X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Ffunctions.inc;h=da98e1f39e56afda8c68a36086a29a6c2780d7bb;hb=ee4b43becd604a9234b23a9b6faab3ca7bdf2631;hp=aa28014a03cd8ab43c6e8719b85949cbd380c4f4;hpb=48bf41101210813c9cd6d7aa2bd61a1a80cac419;p=gosa.git diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index aa28014a0..da98e1f39 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -20,11 +20,10 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -/* Configuration file location */ +/*! \file + * Common functions and named definitions. */ -/* Allow setting the config patj in the apache configuration - e.g. SetEnv CONFIG_FILE /etc/path - */ +/* Configuration file location */ if(!isset($_SERVER['CONFIG_DIR'])){ define ("CONFIG_DIR", "/etc/gosa"); }else{ @@ -40,6 +39,7 @@ if(!isset($_SERVER['CONFIG_FILE'])){ define ("CONFIG_FILE",$_SERVER['CONFIG_FILE']); } +/* Define common locatitions */ define ("CONFIG_TEMPLATE_DIR", "../contrib"); define ("TEMP_DIR","/var/cache/gosa/tmp"); @@ -78,16 +78,16 @@ require_once ("functions_debug.inc"); require_once ("accept-to-gettext.inc"); /* Define constants for debugging */ -define ("DEBUG_TRACE", 1); -define ("DEBUG_LDAP", 2); -define ("DEBUG_MYSQL", 4); -define ("DEBUG_SHELL", 8); -define ("DEBUG_POST", 16); -define ("DEBUG_SESSION",32); -define ("DEBUG_CONFIG", 64); -define ("DEBUG_ACL", 128); -define ("DEBUG_SI", 256); -define ("DEBUG_MAIL", 512); // mailAccounts, imap, sieve etc. +define ("DEBUG_TRACE", 1); /*! Debug level for tracing of common actions (save, check, etc.) */ +define ("DEBUG_LDAP", 2); /*! Debug level for LDAP queries */ +define ("DEBUG_MYSQL", 4); /*! Debug level for mysql operations */ +define ("DEBUG_SHELL", 8); /*! Debug level for shell commands */ +define ("DEBUG_POST", 16); /*! Debug level for POST content */ +define ("DEBUG_SESSION",32); /*! Debug level for SESSION content */ +define ("DEBUG_CONFIG", 64); /*! Debug level for CONFIG information */ +define ("DEBUG_ACL", 128); /*! Debug level for ACL infos */ +define ("DEBUG_SI", 256); /*! Debug level for communication with gosa-si */ +define ("DEBUG_MAIL", 512); /*! Debug level for all about mail (mailAccounts, imap, sieve etc.) */ define ("DEBUG_FAI", 1024); // FAI (incomplete) /* Rewrite german 'umlauts' and spanish 'accents' @@ -113,36 +113,55 @@ $REWRITE= array( "ä" => "ae", "Ñ" => "Ny" ); -/* Class autoloader */ -function __autoload($class_name) { +/*! \brief Does autoloading for classes used in GOsa. + * + * Takes the list generated by 'update-gosa' and loads the + * file containing the requested class. + * + * \param string 'class_name' The currently requested class + */ +function __gosa_autoload($class_name) { global $class_mapping, $BASE_DIR; if ($class_mapping === NULL){ - echo sprintf(_("Fatal error: no class locations defined - please run '%s' to fix this"), "update-gosa"); + echo sprintf(_("Fatal error: no class locations defined - please run %s to fix this"), bold("update-gosa")); exit; } if (isset($class_mapping["$class_name"])){ require_once($BASE_DIR."/".$class_mapping["$class_name"]); } else { - echo sprintf(_("Fatal error: cannot instantiate class '%s' - try running '%s' to fix this"), $class_name, "update-gosa"); + echo sprintf(_("Fatal error: cannot instantiate class %s - try running %s to fix this"), bold($class_name), bold("update-gosa")); exit; } } +spl_autoload_register('__gosa_autoload'); /*! \brief Checks if a class is available. - * @param name String The class name. - * @return boolean True if class is available, else false. + * \param string 'name' The subject of the test + * \return boolean True if class is available, else false. */ function class_available($name) { - global $class_mapping; - return(isset($class_mapping[$name])); + global $class_mapping, $config; + + $disabled = array(); + if($config instanceOf config && $config->configRegistry instanceOf configRegistry){ + $disabled = $config->configRegistry->getDisabledPlugins(); + } + + return(isset($class_mapping[$name]) && !isset($disabled[$name])); } -/* Check if plugin is avaliable */ +/*! \brief Check if plugin is available + * + * Checks if a given plugin is available and readable. + * + * \param string 'plugin' the subject of the check + * \return boolean True if plugin is available, else FALSE. + */ function plugin_available($plugin) { global $class_mapping, $BASE_DIR; @@ -155,17 +174,42 @@ function plugin_available($plugin) } -/* Create seed with microseconds */ +/*! \brief Create seed with microseconds + * + * Example: + * \code + * srand(make_seed()); + * $random = rand(); + * \endcode + * + * \return float a floating point number which can be used to feed srand() with it + * */ function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } -/* Debug level action */ +/*! \brief Debug level action + * + * Print a DEBUG level if specified debug level of the level matches the + * the configured debug level. + * + * \param int 'level' The log level of the message (should use the constants, + * defined in functions.in (DEBUG_TRACE, DEBUG_LDAP, etc.) + * \param int 'line' Define the line of the logged action (using __LINE__ is common) + * \param string 'function' Define the function where the logged action happened in + * (using __FUNCTION__ is common) + * \param string 'file' Define the file where the logged action happend in + * (using __FILE__ is common) + * \param mixed 'data' The data to log. Can be a message or an array, which is printed + * with print_a + * \param string 'info' Optional: Additional information + * + * */ function DEBUG($level, $line, $function, $file, $data, $info="") { - if (session::global_get('DEBUGLEVEL') & $level){ + if (session::global_get('debugLevel') & $level){ $output= "DEBUG[$level] "; if ($function != ""){ $output.= "($file:$function():$line) - $info: "; @@ -183,6 +227,18 @@ function DEBUG($level, $line, $function, $file, $data, $info="") } +/*! \brief Determine which language to show to the user + * + * Determines which language should be used to present gosa content + * to the user. It does so by looking at several possibilites and returning + * the first setting that can be found. + * + * -# Language configured by the user + * -# Global configured language + * -# Language as returned by al2gt (as configured in the browser) + * + * \return string gettext locale string + */ function get_browser_language() { /* Try to use users primary language */ @@ -195,8 +251,8 @@ function get_browser_language() } /* Check for global language settings in gosa.conf */ - if (isset ($config) && $config->get_cfg_value('language') != ""){ - $lang = $config->get_cfg_value('language'); + if (isset ($config) && $config->get_cfg_value("core",'language') != ""){ + $lang = $config->get_cfg_value("core",'language'); if(!preg_match("/utf/i",$lang)){ $lang .= ".UTF-8"; } @@ -217,7 +273,15 @@ function get_browser_language() } -/* Rewrite ui object to another dn */ +/*! \brief Rewrite ui object to another dn + * + * Usually used when a user is renamed. In this case the dn + * in the user object must be updated in order to point + * to the correct DN. + * + * \param string 'dn' the old DN + * \param string 'newdn' the new DN + * */ function change_ui_dn($dn, $newdn) { $ui= session::global_get('ui'); @@ -228,14 +292,29 @@ function change_ui_dn($dn, $newdn) } -/* Return theme path for specified file */ +/*! \brief Return themed path for specified base file + * + * Depending on its parameters, this function returns the full + * path of a template file. First match wins while searching + * in this order: + * + * - load theme depending file + * - load global theme depending file + * - load default theme file + * - load global default theme file + * + * \param string 'filename' The base file name + * \param boolean 'plugin' Flag to take the plugin directory as search base + * \param string 'path' User specified path to take as search base + * \return string Full path to the template file + */ function get_template_path($filename= '', $plugin= FALSE, $path= "") { global $config, $BASE_DIR; /* Set theme */ if (isset ($config)){ - $theme= $config->get_cfg_value("theme", "default"); + $theme= $config->get_cfg_value("core","theme"); } else { $theme= "default"; } @@ -248,7 +327,7 @@ function get_template_path($filename= '', $plugin= FALSE, $path= "") /* Return plugin dir or root directory? */ if ($plugin){ if ($path == ""){ - $nf= preg_replace("!^".$BASE_DIR."/!", "", session::global_get('plugin_dir')); + $nf= preg_replace("!^".$BASE_DIR."/!", "", preg_replace('/^\.\.\//', '', session::global_get('plugin_dir'))); } else { $nf= preg_replace("!^".$BASE_DIR."/!", "", $path); } @@ -281,12 +360,23 @@ function get_template_path($filename= '', $plugin= FALSE, $path= "") } +/*! \brief Remove multiple entries from an array + * + * Removes every element that is in $needles from the + * array given as $haystack + * + * \param array 'needles' array of the entries to remove + * \param array 'haystack' original array to remove the entries from + */ function array_remove_entries($needles, $haystack) { return (array_merge(array_diff($haystack, $needles))); } +/*! \brief Remove multiple entries from an array (case-insensitive) + * + * Same as array_remove_entries(), but case-insensitive. */ function array_remove_entries_ics($needles, $haystack) { // strcasecmp will work, because we only compare ASCII values here @@ -294,6 +384,15 @@ function array_remove_entries_ics($needles, $haystack) } +/*! Merge to array but remove duplicate entries + * + * Merges two arrays and removes duplicate entries. Triggers + * an error if first or second parametre is not an array. + * + * \param array 'ar1' first array + * \param array 'ar2' second array- + * \return array + */ function gosa_array_merge($ar1,$ar2) { if(!is_array($ar1) || !is_array($ar2)){ @@ -304,19 +403,25 @@ function gosa_array_merge($ar1,$ar2) } +/*! \brief Generate a system log info + * + * Creates a syslog message, containing user information. + * + * \param string 'message' the message to log + * */ function gosa_log ($message) { global $ui; /* Preset to something reasonable */ - $username= " unauthenticated"; + $username= "[unauthenticated]"; /* Replace username if object is present */ if (isset($ui)){ if ($ui->username != ""){ $username= "[$ui->username]"; } else { - $username= "unknown"; + $username= "[unknown]"; } } @@ -324,6 +429,17 @@ function gosa_log ($message) } +/*! \brief Initialize a LDAP connection + * + * Initializes a LDAP connection. + * + * \param string 'server' + * \param string 'base' + * \param string 'binddn' Default: empty + * \param string 'pass' Default: empty + * + * \return LDAP object + */ function ldap_init ($server, $base, $binddn='', $pass='') { global $config; @@ -335,7 +451,7 @@ function ldap_init ($server, $base, $binddn='', $pass='') /* Sadly we've no proper return values here. Use the error message instead. */ if (!$ldap->success()){ msg_dialog::display(_("Fatal error"), - sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error()), + sprintf(_("Error while connecting to LDAP: %s"), $ldap->get_error()), FATAL_ERROR_DIALOG); exit(); } @@ -346,6 +462,7 @@ function ldap_init ($server, $base, $binddn='', $pass='') } +/* \brief Process htaccess authentication */ function process_htaccess ($username, $kerberos= FALSE) { global $config; @@ -355,7 +472,7 @@ function process_htaccess ($username, $kerberos= FALSE) $config->set_current($name); $mode= "kerberos"; - if ($config->get_cfg_value("useSaslForKerberos") == "true"){ + if ($config->get_cfg_value("core","useSaslForKerberos") == "true"){ $mode= "sasl"; } @@ -381,6 +498,15 @@ function process_htaccess ($username, $kerberos= FALSE) } +/*! \brief Verify user login against htaccess + * + * Checks if the specified username is available in apache, maps the user + * to an LDAP user. The password has been checked by apache already. + * + * \param string 'username' + * \return + * - TRUE on SUCCESS, NULL or FALSE on error + */ function ldap_login_user_htaccess ($username) { global $config; @@ -396,7 +522,7 @@ function ldap_login_user_htaccess ($username) $ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid")); /* Found no uniq match? Strange, because we did above... */ if ($ldap->count() != 1) { - msg_dialog::display(_("LDAP error"), _("Username / UID is not unique inside the LDAP tree!"), FATAL_ERROR_DIALOG); + msg_dialog::display(_("LDAP error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG); return (NULL); } $attrs= $ldap->fetch(); @@ -408,6 +534,7 @@ function ldap_login_user_htaccess ($username) /* Bail out if we have login restrictions set, for security reasons the message is the same than failed user/pw */ if (!$ui->loginAllowed()){ + new log("security","login","",array(),"Login restriction for user \"$username\", login not permitted"); return (NULL); } @@ -418,12 +545,22 @@ function ldap_login_user_htaccess ($username) $ui->loadACL(); /* TODO: check java script for htaccess authentication */ - session::global_set('js',true); + session::global_set('js', true); return ($ui); } +/*! \brief Verify user login against LDAP directory + * + * Checks if the specified username is in the LDAP and verifies if the + * password is correct by binding to the LDAP with the given credentials. + * + * \param string 'username' + * \param string 'password' + * \return + * - TRUE on SUCCESS, NULL or FALSE on error + */ function ldap_login_user ($username, $password) { global $config; @@ -439,8 +576,8 @@ function ldap_login_user ($username, $password) $ldap->cd($config->current['BASE']); $allowed_attributes = array("uid","mail"); $verify_attr = array(); - if($config->get_cfg_value("loginAttribute") != ""){ - $tmp = split(",", $config->get_cfg_value("loginAttribute")); + if($config->get_cfg_value("core","loginAttribute") != ""){ + $tmp = explode(",", $config->get_cfg_value("core","loginAttribute")); foreach($tmp as $attr){ if(in_array($attr,$allowed_attributes)){ $verify_attr[] = $attr; @@ -471,7 +608,7 @@ function ldap_login_user ($username, $password) /* found more than one matching id */ default: - msg_dialog::display(_("Internal error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), FATAL_ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG); return (NULL); } @@ -494,6 +631,7 @@ function ldap_login_user ($username, $password) /* Bail out if we have login restrictions set, for security reasons the message is the same than failed user/pw */ if (!$ui->loginAllowed()){ + new log("security","login","",array(),"Login restriction for user \"$username\", login not permitted"); return (NULL); } @@ -515,6 +653,17 @@ function ldap_login_user ($username, $password) } +/*! \brief Test if account is about to expire + * + * \param string 'userdn' the DN of the user + * \param string 'username' the username + * \return int Can be one of the following values: + * - 1 the account is locked + * - 2 warn the user that the password is about to expire and he should change + * his password + * - 3 force the user to change his password + * - 4 user should not be able to change his password + * */ function ldap_expired_account($config, $userdn, $username) { $ldap= $config->get_ldap_link(); @@ -609,6 +758,14 @@ function ldap_expired_account($config, $userdn, $username) } +/*! \brief Add a lock for object(s) + * + * Adds a lock by the specified user for one ore multiple objects. + * If the lock for that object already exists, an error is triggered. + * + * \param mixed 'object' object or array of objects to lock + * \param string 'user' the user who shall own the lock + * */ function add_lock($object, $user) { global $config; @@ -638,17 +795,17 @@ function add_lock($object, $user) /* Just a sanity check... */ if ($object == "" || $user == ""){ - msg_dialog::display(_("Internal error"), _("Error while adding a lock. Contact the developers!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG); return; } /* Check for existing entries in lock area */ $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$user)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!$ldap->success()){ - msg_dialog::display(_("Configuration error"), sprintf(_("Cannot create locking information in LDAP tree. Please contact your administrator!")."

"._('LDAP server returned: %s'), "

".$ldap->get_error().""), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), sprintf(_("Cannot store lock information in LDAP!")."

"._('Error: %s'), "

".$ldap->get_error().""), ERROR_DIALOG); return; } @@ -656,20 +813,26 @@ function add_lock($object, $user) if ($ldap->count() == 0){ $attrs= array(); $name= md5($object); - $ldap->cd("cn=$name,".$config->get_cfg_value("config")); + $ldap->cd("cn=$name,".$config->get_cfg_value("core","config")); $attrs["objectClass"] = "gosaLockEntry"; $attrs["gosaUser"] = $user; $attrs["gosaObject"] = base64_encode($object); $attrs["cn"] = "$name"; $ldap->add($attrs); if (!$ldap->success()){ - msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "cn=$name,".$config->get_cfg_value("config"), 0, ERROR_DIALOG)); + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "cn=$name,".$config->get_cfg_value("core","config"), 0, ERROR_DIALOG)); return; } } } +/*! \brief Remove a lock for object(s) + * + * Does the opposite of add_lock(). + * + * \param mixed 'object' object or array of objects for which a lock shall be removed + * */ function del_lock ($object) { global $config; @@ -699,7 +862,7 @@ function del_lock ($object) /* Check for existance and remove the entry */ $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search ("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaObject")); $attrs= $ldap->fetch(); if ($ldap->getDN() != "" && $ldap->success()){ @@ -713,13 +876,20 @@ function del_lock ($object) } +/*! \brief Remove all locks owned by a specific userdn + * + * For a given userdn remove all existing locks. This is usually + * called on logout. + * + * \param string 'userdn' the subject whose locks shall be deleted + */ function del_user_locks($userdn) { global $config; /* Get LDAP ressources */ $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); /* Remove all objects of this user, drop errors silently in this case. */ $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$userdn))", array("gosaUser")); @@ -729,13 +899,21 @@ function del_user_locks($userdn) } +/*! \brief Get a lock for a specific object + * + * Searches for a lock on a given object. + * + * \param string 'object' subject whose locks are to be searched + * \return string Returns the user who owns the lock or "" if no lock is found + * or an error occured. + */ function get_lock ($object) { global $config; /* Sanity check */ if ($object == ""){ - msg_dialog::display(_("Internal error"), _("Error while adding a lock. Contact the developers!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG); return(""); } @@ -745,7 +923,7 @@ function get_lock ($object) /* Get LDAP link, check for presence of the lock entry */ $user= ""; $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG)); @@ -755,9 +933,6 @@ function get_lock ($object) /* Check for broken locking information in LDAP */ if ($ldap->count() > 1){ - /* Hmm. We're removing broken LDAP information here and issue a warning. */ - msg_dialog::display(_("Warning"), _("Found multiple locks for object to be locked. This should not happen - cleaning up multiple references."), WARNING_DIALOG); - /* Clean up these references now... */ while ($attrs= $ldap->fetch()){ $ldap->rmdir($attrs['dn']); @@ -773,6 +948,14 @@ function get_lock ($object) } +/*! Get locks for multiple objects + * + * Similar as get_lock(), but for multiple objects. + * + * \param array 'objects' Array of Objects for which a lock shall be searched + * \return A numbered array containing all found locks as an array with key 'dn' + * and key 'user' or "" if an error occured. + */ function get_multiple_locks($objects) { global $config; @@ -790,7 +973,7 @@ function get_multiple_locks($objects) /* Get LDAP link, check for presence of the lock entry */ $user= ""; $ldap= $config->get_ldap_link(); - $ldap->cd ($config->get_cfg_value("config")); + $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search($filter, array("gosaUser","gosaObject")); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG)); @@ -807,15 +990,16 @@ function get_multiple_locks($objects) } -/* \!brief This function searches the ldap database. - It search in $sub_bases,*,$base for all objects matching the $filter. - - @param $filter String The ldap search filter - @param $category String The ACL category the result objects belongs - @param $sub_bases String The sub base we want to search for e.g. "ou=apps" - @param $base String The ldap base from which we start the search - @param $attributes Array The attributes we search for. - @param $flags Long A set of Flags +/*! \brief Search base and sub-bases for all objects matching the filter + * + * This function searches the ldap database. It searches in $sub_bases,*,$base + * for all objects matching the $filter. + * \param string 'filter' The ldap search filter + * \param string 'category' The ACL category the result objects belongs + * \param string 'sub_bases' The sub base we want to search for e.g. "ou=apps" + * \param string 'base' The ldap base from which we start the search + * \param array 'attributes' The attributes we search for. + * \param long 'flags' A set of Flags */ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { @@ -873,7 +1057,7 @@ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= arra // log($action,$objecttype,$object,$changes_array = array(),$result = "") new log("debug","all",__FILE__,$attributes, sprintf("get_sub_list(): Falling back to get_list(), due to empty sub_bases parameter.". - " This may slow down GOsa. Search was: '%s'",$filter)); + " This may slow down GOsa. Used filter: %s", $filter)); } $tmp = get_list($filter, $category,$base,$attributes,$flags); return($tmp); @@ -968,6 +1152,10 @@ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= arra } +/*! \brief Search base for all objects matching the filter + * + * Just like get_sub_list(), but without sub base search. + * */ function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { global $config, $ui; @@ -1036,6 +1224,7 @@ function get_list($filter, $category, $base= "", $attributes= array(), $flags= G } +/*! \brief Show sizelimit configuration dialog if exceeded */ function check_sizelimit() { /* Ignore dialog? */ @@ -1046,31 +1235,32 @@ function check_sizelimit() /* Eventually show dialog */ if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){ $smarty= get_smarty(); - $smarty->assign('warning', sprintf(_("The size limit of %d entries is exceed!"), + $smarty->assign('warning', sprintf(_("The current size limit of %d entries is exceeded!"), session::global_get('size_limit'))); - $smarty->assign('limit_message', sprintf(_("Set the new size limit to %s and show me this message if the limit still exceeds"), '')); + $smarty->assign('limit_message', sprintf(_("Set the size limit to %s"), '')); return($smarty->fetch(get_template_path('sizelimit.tpl'))); } return (""); } - +/*! \brief Print a sizelimit warning */ function print_sizelimit_warning() { if (session::global_is_set('size_limit') && session::global_get('size_limit') >= 10000000 || (session::is_set('limit_exceeded') && session::get('limit_exceeded'))){ - $config= ""; + $config= ""; } else { $config= ""; } if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){ - return ("("._("incomplete").") $config"); + return ("("._("list is incomplete").") $config"); } return (""); } +/*! \brief Handle sizelimit dialog related posts */ function eval_sizelimit() { if (isset($_POST['set_size_action'])){ @@ -1125,6 +1315,7 @@ function getMenuCache() } +/*! \brief Return the current userinfo object */ function &get_userinfo() { global $ui; @@ -1133,6 +1324,7 @@ function &get_userinfo() } +/*! \brief Get global smarty object */ function &get_smarty() { global $smarty; @@ -1141,6 +1333,21 @@ function &get_smarty() } +/*! \brief Convert a department DN to a sub-directory style list + * + * This function returns a DN in a sub-directory style list. + * Examples: + * - ou=1.1.1,ou=limux becomes limux/1.1.1 + * - cn=bla,ou=foo,dc=local becomes foo/bla or foo/bla/local, depending + * on the value for $base. + * + * If the specified DN contains a basedn which either matches + * the specified base or $config->current['BASE'] it is stripped. + * + * \param string 'dn' the subject for the conversion + * \param string 'base' the base dn, default: $this->config->current['BASE'] + * \return a string in the form as described above + */ function convert_department_dn($dn, $base = NULL) { global $config; @@ -1156,7 +1363,7 @@ function convert_department_dn($dn, $base = NULL) $dep= ""; - foreach (split(',', $dn) as $rdn){ + foreach (explode(',', $dn) as $rdn){ $dep = preg_replace("/^[^=]+=/","",$rdn)."/".$dep; } @@ -1165,100 +1372,112 @@ function convert_department_dn($dn, $base = NULL) } -/* Strip off the last sub department part of a '/level1/level2/.../' - * style value. It removes the trailing '/', too. */ +/*! \brief Return the last sub department part of a '/level1/level2/.../' style value. + * + * Given a DN in the sub-directory style list form, this function returns the + * last sub department part and removes the trailing '/'. + * + * Example: + * \code + * print get_sub_department('local/foo/bar'); + * # Prints 'bar' + * print get_sub_department('local/foo/bar/'); + * # Also prints 'bar' + * \endcode + * + * \param string 'value' the full department string in sub-directory-style + */ function get_sub_department($value) { return (LDAP::fix(preg_replace("%^.*/([^/]+)/?$%", "\\1", $value))); } -function get_ou($name) -{ - global $config; +/*! \brief Get the OU of a certain RDN + * + * Given a certain RDN name (ogroupRDN, applicationRDN etc.) this + * function returns either a configured OU or the default + * for the given RDN. + * + * Example: + * \code + * # Determine LDAP base where systems are stored + * $base = get_ou("systemManagement", "systemRDN") . $this->config->current['BASE']; + * $ldap->cd($base); + * \endcode + * */ +function get_ou($class,$name) +{ + global $config; + + if(!$config->configRegistry->propertyExists($class,$name)){ + trigger_error("No department mapping found for type ".$name); + return ""; + } + + $ou = $config->configRegistry->getPropertyValue($class,$name); + if ($ou != ""){ + if (!preg_match('/^[^=]+=[^=]+/', $ou)){ + $ou = @LDAP::convert("ou=$ou"); + } else { + $ou = @LDAP::convert("$ou"); + } - $map = array( - "roleRDN" => "ou=roles,", - "ogroupRDN" => "ou=groups,", - "applicationRDN" => "ou=apps,", - "systemRDN" => "ou=systems,", - "serverRDN" => "ou=servers,ou=systems,", - "terminalRDN" => "ou=terminals,ou=systems,", - "workstationRDN" => "ou=workstations,ou=systems,", - "printerRDN" => "ou=printers,ou=systems,", - "phoneRDN" => "ou=phones,ou=systems,", - "componentRDN" => "ou=netdevices,ou=systems,", - "sambaMachineAccountRDN" => "ou=winstation,", - - "faxBlocklistRDN" => "ou=gofax,ou=systems,", - "systemIncomingRDN" => "ou=incoming,", - "aclRoleRDN" => "ou=aclroles,", - "phoneMacroRDN" => "ou=macros,ou=asterisk,ou=configs,ou=systems,", - "phoneConferenceRDN" => "ou=conferences,ou=asterisk,ou=configs,ou=systems,", - - "faiBaseRDN" => "ou=fai,ou=configs,ou=systems,", - "faiScriptRDN" => "ou=scripts,", - "faiHookRDN" => "ou=hooks,", - "faiTemplateRDN" => "ou=templates,", - "faiVariableRDN" => "ou=variables,", - "faiProfileRDN" => "ou=profiles,", - "faiPackageRDN" => "ou=packages,", - "faiPartitionRDN"=> "ou=disk,", - - "sudoRDN" => "ou=sudoers,", - - "deviceRDN" => "ou=devices,", - "mimetypeRDN" => "ou=mime,"); - - /* Preset ou... */ - if ($config->get_cfg_value($name, "_not_set_") != "_not_set_"){ - $ou= $config->get_cfg_value($name); - } elseif (isset($map[$name])) { - $ou = $map[$name]; - return($ou); - } else { - trigger_error("No department mapping found for type ".$name); - return ""; - } - - - if ($ou != ""){ - if (!preg_match('/^[^=]+=[^=]+/', $ou)){ - $ou = @LDAP::convert("ou=$ou"); - } else { - $ou = @LDAP::convert("$ou"); - } + if(preg_match("/".preg_quote($config->current['BASE'], '/')."$/",$ou)){ + return($ou); + }else{ + if(!preg_match("/,$/", $ou)){ + return("$ou,"); + }else{ + return($ou); + } + } - if(preg_match("/".preg_quote($config->current['BASE'], '/')."$/",$ou)){ - return($ou); - }else{ - return("$ou,"); + } else { + return ""; } - - } else { - return ""; - } } +/*! \brief Get the OU for users + * + * Frontend for get_ou() with userRDN + * */ function get_people_ou() { - return (get_ou("userRDN")); + return (get_ou("core", "userRDN")); } +/*! \brief Get the OU for groups + * + * Frontend for get_ou() with groupRDN + */ function get_groups_ou() { - return (get_ou("groupRDN")); + return (get_ou("core", "groupRDN")); } +/*! \brief Get the OU for winstations + * + * Frontend for get_ou() with sambaMachineAccountRDN + */ function get_winstations_ou() { - return (get_ou("sambaMachineAccountRDN")); + return (get_ou("wingeneric", "sambaMachineAccountRDN")); } +/*! \brief Return a base from a given user DN + * + * \code + * get_base_from_people('cn=Max Muster,dc=local') + * # Result is 'dc=local' + * \endcode + * + * \param string 'dn' a DN + * */ function get_base_from_people($dn) { global $config; @@ -1275,17 +1494,29 @@ function get_base_from_people($dn) } +/*! \brief Check if strict naming rules are configured + * + * Return TRUE or FALSE depending on weither strictNamingRules + * are configured or not. + * + * \return Returns TRUE if strictNamingRules is set to true or if the + * config object is not available, otherwise FALSE. + */ function strict_uid_mode() { global $config; if (isset($config)){ - return ($config->get_cfg_value("strictNamingRules") == "true"); + return ($config->get_cfg_value("core","strictNamingRules") == "true"); } return (TRUE); } +/*! \brief Get regular expression for checking uids based on the naming + * rules. + * \return string Returns the desired regular expression + */ function get_uid_regexp() { /* STRICT adds spaces and case insenstivity to the uid check. @@ -1298,6 +1529,27 @@ function get_uid_regexp() } +/*! \brief Generate a lock message + * + * This message shows a warning to the user, that a certain object is locked + * and presents some choices how the user can proceed. By default this + * is 'Cancel' or 'Edit anyway', but depending on the function call + * its possible to allow readonly access, too. + * + * Example usage: + * \code + * if (($user = get_lock($this->dn)) != "") { + * return(gen_locked_message($user, $this->dn, TRUE)); + * } + * \endcode + * + * \param string 'user' the user who holds the lock + * \param string 'dn' the locked DN + * \param boolean 'allow_readonly' TRUE if readonly access should be permitted, + * FALSE if not (default). + * + * + */ function gen_locked_message($user, $dn, $allow_readonly = FALSE) { global $plug, $config; @@ -1346,15 +1598,7 @@ function gen_locked_message($user, $dn, $allow_readonly = FALSE) /* Prepare and show template */ $smarty= get_smarty(); $smarty->assign("allow_readonly",$allow_readonly); - if(is_array($dn)){ - $msg = "
";
-    foreach($dn as $sub_dn){
-      $msg .= "\n".$sub_dn.", ";
-    }
-    $msg = preg_replace("/, $/","
",$msg); - }else{ - $msg = $dn; - } + $msg= msgPool::buildList($dn); $smarty->assign ("dn", $msg); if ($remove){ @@ -1362,12 +1606,24 @@ function gen_locked_message($user, $dn, $allow_readonly = FALSE) } else { $smarty->assign ("action", _("Edit anyway")); } - $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry/entries %s"), "".$msg."", "")); + + $smarty->assign ("message", _("These entries are currently locked:"). $msg); return ($smarty->fetch (get_template_path('islocked.tpl'))); } +/*! \brief Return a string/HTML representation of an array + * + * This returns a string representation of a given value. + * It can be used to dump arrays, where every value is printed + * on its own line. The output is targetted at HTML output, it uses + * '
' for line breaks. If the value is already a string its + * returned unchanged. + * + * \param mixed 'value' Whatever needs to be printed. + * \return string + */ function to_string ($value) { /* If this is an array, generate a text blob */ @@ -1383,6 +1639,19 @@ function to_string ($value) } +/*! \brief Return a list of all printers in the current base + * + * Returns an array with the CNs of all printers (objects with + * objectClass gotoPrinter) in the current base. + * ($config->current['BASE']). + * + * Example: + * \code + * $this->printerList = get_printer_list(); + * \endcode + * + * \return array an array with the CNs of the printers as key and value. + * */ function get_printer_list() { global $config; @@ -1395,6 +1664,14 @@ function get_printer_list() } +/*! \brief Function to rewrite some problematic characters + * + * This function takes a string and replaces all possibly characters in it + * with less problematic characters, as defined in $REWRITE. + * + * \param string 's' the string to rewrite + * \return string 's' the result of the rewrite + * */ function rewrite($s) { global $REWRITE; @@ -1407,6 +1684,10 @@ function rewrite($s) } +/*! \brief Return the base of a given DN + * + * \param string 'dn' a DN + * */ function dn2base($dn) { global $config; @@ -1423,7 +1704,14 @@ function dn2base($dn) } - +/*! \brief Check if a given command exists and is executable + * + * Test if a given cmdline contains an executable command. Strips + * arguments from the given cmdline. + * + * \param string 'cmdline' the cmdline to check + * \return TRUE if command exists and is executable, otherwise FALSE. + * */ function check_command($cmdline) { $cmd= preg_replace("/ .*$/", "", $cmdline); @@ -1442,6 +1730,12 @@ function check_command($cmdline) } +/*! \brief Print plugin HTML header + * + * \param string 'image' the path of the image to be used next to the headline + * \param string 'image' the headline + * \param string 'info' additional information to print + */ function print_header($image, $headline, $info= "") { $display= "
\n"; @@ -1461,6 +1755,13 @@ function print_header($image, $headline, $info= "") } +/*! \brief Print page number selector for paged lists + * + * \param int 'dcnt' Number of entries + * \param int 'start' Page to start + * \param int 'range' Number of entries per page + * \param string 'post_var' POST variable to check for range + */ function range_selector($dcnt,$start,$range=25,$post_var=false) { @@ -1568,18 +1869,8 @@ function range_selector($dcnt,$start,$range=25,$post_var=false) } -function apply_filter() -{ - $apply= ""; - - $apply= ''. - '
'. - '
'; - - return ($apply); -} - +/*! \brief Generate HTML for the 'Back' button */ function back_to_main() { $string= '

 ".$ch." "; - - if ($c++ == $count){ - $alphabet.= ""; - $c= 0; - } - } - - /* Fill remaining cells */ - while ($c++ <= $count){ - $alphabet.= " "; - } - - return ($alphabet); -} - - +/*! \brief Removes malicious characters from a (POST) string. */ function validate($string) { return (strip_tags(str_replace('\0', '', $string))); } +/*! \brief Evaluate the current GOsa version from the build in revision string */ function get_gosa_version() { global $svn_revision, $svn_path; @@ -1870,7 +2190,7 @@ function get_gosa_version() /* Release or development? */ if (preg_match('%/gosa/trunk/%', $svn_path)){ - return (sprintf(_("GOsa development snapshot (Rev %s)"), $revision)); + return (sprintf(_("GOsa development snapshot (Rev %s)"), bold($revision))); } else { $release= preg_replace('%^.*/([^/]+)/include/functions.inc.*$%', '\1', $svn_path); return (sprintf(_("GOsa $release"), $revision)); @@ -1878,6 +2198,15 @@ function get_gosa_version() } +/*! \brief Recursively delete a path in the file system + * + * Will delete the given path and all its files recursively. + * Can also follow links if told so. + * + * \param string 'path' + * \param boolean 'followLinks' TRUE to follow links, FALSE (default) + * for not following links + */ function rmdirRecursive($path, $followLinks=false) { $dir= opendir($path); while($entry= readdir($dir)) { @@ -1892,6 +2221,14 @@ function rmdirRecursive($path, $followLinks=false) { } +/*! \brief Get directory content information + * + * Returns the content of a directory as an array in an + * ascended sorted manner. + * + * \param string 'path' + * \param boolean weither to sort the content descending. + */ function scan_directory($path,$sort_desc=false) { $ret = false; @@ -1926,6 +2263,7 @@ function scan_directory($path,$sort_desc=false) } +/*! \brief Clean the smarty compile dir */ function clean_smarty_compile_dir($directory) { global $svn_revision; @@ -1949,7 +2287,7 @@ function clean_smarty_compile_dir($directory) is_writable($directory."/".$file)) { // delete file if(!unlink($directory."/".$file)) { - msg_dialog::display(_("Internal error"), sprintf(_("File '%s' could not be deleted."), $directory."/".$file), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), sprintf(_("File %s cannot be deleted!"), bold($directory."/".$file)), ERROR_DIALOG); // This should never be reached } } elseif(is_dir($directory."/".$file) && @@ -1983,7 +2321,7 @@ function create_revision($revision_file, $revision) } fclose($fh); } else { - msg_dialog::display(_("Internal error"), _("Cannot write to revision file!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG); } return $result; @@ -2003,7 +2341,7 @@ function compare_revision($revision_file, $revision) $result= true; } } else { - msg_dialog::display(_("Internal error"), _("Cannot write to revision file!"), ERROR_DIALOG); + msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG); } // Close file fclose($fh); @@ -2013,12 +2351,90 @@ function compare_revision($revision_file, $revision) } -function progressbar($percentage,$width=100,$height=15,$showvalue=false) -{ - return(""); +/*! \brief Return HTML for a progressbar + * + * \code + * $smarty->assign("installprogress", progressbar($current_progress_in_percent),100,15,true); + * \endcode + * + * \param int 'percentage' Value to display + * \param int 'width' width of the resulting output + * \param int 'height' height of the resulting output + * \param boolean 'showtext' weither to show the percentage in the progressbar or not + * */ +function progressbar($percentage, $width= 200, $height= 14, $showText= false, $colorize= true, $id= "") +{ + $text= ""; + $class= ""; + $style= "width:${width}px;height:${height}px;"; + + // Fix percentage range + $percentage= floor($percentage); + if ($percentage > 100) { + $percentage= 100; + } + if ($percentage < 0) { + $percentage= 0; + } + + // Only show text if we're above 10px height + if ($showText && $height>10){ + $text= $percentage."%"; + } + + // Set font size + $style.= "font-size:".($height-3)."px;"; + + // Set color + if ($colorize){ + if ($percentage < 70) { + $class= " progress-low"; + } elseif ($percentage < 80) { + $class= " progress-mid"; + } elseif ($percentage < 90) { + $class= " progress-high"; + } else { + $class= " progress-full"; + } + } + + // Apply gradients + $hoffset= floor($height / 2) + 4; + $woffset= floor(($width+5) * (100-$percentage) / 100); + foreach (array("-moz-box-shadow", "-webkit-box-shadow", "box-shadow") as $type) { + $style.="$type: + 0 0 2px rgba(255, 255, 255, 0.4) inset, + 0 4px 6px rgba(255, 255, 255, 0.4) inset, + 0 ".$hoffset."px 0 -2px rgba(255, 255, 255, 0.2) inset, + -".$woffset."px 0 0 -2px rgba(255, 255, 255, 0.2) inset, + -".($woffset+1)."px 0 0 -2px rgba(0, 0, 0, 0.6) inset, + 0pt ".($hoffset+1)."px 8px rgba(0, 0, 0, 0.3) inset, + 0pt 1px 0px rgba(0, 0, 0, 0.2);"; + } + + // Set ID + if ($id != ""){ + $id= "id='$id'"; + } + + return "

$text
"; } +/*! \brief Lookup a key in an array case-insensitive + * + * Given an associative array this can lookup the value of + * a certain key, regardless of the case. + * + * \code + * $items = array ('FOO' => 'blub', 'bar' => 'blub'); + * array_key_ics('foo', $items); # Returns 'blub' + * array_key_ics('BAR', $items); # Returns 'blub' + * \endcode + * + * \param string 'key' needle + * \param array 'items' haystack + */ function array_key_ics($ikey, $items) { $tmp= array_change_key_case($items, CASE_LOWER); @@ -2031,6 +2447,12 @@ function array_key_ics($ikey, $items) } +/*! \brief Determine if two arrays are different + * + * \param array 'src' + * \param array 'dst' + * \return boolean TRUE or FALSE + * */ function array_differs($src, $dst) { /* If the count is differing, the arrays differ */ @@ -2069,27 +2491,14 @@ function saveFilter($a_filter, $values) } -/* Escape all LDAP filter relevant characters */ +/*! \brief Escape all LDAP filter relevant characters */ function normalizeLdap($input) { return (addcslashes($input, '()|')); } -/* Resturns the difference between to microtime() results in float */ -function get_MicroTimeDiff($start , $stop) -{ - $a = split("\ ",$start); - $b = split("\ ",$stop); - - $secs = $b[1] - $a[1]; - $msecs= $b[0] - $a[0]; - - $ret = (float) ($secs+ $msecs); - return($ret); -} - - +/*! \brief Return the gosa base directory */ function get_base_dir() { global $BASE_DIR; @@ -2098,6 +2507,7 @@ function get_base_dir() } +/*! \brief Test weither we are allowed to read the object */ function obj_is_readable($dn, $object, $attribute) { global $ui; @@ -2106,6 +2516,7 @@ function obj_is_readable($dn, $object, $attribute) } +/*! \brief Test weither we are allowed to change the object */ function obj_is_writable($dn, $object, $attribute) { global $ui; @@ -2114,6 +2525,16 @@ function obj_is_writable($dn, $object, $attribute) } +/*! \brief Explode a DN into its parts + * + * Similar to explode (http://php.net/explode), but a bit more specific + * for the needs when splitting, exploding LDAP DNs. + * + * \param string 'dn' the DN to split + * \param config-object a config object. only neeeded if DN shall be verified in the LDAP + * \param boolean verify_in_ldap check weither DN is valid + * + */ function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false) { /* Initialize variables */ @@ -2178,10 +2599,10 @@ function get_base_from_hook($dn, $attrib) { global $config; - if ($config->get_cfg_value("baseIdHook") != ""){ + if ($config->get_cfg_value("core","baseIdHook") != ""){ /* Call hook script - if present */ - $command= $config->get_cfg_value("baseIdHook"); + $command= $config->get_cfg_value("core","baseIdHook"); if ($command != ""){ $command.= " '".LDAP::fix($dn)."' $attrib"; @@ -2192,29 +2613,31 @@ function get_base_from_hook($dn, $attrib) return ($output[0]); } else { msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG); - return ($config->get_cfg_value("uidNumberBase")); + return ($config->get_cfg_value("core","uidNumberBase")); } } else { msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG); - return ($config->get_cfg_value("uidNumberBase")); + return ($config->get_cfg_value("core","uidNumberBase")); } } else { msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG); - return ($config->get_cfg_value("uidNumberBase")); + return ($config->get_cfg_value("core","uidNumberBase")); } } } +/*! \brief Check if schema version matches the requirements */ function check_schema_version($class, $version) { return preg_match("/\(v$version\)/", $class['DESC']); } +/*! \brief Check if LDAP schema matches the requirements */ function check_schema($cfg,$rfc2307bis = FALSE) { $messages= array(); @@ -2223,7 +2646,7 @@ function check_schema($cfg,$rfc2307bis = FALSE) $ldap = new ldapMultiplexer(new LDAP($cfg['admin'],$cfg['password'],$cfg['connection'] ,FALSE, $cfg['tls'])); $objectclasses = $ldap->get_objectclasses(); if(count($objectclasses) == 0){ - msg_dialog::display(_("LDAP warning"), _("Cannot get schema information from server. No schema check possible!"), WARNING_DIALOG); + msg_dialog::display(_("Warning"), _("Cannot read schema information from LDAP. Schema validation is not possible!"), WARNING_DIALOG); } /* This is the default block used for each entry. @@ -2235,28 +2658,28 @@ function check_schema($cfg,$rfc2307bis = FALSE) "STATUS" => FALSE, "IS_MUST_HAVE" => FALSE, "MSG" => "", - "INFO" => "");#_("There is currently no information specified for this schema extension.")); + "INFO" => ""); /* The gosa base schema */ $checks['gosaObject'] = $def_check; $checks['gosaObject']['REQUIRED_VERSION'] = "2.6.1"; - $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema"); + $checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema"); $checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject"); $checks['gosaObject']['IS_MUST_HAVE'] = TRUE; /* GOsa Account class */ $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6"; - $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema"); + $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema"); $checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount"); $checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE; - $checks["gosaAccount"]["INFO"] = _("Used to store account specific informations."); + $checks["gosaAccount"]["INFO"] = _("This class is used to make users appear in GOsa."); /* GOsa lock entry, used to mark currently edited objects as 'in use' */ $checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.6.1"; - $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema","gosa-samba2.schema"); + $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema"); $checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry"); $checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE; - $checks["gosaLockEntry"]["INFO"] = _("Used to lock currently edited entries to avoid multiple changes at the same time."); + $checks["gosaLockEntry"]["INFO"] = _("This class is used to lock entries in order to prevent multiple edits at a time."); /* Some other checks */ foreach(array( @@ -2301,18 +2724,18 @@ function check_schema($cfg,$rfc2307bis = FALSE) if(!isset($objectclasses[$name])){ if($value['IS_MUST_HAVE']){ $checks[$name]['STATUS'] = FALSE; - $checks[$name]['MSG'] = sprintf(_("Missing required object class '%s'!"),$class); + $checks[$name]['MSG'] = sprintf(_("Required object class %s is missing!"), bold($class)); } else { $checks[$name]['STATUS'] = TRUE; - $checks[$name]['MSG'] = sprintf(_("Missing optional object class '%s'!"),$class); + $checks[$name]['MSG'] = sprintf(_("Optional object class %s is missing!"), bold($class)); } }elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){ $checks[$name]['STATUS'] = FALSE; - $checks[$name]['MSG'] = sprintf(_("Version mismatch for required object class '%s' (!=%s)!"), $class, $value['REQUIRED_VERSION']); + $checks[$name]['MSG'] = sprintf(_("Wrong version of required object class %s (!=%s) detected!"), bold($class), bold($value['REQUIRED_VERSION'])); }else{ $checks[$name]['STATUS'] = TRUE; - $checks[$name]['MSG'] = sprintf(_("Class(es) available")); + $checks[$name]['MSG'] = sprintf(_("Class available")); } } } @@ -2334,13 +2757,13 @@ function check_schema($cfg,$rfc2307bis = FALSE) if($rfc2307bis && isset($tmp['posixGroup']['STRUCTURAL'])){ $checks['posixGroup']['STATUS'] = FALSE; - $checks['posixGroup']['MSG'] = _("You have enabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option."); - $checks['posixGroup']['INFO'] = _("In order to use rfc2307bis conform groups the objectClass 'posixGroup' must be AUXILIARY"); + $checks['posixGroup']['MSG'] = _("RFC 2307bis group schema is enabled, but the current LDAP configuration does not support it!"); + $checks['posixGroup']['INFO'] = _("To use RFC 2307bis groups, the objectClass 'posixGroup' must be AUXILIARY."); } if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){ $checks['posixGroup']['STATUS'] = FALSE; - $checks['posixGroup']['MSG'] = _("Your schema is configured to support the rfc2307bis group, but you have disabled this option on the 'ldap setup' step."); - $checks['posixGroup']['INFO'] = _("The objectClass 'posixGroup' must be STRUCTURAL"); + $checks['posixGroup']['MSG'] = _("RFC 2307bis group schema is disabled, but the current LDAP configuration supports it!"); + $checks['posixGroup']['INFO'] = _("To correct this, the objectClass 'posixGroup' must be STRUCTURAL."); } } @@ -2358,6 +2781,7 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA "en_US" => "English", "nl_NL" => "Dutch", "pl_PL" => "Polish", + "pt_BR" => "Brazilian Portuguese", #"sv_SE" => "Swedish", "zh_CN" => "Chinese", "vi_VN" => "Vietnamese", @@ -2371,6 +2795,7 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA "en_US" => _("English"), "nl_NL" => _("Dutch"), "pl_PL" => _("Polish"), + "pt_BR" => _("Brazilian Portuguese"), #"sv_SE" => _("Swedish"), "zh_CN" => _("Chinese"), "vi_VN" => _("Vietnamese"), @@ -2413,22 +2838,30 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA } -/* Returns contents of the given POST variable and check magic quotes settings */ +/*! \brief Returns contents of the given POST variable and check magic quotes settings + * + * Depending on the magic quotes settings this returns a stripclashed'ed version of + * a certain POST variable. + * + * \param string 'name' the POST var to return ($_POST[$name]) + * \return string + * */ function get_post($name) { if(!isset($_POST[$name])){ trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message."); return(FALSE); } + if(get_magic_quotes_gpc()){ - return(stripcslashes($_POST[$name])); + return(stripcslashes(validate($_POST[$name]))); }else{ - return($_POST[$name]); + return(validate($_POST[$name])); } } -/* Return class name in correct case */ +/*! \brief Return class name in correct case */ function get_correct_class_name($cls) { global $class_mapping; @@ -2443,7 +2876,17 @@ function get_correct_class_name($cls) } -// change_password, changes the Password, of the given dn +/*! \brief Change the password of a given DN + * + * Change the password of a given DN with the specified hash. + * + * \param string 'dn' the DN whose password shall be changed + * \param string 'password' the password + * \param int mode + * \param string 'hash' which hash to use to encrypt it, default is empty + * for cleartext storage. + * \return boolean TRUE on success FALSE on error + */ function change_password ($dn, $password, $mode=0, $hash= "") { global $config; @@ -2455,7 +2898,7 @@ function change_password ($dn, $password, $mode=0, $hash= "") // Get all available encryption Methods // NON STATIC CALL :) - $methods = new passwordMethod(session::get('config')); + $methods = new passwordMethod(session::get('config'),$dn); $available = $methods->get_available_methods(); // read current password entry for $dn, to detect the encryption Method @@ -2485,7 +2928,7 @@ function change_password ($dn, $password, $mode=0, $hash= "") } else { // User MD5 by default $hash= "md5"; - $test = new $available['md5']($config); + $test = new $available['md5']($config, $dn); } if($test instanceOf passwordMethod){ @@ -2510,13 +2953,12 @@ function change_password ($dn, $password, $mode=0, $hash= "") // Not for groups if ($mode == 0){ + // Create SMB Password + $attrs= generate_smb_nt_hash($password); if ($shadow != 0){ $attrs['shadowLastChange']= $shadow; } - - // Create SMB Password - $attrs= generate_smb_nt_hash($password); } $attrs['userPassword']= array(); @@ -2541,7 +2983,7 @@ function change_password ($dn, $password, $mode=0, $hash= "") } /* Find postmodify entries for this class */ - $command= $config->search("password", "POSTMODIFY",array('menu')); + $command= $config->get_cfg_value("password","postmodify"); if ($command != ""){ /* Walk through attribute list */ @@ -2552,7 +2994,7 @@ function change_password ($dn, $password, $mode=0, $hash= "") @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute"); exec($command); } else { - $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, "password"); + $message= sprintf(_("Command %s specified as post modify action for plugin %s does not exist!"), bold($command), bold("password")); msg_dialog::display(_("Configuration error"), $message, ERROR_DIALOG); } } @@ -2562,13 +3004,21 @@ function change_password ($dn, $password, $mode=0, $hash= "") } -// Return something like array['sambaLMPassword']= "lalla..." +/*! \brief Generate samba hashes + * + * Given a certain password this constructs an array like + * array['sambaLMPassword'] etc. + * + * \param string 'password' + * \return array contains several keys for lmPassword, ntPassword, pwdLastSet, etc. depending + * on the samba version + */ function generate_smb_nt_hash($password) { global $config; # Try to use gosa-si? - if ($config->get_cfg_value("gosaSupportURI") != ""){ + if ($config->get_cfg_value("core","gosaSupportURI") != ""){ $res= gosaSupportDaemon::send("gosa_gen_smb_hash", "GOSA", array("password" => $password), TRUE); if (isset($res['XML']['HASH'])){ $hash= $res['XML']['HASH']; @@ -2577,11 +3027,11 @@ function generate_smb_nt_hash($password) } if ($hash == "") { - msg_dialog::display(_("Configuration error"), _("Cannot generate samba hash!"), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), _("Cannot generate SAMBA hash!"), ERROR_DIALOG); return (""); } } else { - $tmp= $config->get_cfg_value('sambaHashHook')." ".escapeshellarg($password); + $tmp= $config->get_cfg_value("core",'sambaHashHook')." ".escapeshellarg($password); @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute"); exec($tmp, $ar); @@ -2590,12 +3040,12 @@ function generate_smb_nt_hash($password) $hash= current($ar); if ($hash == "") { - msg_dialog::display(_("Configuration error"), sprintf(_("Cannot generate samba hash: running '%s' failed, check the 'sambaHashHook'!"),$config->get_cfg_value('sambaHashHook')), ERROR_DIALOG); + msg_dialog::display(_("Configuration error"), sprintf(_("Generating SAMBA hash by running %s failed: check %s!"), bold($config->get_cfg_value("core",'sambaHashHook'), bold("sambaHashHook"))), ERROR_DIALOG); return (""); } } - list($lm,$nt)= split (":", trim($hash)); + list($lm,$nt)= explode(":", trim($hash)); $attrs['sambaLMPassword']= $lm; $attrs['sambaNTPassword']= $nt; @@ -2606,6 +3056,16 @@ function generate_smb_nt_hash($password) } +/*! \brief Get the Change Sequence Number of a certain DN + * + * To verify if a given object has been changed outside of Gosa + * in the meanwhile, this function can be used to get the entryCSN + * from the LDAP directory. It uses the attribute as configured + * in modificationDetectionAttribute + * + * \param string 'dn' + * \return either the result or "" in any other case + */ function getEntryCSN($dn) { global $config; @@ -2614,7 +3074,7 @@ function getEntryCSN($dn) } /* Get attribute that we should use as serial number */ - $attr= $config->get_cfg_value("modificationDetectionAttribute"); + $attr= $config->get_cfg_value("core","modificationDetectionAttribute"); if($attr != ""){ $ldap = $config->get_ldap_link(); $ldap->cat($dn,array($attr)); @@ -2627,7 +3087,16 @@ function getEntryCSN($dn) } -/* Add a given objectClass to an attrs entry */ +/*! \brief Add (a) given objectClass(es) to an attrs entry + * + * The function adds the specified objectClass(es) to the given + * attrs entry. + * + * \param mixed 'classes' Either a single objectClass or several objectClasses + * as an array + * \param array 'attrs' The attrs array to be modified. + * + * */ function add_objectClass($classes, &$attrs) { if (is_array($classes)){ @@ -2642,7 +3111,11 @@ function add_objectClass($classes, &$attrs) } -/* Removes a given objectClass from the attrs entry */ +/*! \brief Removes a given objectClass from the attrs entry + * + * Similar to add_objectClass, except that it removes the given + * objectClasses. See it for the params. + * */ function remove_objectClass($classes, &$attrs) { if (isset($attrs['objectClass'])){ @@ -2665,10 +3138,11 @@ function remove_objectClass($classes, &$attrs) } } + /*! \brief Initialize a file download with given content, name and data type. - * @param data String The content to send. - * @param name String The name of the file. - * @param type String The content identifier, default value is "application/octet-stream"; + * \param string data The content to send. + * \param string name The name of the file. + * \param string type The content identifier, default value is "application/octet-stream"; */ function send_binary_content($data,$name,$type = "application/octet-stream") { @@ -2713,8 +3187,8 @@ function reverse_html_entities($str,$type = ENT_QUOTES , $charset = "UTF-8") /*! \brief Encode special string characters so we can use the string in \ HTML output, without breaking quotes. - @param The String we want to encode. - @return The encoded String + \param string The String we want to encode. + \return string The encoded String */ function xmlentities($str) { @@ -2746,8 +3220,8 @@ function xmlentities($str) /*! \brief Updates all accessTo attributes from a given value to a new one. For example if a host is renamed. - @param String $from The source accessTo name. - @param String $to The destination accessTo name. + \param String $from The source accessTo name. + \param String $to The destination accessTo name. */ function update_accessTo($from,$to) { @@ -2780,6 +3254,7 @@ function update_accessTo($from,$to) } +/*! \brief Returns a random char */ function get_random_char () { $randno = rand (0, 63); if ($randno < 12) { @@ -2839,14 +3314,14 @@ function get_next_id($attrib, $dn) { global $config; - switch ($config->get_cfg_value("idAllocationMethod", "traditional")){ + switch ($config->get_cfg_value("core","idAllocationMethod")){ case "pool": return get_next_id_pool($attrib); case "traditional": return get_next_id_traditional($attrib, $dn); } - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG); return null; } @@ -2855,12 +3330,12 @@ function get_next_id_pool($attrib) { global $config; /* Fill informational values */ - $min= $config->get_cfg_value("${attrib}PoolMin", 10000); - $max= $config->get_cfg_value("${attrib}PoolMax", 40000); + $min= $config->get_cfg_value("core","${attrib}PoolMin"); + $max= $config->get_cfg_value("core","${attrib}PoolMax"); /* Sanity check */ if ($min >= $max) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), $attrib), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), bold($attrib), bold($attrib)), ERROR_DIALOG); return null; } @@ -2879,8 +3354,8 @@ function get_next_id_pool($attrib) { /* If it does not exist, create one with these defaults */ if ($ldap->count() == 0) { /* Fill informational values */ - $minUserId= $config->get_cfg_value("uidPoolMin", 10000); - $minGroupId= $config->get_cfg_value("gidPoolMin", 10000); + $minUserId= $config->get_cfg_value("core","uidNumberPoolMin"); + $minGroupId= $config->get_cfg_value("core","gidNumberPoolMin"); /* Add as default */ $attrs= array("objectClass" => array("organizationalUnit", "sambaUnixIdPool")); @@ -2898,7 +3373,7 @@ function get_next_id_pool($attrib) { } /* Bail out if it's not unique */ if ($ldap->count() != 1) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG); return null; } @@ -2910,11 +3385,11 @@ function get_next_id_pool($attrib) { /* Sanity check */ if ($newAttr >= $max) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG); return null; } if ($newAttr < $min) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("no ID available!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG); return null; } @@ -2929,7 +3404,7 @@ function get_next_id_pool($attrib) { $ldap->cd($dn); $ldap->modify(array($attrib => $newAttr)); if ($ldap->error != "Success") { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." ".$ldap->get_error(), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".$ldap->get_error(), ERROR_DIALOG); return null; } else { return $oldAttr; @@ -2938,12 +3413,13 @@ function get_next_id_pool($attrib) { /* Bail out if we had problems getting the next id */ if (!$tries) { - msg_dialog::display(_("Error"), _("Cannot allocate a free ID:")." "._("maximum tries exceeded!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("maximum number of tries exceeded!"), ERROR_DIALOG); } return $id; } + function get_next_id_traditional($attrib, $dn) { global $config; @@ -2969,10 +3445,10 @@ function get_next_id_traditional($attrib, $dn) /* get the ranges */ $tmp = array('0'=> 1000); - if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("uidNumberBase") != ""){ - $tmp= split('-',$config->get_cfg_value("uidNumberBase")); - } elseif($config->get_cfg_value("gidNumberBase") != ""){ - $tmp= split('-',$config->get_cfg_value("gidNumberBase")); + if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("core","uidNumberBase") != ""){ + $tmp= explode('-',$config->get_cfg_value("core","uidNumberBase")); + } elseif($config->get_cfg_value("core","gidNumberBase") != ""){ + $tmp= explode('-',$config->get_cfg_value("core","gidNumberBase")); } /* Set hwm to max if not set - for backward compatibility */ @@ -2983,7 +3459,7 @@ function get_next_id_traditional($attrib, $dn) $hwm= pow(2,32); } /* Find out next free id near to UID_BASE */ - if ($config->get_cfg_value("baseIdHook") == ""){ + if ($config->get_cfg_value("core","baseIdHook") == ""){ $base= $lwm; } else { /* Call base hook */ @@ -2997,11 +3473,109 @@ function get_next_id_traditional($attrib, $dn) /* Should not happen */ if ($id == $hwm){ - msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG); + msg_dialog::display(_("Error"), _("Cannot allocate free ID!"), ERROR_DIALOG); exit; } } +/* Mark the occurance of a string with a span */ +function mark($needle, $haystack, $ignorecase= true) +{ + $result= ""; + + while (preg_match('/^(.*)('.preg_quote($needle).')(.*)$/i', $haystack, $matches)) { + $result.= $matches[1]."".$matches[2].""; + $haystack= $matches[3]; + } + + return $result.$haystack; +} + + +/* Return an image description using the path */ +function image($path, $action= "", $title= "", $align= "middle") +{ + global $config; + global $BASE_DIR; + $label= null; + + // Bail out, if there's no style file + if(!session::global_is_set("img-styles")){ + + // Get theme + if (isset ($config)){ + $theme= $config->get_cfg_value("core","theme"); + } else { + + // Fall back to default theme + $theme= "default"; + } + + if (!file_exists("$BASE_DIR/ihtml/themes/$theme/img.styles")){ + die ("No img.style for this theme found!"); + } + + session::global_set('img-styles', unserialize(file_get_contents("$BASE_DIR/ihtml/themes/$theme/img.styles"))); + } + $styles= session::global_get('img-styles'); + + /* Extract labels from path */ + if (preg_match("/\.png\[(.*)\]$/", $path, $matches)) { + $label= $matches[1]; + } + + $lbl= ""; + if ($label) { + if (isset($styles["images/label-".$label.".png"])) { + $lbl= "
"; + } else { + die("Invalid label specified: $label\n"); + } + + $path= preg_replace("/\[.*\]$/", "", $path); + } + + // Non middle layout? + if ($align == "middle") { + $align= ""; + } else { + $align= ";vertical-align:$align"; + } + + // Clickable image or not? + if ($title != "") { + $title= "title='$title'"; + } + if ($action == "") { + return "
$lbl
"; + } else { + return ""; + } +} + +/*! \brief Encodes a complex string to be useable in HTML posts. + */ +function postEncode($str) +{ + return(preg_replace("/=/","_", base64_encode($str))); +} + +/*! \brief Decodes a string encoded by postEncode + */ +function postDecode($str) +{ + return(base64_decode(preg_replace("/_/","=", $str))); +} + + +/*! \brief Generate styled output + */ +function bold($str) +{ + return "$str"; +} + + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>