X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Ffunctions.inc;h=9b735693646d6ac239757b0fac8b3cbb4f2867e2;hb=c0df023ae4d8283d15aa7db1b51c54f2f746eb8a;hp=e0561c2bbfc0056c56635bd57d1a249c78b25750;hpb=4e7c174ab21d1ef1f73f7bd152512782f0d02944;p=gosa.git diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index e0561c2bb..9b7356936 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -25,10 +25,11 @@ define ("CONFIG_TEMPLATE_DIR", "../contrib/"); define ("HELP_BASEDIR", "/var/www/doc/"); /* Define get_list flags */ -define("GL_NONE", 0); -define("GL_SUBSEARCH", 1); -define("GL_SIZELIMIT", 2); -define("GL_CONVERT" , 4); +define("GL_NONE", 0); +define("GL_SUBSEARCH", 1); +define("GL_SIZELIMIT", 2); +define("GL_CONVERT", 4); +define("GL_NO_ACL_CHECK", 8); /* Heimdal stuff */ define('UNIVERSAL',0x00); @@ -103,7 +104,6 @@ function __autoload($class_name) { require_once($BASE_DIR."/".$class_mapping[$class_name]); } else { echo sprintf(_("Fatal error: cannot instantiate class '%s' - try running '%s' to fix this"), $class_name, "update-gosa"); - print_a(debug_backtrace()); exit; } } @@ -366,7 +366,7 @@ function ldap_login_user_htaccess ($username) /* Look for entry or realm */ $ldap= $config->get_ldap_link(); if (!preg_match("/Success/i", $ldap->error)){ - msg_dialog::display(_("LDAP error"), sprintf(_('User login failed.').'

'._('LDAP server returned: %s'), "

".$ldap->get_error().""), ERROR_DIALOG); + msg_dialog::display(_("LDAP error"), sprintf(_('User login failed.').'

'._('LDAP server returned: %s'), "

".$ldap->get_error().""), FATAL_ERROR_DIALOG); $smarty= get_smarty(); $smarty->display(get_template_path('headers.tpl')); echo "".session::get('errors').""; @@ -375,7 +375,7 @@ function ldap_login_user_htaccess ($username) $ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid")); /* Found no uniq match? Strange, because we did above... */ if ($ldap->count() != 1) { - msg_dialog::display(_("LDAP error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), ERROR_DIALOG); + msg_dialog::display(_("LDAP error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), FATAL_ERROR_DIALOG); return (NULL); } $attrs= $ldap->fetch(); @@ -404,7 +404,7 @@ function ldap_login_user ($username, $password) /* look through the entire ldap */ $ldap = $config->get_ldap_link(); if (!preg_match("/Success/i", $ldap->error)){ - msg_dialog::display(_("LDAP error"), sprintf(_("User login failed.")."

"._('LDAP server returned: %s'), "

".$ldap->get_error().""), ERROR_DIALOG); + msg_dialog::display(_("LDAP error"), sprintf(_("User login failed.")."

"._('LDAP server returned: %s'), "

".$ldap->get_error().""), FATAL_ERROR_DIALOG); $smarty= get_smarty(); $smarty->display(get_template_path('headers.tpl')); echo "".session::get('errors').""; @@ -445,7 +445,7 @@ function ldap_login_user ($username, $password) /* found more than one matching id */ default: - msg_dialog::display(_("Internal error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), FATAL_ERROR_DIALOG); return (NULL); } @@ -746,46 +746,100 @@ function get_multiple_locks($objects) /* \!brief This function searches the ldap database. - It search in $sub_base,*,$base for all objects matching the $filter. + It search in $sub_bases,*,$base for all objects matching the $filter. @param $filter String The ldap search filter @param $category String The ACL category the result objects belongs - @param $sub_base String The sub base we want to search for e.g. "ou=apps" + @param $sub_bases String The sub base we want to search for e.g. "ou=apps" @param $base String The ldap base from which we start the search @param $attributes Array The attributes we search for. @param $flags Long A set of Flags */ -function get_sub_list($filter, $category,$sub_base, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) +function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { global $config, $ui; + $departments = array(); + +# $start = microtime(TRUE); /* Get LDAP link */ $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT); /* Set search base to configured base if $base is empty */ if ($base == ""){ - $ldap->cd ($config->current['BASE']); - } else { - $ldap->cd ($base); + $base = $config->current['BASE']; + } + $ldap->cd ($base); + + /* Ensure we have an array as department list */ + if(is_string($sub_deps)){ + $sub_deps = array($sub_deps); } - /* Remove , ("ou=1,ou=2.." => "ou=1") */ - $sub_base = preg_replace("/,.*$/","",$sub_base); + /* Remove ,.*$ ("ou=1,ou=2.." => "ou=1") */ + $sub_bases = array(); + foreach($sub_deps as $key => $sub_base){ + if(empty($sub_base)){ - /* Check if we have enabled the sub_dir search support AND - * if there is a sub department specified. - * If not, fall back to old method, get_list(). + /* Subsearch is activated and we got an empty sub_base. + * (This may be the case if you have empty people/group ous). + * Fall back to old get_list(). + * A log entry will be written. + */ + if($flags & GL_SUBSEARCH){ + $sub_bases = array(); + break; + }else{ + + /* Do NOT search within subtrees is requeste and the sub base is empty. + * Append all known departments that matches the base. + */ + $departments[$base] = $base; + } + }else{ + $sub_bases[$key] = preg_replace("/,.*$/","",$sub_base); + } + } + + /* If there is no sub_department specified, fall back to old method, get_list(). */ - $sub_enabled = isset($config->current['SUB_LIST_SUPPORT']) && preg_match("/true/i",$config->current['SUB_LIST_SUPPORT']); - if($sub_base == "" || !$sub_enabled){ - return(get_list($filter, $category,$base,$attributes,$flags)); + if(!count($sub_bases) && !count($departments)){ + + /* Log this fall back, it may be an unpredicted behaviour. + */ + if(!count($sub_bases) && !count($departments)){ + // log($action,$objecttype,$object,$changes_array = array(),$result = "") + new log("debug","all",__FILE__,$attributes, + sprintf("get_sub_list(): Falling back to get_list(), due to empty sub_bases parameter.". + " This may slow down GOsa. Search was: '%s'",$filter)); + } + $tmp = get_list($filter, $category,$base,$attributes,$flags); + return($tmp); } - /* Get all deparments matching the given sub_base */ - $departments = array(); - $ldap->search($sub_base,array("dn")); + /* Get all deparments matching the given sub_bases */ + $base_filter= ""; + foreach($sub_bases as $sub_base){ + $base_filter .= "(".$sub_base.")"; + } + $base_filter = "(&(objectClass=organizationalUnit)(|".$base_filter."))"; + $ldap->search($base_filter,array("dn")); while($attrs = $ldap->fetch()){ - $departments[$attrs['dn']] = $attrs['dn']; + foreach($sub_deps as $sub_dep){ + + /* Only add those departments that match the reuested list of departments. + * + * e.g. sub_deps = array("ou=servers,ou=systems,"); + * + * In this case we have search for "ou=servers" and we may have also fetched + * departments like this "ou=servers,ou=blafasel,..." + * Here we filter out those blafasel departments. + */ + if(preg_match("/".normalizePreg($sub_dep)."/",$attrs['dn'])){ + $departments[$attrs['dn']] = $attrs['dn']; + break; + } + } } $result= array(); @@ -805,7 +859,7 @@ function get_sub_list($filter, $category,$sub_base, $base= "", $attributes= arra if ($flags & GL_SUBSEARCH) { $ldap->search ($filter, $attributes); } else { - $ldap->ls ($filter,$base,$attributes); + $ldap->ls ($filter,$dep,$attributes); } /* Check for size limit exceeded messages for GUI feedback */ @@ -826,21 +880,30 @@ function get_sub_list($filter, $category,$sub_base, $base= "", $attributes= arra $attrs["dn"]= $dn; } - /* Sort in every value that fits the permissions */ - if (is_array($category)){ - foreach ($category as $o){ - if ($ui->get_category_permissions($dn, $o) != ""){ + /* Skip ACL checks if we are forced to skip those checks */ + if($flags & GL_NO_ACL_CHECK){ + $result[]= $attrs; + }else{ + + /* Sort in every value that fits the permissions */ + if (is_array($category)){ + foreach ($category as $o){ + if ($ui->get_category_permissions($dn, $o) != ""){ + $result[]= $attrs; + break; + } + } + } else { + if ( $ui->get_category_permissions($dn, $category) != ""){ $result[]= $attrs; - break; } } - } else { - if ($ui->get_category_permissions($dn, $category) != ""){ - $result[]= $attrs; - } } } } +# if(microtime(TRUE) - $start > 0.1){ +# echo sprintf("

GET_SUB_LIST  %s .| %f  --- $base -----$filter ---- $flags

",__LINE__,microtime(TRUE) - $start); +# } return($result); } @@ -849,6 +912,8 @@ function get_list($filter, $category, $base= "", $attributes= array(), $flags= G { global $config, $ui; +# $start = microtime(TRUE); + /* Get LDAP link */ $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT); @@ -876,36 +941,42 @@ function get_list($filter, $category, $base= "", $attributes= array(), $flags= G $result= array(); while($attrs = $ldap->fetch()) { + $dn= $ldap->getDN(); - /* Sort in every value that fits the permissions */ - if (is_array($category)){ - foreach ($category as $o){ - if ($ui->get_category_permissions($dn, $o) != ""){ - if ($flags & GL_CONVERT){ - $attrs["dn"]= convert_department_dn($dn); - } else { - $attrs["dn"]= $dn; + /* Convert dn into a printable format */ + if ($flags & GL_CONVERT){ + $attrs["dn"]= convert_department_dn($dn); + } else { + $attrs["dn"]= $dn; + } + + if($flags & GL_NO_ACL_CHECK){ + $result[]= $attrs; + }else{ + + /* Sort in every value that fits the permissions */ + if (is_array($category)){ + foreach ($category as $o){ + if ($ui->get_category_permissions($dn, $o) != ""){ + + /* We found what we were looking for, break speeds things up */ + $result[]= $attrs; } + } + } else { + if ($ui->get_category_permissions($dn, $category) != ""){ /* We found what we were looking for, break speeds things up */ $result[]= $attrs; } } - } else { - if ($ui->get_category_permissions($dn, $category) != ""){ - if ($flags & GL_CONVERT){ - $attrs["dn"]= convert_department_dn($dn); - } else { - $attrs["dn"]= $dn; - } - - /* We found what we were looking for, break speeds things up */ - $result[]= $attrs; - } } } - + +# if(microtime(TRUE) - $start > 0.1){ +# echo sprintf("

GET_LIST %s .| %f  --- $base -----$filter ---- $flags

",__LINE__,microtime(TRUE) - $start); +# } return ($result); } @@ -1290,15 +1361,8 @@ function show_errors($message) /* Assemble the message array to a plain string */ foreach ($message as $error){ - if ($complete == ""){ - $complete= $error; - } else { - $complete= "$error
$complete"; - } + msg_dialog::display(_("Error"), $error, ERROR_DIALOG); } - - /* Fill ERROR variable with nice error dialog */ - msg_dialog::display(_("Error"), $complete, ERROR_DIALOG); } @@ -2318,7 +2382,7 @@ function check_schema($cfg,$rfc2307bis = FALSE) } if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){ $checks['posixGroup']['STATUS'] = FALSE; - $checks['posixGroup']['MSG'] = _("You have disabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option."); + $checks['posixGroup']['MSG'] = _("Your schema is configured to support the rfc2307bis group, but you have disabled this option on the 'ldap setup' step."); $checks['posixGroup']['INFO'] = _("The objectClass 'posixGroup' must be STRUCTURAL"); } } @@ -2531,31 +2595,40 @@ function change_password ($dn, $password, $mode=0, $hash= "") function generate_smb_nt_hash($password) { global $config; - $tmp= $config->data['MAIN']['SMBHASH']." ".escapeshellarg($password); - @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute"); - exec($tmp, $ar); - flush(); - reset($ar); - $hash= current($ar); + # Try to use gosa-si? + if (isset($config->current['GOSA_SI'])){ + $res= gosaSupportDaemon::send("gosa_gen_smb_hash", "GOSA", array("password" => $password), TRUE); + $hash= $res['XML']['HASH']; + } else { + $tmp= $config->data['MAIN']['SMBHASH']." ".escapeshellarg($password); + @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute"); + + exec($tmp, $ar); + flush(); + reset($ar); + $hash= current($ar); + } + if ($hash == "") { - msg_dialog::display(_("Configuration error"), _("Setting for SMBHASH in gosa.conf is incorrect! Cannot change Samba password."), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), _("Cannot generate samba hash!"), ERROR_DIALOG); + return (""); + } + + list($lm,$nt)= split (":", trim($hash)); + + if ($config->current['SAMBAVERSION'] == 3) { + $attrs['sambaLMPassword']= $lm; + $attrs['sambaNTPassword']= $nt; + $attrs['sambaPwdLastSet']= date('U'); + $attrs['sambaBadPasswordCount']= "0"; + $attrs['sambaBadPasswordTime']= "0"; } else { - list($lm,$nt)= split (":", trim($hash)); - - if ($config->current['SAMBAVERSION'] == 3) { - $attrs['sambaLMPassword']= $lm; - $attrs['sambaNTPassword']= $nt; - $attrs['sambaPwdLastSet']= date('U'); - $attrs['sambaBadPasswordCount']= "0"; - $attrs['sambaBadPasswordTime']= "0"; - } else { - $attrs['lmPassword']= $lm; - $attrs['ntPassword']= $nt; - $attrs['pwdLastSet']= date('U'); - } - return($attrs); + $attrs['lmPassword']= $lm; + $attrs['ntPassword']= $nt; + $attrs['pwdLastSet']= date('U'); } + return($attrs); }