![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/personal/posix/class_posixAccount.inc b/plugins/personal/posix/class_posixAccount.inc
index d163ee0fe17c8c732f7269f8d3c0372710bff6f2..cbdfbee15285bfb4b2897c3307cc917c4e482e0a 100644 (file)
var $shadowInactive= "0";
var $shadowExpire= "0";
var $gosaDefaultPrinter= "";
- var $gosaDefaultLanguage= "";
var $accessTo= array();
var $trustModel= "";
var $use_shadowWarning= "0";
var $use_shadowInactive= "0";
var $use_shadowExpire= "0";
- var $must_change_password= "0";
+ var $mustchangepassword= "0";
var $force_ids= 0;
- var $printerList= array();
var $group_dialog= FALSE;
var $show_ws_dialog= FALSE;
var $secondaryGroups= array();
var $primaryGroup= 0;
var $was_trust_account= FALSE;
+ var $memberGroup = array();
+ var $grouplist = array();
+ var $ui = array();
+ var $GroupRegex = "*";
+ var $GroupUserRegex = "*";
+ var $SubSearch = false;
+
+ var $view_logged = FALSE;
/* attribute list for save action */
- var $attributes= array("homeDirectory", "loginShell", "uidNumber", "gidNumber", "gecos",
+ var $CopyPasteVars =
+ array("grouplist","groupMembership","use_shadowMin",
+ "use_shadowMax","use_shadowWarning","use_shadowInactive","use_shadowExpire",
+ "must_change_password","printerList","grouplist","savedGidNumber","savedUidNumber");
+
+ var $attributes = array("homeDirectory", "loginShell", "uidNumber", "gidNumber", "gecos",
"shadowMin", "shadowMax", "shadowWarning", "shadowInactive", "shadowLastChange",
- "shadowExpire", "gosaDefaultPrinter", "gosaDefaultLanguage", "uid");
+ "shadowExpire", "gosaDefaultPrinter", "uid","accessTo","trustModel");
+
var $objectclasses= array("posixAccount", "shadowAccount");
+ var $uid= "";
/* constructor, if 'dn' is set, the node loads the given
'dn' from LDAP */
- function posixAccount ($config, $dn= NULL)
+ function posixAccount (&$config, $dn= NULL)
{
/* Configuration is fine, allways */
$this->config= $config;
/* Load bases attributes */
plugin::plugin($config, $dn);
+ /* Setting uid to default */
+ if(isset($this->attrs['uid'][0])){
+ $this->uid = $this->attrs['uid'][0];
+ }
+
$ldap= $this->config->get_ldap_link();
if ($dn != NULL){
$this->was_trust_account= FALSE;
$this->trustModel= "";
}
+
+ $this->accessTo = array();
if ($this->is_account && isset($this->attrs['accessTo'])){
for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
$tmp= $this->attrs['accessTo'][$i];
/* Generate status text */
$current= date("U");
+
+ $current= floor($current / 60 /60 / 24);
+
if (($current >= $this->shadowExpire) && $this->shadowExpire){
- $this->status= "expired";
- if (($this->shadowExpire - $current) < $this->shadowInactive){
- $this->status.= ", grace time active";
+ $this->status= _("expired");
+ if (($current - $this->shadowExpire) < $this->shadowInactive){
+ $this->status.= ", "._("grace time active");
}
} elseif (($this->shadowLastChange + $this->shadowMin) >= $current){
- $this->status= "active, password not changable";
+ $this->status= _("active, password not changable");
} elseif (($this->shadowLastChange + $this->shadowMax) >= $current){
- $this->status= "active, password expired";
+ $this->status= _("active, password expired");
} else {
- $this->status= "active";
+ $this->status= _("active");
}
/* Get group membership */
}
/* Convert to seconds */
- if ($this->shadowExpire != 0){
- $this->shadowExpire*= 60 * 60 * 24;
- } else {
- $date= getdate();
- $this->shadowExpire= floor($date[0] / (60*60*24)) * 60 * 60 * 24;
- }
+ $this->shadowExpire= $this->convertToSeconds($this->shadowExpire);
- /* Generate shell list from /etc/gosa/shells */
- if (file_exists('/etc/gosa/shells')){
- $shells = file ('/etc/gosa/shells');
+ /* Generate shell list from CONFIG_DIR./shells */
+ if (file_exists(CONFIG_DIR.'/shells')){
+ $shells = file (CONFIG_DIR.'/shells');
foreach ($shells as $line){
if (!preg_match ("/^#/", $line)){
$this->loginShellList[]= trim($line);
$this->loginShellList[]= $this->loginShell;
}
- /* Generate printer list */
- if (isset($this->config->data['SERVERS']['CUPS'])){
- $this->printerList= get_printer_list ($this->config->data['SERVERS']['CUPS']);
- asort($this->printerList);
- }
-
/* Generate group list */
+ $this->ui = get_userinfo();
+ $this->secondaryGroups[]= "- "._("automatic")." -";
$ldap->cd($this->config->current['BASE']);
$ldap->search("(objectClass=posixGroup)", array("cn", "gidNumber"));
- $this->secondaryGroups[]= "- "._("automatic")." -";
- while ($attrs= $ldap->fetch()){
+ while($attrs = $ldap->fetch()){
$this->secondaryGroups[$attrs['gidNumber'][0]]= $attrs['cn'][0];
}
asort ($this->secondaryGroups);
"regex" => "*");
register_global("sysfilter", $sysfilter);
}
+ $this->ui = get_userinfo();
}
/* execute generates the html output for this node */
- function execute()
+ function execute($isCopyPaste = false)
{
- /* Call parent execute */
- plugin::execute();
- /* Do we need to flip is_account state? */
- if (isset($_POST['modify_state'])){
- $this->is_account= !$this->is_account;
- }
-
- /* Do we represent a valid posixAccount? */
- if (!$this->is_account && $this->parent == NULL ){
- $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
- _("This account has no unix extensions.")."</b>";
- $display.= back_to_main();
- return ($display);
+ /* Call parent execute */
+ plugin::execute();
+ $display= "";
+
+ /* Log view */
+ if($this->is_account && !$this->view_logged){
+ $this->view_logged = TRUE;
+ new log("view","users/".get_class($this),$this->dn);
}
- $display= "";
+ /* Department has changed? */
+ if(isset($_POST['depselect'])){
+ $_SESSION['CurrentMainBase']= validate($_POST['depselect']);
+ }
- /* Show tab dialog headers */
- if ($this->parent != NULL){
- if ($this->is_account){
- if (isset($this->parent->by_object['sambaAccount'])){
- $obj= $this->parent->by_object['sambaAccount'];
+ if(!$isCopyPaste){
+
+ /* Do we need to flip is_account state? */
+ if(isset($_POST['modify_state'])){
+ if($this->is_account && $this->acl_is_removeable()){
+ $this->is_account= FALSE;
+ }elseif(!$this->is_account && $this->acl_is_createable()){
+ $this->is_account= TRUE;
}
- if (isset($obj) && $obj->is_account == TRUE &&
- ((isset($this->parent->by_object['sambaAccount']))&&($this->parent->by_object['sambaAccount']->is_account))
- ||(isset($this->parent->by_object['environment'] ))&&($this->parent->by_object['environment'] ->is_account)){
-
- /* Samba3 dependency on posix accounts are enabled
- in the moment, because I need to rely on unique
- uidNumbers. There'll be a better solution later
- on. */
- $display= $this->show_header(_("Remove posix account"),
- _("This account has unix features enabled. To disable them, you'll need to remove the samba / environment account first."), TRUE);
+ }
+
+ /* Do we represent a valid posixAccount? */
+ if (!$this->is_account && $this->parent == NULL ){
+ $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
+ _("This account has no unix extensions.")."</b>";
+ $display.= back_to_main();
+ return ($display);
+ }
+
+
+ /* Show tab dialog headers */
+ if ($this->parent != NULL){
+ if ($this->is_account){
+ if (isset($this->parent->by_object['sambaAccount'])){
+ $obj= $this->parent->by_object['sambaAccount'];
+ }
+ if (isset($obj) && $obj->is_account == TRUE &&
+ ((isset($this->parent->by_object['sambaAccount']))&&($this->parent->by_object['sambaAccount']->is_account))
+ ||(isset($this->parent->by_object['environment'] ))&&($this->parent->by_object['environment'] ->is_account)){
+
+ /* Samba3 dependency on posix accounts are enabled
+ in the moment, because I need to rely on unique
+ uidNumbers. There'll be a better solution later
+ on. */
+ $display= $this->show_disable_header(_("Remove posix account"),
+ _("This account has unix features enabled. To disable them, you'll need to remove the samba / environment account first."), TRUE);
+ } else {
+ $display= $this->show_disable_header(_("Remove posix account"),
+ _("This account has posix features enabled. You can disable them by clicking below."));
+ }
} else {
- $display= $this->show_header(_("Remove posix account"),
- _("This account has posix features enabled. You can disable them by clicking below."));
+ $display= $this->show_enable_header(_("Create posix account"),
+ _("This account has posix features disabled. You can enable them by clicking below."));
+ return($display);
}
- } else {
- $display= $this->show_header(_("Create posix account"),
- _("This account has posix features disabled. You can enable them by clicking below."));
- return($display);
}
}
-
/* Trigger group edit? */
if (isset($_POST['edit_groupmembership'])){
$this->group_dialog= TRUE;
if (isset($_POST['add_groups_finish']) && isset($_POST['groups']) &&
count($_POST['groups'])){
- if (chkacl ($this->acl, "memberUid") == ""){
- $this->addGroup ($_POST['groups']);
- $this->is_modified= TRUE;
- }
+ $this->addGroup ($_POST['groups']);
}
/* Delete selected groups */
if (isset($_POST['delete_groupmembership']) &&
isset($_POST['group_list']) && count($_POST['group_list'])){
- if (chkacl ($this->acl, "memberUid") == ""){
- $this->delGroup ($_POST['group_list']);
- $this->is_modified= TRUE;
- }
+ $this->delGroup ($_POST['group_list']);
}
/* Add user workstation? */
if ($exclude != ""){
$exclude= "(!(|$exclude))";
}
- $acl= array($this->config->current['BASE'] => ":all");
$regex= $sysfilter['regex'];
$filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))";
- $res= get_list($acl, "$filter", TRUE, $sysfilter['depselect'], array("cn"), TRUE);
+ $res= get_list($filter, "groups", $sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT);
$wslist= array();
foreach ($res as $attrs){
$wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
/* Manage group add dialog */
if ($this->group_dialog){
- $gd= new groupManagement($this->config, get_userinfo());
- /* Save data */
- $groupfilter= get_global("groupfilter");
- foreach( array("depselect", "guser", "regex") as $type){
- if (isset($_POST[$type])){
- $groupfilter[$type]= $_POST[$type];
- }
- }
- if (isset($_POST['depselect'])){
- foreach( array("primarygroups", "sambagroups", "mailgroups", "appgroups",
- "functionalgroups") as $type){
+ /* Get global filter config */
+ $this->reload();
- if (isset($_POST[$type])) {
- $groupfilter[$type]= "checked";
- } else {
- $groupfilter[$type]= "";
- }
- }
- }
- if (isset($_GET['search'])){
- $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
- if ($s == "**"){
- $s= "*";
- }
- $groupfilter['regex']= $s;
- }
- register_global("groupfilter", $groupfilter);
-
- /* Calculate actual groups */
- $gd->reload(true);
+ /* remove already assigned groups */
$glist= array();
- foreach ($gd->grouplist as $key => $value){
- if (!isset($this->groupMembership[$key])){
+ foreach ($this->grouplist as $key => $value){
+ if (!isset($this->groupMembership[$key]) && obj_is_writable($key,"groups/group","memberUid")){
$glist[$key]= $value;
}
}
+ if($this->SubSearch){
+ $smarty->assign("SubSearchCHK"," checked ");
+ }else{
+ $smarty->assign("SubSearchCHK","");
+ }
+
+ $smarty->assign("regex",$this->GroupRegex);
+ $smarty->assign("guser",$this->GroupUserRegex);
$smarty->assign("groups", $glist);
$smarty->assign("search_image", get_template_path('images/search.png'));
$smarty->assign("launchimage", get_template_path('images/small_filter.png'));
$smarty->assign("tree_image", get_template_path('images/tree.png'));
$smarty->assign("deplist", $this->config->idepartments);
$smarty->assign("alphabet", generate_alphabet());
- foreach( array("depselect", "guser", "regex", "primarygroups", "mailgroups",
- "appgroups", "sambagroups", "functionalgroups") as $type){
- $smarty->assign("$type", $groupfilter[$type]);
- }
+ $smarty->assign("depselect",$_SESSION['CurrentMainBase']);
$smarty->assign("hint", print_sizelimit_warning());
$smarty->assign("apply", apply_filter());
/* Show main page */
$smarty= get_smarty();
+ /* In 'MyAccount' mode, we must remove write acls if we are not in editing mode. */
+ $SkipWrite = (!isset($this->parent) || !$this->parent) && !isset($_SESSION['edit']);
+
/* Depending on pwmode, currently hardcoded because there are no other methods */
if ( 1 == 1 ){
$smarty->assign("pwmode", dirname(__FILE__)."/posix_shadow");
- $shadowMinACL= chkacl($this->acl, "shadowMin");
- $smarty->assign("shadowmins", sprintf(_("Password can't be changed up to %s days after last change"), "<input name=\"shadowMin\" size=3 maxlength=4 $shadowMinACL value=\"".$this->shadowMin."\">"));
- $shadowMaxACL= chkacl($this->acl, "shadowMax");
- $smarty->assign("shadowmaxs", sprintf(_("Password must be changed after %s days"), "<input name=\"shadowMax\" size=3 maxlength=4 $shadowMaxACL value=\"".$this->shadowMax."\">"));
- $shadowInactiveACL= chkacl($this->acl, "shadowInactive");
- $smarty->assign("shadowinactives", sprintf(_("Disable account after %s days of inactivity after password expiery"), "<input name=\"shadowInactive\" size=3 maxlength=4 $shadowInactiveACL value=\"".$this->shadowInactive."\">"));
- $shadowWarningACL= chkacl($this->acl, "shadowWarning");
- $smarty->assign("shadowwarnings", sprintf(_("Warn user %s days before password expiery"), "<input name=\"shadowWarning\" size=3 maxlength=4 $shadowWarningACL value=\"".$this->shadowWarning."\">"));
- foreach( array("must_change_password", "use_shadowMin", "use_shadowMax",
- "use_shadowExpire", "use_shadowInactive",
- "use_shadowWarning") as $val){
+
+ $shadowMinACL = $this->getacl("shadowMin",$SkipWrite);
+ $smarty->assign("shadowmins", sprintf(_("Password can't be changed up to %s days after last change"),
+ "<input name=\"shadowMin\" size=3 maxlength=4 value=\"".$this->shadowMin."\">"));
+
+ $shadowMaxACL = $this->getacl("shadowMax",$SkipWrite);
+ $smarty->assign("shadowmaxs", sprintf(_("Password must be changed after %s days"),
+ "<input name=\"shadowMax\" size=3 maxlength=4 value=\"".$this->shadowMax."\">"));
+
+ $shadowInactiveACL= $this->getacl("shadowInactive",$SkipWrite);
+ $smarty->assign("shadowinactives", sprintf(_("Disable account after %s days of inactivity after password expiery"),
+ "<input name=\"shadowInactive\" size=3 maxlength=4 value=\"".$this->shadowInactive."\">"));
+
+ $shadowWarningACL = $this->getacl("shadowWarning",$SkipWrite);
+ $smarty->assign("shadowwarnings", sprintf(_("Warn user %s days before password expiery"),
+ "<input name=\"shadowWarning\" size=3 maxlength=4 value=\"".$this->shadowWarning."\">"));
+
+ foreach( array("use_shadowMin", "use_shadowMax",
+ "use_shadowExpire", "use_shadowInactive","use_shadowWarning") as $val){
if ($this->$val == 1){
$smarty->assign("$val", "checked");
} else {
$smarty->assign("$val", "");
}
- $smarty->assign("$val"."ACL", chkacl($this->acl, $val));
+ $smarty->assign("$val"."ACL", $this->getacl($val,$SkipWrite));
}
+
+ if($this->mustchangepassword){
+ $smarty->assign("mustchangepassword", "checked");
+ } else {
+ $smarty->assign("mustchangepassword", "");
+ }
+ $smarty->assign("mustchangepasswordACL", $this->getacl("mustchangepassword",$SkipWrite));
}
/* Fill calendar */
- $date= getdate($this->shadowExpire);
-
+ /* If this $this->shadowExpire is empty
+ use current date as base for calculating selectbox values.
+ (This attribute is empty if this is a new user )*/
+ if(empty($this->shadowExpire)){
+ $date= getdate(time());
+ }else{
+ $date= getdate($this->shadowExpire);
+ }
+
$days= array();
for($d= 1; $d<32; $d++){
$days[$d]= $d;
} else {
$smarty->assign("groups", "");
}
- $smarty->assign("printerList", $this->printerList);
- $smarty->assign("languages", $this->config->data['MAIN']['LANGUAGES']);
- /* Avoid "Undefined index: forceMode" */
+ /* Avoid "Undefined index: forceMode" */
$smarty->assign("forceMode", "");
/* Checkboxes */
}
$smarty->assign("force_ids", "");
}
- $smarty->assign("force_idsACL", chkacl($this->acl, "force_ids"));
+
+
+
+ $smarty->assign("force_idsACL", $this->getacl("uidNumber",$SkipWrite).$this->getacl("gidNumber",$SkipWrite));
/* Load attributes and acl's */
foreach($this->attributes as $val){
if(($_SESSION["js"])&&(($val=="uidNumber")||($val=="gidNumber")))
- {
- $smarty->assign("$val"."ACL","");
- $smarty->assign("$val", $this->$val);
- continue;
- }
+ {
+ $smarty->assign("$val"."ACL",$this->getacl($val,$SkipWrite));
+ $smarty->assign("$val", $this->$val);
+ continue;
+ }
$smarty->assign("$val", $this->$val);
- $smarty->assign("$val"."ACL", chkacl($this->acl,$val));
+ $smarty->assign("$val"."ACL", $this->getacl($val,$SkipWrite));
+ }
+ if($SkipWrite){
+ $smarty->assign("groupMembershipACL","r");
+ }else{
+ $smarty->assign("groupMembershipACL","rw");
}
- $smarty->assign("groupMembershipACL", chkacl($this->acl, "groupMembership"));
$smarty->assign("status", $this->status);
/* Work on trust modes */
- $smarty->assign("trustmodeACL", chkacl($this->acl, "trustmode"));
+ $smarty->assign("trusthide", " disabled ");
+ $smarty->assign("trustmodeACL", $this->getacl("trustModel",$SkipWrite));
if ($this->trustModel == "fullaccess"){
$trustmode= 1;
// pervent double disable tag in html code, this will disturb our clean w3c html
-
- if(chkacl($this->acl, "trustmode")==""){
- $smarty->assign("trusthide", "disabled");
- }else{
- $smarty->assign("trusthide", "");
- }
+ $smarty->assign("trustmode", $this->getacl("trustModel",$SkipWrite));
} elseif ($this->trustModel == "byhost"){
$trustmode= 2;
$smarty->assign("trusthide", "");
} else {
// pervent double disable tag in html code, this will disturb our clean w3c html
- if(chkacl($this->acl, "trustmode")==""){
- $smarty->assign("trusthide", "disabled");
- }else{
- $smarty->assign("trusthide", "");
- }
+ $smarty->assign("trustmode", $this->getacl("trustModel",$SkipWrite));
$trustmode= 0;
}
$smarty->assign("trustmode", $trustmode);
$smarty->assign("emptyArrAccess",true);
else
$smarty->assign("emptyArrAccess",false);
-
+
$smarty->assign("workstations", $this->accessTo);
function remove_from_parent()
{
/* Cancel if there's nothing to do here */
- if (!$this->initially_was_account){
+ if ((!$this->initially_was_account) || (!$this->acl_is_removeable())){
return;
}
-
+
/* include global link_info */
$ldap= $this->config->get_ldap_link();
/* Keep uid, because we need it for authentification! */
unset($this->attrs['uid']);
+ unset($this->attrs['trustModel']);
@DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
$this->attributes, "Save");
$ldap->cd($this->dn);
- $ldap->modify($this->attrs);
- show_ldap_error($ldap->get_error());
+ $this->cleanup();
+ $ldap->modify ($this->attrs);
+
+ new log("remove","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+
+ show_ldap_error($ldap->get_error(), sprintf(_("Removing of user/posix account with dn '%s' failed."),$this->dn));
/* Delete group only if cn is uid and there are no other
members inside */
}
/* Optionally execute a command after we're done */
- $this->handle_post_events("remove");
+ $this->handle_post_events("remove",array("uid" => $this->uid));
}
/* Save values to object */
plugin::save_object();
- /* Save force GID attribute */
- if (chkacl ($this->acl, "force_ids") == ""){
+
+ /* Save force GID checkbox */
+ if($this->acl_is_writeable("gidNumber") || $this->acl_is_writeable("uidNumber")){
if (isset ($_POST['force_ids'])){
$data= 1;
} else {
$this->is_modified= TRUE;
}
$this->force_ids= $data;
+ }
+ /*Save primary group settings */
+ if($this->acl_is_writeable("primaryGroup") && isset($_POST['primaryGroup'])){
$data= $_POST['primaryGroup'];
if ($this->primaryGroup != $data){
$this->is_modified= TRUE;
$this->primaryGroup= $_POST['primaryGroup'];
}
- /* Save pwmode dependent attributes, curently hardcoded because there're
- no alternatives */
- if (1 == 1){
- foreach( array("must_change_password", "use_shadowMin", "use_shadowMax",
- "use_shadowExpire", "use_shadowInactive",
- "use_shadowWarning") as $val){
- if (chkacl($this->acl, "$val") == ""){
- if (isset ($_POST[$val])){
- $data= 1;
- } else {
- $data= 0;
- }
- if ($data != $this->$val){
- $this->is_modified= TRUE;
- }
- $this->$val= $data;
+ foreach(array("shadowMin","shadowMax","shadowExpire","shadowInactive","shadowWarning","mustchangepassword") as $var) {
+ if($this->acl_is_writeable($var)){
+ $use_var = "use_".$var;
+ if(isset($_POST['use_'.$var])){
+ $this->$use_var = true;
+ $this->$var = $_POST[$var];
+ }else{
+ $this->$use_var = false;
+ $this->$var = 0;
}
}
}
/* Trust mode - special handling */
- if (isset($_POST['trustmode'])){
- $saved= $this->trustModel;
- if ($_POST['trustmode'] == "1"){
- $this->trustModel= "fullaccess";
- } elseif ($_POST['trustmode'] == "2"){
- $this->trustModel= "byhost";
- } else {
- $this->trustModel= "";
- }
- if ($this->trustModel != $saved){
- $this->is_modified= TRUE;
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
}
}
}
+
+ /* Get regex from alphabet */
+ if(isset($_GET['search'])){
+ $this->GroupRegex = $_GET['search']."*";
+ }
+
+ /* Check checkboxes and regexes */
+ if(isset($_POST["PosixGroupDialogPosted"])){
+
+ if(isset($_POST['SubSearch']) && ($_POST['SubSearch'])){
+ $this->SubSearch = true;
+ }else{
+ $this->SubSearch = false;
+ }
+ if(isset($_POST['guser'])){
+ $this->GroupUserRegex = $_POST['guser'];
+ }
+ if(isset($_POST['regex'])){
+ $this->GroupRegex = $_POST['regex'];
+ }
+ }
+ $this->GroupRegex = preg_replace("/\*\**/","*",$this->GroupRegex);
+ $this->GroupUserRegex = preg_replace("/\*\**/","*",$this->GroupUserRegex);
}
/* Save data to LDAP, depending on is_account we save or delete */
function save()
{
-
+
/* include global link_info */
$ldap= $this->config->get_ldap_link();
$this->shadowExpire= "0";
} else {
/* Transform seconds to days here */
- $this->shadowExpire= (int)($this->shadowExpire / (60 * 60 * 24)) + 1;
+ $this->shadowExpire= (int)($this->shadowExpire / (60 * 60 * 24)) ;
}
if (!$this->use_shadowMax){
$this->shadowMax= "0";
}
- if ($this->must_change_password){
+ if ($this->mustchangepassword){
$this->shadowLastChange= (int)(date("U") / 86400) - $this->shadowMax - 1;
} else {
$this->shadowLastChange= (int)(date("U") / 86400);
}
add_lock ("uidnumber", "gosa");
- $this->uidNumber= $this->get_next_id("uidNumber");
+ $this->uidNumber= $this->get_next_id("uidNumber", $this->dn);
if ($this->savedGidNumber != ""){
$this->gidNumber= $this->savedGidNumber;
} else {
- $this->gidNumber= $this->get_next_id("gidNumber");
+ $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
}
}
$this->shadowMin = "";
}
- if (($this->use_shadowMax != "1") && ($this->must_change_password != "1")) {
+ if (($this->use_shadowMax != "1") && ($this->mustchangepassword != "1")) {
$this->shadowMax = "";
}
/* Fill gecos */
if (isset($this->parent) && $this->parent != NULL){
$this->gecos= rewrite($this->parent->by_object['user']->cn);
- if (!preg_match('/[a-z0-9 -]/i', $this->gecos)){
- $this->gecos= "";
- }
+ if (!preg_match('/^[a-z0-9 -]+$/i', $this->gecos)){
+ $this->gecos= "";
+ }
}
+ foreach(array("shadowMin","shadowMax","shadowWarning","shadowInactive","shadowExpire") as $attr){
+ $this->$attr = (int) $this->$attr;
+ }
/* Call parents save to prepare $this->attrs */
plugin::save();
$thid->attrs['gosaDefaultPrinter']=array();
}
- foreach(array("shadowMin","shadowMax","shadowWarning","shadowInactive") as $attr){
- $this->attrs[$attr] = (int) $this->attrs[$attr];
- }
/* Save data to LDAP */
$ldap->cd($this->dn);
- $ldap->modify($this->attrs);
- show_ldap_error($ldap->get_error());
+ $this->cleanup();
+ unset($this->attrs['uid']);
+ $ldap->modify ($this->attrs);
+
+ /* Log last action */
+ if($this->initially_was_account){
+ new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ }else{
+ new log("create","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ }
+
+ show_ldap_error($ldap->get_error(), sprintf(_("Saving of user/posix account with dn '%s' failed."),$this->dn));
/* Remove lock needed for unique id generation */
del_lock ("uidnumber");
-
- /* Posix accounts have group interrelationship, take care about these here. */
- if ($this->force_ids == 0 && $this->primaryGroup == 0){
+ /* Posix accounts have group interrelationship,
+ take care about these here if this is a new user without forced gidNumber. */
+ if ($this->force_ids == 0 && $this->primaryGroup == 0 && !$this->initially_was_account){
$ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
/* Take care about groupMembership values: add to groups */
foreach ($this->groupMembership as $key => $value){
- $g= new group($this->config, $key);
- $g->addUser ($this->uid);
- $g->save();
-
- /* May need to save the mail part, too */
- if ($g->has_mailAccount){
- $m= new mailgroup($this->config, $key);
- $m->save();
+ if (!isset($this->savedGroupMembership[$key])){
+ $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key,"groups");
+ $g->set_acl_base($key);
+ $g->by_object['group']->addUser($this->uid);
+ $g->save();
}
}
/* Remove from groups not listed in groupMembership */
foreach ($this->savedGroupMembership as $key => $value){
- if (!array_key_exists ($key, $this->groupMembership)){
- $g= new group($this->config, $key);
- $g->removeUser ($this->uid);
+ if (!isset($this->groupMembership[$key])){
+ $g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key,"groups");
+ $g->set_acl_base($key);
+ $g->by_object['group']->removeUser ($this->uid);
$g->save();
-
- /* May need to save the mail part, too */
- if ($g->has_mailAccount){
- $m= new mailgroup($this->config, $key);
- $m->save();
- }
}
}
/* Optionally execute a command after we're done */
if ($this->initially_was_account == $this->is_account){
if ($this->is_modified){
- $this->handle_post_events("mofify");
+ $this->handle_post_events("modify",array("uid" => $this->uid));
}
} else {
- $this->handle_post_events("add");
+ $this->handle_post_events("add" ,array("uid"=> $this->uid));
}
}
/* Include global link_info */
$ldap= $this->config->get_ldap_link();
- /* Reset message array */
- $message= array();
+ /* Append groups as memberGroup: to check hook
+ */
+ $tmp_attributes = $this->attributes;
+ $this->attributes[] = "memberGroup";
+ $this->memberGroup = array();
+ foreach($this->groupMembership as $dn => $name){
+ $this->memberGroup[] = $name;
+ }
+
+ /* Call common method to give check the hook */
+ $message= plugin::check();
+ $this->attributes = $tmp_attributes;
/* must: homeDirectory */
if ($this->homeDirectory == ""){
}
}
- // if(empty($this->gosaDefaultPrinter)){
- // $message[]= _("You need to specify a valid default printer.");
- // }
+ // if(empty($this->gosaDefaultPrinter)){
+ // $message[]= _("You need to specify a valid default printer.");
+ // }
return ($message);
}
/* Walk through groups and add the descriptive entry if not exists */
foreach ($groups as $value){
if (!array_key_exists($value, $this->groupMembership)){
- $ldap->cat($value);
+ $ldap->cat($value, array('cn', 'description', 'dn'));
$attrs= $ldap->fetch();
error_reporting (0);
if (!isset($attrs['description'][0])){
$dsc= preg_replace ('/^Group of user/', _("Group of user"), $attrs["description"][0]);
$entry= $attrs["cn"][0]." [$dsc]";
}
- error_reporting (E_ALL);
- $this->groupMembership[$ldap->getDN()]= $entry;
+ error_reporting (E_ALL | E_STRICT);
+
+ if(obj_is_writable($attrs['dn'],"groups/group","memberUid")){
+ $this->groupMembership[$attrs['dn']]= $entry;
+ }
}
}
function delGroup ($groups)
{
$dest= array();
-
- foreach ($this->groupMembership as $key => $value){
- if (!in_array($key, $groups)){
- $dest[$key]= $value;
+ foreach($groups as $dn_to_del){
+ if(isset($this->groupMembership[$dn_to_del]) && obj_is_writable($dn_to_del,"groups/group","memberUid")){
+ unset($this->groupMembership[$dn_to_del]);
}
}
- $this->groupMembership= $dest;
}
+
/* Adapt from template, using 'dn' */
function adapt_from_template($dn)
{
if ($ldap->count() != 1){
$this->primaryGroup= $this->gidNumber;
}
+
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaUserTemplate)(uid=".$template.")(accessTo=*))", array("cn","accessTo"));
+ while($attr = $ldap->fetch()){
+ $tmp = $attr['accessTo'];
+ unset ($tmp['count']);
+ $this->accessTo = $tmp;
+ }
+
+ /* Adjust shadow checkboxes */
+ foreach (array("shadowMin", "shadowMax", "shadowWarning", "shadowInactive") as $val){
+ if ($this->$val != 0){
+ $oval= "use_".$val;
+ $this->$oval= "1";
+ }
+ }
+
+ /* FIXME: NEED review of this section */
+ /* Need to check shadowExpire separately */
+
+ /*
+ * If shadowExpire is not enabled in the template, it's a UNIX timestamp - so don't convert it to seconds.
+ * The check is a hack - if difference between timestamp generated above and here is max 1 day.
+ */
+ if(abs($this->shadowExpire - time())>86400) {
+ $this->shadowExpire= $this->convertToSeconds($this->shadowExpire);
+ }
+
+ /* Only enable checkbox, if shadowExpire is in the future */
+ if($this->shadowExpire > time()) {
+ $this->use_shadowExpire= "1";
+ }
}
- function get_next_id($attrib)
+ function convertToSeconds($val)
+ {
+ if ($val != 0){
+ $val*= 60 * 60 * 24;
+ } else {
+ $date= getdate();
+ $val= floor($date[0] / (60*60*24)) * 60 * 60 * 24;
+ }
+ return($val);
+ }
+
+
+ function get_next_id($attrib, $dn)
{
$ids= array();
$ldap= $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
- $ldap->search ("($attrib=*)", array("$attrib"));
+ if (preg_match('/gidNumber/i', $attrib)){
+ $oc= "posixGroup";
+ } else {
+ $oc= "posixAccount";
+ }
+ $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
/* Get list of ids */
while ($attrs= $ldap->fetch()){
$ids[]= (int)$attrs["$attrib"][0];
}
+ /* Add the nobody id */
+ $ids[]= 65534;
+
+ /* get the ranges */
+ $tmp = array('0'=> 1000);
+ if (preg_match('/posixAccount/', $oc) && isset($this->config->current['UIDBASE'])) {
+ $tmp= split('-',$this->config->current['UIDBASE']);
+ } elseif(isset($this->config->current['GIDBASE'])){
+ $tmp= split('-',$this->config->current['GIDBASE']);
+ }
+
+ /* Set hwm to max if not set - for backward compatibility */
+ $lwm= $tmp[0];
+ if (isset($tmp[1])){
+ $hwm= $tmp[1];
+ } else {
+ $hwm= pow(2,32);
+ }
+
/* Find out next free id near to UID_BASE */
- for ($id= $this->config->current['UIDBASE']; $id++; $id<65000){
+ if (!isset($this->config->current['BASE_HOOK'])){
+ $base= $lwm;
+ } else {
+ /* Call base hook */
+ $base= get_base_from_hook($dn, $attrib);
+ }
+ for ($id= $base; $id++; $id < pow(2,32)){
if (!in_array($id, $ids)){
return ($id);
}
}
/* Should not happen */
- if ($id == 65000){
+ if ($id == $hwm){
print_red(_("Too many users, can't allocate a free ID!"));
exit;
}
}
+ function reload()
+ {
+ /* Set base for all searches */
+ $base = $_SESSION['CurrentMainBase'];
+ $base = $base;
+ $ldap = $this->config->get_ldap_link();
+ $attrs = array("cn", "description", "gidNumber");
+ $Flags = GL_SIZELIMIT;
+
+ /* Get groups */
+ if ($this->GroupUserRegex == '*'){
+ $filter = "(&(objectClass=posixGroup)(cn=".$this->GroupRegex."))";
+ } else {
+ $filter= "(&(objectClass=posixGroup)(cn=".$this->GroupRegex.")(memberUid=".$this->GroupUserRegex."))";
+ }
+ if($this->SubSearch){
+ $Flags |= GL_SUBSEARCH;
+ }else{
+ $base = get_groups_ou().$base;
+ }
+ $res= get_list($filter, "groups", $base,$attrs, $Flags);
+
+ /* check sizelimit */
+ if (preg_match("/size limit/i", $ldap->error)){
+ $_SESSION['limit_exceeded']= TRUE;
+ }
-}
+ /* Create a list of users */
+ $this->grouplist = array();
+ foreach ($res as $value){
+ $this->grouplist[$value['gidNumber'][0]]= $value;
+ }
-// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+ $tmp=array();
+ foreach($this->grouplist as $tkey => $val ){
+ $tmp[strtolower($val['cn'][0]).$val['cn'][0]]=$val;
+ }
+
+ /* Sort index */
+ ksort($tmp);
+ /* Recreate index array[dn]=cn[description]*/
+ $this->grouplist=array();
+ foreach($tmp as $val){
+ if(isset($val['description'])){
+ $this->grouplist[$val['dn']]=$val['cn'][0]." [".$val['description'][0]."]";
+ }else{
+ $this->grouplist[$val['dn']]=$val['cn'][0];
+ }
+ }
+
+ reset ($this->grouplist);
+ }
+
+
+ /* Get posts from copy & paste dialog */
+ function saveCopyDialog()
+ {
+ if(isset($_POST['homeDirectory'])){
+ $this->homeDirectory = $_POST['homeDirectory'];
+ if (isset ($_POST['force_ids'])){
+ $data= 1;
+ $this->gidNumber = $_POST['gidNumber'];
+ $this->uidNumber = $_POST['uidNumber'];
+ } else {
+ $data= 0;
+ }
+ if ($this->force_ids != $data){
+ $this->is_modified= TRUE;
+ }
+ $this->force_ids= $data;
+ }
+ }
+
+
+ /* Create the posix dialog part for copy & paste */
+ function getCopyDialog()
+ {
+ /* Skip dialog creation if this is not a valid account*/
+ if(!$this->is_account) return("");
+ if ($this->force_ids == 1){
+ $force_ids = "checked";
+ if ($_SESSION['js']){
+ $forceMode = "";
+ }
+ } else {
+ if ($_SESSION['js']){
+ if($this->acl != "#none#")
+ $forceMode ="disabled";
+ }
+ $force_ids = "";
+ }
+
+ $sta = "";
+
+ /* Open group add dialog */
+ if(isset($_POST['edit_groupmembership'])){
+ $this->group_dialog = TRUE;
+ $sta = "SubDialog";
+ }
+
+ /* If the group-add dialog is closed, call execute
+ to ensure that the membership is updatd */
+ if(isset($_POST['add_groups_finish']) || isset($_POST['add_groups_cancel'])){
+ $this->execute();
+ $this->group_dialog =FALSE;
+ }
+
+ if($this->group_dialog){
+ $str = $this->execute(true);
+ $ret = array();
+ $ret['string'] = $str;
+ $ret['status'] = $sta;
+ return($ret);
+ }
+ /* If a group member should be deleted, simply call execute */
+ if(isset($_POST['delete_groupmembership'])){
+ $this->execute();
+ }
+ /* Assigned informations to smarty */
+ $smarty = get_smarty();
+ $smarty->assign("homeDirectory",$this->homeDirectory);
+ $smarty->assign("uidNumber",$this->uidNumber);
+ $smarty->assign("gidNumber",$this->gidNumber);
+ $smarty->assign("forceMode",$forceMode);
+ $smarty->assign("force_ids",$force_ids);
+ if (!count($this->groupMembership)){
+ $smarty->assign("groupMembership", array(" "));
+ } else {
+ $smarty->assign("groupMembership", $this->groupMembership);
+ }
+ /* Display wars message if there are more than 16 group members */
+ if (count($this->groupMembership) > 16){
+ $smarty->assign("groups", "too_many_for_nfs");
+ } else {
+ $smarty->assign("groups", "");
+ }
+ $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE,dirname(__FILE__)));
+ $ret = array();
+ $ret['string'] = $str;
+ $ret['status'] = $sta;
+ return($ret);
+ }
+
+
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+
+ /* Avoid using the same gid/uid number as source user */
+ $this->savedUidNumber = $this->get_next_id("gidNumber", $this->dn);
+ $this->savedGidNumber = $this->get_next_id("uidNumber", $this->dn);
+ }
+
+
+ function plInfo()
+ {
+ return (array(
+ "plDescription" => _("POSIX account"),
+ "plSelfModify" => TRUE,
+ "plDepends" => array("user"),
+ "plPriority" => 2,
+ "plSection" => array("personal" => _("My account")),
+ "plCategory" => array("users"),
+ "plOptions" => array(),
+
+ "plProvidedAcls" => array(
+
+ "homeDirectory" => _("Home directory"),
+ "loginShell" => _("Shell"),
+ "uidNumber" => _("User ID"),
+ "gidNumber" => _("Group ID"),
+
+ "mustchangepassword"=> _("Force password change on login"),
+ "shadowMin" => _("Shadow min"),
+ "shadowMax" => _("Shadow max"),
+ "shadowWarning" => _("Shadow warning"),
+ "shadowInactive" => _("Shadow inactive"),
+ "shadowExpire" => _("Shadow expire"),
+ "trustModel" => _("System trust model")))
+ );
+ }
+}
+
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>