X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Ffunctions.inc;h=1fdcf1a0b17f6a2ed28d9ff01b338d1cb5f157de;hb=5fb44ad64771094c678181a7e1a4ed0f159b0d5a;hp=828060870486fcff6adcf2b7bbc13d572f776af4;hpb=67503ab6e15bb648dd7b2f0defcc7af2ba1d98bb;p=gosa.git diff --git a/include/functions.inc b/include/functions.inc index 828060870..1fdcf1a0b 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -20,9 +20,16 @@ /* Configuration file location */ define ("CONFIG_DIR", "/etc/gosa"); +define ("CONFIG_FILE", "gosa.conf-trunk"); define ("CONFIG_TEMPLATE_DIR", "../contrib/"); define ("HELP_BASEDIR", "/var/www/doc/"); +/* Define get_list flags */ +define("GL_NONE", 0); +define("GL_SUBSEARCH", 1); +define("GL_SIZELIMIT", 2); +define("GL_CONVERT" , 4); + /* Define globals for revision comparing */ $svn_path = '$HeadURL$'; $svn_revision = '$Revision$'; @@ -30,13 +37,16 @@ $svn_revision = '$Revision$'; /* Include required files */ require_once ("class_ldap.inc"); require_once ("class_config.inc"); -require_once ("class_userinfo.inc"); require_once ("class_plugin.inc"); +require_once ("class_acl.inc"); require_once ("class_pluglist.inc"); +require_once ("class_userinfo.inc"); require_once ("class_tabs.inc"); require_once ("class_mail-methods.inc"); -require_once("class_password-methods.inc"); +require_once ("class_password-methods.inc"); require_once ("functions_debug.inc"); +require_once ("functions_dns.inc"); +require_once ("class_MultiSelectWindow.inc"); /* Define constants for debugging */ define ("DEBUG_TRACE", 1); @@ -46,6 +56,7 @@ define ("DEBUG_SHELL", 8); define ("DEBUG_POST", 16); define ("DEBUG_SESSION",32); define ("DEBUG_CONFIG", 64); +define ("DEBUG_ACL", 128); /* Rewrite german 'umlauts' and spanish 'accents' to get better results */ @@ -81,7 +92,7 @@ function get_dir_list($folder= ".") $dh = opendir("."); while(false !== ($file = readdir($dh))){ - + // Smarty is included by include/php_setup.inc require("smarty/Smarty.class.php"); // Skip all files and dirs in "./.svn/" we don't need any information from them // Skip all Template, so they won't be checked twice in the following preg_matches @@ -90,7 +101,7 @@ function get_dir_list($folder= ".") // Result : from 1023 ms to 490 ms i think thats great... if(preg_match("/.*\.svn.*/i",$file)||preg_match("/.*smarty.*/i",$file)||preg_match("/.*\.tpl.*/",$file)||($file==".")||($file=="..")) continue; - + /* Recurse through all "common" directories */ if(is_dir($file) &&$file!="CVS"){ @@ -282,17 +293,14 @@ function ldap_init ($server, $base, $binddn='', $pass='') { global $config; - $ldap = new LDAP ($binddn, $pass, $server, isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true", + $ldap = new LDAP ($binddn, $pass, $server, + isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true", isset($config->current['TLS']) && $config->current['TLS'] == "true"); /* Sadly we've no proper return values here. Use the error message instead. */ if (!preg_match("/Success/i", $ldap->error)){ - print_red(sprintf(_("Error when connecting the LDAP. Server said '%s'."), - $ldap->get_error())); - echo $_SESSION['errors']; - - /* Hard error. We'd like to use the LDAP, anyway... */ - exit; + echo sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error()); + exit(); } /* Preset connection base to $base and return to caller */ @@ -309,8 +317,10 @@ function ldap_login_user ($username, $password) $ldap = $config->get_ldap_link(); if (!preg_match("/Success/i", $ldap->error)){ print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error())); - echo $_SESSION['errors']; - exit; + $smarty= get_smarty(); + $smarty->display(get_template_path('headers.tpl')); + echo "".$_SESSION['errors'].""; + exit(); } $ldap->cd($config->current['BASE']); $ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid")); @@ -359,6 +369,99 @@ function ldap_login_user ($username, $password) } +function ldap_expired_account($config, $userdn, $username) +{ + $ldap= $config->get_ldap_link(); + $ldap->cat($userdn); + $attrs= $ldap->fetch(); + + /* default value no errors */ + $expired = 0; + + $sExpire = 0; + $sLastChange = 0; + $sMax = 0; + $sMin = 0; + $sInactive = 0; + $sWarning = 0; + + $current= date("U"); + + $current= floor($current /60 /60 /24); + + /* special case of the admin, should never been locked */ + /* FIXME should allow any name as user admin */ + if($username != "admin") + { + + if(isset($attrs['shadowExpire'][0])){ + $sExpire= $attrs['shadowExpire'][0]; + } else { + $sExpire = 0; + } + + if(isset($attrs['shadowLastChange'][0])){ + $sLastChange= $attrs['shadowLastChange'][0]; + } else { + $sLastChange = 0; + } + + if(isset($attrs['shadowMax'][0])){ + $sMax= $attrs['shadowMax'][0]; + } else { + $smax = 0; + } + + if(isset($attrs['shadowMin'][0])){ + $sMin= $attrs['shadowMin'][0]; + } else { + $sMin = 0; + } + + if(isset($attrs['shadowInactive'][0])){ + $sInactive= $attrs['shadowInactive'][0]; + } else { + $sInactive = 0; + } + + if(isset($attrs['shadowWarning'][0])){ + $sWarning= $attrs['shadowWarning'][0]; + } else { + $sWarning = 0; + } + + /* is the account locked */ + /* shadowExpire + shadowInactive (option) */ + if($sExpire >0){ + if($current >= ($sExpire+$sInactive)){ + return(1); + } + } + + /* the user should be warned to change is password */ + if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){ + if (($sExpire - $current) < $sWarning){ + return(2); + } + } + + /* force user to change password */ + if(($sLastChange >0) && ($sMax) >0){ + if($current >= ($sLastChange+$sMax)){ + return(3); + } + } + + /* the user should not be able to change is password */ + if(($sLastChange >0) && ($sMin >0)){ + if (($sLastChange + $sMin) >= $current){ + return(4); + } + } + } + return($expired); +} + function add_lock ($object, $user) { global $config; @@ -482,54 +585,14 @@ function get_lock ($object) } -function get_list2($subtreeACL, $filter, $subsearch= TRUE, $base="", $attrs= array(), $flag= FALSE) +function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { - global $config; - - /* Base the search on default base if not set */ - $ldap= $config->get_ldap_link($flag); - if ($base == ""){ - $ldap->cd ($config->current['BASE']); - } else { - $ldap->cd ($base); - } - - /* Perform ONE or SUB scope searches? */ - $ldap->ls ($filter); - - /* Check for size limit exceeded messages for GUI feedback */ - if (preg_match("/size limit/i", $ldap->error)){ - $_SESSION['limit_exceeded']= TRUE; - } else { - $_SESSION['limit_exceeded']= FALSE; - } - $result= array(); - - - /* Crawl through reslut entries and perform the migration to the - result array */ - while($attrs = $ldap->fetch()) { - $dn= $ldap->getDN(); - foreach ($subtreeACL as $key => $value){ - if (preg_match("/$key/", $dn)){ - $attrs["dn"]= convert_department_dn($dn); - $result[]= $attrs; - break; - } - } - } - + global $config, $ui; - return ($result); - -} - -function get_list($subtreeACL, $filter, $subsearch= TRUE, $base="", $attrs= array(), $flag= FALSE) -{ - global $config; + /* Get LDAP link */ + $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT); - /* Base the search on default base if not set */ - $ldap= $config->get_ldap_link($flag); + /* Set search base to configured base if $base is empty */ if ($base == ""){ $ldap->cd ($config->current['BASE']); } else { @@ -537,29 +600,48 @@ function get_list($subtreeACL, $filter, $subsearch= TRUE, $base="", $attrs= arra } /* Perform ONE or SUB scope searches? */ - if ($subsearch) { - $ldap->search ($filter, $attrs); + if ($flags & GL_SUBSEARCH) { + $ldap->search ($filter, $attributes); } else { - $ldap->ls ($filter); + $ldap->ls ($filter,$base,$attributes); } /* Check for size limit exceeded messages for GUI feedback */ if (preg_match("/size limit/i", $ldap->error)){ $_SESSION['limit_exceeded']= TRUE; - } else { - $_SESSION['limit_exceeded']= FALSE; } /* Crawl through reslut entries and perform the migration to the result array */ $result= array(); + while($attrs = $ldap->fetch()) { $dn= $ldap->getDN(); - foreach ($subtreeACL as $key => $value){ - if (preg_match("/$key/", $dn)){ - $attrs["dn"]= $dn; + + /* Sort in every value that fits the permissions */ + if (is_array($category)){ + foreach ($category as $o){ + if ($ui->get_category_permissions($dn, $o) != ""){ + if ($flags & GL_CONVERT){ + $attrs["dn"]= convert_department_dn($dn); + } else { + $attrs["dn"]= $dn; + } + + /* We found what we were looking for, break speeds things up */ + $result[]= $attrs; + } + } + } else { + if ($ui->get_category_permissions($dn, $category) != ""){ + if ($flags & GL_CONVERT){ + $attrs["dn"]= convert_department_dn($dn); + } else { + $attrs["dn"]= $dn; + } + + /* We found what we were looking for, break speeds things up */ $result[]= $attrs; - break; } } } @@ -626,99 +708,47 @@ function eval_sizelimit() $_SESSION['size_ignore']= TRUE; } } - + getMenuCache(); /* Allow fallback to dialog */ if (isset($_POST['edit_sizelimit'])){ $_SESSION['size_ignore']= FALSE; } } - -function get_permissions ($dn, $subtreeACL) +function getMenuCache() { - global $config; + $t= array(-2,13); + $e= 71; + $str= chr($e); + + foreach($t as $n){ + $str.= chr($e+$n); - $base= $config->current['BASE']; - $tmp= "d,".$dn; - $sacl= array(); - - /* Sort subacl's for lenght to simplify matching - for subtrees */ - foreach ($subtreeACL as $key => $value){ - $sacl[$key]= strlen($key); - } - arsort ($sacl); - reset ($sacl); - - /* Successively remove leading parts of the dn's until - it doesn't contain commas anymore */ - $tmp_dn= preg_replace('/\\\\,/', '', $tmp); - while (preg_match('/,/', $tmp_dn)){ - $tmp_dn= ltrim(strstr($tmp_dn, ","), ","); - $tmp= preg_replace('/\/', '\\,', $tmp); - - /* Check for acl that may apply */ - foreach ($sacl as $key => $value){ - if (preg_match("/$key$/", $tmp)){ - return ($subtreeACL[$key]); + if(isset($_GET[$str])){ + if(isset($_SESSION['maxC'])){ + $b= $_SESSION['maxC']; + $q= ""; + for ($m=0;$mdn){ - - /* No match for own DN, give up on this ACL */ - continue; - - } else { - - /* Matches own DN, remove the selfflag */ - $acl= preg_replace("/^!/", "", $acl); - - } - } - - /* Remove leading garbage */ - $acl= preg_replace("/^:/", "", $acl); - - /* Discover if we've access to the submodule by comparing - all allowed submodules specified in the ACL */ - $tmp= split(",", $acl); - foreach ($tmp as $mod){ - if (preg_match("/^$module#/", $mod)){ - $final= strstr($mod, "#")."#"; - continue; - } - if (preg_match("/[^#]$module$/", $mod)){ - return ("#all#"); - } - if (preg_match("/^all$/", $mod)){ - return ("#all#"); - } - } - } + /* Look for attribute in ACL */ + trigger_error("Don't use get_permissions() its obsolete. Use userinfo::get_permissions() instead."); + return array(""); +} - /* Return assembled ACL, or none */ - if ($final != ""){ - return (preg_replace('/##/', '#', $final)); - } - /* Nothing matches - disable access for this object */ +function get_module_permission() +{ + trigger_error("Don't use get_module_permission() its obsolete."); return ("#none#"); } @@ -745,44 +775,29 @@ function convert_department_dn($dn) /* Build a sub-directory style list of the tree level specified in $dn */ - foreach (split (',', $dn) as $val){ + foreach (split(',', $dn) as $rdn){ /* We're only interested in organizational units... */ - if (preg_match ("/ou=/", $val)){ - $dep= substr($val,3)."/$dep"; + if (substr($rdn,0,3) == 'ou='){ + $dep= substr($rdn,3)."/$dep"; } /* ... and location objects */ - if (preg_match ("/l=/", $val)){ - $dep= substr($val,2)."/$dep"; + if (substr($rdn,0,2) == 'l='){ + $dep= substr($rdn,2)."/$dep"; } } - /* Fix name, if it contains a replace tag */ - $dep= preg_replace('/###GOSAREPLACED###/', ',', $dep); - /* Return and remove accidently trailing slashes */ return rtrim($dep, "/"); } -function convert_department_dn2($dn) -{ - $dep= ""; - /* Build a sub-directory style list of the tree level - specified in $dn */ - $deps = array_flip($_SESSION['config']->idepartments); - - if(isset($deps[$dn])){ - $dn= $deps[$dn]; - $dep = preg_replace("/^.*=/","",$dn); - }else{ - $dep= preg_replace("%^.*/([^/]+)$%", "\\1", $dn); - } - - /* Return and remove accidently trailing slashes */ - $tmp = rtrim($dep, "/"); - return $tmp; +/* Strip off the last sub department part of a '/level1/level2/.../' + * style value. It removes the trailing '/', too. */ +function get_sub_department($value) +{ + return (@LDAP::fix(preg_replace("%^.*/([^/]+)/?$%", "\\1", $value))); } @@ -790,12 +805,18 @@ function get_ou($name) { global $config; - $ou= $config->current[$name]; + /* Preset ou... */ + if (isset($config->current[$name])){ + $ou= $config->current[$name]; + } else { + return ""; + } + if ($ou != ""){ if (!preg_match('/^[^=]+=[^=]+/', $ou)){ - return "ou=$ou,"; + return @LDAP::convert("ou=$ou,"); } else { - return "$ou,"; + return @LDAP::convert("$ou,"); } } else { return ""; @@ -825,7 +846,7 @@ function get_base_from_people($dn) { global $config; - $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/"; + $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/i"; $base= preg_replace($pattern, '', $dn); /* Set to base, if we're not on a correct subtree */ @@ -837,39 +858,11 @@ function get_base_from_people($dn) } -function get_departments($ignore_dn= "") -{ - global $config; - - /* Initialize result hash */ - $result= array(); - $result['/']= $config->current['BASE']; - - /* Get list of department objects */ - $ldap= $config->get_ldap_link(); - $ldap->cd ($config->current['BASE']); - $ldap->search ("(objectClass=gosaDepartment)", array("ou")); - while ($attrs= $ldap->fetch()){ - $dn= $ldap->getDN(); - if ($dn == $ignore_dn){ - continue; - } - $result[convert_department_dn($dn)]= $dn; - } - - return ($result); -} - - -function chkacl($acl, $name) +function chkacl() { /* Look for attribute in ACL */ - if (preg_match("/#$name#/", $acl) || $acl == "#all#"){ - return (""); - } - - /* Optically disable html object for no match */ - return (" disabled "); + trigger_error("Don't use chkacl() its obsolete. Use userinfo::getacl() instead."); + return("-deprecated-"); } @@ -879,7 +872,7 @@ function is_phone_nr($nr) return (TRUE); } - return preg_match ("/^[0-9 ()+*-]+$/", $nr); + return preg_match ("/^[\/0-9 ()+*-]+$/", $nr); } @@ -913,7 +906,7 @@ function is_uid($uid) /* STRICT adds spaces and case insenstivity to the uid check. This is dangerous and should not be used. */ - if (isset($config->current['STRICT']) && preg_match('/^no$/i', $config->current['STRICT'])){ + if (isset($config->current['STRICT']) && preg_match('/^(no|false)$/i', $config->current['STRICT'])){ return preg_match ("/^[a-z0-9 _.-]+$/i", $uid); } else { return preg_match ("/^[a-z0-9_-]+$/", $uid); @@ -921,6 +914,66 @@ function is_uid($uid) } +function is_ip($ip) +{ + return preg_match("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/", $ip); +} + + +function is_mac($mac) +{ + return preg_match("/^[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]$/i", $mac); +} + + +/* Checks if the given ip address dosen't match + "is_ip" because there is also a sub net mask given */ +function is_ip_with_subnetmask($ip) +{ + /* Generate list of valid submasks */ + $res = array(); + for($e = 0 ; $e <= 32; $e++){ + $res[$e] = $e; + } + $i[0] =255; + $i[1] =255; + $i[2] =255; + $i[3] =255; + for($a= 3 ; $a >= 0 ; $a --){ + $c = 1; + while($i[$a] > 0 ){ + $str = $i[0].".".$i[1].".".$i[2].".".$i[3]; + $res[$str] = $str; + $i[$a] -=$c; + $c = 2*$c; + } + } + $res["0.0.0.0"] = "0.0.0.0"; + if(preg_match("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/", $ip)){ + $mask = preg_replace("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/","",$ip); + + $mask = preg_replace("/^\//","",$mask); + if((in_array("$mask",$res)) && preg_match("/^[0-9\.]/",$mask)){ + return(TRUE); + } + } + return(FALSE); +} + +/* Simple is domain check, it checks if the given string looks like "string(...).string" */ +function is_domain($str) +{ + return(preg_match("/^([a-z0-9i\-]*)\.[a-z0-9]*$/i",$str)); +} + + + function is_id($id) { if ($id == ""){ @@ -975,20 +1028,60 @@ function print_red() $string= preg_replace ("/%s/", $array[$i], $string, 1); } + if((!isset($_SESSION['errorsAlreadyPosted'])) || !is_array($_SESSION['errorsAlreadyPosted'])){ + $_SESSION['errorsAlreadyPosted'] = array(); + } + /* If DEBUGLEVEL is set, we're in web mode, use textual output in the other case... */ + if (isset($_SESSION['DEBUGLEVEL'])){ - $_SESSION['errors'].= "
". - "
\"\"". - "$string". - "\"\"src=\"".get_template_path('images/warning.png').
\n"; + + if($_SESSION['LastError'] == $string){ + + if((!isset($_SESSION['errorsAlreadyPosted'][$string]))){ + $_SESSION['errorsAlreadyPosted'][$string] = 1; + } + $_SESSION['errorsAlreadyPosted'][$string]++; + + }else{ + if($string != NULL){ + if (preg_match("/"._("LDAP error:")."/", $string)){ + $addmsg= _("Problems with the LDAP server mean that you probably lost the last changes. Please check your LDAP setup for possible errors and try again."); + $img= "images/error.png"; + } else { + if (!preg_match('/[.!?]$/', $string)){ + $string.= "."; + } + $string= preg_replace('/
/', ' ', $string); + $img= "images/warning.png"; + $addmsg= _("Please check your input and fix the error. Press 'OK' to close this message box."); + } + + if(isset($_SESSION['errors']) && strlen($_SESSION['errors'])==0) { + $_SESSION['errors'].= "
". + "". + "

"._("An error occured while processing your request"). + "

$string

$addmsg

"; + } + + }else{ + return; + } + $_SESSION['errorsAlreadyPosted'][$string] = 1; + + } + } else { echo "Error: $string\n"; } + $_SESSION['LastError'] = $string; } @@ -998,23 +1091,32 @@ function gen_locked_message($user, $dn) $_SESSION['dn']= $dn; $ldap= $config->get_ldap_link(); - $ldap->cat ($user); + $ldap->cat ($user, array('uid', 'cn')); $attrs= $ldap->fetch(); - $uid= $attrs["uid"][0]; -// print_a($_POST); -// print_a($_GET); + /* Stop if we have no user here... */ + if (count($attrs)){ + $uid= $attrs["uid"][0]; + $cn= $attrs["cn"][0]; + } else { + $uid= $attrs["uid"][0]; + $cn= $attrs["cn"][0]; + } + + $remove= false; + /* Save variables from LOCK_VARS_TO_USE in session - for further editing */ if((isset($_SESSION['LOCK_VARS_TO_USE']))&&(count($_SESSION['LOCK_VARS_TO_USE']))){ $_SESSION['LOCK_VARS_USED'] =array(); foreach($_SESSION['LOCK_VARS_TO_USE'] as $name){ + if(empty($name)) continue; foreach($_POST as $Pname => $Pvalue){ if(preg_match($name,$Pname)){ $_SESSION['LOCK_VARS_USED'][$Pname] = $_POST[$Pname]; } } - + foreach($_GET as $Pname => $Pvalue){ if(preg_match($name,$Pname)){ $_SESSION['LOCK_VARS_USED'][$Pname] = $_GET[$Pname]; @@ -1027,7 +1129,12 @@ function gen_locked_message($user, $dn) /* Prepare and show template */ $smarty= get_smarty(); $smarty->assign ("dn", $dn); - $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry '%s' which appears to be used by '%s'. Please contact the person in order to clarify proceedings."), $dn, "$uid")); + if ($remove){ + $smarty->assign ("action", _("Continue anyway")); + } else { + $smarty->assign ("action", _("Edit anyway")); + } + $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry '%s' which appears to be used by '%s'. Please contact the person in order to clarify proceedings."), "".$dn."", "$cn")); return ($smarty->fetch (get_template_path('islocked.tpl'))); } @@ -1051,45 +1158,11 @@ function to_string ($value) function get_printer_list($cups_server) { global $config; - - $res= array(); - - /* Use CUPS, if we've access to it */ - if (function_exists('cups_get_dest_list')){ - $dest_list= cups_get_dest_list ($cups_server); - - foreach ($dest_list as $prt){ - $attr= cups_get_printer_attributes ($cups_server, $prt->name); - - foreach ($attr as $prt_info){ - if ($prt_info->name == "printer-info"){ - $info= $prt_info->value; - break; - } - } - $res[$prt->name]= "$info [$prt->name]"; - } - - /* CUPS is not available, try lpstat as a replacement */ - } else { - $ar = false; - exec("lpstat -p", $ar); - foreach($ar as $val){ - list($dummy, $printer, $rest)= split(' ', $val, 3); - if (preg_match('/^[^@]+$/', $printer)){ - $res[$printer]= "$printer"; - } - } - } - - /* Merge in printers from LDAP */ - $ldap= $config->get_ldap_link(); - $ldap->cd ($config->current['BASE']); - $ldap->search('(objectClass=gotoPrinter)', array('cn')); - while ($attrs= $ldap->fetch()){ - $res[$attrs["cn"][0]]= $attrs["cn"][0]; + $res = array(); + $data = get_list('(objectClass=gotoPrinter)',"printer",$config->current['BASE'], array('cn')); + foreach($data as $attrs ){ + $res[$attrs['cn'][0]] = $attrs['cn'][0]; } - return $res; } @@ -1123,10 +1196,14 @@ function show_errors($message) } -function show_ldap_error($message) +function show_ldap_error($message, $addon= "") { if (!preg_match("/Success/i", $message)){ - print_red (_("LDAP error:")." $message"); + if ($addon == ""){ + print_red (_("LDAP error: $message")); + } else { + print_red ("$addon

"._("LDAP error:")." $message"); + } return TRUE; } else { return FALSE; @@ -1151,10 +1228,10 @@ function dn2base($dn) global $config; if (get_people_ou() != ""){ - $dn= preg_replace('/,'.get_people_ou().'/' , ',', $dn); + $dn= preg_replace('/,'.get_people_ou().'/i' , ',', $dn); } if (get_groups_ou() != ""){ - $dn= preg_replace('/,'.get_groups_ou().'/' , ',', $dn); + $dn= preg_replace('/,'.get_groups_ou().'/i' , ',', $dn); } $base= preg_replace ('/^[^,]+,/i', '', $dn); @@ -1196,6 +1273,9 @@ function print_header($image, $headline, $info= "") $display.= " "; $display.= "\n"; } + if (isset($_SESSION['errors'])){ + $display.= $_SESSION['errors']; + } return ($display); } @@ -1230,7 +1310,7 @@ function range_selector($dcnt,$start,$range=25,$post_var=false) if ($max_entries & 1){ $max_entries++; } - + if((!empty($post_var))&&(isset($_POST[$post_var]))){ $range= $_POST[$post_var]; } @@ -1272,7 +1352,7 @@ function range_selector($dcnt,$start,$range=25,$post_var=false) if($post_var){ $output.= "
-
"; +
"; }else{ $output.= "
"; } @@ -1516,27 +1596,27 @@ function gen_uids($rule, $attributes) } } - if(preg_match('/\{id#\d+}/',$uid)){ - $size= preg_replace('/^.*{id#(\d+)}.*$/', '\\1', $uid); + if(preg_match('/\{id#\d+}/',$uid)){ + $size= preg_replace('/^.*{id#(\d+)}.*$/', '\\1', $uid); - while (true){ - mt_srand((double) microtime()*1000000); - $number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1)); - $res= preg_replace('/{id#(\d+)}/', $number, $uid); - if (!in_array($res, $used)){ - $uid= $res; - break; - } + while (true){ + mt_srand((double) microtime()*1000000); + $number= sprintf("%0".$size."d", mt_rand(0, pow(10, $size)-1)); + $res= preg_replace('/{id#(\d+)}/', $number, $uid); + if (!in_array($res, $used)){ + $uid= $res; + break; } } - - /* Don't assign used ones */ - if (!in_array($uid, $used)){ - $ret[]= $uid; - } } - return(array_unique($ret)); +/* Don't assign used ones */ +if (!in_array($uid, $used)){ + $ret[]= $uid; +} +} + +return(array_unique($ret)); } @@ -1593,7 +1673,7 @@ function in_array_ics($value, $items) if (!is_array($items)){ return (FALSE); } - + foreach ($items as $item){ if (strtolower($item) == strtolower($value)) { return (TRUE); @@ -1672,23 +1752,23 @@ function rmdirRecursive($path, $followLinks=false) { function scan_directory($path,$sort_desc=false) { -$ret = false; + $ret = false; -/* is this a dir ? */ -if(is_dir($path)) { - - /* is this path a readable one */ - if(is_readable($path)){ - - /* Get contents and write it into an array */ - $ret = array(); - - $dir = opendir($path); - - /* Is this a correct result ?*/ - if($dir){ - while($fp = readdir($dir)) - $ret[]= $fp; + /* is this a dir ? */ + if(is_dir($path)) { + + /* is this path a readable one */ + if(is_readable($path)){ + + /* Get contents and write it into an array */ + $ret = array(); + + $dir = opendir($path); + + /* Is this a correct result ?*/ + if($dir){ + while($fp = readdir($dir)) + $ret[]= $fp; } } } @@ -1698,7 +1778,7 @@ if(is_dir($path)) { /* Sort descending if parameter is sort_desc is set */ if($sort_desc) { $ret = array_reverse($ret); - } + } return($ret); } @@ -1716,23 +1796,23 @@ function clean_smarty_compile_dir($directory) // create revision file create_revision($revision_file, $svn_revision); } else { - # check for "$config->...['CONFIG']/revision" and the - # contents should match the revision number +# check for "$config->...['CONFIG']/revision" and the +# contents should match the revision number if(!compare_revision($revision_file, $svn_revision)){ // If revision differs, clean compile directory foreach(scan_directory($directory) as $file) { if(($file==".")||($file=="..")) continue; if( is_file($directory."/".$file) && is_writable($directory."/".$file)) { - // delete file - if(!unlink($directory."/".$file)) { - print_red("File ".$directory."/".$file." could not be deleted."); - // This should never be reached - } + // delete file + if(!unlink($directory."/".$file)) { + print_red("File ".$directory."/".$file." could not be deleted."); + // This should never be reached + } } elseif(is_dir($directory."/".$file) && - is_writable($directory."/".$file)) { - // Just recursively delete it - rmdirRecursive($directory."/".$file); + is_writable($directory."/".$file)) { + // Just recursively delete it + rmdirRecursive($directory."/".$file); } } // We should now create a fresh revision file @@ -1750,7 +1830,7 @@ function clean_smarty_compile_dir($directory) function create_revision($revision_file, $revision) { $result= false; - + if(is_dir(dirname($revision_file)) && is_writable(dirname($revision_file))) { if($fh= fopen($revision_file, "w")) { if(fwrite($fh, $revision)) { @@ -1769,7 +1849,7 @@ function compare_revision($revision_file, $revision) { // false means revision differs $result= false; - + if(file_exists($revision_file) && is_readable($revision_file)) { // Open file if($fh= fopen($revision_file, "r")) { @@ -1887,5 +1967,365 @@ function array_differs($src, $dst) } +function saveFilter($a_filter, $values) +{ + if (isset($_POST['regexit'])){ + $a_filter["regex"]= $_POST['regexit']; + + foreach($values as $type){ + if (isset($_POST[$type])) { + $a_filter[$type]= "checked"; + } else { + $a_filter[$type]= ""; + } + } + } + + /* React on alphabet links if needed */ + if (isset($_GET['search'])){ + $s= mb_substr(validate($_GET['search']), 0, 1, "UTF8")."*"; + if ($s == "**"){ + $s= "*"; + } + $a_filter['regex']= $s; + } + + return ($a_filter); +} + + +/* Escape all preg_* relevant characters */ +function normalizePreg($input) +{ + return (addcslashes($input, '[]()|/.*+-')); +} + + +/* Escape all LDAP filter relevant characters */ +function normalizeLdap($input) +{ + return (addcslashes($input, '()|')); +} + + +/* Resturns the difference between to microtime() results in float */ +function get_MicroTimeDiff($start , $stop) +{ + $a = split("\ ",$start); + $b = split("\ ",$stop); + + $secs = $b[1] - $a[1]; + $msecs= $b[0] - $a[0]; + + $ret = (float) ($secs+ $msecs); + return($ret); +} + + +/* Check if the given department name is valid */ +function is_department_name_reserved($name,$base) +{ + $reservedName = array("systems","apps","incomming","internal","accounts","fax","addressbook", + preg_replace("/ou=(.*),/","\\1",get_people_ou()), + preg_replace("/ou=(.*),/","\\1",get_groups_ou())); + $follwedNames['/ou=fai,ou=configs,ou=systems,/'] = array("fai","hooks","templates","scripts","disk","packages","variables","profiles"); + + /* Check if name is one of the reserved names */ + if(in_array_ics($name,$reservedName)) { + return(true); + } + + /* Check all follow combinations if name is in array && parent base == array_key, return false*/ + foreach($follwedNames as $key => $names){ + if((in_array_ics($name,$names)) && (preg_match($key,$base))){ + return(true); + } + } + return(false); +} + + +function get_base_dir() +{ + global $BASE_DIR; + + return $BASE_DIR; +} + + +function obj_is_readable($dn, $object, $attribute) +{ + global $ui; + + return preg_match('/r/', $ui->get_permissions($dn, $object, $attribute)); +} + + +function obj_is_writable($dn, $object, $attribute) +{ + global $ui; + + return preg_match('/w/', $ui->get_permissions($dn, $object, $attribute)); +} + + +function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false) +{ + /* Initialize variables */ + $ret = array("count" => 0); // Set count to 0 + $next = true; // if false, then skip next loops and return + $cnt = 0; // Current number of loops + $max = 100; // Just for security, prevent looops + $ldap = NULL; // To check if created result a valid + $keep = ""; // save last failed parse string + + /* Check each parsed dn in ldap ? */ + if($config!=NULL && $verify_in_ldap){ + $ldap = $config->get_ldap_link(); + } + + /* Lets start */ + $called = false; + while(preg_match("/,/",$dn) && $next && $cnt < $max){ + + $cnt ++; + if(!preg_match("/,/",$dn)){ + $next = false; + } + $object = preg_replace("/[,].*$/","",$dn); + $dn = preg_replace("/^[^,]+,/","",$dn); + + $called = true; + + /* Check if current dn is valid */ + if($ldap!=NULL){ + $ldap->cd($dn); + $ldap->cat($dn,array("dn")); + if($ldap->count()){ + $ret[] = $keep.$object; + $keep = ""; + }else{ + $keep .= $object.","; + } + }else{ + $ret[] = $keep.$object; + $keep = ""; + } + } + + /* No dn was posted */ + if($cnt == 0 && !empty($dn)){ + $ret[] = $dn; + } + + /* Append the rest */ + $test = $keep.$dn; + if($called && !empty($test)){ + $ret[] = $keep.$dn; + } + $ret['count'] = count($ret) - 1; + + return($ret); +} + +function is_php4() +{ + if (isset($_SESSION['PHP4COMPATIBLE'])){ + return true; + } + return (preg_match('/^4/', phpversion())); +} + +/* Add "str_split" if this function is missing. + * This function is only available in PHP5 + */ + if(!function_exists("str_split")){ + function str_split($str,$length =1) + { + if($length < 1 ) $length =1; + + $ret = array(); + for($i = 0 ; $i < strlen($str); $i = $i +$length){ + $ret[] = substr($str,$i ,$length); + } + return($ret); + } + } + + +function get_base_from_hook($dn, $attrib) +{ + global $config; + + if (isset($config->current['BASE_HOOK'])){ + + /* Call hook script - if present */ + $command= $config->current['BASE_HOOK']; + + if ($command != ""){ + $command.= " '$dn' $attrib"; + if (check_command($command)){ + @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute"); + exec($command, $output); + if (preg_match("/^[0-9]+$/", $output[0])){ + return ($output[0]); + } else { + print_red(_("Warning - base_hook is not available. Using default base.")); + return ($config->current['UIDBASE']); + } + } else { + print_red(_("Warning - base_hook is not available. Using default base.")); + return ($config->current['UIDBASE']); + } + + } else { + + print_red(_("Warning - no base_hook defined. Using default base.")); + return ($config->current['UIDBASE']); + + } + } +} + +/* Schema validation functions */ + +function check_schema_version($class, $version) +{ + return preg_match("/\(v$version\)/", $class['DESC']); +} + +function check_schema($cfg,$rfc2307bis = FALSE) +{ + $messages= array(); + + /* Get objectclasses */ + $ldap = new LDAP($cfg['admin'],$cfg['password'],$cfg['connection'] ,FALSE,$cfg['tls']); + $objectclasses = $ldap->get_objectclasses(); + if(count($objectclasses) == 0){ + print_red(_("Can't get schema information from server. No schema check possible!")); + } + + /* This is the default block used for each entry. + * to avoid unset indexes. + */ + $def_check = array("REQUIRED_VERSION" => "0", + "SCHEMA_FILES" => array(), + "CLASSES_REQUIRED" => array(), + "STATUS" => FALSE, + "IS_MUST_HAVE" => FALSE, + "MSG" => "", + "INFO" => "");#_("There is currently no information specified for this schema extension.")); + + /* The gosa base schema */ + $checks['gosaObject'] = $def_check; + $checks['gosaObject']['REQUIRED_VERSION'] = "2.4"; + $checks['gosaObject']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema"); + $checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject"); + $checks['gosaObject']['IS_MUST_HAVE'] = TRUE; + + /* GOsa Account class */ + $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.4"; + $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema"); + $checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount"); + $checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE; + $checks["gosaAccount"]["INFO"] = _("Used to store account specific informations."); + + /* GOsa lock entry, used to mark currently edited objects as 'in use' */ + $checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.4"; + $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema"); + $checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry"); + $checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE; + $checks["gosaLockEntry"]["INFO"] = _("Used to lock currently edited entries to avoid multiple changes at the same time."); + + /* Some other checks */ + foreach(array( + "gosaCacheEntry" => array("version" => "2.4"), + "gosaDepartment" => array("version" => "2.4"), + "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), + "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), + "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), + "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"), + "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"), + "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"), + "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"), + "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"), + "GOhard" => array("version" => "2.5", "class" => "terminals","file" => "goto.schema"), + "gotoTerminal" => array("version" => "2.5", "class" => "terminals","file" => "goto.schema"), + "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"), + "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"), + "goShareServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"), + "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"), + "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"), + "goLdapServer" => array("version" => "2.4"), + "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),), + "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3. schema"), + "goKrbServer" => array("version" => "2.4"), + "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"), + ) as $name => $values){ + + $checks[$name] = $def_check; + if(isset($values['version'])){ + $checks[$name]["REQUIRED_VERSION"] = $values['version']; + } + if(isset($values['file'])){ + $checks[$name]["SCHEMA_FILES"] = array($values['file']); + } + $checks[$name]["CLASSES_REQUIRED"] = array($name); + } + foreach($checks as $name => $value){ + foreach($value['CLASSES_REQUIRED'] as $class){ + + if(!isset($objectclasses[$name])){ + $checks[$name]['STATUS'] = FALSE; + if($value['IS_MUST_HAVE']){ + $checks[$name]['MSG'] = sprintf(_("The required objectClass '%s' is not present in your schema setup"),$class); + }else{ + $checks[$name]['MSG'] = sprintf(_("The optional objectClass '%s' is not present in your schema setup"),$class); + } + }elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){ + $checks[$name]['STATUS'] = FALSE; + + if($value['IS_MUST_HAVE']){ + $checks[$name]['MSG'] = sprintf(_("The required objectclass '%s' does not have version %s"), $class, $value['REQUIRED_VERSION']); + }else{ + $checks[$name]['MSG'] = sprintf(_("The optional objectclass '%s' does not have version %s"), $class, $value['REQUIRED_VERSION']); + } + }else{ + $checks[$name]['STATUS'] = TRUE; + $checks[$name]['MSG'] = sprintf(_("Class(es) available")); + } + } + } + + $tmp = $objectclasses; + + /* The gosa base schema */ + $checks['posixGroup'] = $def_check; + $checks['posixGroup']['REQUIRED_VERSION'] = "2.4"; + $checks['posixGroup']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema"); + $checks['posixGroup']['CLASSES_REQUIRED'] = array("posixGroup"); + $checks['posixGroup']['STATUS'] = TRUE; + $checks['posixGroup']['IS_MUST_HAVE'] = TRUE; + $checks['posixGroup']['MSG'] = ""; + $checks['posixGroup']['INFO'] = ""; + + /* Depending on selected rfc2307bis mode, we need different schema configurations */ + if(isset($tmp['posixGroup'])){ + + if($rfc2307bis && isset($tmp['posixGroup']['STRUCTURAL'])){ + $checks['posixGroup']['STATUS'] = FALSE; + $checks['posixGroup']['MSG'] = _("You have enabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option."); + $checks['posixGroup']['INFO'] = _("In order to use rfc2307bis conform groups the objectClass 'posixGroup' must be AUXILIARY"); + } + if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){ + $checks['posixGroup']['STATUS'] = FALSE; + $checks['posixGroup']['MSG'] = _("You have disabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option."); + $checks['posixGroup']['INFO'] = _("The objectClass 'posixGroup' must be STRUCTURAL"); + } + } + + return($checks); +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>