $_SESSION['CurrentMainBase']= validate($_POST['depselect']);
}
- $display= "";
+ if(!$isCopyPaste){
- /* Show tab dialog headers */
- if ($this->parent != NULL){
- if ($this->is_account){
- if (isset($this->parent->by_object['sambaAccount'])){
- $obj= $this->parent->by_object['sambaAccount'];
+ /* Do we need to flip is_account state? */
+ if(isset($_POST['modify_state'])){
+ if($this->is_account && $this->acl_is_removeable()){
+ $this->is_account= FALSE;
+ }elseif(!$this->is_account && $this->acl_is_createable()){
+ $this->is_account= TRUE;
}
- if (isset($obj) && $obj->is_account == TRUE &&
- isset($this->parent->by_object['sambaAccount'])){
-
- /* Samba3 dependency on posix accounts are enabled
- in the moment, because I need to rely on unique
- uidNumbers. There'll be a better solution later
- on. */
- $display= $this->show_header(_("Remove posix account"),
- _("This account has unix features enabled. To disable them, you'll need to remove the samba account first."), TRUE);
+ }
+
+ /* Do we represent a valid posixAccount? */
+ if (!$this->is_account && $this->parent == NULL ){
+ $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
+ _("This account has no unix extensions.")."</b>";
+ $display.= back_to_main();
+ return ($display);
+ }
+
+
+ /* Show tab dialog headers */
+ if ($this->parent != NULL){
+ if ($this->is_account){
+ if (isset($this->parent->by_object['sambaAccount'])){
+ $obj= $this->parent->by_object['sambaAccount'];
+ }
+ if (isset($obj) && $obj->is_account == TRUE &&
+ ((isset($this->parent->by_object['sambaAccount']))&&($this->parent->by_object['sambaAccount']->is_account))
+ ||(isset($this->parent->by_object['environment'] ))&&($this->parent->by_object['environment'] ->is_account)){
+
+ /* Samba3 dependency on posix accounts are enabled
+ in the moment, because I need to rely on unique
+ uidNumbers. There'll be a better solution later
+ on. */
+ $display= $this->show_disable_header(_("Remove posix account"),
+ _("This account has unix features enabled. To disable them, you'll need to remove the samba / environment account first."), TRUE);
+ } else {
+ $display= $this->show_disable_header(_("Remove posix account"),
+ _("This account has posix features enabled. You can disable them by clicking below."));
+ }
} else {
- $display= $this->show_header(_("Remove posix account"),
- _("This account has posix features enabled. You can disable them by clicking below."));
+ $display= $this->show_enable_header(_("Create posix account"),
+ _("This account has posix features disabled. You can enable them by clicking below."));
+ return($display);
}
- } else {
- $display= $this->show_header(_("Create posix account"),
- _("This account has posix features disabled. You can enable them by clicking below."));
- return($display);
}
}
-
/* Trigger group edit? */
if (isset($_POST['edit_groupmembership'])){
$this->group_dialog= TRUE;
if (isset($_POST['add_groups_finish']) && isset($_POST['groups']) &&
count($_POST['groups'])){
- if (chkacl ($this->acl, "memberUid") == ""){
- $this->addGroup ($_POST['groups']);
- $this->is_modified= TRUE;
- }
+ echo "FIXME, 302, put the acl check into addGroup function ";
+ #if (chk acl ($this->acl, "memberUid") == ""){
+ # $this->addGroup ($_POST['groups']);
+ # $this->is_modified= TRUE;
+ #}
}
/* Delete selected groups */
if (isset($_POST['delete_groupmembership']) &&
isset($_POST['group_list']) && count($_POST['group_list'])){
- if (chkacl ($this->acl, "memberUid") == ""){
- $this->delGroup ($_POST['group_list']);
- $this->is_modified= TRUE;
- }
+ echo "FIXME, 302, put the acl check into addGroup function ";
+ #if (chk acl ($this->acl, "memberUid") == ""){
+ # $this->delGroup ($_POST['group_list']);
+ # $this->is_modified= TRUE;
+ #}
}
/* Add user workstation? */
$acl= array($this->config->current['BASE'] => ":all");
$regex= $sysfilter['regex'];
$filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))";
- $res= get_list($acl, "$filter", TRUE, $sysfilter['depselect'], array("cn"), TRUE);
+ $res= get_list($filter, $acl, $sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT);
$wslist= array();
foreach ($res as $attrs){
$wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
}
$smarty->assign("hint", print_sizelimit_warning());
$smarty->assign("wslist", $wslist);
+ $smarty->assign("apply", apply_filter());
$display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__)));
return ($display);
}
/* Manage group add dialog */
if ($this->group_dialog){
- $gd= new groupManagement($this->config, get_userinfo());
- /* Save data */
- $groupfilter= get_global("groupfilter");
- foreach( array("depselect", "guser", "regex") as $type){
- if (isset($_POST[$type])){
- $groupfilter[$type]= $_POST[$type];
- }
- }
- if (isset($_POST['depselect'])){
- foreach( array("primarygroups", "sambagroups", "mailgroups", "appgroups",
- "functionalgroups") as $type){
-
- if (isset($_POST[$type])) {
- $groupfilter[$type]= "checked";
- } else {
- $groupfilter[$type]= "";
- }
- }
- }
- if (isset($_GET['search'])){
- $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
- if ($s == "**"){
- $s= "*";
- }
- $groupfilter['regex']= $s;
- }
- register_global("groupfilter", $groupfilter);
+ /* Get global filter config */
+ $this->reload();
- /* Calculate actual groups */
- $gd->reload();
+ /* remove already assigned groups */
$glist= array();
- foreach ($gd->grouplist as $key => $value){
- if (!isset($this->groupMembership[$key])){
+ foreach ($this->grouplist as $key => $value){
+ if (!isset($this->groupMembership[$key]) && obj_is_writable($key,"group","memberUid",$SkipWrite)){
$glist[$key]= $value;
}
}
- /* Show dialog */
+ if($this->SubSearch){
+ $smarty->assign("SubSearchCHK"," checked ");
+ }else{
+ $smarty->assign("SubSearchCHK","");
+ }
+
+ $smarty->assign("regex",$this->GroupRegex);
+ $smarty->assign("guser",$this->GroupUserRegex);
$smarty->assign("groups", $glist);
$smarty->assign("search_image", get_template_path('images/search.png'));
$smarty->assign("launchimage", get_template_path('images/small_filter.png'));
$smarty->assign("tree_image", get_template_path('images/tree.png'));
$smarty->assign("deplist", $this->config->idepartments);
$smarty->assign("alphabet", generate_alphabet());
- foreach( array("depselect", "guser", "regex", "primarygroups", "mailgroups",
- "appgroups", "sambagroups", "functionalgroups") as $type){
- $smarty->assign("$type", $groupfilter[$type]);
- }
+ $smarty->assign("depselect",$_SESSION['CurrentMainBase']);
$smarty->assign("hint", print_sizelimit_warning());
+ $smarty->assign("apply", apply_filter());
$display.= $smarty->fetch (get_template_path('posix_groups.tpl', TRUE, dirname(__FILE__)));
return ($display);
}
/* Show main page */
$smarty= get_smarty();
+ /* In 'MyAccount' mode, we must remove write acls if we are not in editing mode. */
+ $SkipWrite = (!isset($this->parent) || !$this->parent) && !isset($_SESSION['edit']);
+
/* Depending on pwmode, currently hardcoded because there are no other methods */
if ( 1 == 1 ){
$smarty->assign("pwmode", dirname(__FILE__)."/posix_shadow");
- $shadowMinACL= chkacl($this->acl, "shadowMin");
- $smarty->assign("shadowmins", sprintf(_("Password can't be changed up to %s days after last change"), "<input name=\"shadowMin\" size=3 maxlength=4 $shadowMinACL value=\"".$this->shadowMin."\">"));
- $shadowMaxACL= chkacl($this->acl, "shadowMax");
- $smarty->assign("shadowmaxs", sprintf(_("Password must be changed after %s days"), "<input name=\"shadowMax\" size=3 maxlength=4 $shadowMaxACL value=\"".$this->shadowMax."\">"));
- $shadowInactiveACL= chkacl($this->acl, "shadowInactive");
- $smarty->assign("shadowinactives", sprintf(_("Disable account after %s days of inactivity after password expiery"), "<input name=\"shadowInactive\" size=3 maxlength=4 $shadowInactiveACL value=\"".$this->shadowInactive."\">"));
- $shadowWarningACL= chkacl($this->acl, "shadowWarning");
- $smarty->assign("shadowwarnings", sprintf(_("Warn user %s days before password expiery"), "<input name=\"shadowWarning\" size=3 maxlength=4 $shadowWarningACL value=\"".$this->shadowWarning."\">"));
- foreach( array("must_change_password", "use_shadowMin", "use_shadowMax",
- "use_shadowExpire", "use_shadowInactive",
- "use_shadowWarning") as $val){
+
+ $shadowMinACL = $this->getacl("shadowMin",$SkipWrite);
+ $smarty->assign("shadowmins", sprintf(_("Password can't be changed up to %s days after last change"),
+ "<input name=\"shadowMin\" size=3 maxlength=4 $shadowMinACL value=\"".$this->shadowMin."\">"));
+
+ $shadowMaxACL = $this->getacl("shadowMax",$SkipWrite);
+ $smarty->assign("shadowmaxs", sprintf(_("Password must be changed after %s days"),
+ "<input name=\"shadowMax\" size=3 maxlength=4 $shadowMaxACL value=\"".$this->shadowMax."\">"));
+
+ $shadowInactiveACL= $this->getacl("shadowInactive",$SkipWrite);
+ $smarty->assign("shadowinactives", sprintf(_("Disable account after %s days of inactivity after password expiery"),
+ "<input name=\"shadowInactive\" size=3 maxlength=4 $shadowInactiveACL value=\"".$this->shadowInactive."\">"));
+
+ $shadowWarningACL = $this->getacl("shadowWarning",$SkipWrite);
+ $smarty->assign("shadowwarnings", sprintf(_("Warn user %s days before password expiery"),
+ "<input name=\"shadowWarning\" size=3 maxlength=4 $shadowWarningACL value=\"".$this->shadowWarning."\">"));
+
+ foreach( array("use_shadowMin", "use_shadowMax",
+ "use_shadowExpire", "use_shadowInactive","use_shadowWarning") as $val){
if ($this->$val == 1){
$smarty->assign("$val", "checked");
- $smarty->assign("$val"."ACL", chkacl($this->acl, $val));
+ } else {
+ $smarty->assign("$val", "");
}
+ $smarty->assign("$val"."ACL", $this->getacl($val,$SkipWrite));
}
+
+ if($this->mustchangepassword){
+ $smarty->assign("mustchangepassword", "checked");
+ } else {
+ $smarty->assign("mustchangepassword", "");
+ }
+ $smarty->assign("mustchangepasswordACL", $this->getacl("mustchangepassword",$SkipWrite));
}
/* Fill calendar */
$smarty->assign("shells", $this->loginShellList);
$smarty->assign("secondaryGroups", $this->secondaryGroups);
$smarty->assign("primaryGroup", $this->primaryGroup);
- $smarty->assign("groupMembership", $this->groupMembership);
+ if (!count($this->groupMembership)){
+ $smarty->assign("groupMembership", array(" "));
+ } else {
+ $smarty->assign("groupMembership", $this->groupMembership);
+ }
if (count($this->groupMembership) > 16){
$smarty->assign("groups", "too_many_for_nfs");
+ } else {
+ $smarty->assign("groups", "");
}
$smarty->assign("printerList", $this->printerList);
$smarty->assign("languages", $this->config->data['MAIN']['LANGUAGES']);
+ /* Avoid "Undefined index: forceMode" */
+ $smarty->assign("forceMode", "");
+
/* Checkboxes */
if ($this->force_ids == 1){
$smarty->assign("force_ids", "checked");
+ if ($_SESSION['js']){
+ $smarty->assign("forceMode", "");
+ }
} else {
- if ($_SESSION["js"]){
- $smarty->assign("forceMode", "disabled");
+ if ($_SESSION['js']){
+ if($this->acl != "#none#")
+ $smarty->assign("forceMode", "disabled");
}
+ $smarty->assign("force_ids", "");
}
- $smarty->assign("force_idsACL", chkacl($this->acl, "force_ids"));
+
+
+
+ $smarty->assign("force_idsACL", $this->getacl("uidNumber",$SkipWrite).$this->getacl("gidNumber",$SkipWrite));
/* Load attributes and acl's */
foreach($this->attributes as $val){
+ if(($_SESSION["js"])&&(($val=="uidNumber")||($val=="gidNumber")))
+ {
+ $smarty->assign("$val"."ACL",$this->getacl($val,$SkipWrite));
+ $smarty->assign("$val", $this->$val);
+ continue;
+ }
$smarty->assign("$val", $this->$val);
- $smarty->assign("$val"."ACL", chkacl($this->acl,$val));
+ $smarty->assign("$val"."ACL", $this->getacl($val,$SkipWrite));
}
- $smarty->assign("groupMembershipACL", chkacl($this->acl, "groupMembership"));
- $smarty->assign("must_change_password", chkacl($this->acl, "must_change_password"));
+ if($SkipWrite){
+ $smarty->assign("groupMembershipACL","r");
+ }else{
+ $smarty->assign("groupMembershipACL","rw");
+ }
+ $smarty->assign("status", $this->status);
/* Work on trust modes */
- $smarty->assign("trustmodeACL", chkacl($this->acl, "trustmode"));
+ $smarty->assign("trustmodeACL", $this->getacl("trustModel",$SkipWrite));
if ($this->trustModel == "fullaccess"){
$trustmode= 1;
- $smarty->assign("trusthide", "disabled");
+ // pervent double disable tag in html code, this will disturb our clean w3c html
+ $smarty->assign("trustmode", $this->getacl("trustModel",$SkipWrite));
+
} elseif ($this->trustModel == "byhost"){
$trustmode= 2;
$smarty->assign("trusthide", "");
} else {
- $smarty->assign("trusthide", "disabled");
+ // pervent double disable tag in html code, this will disturb our clean w3c html
+ $smarty->assign("trustmode", $this->getacl("trustModel",$SkipWrite));
$trustmode= 0;
}
$smarty->assign("trustmode", $trustmode);
$smarty->assign("trustmodes", array( 0 => _("disabled"), 1 => _("full access"),
2 => _("allow access to these hosts")));
+
+
+
+ if((count($this->accessTo))==0)
+ $smarty->assign("emptyArrAccess",true);
+ else
+ $smarty->assign("emptyArrAccess",false);
+
+
+
$smarty->assign("workstations", $this->accessTo);
+ $smarty->assign("apply", apply_filter());
$display.= $smarty->fetch (get_template_path('generic.tpl', TRUE, dirname(__FILE__)));
return($display);
}
function remove_from_parent()
{
/* Cancel if there's nothing to do here */
- if (!$this->initially_was_account){
+ if ((!$this->initially_was_account) || (!$this->acl_is_removeable())){
return;
}
-
+
/* include global link_info */
$ldap= $this->config->get_ldap_link();
/* Keep uid, because we need it for authentification! */
unset($this->attrs['uid']);
+ unset($this->attrs['trustModel']);
@DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
$this->attributes, "Save");
$ldap->cd($this->dn);
- $ldap->modify($this->attrs);
- show_ldap_error($ldap->get_error());
+ $this->cleanup();
+ $ldap->modify ($this->attrs);
+
+ show_ldap_error($ldap->get_error(), sprintf(_("Removing of user/posix account with dn '%s' failed."),$this->dn));
/* Delete group only if cn is uid and there are no other
members inside */
function save_object()
{
- if (isset($_POST['posixTab'])){
+ if ((isset($_POST['posixTab'])) && (isset($_SESSION['edit']))){
/* Save values to object */
plugin::save_object();
- /* Save force GID attribute */
- if (chkacl ($this->acl, "force_ids") == ""){
+
+ /* Save force GID checkbox */
+ if($this->acl_is_writeable("gidNumber") || $this->acl_is_writeable("uidNumber")){
if (isset ($_POST['force_ids'])){
$data= 1;
} else {
$this->is_modified= TRUE;
}
$this->force_ids= $data;
+ }
+ /*Save primary group settings */
+ if($this->acl_is_writeable("primaryGroup") && isset($_POST['primaryGroup'])){
$data= $_POST['primaryGroup'];
if ($this->primaryGroup != $data){
$this->is_modified= TRUE;
$this->primaryGroup= $_POST['primaryGroup'];
}
- /* Save pwmode dependent attributes, curently hardcoded because there're
- no alternatives */
- if (1 == 1){
- foreach( array("must_change_password", "use_shadowMin", "use_shadowMax",
- "use_shadowExpire", "use_shadowInactive",
- "use_shadowWarning") as $val){
- if (chkacl($this->acl, "$val") == ""){
- if (isset ($_POST[$val])){
- $data= 1;
- } else {
- $data= 0;
- }
- if ($data != $this->$val){
- $this->is_modified= TRUE;
- }
- $this->$val= $data;
+ foreach(array("shadowMin","shadowMax","shadowExpire","shadowInactive","shadowWarning","mustchangepassword") as $var) {
+ if($this->acl_is_writeable($var)){
+ $use_var = "use_".$var;
+ if(isset($_POST['use_'.$var])){
+ $this->$use_var = true;
+ $this->$var = $_POST[$var];
+ }else{
+ $this->$use_var = false;
+ $this->$var = 0;
}
}
}
/* Trust mode - special handling */
- if (isset($_POST['trustmode'])){
- $saved= $this->trustModel;
- if ($_POST['trustmode'] == "1"){
- $this->trustModel= "fullaccess";
- } elseif ($_POST['trustmode'] == "2"){
- $this->trustModel= "byhost";
- } else {
- $this->trustModel= "";
- }
- if ($this->trustModel != $saved){
- $this->is_modified= TRUE;
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
}
}
}
+
+ /* Get regex from alphabet */
+ if(isset($_GET['search'])){
+ $this->GroupRegex = $_GET['search']."*";
+ }
+
+ /* Check checkboxes and regexes */
+ if(isset($_POST["PosixGroupDialogPosted"])){
+
+ if(isset($_POST['SubSearch']) && ($_POST['SubSearch'])){
+ $this->SubSearch = true;
+ }else{
+ $this->SubSearch = false;
+ }
+ if(isset($_POST['guser'])){
+ $this->GroupUserRegex = $_POST['guser'];
+ }
+ if(isset($_POST['regex'])){
+ $this->GroupRegex = $_POST['regex'];
+ }
+ }
+ $this->GroupRegex = preg_replace("/\*\**/","*",$this->GroupRegex);
+ $this->GroupUserRegex = preg_replace("/\*\**/","*",$this->GroupUserRegex);
}
/* Save data to LDAP, depending on is_account we save or delete */
function save()
{
+
/* include global link_info */
$ldap= $this->config->get_ldap_link();
$this->shadowExpire= "0";
} else {
/* Transform seconds to days here */
- $this->shadowExpire= (int)($this->shadowExpire / (60 * 60 * 24)) + 1;
+ $this->shadowExpire= (int)($this->shadowExpire / (60 * 60 * 24)) ;
}
if (!$this->use_shadowMax){
$this->shadowMax= "0";
}
- if ($this->must_change_password){
+ if ($this->mustchangepassword){
$this->shadowLastChange= (int)(date("U") / 86400) - $this->shadowMax - 1;
} else {
$this->shadowLastChange= (int)(date("U") / 86400);
$this->shadowMin = "";
}
- if (($this->use_shadowMax != "1") && ($this->must_change_password != "1")) {
+ if (($this->use_shadowMax != "1") && ($this->mustchangepassword != "1")) {
$this->shadowMax = "";
}
$this->shadowExpire = "";
}
- /* Call parents save to prepare $this->attrs */
- plugin::save();
-
/* Fill gecos */
if (isset($this->parent) && $this->parent != NULL){
- $this->gecos= $this->parent->by_object['user']->cn;
+ $this->gecos= rewrite($this->parent->by_object['user']->cn);
+ if (!preg_match('/[a-z0-9 -]/i', $this->gecos)){
+ $this->gecos= "";
+ }
}
+ foreach(array("shadowMin","shadowMax","shadowWarning","shadowInactive","shadowExpire") as $attr){
+ $this->$attr = (int) $this->$attr;
+ }
+ /* Call parents save to prepare $this->attrs */
+ plugin::save();
+
/* Trust accounts */
$objectclasses= array();
foreach ($this->attrs['objectClass'] as $key => $class){
}
}
+ if(empty($this->attrs['gosaDefaultPrinter'])){
+ $thid->attrs['gosaDefaultPrinter']=array();
+ }
+
+
/* Save data to LDAP */
$ldap->cd($this->dn);
- $ldap->modify($this->attrs);
- show_ldap_error($ldap->get_error());
+ $this->cleanup();
+ unset($this->attrs['uid']);
+ $ldap->modify ($this->attrs);
+
+ show_ldap_error($ldap->get_error(), sprintf(_("Saving of user/posix account with dn '%s' failed."),$this->dn));
/* Remove lock needed for unique id generation */
del_lock ("uidnumber");
$ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
/* Create group if it doesn't exist */
- if (!$ldap->count()){
+ if ($ldap->count() == 0){
$groupdn= preg_replace ('/^'.$this->config->current['DNMODE'].'=[^,]+,'.get_people_ou().'/i', 'cn='.$this->uid.','.get_groups_ou(), $this->dn);
$g= new group($this->config, $groupdn);
/* Take care about groupMembership values: add to groups */
foreach ($this->groupMembership as $key => $value){
- $g= new group($this->config, $key);
- $g->addUser ($this->uid);
+ $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key);
+ $g->by_object['group']->addUser($this->uid);
$g->save();
-
- /* May need to save the mail part, too */
- if ($g->has_mailAccount){
- $m= new mailgroup($this->config, $key);
- $m->save();
- }
}
/* Remove from groups not listed in groupMembership */
foreach ($this->savedGroupMembership as $key => $value){
- if (!array_key_exists ($key, $this->groupMembership)){
- $g= new group($this->config, $key);
- $g->removeUser ($this->uid);
+ if (!isset($this->groupMembership[$key])){
+ $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key);
+ $g->by_object['group']->removeUser ($this->uid);
$g->save();
-
- /* May need to save the mail part, too */
- if ($g->has_mailAccount){
- $m= new mailgroup($this->config, $key);
- $m->save();
- }
}
}
/* Include global link_info */
$ldap= $this->config->get_ldap_link();
- /* Reset message array */
- $message= array();
+ /* Call common method to give check the hook */
+ $message= plugin::check();
/* must: homeDirectory */
if ($this->homeDirectory == ""){
$message[]= _("Value specified as 'GID' is too small.");
}
}
-
}
/* Check shadow settings, well I like spaghetties... */
}
}
+ // if(empty($this->gosaDefaultPrinter)){
+ // $message[]= _("You need to specify a valid default printer.");
+ // }
+
return ($message);
}
-
- /* Add posix user to some groups */
function addGroup ($groups)
{
/* include global link_info */
/* Walk through groups and add the descriptive entry if not exists */
foreach ($groups as $value){
if (!array_key_exists($value, $this->groupMembership)){
- $ldap->cat($value);
+ $ldap->cat($value, array('cn', 'description', 'dn'));
$attrs= $ldap->fetch();
error_reporting (0);
if (!isset($attrs['description'][0])){
$entry= $attrs["cn"][0]." [$dsc]";
}
error_reporting (E_ALL);
- $this->groupMembership[$ldap->getDN()]= $entry;
+ $this->groupMembership[$attrs['dn']]= $entry;
}
}
if ($ldap->count() != 1){
$this->primaryGroup= $this->gidNumber;
}
+
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaUserTemplate)(uid=".$template."))", array("cn","accessTo"));
+ while($attr = $ldap->fetch()){
+ $tmp = $attr['accessTo'];
+ unset ($tmp['count']);
+ $this->accessTo = $tmp;
+ }
+
+ /* Adjust shadow checkboxes */
+ foreach (array("shadowMin", "shadowMax", "shadowWarning", "shadowInactive",
+ "shadowExpire") as $val){
+
+ if ($this->$val != 0){
+ $oval= "use_".$val;
+ $this->$oval= "1";
+ }
+ }
}
function get_next_id($attrib)
$ldap= $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
- $ldap->search ("($attrib=*)", array("$attrib"));
+ if (preg_match('/gidNumber/i', $attrib)){
+ $oc= "posixGroup";
+ } else {
+ $oc= "posixAccount";
+ }
+ $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
/* Get list of ids */
while ($attrs= $ldap->fetch()){
}
+ function reload()
+ {
+ /* Set base for all searches */
+ $base = $_SESSION['CurrentMainBase'];
+ $base = $base;
+ $ldap = $this->config->get_ldap_link();
+ $attrs = array("cn", "description", "gidNumber");
+ $Flags = GL_SIZELIMIT;
+
+ /* Get groups */
+ if ($this->GroupUserRegex == '*'){
+ $filter = "(&(objectClass=posixGroup)(cn=".$this->GroupRegex."))";
+ } else {
+ $filter= "(&(objectClass=posixGroup)(cn=".$this->GroupRegex.")(memberUid=".$this->GroupUserRegex."))";
+ }
+ if($this->SubSearch){
+ $Flags |= GL_SUBSEARCH;
+ }else{
+ $base = get_groups_ou().$base;
+ }
+
+
+ $res= get_list($filter, $this->ui->subtreeACL, $base,$attrs, $Flags);
+
+ /* check sizelimit */
+ if (preg_match("/size limit/i", $ldap->error)){
+ $_SESSION['limit_exceeded']= TRUE;
+ }
+
+ /* Create a list of users */
+ $this->grouplist = array();
+ foreach ($res as $value){
+ $this->grouplist[$value['gidNumber'][0]]= $value;
+ }
+
+ $tmp=array();
+ foreach($this->grouplist as $tkey => $val ){
+ $tmp[strtolower($val['cn'][0]).$val['cn'][0]]=$val;
+ }
+
+ /* Sort index */
+ ksort($tmp);
+
+ /* Recreate index array[dn]=cn[description]*/
+ $this->grouplist=array();
+ foreach($tmp as $val){
+ if(isset($val['description'])){
+ $this->grouplist[$val['dn']]=$val['cn'][0]." [".$val['description'][0]."]";
+ }else{
+ $this->grouplist[$val['dn']]=$val['cn'][0];
+ }
+ }
+ reset ($this->grouplist);
+ }
+
+
+ /* Create the posix dialog part for copy & paste */
+ function getCopyDialog()
+ {
+ /* Skip dialog creation if this is not a valid account*/
+ if(!$this->is_account) return("");
+ if ($this->force_ids == 1){
+ $force_ids = "checked";
+ if ($_SESSION['js']){
+ $forceMode = "";
+ }
+ } else {
+ if ($_SESSION['js']){
+ if($this->acl != "#none#")
+ $forceMode ="disabled";
+ }
+ $force_ids = "";
+ }
+
+ $sta = "";
+
+ /* Open group add dialog */
+ if(isset($_POST['edit_groupmembership'])){
+ $this->group_dialog = TRUE;
+ $sta = "SubDialog";
+ }
+
+ /* If the group-add dialog is closed, call execute
+ to ensure that the membership is updatd */
+ if(isset($_POST['add_groups_finish']) || isset($_POST['add_groups_cancel'])){
+ $this->execute();
+ $this->group_dialog =FALSE;
+ }
+
+ if($this->group_dialog){
+ $str = $this->execute(true);
+ $ret = array();
+ $ret['string'] = $str;
+ $ret['status'] = $sta;
+ return($ret);
+ }
+
+ /* If a group member should be deleted, simply call execute */
+ if(isset($_POST['delete_groupmembership'])){
+ $this->execute();
+ }
+
+ /* Assigned informations to smarty */
+ $smarty = get_smarty();
+ $smarty->assign("homeDirectory",$this->homeDirectory);
+ $smarty->assign("uidNumber",$this->uidNumber);
+ $smarty->assign("gidNumber",$this->gidNumber);
+ $smarty->assign("forceMode",$forceMode);
+ $smarty->assign("force_ids",$force_ids);
+ if (!count($this->groupMembership)){
+ $smarty->assign("groupMembership", array(" "));
+ } else {
+ $smarty->assign("groupMembership", $this->groupMembership);
+ }
+
+ /* Display wars message if there are more than 16 group members */
+ if (count($this->groupMembership) > 16){
+ $smarty->assign("groups", "too_many_for_nfs");
+ } else {
+ $smarty->assign("groups", "");
+ }
+ $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE,dirname(__FILE__)));
+
+ $ret = array();
+ $ret['string'] = $str;
+ $ret['status'] = $sta;
+ return($ret);
+ }
+
+
+ function plInfo()
+ {
+ return (array(
+ "plDescription" => _("POSIX account"),
+ "plSelfModify" => TRUE,
+ "plDepends" => array("user"),
+ "plPriority" => 1,
+ "plSection" => "personal",
+ "plCategory" => array("users"),
+ "plOptions" => array(),
+
+ "plProvidedAcls" => array(
+
+ "homeDirectory" => _("Home directory"),
+ "loginShell" => _("Shell"),
+ "uidNumber" => _("User ID"),
+ "gidNumber" => _("Group ID"),
+
+ "mustchangepassword"=> _("Force password change on login"),
+ "shadowMin" => _("Shadow min"),
+ "shadowMax" => _("Shadow max"),
+ "shadowWarning" => _("Shadow warning"),
+ "shadowInactive" => _("Shadow inactive"),
+ "shadowExpire" => _("Shadow expire"),
+ "trustModel" => _("System trust model")))
+ );
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: