X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Ffunctions.inc;h=a4e7b952b0236107faaf1b1f6dd187285e0eefa5;hb=704fa7ddaac7fbf1168a1c58c3dd394c14755cd1;hp=09f90acced0c579ef6888a8d1d886a979fe7db78;hpb=023f157c39e2350050f38e1743ec6363eab0ab80;p=gosa.git diff --git a/include/functions.inc b/include/functions.inc index 09f90acce..a4e7b952b 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -23,6 +23,12 @@ define ("CONFIG_DIR", "/etc/gosa"); define ("CONFIG_TEMPLATE_DIR", "../contrib/"); define ("HELP_BASEDIR", "/var/www/doc/"); +/* Define get_list flags */ +define("GL_NONE", 0); +define("GL_SUBSEARCH", 1); +define("GL_SIZELIMIT", 2); +define("GL_CONVERT" , 4); + /* Define globals for revision comparing */ $svn_path = '$HeadURL$'; $svn_revision = '$Revision$'; @@ -30,12 +36,13 @@ $svn_revision = '$Revision$'; /* Include required files */ require_once ("class_ldap.inc"); require_once ("class_config.inc"); -require_once ("class_userinfo.inc"); require_once ("class_plugin.inc"); +require_once ("class_acl.inc"); +require_once ("class_userinfo.inc"); require_once ("class_pluglist.inc"); require_once ("class_tabs.inc"); require_once ("class_mail-methods.inc"); -require_once("class_password-methods.inc"); +require_once ("class_password-methods.inc"); require_once ("functions_debug.inc"); require_once ("functions_dns.inc"); require_once ("class_MultiSelectWindow.inc"); @@ -289,12 +296,8 @@ function ldap_init ($server, $base, $binddn='', $pass='') /* Sadly we've no proper return values here. Use the error message instead. */ if (!preg_match("/Success/i", $ldap->error)){ - print_red(sprintf(_("Error when connecting the LDAP. Server said '%s'."), - $ldap->get_error())); - echo $_SESSION['errors']; - - /* Hard error. We'd like to use the LDAP, anyway... */ - exit; + echo sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error()); + exit(); } /* Preset connection base to $base and return to caller */ @@ -311,8 +314,10 @@ function ldap_login_user ($username, $password) $ldap = $config->get_ldap_link(); if (!preg_match("/Success/i", $ldap->error)){ print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error())); - echo $_SESSION['errors']; - exit; + $smarty= get_smarty(); + $smarty->display(get_template_path('headers.tpl')); + echo "".$_SESSION['errors'].""; + exit(); } $ldap->cd($config->current['BASE']); $ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid")); @@ -361,6 +366,99 @@ function ldap_login_user ($username, $password) } +function ldap_expired_account($config, $userdn, $username) +{ + $ldap= $config->get_ldap_link(); + $ldap->cat($userdn); + $attrs= $ldap->fetch(); + + /* default value no errors */ + $expired = 0; + + $sExpire = 0; + $sLastChange = 0; + $sMax = 0; + $sMin = 0; + $sInactive = 0; + $sWarning = 0; + + $current= date("U"); + + $current= floor($current /60 /60 /24); + + /* special case of the admin, should never been locked */ + /* FIXME should allow any name as user admin */ + if($username != "admin") + { + + if(isset($attrs['shadowExpire'][0])){ + $sExpire= $attrs['shadowExpire'][0]; + } else { + $sExpire = 0; + } + + if(isset($attrs['shadowLastChange'][0])){ + $sLastChange= $attrs['shadowLastChange'][0]; + } else { + $sLastChange = 0; + } + + if(isset($attrs['shadowMax'][0])){ + $sMax= $attrs['shadowMax'][0]; + } else { + $smax = 0; + } + + if(isset($attrs['shadowMin'][0])){ + $sMin= $attrs['shadowMin'][0]; + } else { + $sMin = 0; + } + + if(isset($attrs['shadowInactive'][0])){ + $sInactive= $attrs['shadowInactive'][0]; + } else { + $sInactive = 0; + } + + if(isset($attrs['shadowWarning'][0])){ + $sWarning= $attrs['shadowWarning'][0]; + } else { + $sWarning = 0; + } + + /* is the account locked */ + /* shadowExpire + shadowInactive (option) */ + if($sExpire >0){ + if($current >= ($sExpire+$sInactive)){ + return(1); + } + } + + /* the user should be warned to change is password */ + if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){ + if (($sExpire - $current) < $sWarning){ + return(2); + } + } + + /* force user to change password */ + if(($sLastChange >0) && ($sMax) >0){ + if($current >= ($sLastChange+$sMax)){ + return(3); + } + } + + /* the user should not be able to change is password */ + if(($sLastChange >0) && ($sMin >0)){ + if (($sLastChange + $sMin) >= $current){ + return(4); + } + } + } + return($expired); +} + function add_lock ($object, $user) { global $config; @@ -484,72 +582,36 @@ function get_lock ($object) } -function get_list2($subtreeACL, $filter, $subsearch= TRUE, $base="", $attrs= array(), $flag= FALSE) +function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { - global $config; + global $config, $ui; + + /* Get LDAP link */ + $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT); - /* Base the search on default base if not set */ - $ldap= $config->get_ldap_link($flag); + /* Set search base to configured base if $base is empty */ if ($base == ""){ $ldap->cd ($config->current['BASE']); } else { $ldap->cd ($base); } - /* Perform ONE or SUB scope searches? */ - $ldap->ls ($filter); - - /* Check for size limit exceeded messages for GUI feedback */ - if (preg_match("/size limit/i", $ldap->error)){ - $_SESSION['limit_exceeded']= TRUE; - } else { - $_SESSION['limit_exceeded']= FALSE; - } - $result= array(); - - - /* Crawl through reslut entries and perform the migration to the - result array */ - while($attrs = $ldap->fetch()) { - $dn= $ldap->getDN(); - foreach ($subtreeACL as $key => $value){ - if (preg_match("/$key/", $dn)){ - $attrs["dn"]= convert_department_dn($dn); - $result[]= $attrs; - break; - } - } - } - - - return ($result); - -} - -function get_list($subtreeACL, $filter, $subsearch= TRUE, $base="", $attrs= array(), $flag= FALSE) -{ - global $config; - - /* Base the search on default base if not set */ - $ldap= $config->get_ldap_link($flag); - if ($base == ""){ - $ldap->cd ($config->current['BASE']); - } else { - $ldap->cd ($base); + /* Strict filter for administrative units? */ + if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) && + preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){ + $filter= "(&(gosaUnitTag=".$ui->gosaUnitTag.")$filter)"; } /* Perform ONE or SUB scope searches? */ - if ($subsearch) { - $ldap->search ($filter, $attrs); + if ($flags & GL_SUBSEARCH) { + $ldap->search ($filter, $attributes); } else { - $ldap->ls ($filter); + $ldap->ls ($filter,$base,$attributes); } /* Check for size limit exceeded messages for GUI feedback */ if (preg_match("/size limit/i", $ldap->error)){ $_SESSION['limit_exceeded']= TRUE; - } else { - $_SESSION['limit_exceeded']= FALSE; } /* Crawl through reslut entries and perform the migration to the @@ -557,9 +619,17 @@ function get_list($subtreeACL, $filter, $subsearch= TRUE, $base="", $attrs= arra $result= array(); while($attrs = $ldap->fetch()) { $dn= $ldap->getDN(); + foreach ($subtreeACL as $key => $value){ if (preg_match("/$key/", $dn)){ - $attrs["dn"]= $dn; + + if ($flags & GL_CONVERT){ + $attrs["dn"]= convert_department_dn($dn); + } else { + $attrs["dn"]= $dn; + } + + /* We found what we were looking for, break speeds things up */ $result[]= $attrs; break; } @@ -657,9 +727,11 @@ function getMenuCache() } } + function get_permissions ($dn, $subtreeACL) { global $config; +echo "get_permissions() - to be removed
"; $base= $config->current['BASE']; $tmp= "d,".$dn; @@ -695,6 +767,7 @@ function get_permissions ($dn, $subtreeACL) function get_module_permission($acl_array, $module, $dn) { global $ui; +echo "get_module_permissions() - to be removed
"; $final= ""; foreach($acl_array as $acl){ @@ -768,41 +841,29 @@ function convert_department_dn($dn) /* Build a sub-directory style list of the tree level specified in $dn */ - foreach (split (',', $dn) as $val){ + foreach (split(',', $dn) as $rdn){ /* We're only interested in organizational units... */ - if (preg_match ("/ou=/", $val)){ - $dep= substr($val,3)."/$dep"; + if (substr($rdn,0,3) == 'ou='){ + $dep= substr($rdn,3)."/$dep"; } /* ... and location objects */ - if (preg_match ("/l=/", $val)){ - $dep= substr($val,2)."/$dep"; + if (substr($rdn,0,2) == 'l='){ + $dep= substr($rdn,2)."/$dep"; } } /* Return and remove accidently trailing slashes */ - return @ldap::fix(rtrim($dep, "/")); + return rtrim($dep, "/"); } -function convert_department_dn2($dn) -{ - $dep= ""; - - /* Build a sub-directory style list of the tree level - specified in $dn */ - $deps = array_flip($_SESSION['config']->idepartments); - if(isset($deps[$dn])){ - $dn= $deps[$dn]; - $dep = preg_replace("/^.*=/","",$dn); - }else{ - $dep= preg_replace("%^.*/([^/]+)$%", "\\1", $dn); - } - - /* Return and remove accidently trailing slashes */ - $tmp = rtrim($dep, "/"); - return @ldap::fix($tmp); +/* Strip off the last sub department part of a '/level1/level2/.../' + * style value. It removes the trailing '/', too. */ +function get_sub_department($value) +{ + return (@LDAP::fix(preg_replace("%^.*/([^/]+)/?$%", "\\1", $value))); } @@ -810,12 +871,18 @@ function get_ou($name) { global $config; - $ou= $config->current[$name]; + /* Preset ou... */ + if (isset($config->current[$name])){ + $ou= $config->current[$name]; + } else { + return ""; + } + if ($ou != ""){ if (!preg_match('/^[^=]+=[^=]+/', $ou)){ - return "ou=$ou,"; + return @LDAP::convert("ou=$ou,"); } else { - return "$ou,"; + return @LDAP::convert("$ou,"); } } else { return ""; @@ -845,7 +912,7 @@ function get_base_from_people($dn) { global $config; - $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/"; + $pattern= "/^[^,]+,".preg_quote(get_people_ou())."/i"; $base= preg_replace($pattern, '', $dn); /* Set to base, if we're not on a correct subtree */ @@ -857,32 +924,9 @@ function get_base_from_people($dn) } -function get_departments($ignore_dn= "") -{ - global $config; - - /* Initialize result hash */ - $result= array(); - $result['/']= $config->current['BASE']; - - /* Get list of department objects */ - $ldap= $config->get_ldap_link(); - $ldap->cd ($config->current['BASE']); - $ldap->search ("(objectClass=gosaDepartment)", array("ou")); - while ($attrs= $ldap->fetch()){ - $dn= $ldap->getDN(); - if ($dn == $ignore_dn){ - continue; - } - $result[convert_department_dn($dn)]= $dn; - } - - return ($result); -} - - function chkacl($acl, $name) { + echo "chkacl - to be removed
"; /* Look for attribute in ACL */ if (preg_match("/#$name#/", $acl) || $acl == "#all#"){ return (""); @@ -899,7 +943,7 @@ function is_phone_nr($nr) return (TRUE); } - return preg_match ("/^[0-9 ()+*-]+$/", $nr); + return preg_match ("/^[\/0-9 ()+*-]+$/", $nr); } @@ -941,6 +985,12 @@ function is_uid($uid) } +function is_ip($ip) +{ + return preg_match("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/", $ip); +} + + function is_id($id) { if ($id == ""){ @@ -1005,37 +1055,42 @@ function print_red() if (isset($_SESSION['DEBUGLEVEL'])){ if($_SESSION['LastError'] == $string){ - + if((!isset($_SESSION['errorsAlreadyPosted'][$string]))){ $_SESSION['errorsAlreadyPosted'][$string] = 1; } - $_SESSION['errorsAlreadyPosted'][$string] ++; + $_SESSION['errorsAlreadyPosted'][$string]++; }else{ - if((!empty($_SESSION['LastError'])) && ($_SESSION['errorsAlreadyPosted'][$_SESSION['LastError']]>1)){ - $_SESSION['errors'].= "

". - "

$\"\"$

". - "".sprintf(_("Last message repeated %s times."),$_SESSION['errorsAlreadyPosted'][$_SESSION['LastError']])."

". - " $\"\"src=\"".get_template_path('images/warning.png').$

\n"; - } - if($string != NULL){ - $_SESSION['errors'].= "

". - "

$\"\"$

". - "$string

". - " $\"\"src=\"".get_template_path('images/warning.png').$

\n"; + if (preg_match("/"._("LDAP error:")."/", $string)){ + $addmsg= _("Problems with the LDAP server mean that you probably lost the last changes. Please check your LDAP setup for possible errors and try again."); + $img= "images/error.png"; + } else { + if (!preg_match('/[.!?]$/', $string)){ + $string.= "."; + } + $string= preg_replace('/
/', ' ', $string); + $img= "images/warning.png"; + $addmsg= _("Please check your input and fix the error. Press 'OK' to close this message box."); + } + + if(isset($_SESSION['errors']) && strlen($_SESSION['errors'])==0) { + $_SESSION['errors'].= "

". + "". + "

	"._("An error occured while processing your request"). + " $string $addmsg

"; + } + }else{ return; } - $_SESSION['errorsAlreadyPosted'] = array(); $_SESSION['errorsAlreadyPosted'][$string] = 1; } @@ -1044,7 +1099,6 @@ function print_red() echo "Error: $string\n"; } $_SESSION['LastError'] = $string; - } @@ -1054,13 +1108,21 @@ function gen_locked_message($user, $dn) $_SESSION['dn']= $dn; $ldap= $config->get_ldap_link(); - $ldap->cat ($user); + $ldap->cat ($user, array('uid', 'cn')); $attrs= $ldap->fetch(); - $uid= $attrs["uid"][0]; - // print_a($_POST); - // print_a($_GET); + /* Stop if we have no user here... */ + if (count($attrs)){ + $uid= $attrs["uid"][0]; + $cn= $attrs["cn"][0]; + } else { + $uid= $attrs["uid"][0]; + $cn= $attrs["cn"][0]; + } + + $remove= false; + /* Save variables from LOCK_VARS_TO_USE in session - for further editing */ if((isset($_SESSION['LOCK_VARS_TO_USE']))&&(count($_SESSION['LOCK_VARS_TO_USE']))){ $_SESSION['LOCK_VARS_USED'] =array(); foreach($_SESSION['LOCK_VARS_TO_USE'] as $name){ @@ -1084,7 +1146,12 @@ function gen_locked_message($user, $dn) /* Prepare and show template */ $smarty= get_smarty(); $smarty->assign ("dn", $dn); - $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry '%s' which appears to be used by '%s'. Please contact the person in order to clarify proceedings."), $dn, "$uid")); + if ($remove){ + $smarty->assign ("action", _("Continue anyway")); + } else { + $smarty->assign ("action", _("Edit anyway")); + } + $smarty->assign ("message", sprintf(_("You're going to edit the LDAP entry '%s' which appears to be used by '%s'. Please contact the person in order to clarify proceedings."), "".$dn."", "$cn")); return ($smarty->fetch (get_template_path('islocked.tpl'))); } @@ -1132,7 +1199,7 @@ function get_printer_list($cups_server) $ar = false; exec("lpstat -p", $ar); foreach($ar as $val){ - list($dummy, $printer, $rest)= split(' ', $val, 3); + @list($dummy, $printer, $rest)= split(' ', $val, 3); if (preg_match('/^[^@]+$/', $printer)){ $res[$printer]= "$printer"; } @@ -1180,10 +1247,14 @@ function show_errors($message) } -function show_ldap_error($message) +function show_ldap_error($message, $addon= "") { if (!preg_match("/Success/i", $message)){ - print_red (_("LDAP error:")." $message"); + if ($addon == ""){ + print_red (_("LDAP error: $message")); + } else { + print_red ("$addon

"._("LDAP error:")." $message"); + } return TRUE; } else { return FALSE; @@ -1208,10 +1279,10 @@ function dn2base($dn) global $config; if (get_people_ou() != ""){ - $dn= preg_replace('/,'.get_people_ou().'/' , ',', $dn); + $dn= preg_replace('/,'.get_people_ou().'/i' , ',', $dn); } if (get_groups_ou() != ""){ - $dn= preg_replace('/,'.get_groups_ou().'/' , ',', $dn); + $dn= preg_replace('/,'.get_groups_ou().'/i' , ',', $dn); } $base= preg_replace ('/^[^,]+,/i', '', $dn); @@ -1253,6 +1324,9 @@ function print_header($image, $headline, $info= "") $display.= " "; $display.= "\n"; } + if (isset($_SESSION['errors'])){ + $display.= $_SESSION['errors']; + } return ($display); } @@ -1944,5 +2018,90 @@ function array_differs($src, $dst) } +function saveFilter($a_filter, $values) +{ + if (isset($_POST['regexit'])){ + $a_filter["regex"]= $_POST['regexit']; + + foreach($values as $type){ + if (isset($_POST[$type])) { + $a_filter[$type]= "checked"; + } else { + $a_filter[$type]= ""; + } + } + } + + /* React on alphabet links if needed */ + if (isset($_GET['search'])){ + $s= mb_substr(validate($_GET['search']), 0, 1, "UTF8")."*"; + if ($s == "**"){ + $s= "*"; + } + $a_filter['regex']= $s; + } + + return ($a_filter); +} + + +/* Escape all preg_* relevant characters */ +function normalizePreg($input) +{ + return (addcslashes($input, '[]()|/.*+-')); +} + + +/* Escape all LDAP filter relevant characters */ +function normalizeLdap($input) +{ + return (addcslashes($input, '()|')); +} + + +/* Resturns the difference between to microtime() results in float */ +function get_MicroTimeDiff($start , $stop) +{ + $a = split("\ ",$start); + $b = split("\ ",$stop); + + $secs = $b[1] - $a[1]; + $msecs= $b[0] - $a[0]; + + $ret = (float) ($secs+ $msecs); + return($ret); +} + + +/* Check if the given department name is valid */ +function is_department_name_reserved($name,$base) +{ + $reservedName = array("systems","apps","incomming","internal","accounts","fax","addressbook", + preg_replace("/ou=(.*),/","\\1",get_people_ou()), + preg_replace("/ou=(.*),/","\\1",get_groups_ou())); + $follwedNames['/ou=fai,ou=configs,ou=systems,/'] = array("fai","hooks","templates","scripts","disk","packages","variables","profiles"); + + /* Check if name is one of the reserved names */ + if(in_array_ics($name,$reservedName)) { + return(true); + } + + /* Check all follow combinations if name is in array && parent base == array_key, return false*/ + foreach($follwedNames as $key => $names){ + if((in_array_ics($name,$names)) && (preg_match($key,$base))){ + return(true); + } + } + return(false); +} + + +function get_base_dir() +{ + global $BASE_DIR; + + return $BASE_DIR; +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>

"._("An error occured while processing your request"). + "