![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2004-2005 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 class sambaAccount extends plugin
22 {
23 /* Definitions */
24 var $plHeadline= "Samba";
25 var $plDescription= "Manage personal Samba settings";
26 var $view_logged = FALSE;
28 // Domaind information, gid, sid, rid
29 var $uid= "";
30 var $uidNumber= 65535;
31 var $gidNumber= 65535;
32 var $SID= "";
33 var $ridBase= 0;
34 var $sambaSID= "";
35 var $orig_sambaDomainName= "";
36 var $sambaDomainName= "";
38 // Some of these attributes are just used to
39 // display the domain information dialog, and
40 // thus not writte back to the ldap.
41 var $sambaBadPasswordCount= "";
42 var $sambaBadPasswordTime= "";
43 var $sambaPasswordHistory= "";
44 var $sambaLogonHours= "";
45 var $sambaPwdLastSet= "0";
46 var $sambaLogonTime= "0";
47 var $sambaLogoffTime= "2147483647";
48 var $sambaKickoffTime= "";
49 var $sambaPwdCanChange= "0";
50 var $sambaPwdMustChange= "0";
52 // Flags (checkboxes) to restrict account settings.
53 var $sambaAcctFlags= "[UX ]";
54 var $flag_enforcePasswordChange = FALSE;
55 var $flag_passwordNeverExpires = FALSE;
56 var $flag_noPasswordRequired = FALSE;
57 var $flag_temporaryDisabled = FALSE;
58 var $flag_cannotChangePassword = FALSE;
59 var $flag_sambaKickoffTime = FALSE;
61 // String values
62 var $sambaHomePath= "";
63 var $sambaHomeDrive= "";
64 var $sambaLogonScript= "";
65 var $sambaProfilePath= "";
66 var $sambaPrimaryGroupSID= "";
67 var $sambaUserWorkstations= "";
69 // Munged object.
70 var $sambaMungedDial= "";
71 var $mungedObject;
73 /* Helper */
74 var $cache = array();
75 var $trustSelect= FALSE;
77 /* attribute list for save action */
78 var $ctxattributes= array();
79 var $attributes= array("sambaSID", "sambaPwdLastSet", "sambaLogonTime",
80 "sambaLogoffTime", "sambaKickoffTime", "sambaPwdCanChange",
81 "sambaPwdMustChange", "sambaAcctFlags", "uid", "sambaMungedDial",
82 "sambaHomePath", "sambaHomeDrive", "sambaLogonScript",
83 "sambaProfilePath", "sambaPrimaryGroupSID", "sambaDomainName",
84 "sambaUserWorkstations", "sambaPasswordHistory",
85 "sambaLogonHours", "sambaBadPasswordTime",
86 "sambaBadPasswordCount");
87 var $objectclasses= array('sambaSamAccount');
89 var $CopyPasteVars = array("mungedObject","orig_sambaDomainName");
91 var $multiple_support = TRUE;
92 var $multiple_sambaUserWorkstations = array();
95 function sambaAccount (&$config, $dn= NULL)
96 {
98 plugin::plugin ($config, $dn);
100 // Set current uid if possible.
101 if(isset($this->attrs['uid'][0])){
102 $this->uid = $this->attrs['uid'][0];
103 }
105 // Get samba domain and its sid/rid base
106 if ($this->sambaSID != ""){
107 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
108 $ldap= $this->config->get_ldap_link();
109 $ldap->cd($this->config->current['BASE']);
110 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase","sambaDomainName"));
111 if ($ldap->count() != 0){
112 $attrs= $ldap->fetch();
113 if(isset($attrs['sambaAlgorithmicRidBase'])){
114 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
115 } else {
116 $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
117 }
118 if ($this->sambaDomainName == ""){
119 $this->sambaDomainName= $attrs['sambaDomainName'][0];
120 }
121 } else {
123 // Fall back to a 'DEFAULT' domain, if none was found in LDAP.
124 if ($this->sambaDomainName == "") $this->sambaDomainName= "DEFAULT";
126 // Nothing in ldap, use configured sid and rid values.
127 $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
128 $this->SID= $this->config->get_cfg_value("core","sambaSid");
129 }
130 }
132 // Keep original domain name and plugin status, to be able to detect modifications.
133 $this->orig_sambaDomainName= $this->sambaDomainName;
134 $this->initially_was_account= $this->is_account;
136 // Instantiate munged object and load info.
137 $this->mungedObject= new sambaMungedDial;
138 $this->ctxattributes= $this->mungedObject->ctxattributes;
139 if (isset($this->attrs['sambaMungedDial'])){
140 $this->mungedObject->load($this->sambaMungedDial);
141 }
143 // Load flags
144 $this->loadFlagsFromSource($this->attrs);
146 // Set kickOffTime to date
147 if(isset($this->attrs['sambaKickoffTime'][0])){
148 $this->sambaKickoffTime = date("d.m.Y", $this->sambaKickoffTime);
149 $this->flag_sambaKickoffTime = TRUE;
150 }
151 }
154 function loadFlagsFromSource($attrs)
155 {
157 // Samba flag description
158 // ----------------------
159 // The Official Samba 3.2.x HOWTO and Reference Guide
160 // Jelmer R. Vernooij, John H. Terpstra, and Gerald (Jerry) Carter
161 // May 27, 2009
162 // ----------------------
163 // D - Account is disabled.
164 // H - A home directory is required.
165 // I - An inter-domain trust account.
166 // L - Account has been auto-locked.
167 // M - An MNS (Microsoft network service) logon account.
168 // N - Password not required.
169 // S - A server trust account.
170 // T - Temporary duplicate account entry.
171 // U - A normal user account.
172 // W - A workstation trust account.
173 // X - Password does not expire.
175 // sambaPwdCanChange
176 // _______________
177 // Specifies the time (UNIX time format) after which the user is allowed to change his password.
178 // If this attribute is not set, the user will be free to change his password whenever he wants.
180 // sambaPwdLastSet
181 // _______________
182 // The integer time in seconds since 1970 when the sambaLMPassword and sambaNTPassword attributes were last set.
184 // sambaPwdMustChange
185 // _______________
186 // Specifies the time (UNIX time format) when the user is forced to change his password. If this
187 // value is set to 0, the user will have to change his password at first login. If this attribute is not
188 // set, then the password will never expire.
191 // A password change is enforced by using a timestamp in sambaPwdMustChange.
192 // We simple set it to '0' to enforce a change.
193 // --------------------------------
194 // Normally it contains a timestamp, which specifies and expiration date.
195 $this->flag_enforcePasswordChange = (isset($attrs['sambaPwdMustChange']) && $attrs['sambaPwdMustChange'][0] == '0');
197 // A user cannot change his password until the given timestamp has reached.
198 // We simply set it to max int to disallow a password change till the timestamp reaches 4294967295,
199 // this is definitly far in the future and thus disallows a password change at all.
200 // --------------------------------
201 // The user is not able to change his password while sambaPwdCanChange is 4294967295 (Integer 32 Bit max)
202 $this->flag_cannotChangePassword = (isset($attrs['sambaPwdCanChange']) && $attrs['sambaPwdCanChange'][0] == '4294967295');
204 // Load samba account flags
205 if(isset($attrs['sambaAcctFlags'][0])){
206 $this->sambaAcctFlags = $attrs['sambaAcctFlags'][0];
208 // A password never expires if 'sambaAcctFlags' contains 'X'.
209 // (See flags above for details)
210 $this->flag_passwordNeverExpires = preg_match("/X/i", $this->sambaAcctFlags);
212 // A password is NOT required if 'sambaAcctFlags' contains 'N'.
213 // (See flags above for details)
214 $this->flag_noPasswordRequired = preg_match("/N/i", $this->sambaAcctFlags);
216 // A account is locked if if 'sambaAcctFlags' contains 'L' or 'D'.
217 // (See flags above for details)
218 $this->flag_temporaryDisabled = preg_match("/L/i", $this->sambaAcctFlags) ||
219 preg_match("/D/i", $this->sambaAcctFlags);
221 }
222 }
224 function execute()
225 {
226 /* Call parent execute */
227 plugin::execute();
229 /* Log view */
230 if($this->is_account && !$this->view_logged){
231 $this->view_logged = TRUE;
232 new log("view","users/".get_class($this),$this->dn);
233 }
235 /* Do we need to flip is_account state? */
236 if (isset($_POST['modify_state'])){
237 $this->is_account= !$this->is_account;
238 }
239 /* Do we represent a valid account? */
240 if (!$this->is_account && $this->parent === NULL){
241 $display= "<img alt=\"\"src=\"images/small-error.png\" align=\"middle\"> <b>".
242 msgPool::noValidExtension(_("Samba"))."</b>";
243 $display.= back_to_main();
244 return ($display);
245 }
247 $display ="";
248 if(!$this->multiple_support_active){
250 // Show tab heades to activate and deactivate the samba extension.
251 $display= "";
252 if ($this->parent !== NULL){
253 if ($this->is_account){
254 $display= $this->show_disable_header(msgPool::removeFeaturesButton(_("Samba")),
255 msgPool::featuresEnabled(_("Samba")));
256 } else {
258 // Samba3 dependency on posix accounts are enabled in the moment, because I need to rely on unique
259 // uidNumbers. There'll be a better solution later on.
260 $obj= $this->parent->by_object['posixAccount'];
261 if ($obj->is_account){
262 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
263 msgPool::featuresDisabled(_("Samba")));
264 } else {
265 $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
266 msgPool::featuresDisabled(_("Samba"), _("POSIX")), TRUE);
267 }
268 return ($display);
269 }
270 }
271 }
273 // Editing from the MyAccount/Personal section may be disabled until we've pressed the 'edit' button.
274 $SkipWrite = (!isset($this->parent) || !$this->parent) && !session::is_set('edit');
277 // Handle the samba logon hours dialog here, instantiate it on request.
278 if(isset($_POST['SetSambaLogonHours']) && $this->acl_is_readable("sambaLogonHours")){
279 $this->dialog = new sambaLogonHours($this->config,$this->dn,$this->sambaLogonHours, $this->getacl('sambaLogonHours'));
280 }
281 if(isset($_POST['cancel_logonHours'])){
282 $this->dialog = FALSE;
283 }
284 if(isset($_POST['save_logonHours'])){
285 $this->dialog->save_object();
286 if($this->acl_is_writeable("sambaLogonHours")){
287 $this->sambaLogonHours = $this->dialog->save();
288 }
289 $this->dialog = FALSE;
290 }
291 if((isset($this->dialog)) && (is_object($this->dialog))){
292 $this->dialog->save_object();
293 return($this->dialog->execute());
294 }
297 // Get smarty
298 $smarty= get_smarty();
299 $smarty->assign("usePrototype", "true");
301 // Assign GOsa ACLs
302 $tmp = $this->plInfo();
303 foreach($tmp['plProvidedAcls'] as $var => $rest){
304 $smarty->assign($var."ACL",$this->getacl($var,$SkipWrite));
305 }
307 if(!session::is_set('edit') && !isset($this->parent)){
308 $smarty->assign("sambaLogonHoursACL","");
309 }
312 // Handle workstation list - Remove entries.
313 if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
314 if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){
315 if($this->multiple_support_active){
316 foreach($_POST['workstation_list'] as $name){
317 if(isset($this->multiple_sambaUserWorkstations[trim($name)])){
318 unset($this->multiple_sambaUserWorkstations[trim($name)]);
319 }
320 }
321 }else{
322 $tmp= $this->sambaUserWorkstations;
323 foreach($_POST['workstation_list'] as $name){
324 $tmp= preg_replace("/$name/", '', $tmp);
325 $this->is_modified= TRUE;
326 }
327 $tmp= preg_replace('/,+/', ',', $tmp);
328 $this->sambaUserWorkstations= trim($tmp, ',');
329 }
330 }
331 }
333 // Handle trust maschines/accessTo list
334 if (isset($_POST["add_ws"])){
335 if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){
336 $this->trustSelect= new trustSelect($this->config,get_userinfo());
337 $this->dialog= TRUE;
338 }
339 }
341 // Dialog canceled
342 if (isset($_POST["add_ws_cancel"])){
343 $this->trustSelect= FALSE;
344 $this->dialog= FALSE;
345 }
347 // Add selected machines to trusted ones.
348 if (isset($_POST["add_ws_finish"]) && $this->trustSelect){
349 $trusts = $this->trustSelect->detectPostActions();
350 if(isset($trusts['targets'])){
351 $headpage = $this->trustSelect->getHeadpage();
352 if($this->multiple_support_active){
353 foreach($trusts['targets'] as $id){
354 $attrs = $headpage->getEntry($id);
355 $we =$attrs['cn'][0];
356 $this->multiple_sambaUserWorkstations[trim($we)] = array("Name" => trim($ws), "UsedByAllUsers" => TRUE);
357 }
358 }else{
360 $tmp= $this->sambaUserWorkstations;
361 foreach($trusts['targets'] as $id){
362 $attrs = $headpage->getEntry($id);
363 $we =$attrs['cn'][0];
364 $tmp.= ",$we";
365 }
366 $tmp= preg_replace('/,+/', ',', $tmp);
367 $this->sambaUserWorkstations= trim($tmp, ',');
368 }
370 $this->is_modified= TRUE;
371 }
372 $this->trustSelect= NULL;
373 $this->dialog= FALSE;
374 }
376 // Display trust dialog
377 if ($this->trustSelect){
378 session::set('filterBlacklist', array('cn' => preg_split('/,/',$this->sambaUserWorkstations)));
379 return($this->trustSelect->execute());
380 }
383 // Fill domain selection.
384 $domains= array_keys($this->config->data['SERVERS']['SAMBA']);
385 $smarty->assign("domains", set_post($domains));
387 // Fill drive letters.
388 $letters= array("");
389 for ($i= 68; $i<91; $i++){
390 $letters[]= chr($i).":";
391 }
392 $smarty->assign("drives", $letters);
395 // Fill terminal server setttings
396 foreach ($this->ctxattributes as $attr){
397 if (isset($this->mungedObject->ctx[$attr])){
398 $smarty->assign("$attr", set_post($this->mungedObject->ctx[$attr]));
400 // Set field to blank if value is 0
401 if(in_array_strict($attr, array("CtxMaxConnectionTime", "CtxMaxDisconnectionTime", "CtxMaxIdleTime"))) {
402 if($this->mungedObject->ctx[$attr] == 0) {
403 $smarty->assign("$attr", "");
404 }
405 }
406 } else {
407 $smarty->assign("$attr", "");
408 }
409 }
411 // Assign enum values for preset items.
412 $shadowModeVals= array(
413 "0" => _("disabled"),
414 "1" => _("input on, notify on"),
415 "2" => _("input on, notify off"),
416 "3" => _("input off, notify on"),
417 "4" => _("input off, notify off"));
418 $brokenConnModeVals= array(
419 "0" => _("disconnect"),
420 "1" => _("reset"));
421 $reConnModeVals= array( "0" => _("from any client"),
422 "1" => _("from previous client only"));
423 $smarty->assign("shadow", set_post($shadowModeVals));
424 $smarty->assign("brokenconn", set_post($brokenConnModeVals));
425 $smarty->assign("reconn", set_post($reConnModeVals));
427 // Fill preset items with values
428 $smarty->assign("shadowmode", set_post($this->mungedObject->getShadow()));
429 $smarty->assign("brokenconnmode", set_post($this->mungedObject->getBrokenConn()));
430 $smarty->assign("reconnmode", set_post($this->mungedObject->getReConn()));
433 // Set form elements to disabled/enable state
434 $smarty->assign("tsloginstate", $this->mungedObject->getTsLogin()?"":"disabled");
435 $smarty->assign("inheritstate", "");
436 if($this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)){
437 $smarty->assign("inheritstate", $this->mungedObject->getInheritMode()?"disabled":"");
438 }
440 // Set checkboxes to checked or unchecked state
441 $smarty->assign("tslogin", $this->mungedObject->getTsLogin()?"checked":"");
442 $smarty->assign("inherit", $this->mungedObject->getInheritMode()?"checked":"");
443 $smarty->assign("connectclientdrives",
444 $this->mungedObject->getConnectClientDrives()?"checked":"");
445 $smarty->assign("connectclientprinters",
446 $this->mungedObject->getConnectClientPrinters()?"checked":"");
447 $smarty->assign("defaultprinter",
448 $this->mungedObject->getDefaultPrinter()?"checked":"");
449 $smarty->assign("CtxMaxConnectionTimeF",
450 $this->mungedObject->getCtxMaxConnectionTimeF()?"checked":"");
451 $smarty->assign("CtxMaxDisconnectionTimeF",
452 $this->mungedObject->getCtxMaxDisconnectionTimeF()?"checked":"");
453 $smarty->assign("CtxMaxIdleTimeF",
454 $this->mungedObject->getCtxMaxIdleTimeF()?"checked":"");
457 // Fill sambaUserWorkstations
458 $ws= explode(",", $this->sambaUserWorkstations);
459 sort($ws);
461 // Tidy checks for empty option, and smarty will produce one if array[0]=""
462 if(($ws[0]=="")&&(count($ws)==1)) $ws=array();
463 if($this->multiple_support_active){
464 $smarty->assign("multiple_workstations",$this->multiple_sambaUserWorkstations);
465 }
466 $smarty->assign("workstations", set_post($ws));
469 // Assign plugin values
470 foreach($this->attributes as $val){
471 $smarty->assign("$val", set_post($this->$val));
472 }
474 // Assign munged attributes
475 foreach($this->mungedObject->getOnDemandFlags() as $key => $value) {
476 $smarty->assign("$key", set_post($value));
477 }
479 // Assign selected multi edit checkbox values.
480 foreach($this->attributes as $attr){
481 if(in_array_strict($attr,$this->multi_boxes)){
482 $smarty->assign("use_".$attr,TRUE);
483 }else{
484 $smarty->assign("use_".$attr,FALSE);
485 }
486 }
487 foreach(array("tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
488 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF",
489 "CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
490 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
491 "onnectclientprinters","defaultprinter","shadow","brokenconn",
492 "reconn","connectclientprinters","SetSambaLogonHours",
493 "workstation_list","sambaKickoffTime",
494 "enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
495 "temporaryDisabled","cannotChangePassword") as $attr){
497 if(in_array_strict($attr,$this->multi_boxes)){
498 $smarty->assign("use_".$attr,TRUE);
499 }else{
500 $smarty->assign("use_".$attr,FALSE);
501 }
502 }
504 if($this->multiple_support_active){
505 $smarty->assign("tsloginstate","");
506 }
508 // Create additional info for sambaKickOffTime and sambaPwdMustChange.
509 // e.g. Display effective kickoff time. Domain policy + user settings.
510 $additional_info_PwdMustChange = "";
512 // Calculate effective max Password Age
513 // This can only be calculated if sambaPwdLastSet ist set.
514 if(isset($this->attrs['sambaPwdLastSet'][0])){
515 $last = $this->attrs['sambaPwdLastSet'][0];
516 $sid = $this->get_domain_info();
517 if(isset($sid['sambaMaxPwdAge'][0])){
518 $d = ($last + $sid['sambaMaxPwdAge'][0]) - time();
520 // A negative value means the password is outdated
521 if($d < 0){
522 $additional_info_PwdMustChange = sprintf(_("The password is outdated since %s, by domain policy."),
523 date("d.m.Y H:i:s",$last + $sid['sambaMaxPwdAge'][0]));
524 }else{
525 $additional_info_PwdMustChange = sprintf(_("The password is valid till %s."),
526 date("d.m.Y H:i:s", ($last + $sid['sambaMaxPwdAge'][0])));
527 }
528 }
529 }
531 // Assign flags
532 foreach(array("flag_enforcePasswordChange", "flag_passwordNeverExpires", "flag_noPasswordRequired",
533 "flag_temporaryDisabled","flag_cannotChangePassword","flag_sambaKickoffTime") as $attr){
534 $smarty->assign($attr, set_post($this->$attr));
535 }
537 $smarty->assign("additional_info_PwdMustChange",set_post($additional_info_PwdMustChange));
538 $smarty->assign("multiple_support",$this->multiple_support_active);
539 $display.= $smarty->fetch (get_template_path('samba3.tpl', TRUE, dirname(__FILE__)));
540 return ($display);
541 }
544 /*! \brief Returns the samba Domain object, selected in the samba tab.
545 */
546 function get_domain_info()
547 {
548 /* Only search once, return last result if available
549 */
550 if(!isset($this->cache['DOMAIN'][$this->sambaDomainName])){
551 $this->cache['DOMAIN'][$this->sambaDomainName] = array();
552 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
553 $cfg = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName];
554 $ldap = $this->config->get_ldap_link();
555 $ldap->cd($this->config->current['BASE']);
556 $ldap->search("(&(objectClass=sambaDomain)(sambaSID=".$cfg['SID']."))",array("*"));
557 if($ldap->count()){
558 $this->cache['DOMAIN'][$this->sambaDomainName] = $ldap->fetch();
559 }
560 }
561 }
562 return($this->cache['DOMAIN'][$this->sambaDomainName]);
563 }
567 function get_samba_information()
568 {
569 $zone = timezone::get_default_timezone();
571 /* Defaults
572 */
573 $sambaMinPwdLength = "unset";
574 $sambaPwdHistoryLength = "unset";
575 $sambaLogonToChgPwd = "unset";
576 $sambaMaxPwdAge = "unset";
577 $sambaMinPwdAge = "unset";
578 $sambaLockoutDuration = "unset";
579 $sambaLockoutThreshold = "unset";
580 $sambaForceLogoff = "unset";
581 $sambaRefuseMachinePwdChange = "unset";
582 $sambaPwdLastSet = "unset";
583 $sambaLogonTime = "unset";
584 $sambaLogoffTime = "unset";
586 $sambaKickoffTime = "unset";
587 $sambaPwdCanChange = "unset";
588 $sambaPwdMustChange = "unset";
589 $sambaBadPasswordCount = "unset";
590 $sambaBadPasswordTime = "unset";
592 /* Domain attributes
593 */
594 $domain_attributes = array("sambaMinPwdLength","sambaPwdHistoryLength","sambaMaxPwdAge",
595 "sambaMinPwdAge","sambaLockoutDuration","sambaRefuseMachinePwdChange",
596 "sambaLogonToChgPwd","sambaLockoutThreshold","sambaForceLogoff");
598 /* User attributes
599 */
600 $user_attributes = array("sambaBadPasswordTime","sambaPwdLastSet","sambaLogonTime","sambaLogoffTime",
601 "sambaKickoffTime","sambaPwdCanChange","sambaPwdMustChange","sambaBadPasswordCount", "sambaSID");
603 /* Get samba SID object and parse settings.
604 */
605 $ldap = $this->config->get_ldap_link();
606 $ldap->cd($this->config->current['BASE']);
607 if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
608 $attrs = $this->get_domain_info();
609 foreach($domain_attributes as $attr){
610 if(isset($attrs[$attr])){
611 $$attr = $attrs[$attr][0];
612 }
613 }
614 }
616 /* Get user infos
617 */
618 foreach($user_attributes as $attr){
619 if(isset($this->attrs[$attr])){
620 $$attr = $this->attrs[$attr][0];
621 }
622 }
623 if (is_numeric($sambaPwdMustChange)) {
624 $sambaPwdMustChange= date('d.m.Y', $sambaPwdMustChange);
625 }
626 if (is_numeric($sambaKickoffTime)) {
627 $sambaKickoffTime= date('d.m.Y', $sambaKickoffTime);
628 }
629 $sambaPwdCanChange = $this->sambaPwdCanChange;
632 /* DOMAIN Attributes
633 */
635 /* sambaMinPwdLength: Password length has a default of 5
636 */
637 if($sambaMinPwdLength == "unset" || $sambaMinPwdLength == 5){
638 $sambaMinPwdLength = "5 <i>("._("default").")</i>";
639 }
641 /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
642 */
643 if($sambaPwdHistoryLength == "unset" || $sambaPwdHistoryLength == 0){
644 $sambaPwdHistoryLength = _("Off")." <i>("._("default").")</i>";
645 }
647 /* sambaLogonToChgPwd: Force Users to logon for password change (default: 0 => off, 2 => on)
648 */
649 if($sambaLogonToChgPwd == "unset" || $sambaLogonToChgPwd == 0){
650 $sambaLogonToChgPwd = _("Off")." <i>("._("default").")</i>";
651 }else{
652 $sambaLogonToChgPwd = _("On");
653 }
655 /* sambaMaxPwdAge: Maximum password age, in seconds (default: -1 => never expire passwords)'
656 */
657 if($sambaMaxPwdAge == "unset" || $sambaMaxPwdAge == "-1"){
658 $sambaMaxPwdAge = _("disabled")." <i>("._("default").")</i>";
659 }else{
660 $sambaMaxPwdAge .= " "._("seconds");
661 }
663 /* sambaMinPwdAge: Minimum password age, in seconds (default: 0 => allow immediate password change
664 */
665 if($sambaMinPwdAge == "unset" || $sambaMinPwdAge == 0){
666 $sambaMinPwdAge = _("disabled")." <i>("._("default").")</i>";
667 }else{
668 $sambaMinPwdAge .= " "._("seconds");
669 }
671 /* sambaLockoutDuration: Lockout duration in minutes (default: 30, -1 => forever)
672 */
673 if($sambaLockoutDuration == "unset" || $sambaLockoutDuration == 30){
674 $sambaLockoutDuration = "30 "._("minutes")." <i>("._("default").")</i>";
675 }elseif($sambaLockoutDuration == -1){
676 $sambaLockoutDuration = _("forever");
677 }else{
678 $sambaLockoutDuration .= " "._("minutes");
679 }
681 /* sambaLockoutThreshold: Lockout users after bad logon attempts (default: 0 => off
682 */
683 if($sambaLockoutThreshold == "unset" || $sambaLockoutThreshold == 0){
684 $sambaLockoutThreshold = _("disabled")." <i>("._("default").")</i>";
685 }
687 /* sambaForceLogoff: Disconnect Users outside logon hours (default: -1 => off, 0 => on
688 */
689 if($sambaForceLogoff == "unset" || $sambaForceLogoff == -1){
690 $sambaForceLogoff = _("off")." <i>("._("default").")</i>";
691 }else{
692 $sambaForceLogoff = _("on");
693 }
695 /* sambaRefuseMachinePwdChange: Allow Machine Password changes (default: 0 => off
696 */
697 if($sambaRefuseMachinePwdChange == "none" || $sambaRefuseMachinePwdChange == 0){
698 $sambaRefuseMachinePwdChange = _("off")." <i>("._("default").")</i>";
699 }else{
700 $sambaRefuseMachinePwdChange = _("on");
701 }
703 /* USER Attributes
704 */
705 /* sambaBadPasswordTime: Time of the last bad password attempt
706 */
707 if($sambaBadPasswordTime == "unset" || empty($sambaBadPasswordTime)){
708 $sambaBadPasswordTime = "<i>("._("unset").")</i>";
709 }else{
710 $sambaBadPasswordTime = date("d.m.Y H:i:s",$sambaBadPasswordTime);
711 }
713 /* sambaBadPasswordCount: Bad password attempt count
714 */
715 if($sambaBadPasswordCount == "unset" || empty($sambaBadPasswordCount)){
716 $sambaBadPasswordCount = "<i>("._("unset").")</i>";
717 }else{
718 $sambaBadPasswordCount = date("d.m.Y H:i:s",$sambaBadPasswordCount);
719 }
721 /* sambaPwdLastSet: Timestamp of the last password update
722 */
723 if($sambaPwdLastSet == "unset" || empty($sambaPwdLastSet)){
724 $sambaPwdLastSet = "<i>("._("unset").")</i>";
725 }else{
726 $sambaPwdLastSet = date("d.m.Y H:i:s",$sambaPwdLastSet);
727 }
729 /* sambaLogonTime: Timestamp of last logon
730 */
731 if($sambaLogonTime == "unset" || empty($sambaLogonTime)){
732 $sambaLogonTime = "<i>("._("unset").")</i>";
733 }else{
734 $sambaLogonTime = date("d.m.Y H:i:s",$sambaLogonTime);
735 }
737 /* sambaLogoffTime: Timestamp of last logoff
738 */
739 if($sambaLogoffTime == "unset" || empty($sambaLogoffTime)){
740 $sambaLogoffTime = "<i>("._("unset").")</i>";
741 }else{
742 $sambaLogoffTime = date("d.m.Y H:i:s",$sambaLogoffTime);
743 }
745 /* sambaKickoffTime: Timestamp of when the user will be logged off automatically
746 */
747 if($sambaKickoffTime == "unset" || empty($sambaKickoffTime)){
748 $sambaKickoffTime = "<i>("._("unset").")</i>";
749 }
751 /* sambaPwdMustChange: Timestamp of when the password will expire
752 */
753 if($sambaPwdMustChange == "unset" || empty($sambaPwdMustChange)){
754 $sambaPwdMustChange = "<i>("._("unset").")</i>";
755 }
757 /* sambaPwdCanChange: Timestamp of when the user is allowed to update the password
758 */
759 if($sambaPwdCanChange == "unset" || empty($sambaPwdCanChange)){
760 $sambaPwdCanChange = "<i>("._("unset").")</i>";
761 }elseif($sambaPwdCanChange != "unset" && time() > $sambaPwdCanChange){
762 $sambaPwdCanChange = _("immediately") ;
763 }else{
764 $days = floor((($sambaPwdCanChange - time()) / 60 / 60 / 24)) ;
765 $hours = floor((($sambaPwdCanChange - time()) / 60 / 60) % 24) ;
766 $minutes = floor((($sambaPwdCanChange - time()) / 60 ) % 60) ;
768 $sambaPwdCanChange = " ".$days." "._("days");
769 $sambaPwdCanChange.= " ".$hours." "._("hours");
770 $sambaPwdCanChange.= " ".$minutes." "._("minutes");
771 }
773 $str =
774 "\n<div style='height:200px; overflow: auto;'>".
775 "\n<table style='width:100%;'>".
776 "\n<tr><td><b>"._("Domain attributes")."</b></td></tr>".
777 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
778 "\n<tr><td>"._("Min password length").": </td><td>".$sambaMinPwdLength."</td></tr>".
779 "\n<tr><td>"._("Password history").": </td><td>".$sambaPwdHistoryLength."</td></tr>".
780 "\n<tr><td>"._("Force password change").": </td><td>".$sambaLogonToChgPwd."</td></tr>".
781 "\n<tr><td>"._("Maximum password age").": </td><td>".$sambaMaxPwdAge."</td></tr>".
782 "\n<tr><td>"._("Minimum password age").": </td><td>".$sambaMinPwdAge."</td></tr>".
783 "\n<tr><td>"._("Lockout duration").": </td><td>".$sambaLockoutDuration."</td></tr>".
784 "\n<tr><td>"._("Bad lockout attempt").": </td><td>".$sambaLockoutThreshold."</td></tr>".
785 "\n<tr><td>"._("Disconnect time").": </td><td>".$sambaForceLogoff."</td></tr>".
786 "\n<tr><td>"._("Refuse machine password change").":</td><td>".$sambaRefuseMachinePwdChange."</td></tr>".
787 "\n<tr><td> </td></tr>".
788 "\n<tr><td><b>"._("User attributes")."</b></td></tr>".
789 "\n<tr><td>"._("SID").": </td><td>".$sambaSID."</td></tr>".
790 "\n<tr><td>"._("Last failed login").": </td><td>".$sambaBadPasswordTime."</td></tr>".
791 "\n<tr><td>"._("Log on attempts").": </td><td>".$sambaBadPasswordCount."</td></tr>".
792 "\n<tr><td>"._("Last password update").": </td><td>".$sambaPwdLastSet."</td></tr>".
793 "\n<tr><td>"._("Last log on").": </td><td>".$sambaLogonTime."</td></tr>".
794 "\n<tr><td>"._("Last log off").": </td><td>".$sambaLogoffTime."</td></tr>".
795 "\n<tr><td>"._("Automatic log off").": </td><td>".$sambaKickoffTime."</td></tr>";
797 if($this->flag_passwordNeverExpires){
798 $str .= "\n<tr><td>"._("Password expires").": </td><td>"._("No")."</td></tr>";
799 $str .= "\n<tr><td colspan='2'><font color='gray'>".
800 sprintf(_("The password would expire on %s, but the password expiry is disabled."),$sambaPwdMustChange).
801 "</font></td></tr>";
802 }else{
803 $str .= "\n<tr><td>"._("Password expires").": </td><td>".$sambaPwdMustChange."</td></tr>";
804 }
806 $str .= "\n<tr><td>"._("Password change available").": </td><td>".$sambaPwdCanChange."</td></tr>".
807 "\n</table>";
808 "\n</div>";
809 return($str);
810 }
813 function remove_from_parent()
814 {
815 /* Cancel if there's nothing to do here */
816 if (!$this->initially_was_account){
817 return;
818 }
820 /* include global link_info */
821 $ldap= $this->config->get_ldap_link();
823 plugin::remove_from_parent();
825 /* Keep uid attribute for gosaAccount */
826 unset($this->attrs['uid']);
827 unset($this->attrs['uidNumber']);
828 unset($this->attrs['gidNumber']);
830 /* Remove objectClass for sambaIdmapEntry */
831 $tmp= array();
832 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
833 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
834 $tmp[]= $this->attrs['objectClass'][$i];
835 }
836 }
837 $this->attrs['objectClass']= $tmp;
839 @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
840 $this->attributes, "Save");
841 $ldap->cd($this->dn);
842 $this->cleanup();
843 $ldap->modify ($this->attrs);
845 new log("remove","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
847 if (!$ldap->success()){
848 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
849 }
851 /* Optionally execute a command after we're done */
852 $this->handle_post_events("remove", array("uid" => $this->uid));
853 }
856 /* Check for input problems */
857 function check()
858 {
859 /* Call common method to give check the hook */
860 $message= plugin::check();
862 if($this->flag_sambaKickoffTime){
863 if(!preg_match("/^[0-3][0-9]\.[0-1][0-9]\.([0-9]){4}$/",$this->sambaKickoffTime)){
864 $message[] = msgPool::invalid(_("Account expires after"));
865 }elseif(!strtotime($this->sambaKickoffTime) || strtotime($this->sambaKickoffTime) >= 2147483647){
866 $message[] = msgPool::invalid(_("Account expires after"));
867 }
868 }
870 /* sambaHomePath requires sambaHomeDrive and vice versa */
871 if(!empty($this->sambaHomePath) && empty($this->sambaHomeDrive)){
872 $message[]= msgPool::required(_("Home drive"));
873 }
874 if(!empty($this->sambaHomeDrive) && empty($this->sambaHomePath)){
875 $message[]= msgPool::required(_("Home path"));
876 }
878 /* Strings */
879 foreach (array( "sambaHomePath" => _("Home directory"),
880 "sambaProfilePath" => _("Profile path")) as $key => $val){
881 if (!$this->mungedObject->is_samba_path($this->$key)){
882 $message[]= msgPool::invalid($val);
883 }
884 }
886 /* Numeric values */
887 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
888 "CtxMaxDisconnectionTime" => _("Disconnection"),
889 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
891 if (isset($this->mungedObject->ctx[$key]) && !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
892 $message[]= msgPool::invalid($val);
893 }
894 }
896 /* Too many workstations? Windows usrmgr only supports eight */
897 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
898 $message[]= _("The windows user manager allows eight clients at maximum!");
899 }
901 return ($message);
902 }
905 /* Save data to object */
906 function save_object()
907 {
909 $SkipWrite = (!isset($this->parent) || !$this->parent) && !session::is_set('edit');
911 /* We only care if we are on the sambaTab... */
912 if (isset($_POST['sambaTab'])){
913 plugin::save_object();
915 // Display domain info dialog
916 if(isset($_POST['display_information'])){
917 msg_dialog::display(_("Information"),
918 $this->get_samba_information(),
919 INFO_DIALOG);
920 }
922 // Get posted flags.
923 foreach(array("enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
924 "temporaryDisabled","cannotChangePassword","sambaKickoffTime") as $name){
925 $flag = "flag_{$name}";
926 if($this->acl_is_writeable($name)){
927 $tmp = isset($_POST[$flag]);
928 $this->is_modified |= ($tmp != $this->$flag);
929 $this->$flag = isset($_POST[$flag]);
930 }
931 }
934 // get sambaDomain attribute
935 if ($this->acl_is_writeable("sambaDomainName",$SkipWrite) && isset ($_POST['sambaDomainName'],$SkipWrite)){
936 $this->sambaDomainName= get_post('sambaDomainName');
937 }
939 // Save CTX values
940 $TsAcl = $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite);
941 foreach($this->ctxattributes as $val){
942 if (isset($_POST[$val]) && $TsAcl){
943 $this->mungedObject->ctx[$val]= get_post($val);
944 }
945 }
947 $this->mungedObject->setTsLogin(!isset($_POST['tslogin']) && $TsAcl);
949 // Need to do some index checking to avoid messages like "index ... not found"
950 if(isset($_POST['brokenconn'])) {
951 $this->mungedObject->setBrokenConn($_POST['brokenconn'] == '1' && $TsAcl);
952 }
953 if(isset($_POST['reconn'])) {
954 $this->mungedObject->setReConn($_POST['reconn'] == '1' && $TsAcl);
955 }
956 $this->mungedObject->setInheritMode(isset($_POST['inherit']) && $TsAcl);
957 $this->mungedObject->setCtxMaxConnectionTimeF(!isset($_POST['CtxMaxConnectionTimeF']) && $TsAcl);
958 $this->mungedObject->setCtxMaxDisconnectionTimeF(!isset($_POST['CtxMaxDisconnectionTimeF']) && $TsAcl);
959 $this->mungedObject->setCtxMaxIdleTimeF(!isset($_POST['CtxMaxIdleTimeF']) && $TsAcl);
960 $this->mungedObject->setConnectClientDrives(isset($_POST['connectclientdrives']) && $TsAcl);
961 $this->mungedObject->setConnectClientPrinters(isset($_POST['connectclientprinters']) && $TsAcl);
962 $this->mungedObject->setDefaultPrinter(isset($_POST['defaultprinter']) && $TsAcl);
964 // Save combo boxes. Takes two values
965 if(isset($_POST['reconn'])) {
966 $this->mungedObject->setShadow(isset($_POST['shadow']) && $TsAcl,get_post('shadow'));
967 }
969 // Check for changes
970 $this->is_modified |= ($this->sambaMungedDial != $this->mungedObject->getMunged());
971 }
972 }
976 function save()
977 {
978 /* Load uid and gid of this 'dn' */
979 $ldap= $this->config->get_ldap_link();
980 $ldap->cat($this->dn, array('uidNumber', 'gidNumber'));
981 $tmp= $ldap->fetch();
982 $this->uidNumber= $tmp['uidNumber'][0];
983 $this->gidNumber= $tmp['gidNumber'][0];
985 plugin::save();
987 /* Remove objectClass for sambaIdmapEntry */
988 $tmp= array();
989 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
990 if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
991 $tmp[]= $this->attrs['objectClass'][$i];
992 }
993 }
994 $this->attrs['objectClass']= $tmp;
996 // Handle "sambaKickoffTime" flag.
997 if($this->flag_sambaKickoffTime){
998 $this->attrs['sambaKickoffTime'] = strtotime($this->sambaKickoffTime);
999 }else{
1000 $this->attrs['sambaKickoffTime']= array();
1001 }
1003 // Handle "enforce password change" flag.
1004 if($this->flag_enforcePasswordChange){
1005 $this->attrs['sambaPwdMustChange'] = 0;
1006 }else{
1008 // Keep old values if given.
1009 if ($this->sambaPwdMustChange != "0"){
1010 $this->attrs['sambaPwdMustChange']= $this->sambaPwdMustChange;
1011 } else {
1012 $this->attrs['sambaPwdMustChange']= array();
1013 }
1014 }
1016 // Handle "Cannot change password" flag.
1017 if($this->flag_cannotChangePassword){
1018 $this->attrs['sambaPwdCanChange'] = 4294967295;
1019 }else{
1021 // Keep old values if given.
1022 if ($this->sambaPwdCanChange != 4294967295 && !empty($this->sambaPwdCanChange)){
1023 $this->attrs['sambaPwdCanChange']= $this->sambaPwdCanChange;
1024 } else {
1025 $this->attrs['sambaPwdCanChange']= array();
1026 }
1027 }
1029 // Create sambaAcctFlags
1030 $tmp = "U";
1031 if($this->flag_passwordNeverExpires) $tmp .="X";
1032 if($this->flag_noPasswordRequired) $tmp .="N";
1033 if($this->flag_temporaryDisabled){
1034 if(preg_match("/L/i", $this->sambaAcctFlags)){
1035 $tmp .= "L";
1036 }else{
1037 $tmp .= "D";
1038 }
1039 }
1041 // Fill flag list with whitespaces
1042 $fill= "";
1043 for ($i= strlen($tmp); $i<12; $i++){
1044 $fill.= " ";
1045 }
1046 $this->attrs['sambaAcctFlags'] = "[{$tmp}{$fill}]";
1049 // Generate rid / primaryGroupId
1050 if (!isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
1051 msg_dialog::display(_("Warning"), _("Undefined Samba SID detected. Please fix this problem manually!"), WARNING_DIALOG);
1052 } else {
1053 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
1054 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
1055 }
1057 // Need to generate a new uniqe uid/gid combination?
1058 if ($this->sambaSID == "" || $this->orig_sambaDomainName != $this->sambaDomainName){
1059 $uidNumber= $this->uidNumber;
1060 while(TRUE){
1061 $sid= $this->SID."-".($uidNumber*2 + $this->ridBase);
1062 $ldap->cd($this->config->current['BASE']);
1063 $ldap->search("(sambaSID=$sid)", array("sambaSID"));
1064 if ($ldap->count() == 0){
1065 break;
1066 }
1067 $uidNumber++;
1068 }
1069 $this->attrs['sambaSID']= $sid;
1071 // Check for users primary group
1072 $ldap->cd($this->config->current['BASE']);
1073 $ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
1074 if ($ldap->count() != 1){
1075 msg_dialog::display(_("Warning"),
1076 _("Cannot convert primary group to samba group: group cannot be identified!"),
1077 WARNING_DIALOG);
1078 } else {
1079 $attrs= $ldap->fetch();
1080 $g= new group($this->config, $ldap->getDN());
1081 if ($g->sambaSID == ""){
1082 $g->sambaDomainName= $this->sambaDomainName;
1083 $g->smbgroup= TRUE;
1084 $g->save ();
1085 }
1086 $this->attrs['sambaPrimaryGroupSID']= $g->sambaSID;
1087 }
1088 }
1090 // Set or reset homeDrive - Why is this done seperataly?
1091 if ($this->sambaHomeDrive == ""){
1092 $this->attrs["sambaHomeDrive"]= array();
1093 }
1095 // Generate munged dial value
1096 $this->attrs["sambaMungedDial"]= $this->mungedObject->getMunged();
1098 // User wants me to fake the idMappings? This is useful for
1099 // making winbind resolve the user names in a reasonable amount
1100 // of time in combination with larger databases.
1101 if ($this->config->boolValueIsTrue("core","sambaidmapping")){
1102 $this->attrs['objectClass'][]= "sambaIdmapEntry";
1103 }
1105 // Write back to ldap
1106 $ldap->cd($this->dn);
1107 $this->cleanup();
1108 $ldap->modify ($this->attrs);
1109 if (!$ldap->success()){
1110 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
1111 }else{
1112 if ($this->initially_was_account == $this->is_account){
1113 if ($this->is_modified){
1114 $this->handle_post_events("modify", array("uid" => $this->uid));
1115 new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1116 }
1117 } else {
1118 $this->handle_post_events("add", array("uid" => $this->uid));
1119 new log("create","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1120 }
1121 }
1122 }
1125 /* Force password set, if this account doesn't have any samba passwords */
1126 function password_change_needed()
1127 {
1128 if(!$this->initially_was_account && $this->is_account){
1129 $ldap = $this->config->get_ldap_link();
1130 $ldap->cat($this->dn,array("sambaLMPassword","sambaNTPassword"));
1131 $attrs = $ldap->fetch();
1132 if(!isset($attrs['sambaLMPassword']) || !isset($attrs['sambaNTPassword'])){
1133 return(TRUE);
1134 }
1135 }
1136 return(FALSE);
1137 }
1140 function adapt_from_template($dn, $skip= array())
1141 {
1142 plugin::adapt_from_template($dn, $skip);
1145 $this->sambaSID= "";
1146 $this->sambaPrimaryGroupSID= "";
1148 /* Fill mungedDial field */
1149 if (isset($this->attrs['sambaMungedDial']) && !in_array_strict('sambaMungedDial', $skip)){
1150 $this->mungedObject->load($this->sambaMungedDial);
1151 }
1153 /* Adapt munged attributes */
1154 foreach($this->ctxattributes as $attr){
1155 if(isset($this->mungedObject->ctx[$attr]))
1156 $val = $this->mungedObject->ctx[$attr];
1158 foreach (array("sn", "givenName", "uid") as $repl){
1159 if (preg_match("/%$repl/i", $val)){
1160 $val= preg_replace ("/%$repl/i", $this->parent->$repl, $val);
1161 }
1162 }
1163 $this->mungedObject->ctx[$attr] = $val;
1164 }
1166 // Load flags from source.
1167 $this->loadFlagsFromSource($this->attrs);
1168 }
1171 static function plInfo()
1172 {
1173 return (array(
1174 "plShortName" => _("Samba"),
1175 "plDescription" => _("Samba settings"),
1176 "plSelfModify" => TRUE,
1177 "plDepends" => array("user"),
1178 "plPriority" => 5,
1179 "plSection" => array("personal" => _("My account")),
1180 "plCategory" => array("users"),
1181 "plOptions" => array(),
1182 "plRequirements"=>array(
1183 'ldapSchema' => array('sambaSamAccount' =>''),
1184 'onFailureDisablePlugin' => array(get_class())),
1185 "plProvidedAcls" => array(
1186 "sambaHomePath" => _("Generic home directory") ,
1187 "sambaHomeDrive" => _("Generic samba home drive") ,
1188 "sambaDomainName" => _("Domain") ,
1189 "sambaLogonScript" => _("Generic script path") ,
1190 "sambaProfilePath" => _("Generic profile path") ,
1191 "AllowLoginOnTerminalServer" => _("Allow login on terminal server"),
1192 "InheritClientConfig" => _("Inherit client configuration"),
1193 "sambaKickoffTime" => _("Account expires"),
1194 "enforcePasswordChange" => _("Enforce password change"),
1195 "cannotChangePassword" => _("Disallow password change") ,
1196 "noPasswordRequired" => _("Login from windows client requires no password"),
1197 "passwordNeverExpires" => _("Password never expires"),
1198 "temporaryDisabled" => _("Lock samba account"),
1200 "sambaLogonHours" => _("Log on hours") ,
1201 "sambaUserWorkstations" => _("Allow connection from"))
1202 ));
1203 }
1205 function enable_multiple_support()
1206 {
1207 plugin::enable_multiple_support();
1208 $this->multiple_support_active = TRUE;
1209 }
1211 function multiple_save_object()
1212 {
1213 if (isset($_POST['sambaTab'])){
1214 $this->save_object();
1215 plugin::multiple_save_object();
1216 foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
1217 "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF",
1218 "CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
1219 "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
1220 "onnectclientprinters","defaultprinter","shadow","brokenconn",
1221 "reconn","connectclientprinters","SetSambaLogonHours","workstation_list",
1222 "enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
1223 "temporaryDisabled","cannotChangePassword","sambaKickoffTime"
1224 ) as $attr){
1225 if(isset($_POST["use_".$attr]) || isset($_POST["use_flag_".$attr]) ){
1226 $this->multi_boxes[] = $attr;
1227 }
1228 }
1229 }
1230 }
1233 function multiple_check()
1234 {
1235 $message = plugin::multiple_check();
1237 /* Strings */
1238 foreach (array( "sambaHomePath" => _("Home directory"),
1239 "sambaProfilePath" => _("Profile path")) as $key => $val){
1240 if (in_array_strict($key,$this->multi_boxes) && !$this->mungedObject->is_samba_path($this->$key)){
1241 $message[]= msgPool::invalid($val);
1242 }
1243 }
1245 /* Numeric values */
1246 foreach (array( "CtxMaxConnectionTime" => _("Connection"),
1247 "CtxMaxDisconnectionTime" => _("Disconnection"),
1248 "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
1249 if (in_array_strict($key,$this->multi_boxes) &&
1250 isset($this->mungedObject->ctx[$key]) &&
1251 !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
1252 $message[]=msgPool::invalid($val);
1253 }
1254 }
1256 /* Too many workstations? Windows usrmgr only supports eight */
1257 if (substr_count($this->sambaUserWorkstations, ",") >= 8){
1258 $message[]= _("The windows user manager only allows eight clients. You've specified more than eight.");
1259 }
1262 if(in_array_strict("sambaKickoffTime", $this->multi_boxes) && $this->flag_sambaKickoffTime){
1263 if(!preg_match("/^[0-3][0-9]\.[0-1][0-9]\.([0-9]){4}$/",$this->sambaKickoffTime)){
1264 $message[] = msgPool::invalid(_("Account expires after"));
1265 }elseif(!strtotime($this->sambaKickoffTime) || strtotime($this->sambaKickoffTime) >= 2147483647){
1266 $message[] = msgPool::invalid(_("Account expires after"));
1267 }
1268 }
1269 return($message);
1270 }
1273 function get_multi_init_values()
1274 {
1275 $ret = plugin::get_multi_init_values();
1277 /* Parse given sambaUserWorkstations into array
1278 * to allow "init_multiple_support()" to detect multiple used workstations.
1279 * Those workstations will be displayed in light grey.
1280 */
1281 $tmp2 = array("count" => 0);
1282 $tmp = explode(",", $this->sambaUserWorkstations);
1283 foreach($tmp as $station){
1284 $station = trim($station);
1285 if(!empty($station)){
1286 $tmp2[] = $station;
1287 $tmp2['count'] ++;
1288 }
1289 }
1290 $ret['sambaUserWorkstations'] = $tmp2;
1291 return($ret);
1292 }
1296 function init_multiple_support($attrs,$all)
1297 {
1298 plugin::init_multiple_support($attrs,$all);
1300 $this->multiple_sambaUserWorkstations = array();
1301 if(isset($all['sambaUserWorkstations'])){
1302 for($i = 0 ; $i < $all['sambaUserWorkstations']['count'] ; $i++){
1303 $station = trim($all['sambaUserWorkstations'][$i]);
1304 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => FALSE);
1305 }
1306 }
1307 if(isset($attrs['sambaUserWorkstations'])){
1308 for($i = 0 ; $i < $attrs['sambaUserWorkstations']['count'] ; $i++){
1309 $station = trim($attrs['sambaUserWorkstations'][$i]);
1310 $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1311 }
1312 }
1314 // Set kickOffTime to date
1315 if(isset($attrs['sambaKickoffTime'][0])){
1316 $this->sambaKickoffTime = date("d.m.Y", $this->sambaKickoffTime);
1317 $this->flag_sambaKickoffTime = TRUE;
1318 }
1319 }
1321 function multiple_execute()
1322 {
1323 return($this->execute());
1324 }
1326 function get_multi_edit_values()
1327 {
1328 $ret = plugin::get_multi_edit_values();
1330 /* Terminal Server */
1331 if(in_array_strict("tslogin",$this->multi_boxes)){
1332 $ret['tslogin'] = $this->mungedObject->getTsLogin();
1333 }
1334 if(in_array_strict("CtxWFHomeDirDrive",$this->multi_boxes)){
1335 $ret['CtxWFHomeDirDrive'] = $this->mungedObject->ctx['CtxWFHomeDirDrive'];
1336 }
1337 if(in_array_strict("CtxWFHomeDir",$this->multi_boxes)){
1338 $ret['CtxWFHomeDir'] = $this->mungedObject->ctx['CtxWFHomeDir'];
1339 }
1340 if(in_array_strict("CtxWFProfilePath",$this->multi_boxes)){
1341 $ret['CtxWFProfilePath'] = $this->mungedObject->ctx['CtxWFProfilePath'];
1342 }
1344 if(in_array_strict("inherit",$this->multi_boxes)){
1345 $ret['inherit'] = $this->mungedObject->getInheritMode();
1346 }
1347 if(in_array_strict("CtxInitialProgram",$this->multi_boxes)){
1348 $ret['CtxInitialProgram'] = $this->mungedObject->ctx['CtxInitialProgram'];
1349 }
1350 if(in_array_strict("CtxWorkDirectory",$this->multi_boxes)){
1351 $ret['CtxWorkDirectory'] = $this->mungedObject->ctx['CtxWorkDirectory'];
1352 }
1354 /* Time Limits. Be careful here, there are some negations */
1355 if(in_array_strict("CtxMaxConnectionTimeF",$this->multi_boxes)){
1356 $ret["CtxMaxConnectionTimeF"] = !$this->mungedObject->getCtxMaxConnectionTimeF();
1357 if(!$ret["CtxMaxConnectionTimeF"]){
1358 $ret["CtxMaxConnectionTime"] = $this->mungedObject->ctx['CtxMaxConnectionTime'];
1359 }
1360 }
1361 if(in_array_strict("CtxMaxDisconnectionTimeF",$this->multi_boxes)){
1362 $ret["CtxMaxDisconnectionTimeF"]= !$this->mungedObject->getCtxMaxDisconnectionTimeF();
1363 if(!$ret["CtxMaxDisconnectionTimeF"]){
1364 $ret["CtxMaxDisconnectionTime"]= $this->mungedObject->ctx['CtxMaxDisconnectionTime'];
1365 }
1366 }
1367 if(in_array_strict("CtxMaxIdleTimeF",$this->multi_boxes)){
1368 $ret["CtxMaxIdleTimeF"] = !$this->mungedObject->getCtxMaxIdleTimeF();
1369 if(!$ret["CtxMaxIdleTimeF"]){
1370 $ret["CtxMaxIdleTime"] = $this->mungedObject->ctx['CtxMaxIdleTime'];
1371 }
1372 }
1374 /* Client Devices */
1375 if(in_array_strict("connectclientdrives",$this->multi_boxes)){
1376 $ret["connectclientdrives"] = $this->mungedObject->getConnectClientDrives();
1377 }
1378 if(in_array_strict("connectclientprinters",$this->multi_boxes)){
1379 $ret["connectclientprinters"] = $this->mungedObject->getConnectClientPrinters();
1380 }
1381 if(in_array_strict("defaultprinter",$this->multi_boxes)){
1382 $ret["defaultprinter"] = $this->mungedObject->getDefaultPrinter();
1383 }
1385 /* Misc */
1386 if(in_array_strict("shadow",$this->multi_boxes)){
1387 $ret["shadow"] =$this->mungedObject->getShadow();
1388 }
1389 if(in_array_strict("brokenconn",$this->multi_boxes)){
1390 $ret["brokenconn"]=$this->mungedObject->getBrokenConn();
1391 }
1392 if(in_array_strict("reconn",$this->multi_boxes)){
1393 $ret["reconn"] =$this->mungedObject->getReConn();
1394 }
1396 // Handle Flags.
1397 foreach(array("flag_enforcePasswordChange", "flag_passwordNeverExpires", "flag_noPasswordRequired",
1398 "flag_temporaryDisabled","flag_cannotChangePassword","flag_sambaKickoffTime") as $attr){
1399 $ret[$attr] = $this->$attr;
1400 }
1402 if(in_array_strict("SetSambaLogonHours",$this->multi_boxes)){
1403 $ret['sambaLogonHours'] = $this->sambaLogonHours;
1404 }
1406 if(in_array_strict("workstation_list",$this->multi_boxes)){
1407 $ret['multiple_sambaUserWorkstations'] = $this->multiple_sambaUserWorkstations;
1408 }
1410 return($ret);
1411 }
1413 function set_multi_edit_values($values)
1414 {
1415 plugin::set_multi_edit_values($values);
1417 /* Prepare current workstation settings to be merged
1418 * with multiple edit settings.
1419 */
1420 if(isset($values['multiple_sambaUserWorkstations'])){
1421 $cur_ws = array();
1422 $m_ws = $values['multiple_sambaUserWorkstations'];
1424 /* Prepare current settings to be merged */
1425 if(isset($this->sambaUserWorkstations)){
1426 $ttmp = explode(",",$this->sambaUserWorkstations);
1427 foreach($ttmp as $station){
1428 $station = trim($station);
1429 if(!empty($station)){
1430 $cur_ws[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
1431 }
1432 }
1433 }
1435 /* Unset removed workstations */
1436 foreach($cur_ws as $cur_name => $cur_station){
1437 if(!isset($m_ws[$cur_name])){
1438 unset($cur_ws[$cur_name]);
1439 }
1440 }
1442 /* Add all added workstations */
1443 foreach($m_ws as $name => $station){
1444 if($station['UsedByAllUsers']){
1445 $cur_ws[$name] = $station;
1446 }
1447 }
1449 $this->sambaUserWorkstations = "";
1450 foreach($cur_ws as $name => $ws){
1451 $this->sambaUserWorkstations .= $name.",";
1452 }
1453 $this->sambaUserWorkstations=preg_replace("/,$/","",$this->sambaUserWorkstations);
1454 }
1456 /* Enable disabled terminal login, this is inverted somehow */
1457 if(isset($values['tslogin'])) $this->mungedObject->setTsLogin(!$values['tslogin']);
1459 /* Imherit client configuration */
1460 if(isset($values['inherit'])) $this->mungedObject->setInheritMode($values['inherit']);
1462 /* Get all ctx values posted */
1463 $ctx = array("CtxWFHomeDirDrive","CtxWFHomeDir","CtxWFProfilePath","CtxInitialProgram","CtxWorkDirectory",
1464 "CtxMaxConnectionTime","CtxMaxDisconnectionTime","CtxMaxIdleTime");
1465 foreach($ctx as $attr){
1466 if(isset($values[$attr])){
1467 $this->mungedObject->ctx[$attr] = $values[$attr] ;
1468 }
1469 }
1471 if(isset($values['CtxMaxConnectionTimeF'])) $this->mungedObject->setCtxMaxConnectionTimeF($values['CtxMaxConnectionTimeF']);
1472 if(isset($values['CtxMaxDisconnectionTimeF']))$this->mungedObject->setCtxMaxDisconnectionTimeF($values['CtxMaxDisconnectionTimeF']);
1473 if(isset($values['CtxMaxIdleTimeF'])) $this->mungedObject->setCtxMaxIdleTimeF($values['CtxMaxIdleTimeF']);
1475 if(isset($values['connectclientdrives'])) $this->mungedObject->setConnectClientDrives($values['connectclientdrives']);
1476 if(isset($values['connectclientprinters'])) $this->mungedObject->setConnectClientPrinters($values['connectclientprinters']);
1477 if(isset($values['defaultprinter'])) $this->mungedObject->setDefaultPrinter($values['defaultprinter']);
1479 if(isset($values['shadow'])) $this->mungedObject->setShadow($values['shadow'],$values['shadow']);
1480 if(isset($values['brokenconn'])) $this->mungedObject->setBrokenConn($values['brokenconn'],$values['brokenconn']);
1481 if(isset($values['reconn'])) $this->mungedObject->setReConn($values['reconn'],$values['reconn']);
1482 }
1485 function PrepareForCopyPaste($source)
1486 {
1487 plugin::PrepareForCopyPaste($source);
1489 /* Set a new SID */
1490 $this->sambaSID = "";
1492 /* Fill mungedDial field */
1493 if (isset($source['sambaMungedDial'])){
1494 $this->mungedObject->load($source['sambaMungedDial'][0]);
1495 }
1497 // Load flags from source.
1498 $this->loadFlagsFromSource($source);
1499 }
1501 }
1503 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1504 ?>