X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Ffunctions.inc;h=aa28014a03cd8ab43c6e8719b85949cbd380c4f4;hb=806fdaa1d14d6d221f479e604cf090a0f02dc6ee;hp=991f63e3e427b5c3380927988f3f3f0d1cc080a5;hpb=ecfaa61bdc6474216ad113a719fb9994a9086f69;p=gosa.git
diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
index 991f63e3e..aa28014a0 100644
--- a/gosa-core/include/functions.inc
+++ b/gosa-core/include/functions.inc
@@ -3,7 +3,7 @@
* This code is part of GOsa (http://www.gosa-project.org)
* Copyright (C) 2003-2008 GONICUS GmbH
*
- * ID: $$Id$$
+ * ID: $$Id: functions.inc 13100 2008-12-01 14:07:48Z hickert $$
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -32,7 +32,7 @@ if(!isset($_SERVER['CONFIG_DIR'])){
}
/* Allow setting the config file in the apache configuration
- e.g. SetEnv CONFIG_FILE gosa.conf.2.5
+ e.g. SetEnv CONFIG_FILE gosa.conf.2.6
*/
if(!isset($_SERVER['CONFIG_FILE'])){
define ("CONFIG_FILE", "gosa.conf");
@@ -69,8 +69,8 @@ define('DES3_CBC_MD5',5);
define('DES3_CBC_SHA1',16);
/* Define globals for revision comparing */
-$svn_path = '$HeadURL: https://oss.gonicus.de/repositories/gosa/trunk/gosa-core/include/functions.inc $';
-$svn_revision = '$Revision: 9246 $';
+$svn_path = '$HeadURL$';
+$svn_revision = '$Revision$';
/* Include required files */
require_once("class_location.inc");
@@ -87,6 +87,8 @@ define ("DEBUG_SESSION",32);
define ("DEBUG_CONFIG", 64);
define ("DEBUG_ACL", 128);
define ("DEBUG_SI", 256);
+define ("DEBUG_MAIL", 512); // mailAccounts, imap, sieve etc.
+define ("DEBUG_FAI", 1024); // FAI (incomplete)
/* Rewrite german 'umlauts' and spanish 'accents'
to get better results */
@@ -163,7 +165,7 @@ function make_seed() {
/* Debug level action */
function DEBUG($level, $line, $function, $file, $data, $info="")
{
- if (session::get('DEBUGLEVEL') & $level){
+ if (session::global_get('DEBUGLEVEL') & $level){
$output= "DEBUG[$level] ";
if ($function != ""){
$output.= "($file:$function():$line) - $info: ";
@@ -218,10 +220,10 @@ function get_browser_language()
/* Rewrite ui object to another dn */
function change_ui_dn($dn, $newdn)
{
- $ui= session::get('ui');
+ $ui= session::global_get('ui');
if ($ui->dn == $dn){
$ui->dn= $newdn;
- session::set('ui',$ui);
+ session::global_set('ui',$ui);
}
}
@@ -246,7 +248,7 @@ function get_template_path($filename= '', $plugin= FALSE, $path= "")
/* Return plugin dir or root directory? */
if ($plugin){
if ($path == ""){
- $nf= preg_replace("!^".$BASE_DIR."/!", "", session::get('plugin_dir'));
+ $nf= preg_replace("!^".$BASE_DIR."/!", "", session::global_get('plugin_dir'));
} else {
$nf= preg_replace("!^".$BASE_DIR."/!", "", $path);
}
@@ -257,7 +259,7 @@ function get_template_path($filename= '', $plugin= FALSE, $path= "")
return ("$BASE_DIR/ihtml/themes/default/$nf/$filename");
}
if ($path == ""){
- return (session::get('plugin_dir')."/$filename");
+ return (session::global_get('plugin_dir')."/$filename");
} else {
return ($path."/$filename");
}
@@ -403,6 +405,12 @@ function ldap_login_user_htaccess ($username)
$ui= new userinfo($config, $ldap->getDN());
$ui->username= $attrs['uid'][0];
+ /* Bail out if we have login restrictions set, for security reasons
+ the message is the same than failed user/pw */
+ if (!$ui->loginAllowed()){
+ return (NULL);
+ }
+
/* No password check needed - the webserver did it for us */
$ldap->disconnect();
@@ -410,7 +418,7 @@ function ldap_login_user_htaccess ($username)
$ui->loadACL();
/* TODO: check java script for htaccess authentication */
- session::set('js',true);
+ session::global_set('js',true);
return ($ui);
}
@@ -483,6 +491,12 @@ function ldap_login_user ($username, $password)
$ui= new userinfo($config, $ldap->getDN());
$ui->username= $attrs['uid'][0];
+ /* Bail out if we have login restrictions set, for security reasons
+ the message is the same than failed user/pw */
+ if (!$ui->loginAllowed()){
+ return (NULL);
+ }
+
/* password check, bind as user with supplied password */
$ldap->disconnect();
$ldap= new LDAP($ui->dn, $password, $config->current['SERVER'],
@@ -602,28 +616,26 @@ function add_lock($object, $user)
/* Remember which entries were opened as read only, because we
don't need to remove any locks for them later.
*/
- if(!session::is_set("LOCK_CACHE")){
- session::set("LOCK_CACHE",array(""));
+ if(!session::global_is_set("LOCK_CACHE")){
+ session::global_set("LOCK_CACHE",array(""));
+ }
+ if(is_array($object)){
+ foreach($object as $obj){
+ add_lock($obj,$user);
+ }
+ return;
}
- $cache = &session::get("LOCK_CACHE");
+
+ $cache = &session::global_get("LOCK_CACHE");
if(isset($_POST['open_readonly'])){
$cache['READ_ONLY'][$object] = TRUE;
- echo "ADDED : {$user}:{$object}
";
return;
}
if(isset($cache['READ_ONLY'][$object])){
- echo "Removed lock entry $object
";
unset($cache['READ_ONLY'][$object]);
}
- if(is_array($object)){
- foreach($object as $obj){
- add_lock($obj,$user);
- }
- return;
- }
-
/* Just a sanity check... */
if ($object == "" || $user == ""){
msg_dialog::display(_("Internal error"), _("Error while adding a lock. Contact the developers!"), ERROR_DIALOG);
@@ -677,15 +689,11 @@ function del_lock ($object)
/* If this object was opened in read only mode then
skip removing the lock entry, there wasn't any lock created.
*/
- if(session::is_set("LOCK_CACHE")){
- $cache = &session::get("LOCK_CACHE");
+ if(session::global_is_set("LOCK_CACHE")){
+ $cache = &session::global_get("LOCK_CACHE");
if(isset($cache['READ_ONLY'][$object])){
- if(isset($_POST['delete_lock'])){
- unset($cache['READ_ONLY'][$object]);
- }else{
- echo "Skipped: $object
";
- return;
- }
+ unset($cache['READ_ONLY'][$object]);
+ return;
}
}
@@ -1031,7 +1039,7 @@ function get_list($filter, $category, $base= "", $attributes= array(), $flags= G
function check_sizelimit()
{
/* Ignore dialog? */
- if (session::is_set('size_ignore') && session::get('size_ignore')){
+ if (session::global_is_set('size_ignore') && session::global_get('size_ignore')){
return ("");
}
@@ -1039,8 +1047,8 @@ function check_sizelimit()
if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){
$smarty= get_smarty();
$smarty->assign('warning', sprintf(_("The size limit of %d entries is exceed!"),
- session::get('size_limit')));
- $smarty->assign('limit_message', sprintf(_("Set the new size limit to %s and show me this message if the limit still exceeds"), ''));
+ session::global_get('size_limit')));
+ $smarty->assign('limit_message', sprintf(_("Set the new size limit to %s and show me this message if the limit still exceeds"), ''));
return($smarty->fetch(get_template_path('sizelimit.tpl')));
}
@@ -1050,7 +1058,7 @@ function check_sizelimit()
function print_sizelimit_warning()
{
- if (session::is_set('size_limit') && session::get('size_limit') >= 10000000 ||
+ if (session::global_is_set('size_limit') && session::global_get('size_limit') >= 10000000 ||
(session::is_set('limit_exceeded') && session::get('limit_exceeded'))){
$config= "";
} else {
@@ -1071,25 +1079,25 @@ function eval_sizelimit()
if (tests::is_id($_POST['new_limit']) &&
isset($_POST['action']) && $_POST['action']=="newlimit"){
- session::set('size_limit', validate($_POST['new_limit']));
+ session::global_set('size_limit', validate($_POST['new_limit']));
session::set('size_ignore', FALSE);
}
/* User wants no limits? */
if (isset($_POST['action']) && $_POST['action']=="ignore"){
- session::set('size_limit', 0);
- session::set('size_ignore', TRUE);
+ session::global_set('size_limit', 0);
+ session::global_set('size_ignore', TRUE);
}
/* User wants incomplete results */
if (isset($_POST['action']) && $_POST['action']=="limited"){
- session::set('size_ignore', TRUE);
+ session::global_set('size_ignore', TRUE);
}
}
getMenuCache();
/* Allow fallback to dialog */
if (isset($_POST['edit_sizelimit'])){
- session::set('size_ignore',FALSE);
+ session::global_set('size_ignore',FALSE);
}
}
@@ -1170,6 +1178,7 @@ function get_ou($name)
global $config;
$map = array(
+ "roleRDN" => "ou=roles,",
"ogroupRDN" => "ou=groups,",
"applicationRDN" => "ou=apps,",
"systemRDN" => "ou=systems,",
@@ -1289,7 +1298,7 @@ function get_uid_regexp()
}
-function gen_locked_message($user, $dn)
+function gen_locked_message($user, $dn, $allow_readonly = FALSE)
{
global $plug, $config;
@@ -1299,7 +1308,9 @@ function gen_locked_message($user, $dn)
/* Save variables from LOCK_VARS_TO_USE in session - for further editing */
if( session::is_set('LOCK_VARS_TO_USE') && count(session::get('LOCK_VARS_TO_USE'))){
- $LOCK_VARS_USED = array();
+ $LOCK_VARS_USED_GET = array();
+ $LOCK_VARS_USED_POST = array();
+ $LOCK_VARS_USED_REQUEST = array();
$LOCK_VARS_TO_USE = session::get('LOCK_VARS_TO_USE');
foreach($LOCK_VARS_TO_USE as $name){
@@ -1310,23 +1321,31 @@ function gen_locked_message($user, $dn)
foreach($_POST as $Pname => $Pvalue){
if(preg_match($name,$Pname)){
- $LOCK_VARS_USED[$Pname] = $_POST[$Pname];
+ $LOCK_VARS_USED_POST[$Pname] = $_POST[$Pname];
}
}
foreach($_GET as $Pname => $Pvalue){
if(preg_match($name,$Pname)){
- $LOCK_VARS_USED[$Pname] = $_GET[$Pname];
+ $LOCK_VARS_USED_GET[$Pname] = $_GET[$Pname];
+ }
+ }
+
+ foreach($_REQUEST as $Pname => $Pvalue){
+ if(preg_match($name,$Pname)){
+ $LOCK_VARS_USED_REQUEST[$Pname] = $_REQUEST[$Pname];
}
}
}
session::set('LOCK_VARS_TO_USE',array());
- session::set('LOCK_VARS_USED' , $LOCK_VARS_USED);
+ session::set('LOCK_VARS_USED_GET' , $LOCK_VARS_USED_GET);
+ session::set('LOCK_VARS_USED_POST' , $LOCK_VARS_USED_POST);
+ session::set('LOCK_VARS_USED_REQUEST' , $LOCK_VARS_USED_REQUEST);
}
/* Prepare and show template */
$smarty= get_smarty();
-
+ $smarty->assign("allow_readonly",$allow_readonly);
if(is_array($dn)){
$msg = "";
foreach($dn as $sub_dn){
@@ -1643,8 +1662,8 @@ function recurse($rule, $variables)
function expand_id($rule, $attributes)
{
/* Check for id rule */
- if(preg_match('/^id(:|#)\d+$/',$rule)){
- return (array("\{$rule}"));
+ if(preg_match('/^id(:|#|!)\d+$/',$rule)){
+ return (array("{$rule}"));
}
/* Check for clean attribute */
@@ -1712,31 +1731,35 @@ function gen_uids($rule, $attributes)
$proposed= recurse($stripped, $variables);
/* Get list of used ID's */
- $used= array();
$ldap= $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
- $ldap->search('(uid=*)');
-
- while($attrs= $ldap->fetch()){
- $used[]= $attrs['uid'][0];
- }
/* Remove used uids and watch out for id tags */
$ret= array();
foreach($proposed as $uid){
/* Check for id tag and modify uid if needed */
- if(preg_match('/\{id:\d+}/',$uid)){
- $size= preg_replace('/^.*{id:(\d+)}.*$/', '\\1', $uid);
+ if(preg_match('/\{id(:|!)\d+}/',$uid, $m)){
+ $size= preg_replace('/^.*{id(:|!)(\d+)}.*$/', '\\2', $uid);
+
+ $start= $m[1]==":"?0:-1;
+ for ($i= $start, $p= pow(10,$size)-1; $i < $p; $i++){
+ if ($i == -1) {
+ $number= "";
+ } else {
+ $number= sprintf("%0".$size."d", $i+1);
+ }
+ $res= preg_replace('/{id(:|!)\d+}/', $number, $uid);
- for ($i= 0, $p= pow(10,$size); $i < $p; $i++){
- $number= sprintf("%0".$size."d", $i);
- $res= preg_replace('/{id:(\d+)}/', $number, $uid);
- if (!in_array($res, $used)){
+ $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn'));
+ if($ldap->count() == 0){
$uid= $res;
break;
}
}
+
+ /* Remove link if nothing has been found */
+ $uid= preg_replace('/{id(:|!)\d+}/', '', $uid);
}
if(preg_match('/\{id#\d+}/',$uid)){
@@ -1746,16 +1769,22 @@ function gen_uids($rule, $attributes)
mt_srand((double) microtime()*1000000);
$number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1));
$res= preg_replace('/{id#(\d+)}/', $number, $uid);
- if (!in_array($res, $used)){
+ $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")",array('dn'));
+ if($ldap->count() == 0){
$uid= $res;
break;
}
}
+
+ /* Remove link if nothing has been found */
+ $uid= preg_replace('/{id#\d+}/', '', $uid);
}
/* Don't assign used ones */
- if (!in_array($uid, $used)){
- $ret[]= $uid;
+ $ldap->search("(uid=".preg_replace('/[{}]/', '', $uid).")",array('dn'));
+ if($ldap->count() == 0){
+ /* Add uid, but remove {} first. These are invalid anyway. */
+ $ret[]= preg_replace('/[{}]/', '', $uid);
}
}
@@ -1986,40 +2015,7 @@ function compare_revision($revision_file, $revision)
function progressbar($percentage,$width=100,$height=15,$showvalue=false)
{
- $str = ""; // Our return value will be saved in this var
-
- $color = dechex($percentage+150);
- $color2 = dechex(150 - $percentage);
- $bgcolor= $showvalue?"FFFFFF":"DDDDDD";
-
- $progress = (int)(($percentage /100)*$width);
-
- /* If theres a better solution for this, use it... */
- $str = "\n ";
-
- $str.= "\n
";
-
- if(($height >10)&&($showvalue)){
- $str.= "\n
";
- $str.= "\n ".$percentage."% ";
- $str.= "\n ";
- }
-
- $str.= "\n
";
- $str.= "\n
";
- $str.= "\n
";
- $str.= "\n
");
}
@@ -2243,49 +2239,49 @@ function check_schema($cfg,$rfc2307bis = FALSE)
/* The gosa base schema */
$checks['gosaObject'] = $def_check;
- $checks['gosaObject']['REQUIRED_VERSION'] = "2.4";
- $checks['gosaObject']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema");
+ $checks['gosaObject']['REQUIRED_VERSION'] = "2.6.1";
+ $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema");
$checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject");
$checks['gosaObject']['IS_MUST_HAVE'] = TRUE;
/* GOsa Account class */
- $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.4";
- $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema");
+ $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6";
+ $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema");
$checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount");
$checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE;
$checks["gosaAccount"]["INFO"] = _("Used to store account specific informations.");
/* GOsa lock entry, used to mark currently edited objects as 'in use' */
- $checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.4";
- $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema");
+ $checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.6.1";
+ $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema");
$checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry");
$checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE;
$checks["gosaLockEntry"]["INFO"] = _("Used to lock currently edited entries to avoid multiple changes at the same time.");
/* Some other checks */
foreach(array(
- "gosaCacheEntry" => array("version" => "2.4"),
- "gosaDepartment" => array("version" => "2.4"),
+ "gosaCacheEntry" => array("version" => "2.6.1", "class" => "gosaAccount"),
+ "gosaDepartment" => array("version" => "2.6.1", "class" => "gosaAccount"),
"goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
- "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"),
- "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"),
- "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
- "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
- "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
- "GOhard" => array("version" => "2.5", "class" => "terminals","file" => "goto.schema"),
- "gotoTerminal" => array("version" => "2.5", "class" => "terminals","file" => "goto.schema"),
- "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"),
- "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
- "goShareServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
- "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
- "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
- "goLdapServer" => array("version" => "2.4"),
- "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),),
- "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3. schema"),
- "goKrbServer" => array("version" => "2.4"),
- "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"),
+ "gosaUserTemplate" => array("version" => "2.6.1", "class" => "posixAccount","file" => "nis.schema"),
+ "gosaMailAccount" => array("version" => "2.6.1", "class" => "mailAccount","file" => "gosa-samba3.schema"),
+ "gosaProxyAccount" => array("version" => "2.6.1", "class" => "proxyAccount","file" => "gosa-samba3.schema"),
+ "gosaApplication" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"),
+ "gosaApplicationGroup" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"),
+ "GOhard" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
+ "gotoTerminal" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
+ "goServer" => array("version" => "2.6.1", "class" => "server","file" => "goserver.schema"),
+ "goTerminalServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
+ "goShareServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
+ "goNtpServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
+ "goSyslogServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
+ "goLdapServer" => array("version" => "2.6.1", "class" => "goServer"),
+ "goCupsServer" => array("version" => "2.6.1", "class" => array("posixAccount", "terminals"),),
+ "goImapServer" => array("version" => "2.6.1", "class" => array("mailAccount", "mailgroup"),"file" => "gosa-samba3.schema"),
+ "goKrbServer" => array("version" => "2.6.1", "class" => "goServer"),
+ "goFaxServer" => array("version" => "2.6.1", "class" => "gofaxAccount","file" => "gofax.schema"),
) as $name => $values){
$checks[$name] = $def_check;
@@ -2295,26 +2291,25 @@ function check_schema($cfg,$rfc2307bis = FALSE)
if(isset($values['file'])){
$checks[$name]["SCHEMA_FILES"] = array($values['file']);
}
- $checks[$name]["CLASSES_REQUIRED"] = array($name);
+ if (isset($values['class'])) {
+ $checks[$name]["CLASSES_REQUIRED"] = is_array($values['class'])?$values['class']:array($values['class']);
+ }
}
foreach($checks as $name => $value){
foreach($value['CLASSES_REQUIRED'] as $class){
if(!isset($objectclasses[$name])){
- $checks[$name]['STATUS'] = FALSE;
if($value['IS_MUST_HAVE']){
+ $checks[$name]['STATUS'] = FALSE;
$checks[$name]['MSG'] = sprintf(_("Missing required object class '%s'!"),$class);
- }else{
+ } else {
+ $checks[$name]['STATUS'] = TRUE;
$checks[$name]['MSG'] = sprintf(_("Missing optional object class '%s'!"),$class);
}
}elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){
$checks[$name]['STATUS'] = FALSE;
- if($value['IS_MUST_HAVE']){
- $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']);
- }else{
- $checks[$name]['MSG'] = sprintf(_("Version mismatch for optional object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']);
- }
+ $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']);
}else{
$checks[$name]['STATUS'] = TRUE;
$checks[$name]['MSG'] = sprintf(_("Class(es) available"));
@@ -2326,8 +2321,8 @@ function check_schema($cfg,$rfc2307bis = FALSE)
/* The gosa base schema */
$checks['posixGroup'] = $def_check;
- $checks['posixGroup']['REQUIRED_VERSION'] = "2.4";
- $checks['posixGroup']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema");
+ $checks['posixGroup']['REQUIRED_VERSION'] = "2.6.1";
+ $checks['posixGroup']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema");
$checks['posixGroup']['CLASSES_REQUIRED'] = array("posixGroup");
$checks['posixGroup']['STATUS'] = TRUE;
$checks['posixGroup']['IS_MUST_HAVE'] = TRUE;
@@ -2468,13 +2463,6 @@ function change_password ($dn, $password, $mode=0, $hash= "")
$ldap->cat ($dn, array("shadowLastChange", "userPassword", "uid"));
$attrs = $ldap->fetch ();
- // Check if user account was deactivated, indicated by ! after } ... {crypt}!###
- if(isset($attrs['userPassword'][0]) && preg_match("/^[^\}]*+\}!/",$attrs['userPassword'][0])){
- $deactivated = TRUE;
- }else{
- $deactivated = FALSE;
- }
-
/* Is ensure that clear passwords will stay clear */
if($hash == "" && isset($attrs['userPassword'][0]) && !preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0])){
$hash = "clear";
@@ -2502,6 +2490,8 @@ function change_password ($dn, $password, $mode=0, $hash= "")
if($test instanceOf passwordMethod){
+ $deactivated = $test->is_locked($config,$dn);
+
/* Feed password backends with information */
$test->dn= $dn;
$test->attrs= $attrs;
@@ -2529,16 +2519,16 @@ function change_password ($dn, $password, $mode=0, $hash= "")
$attrs= generate_smb_nt_hash($password);
}
- /* Read ! if user was deactivated */
- if($deactivated){
- $newpass = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$newpass);
- }
-
$attrs['userPassword']= array();
$attrs['userPassword']= $newpass;
$ldap->modify($attrs);
+ /* Read ! if user was deactivated */
+ if($deactivated){
+ $test->lock_account($config,$dn);
+ }
+
new log("modify","users/passwordMethod",$dn,array_keys($attrs),$ldap->get_error());
if (!$ldap->success()) {
@@ -2585,6 +2575,11 @@ function generate_smb_nt_hash($password)
} else {
$hash= "";
}
+
+ if ($hash == "") {
+ msg_dialog::display(_("Configuration error"), _("Cannot generate samba hash!"), ERROR_DIALOG);
+ return ("");
+ }
} else {
$tmp= $config->get_cfg_value('sambaHashHook')." ".escapeshellarg($password);
@DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
@@ -2593,26 +2588,20 @@ function generate_smb_nt_hash($password)
flush();
reset($ar);
$hash= current($ar);
- }
- if ($hash == "") {
- msg_dialog::display(_("Configuration error"), _("Cannot generate samba hash!"), ERROR_DIALOG);
- return ("");
+ if ($hash == "") {
+ msg_dialog::display(_("Configuration error"), sprintf(_("Cannot generate samba hash: running '%s' failed, check the 'sambaHashHook'!"),$config->get_cfg_value('sambaHashHook')), ERROR_DIALOG);
+ return ("");
+ }
}
list($lm,$nt)= split (":", trim($hash));
- if ($config->get_cfg_value("sambaversion") == 3) {
- $attrs['sambaLMPassword']= $lm;
- $attrs['sambaNTPassword']= $nt;
- $attrs['sambaPwdLastSet']= date('U');
- $attrs['sambaBadPasswordCount']= "0";
- $attrs['sambaBadPasswordTime']= "0";
- } else {
- $attrs['lmPassword']= $lm;
- $attrs['ntPassword']= $nt;
- $attrs['pwdLastSet']= date('U');
- }
+ $attrs['sambaLMPassword']= $lm;
+ $attrs['sambaNTPassword']= $nt;
+ $attrs['sambaPwdLastSet']= date('U');
+ $attrs['sambaBadPasswordCount']= "0";
+ $attrs['sambaBadPasswordTime']= "0";
return($attrs);
}
@@ -2812,6 +2801,7 @@ function cred_encrypt($input, $password) {
}
+
function cred_decrypt($input,$password) {
$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
@@ -2820,5 +2810,198 @@ function cred_decrypt($input,$password) {
}
+function get_object_info()
+{
+ return(session::get('objectinfo'));
+}
+
+
+function set_object_info($str = "")
+{
+ session::set('objectinfo',$str);
+}
+
+
+function isIpInNet($ip, $net, $mask) {
+ // Move to long ints
+ $ip= ip2long($ip);
+ $net= ip2long($net);
+ $mask= ip2long($mask);
+
+ // Mask given IP with mask. If it returns "net", we're in...
+ $res= $ip & $mask;
+
+ return ($res == $net);
+}
+
+
+function get_next_id($attrib, $dn)
+{
+ global $config;
+
+ switch ($config->get_cfg_value("idAllocationMethod", "traditional")){
+ case "pool":
+ return get_next_id_pool($attrib);
+ case "traditional":
+ return get_next_id_traditional($attrib, $dn);
+ }
+
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG);
+ return null;
+}
+
+
+function get_next_id_pool($attrib) {
+ global $config;
+
+ /* Fill informational values */
+ $min= $config->get_cfg_value("${attrib}PoolMin", 10000);
+ $max= $config->get_cfg_value("${attrib}PoolMax", 40000);
+
+ /* Sanity check */
+ if ($min >= $max) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), $attrib), ERROR_DIALOG);
+ return null;
+ }
+
+ /* ID to skip */
+ $ldap= $config->get_ldap_link();
+ $id= null;
+
+ /* Try to allocate the ID several times before failing */
+ $tries= 3;
+ while ($tries--) {
+
+ /* Look for ID map entry */
+ $ldap->cd ($config->current['BASE']);
+ $ldap->search ("(&(objectClass=sambaUnixIdPool)($attrib=*))", array("$attrib"));
+
+ /* If it does not exist, create one with these defaults */
+ if ($ldap->count() == 0) {
+ /* Fill informational values */
+ $minUserId= $config->get_cfg_value("uidPoolMin", 10000);
+ $minGroupId= $config->get_cfg_value("gidPoolMin", 10000);
+
+ /* Add as default */
+ $attrs= array("objectClass" => array("organizationalUnit", "sambaUnixIdPool"));
+ $attrs["ou"]= "idmap";
+ $attrs["uidNumber"]= $minUserId;
+ $attrs["gidNumber"]= $minGroupId;
+ $ldap->cd("ou=idmap,".$config->current['BASE']);
+ $ldap->add($attrs);
+ if ($ldap->error != "Success") {
+ msg_dialog::display(_("Error"), _("Cannot create sambaUnixIdPool entry!"), ERROR_DIALOG);
+ return null;
+ }
+ $tries++;
+ continue;
+ }
+ /* Bail out if it's not unique */
+ if ($ldap->count() != 1) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG);
+ return null;
+ }
+
+ /* Store old attrib and generate new */
+ $attrs= $ldap->fetch();
+ $dn= $ldap->getDN();
+ $oldAttr= $attrs[$attrib][0];
+ $newAttr= $oldAttr + 1;
+
+ /* Sanity check */
+ if ($newAttr >= $max) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG);
+ return null;
+ }
+ if ($newAttr < $min) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG);
+ return null;
+ }
+
+ #FIXME: PHP is not able to do a modification of "del: .../add: ...", so this
+ # is completely unsafe in the moment.
+ #/* Remove old attr, add new attr */
+ #$attrs= array($attrib => $oldAttr);
+ #$ldap->rm($attrs, $dn);
+ #if ($ldap->error != "Success") {
+ # continue;
+ #}
+ $ldap->cd($dn);
+ $ldap->modify(array($attrib => $newAttr));
+ if ($ldap->error != "Success") {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".$ldap->get_error(), ERROR_DIALOG);
+ return null;
+ } else {
+ return $oldAttr;
+ }
+ }
+
+ /* Bail out if we had problems getting the next id */
+ if (!$tries) {
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("maximum tries exceeded!"), ERROR_DIALOG);
+ }
+
+ return $id;
+}
+
+function get_next_id_traditional($attrib, $dn)
+{
+ global $config;
+
+ $ids= array();
+ $ldap= $config->get_ldap_link();
+
+ $ldap->cd ($config->current['BASE']);
+ if (preg_match('/gidNumber/i', $attrib)){
+ $oc= "posixGroup";
+ } else {
+ $oc= "posixAccount";
+ }
+ $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
+
+ /* Get list of ids */
+ while ($attrs= $ldap->fetch()){
+ $ids[]= (int)$attrs["$attrib"][0];
+ }
+
+ /* Add the nobody id */
+ $ids[]= 65534;
+
+ /* get the ranges */
+ $tmp = array('0'=> 1000);
+ if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("uidNumberBase") != ""){
+ $tmp= split('-',$config->get_cfg_value("uidNumberBase"));
+ } elseif($config->get_cfg_value("gidNumberBase") != ""){
+ $tmp= split('-',$config->get_cfg_value("gidNumberBase"));
+ }
+
+ /* Set hwm to max if not set - for backward compatibility */
+ $lwm= $tmp[0];
+ if (isset($tmp[1])){
+ $hwm= $tmp[1];
+ } else {
+ $hwm= pow(2,32);
+ }
+ /* Find out next free id near to UID_BASE */
+ if ($config->get_cfg_value("baseIdHook") == ""){
+ $base= $lwm;
+ } else {
+ /* Call base hook */
+ $base= get_base_from_hook($dn, $attrib);
+ }
+ for ($id= $base; $id++; $id < pow(2,32)){
+ if (!in_array($id, $ids)){
+ return ($id);
+ }
+ }
+
+ /* Should not happen */
+ if ($id == $hwm){
+ msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
+ exit;
+ }
+}
+
+
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>