X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Ffunctions.inc;h=b1deb986ec57f75b944bff664fe34e9233818f49;hb=d2a7f50083180fccb855c116a0f16cbca2636f62;hp=46a0e53e9ddd51036441153a199723d2d01d374f;hpb=39b455baf2ded7e9f64e2273c1ca455c0da77d8c;p=gosa.git diff --git a/include/functions.inc b/include/functions.inc index 46a0e53e9..b1deb986e 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -36,12 +36,13 @@ $svn_revision = '$Revision$'; /* Include required files */ require_once ("class_ldap.inc"); require_once ("class_config.inc"); -require_once ("class_userinfo.inc"); require_once ("class_plugin.inc"); +require_once ("class_acl.inc"); require_once ("class_pluglist.inc"); +require_once ("class_userinfo.inc"); require_once ("class_tabs.inc"); require_once ("class_mail-methods.inc"); -require_once("class_password-methods.inc"); +require_once ("class_password-methods.inc"); require_once ("functions_debug.inc"); require_once ("functions_dns.inc"); require_once ("class_MultiSelectWindow.inc"); @@ -367,7 +368,6 @@ function ldap_login_user ($username, $password) function ldap_expired_account($config, $userdn, $username) { - //$this->config= $config; $ldap= $config->get_ldap_link(); $ldap->cat($userdn); $attrs= $ldap->fetch(); @@ -582,7 +582,7 @@ function get_lock ($object) } -function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) +function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { global $config, $ui; @@ -596,12 +596,6 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= $ldap->cd ($base); } - /* Strict filter for administrative units? */ - if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) && - preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){ - $filter= "(&(gosaUnitTag=".$ui->gosaUnitTag.")$filter)"; - } - /* Perform ONE or SUB scope searches? */ if ($flags & GL_SUBSEARCH) { $ldap->search ($filter, $attributes); @@ -617,12 +611,26 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= /* Crawl through reslut entries and perform the migration to the result array */ $result= array(); + while($attrs = $ldap->fetch()) { $dn= $ldap->getDN(); - foreach ($subtreeACL as $key => $value){ - if (preg_match("/$key/", $dn)){ + /* Sort in every value that fits the permissions */ + if (is_array($category)){ + foreach ($category as $o){ + if ($ui->get_category_permissions($dn, $o) != ""){ + if ($flags & GL_CONVERT){ + $attrs["dn"]= convert_department_dn($dn); + } else { + $attrs["dn"]= $dn; + } + /* We found what we were looking for, break speeds things up */ + $result[]= $attrs; + } + } + } else { + if ($ui->get_category_permissions($dn, $category) != ""){ if ($flags & GL_CONVERT){ $attrs["dn"]= convert_department_dn($dn); } else { @@ -631,7 +639,6 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= /* We found what we were looking for, break speeds things up */ $result[]= $attrs; - break; } } } @@ -727,91 +734,18 @@ function getMenuCache() } } -function get_permissions ($dn, $subtreeACL) -{ - global $config; - - $base= $config->current['BASE']; - $tmp= "d,".$dn; - $sacl= array(); - - /* Sort subacl's for lenght to simplify matching - for subtrees */ - foreach ($subtreeACL as $key => $value){ - $sacl[$key]= strlen($key); - } - arsort ($sacl); - reset ($sacl); - - /* Successively remove leading parts of the dn's until - it doesn't contain commas anymore */ - $tmp_dn= preg_replace('/\\\\,/', '', $tmp); - while (preg_match('/,/', $tmp_dn)){ - $tmp_dn= ltrim(strstr($tmp_dn, ","), ","); - $tmp= preg_replace('/\/', '\\,', $tmp); - - /* Check for acl that may apply */ - foreach ($sacl as $key => $value){ - if (preg_match("/$key$/", $tmp)){ - return ($subtreeACL[$key]); - } - } - } +function get_permissions () +{ + /* Look for attribute in ACL */ + trigger_error("Don't use get_permissions() its obsolete. Use userinfo::get_permissions() instead."); return array(""); } -function get_module_permission($acl_array, $module, $dn) +function get_module_permission() { - global $ui; - - $final= ""; - foreach($acl_array as $acl){ - - /* Check for selfflag (!) in ACL to determine if - the user is allowed to change parts of his/her - own account */ - if (preg_match("/^!/", $acl)){ - if ($dn != "" && $dn != $ui->dn){ - - /* No match for own DN, give up on this ACL */ - continue; - - } else { - - /* Matches own DN, remove the selfflag */ - $acl= preg_replace("/^!/", "", $acl); - - } - } - - /* Remove leading garbage */ - $acl= preg_replace("/^:/", "", $acl); - - /* Discover if we've access to the submodule by comparing - all allowed submodules specified in the ACL */ - $tmp= split(",", $acl); - foreach ($tmp as $mod){ - if (preg_match("/^$module#/", $mod)){ - $final= strstr($mod, "#")."#"; - continue; - } - if (preg_match("/[^#]$module$/", $mod)){ - return ("#all#"); - } - if (preg_match("/^all$/", $mod)){ - return ("#all#"); - } - } - } - - /* Return assembled ACL, or none */ - if ($final != ""){ - return (preg_replace('/##/', '#', $final)); - } - - /* Nothing matches - disable access for this object */ + trigger_error("Don't use get_module_permission() its obsolete."); return ("#none#"); } @@ -921,15 +855,11 @@ function get_base_from_people($dn) } -function chkacl($acl, $name) +function chkacl() { /* Look for attribute in ACL */ - if (preg_match("/#$name#/", $acl) || $acl == "#all#"){ - return (""); - } - - /* Optically disable html object for no match */ - return (" disabled "); + trigger_error("Don't use chkacl() its obsolete. Use userinfo::getacl() instead."); + return("-deprecated-"); } @@ -973,7 +903,7 @@ function is_uid($uid) /* STRICT adds spaces and case insenstivity to the uid check. This is dangerous and should not be used. */ - if (isset($config->current['STRICT']) && preg_match('/^no$/i', $config->current['STRICT'])){ + if (isset($config->current['STRICT']) && preg_match('/^(no|false)$/i', $config->current['STRICT'])){ return preg_match ("/^[a-z0-9 _.-]+$/i", $uid); } else { return preg_match ("/^[a-z0-9_-]+$/", $uid); @@ -987,6 +917,60 @@ function is_ip($ip) } +function is_mac($mac) +{ + return preg_match("/^[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]:[a-f0-9][a-f0-9]$/i", $mac); +} + + +/* Checks if the given ip address dosen't match + "is_ip" because there is also a sub net mask given */ +function is_ip_with_subnetmask($ip) +{ + /* Generate list of valid submasks */ + $res = array(); + for($e = 0 ; $e <= 32; $e++){ + $res[$e] = $e; + } + $i[0] =255; + $i[1] =255; + $i[2] =255; + $i[3] =255; + for($a= 3 ; $a >= 0 ; $a --){ + $c = 1; + while($i[$a] > 0 ){ + $str = $i[0].".".$i[1].".".$i[2].".".$i[3]; + $res[$str] = $str; + $i[$a] -=$c; + $c = 2*$c; + } + } + $res["0.0.0.0"] = "0.0.0.0"; + if(preg_match("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/", $ip)){ + $mask = preg_replace("/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.". + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/","",$ip); + + $mask = preg_replace("/^\//","",$mask); + if((in_array("$mask",$res)) && preg_match("/^[0-9\.]/",$mask)){ + return(TRUE); + } + } + return(FALSE); +} + +/* Simple is domain check, it checks if the given string looks like "string(...).string" */ +function is_domain($str) +{ + return(preg_match("/^([a-z0-9i\-]*)\.[a-z0-9]*$/i",$str)); +} + + + function is_id($id) { if ($id == ""){ @@ -1118,6 +1102,7 @@ function gen_locked_message($user, $dn) $remove= false; + /* Save variables from LOCK_VARS_TO_USE in session - for further editing */ if((isset($_SESSION['LOCK_VARS_TO_USE']))&&(count($_SESSION['LOCK_VARS_TO_USE']))){ $_SESSION['LOCK_VARS_USED'] =array(); foreach($_SESSION['LOCK_VARS_TO_USE'] as $name){ @@ -1170,45 +1155,11 @@ function to_string ($value) function get_printer_list($cups_server) { global $config; - - $res= array(); - - /* Use CUPS, if we've access to it */ - if (function_exists('cups_get_dest_list')){ - $dest_list= cups_get_dest_list ($cups_server); - - foreach ($dest_list as $prt){ - $attr= cups_get_printer_attributes ($cups_server, $prt->name); - - foreach ($attr as $prt_info){ - if ($prt_info->name == "printer-info"){ - $info= $prt_info->value; - break; - } - } - $res[$prt->name]= "$info [$prt->name]"; - } - - /* CUPS is not available, try lpstat as a replacement */ - } else { - $ar = false; - exec("lpstat -p", $ar); - foreach($ar as $val){ - @list($dummy, $printer, $rest)= split(' ', $val, 3); - if (preg_match('/^[^@]+$/', $printer)){ - $res[$printer]= "$printer"; - } - } - } - - /* Merge in printers from LDAP */ - $ldap= $config->get_ldap_link(); - $ldap->cd ($config->current['BASE']); - $ldap->search('(objectClass=gotoPrinter)', array('cn')); - while ($attrs= $ldap->fetch()){ - $res[$attrs["cn"][0]]= $attrs["cn"][0]; + $res = array(); + $data = get_list('(objectClass=gotoPrinter)',"printer",$config->current['BASE'], array('cn')); + foreach($data as $attrs ){ + $res[$attrs['cn'][0]] = $attrs['cn'][0]; } - return $res; } @@ -2091,5 +2042,88 @@ function is_department_name_reserved($name,$base) } +function get_base_dir() +{ + global $BASE_DIR; + + return $BASE_DIR; +} + + +function obj_is_readable($dn, $object, $attribute) +{ + global $ui; + + return preg_match('/r/', $ui->get_permissions($dn, $object, $attribute)); +} + + +function obj_is_writable($dn, $object, $attribute) +{ + global $ui; + + return preg_match('/w/', $ui->get_permissions($dn, $object, $attribute)); +} + + +function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false) +{ + /* Initialize variables */ + $ret = array("count" => 0); // Set count to 0 + $next = true; // if false, then skip next loops and return + $cnt = 0; // Current number of loops + $max = 100; // Just for security, prevent looops + $ldap = NULL; // To check if created result a valid + $keep = ""; // save last failed parse string + + /* Check each parsed dn in ldap ? */ + if($config!=NULL && $verify_in_ldap){ + $ldap = $config->get_ldap_link(); + } + + /* Lets start */ + $called = false; + while(preg_match("/,/",$dn) && $next && $cnt < $max){ + + $cnt ++; + if(!preg_match("/,/",$dn)){ + $next = false; + } + $object = preg_replace("/[,].*$/","",$dn); + $dn = preg_replace("/^[^,]+,/","",$dn); + + $called = true; + + /* Check if current dn is valid */ + if($ldap!=NULL){ + $ldap->cd($dn); + $ldap->cat($dn,array("dn")); + if($ldap->count()){ + $ret[] = $keep.$object; + $keep = ""; + }else{ + $keep .= $object.","; + } + }else{ + $ret[] = $keep.$object; + $keep = ""; + } + } + + /* No dn was posted */ + if($cnt == 0 && !empty($dn)){ + $ret[] = $dn; + } + + /* Append the rest */ + $test = $keep.$dn; + if($called && !empty($test)){ + $ret[] = $keep.$dn; + } + $ret['count'] = count($ret) - 1; + + return($ret); +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>