X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Ffunctions.inc;h=6eda98aa4bc95f3afb0029a6819c388369b4a30e;hb=41b3851a98576e3cd9b843a63353a9e669c4f501;hp=1e9b5b6334afc879330dce855de588234052b38e;hpb=a04b1f2478909c46f345a2bfc390c5543ad975bd;p=gosa.git diff --git a/include/functions.inc b/include/functions.inc index 1e9b5b633..6eda98aa4 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -36,12 +36,13 @@ $svn_revision = '$Revision$'; /* Include required files */ require_once ("class_ldap.inc"); require_once ("class_config.inc"); -require_once ("class_userinfo.inc"); require_once ("class_plugin.inc"); +require_once ("class_acl.inc"); require_once ("class_pluglist.inc"); +require_once ("class_userinfo.inc"); require_once ("class_tabs.inc"); require_once ("class_mail-methods.inc"); -require_once("class_password-methods.inc"); +require_once ("class_password-methods.inc"); require_once ("functions_debug.inc"); require_once ("functions_dns.inc"); require_once ("class_MultiSelectWindow.inc"); @@ -295,12 +296,8 @@ function ldap_init ($server, $base, $binddn='', $pass='') /* Sadly we've no proper return values here. Use the error message instead. */ if (!preg_match("/Success/i", $ldap->error)){ - print_red(sprintf(_("Error when connecting the LDAP. Server said '%s'."), - $ldap->get_error())); - echo $_SESSION['errors']; - - /* Hard error. We'd like to use the LDAP, anyway... */ - exit; + echo sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error()); + exit(); } /* Preset connection base to $base and return to caller */ @@ -317,8 +314,10 @@ function ldap_login_user ($username, $password) $ldap = $config->get_ldap_link(); if (!preg_match("/Success/i", $ldap->error)){ print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error())); - echo $_SESSION['errors']; - exit; + $smarty= get_smarty(); + $smarty->display(get_template_path('headers.tpl')); + echo "".$_SESSION['errors'].""; + exit(); } $ldap->cd($config->current['BASE']); $ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid")); @@ -367,6 +366,99 @@ function ldap_login_user ($username, $password) } +function ldap_expired_account($config, $userdn, $username) +{ + $ldap= $config->get_ldap_link(); + $ldap->cat($userdn); + $attrs= $ldap->fetch(); + + /* default value no errors */ + $expired = 0; + + $sExpire = 0; + $sLastChange = 0; + $sMax = 0; + $sMin = 0; + $sInactive = 0; + $sWarning = 0; + + $current= date("U"); + + $current= floor($current /60 /60 /24); + + /* special case of the admin, should never been locked */ + /* FIXME should allow any name as user admin */ + if($username != "admin") + { + + if(isset($attrs['shadowExpire'][0])){ + $sExpire= $attrs['shadowExpire'][0]; + } else { + $sExpire = 0; + } + + if(isset($attrs['shadowLastChange'][0])){ + $sLastChange= $attrs['shadowLastChange'][0]; + } else { + $sLastChange = 0; + } + + if(isset($attrs['shadowMax'][0])){ + $sMax= $attrs['shadowMax'][0]; + } else { + $smax = 0; + } + + if(isset($attrs['shadowMin'][0])){ + $sMin= $attrs['shadowMin'][0]; + } else { + $sMin = 0; + } + + if(isset($attrs['shadowInactive'][0])){ + $sInactive= $attrs['shadowInactive'][0]; + } else { + $sInactive = 0; + } + + if(isset($attrs['shadowWarning'][0])){ + $sWarning= $attrs['shadowWarning'][0]; + } else { + $sWarning = 0; + } + + /* is the account locked */ + /* shadowExpire + shadowInactive (option) */ + if($sExpire >0){ + if($current >= ($sExpire+$sInactive)){ + return(1); + } + } + + /* the user should be warned to change is password */ + if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){ + if (($sExpire - $current) < $sWarning){ + return(2); + } + } + + /* force user to change password */ + if(($sLastChange >0) && ($sMax) >0){ + if($current >= ($sLastChange+$sMax)){ + return(3); + } + } + + /* the user should not be able to change is password */ + if(($sLastChange >0) && ($sMin >0)){ + if (($sLastChange + $sMin) >= $current){ + return(4); + } + } + } + return($expired); +} + function add_lock ($object, $user) { global $config; @@ -490,9 +582,9 @@ function get_lock ($object) } -function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) +function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { - global $config; + global $config, $ui; /* Get LDAP link */ $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT); @@ -519,12 +611,26 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= /* Crawl through reslut entries and perform the migration to the result array */ $result= array(); + while($attrs = $ldap->fetch()) { $dn= $ldap->getDN(); - foreach ($subtreeACL as $key => $value){ - if (preg_match("/$key/", $dn)){ + /* Sort in every value that fits the permissions */ + if (is_array($category)){ + foreach ($category as $o){ + if ($ui->get_category_permissions($dn, $o) != ""){ + if ($flags & GL_CONVERT){ + $attrs["dn"]= convert_department_dn($dn); + } else { + $attrs["dn"]= $dn; + } + /* We found what we were looking for, break speeds things up */ + $result[]= $attrs; + } + } + } else { + if ($ui->get_category_permissions($dn, $category) != ""){ if ($flags & GL_CONVERT){ $attrs["dn"]= convert_department_dn($dn); } else { @@ -533,7 +639,6 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= /* We found what we were looking for, break speeds things up */ $result[]= $attrs; - break; } } } @@ -629,9 +734,11 @@ function getMenuCache() } } + function get_permissions ($dn, $subtreeACL) { global $config; +echo "get_permissions() - to be removed
"; $base= $config->current['BASE']; $tmp= "d,".$dn; @@ -667,6 +774,7 @@ function get_permissions ($dn, $subtreeACL) function get_module_permission($acl_array, $module, $dn) { global $ui; +echo "get_module_permissions() - to be removed
"; $final= ""; foreach($acl_array as $acl){ @@ -811,7 +919,7 @@ function get_base_from_people($dn) { global $config; - $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/"; + $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/i"; $base= preg_replace($pattern, '', $dn); /* Set to base, if we're not on a correct subtree */ @@ -825,6 +933,7 @@ function get_base_from_people($dn) function chkacl($acl, $name) { + echo "chkacl - to be removed
"; /* Look for attribute in ACL */ if (preg_match("/#$name#/", $acl) || $acl == "#all#"){ return (""); @@ -875,7 +984,7 @@ function is_uid($uid) /* STRICT adds spaces and case insenstivity to the uid check. This is dangerous and should not be used. */ - if (isset($config->current['STRICT']) && preg_match('/^no$/i', $config->current['STRICT'])){ + if (isset($config->current['STRICT']) && preg_match('/^(no|false)$/i', $config->current['STRICT'])){ return preg_match ("/^[a-z0-9 _.-]+$/i", $uid); } else { return preg_match ("/^[a-z0-9_-]+$/", $uid); @@ -888,6 +997,53 @@ function is_ip($ip) return preg_match("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/", $ip); } +/* Checks if the given ip address dosen't match + "is_ip" because there is also a sub net mask given */ +function is_ip_with_subnetmask($ip) +{ + /* Generate list of valid submasks */ + $res = array(); + for($e = 0 ; $e <= 32; $e++){ + $res[$e] = $e; + } + $i[0] =255; + $i[1] =255; + $i[2] =255; + $i[3] =255; + for($a= 3 ; $a >= 0 ; $a --){ + $c = 1; + while($i[$a] > 0 ){ + $str = $i[0].".".$i[1].".".$i[2].".".$i[3]; + $res[$str] = $str; + $i[$a] -=$c; + $c = 2*$c; + } + } + $res["0.0.0.0"] = "0.0.0.0"; + if(preg_match("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/", $ip)){ + $mask = preg_replace("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/","",$ip); + + $mask = preg_replace("/^\//","",$mask); + if((in_array("$mask",$res)) && preg_match("/^[0-9\.]/",$mask)){ + return(TRUE); + } + } + return(FALSE); +} + +/* Simple is domain check, it checks if the given string looks like "string(...).string" */ +function is_domain($str) +{ + return(preg_match("/^([a-z0-9i\-]*)\.[a-z0-9]*$/i",$str)); +} + + function is_id($id) { @@ -975,7 +1131,7 @@ function print_red() if(isset($_SESSION['errors']) && strlen($_SESSION['errors'])==0) { $_SESSION['errors'].= "
". "". @@ -1020,6 +1176,7 @@ function gen_locked_message($user, $dn) $remove= false; + /* Save variables from LOCK_VARS_TO_USE in session - for further editing */ if((isset($_SESSION['LOCK_VARS_TO_USE']))&&(count($_SESSION['LOCK_VARS_TO_USE']))){ $_SESSION['LOCK_VARS_USED'] =array(); foreach($_SESSION['LOCK_VARS_TO_USE'] as $name){ @@ -1096,7 +1253,7 @@ function get_printer_list($cups_server) $ar = false; exec("lpstat -p", $ar); foreach($ar as $val){ - list($dummy, $printer, $rest)= split(' ', $val, 3); + @list($dummy, $printer, $rest)= split(' ', $val, 3); if (preg_match('/^[^@]+$/', $printer)){ $res[$printer]= "$printer"; } @@ -1106,9 +1263,11 @@ function get_printer_list($cups_server) /* Merge in printers from LDAP */ $ldap= $config->get_ldap_link(); $ldap->cd ($config->current['BASE']); - $ldap->search('(objectClass=gotoPrinter)', array('cn')); - while ($attrs= $ldap->fetch()){ - $res[$attrs["cn"][0]]= $attrs["cn"][0]; + $ui= get_userinfo(); + if (preg_match('/TRUE/i', $config->current['STRICT_UNITS']) && $ui->gosaUnitTag != ""){ + $ldap->search('((objectClass=gotoPrinter)(gosaUnitTag='.$ui->gosaUnitTag.'))', array('cn')); + } else { + $ldap->search('(objectClass=gotoPrinter)', array('cn')); } return $res; @@ -1176,10 +1335,10 @@ function dn2base($dn) global $config; if (get_people_ou() != ""){ - $dn= preg_replace('/,'.get_people_ou().'/' , ',', $dn); + $dn= preg_replace('/,'.get_people_ou().'/i' , ',', $dn); } if (get_groups_ou() != ""){ - $dn= preg_replace('/,'.get_groups_ou().'/' , ',', $dn); + $dn= preg_replace('/,'.get_groups_ou().'/i' , ',', $dn); } $base= preg_replace ('/^[^,]+,/i', '', $dn); @@ -1970,5 +2129,112 @@ function get_MicroTimeDiff($start , $stop) } +/* Check if the given department name is valid */ +function is_department_name_reserved($name,$base) +{ + $reservedName = array("systems","apps","incomming","internal","accounts","fax","addressbook", + preg_replace("/ou=(.*),/","\\1",get_people_ou()), + preg_replace("/ou=(.*),/","\\1",get_groups_ou())); + $follwedNames['/ou=fai,ou=configs,ou=systems,/'] = array("fai","hooks","templates","scripts","disk","packages","variables","profiles"); + + /* Check if name is one of the reserved names */ + if(in_array_ics($name,$reservedName)) { + return(true); + } + + /* Check all follow combinations if name is in array && parent base == array_key, return false*/ + foreach($follwedNames as $key => $names){ + if((in_array_ics($name,$names)) && (preg_match($key,$base))){ + return(true); + } + } + return(false); +} + + +function get_base_dir() +{ + global $BASE_DIR; + + return $BASE_DIR; +} + + +function obj_is_readable($dn, $object, $attribute) +{ + global $ui; + + return preg_match('/r/', $ui->get_permissions($dn, $object, $attribute)); +} + + +function obj_is_writable($dn, $object, $attribute) +{ + global $ui; + + return preg_match('/w/', $ui->get_permissions($dn, $object, $attribute)); +} + + +function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false) +{ + /* Initialize variables */ + $ret = array("count" => 0); // Set count to 0 + $next = true; // if false, then skip next loops and return + $cnt = 0; // Current number of loops + $max = 100; // Just for security, prevent looops + $ldap = NULL; // To check if created result a valid + $keep = ""; // save last failed parse string + + /* Check each parsed dn in ldap ? */ + if($config!=NULL && $verify_in_ldap){ + $ldap = $config->get_ldap_link(); + } + + $Diff = ldap_explode_dn($dn,0); + + /* Lets start */ + $called = false; + while(preg_match("/,/",$dn) && $next && $cnt < $max){ + + $cnt ++; + if(!preg_match("/,/",$dn)){ + $next = false; + } + $object = preg_replace("/[,].*$/","",$dn); + $dn = preg_replace("/^[^,]+,/","",$dn); + + $called = true; + + /* Check if current dn is valid */ + if($ldap!=NULL){ + $ldap->cd($dn); + $ldap->cat($dn,array("dn")); + if($ldap->count()){ + $ret[] = $keep.$object; + $keep = ""; + }else{ + $keep .= $object.","; + } + }else{ + $ret[] = $keep.$object; + $keep = ""; + } + } + + /* Append the rest */ + $test = $keep.$dn; + if($called && !empty($test)){ + $ret[] = $keep.$dn; + } + $ret['count'] = count($ret) - 1; + + $diff = array_diff($ret,$Diff); + if($diff){ + print_a(array("Diff" => $diff,"OLD" => $Diff,"NEW"=> $ret,"DEBUG"=> debug_backtrace())); + } + return($ret); +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>