X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Ffunctions.inc;h=893d1431d386971e9c26885bb3daf41109d5f324;hb=9773098162a69430e5c427eb458578bb39e15560;hp=de42b7ff82324d4460433e40ea7990a8544b114d;hpb=b9ad629e87c3bc223f2c54a72c4be3fe9db5df68;p=gosa.git diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index de42b7ff8..893d1431d 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -1981,186 +1981,6 @@ function netmask_to_bits($netmask) } -/*! \brief Recursion helper for gen_id() */ -function recurse($rule, $variables) -{ - $result= array(); - - if (!count($variables)){ - return array($rule); - } - - reset($variables); - $key= key($variables); - $val= current($variables); - unset ($variables[$key]); - - foreach($val as $possibility){ - $nrule= str_replace("{$key}", $possibility, $rule); - $result= array_merge($result, recurse($nrule, $variables)); - } - - return ($result); -} - - -/*! \brief Expands user ID based on possible rules - * - * Unroll given rule string by filling in attributes. - * - * \param string 'rule' The rule string from gosa.conf. - * \param array 'attributes' A dictionary of attribute/value mappings - * \return string Expanded string, still containing the id keyword. - */ -function expand_id($rule, $attributes) -{ - /* Check for id rule */ - if(preg_match('/^id(:|#|!)\d+$/',$rule)){ - return (array("{$rule}")); - } - - /* Check for clean attribute */ - if (preg_match('/^%[a-zA-Z0-9]+$/', $rule)){ - $rule= preg_replace('/^%/', '', $rule); - $val= rewrite(str_replace(' ', '', strtolower($attributes[$rule]))); - return (array($val)); - } - - /* Check for attribute with parameters */ - if (preg_match('/^%[a-zA-Z0-9]+\[[0-9-]+\]$/', $rule)){ - $param= preg_replace('/^[^[]+\[([^]]+)]$/', '\\1', $rule); - $part= preg_replace('/^%/', '', preg_replace('/\[.*$/', '', $rule)); - $val= rewrite(str_replace(' ', '', strtolower($attributes[$part]))); - $start= preg_replace ('/-.*$/', '', $param); - $stop = preg_replace ('/^[^-]+-/', '', $param); - - /* Assemble results */ - $result= array(); - for ($i= $start; $i<= $stop; $i++){ - $result[]= substr($val, 0, $i); - } - return ($result); - } - - echo "Error in idGenerator string: don't know how to handle rule $rule.\n"; - return (array($rule)); -} - - -/*! \brief Generate a list of uid proposals based on a rule - * - * Unroll given rule string by filling in attributes and replacing - * all keywords. - * - * \param string 'rule' The rule string from gosa.conf. - * \param array 'attributes' A dictionary of attribute/value mappings - * \return array List of valid not used uids - */ -function gen_uids($rule, $attributes) -{ - global $config; - - // Strip out non ascii chars - foreach($attributes as $name => $value){ - $value = iconv('UTF-8', 'US-ASCII//TRANSLIT', $value); - $value = preg_replace('/[^(\x20-\x7F)]*/','',$value); - $attributes[$name] = $value; - } - - /* Search for keys and fill the variables array with all - possible values for that key. */ - $part= ""; - $trigger= false; - $stripped= ""; - $variables= array(); - - for ($pos= 0, $l= strlen($rule); $pos < $l; $pos++){ - - if ($rule[$pos] == "{" ){ - $trigger= true; - $part= ""; - continue; - } - - if ($rule[$pos] == "}" ){ - $variables[$pos]= expand_id($part, $attributes); - $stripped.= "{".$pos."}"; - $trigger= false; - continue; - } - - if ($trigger){ - $part.= $rule[$pos]; - } else { - $stripped.= $rule[$pos]; - } - } - - /* Recurse through all possible combinations */ - $proposed= recurse($stripped, $variables); - - /* Get list of used ID's */ - $ldap= $config->get_ldap_link(); - $ldap->cd($config->current['BASE']); - - /* Remove used uids and watch out for id tags */ - $ret= array(); - foreach($proposed as $uid){ - - /* Check for id tag and modify uid if needed */ - if(preg_match('/\{id(:|!)\d+}/',$uid, $m)){ - $size= preg_replace('/^.*{id(:|!)(\d+)}.*$/', '\\2', $uid); - - $start= $m[1]==":"?0:-1; - for ($i= $start, $p= pow(10,$size)-1; $i < $p; $i++){ - if ($i == -1) { - $number= ""; - } else { - $number= sprintf("%0".$size."d", $i+1); - } - $res= preg_replace('/{id(:|!)\d+}/', $number, $uid); - - $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn')); - if($ldap->count() == 0){ - $uid= $res; - break; - } - } - - /* Remove link if nothing has been found */ - $uid= preg_replace('/{id(:|!)\d+}/', '', $uid); - } - - if(preg_match('/\{id#\d+}/',$uid)){ - $size= preg_replace('/^.*{id#(\d+)}.*$/', '\\1', $uid); - - while (true){ - mt_srand((double) microtime()*1000000); - $number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1)); - $res= preg_replace('/{id#(\d+)}/', $number, $uid); - $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn')); - if($ldap->count() == 0){ - $uid= $res; - break; - } - } - - /* Remove link if nothing has been found */ - $uid= preg_replace('/{id#\d+}/', '', $uid); - } - - /* Don't assign used ones */ - $ldap->search("(uid=".preg_replace('/[{}]/', '', $uid).")",array('dn')); - if($ldap->count() == 0){ - /* Add uid, but remove {} first. These are invalid anyway. */ - $ret[]= preg_replace('/[{}]/', '', $uid); - } - } - - return(array_unique($ret)); -} - - /*! \brief Convert various data sizes to bytes * * Given a certain value in the format n(g|m|k), where n @@ -2346,11 +2166,7 @@ function clean_smarty_compile_dir($directory) msg_dialog::display(_("Internal error"), sprintf(_("File %s cannot be deleted!"), bold($directory."/".$file)), ERROR_DIALOG); // This should never be reached } - } elseif(is_dir($directory."/".$file) && - is_writable($directory."/".$file)) { - // Just recursively delete it - rmdirRecursive($directory."/".$file); - } + } } // We should now create a fresh revision file clean_smarty_compile_dir($directory); @@ -3005,20 +2821,22 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password { global $config; $newpass= ""; + + // Not sure, why this is here, but maybe some encryption methods require it. mt_srand((double) microtime()*1000000); // Get a list of all available password encryption methods. $methods = new passwordMethod(session::get('config'),$dn); $available = $methods->get_available_methods(); - // Fetch the current object data, to be able to detect the current hashinf method - // and to be able to rollback changes once an error occured. + // Fetch the current object data, to be able to detect the current hashing method + // and to be able to rollback changes once has an error occured. $ldap = $config->get_ldap_link(); $ldap->cat ($dn, array("shadowLastChange", "userPassword","sambaNTPassword","sambaLMPassword", "uid")); $attrs = $ldap->fetch (); $initialAttrs = $attrs; - // If no hashing method is enforced, then detect what method we've use here. + // If no hashing method is enforced, then detect what method we've to use. $hash = strtolower($hash); if(empty($hash)){ @@ -3029,8 +2847,8 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password $test->set_hash($hash); } - // If we've still no valid hashing method detected, then try to extract if from the current password hash. - if(isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)){ + // If we've still no valid hashing method detected, then try to extract if from the userPassword attribute. + elseif(isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)){ $test = passwordMethod::get_method($attrs['userPassword'][0],$dn); $hash = $test->get_hash_name(); } @@ -3044,12 +2862,12 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password $test->set_hash($hash); } - // We've now a valid password method handle and can create the new password hash. + // We've now a valid password-method-handle and can create the new password hash or don't we? if(!$test instanceOf passwordMethod){ $message = _("Cannot detect password hash!"); }else{ - // Feed password backends with information + // Feed password backends with object information. $test->dn = $dn; $test->attrs = $attrs; $newpass= $test->generate_hash($password); @@ -3068,13 +2886,22 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password // Write back the new password hash $ldap->cd($dn); - $attrs['userPassword']= array(); $attrs['userPassword']= $newpass; - // Prepare prevent hook call - $attrsEvent = $attrs; + // Prepare a special attribute list, which will be used for event hook calls + $attrsEvent = array(); + foreach($initialAttrs as $name => $value){ + if(!is_numeric($name)) + $attrsEvent[$name] = escapeshellarg($value[0]); + } + $attrsEvent['dn'] = escapeshellarg($initialAttrs['dn']); + foreach($attrs as $name => $value){ + $attrsEvent[$name] = escapeshellarg($value); + } $attrsEvent['current_password'] = escapeshellarg($old_password); $attrsEvent['new_password'] = escapeshellarg($password); + + // Call the premodify hook now $passwordPlugin = new password($config,$dn); plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE); if($retCode === 0 && count($output)){ @@ -3138,8 +2965,8 @@ function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password } } - // Setting password in the ldap database or further operation failed, we should now execute - // the plugins pre-event hook, using switched passwords new/old password. + // Setting the password in the ldap database or further operation failed, we should now execute + // the plugins pre-event hook, using switched passwords, new/old password. // This ensures that passwords which were set outside of GOsa, will be reset to its // starting value. if($preRollback){ @@ -3770,5 +3597,257 @@ function bold($str) } + +/*! \brief Detect the special character handling for the currently used ldap database. + * For example some convert , to \2C or " to \22. + * + * @param Config The GOsa configuration object. + * @return Array An array containing a character mapping the use. + */ +function detectLdapSpecialCharHandling() +{ + // The list of chars to test for + global $config; + if(!$config) return(NULL); + + // In the DN we've to use escaped characters, but the object name (o) + // has the be un-escaped. + $name = 'GOsaLdapEncoding_,_"_(_)_+'; + $dnName = 'GOsaLdapEncoding_\,_\"_(_)_\+'; + + // Prapare name to be useable in filters + $fixed= normalizeLdap(str_replace('\\\\', '\\\\\\', $name)); + $filterName = str_replace('\\,', '\\\\,', $fixed); + + // Create the target dn + $oDN = "o={$dnName},".$config->current['BASE']; + + // Get ldap connection and check if we've already created the character + // detection object. + $ldapCID = ldap_connect($config->current['SERVER']); + ldap_set_option($ldapCID, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_bind($ldapCID, $config->current['ADMINDN'],$config->current['ADMINPASSWORD']); + $res = ldap_list($ldapCID, $config->current['BASE'], + "(&(o=".$filterName.")(objectClass=organization))", + array('dn')); + + // If we haven't created the character-detection object, then create it now. + $cnt = ldap_count_entries($ldapCID, $res); + if(!$cnt){ + $obj = array(); + $obj['objectClass'] = array('top','organization'); + $obj['o'] = $name; + $obj['description'] = 'GOsa character encoding test-object.'; + if(!@ldap_add($ldapCID, $oDN, $obj)){ + trigger_error("GOsa couldn't detect the special character handling used by your ldap!"); + return(NULL); + } + } + + // Read the character-handling detection entry from the ldap. + $res = ldap_list($ldapCID, $config->current['BASE'], + "(&(o=".$filterName.")(objectClass=organization))", + array('dn','o')); + $cnt = ldap_count_entries($ldapCID, $res); + if($cnt != 1 || !$res){ + trigger_error("GOsa couldn't detect the special character handling used by your ldap!"); + return(NULL); + }else{ + + // Get the character handling entry from the ldap and check how the + // values were written. Compare them with what + // we've initially intended to write and create a mapping out + // of the results. + $re = ldap_first_entry($ldapCID, $res); + $attrs = ldap_get_attributes($ldapCID, $re); + + // Extract the interessting characters out of the dn and the + // initially used $name for the entry. + $mapDNstr = preg_replace("/^o=GOsaLdapEncoding_([^,]*),.*$/","\\1", trim(ldap_get_dn($ldapCID, $re))); + $mapDN = preg_split("/_/", $mapDNstr,0, PREG_SPLIT_NO_EMPTY); + + $mapNameStr = preg_replace("/^GOsaLdapEncoding_/","",$dnName); + $mapName = preg_split("/_/", $mapNameStr,0, PREG_SPLIT_NO_EMPTY); + + // Create a mapping out of the results. + $map = array(); + foreach($mapName as $key => $entry){ + $map[$entry] = $mapDN[$key]; + } + return($map); + } + return(NULL); +} + + +/*! \brief Replaces placeholder in a given string. + * For example: + * '%uid@gonicus.de' Replaces '%uid' with 'uid'. + * '{%uid[0]@gonicus.de}' Replaces '%uid[0]' with the first char of 'uid'. + * '%uid[2-4]@gonicus.de' Replaces '%uid[2-4]' with three chars from 'uid' starting from the second. + * + * The surrounding {} in example 2 are optional. + * + * @param String The string to perform the action on. + * @param Array An array of replacements. + * @return The resulting string. + */ +function fillReplacements($str, $attrs, $shellArg = FALSE, $default = "") +{ + // Search for '{%...[n-m]} + // Get all matching parts of the given string and sort them by + // length, to avoid replacing strings like '%uidNumber' with 'uid' + // instead of 'uidNumber'; The longest tring at first. + preg_match_all('/(\{?%([a-z0-9]+)(\[(([0-9]+)(\-([0-9]+))?)\])?\}?)/i', $str ,$matches, PREG_SET_ORDER); + $hits = array(); + foreach($matches as $match){ + $hits[strlen($match[2]).$match[0]] = $match; + } + krsort($hits); + + // Replace the placeholder in the given string now. + foreach($hits as $match){ + + // Avoid errors about undefined index. + $name = $match[2]; + if(!isset($attrs[$name])) $attrs[$name] = $default; + + // Calculate the replacement + $start = (isset($match[5])) ? $match[5] : 0; + $end = strlen($attrs[$name]); + if(isset($match[5]) && !isset($match[7])){ + $end = 1; + }elseif(isset($match[5]) && isset($match[7])){ + $end = ($match[7]-$start+1); + } + $value = substr($attrs[$name], $start, $end); + + // Use values which are valid for shell execution? + if($shellArg) $value = escapeshellarg($value); + + // Replace the placeholder within the string. + $str = preg_replace("/".preg_quote($match[0],'/')."/", $value, $str); + } + return($str); +} + + +/*! \brief Generate a list of uid proposals based on a rule + * + * Unroll given rule string by filling in attributes and replacing + * all keywords. + * + * \param string 'rule' The rule string from gosa.conf. + * \param array 'attributes' A dictionary of attribute/value mappings + * \return array List of valid not used uids + */ +function gen_uids($rule, $attributes) +{ + global $config; + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + + + // Strip out non ascii chars + foreach($attributes as $name => $value){ + $value = iconv('UTF-8', 'US-ASCII//TRANSLIT', $value); + $value = preg_replace('/[^(\x20-\x7F)]*/','',$value); + $attributes[$name] = strtolower($value); + } + + // Search for '{%...[n-m]} + // Get all matching parts of the given string and sort them by + // length, to avoid replacing strings like '%uidNumber' with 'uid' + // instead of 'uidNumber'; The longest tring at first. + preg_match_all('/(\{?%([a-z0-9]+)(\[(([0-9]+)(\-([0-9]+))?)\])?\}?)/i', $rule ,$matches, PREG_SET_ORDER); + $replacements = array(); + foreach($matches as $match){ + + // No start position given, then add the complete value + if(!isset($match[5])){ + $replacements[$match[0]][] = $attributes[$match[2]]; + + // Start given but no end, so just add a simple character + }elseif(!isset($match[7])){ + if(isset($attributes[$match[2]][$match[5]])){ + $replacements[$match[0]][] = $attributes[$match[2]][$match[5]]; + } + + // Add all values in range + }else{ + $str = ""; + for($i=$match[5]; $i<= $match[7]; $i++){ + if(isset($attributes[$match[2]][$i])){ + $str .= $attributes[$match[2]][$i]; + $replacements[$match[0]][] = $str; + } + } + } + } + + // Create proposal array + $rules = array($rule); + foreach($replacements as $tag => $values){ + $rules = gen_uid_proposals($rules, $tag,$values); + } + + + // Search for id tags {id:3} / {id#3} + preg_match_all('/\{id(#|:)([0-9])+\}/i', $rule ,$matches, PREG_SET_ORDER); + $idReplacements = array(); + foreach($matches as $match){ + if(count($match) != 3) continue; + + // Generate random number + if($match[1] == '#'){ + foreach($rules as $id => $ruleStr){ + $genID = rand(pow(10,$match[2] -1),pow(10, ($match[2])) - 1); + $rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/", $genID,$ruleStr); + } + } + + // Search for next free id + if($match[1] == ':'){ + + // Walk through rules and replace all occurences of {id:..} + foreach($rules as $id => $ruleStr){ + $genID = 0; + $start = TRUE; + while($start || $ldap->count()){ + $start = FALSE; + $number= sprintf("%0".$match[2]."d", $genID); + $testRule = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr); + $ldap->search('uid='.normalizeLdap($testRule)); + $genID ++; + } + $rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr); + } + } + } + + // Create result set by checking which uid is already used and which is free. + $ret = array(); + foreach($rules as $rule){ + $ldap->search('uid='.normalizeLdap($rule)); + if(!$ldap->count()){ + $ret[] = $rule; + } + } + + return($ret); +} + + +function gen_uid_proposals(&$rules, $tag, $values) +{ + $newRules = array(); + foreach($rules as $rule){ + foreach($values as $value){ + $newRules[] = preg_replace("/".preg_quote($tag,'/')."/", $value, $rule); + } + } + return($newRules); +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>