X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Ffunctions.inc;h=e83805413ea93da35bb4f1171bef0653a685d113;hb=9bd5e2a21394fc3282170ab76e31a7bb632c9548;hp=04a9d91d17c62e1d00e9bda858609ab91db87b57;hpb=1249bb00fff01530ab2980c14b8d4505e3264632;p=gosa.git diff --git a/include/functions.inc b/include/functions.inc index 04a9d91d1..e83805413 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -20,6 +20,7 @@ /* Configuration file location */ define ("CONFIG_DIR", "/etc/gosa"); +define ("CONFIG_FILE", "gosa.conf"); define ("CONFIG_TEMPLATE_DIR", "../contrib/"); define ("HELP_BASEDIR", "/var/www/doc/"); @@ -38,12 +39,14 @@ require_once ("class_ldap.inc"); require_once ("class_config.inc"); require_once ("class_userinfo.inc"); require_once ("class_plugin.inc"); +require_once ("class_dhcpPlugin.inc"); require_once ("class_pluglist.inc"); require_once ("class_tabs.inc"); require_once ("class_mail-methods.inc"); require_once("class_password-methods.inc"); require_once ("functions_debug.inc"); require_once ("functions_dns.inc"); +require_once ("accept-to-gettext.inc"); require_once ("class_MultiSelectWindow.inc"); /* Define constants for debugging */ @@ -145,46 +148,37 @@ function DEBUG($level, $line, $function, $file, $data, $info="") } -/* Simple function to get browser language and convert it to - xx_XY needed by locales. Ignores sublanguages and weights. */ function get_browser_language() { - global $BASE_DIR; - /* Try to use users primary language */ + global $config; $ui= get_userinfo(); - if ($ui != NULL){ + if (isset($ui) && $ui !== NULL){ if ($ui->language != ""){ - return ($ui->language); + return ($ui->language.".UTF-8"); } } - /* Get list of languages */ - if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ - $lang= preg_replace("/\s+/", "", $_SERVER['HTTP_ACCEPT_LANGUAGE']); - $languages= split (',', $lang); - $languages[]= "C"; - } else { - $languages= array("C"); + /* Check for global language settings in gosa.conf */ + if(isset($config->data['MAIN']['LANG']) && !empty($config->data['MAIN']['LANG'])) { + $lang = $config->data['MAIN']['LANG']; + if(!preg_match("/utf/i",$lang)){ + $lang .= ".UTF-8"; + } + return($lang); } - /* Walk through languages and get first supported */ - foreach ($languages as $val){ - - /* Strip off weight */ - $lang= preg_replace("/;q=.*$/i", "", $val); + /* Load supported languages */ + $gosa_languages= get_languages(); - /* Simplify sub language handling */ - $lang= preg_replace("/-.*$/", "", $lang); - - /* Cancel loop if available in GOsa, or the last - entry has been reached */ - if (is_dir("$BASE_DIR/locale/$lang")){ - break; - } + /* Move supported languages to flat list */ + $langs= array(); + foreach($gosa_languages as $lang => $dummy){ + $langs[]= $lang.'.UTF-8'; } - return (strtolower($lang)."_".strtoupper($lang)); + /* Return gettext based string */ + return (al2gt($langs, 'text/html')); } @@ -319,8 +313,19 @@ function ldap_login_user ($username, $password) echo "".$_SESSION['errors'].""; exit(); } + + /* Check if mail address is also a valid auth name */ + $auth_mail = FALSE; + if(isset($config->current['AUTH_MAIL']) && preg_match("/^true$/i",$config->current['AUTH_MAIL'])){ + $auth_mail = TRUE; + } + $ldap->cd($config->current['BASE']); - $ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid")); + if(!$auth_mail){ + $ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid")); + }else{ + $ldap->search("(&(|(uid=".$username.")(mail=".$username."))(objectClass=gosaAccount))", array("uid","mail")); + } /* get results, only a count of 1 is valid */ switch ($ldap->count()){ @@ -340,13 +345,19 @@ function ldap_login_user ($username, $password) /* LDAP schema is not case sensitive. Perform additional check. */ $attrs= $ldap->fetch(); - if ($attrs['uid'][0] != $username){ - return(NULL); + if($auth_mail){ + if ($attrs['uid'][0] != $username && strcasecmp($attrs['mail'][0], $username) != 0){ + return(NULL); + } + }else{ + if ($attrs['uid'][0] != $username){ + return(NULL); + } } /* got user dn, fill acl's */ $ui= new userinfo($config, $ldap->getDN()); - $ui->username= $username; + $ui->username= $attrs['uid'][0]; /* password check, bind as user with supplied password */ $ldap->disconnect(); @@ -476,7 +487,7 @@ function add_lock ($object, $user) $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$user)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!preg_match("/Success/i", $ldap->error)){ - print_red (sprintf(_("Can't set locking information in LDAP database. Please check the 'config' entry in gosa.conf! LDAP server says '%s'."), $ldap->get_error())); + print_red (sprintf(_("Can't set locking information in LDAP database. Please check the 'config' entry in %s! LDAP server says '%s'."),CONFIG_FILE, $ldap->get_error())); return; } @@ -557,7 +568,7 @@ function get_lock ($object) $ldap->cd ($config->current['CONFIG']); $ldap->search("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!preg_match("/Success/i", $ldap->error)){ - print_red (_("Can't get locking information in LDAP database. Please check the 'config' entry in gosa.conf!")); + print_red (sprintf(_("Can't get locking information in LDAP database. Please check the 'config' entry in %s!"),CONFIG_FILE)); return(""); } @@ -763,9 +774,29 @@ function get_permissions ($dn, $subtreeACL) } -function get_module_permission($acl_array, $module, $dn) -{ - global $ui; +function get_module_permission($acl_array, $module, $dn, $checkTag= TRUE){ + global $ui, $config; + + /* Check for strict tagging */ + $ttag= ""; + if ($checkTag && isset($config->current['STRICT_UNITS']) && + preg_match('/^(yes|true)$/i', $config->current['STRICT_UNITS']) && + $ui->gosaUnitTag != ""){ + $size= 0; + foreach ($config->tdepartments as $tdn => $tag){ + if (preg_match("/$tdn$/", $dn)){ + if (strlen($tdn) > $size){ + $size= strlen($tdn); + $ttag= $tag; + } + } + } + + /* We have no permission for areas that don't carry our tag */ + if ($ttag != $ui->gosaUnitTag){ + return ("#none#"); + } + } $final= ""; foreach($acl_array as $acl){ @@ -943,6 +974,10 @@ function is_phone_nr($nr) return preg_match ("/^[\/0-9 ()+*-]+$/", $nr); } +function is_dns_name($str) +{ + return(preg_match("/^[a-z0-9\.\-]*$/i",$str)); +} function is_url($url) { @@ -1126,15 +1161,62 @@ function print_red() } if(isset($_SESSION['errors']) && strlen($_SESSION['errors'])==0) { - $_SESSION['errors'].= "
+ +
+
"; + $hide = "hide(\"e_layer\");hide(\"e_layer2\");hide(\"e_layer3\");"; + }else{ + + $_SESSION['errors'].= " +
+
"; + $hide = "hide(\"e_layer\");hide(\"e_layer2\");"; + } + + $_SESSION['errors'].= " +
". "". - "

"._("An error occured while processing your request"). - "

$string

$addmsg

$string

$addmsg

"; } @@ -1378,9 +1460,9 @@ function print_header($image, $headline, $info= "") $display.= " "; $display.= "
\n"; } - if (isset($_SESSION['errors'])){ - $display.= $_SESSION['errors']; - } +# if (isset($_SESSION['errors'])){ +# $display.= $_SESSION['errors']; +# } return ($display); } @@ -1658,7 +1740,7 @@ function gen_uids($rule, $attributes) if ($rule[$pos] == "}" ){ $variables[$pos]= expand_id($part, $attributes); - $stripped.= "\{$pos}"; + $stripped.= "{".$pos."}"; $trigger= false; continue; } @@ -2159,6 +2241,66 @@ function is_php4() } +function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false) +{ + /* Initialize variables */ + $ret = array("count" => 0); // Set count to 0 + $next = true; // if false, then skip next loops and return + $cnt = 0; // Current number of loops + $max = 100; // Just for security, prevent looops + $ldap = NULL; // To check if created result a valid + $keep = ""; // save last failed parse string + + /* Check each parsed dn in ldap ? */ + if($config!=NULL && $verify_in_ldap){ + $ldap = $config->get_ldap_link(); + } + + /* Lets start */ + $called = false; + while(preg_match("/,/",$dn) && $next && $cnt < $max){ + + $cnt ++; + if(!preg_match("/,/",$dn)){ + $next = false; + } + $object = preg_replace("/[,].*$/","",$dn); + $dn = preg_replace("/^[^,]+,/","",$dn); + + $called = true; + + /* Check if current dn is valid */ + if($ldap!=NULL){ + $ldap->cd($dn); + $ldap->cat($dn,array("dn")); + if($ldap->count()){ + $ret[] = $keep.$object; + $keep = ""; + }else{ + $keep .= $object.","; + } + }else{ + $ret[] = $keep.$object; + $keep = ""; + } + } + + /* No dn was posted */ + if($cnt == 0 && !empty($dn)){ + $ret[] = $dn; + } + + /* Append the rest */ + $test = $keep.$dn; + if($called && !empty($test)){ + $ret[] = $keep.$dn; + } + $ret['count'] = count($ret) - 1; + + return($ret); +} + + function get_base_from_hook($dn, $attrib) { global $config; @@ -2169,18 +2311,18 @@ function get_base_from_hook($dn, $attrib) $command= $config->current['BASE_HOOK']; if ($command != ""){ - $command.= " '$dn' $attrib"; + $command.= " '".LDAP::fix($dn)."' $attrib"; if (check_command($command)){ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute"); exec($command, $output); if (preg_match("/^[0-9]+$/", $output[0])){ return ($output[0]); } else { - print_red(_("Warning - base_hook is not avialable. Using default base.")); + print_red(_("Warning - base_hook is not available. Using default base.")); return ($config->current['UIDBASE']); } } else { - print_red(_("Warning - base_hook is not avialable. Using default base.")); + print_red(_("Warning - base_hook is not available. Using default base.")); return ($config->current['UIDBASE']); } @@ -2193,5 +2335,288 @@ function get_base_from_hook($dn, $attrib) } } +/* Schema validation functions */ + + function check_schema_version($class, $version) + { + return preg_match("/\(v$version\)/", $class['DESC']); + } + + + + function check_schema($cfg,$rfc2307bis = FALSE) + { + + $messages= array(); + + /* Get objectclasses */ + $ldap = new LDAP($cfg['admin'],$cfg['password'],$cfg['connection'] ,FALSE,$cfg['tls']); + $objectclasses = $ldap->get_objectclasses(); + if(count($objectclasses) == 0){ + print_red(_("Can't get schema information from server. No schema check possible!")); + } + + /* This is the default block used for each entry. + * to avoid unset indexes. + */ + $def_check = array("REQUIRED_VERSION" => "0", + "SCHEMA_FILES" => array(), + "CLASSES_REQUIRED" => array(), + "STATUS" => FALSE, + "IS_MUST_HAVE" => FALSE, + "MSG" => "", + "INFO" => "");#_("There is currently no information specified for this schema extension.")); + + /* The gosa base schema */ + $checks['gosaObject'] = $def_check; + $checks['gosaObject']['REQUIRED_VERSION'] = "2.4"; + $checks['gosaObject']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema"); + $checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject"); + $checks['gosaObject']['IS_MUST_HAVE'] = TRUE; + + /* GOsa Account class */ + $checks["gosaAccount"]["REQUIRED_VERSION"]= "2.4"; + $checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema"); + $checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount"); + $checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE; + $checks["gosaAccount"]["INFO"] = _("Used to store account specific informations."); + + /* GOsa lock entry, used to mark currently edited objects as 'in use' */ + $checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.4"; + $checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa+samba3.schema","gosa.schema"); + $checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry"); + $checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE; + $checks["gosaLockEntry"]["INFO"] = _("Used to lock currently edited entries to avoid multiple changes at the same time."); + + /* Some other checks */ + foreach(array( + "gosaCacheEntry" => array("version" => "2.4"), + "gosaDepartment" => array("version" => "2.4"), + "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), + "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), + "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"), + "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"), + "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"), + "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"), + "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"), + "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"), + "GOhard" => array("version" => "2.5", "class" => "terminals","file" => "goto.schema"), + "gotoTerminal" => array("version" => "2.5", "class" => "terminals","file" => "goto.schema"), + "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"), + "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"), + "goShareServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"), + "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"), + "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"), + "goLdapServer" => array("version" => "2.4"), + "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),), + "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3. schema"), + "goKrbServer" => array("version" => "2.4"), + "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"), + ) as $name => $values){ + + $checks[$name] = $def_check; + if(isset($values['version'])){ + $checks[$name]["REQUIRED_VERSION"] = $values['version']; + } + if(isset($values['file'])){ + $checks[$name]["SCHEMA_FILES"] = array($values['file']); + } + $checks[$name]["CLASSES_REQUIRED"] = array($name); + } + foreach($checks as $name => $value){ + foreach($value['CLASSES_REQUIRED'] as $class){ + + if(!isset($objectclasses[$name])){ + $checks[$name]['STATUS'] = FALSE; + if($value['IS_MUST_HAVE']){ + $checks[$name]['MSG'] = sprintf(_("The required objectClass '%s' is not present in your schema setup"),$class); + }else{ + $checks[$name]['MSG'] = sprintf(_("The optional objectClass '%s' is not present in your schema setup"),$class); + } + }elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){ + $checks[$name]['STATUS'] = FALSE; + + if($value['IS_MUST_HAVE']){ + $checks[$name]['MSG'] = sprintf(_("The required objectclass '%s' does not have version %s"), $class, $value['REQUIRED_VERSION']); + }else{ + $checks[$name]['MSG'] = sprintf(_("The optional objectclass '%s' does not have version %s"), $class, $value['REQUIRED_VERSION']); + } + }else{ + $checks[$name]['STATUS'] = TRUE; + $checks[$name]['MSG'] = sprintf(_("Class(es) available")); + } + } + } + + $tmp = $objectclasses; + + + /* The gosa base schema */ + $checks['posixGroup'] = $def_check; + $checks['posixGroup']['REQUIRED_VERSION'] = "2.4"; + $checks['posixGroup']['SCHEMA_FILES'] = array("gosa+samba3.schema","gosa.schema"); + $checks['posixGroup']['CLASSES_REQUIRED'] = array("posixGroup"); + $checks['posixGroup']['STATUS'] = TRUE; + $checks['posixGroup']['IS_MUST_HAVE'] = TRUE; + $checks['posixGroup']['MSG'] = ""; + $checks['posixGroup']['INFO'] = ""; + + /* Depending on selected rfc2307bis mode, we need different schema configurations */ + if(isset($tmp['posixGroup'])){ + + if($rfc2307bis && isset($tmp['posixGroup']['STRUCTURAL'])){ + $checks['posixGroup']['STATUS'] = FALSE; + $checks['posixGroup']['MSG'] = _("You have enabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option."); + $checks['posixGroup']['INFO'] = _("In order to use rfc2307bis conform groups the objectClass 'posixGroup' must be AUXILIARY"); + } + if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){ + $checks['posixGroup']['STATUS'] = FALSE; + $checks['posixGroup']['MSG'] = _("You have disabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option."); + $checks['posixGroup']['INFO'] = _("The objectClass 'posixGroup' must be STRUCTURAL"); + } + } + + return($checks); + } + + + + +function mac2company($mac) +{ + $vendor= ""; + + /* Generate a normailzed mac... */ + $mac= substr(preg_replace('/[:-]/', '', $mac), 0, 6); + + /* Check for existance of the oui file */ + if (!is_readable(CONFIG_DIR."/oui.txt")){ + return (""); + } + + /* Open file and look for mac addresses... */ + $handle = @fopen(CONFIG_DIR."/oui.txt", "r"); + if ($handle) { + while (!feof($handle)) { + $line = fgets($handle, 4096); + + if (preg_match("/^$mac/i", $line)){ + $vendor= substr($line, 32); + } + } + fclose($handle); + } + + return ($vendor); +} + + +function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FALSE) +{ + $tmp = array( + "de_DE" => "German", + "fr_FR" => "French", + "it_IT" => "Italian", + "es_ES" => "Spanish", + "en_US" => "English", + "nl_NL" => "Dutch", + "pl_PL" => "Polish", + "sv_SE" => "Swedish", + "zh_CN" => "Chinese", + "ru_RU" => "Russian"); + + $tmp2= array( + "de_DE" => _("German"), + "fr_FR" => _("French"), + "it_IT" => _("Italian"), + "es_ES" => _("Spanish"), + "en_US" => _("English"), + "nl_NL" => _("Dutch"), + "pl_PL" => _("Polish"), + "sv_SE" => _("Swedish"), + "zh_CN" => _("Chinese"), + "ru_RU" => _("Russian")); + + $ret = array(); + if($languages_in_own_language){ + + $old_lang = setlocale(LC_ALL, 0); + foreach($tmp as $key => $name){ + $lang = $key.".UTF-8"; + setlocale(LC_ALL, $lang); + if($strip_region_tag){ + $ret[preg_replace("/^([^_]*).*$/","\\1",$key)] = _($name)." (".$tmp2[$key].")"; + }else{ + $ret[$key] = _($name)."  (".$tmp2[$key].")"; + } + } + setlocale(LC_ALL, $old_lang); + }else{ + foreach($tmp as $key => $name){ + if($strip_region_tag){ + $ret[preg_replace("/^([^_]*).*/","\\1",$key)] = _($name); + }else{ + $ret[$key] = _($name); + } + } + } + return($ret); +} + + +/* Check if $ip1 and $ip2 represents a valid IP range + * returns TRUE in case of a valid range, FALSE in case of an error. + */ +function is_ip_range($ip1,$ip2) +{ + if(!is_ip($ip1) || !is_ip($ip2)){ + return(FALSE); + }else{ + $ar1 = split("\.",$ip1); + $var1 = $ar1[0] * (16777216) + $ar1[1] * (65536) + $ar1[2] * (256) + $ar1[3]; + + $ar2 = split("\.",$ip2); + $var2 = $ar2[0] * (16777216) + $ar2[1] * (65536) + $ar2[2] * (256) + $ar2[3]; + return($var1 < $var2); + } +} + + +/* Check if the specified IP address $address is inside the given network */ +function is_in_network($network, $netmask, $address) +{ + $nw= split('\.', $network); + $nm= split('\.', $netmask); + $ad= split('\.', $address); + + /* Generate inverted netmask */ + for ($i= 0; $i<4; $i++){ + $ni[$i]= 255-$nm[$i]; + $la[$i]= $nw[$i] | $ni[$i]; + } + + /* Transform to integer */ + $first= $nw[0] * (16777216) + $nw[1] * (65536) + $nw[2] * (256) + $nw[3]; + $curr= $ad[0] * (16777216) + $ad[1] * (65536) + $ad[2] * (256) + $ad[3]; + $last= $la[0] * (16777216) + $la[1] * (65536) + $la[2] * (256) + $la[3]; + + return ($first < $curr&& $last > $curr); +} + + +/* Returns contents of the given POST variable and check magic quotes settings */ +function get_post($name) +{ + if(!isset($_POST[$name])){ + trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message."); + return(FALSE); + } + if(get_magic_quotes_gpc()){ + return(stripcslashes($_POST[$name])); + }else{ + return($_POST[$name]); + } +} + // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>