X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Ffunctions.inc;h=893d1431d386971e9c26885bb3daf41109d5f324;hb=9773098162a69430e5c427eb458578bb39e15560;hp=d9d12986fd5aa5ba65846f3604594aa4025f3899;hpb=600037a20063174cbb630726968fc3b68b1ddef7;p=gosa.git diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index d9d12986f..893d1431d 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -20,11 +20,10 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -/* Configuration file location */ +/*! \file + * Common functions and named definitions. */ -/* Allow setting the config patj in the apache configuration - e.g. SetEnv CONFIG_FILE /etc/path - */ +/* Configuration file location */ if(!isset($_SERVER['CONFIG_DIR'])){ define ("CONFIG_DIR", "/etc/gosa"); }else{ @@ -40,6 +39,7 @@ if(!isset($_SERVER['CONFIG_FILE'])){ define ("CONFIG_FILE",$_SERVER['CONFIG_FILE']); } +/* Define common locatitions */ define ("CONFIG_TEMPLATE_DIR", "../contrib"); define ("TEMP_DIR","/var/cache/gosa/tmp"); @@ -78,17 +78,24 @@ require_once ("functions_debug.inc"); require_once ("accept-to-gettext.inc"); /* Define constants for debugging */ -define ("DEBUG_TRACE", 1); -define ("DEBUG_LDAP", 2); -define ("DEBUG_MYSQL", 4); -define ("DEBUG_SHELL", 8); -define ("DEBUG_POST", 16); -define ("DEBUG_SESSION",32); -define ("DEBUG_CONFIG", 64); -define ("DEBUG_ACL", 128); -define ("DEBUG_SI", 256); -define ("DEBUG_MAIL", 512); // mailAccounts, imap, sieve etc. +define ("DEBUG_TRACE", 1); /*! Debug level for tracing of common actions (save, check, etc.) */ +define ("DEBUG_LDAP", 2); /*! Debug level for LDAP queries */ +define ("DEBUG_MYSQL", 4); /*! Debug level for mysql operations */ +define ("DEBUG_SHELL", 8); /*! Debug level for shell commands */ +define ("DEBUG_POST", 16); /*! Debug level for POST content */ +define ("DEBUG_SESSION",32); /*! Debug level for SESSION content */ +define ("DEBUG_CONFIG", 64); /*! Debug level for CONFIG information */ +define ("DEBUG_ACL", 128); /*! Debug level for ACL infos */ +define ("DEBUG_SI", 256); /*! Debug level for communication with gosa-si */ +define ("DEBUG_MAIL", 512); /*! Debug level for all about mail (mailAccounts, imap, sieve etc.) */ define ("DEBUG_FAI", 1024); // FAI (incomplete) +define ("DEBUG_RPC", 2048); /*! Debug level for communication with remote procedures */ + +// Define shadow states +define ("POSIX_ACCOUNT_EXPIRED", 1); +define ("POSIX_WARN_ABOUT_EXPIRATION", 2); +define ("POSIX_FORCE_PASSWORD_CHANGE", 4); +define ("POSIX_DISALLOW_PASSWORD_CHANGE", 8); /* Rewrite german 'umlauts' and spanish 'accents' to get better results */ @@ -113,36 +120,55 @@ $REWRITE= array( "ä" => "ae", "Ñ" => "Ny" ); -/* Class autoloader */ -function __autoload($class_name) { +/*! \brief Does autoloading for classes used in GOsa. + * + * Takes the list generated by 'update-gosa' and loads the + * file containing the requested class. + * + * \param string 'class_name' The currently requested class + */ +function __gosa_autoload($class_name) { global $class_mapping, $BASE_DIR; if ($class_mapping === NULL){ - echo sprintf(_("Fatal error: no class locations defined - please run '%s' to fix this"), "update-gosa"); + echo sprintf(_("Fatal error: no class locations defined - please run %s to fix this"), bold("update-gosa")); exit; } if (isset($class_mapping["$class_name"])){ require_once($BASE_DIR."/".$class_mapping["$class_name"]); } else { - echo sprintf(_("Fatal error: cannot instantiate class '%s' - try running '%s' to fix this"), $class_name, "update-gosa"); + echo sprintf(_("Fatal error: cannot instantiate class %s - try running %s to fix this"), bold($class_name), bold("update-gosa")); exit; } } +spl_autoload_register('__gosa_autoload'); /*! \brief Checks if a class is available. - * @param name String The class name. - * @return boolean True if class is available, else false. + * \param string 'name' The subject of the test + * \return boolean True if class is available, else false. */ function class_available($name) { - global $class_mapping; - return(isset($class_mapping[$name])); + global $class_mapping, $config; + + $disabled = array(); + if($config instanceOf config && $config->configRegistry instanceOf configRegistry){ + $disabled = $config->configRegistry->getDisabledPlugins(); + } + + return(isset($class_mapping[$name]) && !isset($disabled[$name])); } -/* Check if plugin is avaliable */ +/*! \brief Check if plugin is available + * + * Checks if a given plugin is available and readable. + * + * \param string 'plugin' the subject of the check + * \return boolean True if plugin is available, else FALSE. + */ function plugin_available($plugin) { global $class_mapping, $BASE_DIR; @@ -155,34 +181,76 @@ function plugin_available($plugin) } -/* Create seed with microseconds */ +/*! \brief Create seed with microseconds + * + * Example: + * \code + * srand(make_seed()); + * $random = rand(); + * \endcode + * + * \return float a floating point number which can be used to feed srand() with it + * */ function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } -/* Debug level action */ +/*! \brief Debug level action + * + * Print a DEBUG level if specified debug level of the level matches the + * the configured debug level. + * + * \param int 'level' The log level of the message (should use the constants, + * defined in functions.in (DEBUG_TRACE, DEBUG_LDAP, etc.) + * \param int 'line' Define the line of the logged action (using __LINE__ is common) + * \param string 'function' Define the function where the logged action happened in + * (using __FUNCTION__ is common) + * \param string 'file' Define the file where the logged action happend in + * (using __FILE__ is common) + * \param mixed 'data' The data to log. Can be a message or an array, which is printed + * with print_a + * \param string 'info' Optional: Additional information + * + * */ function DEBUG($level, $line, $function, $file, $data, $info="") { - if (session::global_get('DEBUGLEVEL') & $level){ - $output= "DEBUG[$level] "; - if ($function != ""){ - $output.= "($file:$function():$line) - $info: "; - } else { - $output.= "($file:$line) - $info: "; + global $config; + $debugLevel = 0; + if($config instanceOf config){ + $debugLevel = $config->get_cfg_value('core', 'debugLevel'); } - echo $output; - if (is_array($data)){ - print_a($data); - } else { - echo "'$data'"; + if ($debugLevel & $level){ + $output= "DEBUG[$level] "; + if ($function != ""){ + $output.= "($file:$function():$line) - $info: "; + } else { + $output.= "($file:$line) - $info: "; + } + echo $output; + if (is_array($data)){ + print_a($data); + } else { + echo "'$data'"; + } + echo "
"; } - echo "
"; - } } +/*! \brief Determine which language to show to the user + * + * Determines which language should be used to present gosa content + * to the user. It does so by looking at several possibilites and returning + * the first setting that can be found. + * + * -# Language configured by the user + * -# Global configured language + * -# Language as returned by al2gt (as configured in the browser) + * + * \return string gettext locale string + */ function get_browser_language() { /* Try to use users primary language */ @@ -195,8 +263,8 @@ function get_browser_language() } /* Check for global language settings in gosa.conf */ - if (isset ($config) && $config->get_cfg_value('language') != ""){ - $lang = $config->get_cfg_value('language'); + if (isset ($config) && $config->get_cfg_value("core",'language') != ""){ + $lang = $config->get_cfg_value("core",'language'); if(!preg_match("/utf/i",$lang)){ $lang .= ".UTF-8"; } @@ -217,7 +285,15 @@ function get_browser_language() } -/* Rewrite ui object to another dn */ +/*! \brief Rewrite ui object to another dn + * + * Usually used when a user is renamed. In this case the dn + * in the user object must be updated in order to point + * to the correct DN. + * + * \param string 'dn' the old DN + * \param string 'newdn' the new DN + * */ function change_ui_dn($dn, $newdn) { $ui= session::global_get('ui'); @@ -228,14 +304,29 @@ function change_ui_dn($dn, $newdn) } -/* Return theme path for specified file */ +/*! \brief Return themed path for specified base file + * + * Depending on its parameters, this function returns the full + * path of a template file. First match wins while searching + * in this order: + * + * - load theme depending file + * - load global theme depending file + * - load default theme file + * - load global default theme file + * + * \param string 'filename' The base file name + * \param boolean 'plugin' Flag to take the plugin directory as search base + * \param string 'path' User specified path to take as search base + * \return string Full path to the template file + */ function get_template_path($filename= '', $plugin= FALSE, $path= "") { global $config, $BASE_DIR; /* Set theme */ if (isset ($config)){ - $theme= $config->get_cfg_value("theme", "default"); + $theme= $config->get_cfg_value("core","theme"); } else { $theme= "default"; } @@ -248,7 +339,7 @@ function get_template_path($filename= '', $plugin= FALSE, $path= "") /* Return plugin dir or root directory? */ if ($plugin){ if ($path == ""){ - $nf= preg_replace("!^".$BASE_DIR."/!", "", session::global_get('plugin_dir')); + $nf= preg_replace("!^".$BASE_DIR."/!", "", preg_replace('/^\.\.\//', '', session::global_get('plugin_dir'))); } else { $nf= preg_replace("!^".$BASE_DIR."/!", "", $path); } @@ -281,12 +372,23 @@ function get_template_path($filename= '', $plugin= FALSE, $path= "") } +/*! \brief Remove multiple entries from an array + * + * Removes every element that is in $needles from the + * array given as $haystack + * + * \param array 'needles' array of the entries to remove + * \param array 'haystack' original array to remove the entries from + */ function array_remove_entries($needles, $haystack) { return (array_merge(array_diff($haystack, $needles))); } +/*! \brief Remove multiple entries from an array (case-insensitive) + * + * Same as array_remove_entries(), but case-insensitive. */ function array_remove_entries_ics($needles, $haystack) { // strcasecmp will work, because we only compare ASCII values here @@ -294,6 +396,15 @@ function array_remove_entries_ics($needles, $haystack) } +/*! Merge to array but remove duplicate entries + * + * Merges two arrays and removes duplicate entries. Triggers + * an error if first or second parametre is not an array. + * + * \param array 'ar1' first array + * \param array 'ar2' second array- + * \return array + */ function gosa_array_merge($ar1,$ar2) { if(!is_array($ar1) || !is_array($ar2)){ @@ -304,19 +415,25 @@ function gosa_array_merge($ar1,$ar2) } +/*! \brief Generate a system log info + * + * Creates a syslog message, containing user information. + * + * \param string 'message' the message to log + * */ function gosa_log ($message) { global $ui; /* Preset to something reasonable */ - $username= " unauthenticated"; + $username= "[unauthenticated]"; /* Replace username if object is present */ if (isset($ui)){ if ($ui->username != ""){ $username= "[$ui->username]"; } else { - $username= "unknown"; + $username= "[unknown]"; } } @@ -324,6 +441,17 @@ function gosa_log ($message) } +/*! \brief Initialize a LDAP connection + * + * Initializes a LDAP connection. + * + * \param string 'server' + * \param string 'base' + * \param string 'binddn' Default: empty + * \param string 'pass' Default: empty + * + * \return LDAP object + */ function ldap_init ($server, $base, $binddn='', $pass='') { global $config; @@ -335,7 +463,7 @@ function ldap_init ($server, $base, $binddn='', $pass='') /* Sadly we've no proper return values here. Use the error message instead. */ if (!$ldap->success()){ msg_dialog::display(_("Fatal error"), - sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error()), + sprintf(_("Error while connecting to LDAP: %s"), $ldap->get_error()), FATAL_ERROR_DIALOG); exit(); } @@ -346,6 +474,7 @@ function ldap_init ($server, $base, $binddn='', $pass='') } +/* \brief Process htaccess authentication */ function process_htaccess ($username, $kerberos= FALSE) { global $config; @@ -355,7 +484,7 @@ function process_htaccess ($username, $kerberos= FALSE) $config->set_current($name); $mode= "kerberos"; - if ($config->get_cfg_value("useSaslForKerberos") == "true"){ + if ($config->get_cfg_value("core","useSaslForKerberos") == "true"){ $mode= "sasl"; } @@ -381,6 +510,15 @@ function process_htaccess ($username, $kerberos= FALSE) } +/*! \brief Verify user login against htaccess + * + * Checks if the specified username is available in apache, maps the user + * to an LDAP user. The password has been checked by apache already. + * + * \param string 'username' + * \return + * - TRUE on SUCCESS, NULL or FALSE on error + */ function ldap_login_user_htaccess ($username) { global $config; @@ -396,7 +534,7 @@ function ldap_login_user_htaccess ($username) $ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid")); /* Found no uniq match? Strange, because we did above... */ if ($ldap->count() != 1) { - msg_dialog::display(_("LDAP error"), _("Username / UID is not unique inside the LDAP tree!"), FATAL_ERROR_DIALOG); + msg_dialog::display(_("LDAP error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG); return (NULL); } $attrs= $ldap->fetch(); @@ -408,6 +546,7 @@ function ldap_login_user_htaccess ($username) /* Bail out if we have login restrictions set, for security reasons the message is the same than failed user/pw */ if (!$ui->loginAllowed()){ + new log("security","login","",array(),"Login restriction for user \"$username\", login not permitted"); return (NULL); } @@ -418,12 +557,22 @@ function ldap_login_user_htaccess ($username) $ui->loadACL(); /* TODO: check java script for htaccess authentication */ - session::global_set('js',true); + session::global_set('js', true); return ($ui); } +/*! \brief Verify user login against LDAP directory + * + * Checks if the specified username is in the LDAP and verifies if the + * password is correct by binding to the LDAP with the given credentials. + * + * \param string 'username' + * \param string 'password' + * \return + * - TRUE on SUCCESS, NULL or FALSE on error + */ function ldap_login_user ($username, $password) { global $config; @@ -439,8 +588,8 @@ function ldap_login_user ($username, $password) $ldap->cd($config->current['BASE']); $allowed_attributes = array("uid","mail"); $verify_attr = array(); - if($config->get_cfg_value("loginAttribute") != ""){ - $tmp = split(",", $config->get_cfg_value("loginAttribute")); + if($config->get_cfg_value("core","loginAttribute") != ""){ + $tmp = explode(",", $config->get_cfg_value("core","loginAttribute")); foreach($tmp as $attr){ if(in_array($attr,$allowed_attributes)){ $verify_attr[] = $attr; @@ -471,7 +620,7 @@ function ldap_login_user ($username, $password) /* found more than one matching id */ default: - msg_dialog::display(_("Internal error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), FATAL_ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG); return (NULL); } @@ -494,6 +643,7 @@ function ldap_login_user ($username, $password) /* Bail out if we have login restrictions set, for security reasons the message is the same than failed user/pw */ if (!$ui->loginAllowed()){ + new log("security","login","",array(),"Login restriction for user \"$username\", login not permitted"); return (NULL); } @@ -515,100 +665,136 @@ function ldap_login_user ($username, $password) } -function ldap_expired_account($config, $userdn, $username) +/*! \brief Checks the posixAccount status by comparing the shadow attributes. + * + * @param Object The GOsa configuration object. + * @param String The 'dn' of the user to test the account status for. + * @param String The 'uid' of the user we're going to test. + * @return Const + * POSIX_ACCOUNT_EXPIRED - If the account is expired. + * POSIX_WARN_ABOUT_EXPIRATION - If the account is going to expire. + * POSIX_FORCE_PASSWORD_CHANGE - The password has to be changed. + * POSIX_DISALLOW_PASSWORD_CHANGE - The password cannot be changed right now. + * + * + * + * shadowLastChange + * | + * |---- shadowMin ---> | <-- shadowMax -- + * | | | + * |------- shadowWarning -> | + * |-- shadowInactive --> DEACTIVATED + * | + * EXPIRED + * + */ +function ldap_expired_account($config, $userdn, $uid) { + // Skip this for the admin account, we do not want to lock him out. + if($uid == 'admin') return(0); + $ldap= $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); $ldap->cat($userdn); $attrs= $ldap->fetch(); - - /* default value no errors */ - $expired = 0; - - $sExpire = 0; - $sLastChange = 0; - $sMax = 0; - $sMin = 0; - $sInactive = 0; - $sWarning = 0; - - $current= date("U"); - - $current= floor($current /60 /60 /24); - - /* special case of the admin, should never been locked */ - /* FIXME should allow any name as user admin */ - if($username != "admin") - { + $current= floor(date("U") /60 /60 /24); - if(isset($attrs['shadowExpire'][0])){ - $sExpire= $attrs['shadowExpire'][0]; - } else { - $sExpire = 0; - } - - if(isset($attrs['shadowLastChange'][0])){ - $sLastChange= $attrs['shadowLastChange'][0]; - } else { - $sLastChange = 0; - } - - if(isset($attrs['shadowMax'][0])){ - $sMax= $attrs['shadowMax'][0]; - } else { - $smax = 0; - } + // Fetch required attributes + foreach(array('shadowExpire','shadowLastChange','shadowMax','shadowMin', + 'shadowInactive','shadowWarning') as $attr){ + $$attr = (isset($attrs[$attr][0]))? $attrs[$attr][0] : null; + } - if(isset($attrs['shadowMin'][0])){ - $sMin= $attrs['shadowMin'][0]; - } else { - $sMin = 0; - } - - if(isset($attrs['shadowInactive'][0])){ - $sInactive= $attrs['shadowInactive'][0]; - } else { - $sInactive = 0; - } - - if(isset($attrs['shadowWarning'][0])){ - $sWarning= $attrs['shadowWarning'][0]; - } else { - $sWarning = 0; - } - - /* is the account locked */ - /* shadowExpire + shadowInactive (option) */ - if($sExpire >0){ - if($current >= ($sExpire+$sInactive)){ - return(1); + + // Check if the account has expired. + // --------------------------------- + // An account is locked/expired once its expiration date has reached (shadowExpire). + // If the optional attribute (shadowInactive) is set, we've to postpone + // the account expiration by the amount of days specified in (shadowInactive). + if($shadowExpire != null && $shadowExpire >= $current){ + + // The account seems to be expired, but we've to check 'shadowInactive' additionally. + // ShadowInactive specifies an amount of days we've to reprieve the user. + // It some kind of x days' grace. + if($shadowInactive == null || $current > $shadowExpire + $shadowInactive){ + + // Finally we've detect that the account is deactivated. + return(POSIX_ACCOUNT_EXPIRED); } - } - - /* the user should be warned to change is password */ - if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){ - if (($sExpire - $current) < $sWarning){ - return(2); + } + + // The users password is going to expire. + // -------------------------------------- + // We've to warn the user in the case of an expiring account. + // An account is going to expire when it reaches its expiration date (shadowExpire). + // The user has to be warned, if the days left till expiration, match the + // configured warning period (shadowWarning) + // --> shadowWarning: Warn x days before account expiration. + if($shadowExpire != null && $shadowWarning != null){ + + // Check if the account is still active and not already expired. + if($shadowExpire >= $current){ + + // Check if we've to warn the user by comparing the remaining + // number of days till expiration with the configured amount + // of days in shadowWarning. + if(($shadowExpire - $current) <= $shadowWarning){ + return(POSIX_WARN_ABOUT_EXPIRATION); + } } - } - - /* force user to change password */ - if(($sLastChange >0) && ($sMax) >0){ - if($current >= ($sLastChange+$sMax)){ - return(3); + } + + // -- I guess this is the correct detection, isn't it? + if($shadowLastChange != null && $shadowWarning != null && $shadowMax != null){ + $daysRemaining = ($shadowLastChange + $shadowMax) - $current ; + if($daysRemaining > 0 && $daysRemaining <= $shadowWarning){ + return(POSIX_WARN_ABOUT_EXPIRATION); } - } - - /* the user should not be able to change is password */ - if(($sLastChange >0) && ($sMin >0)){ - if (($sLastChange + $sMin) >= $current){ - return(4); + } + + + // Check if we've to force the user to change his password. + // -------------------------------------------------------- + // A password change is enforced when the password is older than + // the configured amount of days (shadowMax). + // The age of the current password (shadowLastChange) plus the maximum + // amount amount of days (shadowMax) has to be smaller than the + // current timestamp. + if($shadowLastChange != null && $shadowMax != null){ + + // Check if we've an outdated password. + if($current >= ($shadowLastChange + $shadowMax)){ + return(POSIX_FORCE_PASSWORD_CHANGE); + } + } + + + // Check if we've to freeze the users password. + // -------------------------------------------- + // Once a user has changed his password, he cannot change it again + // for a given amount of days (shadowMin). + // We should not allow to change the password within GOsa too. + if($shadowLastChange != null && $shadowMin != null){ + + // Check if we've an outdated password. + if(($shadowLastChange + $shadowMin) >= $current){ + return(POSIX_DISALLOW_PASSWORD_CHANGE); } - } } - return($expired); + + return(0); } + +/*! \brief Add a lock for object(s) + * + * Adds a lock by the specified user for one ore multiple objects. + * If the lock for that object already exists, an error is triggered. + * + * \param mixed 'object' object or array of objects to lock + * \param string 'user' the user who shall own the lock + * */ function add_lock($object, $user) { global $config; @@ -638,17 +824,17 @@ function add_lock($object, $user) /* Just a sanity check... */ if ($object == "" || $user == ""){ - msg_dialog::display(_("Internal error"), _("Error while adding a lock. Contact the developers!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG); return; } /* Check for existing entries in lock area */ $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$user)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!$ldap->success()){ - msg_dialog::display(_("Configuration error"), sprintf(_("Cannot create locking information in LDAP tree. Please contact your administrator!")."

"._('LDAP server returned: %s'), "

".$ldap->get_error().""), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), sprintf(_("Cannot store lock information in LDAP!")."

"._('Error: %s'), "

".$ldap->get_error().""), ERROR_DIALOG); return; } @@ -656,20 +842,26 @@ function add_lock($object, $user) if ($ldap->count() == 0){ $attrs= array(); $name= md5($object); - $ldap->cd("cn=$name,".$config->get_cfg_value("config")); + $ldap->cd("cn=$name,".$config->get_cfg_value("core","config")); $attrs["objectClass"] = "gosaLockEntry"; $attrs["gosaUser"] = $user; $attrs["gosaObject"] = base64_encode($object); $attrs["cn"] = "$name"; $ldap->add($attrs); if (!$ldap->success()){ - msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "cn=$name,".$config->get_cfg_value("config"), 0, ERROR_DIALOG)); + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "cn=$name,".$config->get_cfg_value("core","config"), 0, ERROR_DIALOG)); return; } } } +/*! \brief Remove a lock for object(s) + * + * Does the opposite of add_lock(). + * + * \param mixed 'object' object or array of objects for which a lock shall be removed + * */ function del_lock ($object) { global $config; @@ -699,7 +891,7 @@ function del_lock ($object) /* Check for existance and remove the entry */ $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search ("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaObject")); $attrs= $ldap->fetch(); if ($ldap->getDN() != "" && $ldap->success()){ @@ -713,13 +905,20 @@ function del_lock ($object) } +/*! \brief Remove all locks owned by a specific userdn + * + * For a given userdn remove all existing locks. This is usually + * called on logout. + * + * \param string 'userdn' the subject whose locks shall be deleted + */ function del_user_locks($userdn) { global $config; /* Get LDAP ressources */ $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); /* Remove all objects of this user, drop errors silently in this case. */ $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$userdn))", array("gosaUser")); @@ -729,13 +928,21 @@ function del_user_locks($userdn) } +/*! \brief Get a lock for a specific object + * + * Searches for a lock on a given object. + * + * \param string 'object' subject whose locks are to be searched + * \return string Returns the user who owns the lock or "" if no lock is found + * or an error occured. + */ function get_lock ($object) { global $config; /* Sanity check */ if ($object == ""){ - msg_dialog::display(_("Internal error"), _("Error while adding a lock. Contact the developers!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG); return(""); } @@ -745,7 +952,7 @@ function get_lock ($object) /* Get LDAP link, check for presence of the lock entry */ $user= ""; $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG)); @@ -755,9 +962,6 @@ function get_lock ($object) /* Check for broken locking information in LDAP */ if ($ldap->count() > 1){ - /* Hmm. We're removing broken LDAP information here and issue a warning. */ - msg_dialog::display(_("Warning"), _("Found multiple locks for object to be locked. This should not happen - cleaning up multiple references."), WARNING_DIALOG); - /* Clean up these references now... */ while ($attrs= $ldap->fetch()){ $ldap->rmdir($attrs['dn']); @@ -773,6 +977,14 @@ function get_lock ($object) } +/*! Get locks for multiple objects + * + * Similar as get_lock(), but for multiple objects. + * + * \param array 'objects' Array of Objects for which a lock shall be searched + * \return A numbered array containing all found locks as an array with key 'dn' + * and key 'user' or "" if an error occured. + */ function get_multiple_locks($objects) { global $config; @@ -790,7 +1002,7 @@ function get_multiple_locks($objects) /* Get LDAP link, check for presence of the lock entry */ $user= ""; $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search($filter, array("gosaUser","gosaObject")); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG)); @@ -807,15 +1019,16 @@ function get_multiple_locks($objects) } -/* \!brief This function searches the ldap database. - It search in $sub_bases,*,$base for all objects matching the $filter. - - @param $filter String The ldap search filter - @param $category String The ACL category the result objects belongs - @param $sub_bases String The sub base we want to search for e.g. "ou=apps" - @param $base String The ldap base from which we start the search - @param $attributes Array The attributes we search for. - @param $flags Long A set of Flags +/*! \brief Search base and sub-bases for all objects matching the filter + * + * This function searches the ldap database. It searches in $sub_bases,*,$base + * for all objects matching the $filter. + * \param string 'filter' The ldap search filter + * \param string 'category' The ACL category the result objects belongs + * \param string 'sub_bases' The sub base we want to search for e.g. "ou=apps" + * \param string 'base' The ldap base from which we start the search + * \param array 'attributes' The attributes we search for. + * \param long 'flags' A set of Flags */ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { @@ -873,7 +1086,7 @@ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= arra // log($action,$objecttype,$object,$changes_array = array(),$result = "") new log("debug","all",__FILE__,$attributes, sprintf("get_sub_list(): Falling back to get_list(), due to empty sub_bases parameter.". - " This may slow down GOsa. Search was: '%s'",$filter)); + " This may slow down GOsa. Used filter: %s", $filter)); } $tmp = get_list($filter, $category,$base,$attributes,$flags); return($tmp); @@ -968,6 +1181,10 @@ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= arra } +/*! \brief Search base for all objects matching the filter + * + * Just like get_sub_list(), but without sub base search. + * */ function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { global $config, $ui; @@ -1036,6 +1253,7 @@ function get_list($filter, $category, $base= "", $attributes= array(), $flags= G } +/*! \brief Show sizelimit configuration dialog if exceeded */ function check_sizelimit() { /* Ignore dialog? */ @@ -1046,31 +1264,32 @@ function check_sizelimit() /* Eventually show dialog */ if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){ $smarty= get_smarty(); - $smarty->assign('warning', sprintf(_("The size limit of %d entries is exceed!"), + $smarty->assign('warning', sprintf(_("The current size limit of %d entries is exceeded!"), session::global_get('size_limit'))); - $smarty->assign('limit_message', sprintf(_("Set the new size limit to %s and show me this message if the limit still exceeds"), '')); + $smarty->assign('limit_message', sprintf(_("Set the size limit to %s"), '')); return($smarty->fetch(get_template_path('sizelimit.tpl'))); } return (""); } - +/*! \brief Print a sizelimit warning */ function print_sizelimit_warning() { if (session::global_is_set('size_limit') && session::global_get('size_limit') >= 10000000 || (session::is_set('limit_exceeded') && session::get('limit_exceeded'))){ - $config= ""; + $config= ""; } else { $config= ""; } if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){ - return ("("._("incomplete").") $config"); + return ("("._("list is incomplete").") $config"); } return (""); } +/*! \brief Handle sizelimit dialog related posts */ function eval_sizelimit() { if (isset($_POST['set_size_action'])){ @@ -1079,7 +1298,7 @@ function eval_sizelimit() if (tests::is_id($_POST['new_limit']) && isset($_POST['action']) && $_POST['action']=="newlimit"){ - session::global_set('size_limit', validate($_POST['new_limit'])); + session::global_set('size_limit', get_post('new_limit')); session::set('size_ignore', FALSE); } @@ -1125,6 +1344,7 @@ function getMenuCache() } +/*! \brief Return the current userinfo object */ function &get_userinfo() { global $ui; @@ -1133,6 +1353,7 @@ function &get_userinfo() } +/*! \brief Get global smarty object */ function &get_smarty() { global $smarty; @@ -1141,6 +1362,21 @@ function &get_smarty() } +/*! \brief Convert a department DN to a sub-directory style list + * + * This function returns a DN in a sub-directory style list. + * Examples: + * - ou=1.1.1,ou=limux becomes limux/1.1.1 + * - cn=bla,ou=foo,dc=local becomes foo/bla or foo/bla/local, depending + * on the value for $base. + * + * If the specified DN contains a basedn which either matches + * the specified base or $config->current['BASE'] it is stripped. + * + * \param string 'dn' the subject for the conversion + * \param string 'base' the base dn, default: $this->config->current['BASE'] + * \return a string in the form as described above + */ function convert_department_dn($dn, $base = NULL) { global $config; @@ -1156,7 +1392,7 @@ function convert_department_dn($dn, $base = NULL) $dep= ""; - foreach (split(',', $dn) as $rdn){ + foreach (explode(',', $dn) as $rdn){ $dep = preg_replace("/^[^=]+=/","",$rdn)."/".$dep; } @@ -1165,100 +1401,112 @@ function convert_department_dn($dn, $base = NULL) } -/* Strip off the last sub department part of a '/level1/level2/.../' - * style value. It removes the trailing '/', too. */ +/*! \brief Return the last sub department part of a '/level1/level2/.../' style value. + * + * Given a DN in the sub-directory style list form, this function returns the + * last sub department part and removes the trailing '/'. + * + * Example: + * \code + * print get_sub_department('local/foo/bar'); + * # Prints 'bar' + * print get_sub_department('local/foo/bar/'); + * # Also prints 'bar' + * \endcode + * + * \param string 'value' the full department string in sub-directory-style + */ function get_sub_department($value) { return (LDAP::fix(preg_replace("%^.*/([^/]+)/?$%", "\\1", $value))); } -function get_ou($name) -{ - global $config; +/*! \brief Get the OU of a certain RDN + * + * Given a certain RDN name (ogroupRDN, applicationRDN etc.) this + * function returns either a configured OU or the default + * for the given RDN. + * + * Example: + * \code + * # Determine LDAP base where systems are stored + * $base = get_ou("systemManagement", "systemRDN") . $this->config->current['BASE']; + * $ldap->cd($base); + * \endcode + * */ +function get_ou($class,$name) +{ + global $config; + + if(!$config->configRegistry->propertyExists($class,$name)){ + trigger_error("No department mapping found for type ".$name); + return ""; + } + + $ou = $config->configRegistry->getPropertyValue($class,$name); + if ($ou != ""){ + if (!preg_match('/^[^=]+=[^=]+/', $ou)){ + $ou = @LDAP::convert("ou=$ou"); + } else { + $ou = @LDAP::convert("$ou"); + } - $map = array( - "roleRDN" => "ou=roles,", - "ogroupRDN" => "ou=groups,", - "applicationRDN" => "ou=apps,", - "systemRDN" => "ou=systems,", - "serverRDN" => "ou=servers,ou=systems,", - "terminalRDN" => "ou=terminals,ou=systems,", - "workstationRDN" => "ou=workstations,ou=systems,", - "printerRDN" => "ou=printers,ou=systems,", - "phoneRDN" => "ou=phones,ou=systems,", - "componentRDN" => "ou=netdevices,ou=systems,", - "sambaMachineAccountRDN" => "ou=winstation,", - - "faxBlocklistRDN" => "ou=gofax,ou=systems,", - "systemIncomingRDN" => "ou=incoming,", - "aclRoleRDN" => "ou=aclroles,", - "phoneMacroRDN" => "ou=macros,ou=asterisk,ou=configs,ou=systems,", - "phoneConferenceRDN" => "ou=conferences,ou=asterisk,ou=configs,ou=systems,", - - "faiBaseRDN" => "ou=fai,ou=configs,ou=systems,", - "faiScriptRDN" => "ou=scripts,", - "faiHookRDN" => "ou=hooks,", - "faiTemplateRDN" => "ou=templates,", - "faiVariableRDN" => "ou=variables,", - "faiProfileRDN" => "ou=profiles,", - "faiPackageRDN" => "ou=packages,", - "faiPartitionRDN"=> "ou=disk,", - - "sudoRDN" => "ou=sudoers,", - - "deviceRDN" => "ou=devices,", - "mimetypeRDN" => "ou=mime,"); - - /* Preset ou... */ - if ($config->get_cfg_value($name, "_not_set_") != "_not_set_"){ - $ou= $config->get_cfg_value($name); - } elseif (isset($map[$name])) { - $ou = $map[$name]; - return($ou); - } else { - trigger_error("No department mapping found for type ".$name); - return ""; - } - - - if ($ou != ""){ - if (!preg_match('/^[^=]+=[^=]+/', $ou)){ - $ou = @LDAP::convert("ou=$ou"); - } else { - $ou = @LDAP::convert("$ou"); - } + if(preg_match("/".preg_quote($config->current['BASE'], '/')."$/",$ou)){ + return($ou); + }else{ + if(!preg_match("/,$/", $ou)){ + return("$ou,"); + }else{ + return($ou); + } + } - if(preg_match("/".preg_quote($config->current['BASE'], '/')."$/",$ou)){ - return($ou); - }else{ - return("$ou,"); + } else { + return ""; } - - } else { - return ""; - } } +/*! \brief Get the OU for users + * + * Frontend for get_ou() with userRDN + * */ function get_people_ou() { - return (get_ou("userRDN")); + return (get_ou("core", "userRDN")); } +/*! \brief Get the OU for groups + * + * Frontend for get_ou() with groupRDN + */ function get_groups_ou() { - return (get_ou("groupRDN")); + return (get_ou("core", "groupRDN")); } +/*! \brief Get the OU for winstations + * + * Frontend for get_ou() with sambaMachineAccountRDN + */ function get_winstations_ou() { - return (get_ou("sambaMachineAccountRDN")); + return (get_ou("wingeneric", "sambaMachineAccountRDN")); } +/*! \brief Return a base from a given user DN + * + * \code + * get_base_from_people('cn=Max Muster,dc=local') + * # Result is 'dc=local' + * \endcode + * + * \param string 'dn' a DN + * */ function get_base_from_people($dn) { global $config; @@ -1275,17 +1523,29 @@ function get_base_from_people($dn) } +/*! \brief Check if strict naming rules are configured + * + * Return TRUE or FALSE depending on weither strictNamingRules + * are configured or not. + * + * \return Returns TRUE if strictNamingRules is set to true or if the + * config object is not available, otherwise FALSE. + */ function strict_uid_mode() { global $config; if (isset($config)){ - return ($config->get_cfg_value("strictNamingRules") == "true"); + return ($config->get_cfg_value("core","strictNamingRules") == "true"); } return (TRUE); } +/*! \brief Get regular expression for checking uids based on the naming + * rules. + * \return string Returns the desired regular expression + */ function get_uid_regexp() { /* STRICT adds spaces and case insenstivity to the uid check. @@ -1298,6 +1558,27 @@ function get_uid_regexp() } +/*! \brief Generate a lock message + * + * This message shows a warning to the user, that a certain object is locked + * and presents some choices how the user can proceed. By default this + * is 'Cancel' or 'Edit anyway', but depending on the function call + * its possible to allow readonly access, too. + * + * Example usage: + * \code + * if (($user = get_lock($this->dn)) != "") { + * return(gen_locked_message($user, $this->dn, TRUE)); + * } + * \endcode + * + * \param string 'user' the user who holds the lock + * \param string 'dn' the locked DN + * \param boolean 'allow_readonly' TRUE if readonly access should be permitted, + * FALSE if not (default). + * + * + */ function gen_locked_message($user, $dn, $allow_readonly = FALSE) { global $plug, $config; @@ -1346,15 +1627,7 @@ function gen_locked_message($user, $dn, $allow_readonly = FALSE) /* Prepare and show template */ $smarty= get_smarty(); $smarty->assign("allow_readonly",$allow_readonly); - if(is_array($dn)){ - $msg = "
";
-    foreach($dn as $sub_dn){
-      $msg .= "\n".$sub_dn.", ";
-    }
-    $msg = preg_replace("/, $/","
",$msg); - }else{ - $msg = $dn; - } + $msg= msgPool::buildList($dn); $smarty->assign ("dn", $msg); if ($remove){ @@ -1362,12 +1635,24 @@ function gen_locked_message($user, $dn, $allow_readonly = FALSE) } else { $smarty->assign ("action", _("Edit anyway")); } - $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry/entries %s"), "".$msg."", "")); + + $smarty->assign ("message", _("These entries are currently locked:"). $msg); return ($smarty->fetch (get_template_path('islocked.tpl'))); } +/*! \brief Return a string/HTML representation of an array + * + * This returns a string representation of a given value. + * It can be used to dump arrays, where every value is printed + * on its own line. The output is targetted at HTML output, it uses + * '
' for line breaks. If the value is already a string its + * returned unchanged. + * + * \param mixed 'value' Whatever needs to be printed. + * \return string + */ function to_string ($value) { /* If this is an array, generate a text blob */ @@ -1383,6 +1668,19 @@ function to_string ($value) } +/*! \brief Return a list of all printers in the current base + * + * Returns an array with the CNs of all printers (objects with + * objectClass gotoPrinter) in the current base. + * ($config->current['BASE']). + * + * Example: + * \code + * $this->printerList = get_printer_list(); + * \endcode + * + * \return array an array with the CNs of the printers as key and value. + * */ function get_printer_list() { global $config; @@ -1395,6 +1693,14 @@ function get_printer_list() } +/*! \brief Function to rewrite some problematic characters + * + * This function takes a string and replaces all possibly characters in it + * with less problematic characters, as defined in $REWRITE. + * + * \param string 's' the string to rewrite + * \return string 's' the result of the rewrite + * */ function rewrite($s) { global $REWRITE; @@ -1407,6 +1713,10 @@ function rewrite($s) } +/*! \brief Return the base of a given DN + * + * \param string 'dn' a DN + * */ function dn2base($dn) { global $config; @@ -1423,9 +1733,17 @@ function dn2base($dn) } - +/*! \brief Check if a given command exists and is executable + * + * Test if a given cmdline contains an executable command. Strips + * arguments from the given cmdline. + * + * \param string 'cmdline' the cmdline to check + * \return TRUE if command exists and is executable, otherwise FALSE. + * */ function check_command($cmdline) { + return(TRUE); $cmd= preg_replace("/ .*$/", "", $cmdline); /* Check if command exists in filesystem */ @@ -1442,6 +1760,12 @@ function check_command($cmdline) } +/*! \brief Print plugin HTML header + * + * \param string 'image' the path of the image to be used next to the headline + * \param string 'image' the headline + * \param string 'info' additional information to print + */ function print_header($image, $headline, $info= "") { $display= "
\n"; @@ -1461,6 +1785,13 @@ function print_header($image, $headline, $info= "") } +/*! \brief Print page number selector for paged lists + * + * \param int 'dcnt' Number of entries + * \param int 'start' Page to start + * \param int 'range' Number of entries per page + * \param string 'post_var' POST variable to check for range + */ function range_selector($dcnt,$start,$range=25,$post_var=false) { @@ -1568,18 +1899,8 @@ function range_selector($dcnt,$start,$range=25,$post_var=false) } -function apply_filter() -{ - $apply= ""; - - $apply= ''. - '
'. - '
'; - - return ($apply); -} - +/*! \brief Generate HTML for the 'Back' button */ function back_to_main() { $string= '

get_ldap_link(); - $ldap->cd($config->current['BASE']); - /* Remove used uids and watch out for id tags */ - $ret= array(); - foreach($proposed as $uid){ + // The trunk version + if(preg_match("#/trunk/#i", $svn_path)){ + return (sprintf(_("GOsa development snapshot (Rev %s)"), bold($revision))); + } - /* Check for id tag and modify uid if needed */ - if(preg_match('/\{id(:|!)\d+}/',$uid, $m)){ - $size= preg_replace('/^.*{id(:|!)(\d+)}.*$/', '\\2', $uid); - - $start= $m[1]==":"?0:-1; - for ($i= $start, $p= pow(10,$size); $i < $p; $i++){ - if ($i == -1) { - $number= ""; - } else { - $number= sprintf("%0".$size."d", $i+1); - } - $res= preg_replace('/{id(:|!)\d+}/', $number, $uid); - - $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn')); - if($ldap->count() == 0){ - $uid= $res; - break; - } - } - } - - if(preg_match('/\{id#\d+}/',$uid)){ - $size= preg_replace('/^.*{id#(\d+)}.*$/', '\\1', $uid); - - while (true){ - mt_srand((double) microtime()*1000000); - $number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1)); - $res= preg_replace('/{id#(\d+)}/', $number, $uid); - $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn')); - if($ldap->count() == 0){ - $uid= $res; - break; - } - } - } - - /* Don't assign used ones */ - $ldap->search("(uid=".preg_replace('/[{}]/', '', $uid).")",array('dn')); - if($ldap->count() == 0){ - /* Add uid, but remove {} first. These are invalid anyway. */ - $ret[]= preg_replace('/[{}]/', '', $uid); - } - } - - return(array_unique($ret)); -} - - -/* Sadly values like memory_limit are perpended by K, M, G, etc. - Need to convert... */ -function to_byte($value) { - $value= strtolower(trim($value)); - - if(!is_numeric(substr($value, -1))) { - - switch(substr($value, -1)) { - case 'g': - $mult= 1073741824; - break; - case 'm': - $mult= 1048576; - break; - case 'k': - $mult= 1024; - break; - } - - return ($mult * (int)substr($value, 0, -1)); - } else { - return $value; - } -} - - -function in_array_ics($value, $items) -{ - return preg_grep('/^'.preg_quote($value, '/').'$/i', $items); -} - - -function generate_alphabet($count= 10) -{ - $characters= _("*ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"); - $alphabet= ""; - $c= 0; - - /* Fill cells with charaters */ - for ($i= 0, $l= mb_strlen($characters, 'UTF8'); $i<$l; $i++){ - if ($c == 0){ - $alphabet.= ""; - } - - $ch = mb_substr($characters, $i, 1, "UTF8"); - $alphabet.= " ".$ch." "; - - if ($c++ == $count){ - $alphabet.= ""; - $c= 0; - } - } - - /* Fill remaining cells */ - while ($c++ <= $count){ - $alphabet.= " "; - } - - return ($alphabet); -} - - -function validate($string) -{ - return (strip_tags(str_replace('\0', '', $string))); -} - - -function get_gosa_version() -{ - global $svn_revision, $svn_path; - - /* Extract informations */ - $revision= preg_replace('/^[^0-9]*([0-9]+)[^0-9]*$/', '\1', $svn_revision); - - /* Release or development? */ - if (preg_match('%/gosa/trunk/%', $svn_path)){ - return (sprintf(_("GOsa development snapshot (Rev %s)"), $revision)); - } else { - $release= preg_replace('%^.*/([^/]+)/include/functions.inc.*$%', '\1', $svn_path); - return (sprintf(_("GOsa $release"), $revision)); - } -} + return (sprintf(_("GOsa $release"), $revision)); +} +/*! \brief Recursively delete a path in the file system + * + * Will delete the given path and all its files recursively. + * Can also follow links if told so. + * + * \param string 'path' + * \param boolean 'followLinks' TRUE to follow links, FALSE (default) + * for not following links + */ function rmdirRecursive($path, $followLinks=false) { $dir= opendir($path); while($entry= readdir($dir)) { @@ -1886,6 +2097,14 @@ function rmdirRecursive($path, $followLinks=false) { } +/*! \brief Get directory content information + * + * Returns the content of a directory as an array in an + * ascended sorted manner. + * + * \param string 'path' + * \param boolean weither to sort the content descending. + */ function scan_directory($path,$sort_desc=false) { $ret = false; @@ -1920,6 +2139,7 @@ function scan_directory($path,$sort_desc=false) } +/*! \brief Clean the smarty compile dir */ function clean_smarty_compile_dir($directory) { global $svn_revision; @@ -1943,14 +2163,10 @@ function clean_smarty_compile_dir($directory) is_writable($directory."/".$file)) { // delete file if(!unlink($directory."/".$file)) { - msg_dialog::display(_("Internal error"), sprintf(_("File '%s' could not be deleted."), $directory."/".$file), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), sprintf(_("File %s cannot be deleted!"), bold($directory."/".$file)), ERROR_DIALOG); // This should never be reached } - } elseif(is_dir($directory."/".$file) && - is_writable($directory."/".$file)) { - // Just recursively delete it - rmdirRecursive($directory."/".$file); - } + } } // We should now create a fresh revision file clean_smarty_compile_dir($directory); @@ -1977,7 +2193,7 @@ function create_revision($revision_file, $revision) } fclose($fh); } else { - msg_dialog::display(_("Internal error"), _("Cannot write to revision file!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG); } return $result; @@ -1997,7 +2213,7 @@ function compare_revision($revision_file, $revision) $result= true; } } else { - msg_dialog::display(_("Internal error"), _("Cannot write to revision file!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG); } // Close file fclose($fh); @@ -2007,12 +2223,90 @@ function compare_revision($revision_file, $revision) } -function progressbar($percentage,$width=100,$height=15,$showvalue=false) -{ - return(""); +/*! \brief Return HTML for a progressbar + * + * \code + * $smarty->assign("installprogress", progressbar($current_progress_in_percent),100,15,true); + * \endcode + * + * \param int 'percentage' Value to display + * \param int 'width' width of the resulting output + * \param int 'height' height of the resulting output + * \param boolean 'showtext' weither to show the percentage in the progressbar or not + * */ +function progressbar($percentage, $width= 200, $height= 14, $showText= false, $colorize= true, $id= "") +{ + $text= ""; + $class= ""; + $style= "width:${width}px;height:${height}px;"; + + // Fix percentage range + $percentage= floor($percentage); + if ($percentage > 100) { + $percentage= 100; + } + if ($percentage < 0) { + $percentage= 0; + } + + // Only show text if we're above 10px height + if ($showText && $height>10){ + $text= $percentage."%"; + } + + // Set font size + $style.= "font-size:".($height-3)."px;"; + + // Set color + if ($colorize){ + if ($percentage < 70) { + $class= " progress-low"; + } elseif ($percentage < 80) { + $class= " progress-mid"; + } elseif ($percentage < 90) { + $class= " progress-high"; + } else { + $class= " progress-full"; + } + } + + // Apply gradients + $hoffset= floor($height / 2) + 4; + $woffset= floor(($width+5) * (100-$percentage) / 100); + foreach (array("-moz-box-shadow", "-webkit-box-shadow", "box-shadow") as $type) { + $style.="$type: + 0 0 2px rgba(255, 255, 255, 0.4) inset, + 0 4px 6px rgba(255, 255, 255, 0.4) inset, + 0 ".$hoffset."px 0 -2px rgba(255, 255, 255, 0.2) inset, + -".$woffset."px 0 0 -2px rgba(255, 255, 255, 0.2) inset, + -".($woffset+1)."px 0 0 -2px rgba(0, 0, 0, 0.6) inset, + 0pt ".($hoffset+1)."px 8px rgba(0, 0, 0, 0.3) inset, + 0pt 1px 0px rgba(0, 0, 0, 0.2);"; + } + + // Set ID + if ($id != ""){ + $id= "id='$id'"; + } + + return "

$text
"; } +/*! \brief Lookup a key in an array case-insensitive + * + * Given an associative array this can lookup the value of + * a certain key, regardless of the case. + * + * \code + * $items = array ('FOO' => 'blub', 'bar' => 'blub'); + * array_key_ics('foo', $items); # Returns 'blub' + * array_key_ics('BAR', $items); # Returns 'blub' + * \endcode + * + * \param string 'key' needle + * \param array 'items' haystack + */ function array_key_ics($ikey, $items) { $tmp= array_change_key_case($items, CASE_LOWER); @@ -2025,6 +2319,12 @@ function array_key_ics($ikey, $items) } +/*! \brief Determine if two arrays are different + * + * \param array 'src' + * \param array 'dst' + * \return boolean TRUE or FALSE + * */ function array_differs($src, $dst) { /* If the count is differing, the arrays differ */ @@ -2063,27 +2363,14 @@ function saveFilter($a_filter, $values) } -/* Escape all LDAP filter relevant characters */ +/*! \brief Escape all LDAP filter relevant characters */ function normalizeLdap($input) { return (addcslashes($input, '()|')); } -/* Resturns the difference between to microtime() results in float */ -function get_MicroTimeDiff($start , $stop) -{ - $a = split("\ ",$start); - $b = split("\ ",$stop); - - $secs = $b[1] - $a[1]; - $msecs= $b[0] - $a[0]; - - $ret = (float) ($secs+ $msecs); - return($ret); -} - - +/*! \brief Return the gosa base directory */ function get_base_dir() { global $BASE_DIR; @@ -2092,6 +2379,7 @@ function get_base_dir() } +/*! \brief Test weither we are allowed to read the object */ function obj_is_readable($dn, $object, $attribute) { global $ui; @@ -2100,6 +2388,7 @@ function obj_is_readable($dn, $object, $attribute) } +/*! \brief Test weither we are allowed to change the object */ function obj_is_writable($dn, $object, $attribute) { global $ui; @@ -2108,6 +2397,16 @@ function obj_is_writable($dn, $object, $attribute) } +/*! \brief Explode a DN into its parts + * + * Similar to explode (http://php.net/explode), but a bit more specific + * for the needs when splitting, exploding LDAP DNs. + * + * \param string 'dn' the DN to split + * \param config-object a config object. only neeeded if DN shall be verified in the LDAP + * \param boolean verify_in_ldap check weither DN is valid + * + */ function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false) { /* Initialize variables */ @@ -2172,10 +2471,10 @@ function get_base_from_hook($dn, $attrib) { global $config; - if ($config->get_cfg_value("baseIdHook") != ""){ + if ($config->get_cfg_value("core","baseIdHook") != ""){ /* Call hook script - if present */ - $command= $config->get_cfg_value("baseIdHook"); + $command= $config->get_cfg_value("core","baseIdHook"); if ($command != ""){ $command.= " '".LDAP::fix($dn)."' $attrib"; @@ -2186,29 +2485,31 @@ function get_base_from_hook($dn, $attrib) return ($output[0]); } else { msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG); - return ($config->get_cfg_value("uidNumberBase")); + return ($config->get_cfg_value("core","uidNumberBase")); } } else { msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG); - return ($config->get_cfg_value("uidNumberBase")); + return ($config->get_cfg_value("core","uidNumberBase")); } } else { msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG); - return ($config->get_cfg_value("uidNumberBase")); + return ($config->get_cfg_value("core","uidNumberBase")); } } } +/*! \brief Check if schema version matches the requirements */ function check_schema_version($class, $version) { return preg_match("/\(v$version\)/", $class['DESC']); } +/*! \brief Check if LDAP schema matches the requirements */ function check_schema($cfg,$rfc2307bis = FALSE) { $messages= array(); @@ -2217,7 +2518,7 @@ function check_schema($cfg,$rfc2307bis = FALSE) $ldap = new ldapMultiplexer(new LDAP($cfg['admin'],$cfg['password'],$cfg['connection'] ,FALSE, $cfg['tls'])); $objectclasses = $ldap->get_objectclasses(); if(count($objectclasses) == 0){ - msg_dialog::display(_("LDAP warning"), _("Cannot get schema information from server. No schema check possible!"), WARNING_DIALOG); + msg_dialog::display(_("Warning"), _("Cannot read schema information from LDAP. Schema validation is not possible!"), WARNING_DIALOG); } /* This is the default block used for each entry. @@ -2229,52 +2530,52 @@ function check_schema($cfg,$rfc2307bis = FALSE) "STATUS" => FALSE, "IS_MUST_HAVE" => FALSE, "MSG" => "", - "INFO" => "");#_("There is currently no information specified for this schema extension.")); + "INFO" => ""); /* The gosa base schema */ $checks['gosaObject'] = $def_check; $checks['gosaObject']['REQUIRED_VERSION'] = "2.6.1"; - $checks['gosaObject']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema"); + $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema"); $checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject"); $checks['gosaObject']['IS_MUST_HAVE'] = TRUE; /* GOsa Account class */ $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6"; - $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema"); + $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema"); $checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount"); $checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE; - $checks["gosaAccount"]["INFO"] = _("Used to store account specific informations."); + $checks["gosaAccount"]["INFO"] = _("This class is used to make users appear in GOsa."); /* GOsa lock entry, used to mark currently edited objects as 'in use' */ $checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.6.1"; - $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema"); + $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema"); $checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry"); $checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE; - $checks["gosaLockEntry"]["INFO"] = _("Used to lock currently edited entries to avoid multiple changes at the same time."); + $checks["gosaLockEntry"]["INFO"] = _("This class is used to lock entries in order to prevent multiple edits at a time."); /* Some other checks */ foreach(array( - "gosaCacheEntry" => array("version" => "2.6.1"), - "gosaDepartment" => array("version" => "2.6.1"), + "gosaCacheEntry" => array("version" => "2.6.1", "class" => "gosaAccount"), + "gosaDepartment" => array("version" => "2.6.1", "class" => "gosaAccount"), "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), "gosaUserTemplate" => array("version" => "2.6.1", "class" => "posixAccount","file" => "nis.schema"), - "gosaMailAccount" => array("version" => "2.6.1", "class" => "mailAccount","file" => "gosa+samba3.schema"), - "gosaProxyAccount" => array("version" => "2.6.1", "class" => "proxyAccount","file" => "gosa+samba3.schema"), + "gosaMailAccount" => array("version" => "2.6.1", "class" => "mailAccount","file" => "gosa-samba3.schema"), + "gosaProxyAccount" => array("version" => "2.6.1", "class" => "proxyAccount","file" => "gosa-samba3.schema"), "gosaApplication" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"), "gosaApplicationGroup" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"), "GOhard" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), "gotoTerminal" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), - "goServer" => array("version" => "2.6.1","class" => "server","file" => "goserver.schema"), + "goServer" => array("version" => "2.6.1", "class" => "server","file" => "goserver.schema"), "goTerminalServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), "goShareServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), "goNtpServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), "goSyslogServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), - "goLdapServer" => array("version" => "2.6.1"), + "goLdapServer" => array("version" => "2.6.1", "class" => "goServer"), "goCupsServer" => array("version" => "2.6.1", "class" => array("posixAccount", "terminals"),), - "goImapServer" => array("version" => "2.6.1", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3. schema"), - "goKrbServer" => array("version" => "2.6.1"), + "goImapServer" => array("version" => "2.6.1", "class" => array("mailAccount", "mailgroup"),"file" => "gosa-samba3.schema"), + "goKrbServer" => array("version" => "2.6.1", "class" => "goServer"), "goFaxServer" => array("version" => "2.6.1", "class" => "gofaxAccount","file" => "gofax.schema"), ) as $name => $values){ @@ -2285,29 +2586,28 @@ function check_schema($cfg,$rfc2307bis = FALSE) if(isset($values['file'])){ $checks[$name]["SCHEMA_FILES"] = array($values['file']); } - $checks[$name]["CLASSES_REQUIRED"] = array($name); + if (isset($values['class'])) { + $checks[$name]["CLASSES_REQUIRED"] = is_array($values['class'])?$values['class']:array($values['class']); + } } foreach($checks as $name => $value){ foreach($value['CLASSES_REQUIRED'] as $class){ if(!isset($objectclasses[$name])){ - $checks[$name]['STATUS'] = FALSE; if($value['IS_MUST_HAVE']){ - $checks[$name]['MSG'] = sprintf(_("Missing required object class '%s'!"),$class); - }else{ - $checks[$name]['MSG'] = sprintf(_("Missing optional object class '%s'!"),$class); + $checks[$name]['STATUS'] = FALSE; + $checks[$name]['MSG'] = sprintf(_("Required object class %s is missing!"), bold($class)); + } else { + $checks[$name]['STATUS'] = TRUE; + $checks[$name]['MSG'] = sprintf(_("Optional object class %s is missing!"), bold($class)); } }elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){ $checks[$name]['STATUS'] = FALSE; - if($value['IS_MUST_HAVE']){ - $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']); - }else{ - $checks[$name]['MSG'] = sprintf(_("Version mismatch for optional object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']); - } + $checks[$name]['MSG'] = sprintf(_("Wrong version of required object class %s (!=%s) detected!"), bold($class), bold($value['REQUIRED_VERSION'])); }else{ $checks[$name]['STATUS'] = TRUE; - $checks[$name]['MSG'] = sprintf(_("Class(es) available")); + $checks[$name]['MSG'] = sprintf(_("Class available")); } } } @@ -2317,7 +2617,7 @@ function check_schema($cfg,$rfc2307bis = FALSE) /* The gosa base schema */ $checks['posixGroup'] = $def_check; $checks['posixGroup']['REQUIRED_VERSION'] = "2.6.1"; - $checks['posixGroup']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema"); + $checks['posixGroup']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema"); $checks['posixGroup']['CLASSES_REQUIRED'] = array("posixGroup"); $checks['posixGroup']['STATUS'] = TRUE; $checks['posixGroup']['IS_MUST_HAVE'] = TRUE; @@ -2329,13 +2629,13 @@ function check_schema($cfg,$rfc2307bis = FALSE) if($rfc2307bis && isset($tmp['posixGroup']['STRUCTURAL'])){ $checks['posixGroup']['STATUS'] = FALSE; - $checks['posixGroup']['MSG'] = _("You have enabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option."); - $checks['posixGroup']['INFO'] = _("In order to use rfc2307bis conform groups the objectClass 'posixGroup' must be AUXILIARY"); + $checks['posixGroup']['MSG'] = _("RFC2307bis schema is enabled, but the current LDAP configuration does not support it!"); + $checks['posixGroup']['INFO'] = _("To use RFC2307bis groups, the objectClass 'posixGroup' must be AUXILIARY."); } if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){ $checks['posixGroup']['STATUS'] = FALSE; - $checks['posixGroup']['MSG'] = _("Your schema is configured to support the rfc2307bis group, but you have disabled this option on the 'ldap setup' step."); - $checks['posixGroup']['INFO'] = _("The objectClass 'posixGroup' must be STRUCTURAL"); + $checks['posixGroup']['MSG'] = _("RFC2307bis schema is disabled, but the current LDAP configuration supports it!"); + $checks['posixGroup']['INFO'] = _("To correct this, the objectClass 'posixGroup' must be STRUCTURAL."); } } @@ -2353,6 +2653,7 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA "en_US" => "English", "nl_NL" => "Dutch", "pl_PL" => "Polish", + "pt_BR" => "Brazilian Portuguese", #"sv_SE" => "Swedish", "zh_CN" => "Chinese", "vi_VN" => "Vietnamese", @@ -2366,6 +2667,7 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA "en_US" => _("English"), "nl_NL" => _("Dutch"), "pl_PL" => _("Polish"), + "pt_BR" => _("Brazilian Portuguese"), #"sv_SE" => _("Swedish"), "zh_CN" => _("Chinese"), "vi_VN" => _("Vietnamese"), @@ -2408,22 +2710,86 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA } -/* Returns contents of the given POST variable and check magic quotes settings */ +/*! \brief Returns contents of the given POST variable and check magic quotes settings + * + * Depending on the magic quotes settings this returns a stripclashed'ed version of + * a certain POST variable. + * + * \param string 'name' the POST var to return ($_POST[$name]) + * \return string + * */ function get_post($name) +{ + if(!isset($_POST[$name])){ + trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message."); + return(FALSE); + } + + // Handle Posted Arrays + $tmp = array(); + if(is_array($_POST[$name]) && !is_string($_POST[$name])){ + foreach($_POST[$name] as $key => $val){ + if(get_magic_quotes_gpc()){ + $val = stripcslashes($val); + } + $tmp[$key] = $val; + } + return($tmp); + }else{ + + if(get_magic_quotes_gpc()){ + $val = stripcslashes($_POST[$name]); + }else{ + $val = $_POST[$name]; + } + } + return($val); +} + + +/*! \brief Returns contents of the given POST variable and check magic quotes settings + * + * Depending on the magic quotes settings this returns a stripclashed'ed version of + * a certain POST variable. + * + * \param string 'name' the POST var to return ($_POST[$name]) + * \return string + * */ +function get_binary_post($name) { if(!isset($_POST[$name])){ trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message."); return(FALSE); } + + $p = str_replace('\0', '', $_POST[$name]); if(get_magic_quotes_gpc()){ - return(stripcslashes($_POST[$name])); + return(stripcslashes($p)); }else{ - return($_POST[$name]); + return($_POST[$p]); } } +function set_post($value) +{ + // Take care of array, recursivly convert each array entry. + if(is_array($value)){ + foreach($value as $key => $val){ + $value[$key] = set_post($val); + } + return($value); + } + + // Do not touch boolean values, we may break them. + if($value === TRUE || $value === FALSE ) return($value); + + // Return a fixed string which can then be used in HTML fields without + // breaking the layout or the values. This allows to use '"<> in input fields. + return(htmlentities($value, ENT_QUOTES, 'utf-8')); +} + -/* Return class name in correct case */ +/*! \brief Return class name in correct case */ function get_correct_class_name($cls) { global $class_mapping; @@ -2438,132 +2804,242 @@ function get_correct_class_name($cls) } -// change_password, changes the Password, of the given dn -function change_password ($dn, $password, $mode=0, $hash= "") +/*! \brief Change the password for a given object ($dn). + * This method uses the specified hashing method to generate a new password + * for the object and it also takes care of sambaHashes, if enabled. + * Finally the postmodify hook of the class 'user' will be called, if it is set. + * + * @param String The DN whose password shall be changed. + * @param String The new password. + * @param Boolean Skip adding samba hashes to the target (sambaNTPassword,sambaLMPassword) + * @param String The hashin method to use, default is the global configured default. + * @param String The users old password, this allows script based rollback mechanisms, + * the prehook will then be called witch switched newPassword/oldPassword. + * @return Boolean TRUE on success else FALSE. + */ +function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password = "", &$message = "") { - global $config; - $newpass= ""; - - /* Convert to lower. Methods are lowercase */ - $hash= strtolower($hash); - - // Get all available encryption Methods - - // NON STATIC CALL :) - $methods = new passwordMethod(session::get('config')); - $available = $methods->get_available_methods(); - - // read current password entry for $dn, to detect the encryption Method - $ldap = $config->get_ldap_link(); - $ldap->cat ($dn, array("shadowLastChange", "userPassword", "uid")); - $attrs = $ldap->fetch (); - - /* Is ensure that clear passwords will stay clear */ - if($hash == "" && isset($attrs['userPassword'][0]) && !preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0])){ - $hash = "clear"; - } - - // Detect the encryption Method - if ( (isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)) || $hash != ""){ + global $config; + $newpass= ""; - /* Check for supported algorithm */ + // Not sure, why this is here, but maybe some encryption methods require it. mt_srand((double) microtime()*1000000); - /* Extract used hash */ - if ($hash == ""){ - $test = passwordMethod::get_method($attrs['userPassword'][0],$dn); - } else { - $test = new $available[$hash]($config,$dn); - $test->set_hash($hash); - } - - } else { - // User MD5 by default - $hash= "md5"; - $test = new $available['md5']($config); - } - - if($test instanceOf passwordMethod){ + // Get a list of all available password encryption methods. + $methods = new passwordMethod(session::get('config'),$dn); + $available = $methods->get_available_methods(); - $deactivated = $test->is_locked($config,$dn); + // Fetch the current object data, to be able to detect the current hashing method + // and to be able to rollback changes once has an error occured. + $ldap = $config->get_ldap_link(); + $ldap->cat ($dn, array("shadowLastChange", "userPassword","sambaNTPassword","sambaLMPassword", "uid")); + $attrs = $ldap->fetch (); + $initialAttrs = $attrs; + + // If no hashing method is enforced, then detect what method we've to use. + $hash = strtolower($hash); + if(empty($hash)){ + + // Do we need clear-text password for this object? + if(isset($attrs['userPassword'][0]) && !preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0])){ + $hash = "clear"; + $test = new $available[$hash]($config,$dn); + $test->set_hash($hash); + } - /* Feed password backends with information */ - $test->dn= $dn; - $test->attrs= $attrs; - $newpass= $test->generate_hash($password); + // If we've still no valid hashing method detected, then try to extract if from the userPassword attribute. + elseif(isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)){ + $test = passwordMethod::get_method($attrs['userPassword'][0],$dn); + $hash = $test->get_hash_name(); + } - // Update shadow timestamp? - if (isset($attrs["shadowLastChange"][0])){ - $shadow= (int)(date("U") / 86400); - } else { - $shadow= 0; + // No current password was found and no hash is enforced, so we've to use the config default here. + $hash = $config->get_cfg_value('core','passwordDefaultHash'); + $test = new $available[$hash]($config,$dn); + $test->set_hash($hash); + }else{ + $test = new $available[$hash]($config,$dn); + $test->set_hash($hash); } - // Write back modified entry - $ldap->cd($dn); - $attrs= array(); - - // Not for groups - if ($mode == 0){ - - if ($shadow != 0){ - $attrs['shadowLastChange']= $shadow; - } - - // Create SMB Password - $attrs= generate_smb_nt_hash($password); - } + // We've now a valid password-method-handle and can create the new password hash or don't we? + if(!$test instanceOf passwordMethod){ + $message = _("Cannot detect password hash!"); + }else{ - $attrs['userPassword']= array(); - $attrs['userPassword']= $newpass; + // Feed password backends with object information. + $test->dn = $dn; + $test->attrs = $attrs; + $newpass= $test->generate_hash($password); + + // Do we have to append samba attributes too? + // - sambaNTPassword / sambaLMPassword + $tmp = $config->get_cfg_value('core','sambaHashHook'); + $attrs= array(); + if (!$mode && !empty($tmp)){ + $attrs= generate_smb_nt_hash($password); + $shadow = (isset($attrs["shadowLastChange"][0]))?(int)(date("U") / 86400):0; + if ($shadow != 0){ + $attrs['shadowLastChange']= $shadow; + } + } - $ldap->modify($attrs); + // Write back the new password hash + $ldap->cd($dn); + $attrs['userPassword']= $newpass; - /* Read ! if user was deactivated */ - if($deactivated){ - $test->lock_account($config,$dn); - } + // Prepare a special attribute list, which will be used for event hook calls + $attrsEvent = array(); + foreach($initialAttrs as $name => $value){ + if(!is_numeric($name)) + $attrsEvent[$name] = escapeshellarg($value[0]); + } + $attrsEvent['dn'] = escapeshellarg($initialAttrs['dn']); + foreach($attrs as $name => $value){ + $attrsEvent[$name] = escapeshellarg($value); + } + $attrsEvent['current_password'] = escapeshellarg($old_password); + $attrsEvent['new_password'] = escapeshellarg($password); + + // Call the premodify hook now + $passwordPlugin = new password($config,$dn); + plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); + if($retCode === 0 && count($output)){ + $message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output)); + return(FALSE); + } - new log("modify","users/passwordMethod",$dn,array_keys($attrs),$ldap->get_error()); + // Perform ldap operations + $ldap->modify($attrs); - if (!$ldap->success()) { - msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, ERROR_DIALOG)); - } else { + // Check if the object was locked before, if it was, lock it again! + $deactivated = $test->is_locked($config,$dn); + if($deactivated){ + $test->lock_account($config,$dn); + } - /* Run backend method for change/create */ - if(!$test->set_password($password)){ - return(FALSE); - } + // Check if everything went fine and then call the post event hooks. + // If an error occures, then try to rollback the complete actions done. + $preRollback = FALSE; + $ldapRollback = FALSE; + $success = TRUE; + if (!$ldap->success()) { + new log("modify","users/passwordMethod",$dn,array(),"Password change - ldap modifications! - FAILED"); + $success =FALSE; + $message = msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD); + $preRollback =TRUE; + } else { - /* Find postmodify entries for this class */ - $command= $config->search("password", "POSTMODIFY",array('menu')); + // Now call the passwordMethod change mechanism. + if(!$test->set_password($password)){ + $ldapRollback = TRUE; + $preRollback =TRUE; + $success = FALSE; + new log("modify","users/passwordMethod",$dn,array(),"Password change - set_password! - FAILED"); + $message = _("Password change failed!"); + }else{ + + // Execute the password hook + plugin::callHook($passwordPlugin, 'POSTMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); + if($retCode === 0){ + if(count($output)){ + new log("modify","users/passwordMethod",$dn,array(),"Password change - Post modify hook reported! - FAILED!"); + $message = sprintf(_("Post-event hook reported a problem: %s. Password change canceled!"),implode($output)); + $ldapRollback = TRUE; + $preRollback = TRUE; + $success = FALSE; + }else{ + #new log("modify","users/passwordMethod",$dn,array(),"Password change - successfull!"); + } + }else{ + $ldapRollback = TRUE; + $preRollback = TRUE; + $success = FALSE; + new log("modify","users/passwordMethod",$dn,array(),"Password change - postmodify hook execution! - FAILED"); + new log("modify","users/passwordMethod",$dn,array(),$error); + + // Call password method again and send in old password to + // keep the database consistency + $test->set_password($old_password); + } + } + } - if ($command != ""){ - /* Walk through attribute list */ - $command= preg_replace("/%userPassword/", $password, $command); - $command= preg_replace("/%dn/", $dn, $command); + // Setting the password in the ldap database or further operation failed, we should now execute + // the plugins pre-event hook, using switched passwords, new/old password. + // This ensures that passwords which were set outside of GOsa, will be reset to its + // starting value. + if($preRollback){ + new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook!"); + $oldpass= $test->generate_hash($old_password); + $attrsEvent['current_password'] = escapeshellarg($password); + $attrsEvent['new_password'] = escapeshellarg($old_password); + foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){ + if(isset($initialAttrs[$attr][0])) $attrsEvent[$attr] = $initialAttrs[$attr][0]; + } + + plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); + if($retCode === 0 && count($output)){ + $message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output)); + new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook! - FAILED!"); + } + } + + // We've written the password to the ldap database, but executing the postmodify hook failed. + // Now, we've to rollback all password related ldap operations. + if($ldapRollback){ + new log("modify","users/passwordMethod",$dn,array(),"Rolling back ldap modifications!"); + $attrs = array(); + foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){ + if(isset($initialAttrs[$attr][0])) $attrs[$attr] = $initialAttrs[$attr][0]; + } + $ldap->cd($dn); + $ldap->modify($attrs); + if(!$ldap->success()){ + $message = msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD); + new log("modify","users/passwordMethod",$dn,array(),"Rolling back ldap modifications! - FAILED"); + } + } - if (check_command($command)){ - @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute"); - exec($command); - } else { - $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, "password"); - msg_dialog::display(_("Configuration error"), $message, ERROR_DIALOG); + // Log action. + if($success){ + stats::log('global', 'global', array('users'), $action = 'change_password', $amount = 1, 0, $test->get_hash()); + new log("modify","users/passwordMethod",$dn,array(),"Password change - successfull!"); + }else{ + new log("modify","users/passwordMethod",$dn,array(),"Password change - FAILED!"); } - } + + return($success); } - return(TRUE); - } } -// Return something like array['sambaLMPassword']= "lalla..." +/*! \brief Generate samba hashes + * + * Given a certain password this constructs an array like + * array['sambaLMPassword'] etc. + * + * \param string 'password' + * \return array contains several keys for lmPassword, ntPassword, pwdLastSet, etc. depending + * on the samba version + */ function generate_smb_nt_hash($password) { global $config; - # Try to use gosa-si? - if ($config->get_cfg_value("gosaSupportURI") != ""){ + // First try to retrieve values via RPC + if ($config->get_cfg_value("core","gosaRpcServer") != ""){ + + $rpc = $config->getRpcHandle(); + $hash = $rpc->mksmbhash($password); + if(!$rpc->success()){ + msg_dialog::display(_("Error"),msgPool::rpcError($rpc->get_error()),ERROR_DIALOG); + return(""); + } + + }elseif ($config->get_cfg_value("core","gosaSupportURI") != ""){ + + // Try using gosa-si $res= gosaSupportDaemon::send("gosa_gen_smb_hash", "GOSA", array("password" => $password), TRUE); if (isset($res['XML']['HASH'])){ $hash= $res['XML']['HASH']; @@ -2572,11 +3048,13 @@ function generate_smb_nt_hash($password) } if ($hash == "") { - msg_dialog::display(_("Configuration error"), _("Cannot generate samba hash!"), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), _("Cannot generate SAMBA hash!"), ERROR_DIALOG); return (""); } } else { - $tmp= $config->get_cfg_value('sambaHashHook')." ".escapeshellarg($password); + $tmp = $config->get_cfg_value("core",'sambaHashHook'); + $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp); + $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp); @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute"); exec($tmp, $ar); @@ -2585,28 +3063,32 @@ function generate_smb_nt_hash($password) $hash= current($ar); if ($hash == "") { - msg_dialog::display(_("Configuration error"), sprintf(_("Cannot generate samba hash: running '%s' failed, check the 'sambaHashHook'!"),$config->get_cfg_value('sambaHashHook')), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), sprintf(_("Generating SAMBA hash by running %s failed: check %s!"), bold($config->get_cfg_value("core",'sambaHashHook'), bold("sambaHashHook"))), ERROR_DIALOG); return (""); } } - list($lm,$nt)= split (":", trim($hash)); + list($lm,$nt)= explode(":", trim($hash)); - if ($config->get_cfg_value("sambaversion") == 3) { - $attrs['sambaLMPassword']= $lm; - $attrs['sambaNTPassword']= $nt; - $attrs['sambaPwdLastSet']= date('U'); - $attrs['sambaBadPasswordCount']= "0"; - $attrs['sambaBadPasswordTime']= "0"; - } else { - $attrs['lmPassword']= $lm; - $attrs['ntPassword']= $nt; - $attrs['pwdLastSet']= date('U'); - } + $attrs['sambaLMPassword']= $lm; + $attrs['sambaNTPassword']= $nt; + $attrs['sambaPwdLastSet']= date('U'); + $attrs['sambaBadPasswordCount']= "0"; + $attrs['sambaBadPasswordTime']= "0"; return($attrs); } +/*! \brief Get the Change Sequence Number of a certain DN + * + * To verify if a given object has been changed outside of Gosa + * in the meanwhile, this function can be used to get the entryCSN + * from the LDAP directory. It uses the attribute as configured + * in modificationDetectionAttribute + * + * \param string 'dn' + * \return either the result or "" in any other case + */ function getEntryCSN($dn) { global $config; @@ -2615,7 +3097,7 @@ function getEntryCSN($dn) } /* Get attribute that we should use as serial number */ - $attr= $config->get_cfg_value("modificationDetectionAttribute"); + $attr= $config->get_cfg_value("core","modificationDetectionAttribute"); if($attr != ""){ $ldap = $config->get_ldap_link(); $ldap->cat($dn,array($attr)); @@ -2628,7 +3110,16 @@ function getEntryCSN($dn) } -/* Add a given objectClass to an attrs entry */ +/*! \brief Add (a) given objectClass(es) to an attrs entry + * + * The function adds the specified objectClass(es) to the given + * attrs entry. + * + * \param mixed 'classes' Either a single objectClass or several objectClasses + * as an array + * \param array 'attrs' The attrs array to be modified. + * + * */ function add_objectClass($classes, &$attrs) { if (is_array($classes)){ @@ -2643,7 +3134,11 @@ function add_objectClass($classes, &$attrs) } -/* Removes a given objectClass from the attrs entry */ +/*! \brief Removes a given objectClass from the attrs entry + * + * Similar to add_objectClass, except that it removes the given + * objectClasses. See it for the params. + * */ function remove_objectClass($classes, &$attrs) { if (isset($attrs['objectClass'])){ @@ -2666,10 +3161,11 @@ function remove_objectClass($classes, &$attrs) } } + /*! \brief Initialize a file download with given content, name and data type. - * @param data String The content to send. - * @param name String The name of the file. - * @param type String The content identifier, default value is "application/octet-stream"; + * \param string data The content to send. + * \param string name The name of the file. + * \param string type The content identifier, default value is "application/octet-stream"; */ function send_binary_content($data,$name,$type = "application/octet-stream") { @@ -2714,8 +3210,8 @@ function reverse_html_entities($str,$type = ENT_QUOTES , $charset = "UTF-8") /*! \brief Encode special string characters so we can use the string in \ HTML output, without breaking quotes. - @param The String we want to encode. - @return The encoded String + \param string The String we want to encode. + \return string The encoded String */ function xmlentities($str) { @@ -2747,8 +3243,8 @@ function xmlentities($str) /*! \brief Updates all accessTo attributes from a given value to a new one. For example if a host is renamed. - @param String $from The source accessTo name. - @param String $to The destination accessTo name. + \param String $from The source accessTo name. + \param String $to The destination accessTo name. */ function update_accessTo($from,$to) { @@ -2759,9 +3255,6 @@ function update_accessTo($from,$to) while($attrs = $ldap->fetch()){ $new_attrs = array("accessTo" => array()); $dn = $attrs['dn']; - for($i = 0 ; $i < $attrs['objectClass']['count']; $i++){ - $new_attrs['objectClass'][] = $attrs['objectClass'][$i]; - } for($i = 0 ; $i < $attrs['accessTo']['count']; $i++){ if($attrs['accessTo'][$i] == $from){ if(!empty($to)){ @@ -2781,6 +3274,7 @@ function update_accessTo($from,$to) } +/*! \brief Returns a random char */ function get_random_char () { $randno = rand (0, 63); if ($randno < 12) { @@ -2836,5 +3330,524 @@ function isIpInNet($ip, $net, $mask) { } +function get_next_id($attrib, $dn) +{ + global $config; + + switch ($config->get_cfg_value("core","idAllocationMethod")){ + case "pool": + return get_next_id_pool($attrib); + case "traditional": + return get_next_id_traditional($attrib, $dn); + } + + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG); + return null; +} + + +function get_next_id_pool($attrib) { + global $config; + + /* Fill informational values */ + $min= $config->get_cfg_value("core","${attrib}PoolMin"); + $max= $config->get_cfg_value("core","${attrib}PoolMax"); + + /* Sanity check */ + if ($min >= $max) { + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), bold($attrib), bold($attrib)), ERROR_DIALOG); + return null; + } + + /* ID to skip */ + $ldap= $config->get_ldap_link(); + $id= null; + + /* Try to allocate the ID several times before failing */ + $tries= 3; + while ($tries--) { + + /* Look for ID map entry */ + $ldap->cd ($config->current['BASE']); + $ldap->search ("(&(objectClass=sambaUnixIdPool)($attrib=*))", array("$attrib")); + + /* If it does not exist, create one with these defaults */ + if ($ldap->count() == 0) { + /* Fill informational values */ + $minUserId= $config->get_cfg_value("core","uidNumberPoolMin"); + $minGroupId= $config->get_cfg_value("core","gidNumberPoolMin"); + + /* Add as default */ + $attrs= array("objectClass" => array("organizationalUnit", "sambaUnixIdPool")); + $attrs["ou"]= "idmap"; + $attrs["uidNumber"]= $minUserId; + $attrs["gidNumber"]= $minGroupId; + $ldap->cd("ou=idmap,".$config->current['BASE']); + $ldap->add($attrs); + if ($ldap->error != "Success") { + msg_dialog::display(_("Error"), _("Cannot create sambaUnixIdPool entry!"), ERROR_DIALOG); + return null; + } + $tries++; + continue; + } + /* Bail out if it's not unique */ + if ($ldap->count() != 1) { + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG); + return null; + } + + /* Store old attrib and generate new */ + $attrs= $ldap->fetch(); + $dn= $ldap->getDN(); + $oldAttr= $attrs[$attrib][0]; + $newAttr= $oldAttr + 1; + + /* Sanity check */ + if ($newAttr >= $max) { + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG); + return null; + } + if ($newAttr < $min) { + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG); + return null; + } + + #FIXME: PHP is not able to do a modification of "del: .../add: ...", so this + # is completely unsafe in the moment. + #/* Remove old attr, add new attr */ + #$attrs= array($attrib => $oldAttr); + #$ldap->rm($attrs, $dn); + #if ($ldap->error != "Success") { + # continue; + #} + $ldap->cd($dn); + $ldap->modify(array($attrib => $newAttr)); + if ($ldap->error != "Success") { + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".$ldap->get_error(), ERROR_DIALOG); + return null; + } else { + return $oldAttr; + } + } + + /* Bail out if we had problems getting the next id */ + if (!$tries) { + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("maximum number of tries exceeded!"), ERROR_DIALOG); + } + + return $id; +} + + +function get_next_id_traditional($attrib, $dn) +{ + global $config; + + $ids= array(); + $ldap= $config->get_ldap_link(); + + $ldap->cd ($config->current['BASE']); + if (preg_match('/gidNumber/i', $attrib)){ + $oc= "posixGroup"; + } else { + $oc= "posixAccount"; + } + $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib")); + + /* Get list of ids */ + while ($attrs= $ldap->fetch()){ + $ids[]= (int)$attrs["$attrib"][0]; + } + + /* Add the nobody id */ + $ids[]= 65534; + + /* get the ranges */ + $tmp = array('0'=> 1000); + if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("core","uidNumberBase") != ""){ + $tmp= explode('-',$config->get_cfg_value("core","uidNumberBase")); + } elseif($config->get_cfg_value("core","gidNumberBase") != ""){ + $tmp= explode('-',$config->get_cfg_value("core","gidNumberBase")); + } + + /* Set hwm to max if not set - for backward compatibility */ + $lwm= $tmp[0]; + if (isset($tmp[1])){ + $hwm= $tmp[1]; + } else { + $hwm= pow(2,32); + } + /* Find out next free id near to UID_BASE */ + if ($config->get_cfg_value("core","baseIdHook") == ""){ + $base= $lwm; + } else { + /* Call base hook */ + $base= get_base_from_hook($dn, $attrib); + } + for ($id= $base; $id++; $id < pow(2,32)){ + if (!in_array($id, $ids)){ + return ($id); + } + } + + /* Should not happen */ + if ($id == $hwm){ + msg_dialog::display(_("Error"), _("Cannot allocate free ID!"), ERROR_DIALOG); + exit; + } +} + + +/* Mark the occurance of a string with a span */ +function mark($needle, $haystack, $ignorecase= true) +{ + $result= ""; + + while (preg_match('/^(.*)('.preg_quote($needle).')(.*)$/i', $haystack, $matches)) { + $result.= $matches[1]."".$matches[2].""; + $haystack= $matches[3]; + } + + return $result.$haystack; +} + + +/* Return an image description using the path */ +function image($path, $action= "", $title= "", $align= "middle") +{ + global $config; + global $BASE_DIR; + $label= null; + + // Bail out, if there's no style file + if(!session::global_is_set("img-styles")){ + + // Get theme + if (isset ($config)){ + $theme= $config->get_cfg_value("core","theme"); + } else { + + // Fall back to default theme + $theme= "default"; + } + + if (!file_exists("$BASE_DIR/ihtml/themes/$theme/img.styles")){ + die ("No img.style for this theme found!"); + } + + session::global_set('img-styles', unserialize(file_get_contents("$BASE_DIR/ihtml/themes/$theme/img.styles"))); + } + $styles= session::global_get('img-styles'); + + /* Extract labels from path */ + if (preg_match("/\.png\[(.*)\]$/", $path, $matches)) { + $label= $matches[1]; + } + + $lbl= ""; + if ($label) { + if (isset($styles["images/label-".$label.".png"])) { + $lbl= "
"; + } else { + die("Invalid label specified: $label\n"); + } + + $path= preg_replace("/\[.*\]$/", "", $path); + } + + // Non middle layout? + if ($align == "middle") { + $align= ""; + } else { + $align= ";vertical-align:$align"; + } + + // Clickable image or not? + if ($title != "") { + $title= "title='$title'"; + } + if ($action == "") { + return "
$lbl
"; + } else { + return ""; + } +} + +/*! \brief Encodes a complex string to be useable in HTML posts. + */ +function postEncode($str) +{ + return(preg_replace("/=/","_", base64_encode($str))); +} + +/*! \brief Decodes a string encoded by postEncode + */ +function postDecode($str) +{ + return(base64_decode(preg_replace("/_/","=", $str))); +} + + +/*! \brief Generate styled output + */ +function bold($str) +{ + return "$str"; +} + + + +/*! \brief Detect the special character handling for the currently used ldap database. + * For example some convert , to \2C or " to \22. + * + * @param Config The GOsa configuration object. + * @return Array An array containing a character mapping the use. + */ +function detectLdapSpecialCharHandling() +{ + // The list of chars to test for + global $config; + if(!$config) return(NULL); + + // In the DN we've to use escaped characters, but the object name (o) + // has the be un-escaped. + $name = 'GOsaLdapEncoding_,_"_(_)_+'; + $dnName = 'GOsaLdapEncoding_\,_\"_(_)_\+'; + + // Prapare name to be useable in filters + $fixed= normalizeLdap(str_replace('\\\\', '\\\\\\', $name)); + $filterName = str_replace('\\,', '\\\\,', $fixed); + + // Create the target dn + $oDN = "o={$dnName},".$config->current['BASE']; + + // Get ldap connection and check if we've already created the character + // detection object. + $ldapCID = ldap_connect($config->current['SERVER']); + ldap_set_option($ldapCID, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_bind($ldapCID, $config->current['ADMINDN'],$config->current['ADMINPASSWORD']); + $res = ldap_list($ldapCID, $config->current['BASE'], + "(&(o=".$filterName.")(objectClass=organization))", + array('dn')); + + // If we haven't created the character-detection object, then create it now. + $cnt = ldap_count_entries($ldapCID, $res); + if(!$cnt){ + $obj = array(); + $obj['objectClass'] = array('top','organization'); + $obj['o'] = $name; + $obj['description'] = 'GOsa character encoding test-object.'; + if(!@ldap_add($ldapCID, $oDN, $obj)){ + trigger_error("GOsa couldn't detect the special character handling used by your ldap!"); + return(NULL); + } + } + + // Read the character-handling detection entry from the ldap. + $res = ldap_list($ldapCID, $config->current['BASE'], + "(&(o=".$filterName.")(objectClass=organization))", + array('dn','o')); + $cnt = ldap_count_entries($ldapCID, $res); + if($cnt != 1 || !$res){ + trigger_error("GOsa couldn't detect the special character handling used by your ldap!"); + return(NULL); + }else{ + + // Get the character handling entry from the ldap and check how the + // values were written. Compare them with what + // we've initially intended to write and create a mapping out + // of the results. + $re = ldap_first_entry($ldapCID, $res); + $attrs = ldap_get_attributes($ldapCID, $re); + + // Extract the interessting characters out of the dn and the + // initially used $name for the entry. + $mapDNstr = preg_replace("/^o=GOsaLdapEncoding_([^,]*),.*$/","\\1", trim(ldap_get_dn($ldapCID, $re))); + $mapDN = preg_split("/_/", $mapDNstr,0, PREG_SPLIT_NO_EMPTY); + + $mapNameStr = preg_replace("/^GOsaLdapEncoding_/","",$dnName); + $mapName = preg_split("/_/", $mapNameStr,0, PREG_SPLIT_NO_EMPTY); + + // Create a mapping out of the results. + $map = array(); + foreach($mapName as $key => $entry){ + $map[$entry] = $mapDN[$key]; + } + return($map); + } + return(NULL); +} + + +/*! \brief Replaces placeholder in a given string. + * For example: + * '%uid@gonicus.de' Replaces '%uid' with 'uid'. + * '{%uid[0]@gonicus.de}' Replaces '%uid[0]' with the first char of 'uid'. + * '%uid[2-4]@gonicus.de' Replaces '%uid[2-4]' with three chars from 'uid' starting from the second. + * + * The surrounding {} in example 2 are optional. + * + * @param String The string to perform the action on. + * @param Array An array of replacements. + * @return The resulting string. + */ +function fillReplacements($str, $attrs, $shellArg = FALSE, $default = "") +{ + // Search for '{%...[n-m]} + // Get all matching parts of the given string and sort them by + // length, to avoid replacing strings like '%uidNumber' with 'uid' + // instead of 'uidNumber'; The longest tring at first. + preg_match_all('/(\{?%([a-z0-9]+)(\[(([0-9]+)(\-([0-9]+))?)\])?\}?)/i', $str ,$matches, PREG_SET_ORDER); + $hits = array(); + foreach($matches as $match){ + $hits[strlen($match[2]).$match[0]] = $match; + } + krsort($hits); + + // Replace the placeholder in the given string now. + foreach($hits as $match){ + + // Avoid errors about undefined index. + $name = $match[2]; + if(!isset($attrs[$name])) $attrs[$name] = $default; + + // Calculate the replacement + $start = (isset($match[5])) ? $match[5] : 0; + $end = strlen($attrs[$name]); + if(isset($match[5]) && !isset($match[7])){ + $end = 1; + }elseif(isset($match[5]) && isset($match[7])){ + $end = ($match[7]-$start+1); + } + $value = substr($attrs[$name], $start, $end); + + // Use values which are valid for shell execution? + if($shellArg) $value = escapeshellarg($value); + + // Replace the placeholder within the string. + $str = preg_replace("/".preg_quote($match[0],'/')."/", $value, $str); + } + return($str); +} + + +/*! \brief Generate a list of uid proposals based on a rule + * + * Unroll given rule string by filling in attributes and replacing + * all keywords. + * + * \param string 'rule' The rule string from gosa.conf. + * \param array 'attributes' A dictionary of attribute/value mappings + * \return array List of valid not used uids + */ +function gen_uids($rule, $attributes) +{ + global $config; + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + + + // Strip out non ascii chars + foreach($attributes as $name => $value){ + $value = iconv('UTF-8', 'US-ASCII//TRANSLIT', $value); + $value = preg_replace('/[^(\x20-\x7F)]*/','',$value); + $attributes[$name] = strtolower($value); + } + + // Search for '{%...[n-m]} + // Get all matching parts of the given string and sort them by + // length, to avoid replacing strings like '%uidNumber' with 'uid' + // instead of 'uidNumber'; The longest tring at first. + preg_match_all('/(\{?%([a-z0-9]+)(\[(([0-9]+)(\-([0-9]+))?)\])?\}?)/i', $rule ,$matches, PREG_SET_ORDER); + $replacements = array(); + foreach($matches as $match){ + + // No start position given, then add the complete value + if(!isset($match[5])){ + $replacements[$match[0]][] = $attributes[$match[2]]; + + // Start given but no end, so just add a simple character + }elseif(!isset($match[7])){ + if(isset($attributes[$match[2]][$match[5]])){ + $replacements[$match[0]][] = $attributes[$match[2]][$match[5]]; + } + + // Add all values in range + }else{ + $str = ""; + for($i=$match[5]; $i<= $match[7]; $i++){ + if(isset($attributes[$match[2]][$i])){ + $str .= $attributes[$match[2]][$i]; + $replacements[$match[0]][] = $str; + } + } + } + } + + // Create proposal array + $rules = array($rule); + foreach($replacements as $tag => $values){ + $rules = gen_uid_proposals($rules, $tag,$values); + } + + + // Search for id tags {id:3} / {id#3} + preg_match_all('/\{id(#|:)([0-9])+\}/i', $rule ,$matches, PREG_SET_ORDER); + $idReplacements = array(); + foreach($matches as $match){ + if(count($match) != 3) continue; + + // Generate random number + if($match[1] == '#'){ + foreach($rules as $id => $ruleStr){ + $genID = rand(pow(10,$match[2] -1),pow(10, ($match[2])) - 1); + $rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/", $genID,$ruleStr); + } + } + + // Search for next free id + if($match[1] == ':'){ + + // Walk through rules and replace all occurences of {id:..} + foreach($rules as $id => $ruleStr){ + $genID = 0; + $start = TRUE; + while($start || $ldap->count()){ + $start = FALSE; + $number= sprintf("%0".$match[2]."d", $genID); + $testRule = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr); + $ldap->search('uid='.normalizeLdap($testRule)); + $genID ++; + } + $rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr); + } + } + } + + // Create result set by checking which uid is already used and which is free. + $ret = array(); + foreach($rules as $rule){ + $ldap->search('uid='.normalizeLdap($rule)); + if(!$ldap->count()){ + $ret[] = $rule; + } + } + + return($ret); +} + + +function gen_uid_proposals(&$rules, $tag, $values) +{ + $newRules = array(); + foreach($rules as $rule){ + foreach($values as $value){ + $newRules[] = preg_replace("/".preg_quote($tag,'/')."/", $value, $rule); + } + } + return($newRules); +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>