X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Ffunctions.inc;h=893d1431d386971e9c26885bb3daf41109d5f324;hb=9773098162a69430e5c427eb458578bb39e15560;hp=1234a6d44cf6090ad67c60779b3c0da574ae019b;hpb=4925c41a108ce46945710f3558974e11c6200111;p=gosa.git diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index 1234a6d44..893d1431d 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -89,6 +89,13 @@ define ("DEBUG_ACL", 128); /*! Debug level for ACL infos */ define ("DEBUG_SI", 256); /*! Debug level for communication with gosa-si */ define ("DEBUG_MAIL", 512); /*! Debug level for all about mail (mailAccounts, imap, sieve etc.) */ define ("DEBUG_FAI", 1024); // FAI (incomplete) +define ("DEBUG_RPC", 2048); /*! Debug level for communication with remote procedures */ + +// Define shadow states +define ("POSIX_ACCOUNT_EXPIRED", 1); +define ("POSIX_WARN_ABOUT_EXPIRATION", 2); +define ("POSIX_FORCE_PASSWORD_CHANGE", 4); +define ("POSIX_DISALLOW_PASSWORD_CHANGE", 8); /* Rewrite german 'umlauts' and spanish 'accents' to get better results */ @@ -120,21 +127,22 @@ $REWRITE= array( "ä" => "ae", * * \param string 'class_name' The currently requested class */ -function __autoload($class_name) { +function __gosa_autoload($class_name) { global $class_mapping, $BASE_DIR; if ($class_mapping === NULL){ - echo sprintf(_("Fatal error: no class locations defined - please run '%s' to fix this"), "update-gosa"); + echo sprintf(_("Fatal error: no class locations defined - please run %s to fix this"), bold("update-gosa")); exit; } if (isset($class_mapping["$class_name"])){ require_once($BASE_DIR."/".$class_mapping["$class_name"]); } else { - echo sprintf(_("Fatal error: cannot instantiate class '%s' - try running '%s' to fix this"), $class_name, "update-gosa"); + echo sprintf(_("Fatal error: cannot instantiate class %s - try running %s to fix this"), bold($class_name), bold("update-gosa")); exit; } } +spl_autoload_register('__gosa_autoload'); /*! \brief Checks if a class is available. @@ -143,8 +151,14 @@ function __autoload($class_name) { */ function class_available($name) { - global $class_mapping; - return(isset($class_mapping[$name])); + global $class_mapping, $config; + + $disabled = array(); + if($config instanceOf config && $config->configRegistry instanceOf configRegistry){ + $disabled = $config->configRegistry->getDisabledPlugins(); + } + + return(isset($class_mapping[$name]) && !isset($disabled[$name])); } @@ -202,21 +216,26 @@ function make_seed() { * */ function DEBUG($level, $line, $function, $file, $data, $info="") { - if (session::global_get('DEBUGLEVEL') & $level){ - $output= "DEBUG[$level] "; - if ($function != ""){ - $output.= "($file:$function():$line) - $info: "; - } else { - $output.= "($file:$line) - $info: "; + global $config; + $debugLevel = 0; + if($config instanceOf config){ + $debugLevel = $config->get_cfg_value('core', 'debugLevel'); } - echo $output; - if (is_array($data)){ - print_a($data); - } else { - echo "'$data'"; + if ($debugLevel & $level){ + $output= "DEBUG[$level] "; + if ($function != ""){ + $output.= "($file:$function():$line) - $info: "; + } else { + $output.= "($file:$line) - $info: "; + } + echo $output; + if (is_array($data)){ + print_a($data); + } else { + echo "'$data'"; + } + echo "
"; } - echo "
"; - } } @@ -244,8 +263,8 @@ function get_browser_language() } /* Check for global language settings in gosa.conf */ - if (isset ($config) && $config->get_cfg_value('language') != ""){ - $lang = $config->get_cfg_value('language'); + if (isset ($config) && $config->get_cfg_value("core",'language') != ""){ + $lang = $config->get_cfg_value("core",'language'); if(!preg_match("/utf/i",$lang)){ $lang .= ".UTF-8"; } @@ -307,7 +326,7 @@ function get_template_path($filename= '', $plugin= FALSE, $path= "") /* Set theme */ if (isset ($config)){ - $theme= $config->get_cfg_value("theme", "default"); + $theme= $config->get_cfg_value("core","theme"); } else { $theme= "default"; } @@ -320,7 +339,7 @@ function get_template_path($filename= '', $plugin= FALSE, $path= "") /* Return plugin dir or root directory? */ if ($plugin){ if ($path == ""){ - $nf= preg_replace("!^".$BASE_DIR."/!", "", session::global_get('plugin_dir')); + $nf= preg_replace("!^".$BASE_DIR."/!", "", preg_replace('/^\.\.\//', '', session::global_get('plugin_dir'))); } else { $nf= preg_replace("!^".$BASE_DIR."/!", "", $path); } @@ -444,7 +463,7 @@ function ldap_init ($server, $base, $binddn='', $pass='') /* Sadly we've no proper return values here. Use the error message instead. */ if (!$ldap->success()){ msg_dialog::display(_("Fatal error"), - sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error()), + sprintf(_("Error while connecting to LDAP: %s"), $ldap->get_error()), FATAL_ERROR_DIALOG); exit(); } @@ -465,7 +484,7 @@ function process_htaccess ($username, $kerberos= FALSE) $config->set_current($name); $mode= "kerberos"; - if ($config->get_cfg_value("useSaslForKerberos") == "true"){ + if ($config->get_cfg_value("core","useSaslForKerberos") == "true"){ $mode= "sasl"; } @@ -515,7 +534,7 @@ function ldap_login_user_htaccess ($username) $ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid")); /* Found no uniq match? Strange, because we did above... */ if ($ldap->count() != 1) { - msg_dialog::display(_("LDAP error"), _("Username / UID is not unique inside the LDAP tree!"), FATAL_ERROR_DIALOG); + msg_dialog::display(_("LDAP error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG); return (NULL); } $attrs= $ldap->fetch(); @@ -527,6 +546,7 @@ function ldap_login_user_htaccess ($username) /* Bail out if we have login restrictions set, for security reasons the message is the same than failed user/pw */ if (!$ui->loginAllowed()){ + new log("security","login","",array(),"Login restriction for user \"$username\", login not permitted"); return (NULL); } @@ -568,8 +588,8 @@ function ldap_login_user ($username, $password) $ldap->cd($config->current['BASE']); $allowed_attributes = array("uid","mail"); $verify_attr = array(); - if($config->get_cfg_value("loginAttribute") != ""){ - $tmp = split(",", $config->get_cfg_value("loginAttribute")); + if($config->get_cfg_value("core","loginAttribute") != ""){ + $tmp = explode(",", $config->get_cfg_value("core","loginAttribute")); foreach($tmp as $attr){ if(in_array($attr,$allowed_attributes)){ $verify_attr[] = $attr; @@ -600,7 +620,7 @@ function ldap_login_user ($username, $password) /* found more than one matching id */ default: - msg_dialog::display(_("Internal error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), FATAL_ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG); return (NULL); } @@ -623,6 +643,7 @@ function ldap_login_user ($username, $password) /* Bail out if we have login restrictions set, for security reasons the message is the same than failed user/pw */ if (!$ui->loginAllowed()){ + new log("security","login","",array(),"Login restriction for user \"$username\", login not permitted"); return (NULL); } @@ -644,111 +665,128 @@ function ldap_login_user ($username, $password) } -/*! \brief Test if account is about to expire +/*! \brief Checks the posixAccount status by comparing the shadow attributes. * - * \param string 'userdn' the DN of the user - * \param string 'username' the username - * \return int Can be one of the following values: - * - 1 the account is locked - * - 2 warn the user that the password is about to expire and he should change - * his password - * - 3 force the user to change his password - * - 4 user should not be able to change his password - * */ -function ldap_expired_account($config, $userdn, $username) + * @param Object The GOsa configuration object. + * @param String The 'dn' of the user to test the account status for. + * @param String The 'uid' of the user we're going to test. + * @return Const + * POSIX_ACCOUNT_EXPIRED - If the account is expired. + * POSIX_WARN_ABOUT_EXPIRATION - If the account is going to expire. + * POSIX_FORCE_PASSWORD_CHANGE - The password has to be changed. + * POSIX_DISALLOW_PASSWORD_CHANGE - The password cannot be changed right now. + * + * + * + * shadowLastChange + * | + * |---- shadowMin ---> | <-- shadowMax -- + * | | | + * |------- shadowWarning -> | + * |-- shadowInactive --> DEACTIVATED + * | + * EXPIRED + * + */ +function ldap_expired_account($config, $userdn, $uid) { + // Skip this for the admin account, we do not want to lock him out. + if($uid == 'admin') return(0); + $ldap= $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); $ldap->cat($userdn); $attrs= $ldap->fetch(); - - /* default value no errors */ - $expired = 0; - - $sExpire = 0; - $sLastChange = 0; - $sMax = 0; - $sMin = 0; - $sInactive = 0; - $sWarning = 0; - - $current= date("U"); - - $current= floor($current /60 /60 /24); - - /* special case of the admin, should never been locked */ - /* FIXME should allow any name as user admin */ - if($username != "admin") - { + $current= floor(date("U") /60 /60 /24); - if(isset($attrs['shadowExpire'][0])){ - $sExpire= $attrs['shadowExpire'][0]; - } else { - $sExpire = 0; - } - - if(isset($attrs['shadowLastChange'][0])){ - $sLastChange= $attrs['shadowLastChange'][0]; - } else { - $sLastChange = 0; - } - - if(isset($attrs['shadowMax'][0])){ - $sMax= $attrs['shadowMax'][0]; - } else { - $smax = 0; - } + // Fetch required attributes + foreach(array('shadowExpire','shadowLastChange','shadowMax','shadowMin', + 'shadowInactive','shadowWarning') as $attr){ + $$attr = (isset($attrs[$attr][0]))? $attrs[$attr][0] : null; + } - if(isset($attrs['shadowMin'][0])){ - $sMin= $attrs['shadowMin'][0]; - } else { - $sMin = 0; - } - - if(isset($attrs['shadowInactive'][0])){ - $sInactive= $attrs['shadowInactive'][0]; - } else { - $sInactive = 0; - } - - if(isset($attrs['shadowWarning'][0])){ - $sWarning= $attrs['shadowWarning'][0]; - } else { - $sWarning = 0; - } - - /* is the account locked */ - /* shadowExpire + shadowInactive (option) */ - if($sExpire >0){ - if($current >= ($sExpire+$sInactive)){ - return(1); + + // Check if the account has expired. + // --------------------------------- + // An account is locked/expired once its expiration date has reached (shadowExpire). + // If the optional attribute (shadowInactive) is set, we've to postpone + // the account expiration by the amount of days specified in (shadowInactive). + if($shadowExpire != null && $shadowExpire >= $current){ + + // The account seems to be expired, but we've to check 'shadowInactive' additionally. + // ShadowInactive specifies an amount of days we've to reprieve the user. + // It some kind of x days' grace. + if($shadowInactive == null || $current > $shadowExpire + $shadowInactive){ + + // Finally we've detect that the account is deactivated. + return(POSIX_ACCOUNT_EXPIRED); } - } - - /* the user should be warned to change is password */ - if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){ - if (($sExpire - $current) < $sWarning){ - return(2); + } + + // The users password is going to expire. + // -------------------------------------- + // We've to warn the user in the case of an expiring account. + // An account is going to expire when it reaches its expiration date (shadowExpire). + // The user has to be warned, if the days left till expiration, match the + // configured warning period (shadowWarning) + // --> shadowWarning: Warn x days before account expiration. + if($shadowExpire != null && $shadowWarning != null){ + + // Check if the account is still active and not already expired. + if($shadowExpire >= $current){ + + // Check if we've to warn the user by comparing the remaining + // number of days till expiration with the configured amount + // of days in shadowWarning. + if(($shadowExpire - $current) <= $shadowWarning){ + return(POSIX_WARN_ABOUT_EXPIRATION); + } } - } - - /* force user to change password */ - if(($sLastChange >0) && ($sMax) >0){ - if($current >= ($sLastChange+$sMax)){ - return(3); + } + + // -- I guess this is the correct detection, isn't it? + if($shadowLastChange != null && $shadowWarning != null && $shadowMax != null){ + $daysRemaining = ($shadowLastChange + $shadowMax) - $current ; + if($daysRemaining > 0 && $daysRemaining <= $shadowWarning){ + return(POSIX_WARN_ABOUT_EXPIRATION); } - } - - /* the user should not be able to change is password */ - if(($sLastChange >0) && ($sMin >0)){ - if (($sLastChange + $sMin) >= $current){ - return(4); + } + + + // Check if we've to force the user to change his password. + // -------------------------------------------------------- + // A password change is enforced when the password is older than + // the configured amount of days (shadowMax). + // The age of the current password (shadowLastChange) plus the maximum + // amount amount of days (shadowMax) has to be smaller than the + // current timestamp. + if($shadowLastChange != null && $shadowMax != null){ + + // Check if we've an outdated password. + if($current >= ($shadowLastChange + $shadowMax)){ + return(POSIX_FORCE_PASSWORD_CHANGE); } - } } - return($expired); + + + // Check if we've to freeze the users password. + // -------------------------------------------- + // Once a user has changed his password, he cannot change it again + // for a given amount of days (shadowMin). + // We should not allow to change the password within GOsa too. + if($shadowLastChange != null && $shadowMin != null){ + + // Check if we've an outdated password. + if(($shadowLastChange + $shadowMin) >= $current){ + return(POSIX_DISALLOW_PASSWORD_CHANGE); + } + } + + return(0); } + /*! \brief Add a lock for object(s) * * Adds a lock by the specified user for one ore multiple objects. @@ -786,17 +824,17 @@ function add_lock($object, $user) /* Just a sanity check... */ if ($object == "" || $user == ""){ - msg_dialog::display(_("Internal error"), _("Error while adding a lock. Contact the developers!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG); return; } /* Check for existing entries in lock area */ $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$user)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!$ldap->success()){ - msg_dialog::display(_("Configuration error"), sprintf(_("Cannot create locking information in LDAP tree. Please contact your administrator!")."

"._('LDAP server returned: %s'), "

".$ldap->get_error().""), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), sprintf(_("Cannot store lock information in LDAP!")."

"._('Error: %s'), "

".$ldap->get_error().""), ERROR_DIALOG); return; } @@ -804,14 +842,14 @@ function add_lock($object, $user) if ($ldap->count() == 0){ $attrs= array(); $name= md5($object); - $ldap->cd("cn=$name,".$config->get_cfg_value("config")); + $ldap->cd("cn=$name,".$config->get_cfg_value("core","config")); $attrs["objectClass"] = "gosaLockEntry"; $attrs["gosaUser"] = $user; $attrs["gosaObject"] = base64_encode($object); $attrs["cn"] = "$name"; $ldap->add($attrs); if (!$ldap->success()){ - msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "cn=$name,".$config->get_cfg_value("config"), 0, ERROR_DIALOG)); + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "cn=$name,".$config->get_cfg_value("core","config"), 0, ERROR_DIALOG)); return; } } @@ -853,7 +891,7 @@ function del_lock ($object) /* Check for existance and remove the entry */ $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search ("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaObject")); $attrs= $ldap->fetch(); if ($ldap->getDN() != "" && $ldap->success()){ @@ -880,7 +918,7 @@ function del_user_locks($userdn) /* Get LDAP ressources */ $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); /* Remove all objects of this user, drop errors silently in this case. */ $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$userdn))", array("gosaUser")); @@ -904,7 +942,7 @@ function get_lock ($object) /* Sanity check */ if ($object == ""){ - msg_dialog::display(_("Internal error"), _("Error while adding a lock. Contact the developers!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG); return(""); } @@ -914,7 +952,7 @@ function get_lock ($object) /* Get LDAP link, check for presence of the lock entry */ $user= ""; $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG)); @@ -924,9 +962,6 @@ function get_lock ($object) /* Check for broken locking information in LDAP */ if ($ldap->count() > 1){ - /* Hmm. We're removing broken LDAP information here and issue a warning. */ - msg_dialog::display(_("Warning"), _("Found multiple locks for object to be locked. This should not happen - cleaning up multiple references."), WARNING_DIALOG); - /* Clean up these references now... */ while ($attrs= $ldap->fetch()){ $ldap->rmdir($attrs['dn']); @@ -967,7 +1002,7 @@ function get_multiple_locks($objects) /* Get LDAP link, check for presence of the lock entry */ $user= ""; $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search($filter, array("gosaUser","gosaObject")); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG)); @@ -1051,7 +1086,7 @@ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= arra // log($action,$objecttype,$object,$changes_array = array(),$result = "") new log("debug","all",__FILE__,$attributes, sprintf("get_sub_list(): Falling back to get_list(), due to empty sub_bases parameter.". - " This may slow down GOsa. Search was: '%s'",$filter)); + " This may slow down GOsa. Used filter: %s", $filter)); } $tmp = get_list($filter, $category,$base,$attributes,$flags); return($tmp); @@ -1229,9 +1264,9 @@ function check_sizelimit() /* Eventually show dialog */ if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){ $smarty= get_smarty(); - $smarty->assign('warning', sprintf(_("The size limit of %d entries is exceed!"), + $smarty->assign('warning', sprintf(_("The current size limit of %d entries is exceeded!"), session::global_get('size_limit'))); - $smarty->assign('limit_message', sprintf(_("Set the new size limit to %s and show me this message if the limit still exceeds"), '')); + $smarty->assign('limit_message', sprintf(_("Set the size limit to %s"), '')); return($smarty->fetch(get_template_path('sizelimit.tpl'))); } @@ -1243,12 +1278,12 @@ function print_sizelimit_warning() { if (session::global_is_set('size_limit') && session::global_get('size_limit') >= 10000000 || (session::is_set('limit_exceeded') && session::get('limit_exceeded'))){ - $config= ""; + $config= ""; } else { $config= ""; } if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){ - return ("("._("incomplete").") $config"); + return ("("._("list is incomplete").") $config"); } return (""); } @@ -1263,7 +1298,7 @@ function eval_sizelimit() if (tests::is_id($_POST['new_limit']) && isset($_POST['action']) && $_POST['action']=="newlimit"){ - session::global_set('size_limit', validate($_POST['new_limit'])); + session::global_set('size_limit', get_post('new_limit')); session::set('size_ignore', FALSE); } @@ -1357,7 +1392,7 @@ function convert_department_dn($dn, $base = NULL) $dep= ""; - foreach (split(',', $dn) as $rdn){ + foreach (explode(',', $dn) as $rdn){ $dep = preg_replace("/^[^=]+=/","",$rdn)."/".$dep; } @@ -1396,74 +1431,40 @@ function get_sub_department($value) * Example: * \code * # Determine LDAP base where systems are stored - * $base = get_ou('systemRDN') . $this->config->current['BASE']; + * $base = get_ou("systemManagement", "systemRDN") . $this->config->current['BASE']; * $ldap->cd($base); * \endcode * */ -function get_ou($name) +function get_ou($class,$name) { - global $config; + global $config; - $map = array( - "roleRDN" => "ou=roles,", - "ogroupRDN" => "ou=groups,", - "applicationRDN" => "ou=apps,", - "systemRDN" => "ou=systems,", - "serverRDN" => "ou=servers,ou=systems,", - "terminalRDN" => "ou=terminals,ou=systems,", - "workstationRDN" => "ou=workstations,ou=systems,", - "printerRDN" => "ou=printers,ou=systems,", - "phoneRDN" => "ou=phones,ou=systems,", - "componentRDN" => "ou=netdevices,ou=systems,", - "sambaMachineAccountRDN" => "ou=winstation,", - - "faxBlocklistRDN" => "ou=gofax,ou=systems,", - "systemIncomingRDN" => "ou=incoming,", - "aclRoleRDN" => "ou=aclroles,", - "phoneMacroRDN" => "ou=macros,ou=asterisk,ou=configs,ou=systems,", - "phoneConferenceRDN" => "ou=conferences,ou=asterisk,ou=configs,ou=systems,", - - "faiBaseRDN" => "ou=fai,ou=configs,ou=systems,", - "faiScriptRDN" => "ou=scripts,", - "faiHookRDN" => "ou=hooks,", - "faiTemplateRDN" => "ou=templates,", - "faiVariableRDN" => "ou=variables,", - "faiProfileRDN" => "ou=profiles,", - "faiPackageRDN" => "ou=packages,", - "faiPartitionRDN"=> "ou=disk,", - - "sudoRDN" => "ou=sudoers,", - - "deviceRDN" => "ou=devices,", - "mimetypeRDN" => "ou=mime,"); - - /* Preset ou... */ - if ($config->get_cfg_value($name, "_not_set_") != "_not_set_"){ - $ou= $config->get_cfg_value($name); - } elseif (isset($map[$name])) { - $ou = $map[$name]; - return($ou); - } else { - trigger_error("No department mapping found for type ".$name); - return ""; - } - - if ($ou != ""){ - if (!preg_match('/^[^=]+=[^=]+/', $ou)){ - $ou = @LDAP::convert("ou=$ou"); - } else { - $ou = @LDAP::convert("$ou"); + if(!$config->configRegistry->propertyExists($class,$name)){ + trigger_error("No department mapping found for type ".$name); + return ""; } - if(preg_match("/".preg_quote($config->current['BASE'], '/')."$/",$ou)){ - return($ou); - }else{ - return("$ou,"); + $ou = $config->configRegistry->getPropertyValue($class,$name); + if ($ou != ""){ + if (!preg_match('/^[^=]+=[^=]+/', $ou)){ + $ou = @LDAP::convert("ou=$ou"); + } else { + $ou = @LDAP::convert("$ou"); + } + + if(preg_match("/".preg_quote($config->current['BASE'], '/')."$/",$ou)){ + return($ou); + }else{ + if(!preg_match("/,$/", $ou)){ + return("$ou,"); + }else{ + return($ou); + } + } + + } else { + return ""; } - - } else { - return ""; - } } @@ -1473,7 +1474,7 @@ function get_ou($name) * */ function get_people_ou() { - return (get_ou("userRDN")); + return (get_ou("core", "userRDN")); } @@ -1483,7 +1484,7 @@ function get_people_ou() */ function get_groups_ou() { - return (get_ou("groupRDN")); + return (get_ou("core", "groupRDN")); } @@ -1493,7 +1494,7 @@ function get_groups_ou() */ function get_winstations_ou() { - return (get_ou("sambaMachineAccountRDN")); + return (get_ou("wingeneric", "sambaMachineAccountRDN")); } @@ -1535,7 +1536,7 @@ function strict_uid_mode() global $config; if (isset($config)){ - return ($config->get_cfg_value("strictNamingRules") == "true"); + return ($config->get_cfg_value("core","strictNamingRules") == "true"); } return (TRUE); } @@ -1626,15 +1627,7 @@ function gen_locked_message($user, $dn, $allow_readonly = FALSE) /* Prepare and show template */ $smarty= get_smarty(); $smarty->assign("allow_readonly",$allow_readonly); - if(is_array($dn)){ - $msg = "
";
-    foreach($dn as $sub_dn){
-      $msg .= "\n".$sub_dn.", ";
-    }
-    $msg = preg_replace("/, $/","
",$msg); - }else{ - $msg = $dn; - } + $msg= msgPool::buildList($dn); $smarty->assign ("dn", $msg); if ($remove){ @@ -1642,7 +1635,8 @@ function gen_locked_message($user, $dn, $allow_readonly = FALSE) } else { $smarty->assign ("action", _("Edit anyway")); } - $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry/entries %s"), "".$msg."", "")); + + $smarty->assign ("message", _("These entries are currently locked:"). $msg); return ($smarty->fetch (get_template_path('islocked.tpl'))); } @@ -1749,6 +1743,7 @@ function dn2base($dn) * */ function check_command($cmdline) { + return(TRUE); $cmd= preg_replace("/ .*$/", "", $cmdline); /* Check if command exists in filesystem */ @@ -1904,18 +1899,6 @@ function range_selector($dcnt,$start,$range=25,$post_var=false) } -/*! \brief Generate HTML for the 'Apply filter' button */ -function apply_filter() -{ - $apply= ""; - - $apply= ''. - '
'. - '
'; - - return ($apply); -} - /*! \brief Generate HTML for the 'Back' button */ function back_to_main() @@ -1978,7 +1961,7 @@ function normalize_netmask($netmask) */ function netmask_to_bits($netmask) { - list($nm0, $nm1, $nm2, $nm3)= split('\.', $netmask); + list($nm0, $nm1, $nm2, $nm3)= explode('.', $netmask); $res= 0; for ($n= 0; $n<4; $n++){ @@ -1998,179 +1981,6 @@ function netmask_to_bits($netmask) } -/*! \brief Recursion helper for gen_id() */ -function recurse($rule, $variables) -{ - $result= array(); - - if (!count($variables)){ - return array($rule); - } - - reset($variables); - $key= key($variables); - $val= current($variables); - unset ($variables[$key]); - - foreach($val as $possibility){ - $nrule= str_replace("{$key}", $possibility, $rule); - $result= array_merge($result, recurse($nrule, $variables)); - } - - return ($result); -} - - -/*! \brief Expands user ID based on possible rules - * - * Unroll given rule string by filling in attributes. - * - * \param string 'rule' The rule string from gosa.conf. - * \param array 'attributes' A dictionary of attribute/value mappings - * \return string Expanded string, still containing the id keyword. - */ -function expand_id($rule, $attributes) -{ - /* Check for id rule */ - if(preg_match('/^id(:|#|!)\d+$/',$rule)){ - return (array("{$rule}")); - } - - /* Check for clean attribute */ - if (preg_match('/^%[a-zA-Z0-9]+$/', $rule)){ - $rule= preg_replace('/^%/', '', $rule); - $val= rewrite(str_replace(' ', '', strtolower($attributes[$rule]))); - return (array($val)); - } - - /* Check for attribute with parameters */ - if (preg_match('/^%[a-zA-Z0-9]+\[[0-9-]+\]$/', $rule)){ - $param= preg_replace('/^[^[]+\[([^]]+)]$/', '\\1', $rule); - $part= preg_replace('/^%/', '', preg_replace('/\[.*$/', '', $rule)); - $val= rewrite(str_replace(' ', '', strtolower($attributes[$part]))); - $start= preg_replace ('/-.*$/', '', $param); - $stop = preg_replace ('/^[^-]+-/', '', $param); - - /* Assemble results */ - $result= array(); - for ($i= $start; $i<= $stop; $i++){ - $result[]= substr($val, 0, $i); - } - return ($result); - } - - echo "Error in idGenerator string: don't know how to handle rule $rule.\n"; - return (array($rule)); -} - - -/*! \brief Generate a list of uid proposals based on a rule - * - * Unroll given rule string by filling in attributes and replacing - * all keywords. - * - * \param string 'rule' The rule string from gosa.conf. - * \param array 'attributes' A dictionary of attribute/value mappings - * \return array List of valid not used uids - */ -function gen_uids($rule, $attributes) -{ - global $config; - - /* Search for keys and fill the variables array with all - possible values for that key. */ - $part= ""; - $trigger= false; - $stripped= ""; - $variables= array(); - - for ($pos= 0, $l= strlen($rule); $pos < $l; $pos++){ - - if ($rule[$pos] == "{" ){ - $trigger= true; - $part= ""; - continue; - } - - if ($rule[$pos] == "}" ){ - $variables[$pos]= expand_id($part, $attributes); - $stripped.= "{".$pos."}"; - $trigger= false; - continue; - } - - if ($trigger){ - $part.= $rule[$pos]; - } else { - $stripped.= $rule[$pos]; - } - } - - /* Recurse through all possible combinations */ - $proposed= recurse($stripped, $variables); - - /* Get list of used ID's */ - $ldap= $config->get_ldap_link(); - $ldap->cd($config->current['BASE']); - - /* Remove used uids and watch out for id tags */ - $ret= array(); - foreach($proposed as $uid){ - - /* Check for id tag and modify uid if needed */ - if(preg_match('/\{id(:|!)\d+}/',$uid, $m)){ - $size= preg_replace('/^.*{id(:|!)(\d+)}.*$/', '\\2', $uid); - - $start= $m[1]==":"?0:-1; - for ($i= $start, $p= pow(10,$size)-1; $i < $p; $i++){ - if ($i == -1) { - $number= ""; - } else { - $number= sprintf("%0".$size."d", $i+1); - } - $res= preg_replace('/{id(:|!)\d+}/', $number, $uid); - - $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn')); - if($ldap->count() == 0){ - $uid= $res; - break; - } - } - - /* Remove link if nothing has been found */ - $uid= preg_replace('/{id(:|!)\d+}/', '', $uid); - } - - if(preg_match('/\{id#\d+}/',$uid)){ - $size= preg_replace('/^.*{id#(\d+)}.*$/', '\\1', $uid); - - while (true){ - mt_srand((double) microtime()*1000000); - $number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1)); - $res= preg_replace('/{id#(\d+)}/', $number, $uid); - $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn')); - if($ldap->count() == 0){ - $uid= $res; - break; - } - } - - /* Remove link if nothing has been found */ - $uid= preg_replace('/{id#\d+}/', '', $uid); - } - - /* Don't assign used ones */ - $ldap->search("(uid=".preg_replace('/[{}]/', '', $uid).")",array('dn')); - if($ldap->count() == 0){ - /* Add uid, but remove {} first. These are invalid anyway. */ - $ret[]= preg_replace('/[{}]/', '', $uid); - } - } - - return(array_unique($ret)); -} - - /*! \brief Convert various data sizes to bytes * * Given a certain value in the format n(g|m|k), where n @@ -2220,38 +2030,6 @@ function in_array_ics($value, $items) } -/*! \brief Generate a clickable alphabet */ -function generate_alphabet($count= 10) -{ - $characters= _("*ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"); - $alphabet= ""; - $c= 0; - - /* Fill cells with charaters */ - for ($i= 0, $l= mb_strlen($characters, 'UTF8'); $i<$l; $i++){ - if ($c == 0){ - $alphabet.= ""; - } - - $ch = mb_substr($characters, $i, 1, "UTF8"); - $alphabet.= " ".$ch." "; - - if ($c++ == $count){ - $alphabet.= ""; - $c= 0; - } - } - - /* Fill remaining cells */ - while ($c++ <= $count){ - $alphabet.= " "; - } - - return ($alphabet); -} - - /*! \brief Removes malicious characters from a (POST) string. */ function validate($string) { @@ -2262,18 +2040,37 @@ function validate($string) /*! \brief Evaluate the current GOsa version from the build in revision string */ function get_gosa_version() { - global $svn_revision, $svn_path; + global $svn_revision, $svn_path; - /* Extract informations */ - $revision= preg_replace('/^[^0-9]*([0-9]+)[^0-9]*$/', '\1', $svn_revision); + /* Extract informations */ + $revision= preg_replace('/^[^0-9]*([0-9]+)[^0-9]*$/', '\1', $svn_revision); + + // Extract the relevant part out of the svn url + $release= preg_replace('%^.*/gosa/(.*)/include/functions.inc.*$%', '\1', $svn_path); + + // Remove stuff which is not interesting + if(preg_match("/gosa-core/i", $release)) $release = preg_replace("/[\/]gosa-core/i","",$release); + + // A Tagged Version + if(preg_match("#/tags/#i", $svn_path)){ + $release = preg_replace("/tags[\/]*/i","",$release); + $release = preg_replace("/\//","",$release) ; + return (sprintf(_("GOsa %s"),$release)); + } + + // A Branched Version + if(preg_match("#/branches/#i", $svn_path)){ + $release = preg_replace("/branches[\/]*/i","",$release); + $release = preg_replace("/\//","",$release) ; + return (sprintf(_("GOsa %s snapshot (Rev %s)"),$release , bold($revision))); + } + + // The trunk version + if(preg_match("#/trunk/#i", $svn_path)){ + return (sprintf(_("GOsa development snapshot (Rev %s)"), bold($revision))); + } - /* Release or development? */ - if (preg_match('%/gosa/trunk/%', $svn_path)){ - return (sprintf(_("GOsa development snapshot (Rev %s)"), $revision)); - } else { - $release= preg_replace('%^.*/([^/]+)/include/functions.inc.*$%', '\1', $svn_path); return (sprintf(_("GOsa $release"), $revision)); - } } @@ -2366,14 +2163,10 @@ function clean_smarty_compile_dir($directory) is_writable($directory."/".$file)) { // delete file if(!unlink($directory."/".$file)) { - msg_dialog::display(_("Internal error"), sprintf(_("File '%s' could not be deleted."), $directory."/".$file), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), sprintf(_("File %s cannot be deleted!"), bold($directory."/".$file)), ERROR_DIALOG); // This should never be reached } - } elseif(is_dir($directory."/".$file) && - is_writable($directory."/".$file)) { - // Just recursively delete it - rmdirRecursive($directory."/".$file); - } + } } // We should now create a fresh revision file clean_smarty_compile_dir($directory); @@ -2400,7 +2193,7 @@ function create_revision($revision_file, $revision) } fclose($fh); } else { - msg_dialog::display(_("Internal error"), _("Cannot write to revision file!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG); } return $result; @@ -2420,7 +2213,7 @@ function compare_revision($revision_file, $revision) $result= true; } } else { - msg_dialog::display(_("Internal error"), _("Cannot write to revision file!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG); } // Close file fclose($fh); @@ -2439,11 +2232,64 @@ function compare_revision($revision_file, $revision) * \param int 'percentage' Value to display * \param int 'width' width of the resulting output * \param int 'height' height of the resulting output - * \param boolean 'showvalue' weither to show the percentage in the progressbar or not + * \param boolean 'showtext' weither to show the percentage in the progressbar or not * */ -function progressbar($percentage,$width=100,$height=15,$showvalue=false) +function progressbar($percentage, $width= 200, $height= 14, $showText= false, $colorize= true, $id= "") { - return(""); + $text= ""; + $class= ""; + $style= "width:${width}px;height:${height}px;"; + + // Fix percentage range + $percentage= floor($percentage); + if ($percentage > 100) { + $percentage= 100; + } + if ($percentage < 0) { + $percentage= 0; + } + + // Only show text if we're above 10px height + if ($showText && $height>10){ + $text= $percentage."%"; + } + + // Set font size + $style.= "font-size:".($height-3)."px;"; + + // Set color + if ($colorize){ + if ($percentage < 70) { + $class= " progress-low"; + } elseif ($percentage < 80) { + $class= " progress-mid"; + } elseif ($percentage < 90) { + $class= " progress-high"; + } else { + $class= " progress-full"; + } + } + + // Apply gradients + $hoffset= floor($height / 2) + 4; + $woffset= floor(($width+5) * (100-$percentage) / 100); + foreach (array("-moz-box-shadow", "-webkit-box-shadow", "box-shadow") as $type) { + $style.="$type: + 0 0 2px rgba(255, 255, 255, 0.4) inset, + 0 4px 6px rgba(255, 255, 255, 0.4) inset, + 0 ".$hoffset."px 0 -2px rgba(255, 255, 255, 0.2) inset, + -".$woffset."px 0 0 -2px rgba(255, 255, 255, 0.2) inset, + -".($woffset+1)."px 0 0 -2px rgba(0, 0, 0, 0.6) inset, + 0pt ".($hoffset+1)."px 8px rgba(0, 0, 0, 0.3) inset, + 0pt 1px 0px rgba(0, 0, 0, 0.2);"; + } + + // Set ID + if ($id != ""){ + $id= "id='$id'"; + } + + return "
$text
"; } @@ -2625,10 +2471,10 @@ function get_base_from_hook($dn, $attrib) { global $config; - if ($config->get_cfg_value("baseIdHook") != ""){ + if ($config->get_cfg_value("core","baseIdHook") != ""){ /* Call hook script - if present */ - $command= $config->get_cfg_value("baseIdHook"); + $command= $config->get_cfg_value("core","baseIdHook"); if ($command != ""){ $command.= " '".LDAP::fix($dn)."' $attrib"; @@ -2639,17 +2485,17 @@ function get_base_from_hook($dn, $attrib) return ($output[0]); } else { msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG); - return ($config->get_cfg_value("uidNumberBase")); + return ($config->get_cfg_value("core","uidNumberBase")); } } else { msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG); - return ($config->get_cfg_value("uidNumberBase")); + return ($config->get_cfg_value("core","uidNumberBase")); } } else { msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG); - return ($config->get_cfg_value("uidNumberBase")); + return ($config->get_cfg_value("core","uidNumberBase")); } } @@ -2672,7 +2518,7 @@ function check_schema($cfg,$rfc2307bis = FALSE) $ldap = new ldapMultiplexer(new LDAP($cfg['admin'],$cfg['password'],$cfg['connection'] ,FALSE, $cfg['tls'])); $objectclasses = $ldap->get_objectclasses(); if(count($objectclasses) == 0){ - msg_dialog::display(_("LDAP warning"), _("Cannot get schema information from server. No schema check possible!"), WARNING_DIALOG); + msg_dialog::display(_("Warning"), _("Cannot read schema information from LDAP. Schema validation is not possible!"), WARNING_DIALOG); } /* This is the default block used for each entry. @@ -2684,28 +2530,28 @@ function check_schema($cfg,$rfc2307bis = FALSE) "STATUS" => FALSE, "IS_MUST_HAVE" => FALSE, "MSG" => "", - "INFO" => "");#_("There is currently no information specified for this schema extension.")); + "INFO" => ""); /* The gosa base schema */ $checks['gosaObject'] = $def_check; $checks['gosaObject']['REQUIRED_VERSION'] = "2.6.1"; - $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema"); + $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema"); $checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject"); $checks['gosaObject']['IS_MUST_HAVE'] = TRUE; /* GOsa Account class */ $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6"; - $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema"); + $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema"); $checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount"); $checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE; - $checks["gosaAccount"]["INFO"] = _("Used to store account specific informations."); + $checks["gosaAccount"]["INFO"] = _("This class is used to make users appear in GOsa."); /* GOsa lock entry, used to mark currently edited objects as 'in use' */ $checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.6.1"; - $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema"); + $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema"); $checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry"); $checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE; - $checks["gosaLockEntry"]["INFO"] = _("Used to lock currently edited entries to avoid multiple changes at the same time."); + $checks["gosaLockEntry"]["INFO"] = _("This class is used to lock entries in order to prevent multiple edits at a time."); /* Some other checks */ foreach(array( @@ -2750,18 +2596,18 @@ function check_schema($cfg,$rfc2307bis = FALSE) if(!isset($objectclasses[$name])){ if($value['IS_MUST_HAVE']){ $checks[$name]['STATUS'] = FALSE; - $checks[$name]['MSG'] = sprintf(_("Missing required object class '%s'!"),$class); + $checks[$name]['MSG'] = sprintf(_("Required object class %s is missing!"), bold($class)); } else { $checks[$name]['STATUS'] = TRUE; - $checks[$name]['MSG'] = sprintf(_("Missing optional object class '%s'!"),$class); + $checks[$name]['MSG'] = sprintf(_("Optional object class %s is missing!"), bold($class)); } }elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){ $checks[$name]['STATUS'] = FALSE; - $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']); + $checks[$name]['MSG'] = sprintf(_("Wrong version of required object class %s (!=%s) detected!"), bold($class), bold($value['REQUIRED_VERSION'])); }else{ $checks[$name]['STATUS'] = TRUE; - $checks[$name]['MSG'] = sprintf(_("Class(es) available")); + $checks[$name]['MSG'] = sprintf(_("Class available")); } } } @@ -2783,13 +2629,13 @@ function check_schema($cfg,$rfc2307bis = FALSE) if($rfc2307bis && isset($tmp['posixGroup']['STRUCTURAL'])){ $checks['posixGroup']['STATUS'] = FALSE; - $checks['posixGroup']['MSG'] = _("You have enabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option."); - $checks['posixGroup']['INFO'] = _("In order to use rfc2307bis conform groups the objectClass 'posixGroup' must be AUXILIARY"); + $checks['posixGroup']['MSG'] = _("RFC2307bis schema is enabled, but the current LDAP configuration does not support it!"); + $checks['posixGroup']['INFO'] = _("To use RFC2307bis groups, the objectClass 'posixGroup' must be AUXILIARY."); } if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){ $checks['posixGroup']['STATUS'] = FALSE; - $checks['posixGroup']['MSG'] = _("Your schema is configured to support the rfc2307bis group, but you have disabled this option on the 'ldap setup' step."); - $checks['posixGroup']['INFO'] = _("The objectClass 'posixGroup' must be STRUCTURAL"); + $checks['posixGroup']['MSG'] = _("RFC2307bis schema is disabled, but the current LDAP configuration supports it!"); + $checks['posixGroup']['INFO'] = _("To correct this, the objectClass 'posixGroup' must be STRUCTURAL."); } } @@ -2807,6 +2653,7 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA "en_US" => "English", "nl_NL" => "Dutch", "pl_PL" => "Polish", + "pt_BR" => "Brazilian Portuguese", #"sv_SE" => "Swedish", "zh_CN" => "Chinese", "vi_VN" => "Vietnamese", @@ -2820,6 +2667,7 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA "en_US" => _("English"), "nl_NL" => _("Dutch"), "pl_PL" => _("Polish"), + "pt_BR" => _("Brazilian Portuguese"), #"sv_SE" => _("Swedish"), "zh_CN" => _("Chinese"), "vi_VN" => _("Vietnamese"), @@ -2871,19 +2719,75 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA * \return string * */ function get_post($name) +{ + if(!isset($_POST[$name])){ + trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message."); + return(FALSE); + } + + // Handle Posted Arrays + $tmp = array(); + if(is_array($_POST[$name]) && !is_string($_POST[$name])){ + foreach($_POST[$name] as $key => $val){ + if(get_magic_quotes_gpc()){ + $val = stripcslashes($val); + } + $tmp[$key] = $val; + } + return($tmp); + }else{ + + if(get_magic_quotes_gpc()){ + $val = stripcslashes($_POST[$name]); + }else{ + $val = $_POST[$name]; + } + } + return($val); +} + + +/*! \brief Returns contents of the given POST variable and check magic quotes settings + * + * Depending on the magic quotes settings this returns a stripclashed'ed version of + * a certain POST variable. + * + * \param string 'name' the POST var to return ($_POST[$name]) + * \return string + * */ +function get_binary_post($name) { if(!isset($_POST[$name])){ trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message."); return(FALSE); } + $p = str_replace('\0', '', $_POST[$name]); if(get_magic_quotes_gpc()){ - return(stripcslashes(validate($_POST[$name]))); + return(stripcslashes($p)); }else{ - return(validate($_POST[$name])); + return($_POST[$p]); } } +function set_post($value) +{ + // Take care of array, recursivly convert each array entry. + if(is_array($value)){ + foreach($value as $key => $val){ + $value[$key] = set_post($val); + } + return($value); + } + + // Do not touch boolean values, we may break them. + if($value === TRUE || $value === FALSE ) return($value); + + // Return a fixed string which can then be used in HTML fields without + // breaking the layout or the values. This allows to use '"<> in input fields. + return(htmlentities($value, ENT_QUOTES, 'utf-8')); +} + /*! \brief Return class name in correct case */ function get_correct_class_name($cls) @@ -2900,132 +2804,213 @@ function get_correct_class_name($cls) } -/*! \brief Change the password of a given DN - * - * Change the password of a given DN with the specified hash. - * - * \param string 'dn' the DN whose password shall be changed - * \param string 'password' the password - * \param int mode - * \param string 'hash' which hash to use to encrypt it, default is empty - * for cleartext storage. - * \return boolean TRUE on success FALSE on error +/*! \brief Change the password for a given object ($dn). + * This method uses the specified hashing method to generate a new password + * for the object and it also takes care of sambaHashes, if enabled. + * Finally the postmodify hook of the class 'user' will be called, if it is set. + * + * @param String The DN whose password shall be changed. + * @param String The new password. + * @param Boolean Skip adding samba hashes to the target (sambaNTPassword,sambaLMPassword) + * @param String The hashin method to use, default is the global configured default. + * @param String The users old password, this allows script based rollback mechanisms, + * the prehook will then be called witch switched newPassword/oldPassword. + * @return Boolean TRUE on success else FALSE. */ -function change_password ($dn, $password, $mode=0, $hash= "") +function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password = "", &$message = "") { - global $config; - $newpass= ""; - - /* Convert to lower. Methods are lowercase */ - $hash= strtolower($hash); - - // Get all available encryption Methods - - // NON STATIC CALL :) - $methods = new passwordMethod(session::get('config')); - $available = $methods->get_available_methods(); - - // read current password entry for $dn, to detect the encryption Method - $ldap = $config->get_ldap_link(); - $ldap->cat ($dn, array("shadowLastChange", "userPassword", "uid")); - $attrs = $ldap->fetch (); + global $config; + $newpass= ""; - /* Is ensure that clear passwords will stay clear */ - if($hash == "" && isset($attrs['userPassword'][0]) && !preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0])){ - $hash = "clear"; - } - - // Detect the encryption Method - if ( (isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)) || $hash != ""){ - - /* Check for supported algorithm */ + // Not sure, why this is here, but maybe some encryption methods require it. mt_srand((double) microtime()*1000000); - /* Extract used hash */ - if ($hash == ""){ - $test = passwordMethod::get_method($attrs['userPassword'][0],$dn); - } else { - $test = new $available[$hash]($config,$dn); - $test->set_hash($hash); - } + // Get a list of all available password encryption methods. + $methods = new passwordMethod(session::get('config'),$dn); + $available = $methods->get_available_methods(); - } else { - // User MD5 by default - $hash= "md5"; - $test = new $available['md5']($config); - } - - if($test instanceOf passwordMethod){ - - $deactivated = $test->is_locked($config,$dn); + // Fetch the current object data, to be able to detect the current hashing method + // and to be able to rollback changes once has an error occured. + $ldap = $config->get_ldap_link(); + $ldap->cat ($dn, array("shadowLastChange", "userPassword","sambaNTPassword","sambaLMPassword", "uid")); + $attrs = $ldap->fetch (); + $initialAttrs = $attrs; + + // If no hashing method is enforced, then detect what method we've to use. + $hash = strtolower($hash); + if(empty($hash)){ + + // Do we need clear-text password for this object? + if(isset($attrs['userPassword'][0]) && !preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0])){ + $hash = "clear"; + $test = new $available[$hash]($config,$dn); + $test->set_hash($hash); + } - /* Feed password backends with information */ - $test->dn= $dn; - $test->attrs= $attrs; - $newpass= $test->generate_hash($password); + // If we've still no valid hashing method detected, then try to extract if from the userPassword attribute. + elseif(isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)){ + $test = passwordMethod::get_method($attrs['userPassword'][0],$dn); + $hash = $test->get_hash_name(); + } - // Update shadow timestamp? - if (isset($attrs["shadowLastChange"][0])){ - $shadow= (int)(date("U") / 86400); - } else { - $shadow= 0; + // No current password was found and no hash is enforced, so we've to use the config default here. + $hash = $config->get_cfg_value('core','passwordDefaultHash'); + $test = new $available[$hash]($config,$dn); + $test->set_hash($hash); + }else{ + $test = new $available[$hash]($config,$dn); + $test->set_hash($hash); } - // Write back modified entry - $ldap->cd($dn); - $attrs= array(); - - // Not for groups - if ($mode == 0){ - - if ($shadow != 0){ - $attrs['shadowLastChange']= $shadow; - } - - // Create SMB Password - $attrs= generate_smb_nt_hash($password); - } + // We've now a valid password-method-handle and can create the new password hash or don't we? + if(!$test instanceOf passwordMethod){ + $message = _("Cannot detect password hash!"); + }else{ - $attrs['userPassword']= array(); - $attrs['userPassword']= $newpass; + // Feed password backends with object information. + $test->dn = $dn; + $test->attrs = $attrs; + $newpass= $test->generate_hash($password); + + // Do we have to append samba attributes too? + // - sambaNTPassword / sambaLMPassword + $tmp = $config->get_cfg_value('core','sambaHashHook'); + $attrs= array(); + if (!$mode && !empty($tmp)){ + $attrs= generate_smb_nt_hash($password); + $shadow = (isset($attrs["shadowLastChange"][0]))?(int)(date("U") / 86400):0; + if ($shadow != 0){ + $attrs['shadowLastChange']= $shadow; + } + } - $ldap->modify($attrs); + // Write back the new password hash + $ldap->cd($dn); + $attrs['userPassword']= $newpass; - /* Read ! if user was deactivated */ - if($deactivated){ - $test->lock_account($config,$dn); - } + // Prepare a special attribute list, which will be used for event hook calls + $attrsEvent = array(); + foreach($initialAttrs as $name => $value){ + if(!is_numeric($name)) + $attrsEvent[$name] = escapeshellarg($value[0]); + } + $attrsEvent['dn'] = escapeshellarg($initialAttrs['dn']); + foreach($attrs as $name => $value){ + $attrsEvent[$name] = escapeshellarg($value); + } + $attrsEvent['current_password'] = escapeshellarg($old_password); + $attrsEvent['new_password'] = escapeshellarg($password); + + // Call the premodify hook now + $passwordPlugin = new password($config,$dn); + plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); + if($retCode === 0 && count($output)){ + $message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output)); + return(FALSE); + } - new log("modify","users/passwordMethod",$dn,array_keys($attrs),$ldap->get_error()); + // Perform ldap operations + $ldap->modify($attrs); - if (!$ldap->success()) { - msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, ERROR_DIALOG)); - } else { + // Check if the object was locked before, if it was, lock it again! + $deactivated = $test->is_locked($config,$dn); + if($deactivated){ + $test->lock_account($config,$dn); + } - /* Run backend method for change/create */ - if(!$test->set_password($password)){ - return(FALSE); - } + // Check if everything went fine and then call the post event hooks. + // If an error occures, then try to rollback the complete actions done. + $preRollback = FALSE; + $ldapRollback = FALSE; + $success = TRUE; + if (!$ldap->success()) { + new log("modify","users/passwordMethod",$dn,array(),"Password change - ldap modifications! - FAILED"); + $success =FALSE; + $message = msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD); + $preRollback =TRUE; + } else { - /* Find postmodify entries for this class */ - $command= $config->search("password", "POSTMODIFY",array('menu')); + // Now call the passwordMethod change mechanism. + if(!$test->set_password($password)){ + $ldapRollback = TRUE; + $preRollback =TRUE; + $success = FALSE; + new log("modify","users/passwordMethod",$dn,array(),"Password change - set_password! - FAILED"); + $message = _("Password change failed!"); + }else{ + + // Execute the password hook + plugin::callHook($passwordPlugin, 'POSTMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); + if($retCode === 0){ + if(count($output)){ + new log("modify","users/passwordMethod",$dn,array(),"Password change - Post modify hook reported! - FAILED!"); + $message = sprintf(_("Post-event hook reported a problem: %s. Password change canceled!"),implode($output)); + $ldapRollback = TRUE; + $preRollback = TRUE; + $success = FALSE; + }else{ + #new log("modify","users/passwordMethod",$dn,array(),"Password change - successfull!"); + } + }else{ + $ldapRollback = TRUE; + $preRollback = TRUE; + $success = FALSE; + new log("modify","users/passwordMethod",$dn,array(),"Password change - postmodify hook execution! - FAILED"); + new log("modify","users/passwordMethod",$dn,array(),$error); + + // Call password method again and send in old password to + // keep the database consistency + $test->set_password($old_password); + } + } + } - if ($command != ""){ - /* Walk through attribute list */ - $command= preg_replace("/%userPassword/", $password, $command); - $command= preg_replace("/%dn/", $dn, $command); + // Setting the password in the ldap database or further operation failed, we should now execute + // the plugins pre-event hook, using switched passwords, new/old password. + // This ensures that passwords which were set outside of GOsa, will be reset to its + // starting value. + if($preRollback){ + new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook!"); + $oldpass= $test->generate_hash($old_password); + $attrsEvent['current_password'] = escapeshellarg($password); + $attrsEvent['new_password'] = escapeshellarg($old_password); + foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){ + if(isset($initialAttrs[$attr][0])) $attrsEvent[$attr] = $initialAttrs[$attr][0]; + } + + plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); + if($retCode === 0 && count($output)){ + $message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output)); + new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook! - FAILED!"); + } + } + + // We've written the password to the ldap database, but executing the postmodify hook failed. + // Now, we've to rollback all password related ldap operations. + if($ldapRollback){ + new log("modify","users/passwordMethod",$dn,array(),"Rolling back ldap modifications!"); + $attrs = array(); + foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){ + if(isset($initialAttrs[$attr][0])) $attrs[$attr] = $initialAttrs[$attr][0]; + } + $ldap->cd($dn); + $ldap->modify($attrs); + if(!$ldap->success()){ + $message = msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD); + new log("modify","users/passwordMethod",$dn,array(),"Rolling back ldap modifications! - FAILED"); + } + } - if (check_command($command)){ - @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute"); - exec($command); - } else { - $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, "password"); - msg_dialog::display(_("Configuration error"), $message, ERROR_DIALOG); + // Log action. + if($success){ + stats::log('global', 'global', array('users'), $action = 'change_password', $amount = 1, 0, $test->get_hash()); + new log("modify","users/passwordMethod",$dn,array(),"Password change - successfull!"); + }else{ + new log("modify","users/passwordMethod",$dn,array(),"Password change - FAILED!"); } - } + + return($success); } - return(TRUE); - } } @@ -3042,8 +3027,19 @@ function generate_smb_nt_hash($password) { global $config; - # Try to use gosa-si? - if ($config->get_cfg_value("gosaSupportURI") != ""){ + // First try to retrieve values via RPC + if ($config->get_cfg_value("core","gosaRpcServer") != ""){ + + $rpc = $config->getRpcHandle(); + $hash = $rpc->mksmbhash($password); + if(!$rpc->success()){ + msg_dialog::display(_("Error"),msgPool::rpcError($rpc->get_error()),ERROR_DIALOG); + return(""); + } + + }elseif ($config->get_cfg_value("core","gosaSupportURI") != ""){ + + // Try using gosa-si $res= gosaSupportDaemon::send("gosa_gen_smb_hash", "GOSA", array("password" => $password), TRUE); if (isset($res['XML']['HASH'])){ $hash= $res['XML']['HASH']; @@ -3052,11 +3048,13 @@ function generate_smb_nt_hash($password) } if ($hash == "") { - msg_dialog::display(_("Configuration error"), _("Cannot generate samba hash!"), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), _("Cannot generate SAMBA hash!"), ERROR_DIALOG); return (""); } } else { - $tmp= $config->get_cfg_value('sambaHashHook')." ".escapeshellarg($password); + $tmp = $config->get_cfg_value("core",'sambaHashHook'); + $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp); + $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp); @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute"); exec($tmp, $ar); @@ -3065,12 +3063,12 @@ function generate_smb_nt_hash($password) $hash= current($ar); if ($hash == "") { - msg_dialog::display(_("Configuration error"), sprintf(_("Cannot generate samba hash: running '%s' failed, check the 'sambaHashHook'!"),$config->get_cfg_value('sambaHashHook')), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), sprintf(_("Generating SAMBA hash by running %s failed: check %s!"), bold($config->get_cfg_value("core",'sambaHashHook'), bold("sambaHashHook"))), ERROR_DIALOG); return (""); } } - list($lm,$nt)= split (":", trim($hash)); + list($lm,$nt)= explode(":", trim($hash)); $attrs['sambaLMPassword']= $lm; $attrs['sambaNTPassword']= $nt; @@ -3099,7 +3097,7 @@ function getEntryCSN($dn) } /* Get attribute that we should use as serial number */ - $attr= $config->get_cfg_value("modificationDetectionAttribute"); + $attr= $config->get_cfg_value("core","modificationDetectionAttribute"); if($attr != ""){ $ldap = $config->get_ldap_link(); $ldap->cat($dn,array($attr)); @@ -3257,9 +3255,6 @@ function update_accessTo($from,$to) while($attrs = $ldap->fetch()){ $new_attrs = array("accessTo" => array()); $dn = $attrs['dn']; - for($i = 0 ; $i < $attrs['objectClass']['count']; $i++){ - $new_attrs['objectClass'][] = $attrs['objectClass'][$i]; - } for($i = 0 ; $i < $attrs['accessTo']['count']; $i++){ if($attrs['accessTo'][$i] == $from){ if(!empty($to)){ @@ -3339,14 +3334,14 @@ function get_next_id($attrib, $dn) { global $config; - switch ($config->get_cfg_value("idAllocationMethod", "traditional")){ + switch ($config->get_cfg_value("core","idAllocationMethod")){ case "pool": return get_next_id_pool($attrib); case "traditional": return get_next_id_traditional($attrib, $dn); } - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG); return null; } @@ -3355,12 +3350,12 @@ function get_next_id_pool($attrib) { global $config; /* Fill informational values */ - $min= $config->get_cfg_value("${attrib}PoolMin", 10000); - $max= $config->get_cfg_value("${attrib}PoolMax", 40000); + $min= $config->get_cfg_value("core","${attrib}PoolMin"); + $max= $config->get_cfg_value("core","${attrib}PoolMax"); /* Sanity check */ if ($min >= $max) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), $attrib), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), bold($attrib), bold($attrib)), ERROR_DIALOG); return null; } @@ -3379,8 +3374,8 @@ function get_next_id_pool($attrib) { /* If it does not exist, create one with these defaults */ if ($ldap->count() == 0) { /* Fill informational values */ - $minUserId= $config->get_cfg_value("uidPoolMin", 10000); - $minGroupId= $config->get_cfg_value("gidPoolMin", 10000); + $minUserId= $config->get_cfg_value("core","uidNumberPoolMin"); + $minGroupId= $config->get_cfg_value("core","gidNumberPoolMin"); /* Add as default */ $attrs= array("objectClass" => array("organizationalUnit", "sambaUnixIdPool")); @@ -3398,7 +3393,7 @@ function get_next_id_pool($attrib) { } /* Bail out if it's not unique */ if ($ldap->count() != 1) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG); return null; } @@ -3410,11 +3405,11 @@ function get_next_id_pool($attrib) { /* Sanity check */ if ($newAttr >= $max) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG); return null; } if ($newAttr < $min) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG); return null; } @@ -3429,7 +3424,7 @@ function get_next_id_pool($attrib) { $ldap->cd($dn); $ldap->modify(array($attrib => $newAttr)); if ($ldap->error != "Success") { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".$ldap->get_error(), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".$ldap->get_error(), ERROR_DIALOG); return null; } else { return $oldAttr; @@ -3438,7 +3433,7 @@ function get_next_id_pool($attrib) { /* Bail out if we had problems getting the next id */ if (!$tries) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("maximum tries exceeded!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("maximum number of tries exceeded!"), ERROR_DIALOG); } return $id; @@ -3470,10 +3465,10 @@ function get_next_id_traditional($attrib, $dn) /* get the ranges */ $tmp = array('0'=> 1000); - if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("uidNumberBase") != ""){ - $tmp= split('-',$config->get_cfg_value("uidNumberBase")); - } elseif($config->get_cfg_value("gidNumberBase") != ""){ - $tmp= split('-',$config->get_cfg_value("gidNumberBase")); + if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("core","uidNumberBase") != ""){ + $tmp= explode('-',$config->get_cfg_value("core","uidNumberBase")); + } elseif($config->get_cfg_value("core","gidNumberBase") != ""){ + $tmp= explode('-',$config->get_cfg_value("core","gidNumberBase")); } /* Set hwm to max if not set - for backward compatibility */ @@ -3484,7 +3479,7 @@ function get_next_id_traditional($attrib, $dn) $hwm= pow(2,32); } /* Find out next free id near to UID_BASE */ - if ($config->get_cfg_value("baseIdHook") == ""){ + if ($config->get_cfg_value("core","baseIdHook") == ""){ $base= $lwm; } else { /* Call base hook */ @@ -3498,11 +3493,361 @@ function get_next_id_traditional($attrib, $dn) /* Should not happen */ if ($id == $hwm){ - msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID!"), ERROR_DIALOG); exit; } } +/* Mark the occurance of a string with a span */ +function mark($needle, $haystack, $ignorecase= true) +{ + $result= ""; + + while (preg_match('/^(.*)('.preg_quote($needle).')(.*)$/i', $haystack, $matches)) { + $result.= $matches[1]."".$matches[2].""; + $haystack= $matches[3]; + } + + return $result.$haystack; +} + + +/* Return an image description using the path */ +function image($path, $action= "", $title= "", $align= "middle") +{ + global $config; + global $BASE_DIR; + $label= null; + + // Bail out, if there's no style file + if(!session::global_is_set("img-styles")){ + + // Get theme + if (isset ($config)){ + $theme= $config->get_cfg_value("core","theme"); + } else { + + // Fall back to default theme + $theme= "default"; + } + + if (!file_exists("$BASE_DIR/ihtml/themes/$theme/img.styles")){ + die ("No img.style for this theme found!"); + } + + session::global_set('img-styles', unserialize(file_get_contents("$BASE_DIR/ihtml/themes/$theme/img.styles"))); + } + $styles= session::global_get('img-styles'); + + /* Extract labels from path */ + if (preg_match("/\.png\[(.*)\]$/", $path, $matches)) { + $label= $matches[1]; + } + + $lbl= ""; + if ($label) { + if (isset($styles["images/label-".$label.".png"])) { + $lbl= "
"; + } else { + die("Invalid label specified: $label\n"); + } + + $path= preg_replace("/\[.*\]$/", "", $path); + } + + // Non middle layout? + if ($align == "middle") { + $align= ""; + } else { + $align= ";vertical-align:$align"; + } + + // Clickable image or not? + if ($title != "") { + $title= "title='$title'"; + } + if ($action == "") { + return "
$lbl
"; + } else { + return ""; + } +} + +/*! \brief Encodes a complex string to be useable in HTML posts. + */ +function postEncode($str) +{ + return(preg_replace("/=/","_", base64_encode($str))); +} + +/*! \brief Decodes a string encoded by postEncode + */ +function postDecode($str) +{ + return(base64_decode(preg_replace("/_/","=", $str))); +} + + +/*! \brief Generate styled output + */ +function bold($str) +{ + return "$str"; +} + + + +/*! \brief Detect the special character handling for the currently used ldap database. + * For example some convert , to \2C or " to \22. + * + * @param Config The GOsa configuration object. + * @return Array An array containing a character mapping the use. + */ +function detectLdapSpecialCharHandling() +{ + // The list of chars to test for + global $config; + if(!$config) return(NULL); + + // In the DN we've to use escaped characters, but the object name (o) + // has the be un-escaped. + $name = 'GOsaLdapEncoding_,_"_(_)_+'; + $dnName = 'GOsaLdapEncoding_\,_\"_(_)_\+'; + + // Prapare name to be useable in filters + $fixed= normalizeLdap(str_replace('\\\\', '\\\\\\', $name)); + $filterName = str_replace('\\,', '\\\\,', $fixed); + + // Create the target dn + $oDN = "o={$dnName},".$config->current['BASE']; + + // Get ldap connection and check if we've already created the character + // detection object. + $ldapCID = ldap_connect($config->current['SERVER']); + ldap_set_option($ldapCID, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_bind($ldapCID, $config->current['ADMINDN'],$config->current['ADMINPASSWORD']); + $res = ldap_list($ldapCID, $config->current['BASE'], + "(&(o=".$filterName.")(objectClass=organization))", + array('dn')); + + // If we haven't created the character-detection object, then create it now. + $cnt = ldap_count_entries($ldapCID, $res); + if(!$cnt){ + $obj = array(); + $obj['objectClass'] = array('top','organization'); + $obj['o'] = $name; + $obj['description'] = 'GOsa character encoding test-object.'; + if(!@ldap_add($ldapCID, $oDN, $obj)){ + trigger_error("GOsa couldn't detect the special character handling used by your ldap!"); + return(NULL); + } + } + + // Read the character-handling detection entry from the ldap. + $res = ldap_list($ldapCID, $config->current['BASE'], + "(&(o=".$filterName.")(objectClass=organization))", + array('dn','o')); + $cnt = ldap_count_entries($ldapCID, $res); + if($cnt != 1 || !$res){ + trigger_error("GOsa couldn't detect the special character handling used by your ldap!"); + return(NULL); + }else{ + + // Get the character handling entry from the ldap and check how the + // values were written. Compare them with what + // we've initially intended to write and create a mapping out + // of the results. + $re = ldap_first_entry($ldapCID, $res); + $attrs = ldap_get_attributes($ldapCID, $re); + + // Extract the interessting characters out of the dn and the + // initially used $name for the entry. + $mapDNstr = preg_replace("/^o=GOsaLdapEncoding_([^,]*),.*$/","\\1", trim(ldap_get_dn($ldapCID, $re))); + $mapDN = preg_split("/_/", $mapDNstr,0, PREG_SPLIT_NO_EMPTY); + + $mapNameStr = preg_replace("/^GOsaLdapEncoding_/","",$dnName); + $mapName = preg_split("/_/", $mapNameStr,0, PREG_SPLIT_NO_EMPTY); + + // Create a mapping out of the results. + $map = array(); + foreach($mapName as $key => $entry){ + $map[$entry] = $mapDN[$key]; + } + return($map); + } + return(NULL); +} + + +/*! \brief Replaces placeholder in a given string. + * For example: + * '%uid@gonicus.de' Replaces '%uid' with 'uid'. + * '{%uid[0]@gonicus.de}' Replaces '%uid[0]' with the first char of 'uid'. + * '%uid[2-4]@gonicus.de' Replaces '%uid[2-4]' with three chars from 'uid' starting from the second. + * + * The surrounding {} in example 2 are optional. + * + * @param String The string to perform the action on. + * @param Array An array of replacements. + * @return The resulting string. + */ +function fillReplacements($str, $attrs, $shellArg = FALSE, $default = "") +{ + // Search for '{%...[n-m]} + // Get all matching parts of the given string and sort them by + // length, to avoid replacing strings like '%uidNumber' with 'uid' + // instead of 'uidNumber'; The longest tring at first. + preg_match_all('/(\{?%([a-z0-9]+)(\[(([0-9]+)(\-([0-9]+))?)\])?\}?)/i', $str ,$matches, PREG_SET_ORDER); + $hits = array(); + foreach($matches as $match){ + $hits[strlen($match[2]).$match[0]] = $match; + } + krsort($hits); + + // Replace the placeholder in the given string now. + foreach($hits as $match){ + + // Avoid errors about undefined index. + $name = $match[2]; + if(!isset($attrs[$name])) $attrs[$name] = $default; + + // Calculate the replacement + $start = (isset($match[5])) ? $match[5] : 0; + $end = strlen($attrs[$name]); + if(isset($match[5]) && !isset($match[7])){ + $end = 1; + }elseif(isset($match[5]) && isset($match[7])){ + $end = ($match[7]-$start+1); + } + $value = substr($attrs[$name], $start, $end); + + // Use values which are valid for shell execution? + if($shellArg) $value = escapeshellarg($value); + + // Replace the placeholder within the string. + $str = preg_replace("/".preg_quote($match[0],'/')."/", $value, $str); + } + return($str); +} + + +/*! \brief Generate a list of uid proposals based on a rule + * + * Unroll given rule string by filling in attributes and replacing + * all keywords. + * + * \param string 'rule' The rule string from gosa.conf. + * \param array 'attributes' A dictionary of attribute/value mappings + * \return array List of valid not used uids + */ +function gen_uids($rule, $attributes) +{ + global $config; + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + + + // Strip out non ascii chars + foreach($attributes as $name => $value){ + $value = iconv('UTF-8', 'US-ASCII//TRANSLIT', $value); + $value = preg_replace('/[^(\x20-\x7F)]*/','',$value); + $attributes[$name] = strtolower($value); + } + + // Search for '{%...[n-m]} + // Get all matching parts of the given string and sort them by + // length, to avoid replacing strings like '%uidNumber' with 'uid' + // instead of 'uidNumber'; The longest tring at first. + preg_match_all('/(\{?%([a-z0-9]+)(\[(([0-9]+)(\-([0-9]+))?)\])?\}?)/i', $rule ,$matches, PREG_SET_ORDER); + $replacements = array(); + foreach($matches as $match){ + + // No start position given, then add the complete value + if(!isset($match[5])){ + $replacements[$match[0]][] = $attributes[$match[2]]; + + // Start given but no end, so just add a simple character + }elseif(!isset($match[7])){ + if(isset($attributes[$match[2]][$match[5]])){ + $replacements[$match[0]][] = $attributes[$match[2]][$match[5]]; + } + + // Add all values in range + }else{ + $str = ""; + for($i=$match[5]; $i<= $match[7]; $i++){ + if(isset($attributes[$match[2]][$i])){ + $str .= $attributes[$match[2]][$i]; + $replacements[$match[0]][] = $str; + } + } + } + } + + // Create proposal array + $rules = array($rule); + foreach($replacements as $tag => $values){ + $rules = gen_uid_proposals($rules, $tag,$values); + } + + + // Search for id tags {id:3} / {id#3} + preg_match_all('/\{id(#|:)([0-9])+\}/i', $rule ,$matches, PREG_SET_ORDER); + $idReplacements = array(); + foreach($matches as $match){ + if(count($match) != 3) continue; + + // Generate random number + if($match[1] == '#'){ + foreach($rules as $id => $ruleStr){ + $genID = rand(pow(10,$match[2] -1),pow(10, ($match[2])) - 1); + $rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/", $genID,$ruleStr); + } + } + + // Search for next free id + if($match[1] == ':'){ + + // Walk through rules and replace all occurences of {id:..} + foreach($rules as $id => $ruleStr){ + $genID = 0; + $start = TRUE; + while($start || $ldap->count()){ + $start = FALSE; + $number= sprintf("%0".$match[2]."d", $genID); + $testRule = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr); + $ldap->search('uid='.normalizeLdap($testRule)); + $genID ++; + } + $rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr); + } + } + } + + // Create result set by checking which uid is already used and which is free. + $ret = array(); + foreach($rules as $rule){ + $ldap->search('uid='.normalizeLdap($rule)); + if(!$ldap->count()){ + $ret[] = $rule; + } + } + + return($ret); +} + + +function gen_uid_proposals(&$rules, $tag, $values) +{ + $newRules = array(); + foreach($rules as $rule){ + foreach($values as $value){ + $newRules[] = preg_replace("/".preg_quote($tag,'/')."/", $value, $rule); + } + } + return($newRules); +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>