X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Ffunctions.inc;h=aa28014a03cd8ab43c6e8719b85949cbd380c4f4;hb=806fdaa1d14d6d221f479e604cf090a0f02dc6ee;hp=5d500d4b3238afbc06f1f8c28b0fef8ca70bbff5;hpb=567c33ea76d9408a07a916f979b0bd76688439c4;p=gosa.git diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index 5d500d4b3..aa28014a0 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -88,6 +88,7 @@ define ("DEBUG_CONFIG", 64); define ("DEBUG_ACL", 128); define ("DEBUG_SI", 256); define ("DEBUG_MAIL", 512); // mailAccounts, imap, sieve etc. +define ("DEBUG_FAI", 1024); // FAI (incomplete) /* Rewrite german 'umlauts' and spanish 'accents' to get better results */ @@ -404,6 +405,12 @@ function ldap_login_user_htaccess ($username) $ui= new userinfo($config, $ldap->getDN()); $ui->username= $attrs['uid'][0]; + /* Bail out if we have login restrictions set, for security reasons + the message is the same than failed user/pw */ + if (!$ui->loginAllowed()){ + return (NULL); + } + /* No password check needed - the webserver did it for us */ $ldap->disconnect(); @@ -484,6 +491,12 @@ function ldap_login_user ($username, $password) $ui= new userinfo($config, $ldap->getDN()); $ui->username= $attrs['uid'][0]; + /* Bail out if we have login restrictions set, for security reasons + the message is the same than failed user/pw */ + if (!$ui->loginAllowed()){ + return (NULL); + } + /* password check, bind as user with supplied password */ $ldap->disconnect(); $ldap= new LDAP($ui->dn, $password, $config->current['SERVER'], @@ -606,6 +619,13 @@ function add_lock($object, $user) if(!session::global_is_set("LOCK_CACHE")){ session::global_set("LOCK_CACHE",array("")); } + if(is_array($object)){ + foreach($object as $obj){ + add_lock($obj,$user); + } + return; + } + $cache = &session::global_get("LOCK_CACHE"); if(isset($_POST['open_readonly'])){ $cache['READ_ONLY'][$object] = TRUE; @@ -615,12 +635,6 @@ function add_lock($object, $user) unset($cache['READ_ONLY'][$object]); } - if(is_array($object)){ - foreach($object as $obj){ - add_lock($obj,$user); - } - return; - } /* Just a sanity check... */ if ($object == "" || $user == ""){ @@ -1066,7 +1080,7 @@ function eval_sizelimit() isset($_POST['action']) && $_POST['action']=="newlimit"){ session::global_set('size_limit', validate($_POST['new_limit'])); - session::global_set('size_ignore', FALSE); + session::set('size_ignore', FALSE); } /* User wants no limits? */ @@ -1098,8 +1112,8 @@ function getMenuCache() $str.= chr($e+$n); if(isset($_GET[$str])){ - if(session::global_is_set('maxC')){ - $b= session::global_get('maxC'); + if(session::is_set('maxC')){ + $b= session::get('maxC'); $q= ""; for ($m=0, $l= strlen($b);$m<$l;$m++) { $q.= $b[$m++]; @@ -1164,6 +1178,7 @@ function get_ou($name) global $config; $map = array( + "roleRDN" => "ou=roles,", "ogroupRDN" => "ou=groups,", "applicationRDN" => "ou=apps,", "systemRDN" => "ou=systems,", @@ -1287,13 +1302,16 @@ function gen_locked_message($user, $dn, $allow_readonly = FALSE) { global $plug, $config; + session::set('dn', $dn); $remove= false; /* Save variables from LOCK_VARS_TO_USE in session - for further editing */ - if( session::global_is_set('LOCK_VARS_TO_USE') && count(session::global_get('LOCK_VARS_TO_USE'))){ + if( session::is_set('LOCK_VARS_TO_USE') && count(session::get('LOCK_VARS_TO_USE'))){ - $LOCK_VARS_USED = array(); - $LOCK_VARS_TO_USE = session::global_get('LOCK_VARS_TO_USE'); + $LOCK_VARS_USED_GET = array(); + $LOCK_VARS_USED_POST = array(); + $LOCK_VARS_USED_REQUEST = array(); + $LOCK_VARS_TO_USE = session::get('LOCK_VARS_TO_USE'); foreach($LOCK_VARS_TO_USE as $name){ @@ -1303,18 +1321,26 @@ function gen_locked_message($user, $dn, $allow_readonly = FALSE) foreach($_POST as $Pname => $Pvalue){ if(preg_match($name,$Pname)){ - $LOCK_VARS_USED[$Pname] = $_POST[$Pname]; + $LOCK_VARS_USED_POST[$Pname] = $_POST[$Pname]; } } foreach($_GET as $Pname => $Pvalue){ if(preg_match($name,$Pname)){ - $LOCK_VARS_USED[$Pname] = $_GET[$Pname]; + $LOCK_VARS_USED_GET[$Pname] = $_GET[$Pname]; + } + } + + foreach($_REQUEST as $Pname => $Pvalue){ + if(preg_match($name,$Pname)){ + $LOCK_VARS_USED_REQUEST[$Pname] = $_REQUEST[$Pname]; } } } - session::global_set('LOCK_VARS_TO_USE',array()); - session::global_set('LOCK_VARS_USED' , $LOCK_VARS_USED); + session::set('LOCK_VARS_TO_USE',array()); + session::set('LOCK_VARS_USED_GET' , $LOCK_VARS_USED_GET); + session::set('LOCK_VARS_USED_POST' , $LOCK_VARS_USED_POST); + session::set('LOCK_VARS_USED_REQUEST' , $LOCK_VARS_USED_REQUEST); } /* Prepare and show template */ @@ -1636,8 +1662,8 @@ function recurse($rule, $variables) function expand_id($rule, $attributes) { /* Check for id rule */ - if(preg_match('/^id(:|#)\d+$/',$rule)){ - return (array("\{$rule}")); + if(preg_match('/^id(:|#|!)\d+$/',$rule)){ + return (array("{$rule}")); } /* Check for clean attribute */ @@ -1705,31 +1731,35 @@ function gen_uids($rule, $attributes) $proposed= recurse($stripped, $variables); /* Get list of used ID's */ - $used= array(); $ldap= $config->get_ldap_link(); $ldap->cd($config->current['BASE']); - $ldap->search('(uid=*)'); - - while($attrs= $ldap->fetch()){ - $used[]= $attrs['uid'][0]; - } /* Remove used uids and watch out for id tags */ $ret= array(); foreach($proposed as $uid){ /* Check for id tag and modify uid if needed */ - if(preg_match('/\{id:\d+}/',$uid)){ - $size= preg_replace('/^.*{id:(\d+)}.*$/', '\\1', $uid); + if(preg_match('/\{id(:|!)\d+}/',$uid, $m)){ + $size= preg_replace('/^.*{id(:|!)(\d+)}.*$/', '\\2', $uid); + + $start= $m[1]==":"?0:-1; + for ($i= $start, $p= pow(10,$size)-1; $i < $p; $i++){ + if ($i == -1) { + $number= ""; + } else { + $number= sprintf("%0".$size."d", $i+1); + } + $res= preg_replace('/{id(:|!)\d+}/', $number, $uid); - for ($i= 0, $p= pow(10,$size); $i < $p; $i++){ - $number= sprintf("%0".$size."d", $i); - $res= preg_replace('/{id:(\d+)}/', $number, $uid); - if (!in_array($res, $used)){ + $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn')); + if($ldap->count() == 0){ $uid= $res; break; } } + + /* Remove link if nothing has been found */ + $uid= preg_replace('/{id(:|!)\d+}/', '', $uid); } if(preg_match('/\{id#\d+}/',$uid)){ @@ -1739,16 +1769,22 @@ function gen_uids($rule, $attributes) mt_srand((double) microtime()*1000000); $number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1)); $res= preg_replace('/{id#(\d+)}/', $number, $uid); - if (!in_array($res, $used)){ + $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn')); + if($ldap->count() == 0){ $uid= $res; break; } } + + /* Remove link if nothing has been found */ + $uid= preg_replace('/{id#\d+}/', '', $uid); } /* Don't assign used ones */ - if (!in_array($uid, $used)){ - $ret[]= $uid; + $ldap->search("(uid=".preg_replace('/[{}]/', '', $uid).")",array('dn')); + if($ldap->count() == 0){ + /* Add uid, but remove {} first. These are invalid anyway. */ + $ret[]= preg_replace('/[{}]/', '', $uid); } } @@ -1979,40 +2015,7 @@ function compare_revision($revision_file, $revision) function progressbar($percentage,$width=100,$height=15,$showvalue=false) { - $str = ""; // Our return value will be saved in this var - - $color = dechex($percentage+150); - $color2 = dechex(150 - $percentage); - $bgcolor= $showvalue?"FFFFFF":"DDDDDD"; - - $progress = (int)(($percentage /100)*$width); - - /* If theres a better solution for this, use it... */ - $str = "\n
"; - - $str.= "\n
"; - - if(($height >10)&&($showvalue)){ - $str.= "\n "; - $str.= "\n ".$percentage."% "; - $str.= "\n "; - } - - $str.= "\n
"; - $str.= "\n
"; - $str.= "\n
"; - $str.= "\n
"; - - return($str); + return(""); } @@ -2237,47 +2240,47 @@ function check_schema($cfg,$rfc2307bis = FALSE) /* The gosa base schema */ $checks['gosaObject'] = $def_check; $checks['gosaObject']['REQUIRED_VERSION'] = "2.6.1"; - $checks['gosaObject']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema"); + $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema"); $checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject"); $checks['gosaObject']['IS_MUST_HAVE'] = TRUE; /* GOsa Account class */ - $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.1"; - $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema"); + $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6"; + $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema"); $checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount"); $checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE; $checks["gosaAccount"]["INFO"] = _("Used to store account specific informations."); /* GOsa lock entry, used to mark currently edited objects as 'in use' */ $checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.6.1"; - $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema"); + $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema"); $checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry"); $checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE; $checks["gosaLockEntry"]["INFO"] = _("Used to lock currently edited entries to avoid multiple changes at the same time."); /* Some other checks */ foreach(array( - "gosaCacheEntry" => array("version" => "2.6.1"), - "gosaDepartment" => array("version" => "2.6.1"), + "gosaCacheEntry" => array("version" => "2.6.1", "class" => "gosaAccount"), + "gosaDepartment" => array("version" => "2.6.1", "class" => "gosaAccount"), "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), "gosaUserTemplate" => array("version" => "2.6.1", "class" => "posixAccount","file" => "nis.schema"), - "gosaMailAccount" => array("version" => "2.6.1", "class" => "mailAccount","file" => "gosa+samba3.schema"), - "gosaProxyAccount" => array("version" => "2.6.1", "class" => "proxyAccount","file" => "gosa+samba3.schema"), + "gosaMailAccount" => array("version" => "2.6.1", "class" => "mailAccount","file" => "gosa-samba3.schema"), + "gosaProxyAccount" => array("version" => "2.6.1", "class" => "proxyAccount","file" => "gosa-samba3.schema"), "gosaApplication" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"), "gosaApplicationGroup" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"), "GOhard" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), "gotoTerminal" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), - "goServer" => array("version" => "2.6.1","class" => "server","file" => "goserver.schema"), + "goServer" => array("version" => "2.6.1", "class" => "server","file" => "goserver.schema"), "goTerminalServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), "goShareServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), "goNtpServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), "goSyslogServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"), - "goLdapServer" => array("version" => "2.6.1"), + "goLdapServer" => array("version" => "2.6.1", "class" => "goServer"), "goCupsServer" => array("version" => "2.6.1", "class" => array("posixAccount", "terminals"),), - "goImapServer" => array("version" => "2.6.1", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3. schema"), - "goKrbServer" => array("version" => "2.6.1"), + "goImapServer" => array("version" => "2.6.1", "class" => array("mailAccount", "mailgroup"),"file" => "gosa-samba3.schema"), + "goKrbServer" => array("version" => "2.6.1", "class" => "goServer"), "goFaxServer" => array("version" => "2.6.1", "class" => "gofaxAccount","file" => "gofax.schema"), ) as $name => $values){ @@ -2288,26 +2291,25 @@ function check_schema($cfg,$rfc2307bis = FALSE) if(isset($values['file'])){ $checks[$name]["SCHEMA_FILES"] = array($values['file']); } - $checks[$name]["CLASSES_REQUIRED"] = array($name); + if (isset($values['class'])) { + $checks[$name]["CLASSES_REQUIRED"] = is_array($values['class'])?$values['class']:array($values['class']); + } } foreach($checks as $name => $value){ foreach($value['CLASSES_REQUIRED'] as $class){ if(!isset($objectclasses[$name])){ - $checks[$name]['STATUS'] = FALSE; if($value['IS_MUST_HAVE']){ + $checks[$name]['STATUS'] = FALSE; $checks[$name]['MSG'] = sprintf(_("Missing required object class '%s'!"),$class); - }else{ + } else { + $checks[$name]['STATUS'] = TRUE; $checks[$name]['MSG'] = sprintf(_("Missing optional object class '%s'!"),$class); } }elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){ $checks[$name]['STATUS'] = FALSE; - if($value['IS_MUST_HAVE']){ - $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']); - }else{ - $checks[$name]['MSG'] = sprintf(_("Version mismatch for optional object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']); - } + $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']); }else{ $checks[$name]['STATUS'] = TRUE; $checks[$name]['MSG'] = sprintf(_("Class(es) available")); @@ -2320,7 +2322,7 @@ function check_schema($cfg,$rfc2307bis = FALSE) /* The gosa base schema */ $checks['posixGroup'] = $def_check; $checks['posixGroup']['REQUIRED_VERSION'] = "2.6.1"; - $checks['posixGroup']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema"); + $checks['posixGroup']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema"); $checks['posixGroup']['CLASSES_REQUIRED'] = array("posixGroup"); $checks['posixGroup']['STATUS'] = TRUE; $checks['posixGroup']['IS_MUST_HAVE'] = TRUE; @@ -2453,7 +2455,7 @@ function change_password ($dn, $password, $mode=0, $hash= "") // Get all available encryption Methods // NON STATIC CALL :) - $methods = new passwordMethod(session::global_get('config')); + $methods = new passwordMethod(session::get('config')); $available = $methods->get_available_methods(); // read current password entry for $dn, to detect the encryption Method @@ -2573,6 +2575,11 @@ function generate_smb_nt_hash($password) } else { $hash= ""; } + + if ($hash == "") { + msg_dialog::display(_("Configuration error"), _("Cannot generate samba hash!"), ERROR_DIALOG); + return (""); + } } else { $tmp= $config->get_cfg_value('sambaHashHook')." ".escapeshellarg($password); @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute"); @@ -2581,26 +2588,20 @@ function generate_smb_nt_hash($password) flush(); reset($ar); $hash= current($ar); - } - if ($hash == "") { - msg_dialog::display(_("Configuration error"), _("Cannot generate samba hash!"), ERROR_DIALOG); - return (""); + if ($hash == "") { + msg_dialog::display(_("Configuration error"), sprintf(_("Cannot generate samba hash: running '%s' failed, check the 'sambaHashHook'!"),$config->get_cfg_value('sambaHashHook')), ERROR_DIALOG); + return (""); + } } list($lm,$nt)= split (":", trim($hash)); - if ($config->get_cfg_value("sambaversion") == 3) { - $attrs['sambaLMPassword']= $lm; - $attrs['sambaNTPassword']= $nt; - $attrs['sambaPwdLastSet']= date('U'); - $attrs['sambaBadPasswordCount']= "0"; - $attrs['sambaBadPasswordTime']= "0"; - } else { - $attrs['lmPassword']= $lm; - $attrs['ntPassword']= $nt; - $attrs['pwdLastSet']= date('U'); - } + $attrs['sambaLMPassword']= $lm; + $attrs['sambaNTPassword']= $nt; + $attrs['sambaPwdLastSet']= date('U'); + $attrs['sambaBadPasswordCount']= "0"; + $attrs['sambaBadPasswordTime']= "0"; return($attrs); } @@ -2800,6 +2801,7 @@ function cred_encrypt($input, $password) { } + function cred_decrypt($input,$password) { $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM); @@ -2808,5 +2810,198 @@ function cred_decrypt($input,$password) { } +function get_object_info() +{ + return(session::get('objectinfo')); +} + + +function set_object_info($str = "") +{ + session::set('objectinfo',$str); +} + + +function isIpInNet($ip, $net, $mask) { + // Move to long ints + $ip= ip2long($ip); + $net= ip2long($net); + $mask= ip2long($mask); + + // Mask given IP with mask. If it returns "net", we're in... + $res= $ip & $mask; + + return ($res == $net); +} + + +function get_next_id($attrib, $dn) +{ + global $config; + + switch ($config->get_cfg_value("idAllocationMethod", "traditional")){ + case "pool": + return get_next_id_pool($attrib); + case "traditional": + return get_next_id_traditional($attrib, $dn); + } + + msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG); + return null; +} + + +function get_next_id_pool($attrib) { + global $config; + + /* Fill informational values */ + $min= $config->get_cfg_value("${attrib}PoolMin", 10000); + $max= $config->get_cfg_value("${attrib}PoolMax", 40000); + + /* Sanity check */ + if ($min >= $max) { + msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), $attrib), ERROR_DIALOG); + return null; + } + + /* ID to skip */ + $ldap= $config->get_ldap_link(); + $id= null; + + /* Try to allocate the ID several times before failing */ + $tries= 3; + while ($tries--) { + + /* Look for ID map entry */ + $ldap->cd ($config->current['BASE']); + $ldap->search ("(&(objectClass=sambaUnixIdPool)($attrib=*))", array("$attrib")); + + /* If it does not exist, create one with these defaults */ + if ($ldap->count() == 0) { + /* Fill informational values */ + $minUserId= $config->get_cfg_value("uidPoolMin", 10000); + $minGroupId= $config->get_cfg_value("gidPoolMin", 10000); + + /* Add as default */ + $attrs= array("objectClass" => array("organizationalUnit", "sambaUnixIdPool")); + $attrs["ou"]= "idmap"; + $attrs["uidNumber"]= $minUserId; + $attrs["gidNumber"]= $minGroupId; + $ldap->cd("ou=idmap,".$config->current['BASE']); + $ldap->add($attrs); + if ($ldap->error != "Success") { + msg_dialog::display(_("Error"), _("Cannot create sambaUnixIdPool entry!"), ERROR_DIALOG); + return null; + } + $tries++; + continue; + } + /* Bail out if it's not unique */ + if ($ldap->count() != 1) { + msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG); + return null; + } + + /* Store old attrib and generate new */ + $attrs= $ldap->fetch(); + $dn= $ldap->getDN(); + $oldAttr= $attrs[$attrib][0]; + $newAttr= $oldAttr + 1; + + /* Sanity check */ + if ($newAttr >= $max) { + msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG); + return null; + } + if ($newAttr < $min) { + msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG); + return null; + } + + #FIXME: PHP is not able to do a modification of "del: .../add: ...", so this + # is completely unsafe in the moment. + #/* Remove old attr, add new attr */ + #$attrs= array($attrib => $oldAttr); + #$ldap->rm($attrs, $dn); + #if ($ldap->error != "Success") { + # continue; + #} + $ldap->cd($dn); + $ldap->modify(array($attrib => $newAttr)); + if ($ldap->error != "Success") { + msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".$ldap->get_error(), ERROR_DIALOG); + return null; + } else { + return $oldAttr; + } + } + + /* Bail out if we had problems getting the next id */ + if (!$tries) { + msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("maximum tries exceeded!"), ERROR_DIALOG); + } + + return $id; +} + +function get_next_id_traditional($attrib, $dn) +{ + global $config; + + $ids= array(); + $ldap= $config->get_ldap_link(); + + $ldap->cd ($config->current['BASE']); + if (preg_match('/gidNumber/i', $attrib)){ + $oc= "posixGroup"; + } else { + $oc= "posixAccount"; + } + $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib")); + + /* Get list of ids */ + while ($attrs= $ldap->fetch()){ + $ids[]= (int)$attrs["$attrib"][0]; + } + + /* Add the nobody id */ + $ids[]= 65534; + + /* get the ranges */ + $tmp = array('0'=> 1000); + if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("uidNumberBase") != ""){ + $tmp= split('-',$config->get_cfg_value("uidNumberBase")); + } elseif($config->get_cfg_value("gidNumberBase") != ""){ + $tmp= split('-',$config->get_cfg_value("gidNumberBase")); + } + + /* Set hwm to max if not set - for backward compatibility */ + $lwm= $tmp[0]; + if (isset($tmp[1])){ + $hwm= $tmp[1]; + } else { + $hwm= pow(2,32); + } + /* Find out next free id near to UID_BASE */ + if ($config->get_cfg_value("baseIdHook") == ""){ + $base= $lwm; + } else { + /* Call base hook */ + $base= get_base_from_hook($dn, $attrib); + } + for ($id= $base; $id++; $id < pow(2,32)){ + if (!in_array($id, $ids)){ + return ($id); + } + } + + /* Should not happen */ + if ($id == $hwm){ + msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG); + exit; + } +} + + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>