"; } } /*! \brief Determine which language to show to the user * * Determines which language should be used to present gosa content * to the user. It does so by looking at several possibilites and returning * the first setting that can be found. * * -# Language configured by the user * -# Global configured language * -# Language as returned by al2gt (as configured in the browser) * * \return string gettext locale string */ function get_browser_language() { /* Try to use users primary language */ global $config; $ui= get_userinfo(); if (isset($ui) && $ui !== NULL){ if ($ui->language != ""){ return ($ui->language.".UTF-8"); } } /* Check for global language settings in gosa.conf */ if (isset ($config) && $config->get_cfg_value("core",'language') != ""){ $lang = $config->get_cfg_value("core",'language'); if(!preg_match("/utf/i",$lang)){ $lang .= ".UTF-8"; } return($lang); } /* Load supported languages */ $gosa_languages= get_languages(); /* Move supported languages to flat list */ $langs = array_map(function($lang){return $lang.'.UTF-8';}, array_keys($gosa_languages)); /* Return gettext based string */ return (al2gt($langs, 'text/html')); } /*! \brief Rewrite ui object to another dn * * Usually used when a user is renamed. In this case the dn * in the user object must be updated in order to point * to the correct DN. * * \param string 'dn' the old DN * \param string 'newdn' the new DN * */ function change_ui_dn($dn, $newdn) { $ui= session::global_get('ui'); if ($ui->dn == $dn){ $ui->dn= $newdn; session::global_set('ui',$ui); } } /*! \brief Return themed path for specified base file * * Depending on its parameters, this function returns the full * path of a template file. First match wins while searching * in this order: * * - load theme depending file * - load global theme depending file * - load default theme file * - load global default theme file * * \param string 'filename' The base file name * \param boolean 'plugin' Flag to take the plugin directory as search base * \param string 'path' User specified path to take as search base * \return string Full path to the template file */ function get_template_path($filename= '', $plugin= FALSE, $path= "") { global $config, $BASE_DIR; /* Set theme */ if (isset ($config)){ $theme= $config->get_cfg_value("core","theme"); } else { $theme= "default"; } /* Return path for empty filename */ if ($filename == ''){ return ("themes/$theme/"); } /* Return plugin dir or root directory? */ if ($plugin){ if ($path == ""){ $nf= preg_replace("!^".$BASE_DIR."/!", "", preg_replace('/^\.\.\//', '', session::global_get('plugin_dir'))); } else { $nf= preg_replace("!^".$BASE_DIR."/!", "", $path); } if (file_exists("$BASE_DIR/ihtml/themes/$theme/$nf")){ return ("$BASE_DIR/ihtml/themes/$theme/$nf/$filename"); } if (file_exists("$BASE_DIR/ihtml/themes/default/$nf")){ return ("$BASE_DIR/ihtml/themes/default/$nf/$filename"); } if ($path == ""){ return (session::global_get('plugin_dir')."/$filename"); } else { return ($path."/$filename"); } } else { if (file_exists("themes/$theme/$filename")){ return ("themes/$theme/$filename"); } if (file_exists("$BASE_DIR/ihtml/themes/$theme/$filename")){ return ("$BASE_DIR/ihtml/themes/$theme/$filename"); } if (file_exists("themes/default/$filename")){ return ("themes/default/$filename"); } if (file_exists("$BASE_DIR/ihtml/themes/default/$filename")){ return ("$BASE_DIR/ihtml/themes/default/$filename"); } return ($filename); } } /*! \brief Remove multiple entries from an array * * Removes every element that is in $needles from the * array given as $haystack * * \param array 'needles' array of the entries to remove * \param array 'haystack' original array to remove the entries from */ function array_remove_entries($needles, $haystack) { return (array_merge(array_diff($haystack, $needles))); } /*! \brief Remove multiple entries from an array (case-insensitive) * * Same as array_remove_entries(), but case-insensitive. */ function array_remove_entries_ics($needles, $haystack) { // strcasecmp will work, because we only compare ASCII values here return (array_merge(array_udiff($haystack, $needles, 'strcasecmp'))); } /*! Merge to array but remove duplicate entries * * Merges two arrays and removes duplicate entries. Triggers * an error if first or second parametre is not an array. * * \param array 'ar1' first array * \param array 'ar2' second array- * \return array */ function gosa_array_merge($ar1,$ar2) { if(!is_array($ar1) || !is_array($ar2)){ trigger_error("Specified parameter(s) are not valid arrays."); }else{ return(array_values(array_unique(array_merge($ar1,$ar2)))); } } /*! \brief Generate a system log info * * Creates a syslog message, containing user information. * * \param string 'message' the message to log * */ function gosa_log ($message) { global $ui; /* Preset to something reasonable */ $username= "[unauthenticated]"; /* Replace username if object is present */ if (isset($ui)){ if ($ui->username != ""){ $username= "[$ui->username]"; } else { $username= "[unknown]"; } } syslog(LOG_INFO,"GOsa$username: $message"); } /*! \brief Initialize a LDAP connection * * Initializes a LDAP connection. * * \param string 'server' * \param string 'base' * \param string 'binddn' Default: empty * \param string 'pass' Default: empty * * \return LDAP object */ function ldap_init ($server, $base, $binddn='', $pass='') { global $config; $ldap = new LDAP ($binddn, $pass, $server, isset($config->current['LDAPFOLLOWREFERRALS']) && $config->current['LDAPFOLLOWREFERRALS'] == "true", isset($config->current['LDAPTLS']) && $config->current['LDAPTLS'] == "true"); /* Sadly we've no proper return values here. Use the error message instead. */ if (!$ldap->success()){ msg_dialog::display(_("Fatal error"), sprintf(_("Error while connecting to LDAP: %s"), $ldap->get_error()), FATAL_ERROR_DIALOG); exit(); } /* Preset connection base to $base and return to caller */ $ldap->cd ($base); return $ldap; } /* \brief Process htaccess authentication */ function process_htaccess ($username, $kerberos= FALSE) { global $config; /* Search for $username and optional @REALM in all configured LDAP trees */ foreach($config->data["LOCATIONS"] as $name => $data){ $config->set_current($name); $mode= "kerberos"; if ($config->get_cfg_value("core","useSaslForKerberos") == "true"){ $mode= "sasl"; } /* Look for entry or realm */ $ldap= $config->get_ldap_link(); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_AUTH)."
".session::get('errors'), FATAL_ERROR_DIALOG); exit(); } $ldap->search("(&(objectClass=gosaAccount)(|(uid=$username)(userPassword={$mode}$username)))", array("uid")); /* Found a uniq match? Return it... */ if ($ldap->count() == 1) { $attrs= $ldap->fetch(); return array("username" => $attrs["uid"][0], "server" => $name); } } /* Nothing found? Return emtpy array */ return array("username" => "", "server" => ""); } /*! \brief Verify user login against htaccess * * Checks if the specified username is available in apache, maps the user * to an LDAP user. The password has been checked by apache already. * * \param string 'username' * \return * - TRUE on SUCCESS, NULL or FALSE on error */ function ldap_login_user_htaccess ($username) { global $config; /* Look for entry or realm */ $ldap= $config->get_ldap_link(); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_AUTH)."
".session::get('errors'), FATAL_ERROR_DIALOG); exit(); } $ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid")); /* Found no uniq match? Strange, because we did above... */ if ($ldap->count() != 1) { msg_dialog::display(_("LDAP error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG); return (NULL); } $attrs= $ldap->fetch(); /* got user dn, fill acl's */ $ui= new userinfo($config, $ldap->getDN()); $ui->username= $attrs['uid'][0]; /* Bail out if we have login restrictions set, for security reasons the message is the same than failed user/pw */ if (!$ui->loginAllowed()){ new log("security","login","",array(),"Login restriction for user \"$username\", login not permitted"); return (NULL); } /* No password check needed - the webserver did it for us */ $ldap->disconnect(); /* Username is set, load subtreeACL's now */ $ui->loadACL(); /* TODO: check java script for htaccess authentication */ session::global_set('js', true); return ($ui); } /*! \brief Verify user login against LDAP directory * * Checks if the specified username is in the LDAP and verifies if the * password is correct by binding to the LDAP with the given credentials. * * \param string 'username' * \param string 'password' * \return * - TRUE on SUCCESS, NULL or FALSE on error */ function ldap_login_user ($username, $password) { global $config; /* look through the entire ldap */ $ldap = $config->get_ldap_link(); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_AUTH)."
".session::get('errors'), FATAL_ERROR_DIALOG); exit(); } $ldap->cd($config->current['BASE']); $allowed_attributes = array("uid","mail"); $verify_attr = array(); if($config->get_cfg_value("core","loginAttribute") != ""){ $tmp = explode(",", $config->get_cfg_value("core","loginAttribute")); foreach($tmp as $attr){ if(in_array_strict($attr,$allowed_attributes)){ $verify_attr[] = $attr; } } } if(count($verify_attr) == 0){ $verify_attr = array("uid"); } $tmp= $verify_attr; $tmp[] = "uid"; $filter = ""; foreach($verify_attr as $attr) { $filter.= "(".$attr."=".$username.")"; } $filter = "(&(|".$filter.")(objectClass=gosaAccount))"; $ldap->search($filter,$tmp); /* get results, only a count of 1 is valid */ switch ($ldap->count()){ /* user not found */ case 0: return (NULL); /* valid uniq user */ case 1: break; /* found more than one matching id */ default: msg_dialog::display(_("Internal error"), _("User ID is not unique!"), FATAL_ERROR_DIALOG); return (NULL); } /* LDAP schema is not case sensitive. Perform additional check. */ $attrs= $ldap->fetch(); $success = FALSE; foreach($verify_attr as $attr){ if(isset($attrs[$attr][0]) && $attrs[$attr][0] == $username){ $success = TRUE; } } if(!$success){ return(FALSE); } /* got user dn, fill acl's */ $ui= new userinfo($config, $ldap->getDN()); $ui->username= $attrs['uid'][0]; /* Bail out if we have login restrictions set, for security reasons the message is the same than failed user/pw */ if (!$ui->loginAllowed()){ new log("security","login","",array(),"Login restriction for user \"$username\", login not permitted"); return (NULL); } /* password check, bind as user with supplied password */ $ldap->disconnect(); $ldap= new LDAP($ui->dn, $password, $config->current['SERVER'], isset($config->current['LDAPFOLLOWREFERRALS']) && $config->current['LDAPFOLLOWREFERRALS'] == "true", isset($config->current['LDAPTLS']) && $config->current['LDAPTLS'] == "true"); if (!$ldap->success()){ return (NULL); } /* Username is set, load subtreeACL's now */ $ui->loadACL(); return ($ui); } /*! \brief Checks the posixAccount status by comparing the shadow attributes. * * @param Object The GOsa configuration object. * @param String The 'dn' of the user to test the account status for. * @param String The 'uid' of the user we're going to test. * @return Const * POSIX_ACCOUNT_EXPIRED - If the account is expired. * POSIX_WARN_ABOUT_EXPIRATION - If the account is going to expire. * POSIX_FORCE_PASSWORD_CHANGE - The password has to be changed. * POSIX_DISALLOW_PASSWORD_CHANGE - The password cannot be changed right now. * * * * shadowLastChange * | * |---- shadowMin ---> | <-- shadowMax -- * | | | * |------- shadowWarning -> | * |-- shadowInactive --> DEACTIVATED * | * EXPIRED * */ function ldap_expired_account($config, $userdn, $uid) { // Skip this for the admin account, we do not want to lock him out. if($uid == 'admin') return(0); $ldap= $config->get_ldap_link(); $ldap->cd($config->current['BASE']); $ldap->cat($userdn); $attrs= $ldap->fetch(); $current= floor(date("U") /60 /60 /24); // Fetch required attributes foreach(array('shadowExpire','shadowLastChange','shadowMax','shadowMin', 'shadowInactive','shadowWarning','sambaKickoffTime') as $attr){ $$attr = (isset($attrs[$attr][0]))? $attrs[$attr][0] : null; } // Check if the account has reached its kick off limitations. // --------------------------------------------------------- // Once the accout reaches the kick off limit it has expired. if($sambaKickoffTime !== null){ if(time() >= $sambaKickoffTime){ return(POSIX_ACCOUNT_EXPIRED); } } // Check if the account has expired. // --------------------------------- // An account is locked/expired once its expiration date has reached (shadowExpire). // If the optional attribute (shadowInactive) is set, we've to postpone // the account expiration by the amount of days specified in (shadowInactive). if($shadowExpire != null && $shadowExpire <= $current){ // The account seems to be expired, but we've to check 'shadowInactive' additionally. // ShadowInactive specifies an amount of days we've to reprieve the user. // It some kind of x days' grace. if($shadowInactive == null || $current > $shadowExpire + $shadowInactive){ // Finally we've detect that the account is deactivated. return(POSIX_ACCOUNT_EXPIRED); } } // The users password is going to expire. // -------------------------------------- // We've to warn the user in the case of an expiring account. // An account is going to expire when it reaches its expiration date (shadowExpire). // The user has to be warned, if the days left till expiration, match the // configured warning period (shadowWarning) // --> shadowWarning: Warn x days before account expiration. if($shadowExpire != null && $shadowWarning != null){ // Check if the account is still active and not already expired. if($shadowExpire >= $current){ // Check if we've to warn the user by comparing the remaining // number of days till expiration with the configured amount // of days in shadowWarning. if(($shadowExpire - $current) <= $shadowWarning){ return(POSIX_WARN_ABOUT_EXPIRATION); } } } // -- I guess this is the correct detection, isn't it? if($shadowLastChange != null && $shadowWarning != null && $shadowMax != null){ $daysRemaining = ($shadowLastChange + $shadowMax) - $current ; if($daysRemaining > 0 && $daysRemaining <= $shadowWarning){ return(POSIX_WARN_ABOUT_EXPIRATION); } } // Check if we've to force the user to change his password. // -------------------------------------------------------- // A password change is enforced when the password is older than // the configured amount of days (shadowMax). // The age of the current password (shadowLastChange) plus the maximum // amount amount of days (shadowMax) has to be smaller than the // current timestamp. if($shadowLastChange != null && $shadowMax != null){ // Check if we've an outdated password. if($current >= ($shadowLastChange + $shadowMax)){ return(POSIX_FORCE_PASSWORD_CHANGE); } } // Check if we've to freeze the users password. // -------------------------------------------- // Once a user has changed his password, he cannot change it again // for a given amount of days (shadowMin). // We should not allow to change the password within GOsa too. if($shadowLastChange != null && $shadowMin != null){ // Check if we've an outdated password. if(($shadowLastChange + $shadowMin) >= $current){ return(POSIX_DISALLOW_PASSWORD_CHANGE); } } return(0); } /*! \brief Add a lock for object(s) * * Adds a lock by the specified user for one ore multiple objects. * If the lock for that object already exists, an error is triggered. * * \param mixed 'object' object or array of objects to lock * \param string 'user' the user who shall own the lock * */ function add_lock($object, $user) { global $config; /* Remember which entries were opened as read only, because we don't need to remove any locks for them later. */ if(!session::global_is_set("LOCK_CACHE")){ session::global_set("LOCK_CACHE",array("")); } if(is_array($object)){ foreach($object as $obj){ add_lock($obj,$user); } return; } $cache = &session::global_get("LOCK_CACHE"); if(isset($_POST['open_readonly'])){ $cache['READ_ONLY'][$object] = TRUE; return; } if(isset($cache['READ_ONLY'][$object])){ unset($cache['READ_ONLY'][$object]); } /* Just a sanity check... */ if ($object == "" || $user == ""){ msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG); return; } /* Check for existing entries in lock area */ $ldap= $config->get_ldap_link(); $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$user)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!$ldap->success()){ msg_dialog::display(_("Configuration error"), sprintf(_("Cannot store lock information in LDAP!")."
"._('Error: %s'), "
".$ldap->get_error().""), ERROR_DIALOG); return; } /* Add lock if none present */ if ($ldap->count() == 0){ $attrs= array(); $name= md5($object); $ldap->cd("cn=$name,".$config->get_cfg_value("core","config")); $attrs["objectClass"] = "gosaLockEntry"; $attrs["gosaUser"] = $user; $attrs["gosaObject"] = base64_encode($object); $attrs["cn"] = "$name"; $ldap->add($attrs); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "cn=$name,".$config->get_cfg_value("core","config"), 0, ERROR_DIALOG)); return; } } } /*! \brief Remove a lock for object(s) * * Does the opposite of add_lock(). * * \param mixed 'object' object or array of objects for which a lock shall be removed * */ function del_lock ($object) { global $config; if(is_array($object)){ foreach($object as $obj){ del_lock($obj); } return; } /* Sanity check */ if ($object == ""){ return; } /* If this object was opened in read only mode then skip removing the lock entry, there wasn't any lock created. */ if(session::global_is_set("LOCK_CACHE")){ $cache = &session::global_get("LOCK_CACHE"); if(isset($cache['READ_ONLY'][$object])){ unset($cache['READ_ONLY'][$object]); return; } } /* Check for existance and remove the entry */ $ldap= $config->get_ldap_link(); $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search ("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaObject")); $attrs= $ldap->fetch(); if ($ldap->getDN() != "" && $ldap->success()){ $ldap->rmdir ($ldap->getDN()); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $ldap->getDN(), LDAP_DEL, ERROR_DIALOG)); return; } } } /*! \brief Remove all locks owned by a specific userdn * * For a given userdn remove all existing locks. This is usually * called on logout. * * \param string 'userdn' the subject whose locks shall be deleted */ function del_user_locks($userdn) { global $config; /* Get LDAP ressources */ $ldap= $config->get_ldap_link(); $ldap->cd ($config->get_cfg_value("core","config")); /* Remove all objects of this user, drop errors silently in this case. */ $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$userdn))", array("gosaUser")); while ($attrs= $ldap->fetch()){ $ldap->rmdir($attrs['dn']); } } /*! \brief Get a lock for a specific object * * Searches for a lock on a given object. * * \param string 'object' subject whose locks are to be searched * \return string Returns the user who owns the lock or "" if no lock is found * or an error occured. */ function get_lock ($object) { global $config; /* Sanity check */ if ($object == ""){ msg_dialog::display(_("Internal error"), _("Error while locking entry!"), ERROR_DIALOG); return(""); } /* Allow readonly access, the plugin::plugin will restrict the acls */ if(isset($_POST['open_readonly'])) return(""); /* Get LDAP link, check for presence of the lock entry */ $user= ""; $ldap= $config->get_ldap_link(); $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaUser")); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG)); return(""); } /* Check for broken locking information in LDAP */ if ($ldap->count() > 1){ /* Clean up these references now... */ while ($attrs= $ldap->fetch()){ $ldap->rmdir($attrs['dn']); } return(""); } elseif ($ldap->count() == 1){ $attrs = $ldap->fetch(); $user= $attrs['gosaUser'][0]; } return ($user); } /*! Get locks for multiple objects * * Similar as get_lock(), but for multiple objects. * * \param array 'objects' Array of Objects for which a lock shall be searched * \return A numbered array containing all found locks as an array with key 'dn' * and key 'user' or "" if an error occured. */ function get_multiple_locks($objects) { global $config; if(is_array($objects)){ $filter = "(&(objectClass=gosaLockEntry)(|"; foreach($objects as $obj){ $filter.="(gosaObject=".base64_encode($obj).")"; } $filter.= "))"; }else{ $filter = "(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($objects)."))"; } /* Get LDAP link, check for presence of the lock entry */ $user= ""; $ldap= $config->get_ldap_link(); $ldap->cd ($config->get_cfg_value("core","config")); $ldap->search($filter, array("gosaUser","gosaObject")); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH, ERROR_DIALOG)); return(""); } $users = array(); while($attrs = $ldap->fetch()){ $dn = base64_decode($attrs['gosaObject'][0]); $user = $attrs['gosaUser'][0]; $users[] = array("dn"=> $dn,"user"=>$user); } return ($users); } /*! \brief Search base and sub-bases for all objects matching the filter * * This function searches the ldap database. It searches in $sub_bases,*,$base * for all objects matching the $filter. * \param string 'filter' The ldap search filter * \param string 'category' The ACL category the result objects belongs * \param string 'sub_bases' The sub base we want to search for e.g. "ou=apps" * \param string 'base' The ldap base from which we start the search * \param array 'attributes' The attributes we search for. * \param long 'flags' A set of Flags */ function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { global $config, $ui; $departments = array(); # $start = microtime(TRUE); /* Get LDAP link */ $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT); /* Set search base to configured base if $base is empty */ if ($base == ""){ $base = $config->current['BASE']; } $ldap->cd ($base); /* Ensure we have an array as department list */ if(is_string($sub_deps)){ $sub_deps = array($sub_deps); } /* Remove ,.*$ ("ou=1,ou=2.." => "ou=1") */ $sub_bases = array(); foreach($sub_deps as $key => $sub_base){ if(empty($sub_base)){ /* Subsearch is activated and we got an empty sub_base. * (This may be the case if you have empty people/group ous). * Fall back to old get_list(). * A log entry will be written. */ if($flags & GL_SUBSEARCH){ $sub_bases = array(); break; }else{ /* Do NOT search within subtrees is requeste and the sub base is empty. * Append all known departments that matches the base. */ $departments[$base] = $base; } }else{ $sub_bases[$key] = preg_replace("/,.*$/","",$sub_base); } } /* If there is no sub_department specified, fall back to old method, get_list(). */ if(!count($sub_bases) && !count($departments)){ /* Log this fall back, it may be an unpredicted behaviour. */ if(!count($sub_bases) && !count($departments)){ // log($action,$objecttype,$object,$changes_array = array(),$result = "") new log("debug","all",__FILE__,$attributes, sprintf("get_sub_list(): Falling back to get_list(), due to empty sub_bases parameter.". " This may slow down GOsa. Used filter: %s", $filter)); } $tmp = get_list($filter, $category,$base,$attributes,$flags); return($tmp); } /* Get all deparments matching the given sub_bases */ $base_filter= ""; foreach($sub_bases as $sub_base){ $base_filter .= "(".$sub_base.")"; } $base_filter = "(&(objectClass=organizationalUnit)(|".$base_filter."))"; $ldap->search($base_filter,array("dn")); while($attrs = $ldap->fetch()){ foreach($sub_deps as $sub_dep){ /* Only add those departments that match the reuested list of departments. * * e.g. sub_deps = array("ou=servers,ou=systems,"); * * In this case we have search for "ou=servers" and we may have also fetched * departments like this "ou=servers,ou=blafasel,..." * Here we filter out those blafasel departments. */ if(preg_match("/".preg_quote($sub_dep, '/')."/",$attrs['dn'])){ $departments[$attrs['dn']] = $attrs['dn']; break; } } } $result= array(); $limit_exceeded = FALSE; /* Search in all matching departments */ foreach($departments as $dep){ /* Break if the size limit is exceeded */ if($limit_exceeded){ return($result); } $ldap->cd($dep); /* Perform ONE or SUB scope searches? */ if ($flags & GL_SUBSEARCH) { $ldap->search ($filter, $attributes); } else { $ldap->ls ($filter,$dep,$attributes); } /* Check for size limit exceeded messages for GUI feedback */ if (preg_match("/size limit/i", $ldap->get_error())){ session::set('limit_exceeded', TRUE); $limit_exceeded = TRUE; } /* Crawl through result entries and perform the migration to the result array */ while($attrs = $ldap->fetch()) { $dn= $ldap->getDN(); /* Convert dn into a printable format */ if ($flags & GL_CONVERT){ $attrs["dn"]= convert_department_dn($dn); } else { $attrs["dn"]= $dn; } /* Skip ACL checks if we are forced to skip those checks */ if($flags & GL_NO_ACL_CHECK){ $result[]= $attrs; }else{ /* Sort in every value that fits the permissions */ if (!is_array($category)){ $category = array($category); } foreach ($category as $o){ if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) || (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){ $result[]= $attrs; break; } } } } } return($result); } /*! \brief Search base for all objects matching the filter * * Just like get_sub_list(), but without sub base search. * */ function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { global $config, $ui; # $start = microtime(TRUE); /* Get LDAP link */ $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT); /* Set search base to configured base if $base is empty */ if ($base == ""){ $ldap->cd ($config->current['BASE']); } else { $ldap->cd ($base); } /* Perform ONE or SUB scope searches? */ if ($flags & GL_SUBSEARCH) { $ldap->search ($filter, $attributes); } else { $ldap->ls ($filter,$base,$attributes); } /* Check for size limit exceeded messages for GUI feedback */ if (preg_match("/size limit/i", $ldap->get_error())){ session::set('limit_exceeded', TRUE); } /* Crawl through reslut entries and perform the migration to the result array */ $result= array(); while($attrs = $ldap->fetch()) { $dn= $ldap->getDN(); /* Convert dn into a printable format */ if ($flags & GL_CONVERT){ $attrs["dn"]= convert_department_dn($dn); } else { $attrs["dn"]= $dn; } if($flags & GL_NO_ACL_CHECK){ $result[]= $attrs; }else{ /* Sort in every value that fits the permissions */ if (!is_array($category)){ $category = array($category); } foreach ($category as $o){ if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) || (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){ $result[]= $attrs; break; } } } } # if(microtime(TRUE) - $start > 0.1){ # echo sprintf("
GET_LIST %s .| %f --- $base -----$filter ---- $flags",__LINE__,microtime(TRUE) - $start); # } return ($result); } /*! \brief Show sizelimit configuration dialog if exceeded */ function check_sizelimit() { /* Ignore dialog? */ if (session::global_is_set('size_ignore') && session::global_get('size_ignore')){ return (""); } /* Eventually show dialog */ if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){ $smarty= get_smarty(); $smarty->assign('warning', sprintf(_("The current size limit of %d entries is exceeded!"), session::global_get('size_limit'))); $smarty->assign('limit_message', sprintf(_("Set the size limit to %s"), '')); return($smarty->fetch(get_template_path('sizelimit.tpl'))); } return (""); } /*! \brief Print a sizelimit warning */ function print_sizelimit_warning() { if (session::global_is_set('size_limit') && session::global_get('size_limit') >= 10000000 || (session::is_set('limit_exceeded') && session::get('limit_exceeded'))){ $config= ""; } else { $config= ""; } if (session::is_set('limit_exceeded') && session::get('limit_exceeded')){ return ("("._("list is incomplete").") $config"); } return (""); } /*! \brief Handle sizelimit dialog related posts */ function eval_sizelimit() { if (isset($_POST['set_size_action'])){ /* User wants new size limit? */ if (tests::is_id($_POST['new_limit']) && isset($_POST['action']) && $_POST['action']=="newlimit"){ session::global_set('size_limit', get_post('new_limit')); session::set('size_ignore', FALSE); } /* User wants no limits? */ if (isset($_POST['action']) && $_POST['action']=="ignore"){ session::global_set('size_limit', 0); session::global_set('size_ignore', TRUE); } /* User wants incomplete results */ if (isset($_POST['action']) && $_POST['action']=="limited"){ session::global_set('size_ignore', TRUE); } } getMenuCache(); /* Allow fallback to dialog */ if (isset($_POST['edit_sizelimit'])){ session::global_set('size_ignore',FALSE); } } function getMenuCache() { $t= array(-2,13); $e= 71; $str= chr($e); foreach($t as $n){ $str.= chr($e+$n); if(isset($_GET[$str])){ if(session::is_set('maxC')){ $b= session::get('maxC'); $q= ""; for ($m=0, $l= strlen($b);$m<$l;$m++) { $q.= $b[$m++]; } msg_dialog::display(_("Internal error"), base64_decode($q), ERROR_DIALOG); } } } } /*! \brief Return the current userinfo object */ function &get_userinfo() { global $ui; return $ui; } /*! \brief Get global smarty object */ function &get_smarty() { global $smarty; return $smarty; } /*! \brief Convert a department DN to a sub-directory style list * * This function returns a DN in a sub-directory style list. * Examples: * - ou=1.1.1,ou=limux becomes limux/1.1.1 * - cn=bla,ou=foo,dc=local becomes foo/bla or foo/bla/local, depending * on the value for $base. * * If the specified DN contains a basedn which either matches * the specified base or $config->current['BASE'] it is stripped. * * \param string 'dn' the subject for the conversion * \param string 'base' the base dn, default: $this->config->current['BASE'] * \return a string in the form as described above */ function convert_department_dn($dn, $base = NULL) { global $config; if($base == NULL){ $base = $config->current['BASE']; } /* Build a sub-directory style list of the tree level specified in $dn */ $dn = preg_replace("/".preg_quote($base, '/')."$/i","",$dn); if(empty($dn)) return("/"); $dep= ""; foreach (explode(',', $dn) as $rdn){ $dep = preg_replace("/^[^=]+=/","",$rdn)."/".$dep; } /* Return and remove accidently trailing slashes */ return(trim($dep, "/")); } /*! \brief Return the last sub department part of a '/level1/level2/.../' style value. * * Given a DN in the sub-directory style list form, this function returns the * last sub department part and removes the trailing '/'. * * Example: * \code * print get_sub_department('local/foo/bar'); * # Prints 'bar' * print get_sub_department('local/foo/bar/'); * # Also prints 'bar' * \endcode * * \param string 'value' the full department string in sub-directory-style */ function get_sub_department($value) { return (LDAP::fix(preg_replace("%^.*/([^/]+)/?$%", "\\1", $value))); } /*! \brief Get the OU of a certain RDN * * Given a certain RDN name (ogroupRDN, applicationRDN etc.) this * function returns either a configured OU or the default * for the given RDN. * * Example: * \code * # Determine LDAP base where systems are stored * $base = get_ou("systemManagement", "systemRDN") . $this->config->current['BASE']; * $ldap->cd($base); * \endcode * */ function get_ou($class,$name) { global $config; if(!$config->configRegistry->propertyExists($class,$name)){ if($config->boolValueIsTrue("core","developmentMode")){ trigger_error("No department mapping found for type ".$name); } return ""; } $ou = $config->configRegistry->getPropertyValue($class,$name); if ($ou != ""){ if (!preg_match('/^[^=]+=[^=]+/', $ou)){ $ou = @LDAP::convert("ou=$ou"); } else { $ou = @LDAP::convert("$ou"); } if(preg_match("/".preg_quote($config->current['BASE'], '/')."$/",$ou)){ return($ou); }else{ if(!preg_match("/,$/", $ou)){ return("$ou,"); }else{ return($ou); } } } else { return ""; } } /*! \brief Get the OU for users * * Frontend for get_ou() with userRDN * */ function get_people_ou() { return (get_ou("core", "userRDN")); } /*! \brief Get the OU for groups * * Frontend for get_ou() with groupRDN */ function get_groups_ou() { return (get_ou("core", "groupRDN")); } /*! \brief Get the OU for winstations * * Frontend for get_ou() with sambaMachineAccountRDN */ function get_winstations_ou() { return (get_ou("wingeneric", "sambaMachineAccountRDN")); } /*! \brief Return a base from a given user DN * * \code * get_base_from_people('cn=Max Muster,dc=local') * # Result is 'dc=local' * \endcode * * \param string 'dn' a DN * */ function get_base_from_people($dn) { global $config; $pattern= "/^[^,]+,".preg_quote(get_people_ou(), '/')."/i"; $base= preg_replace($pattern, '', $dn); /* Set to base, if we're not on a correct subtree */ if (!isset($config->idepartments[$base])){ $base= $config->current['BASE']; } return ($base); } /*! \brief Check if strict naming rules are configured * * Return TRUE or FALSE depending on weither strictNamingRules * are configured or not. * * \return Returns TRUE if strictNamingRules is set to true or if the * config object is not available, otherwise FALSE. */ function strict_uid_mode() { global $config; if (isset($config)){ return ($config->get_cfg_value("core","strictNamingRules") == "true"); } return (TRUE); } /*! \brief Get regular expression for checking uids based on the naming * rules. * \return string Returns the desired regular expression */ function get_uid_regexp() { /* STRICT adds spaces and case insenstivity to the uid check. This is dangerous and should not be used. */ if (strict_uid_mode()){ return "^[a-z0-9_-]+$"; } else { return "^[a-zA-Z0-9 _.-]+$"; } } /*! \brief Generate a lock message * * This message shows a warning to the user, that a certain object is locked * and presents some choices how the user can proceed. By default this * is 'Cancel' or 'Edit anyway', but depending on the function call * its possible to allow readonly access, too. * * Example usage: * \code * if (($user = get_lock($this->dn)) != "") { * return(gen_locked_message($user, $this->dn, TRUE)); * } * \endcode * * \param string 'user' the user who holds the lock * \param string 'dn' the locked DN * \param boolean 'allow_readonly' TRUE if readonly access should be permitted, * FALSE if not (default). * * */ function gen_locked_message($user, $dn, $allow_readonly = FALSE) { global $plug, $config; session::set('dn', $dn); $remove= false; /* Save variables from LOCK_VARS_TO_USE in session - for further editing */ if( session::is_set('LOCK_VARS_TO_USE') && count(session::get('LOCK_VARS_TO_USE'))){ $LOCK_VARS_USED_GET = array(); $LOCK_VARS_USED_POST = array(); $LOCK_VARS_USED_REQUEST = array(); $LOCK_VARS_TO_USE = session::get('LOCK_VARS_TO_USE'); foreach($LOCK_VARS_TO_USE as $name){ if(empty($name)){ continue; } foreach($_POST as $Pname => $Pvalue){ if(preg_match($name,$Pname)){ $LOCK_VARS_USED_POST[$Pname] = $_POST[$Pname]; } } foreach($_GET as $Pname => $Pvalue){ if(preg_match($name,$Pname)){ $LOCK_VARS_USED_GET[$Pname] = $_GET[$Pname]; } } foreach($_REQUEST as $Pname => $Pvalue){ if(preg_match($name,$Pname)){ $LOCK_VARS_USED_REQUEST[$Pname] = $_REQUEST[$Pname]; } } } session::set('LOCK_VARS_TO_USE',array()); session::set('LOCK_VARS_USED_GET' , $LOCK_VARS_USED_GET); session::set('LOCK_VARS_USED_POST' , $LOCK_VARS_USED_POST); session::set('LOCK_VARS_USED_REQUEST' , $LOCK_VARS_USED_REQUEST); } /* Prepare and show template */ $smarty= get_smarty(); $smarty->assign("allow_readonly",$allow_readonly); $msg= msgPool::buildList($dn); $smarty->assign ("dn", $msg); if ($remove){ $smarty->assign ("action", _("Continue anyway")); } else { $smarty->assign ("action", _("Edit anyway")); } $smarty->assign ("message", _("These entries are currently locked:"). $msg); return ($smarty->fetch (get_template_path('islocked.tpl'))); } /*! \brief Return a string/HTML representation of an array * * This returns a string representation of a given value. * It can be used to dump arrays, where every value is printed * on its own line. The output is targetted at HTML output, it uses * '
' for line breaks. If the value is already a string its * returned unchanged. * * \param mixed 'value' Whatever needs to be printed. * \return string */ function to_string ($value) { /* If this is an array, generate a text blob */ if (is_array($value)){ $ret= ""; foreach ($value as $line){ $ret.= $line."
\n"; } return ($ret); } else { return ($value); } } /*! \brief Return a list of all printers in the current base * * Returns an array with the CNs of all printers (objects with * objectClass gotoPrinter) in the current base. * ($config->current['BASE']). * * Example: * \code * $this->printerList = get_printer_list(); * \endcode * * \return array an array with the CNs of the printers as key and value. * */ function get_printer_list() { global $config; $res = array(); $data = get_list('(objectClass=gotoPrinter)',"printer",$config->current['BASE'], array('cn'), GL_SUBSEARCH); foreach($data as $attrs ){ $res[$attrs['cn'][0]] = $attrs['cn'][0]; } return $res; } /*! \brief Function to rewrite some problematic characters * * This function takes a string and replaces all possibly characters in it * with less problematic characters, as defined in $REWRITE. * * \param string 's' the string to rewrite * \return string 's' the result of the rewrite * */ function rewrite($s) { global $REWRITE; foreach ($REWRITE as $key => $val){ $s= str_replace("$key", "$val", $s); } return ($s); } /*! \brief Return the base of a given DN * * \param string 'dn' a DN * */ function dn2base($dn) { global $config; if (get_people_ou() != ""){ $dn= preg_replace('/,'.get_people_ou().'/i' , ',', $dn); } if (get_groups_ou() != ""){ $dn= preg_replace('/,'.get_groups_ou().'/i' , ',', $dn); } $base= preg_replace ('/^[^,]+,/i', '', $dn); return ($base); } /*! \brief Check if a given command exists and is executable * * Test if a given cmdline contains an executable command. Strips * arguments from the given cmdline. * * \param string 'cmdline' the cmdline to check * \return TRUE if command exists and is executable, otherwise FALSE. * */ function check_command($cmdline) { return(TRUE); $cmd= preg_replace("/ .*$/", "", $cmdline); /* Check if command exists in filesystem */ if (!file_exists($cmd)){ return (FALSE); } /* Check if command is executable */ if (!is_executable($cmd)){ return (FALSE); } return (TRUE); } /*! \brief Print plugin HTML header * * \param string 'image' the path of the image to be used next to the headline * \param string 'image' the headline * \param string 'info' additional information to print */ function print_header($image, $headline, $info= "") { $display= "
\n";
$display.= "
\n";
if ($info != ""){
$display.= " $headline
\n";
$display.= "$info";
$display.= "
\n";
} else {
$display.= "\n";
$display.= " ";
$display.= "
\n";
}
return ($display);
}
/*! \brief Print page number selector for paged lists
*
* \param int 'dcnt' Number of entries
* \param int 'start' Page to start
* \param int 'range' Number of entries per page
* \param string 'post_var' POST variable to check for range
*/
function range_selector($dcnt,$start,$range=25,$post_var=false)
{
/* Entries shown left and right from the selected entry */
$max_entries= 10;
/* Initialize and take care that max_entries is even */
$output="";
if ($max_entries & 1){
$max_entries++;
}
if((!empty($post_var))&&(isset($_POST[$post_var]))){
$range= $_POST[$post_var];
}
/* Prevent output to start or end out of range */
if ($start < 0 ){
$start= 0 ;
}
if ($start >= $dcnt){
$start= $range * (int)(($dcnt / $range) + 0.5);
}
$numpages= (($dcnt / $range));
if(((int)($numpages))!=($numpages)){
$numpages = (int)$numpages + 1;
}
if ((((int)$numpages) <= 1 )&&(!$post_var)){
return ("");
}
$ppage= (int)(($start / $range) + 0.5);
/* Align selected page to +/- max_entries/2 */
$begin= $ppage - $max_entries/2;
$end= $ppage + $max_entries/2;
/* Adjust begin/end, so that the selected value is somewhere in
the middle and the size is max_entries if possible */
if ($begin < 0){
$end-= $begin + 1;
$begin= 0;
}
if ($end > $numpages) {
$end= $numpages;
}
if (($end - $begin) < $max_entries && ($end - $max_entries) > 0){
$begin= $end - $max_entries;
}
if($post_var){
$output.= "| ";
}else{
$output.= " ";
}
/* Draw decrement */
if ($start > 0 ) {
$output.=" ".
" ![\"\"](\"images/back.png\") ";
}
/* Draw pages */
for ($i= $begin; $i < $end; $i++) {
if ($ppage == $i){
$output.= " ".($i+1)." ";
} else {
$output.= " ".($i+1)." ";
}
}
/* Draw increment */
if($start < ($dcnt-$range)) {
$output.=" ".
"![\"\"](\"images/forward.png\") ";
}
if(($post_var)&&($numpages)){
$output.= " | "._("Entries per page")." |
'; return ($string); } /*! \brief Put netmask in n.n.n.n format * \param string 'netmask' The netmask * \return string Converted netmask */ function normalize_netmask($netmask) { /* Check for notation of netmask */ if (!preg_match('/^([0-9]+\.){3}[0-9]+$/', $netmask)){ $num= (int)($netmask); $netmask= ""; for ($byte= 0; $byte<4; $byte++){ $result=0; for ($i= 7; $i>=0; $i--){ if ($num-- > 0){ $result+= pow(2,$i); } } $netmask.= $result."."; } return (preg_replace('/\.$/', '', $netmask)); } return ($netmask); } /*! \brief Return the number of set bits in the netmask * * For a given subnetmask (for example 255.255.255.0) this returns * the number of set bits. * * Example: * \code * $bits = netmask_to_bits('255.255.255.0') # Returns 24 * $bits = netmask_to_bits('255.255.254.0') # Returns 23 * \endcode * * Be aware of the fact that the function does not check * if the given subnet mask is actually valid. For example: * Bad examples: * \code * $bits = netmask_to_bits('255.0.0.255') # Returns 16 * $bits = netmask_to_bits('255.255.0.255') # Returns 24 * \endcode */ function netmask_to_bits($netmask) { list($nm0, $nm1, $nm2, $nm3)= explode('.', $netmask); $res= 0; for ($n= 0; $n<4; $n++){ $start= 255; $name= "nm$n"; for ($i= 0; $i<8; $i++){ if ($start == (int)($$name)){ $res+= 8 - $i; break; } $start-= pow(2,$i); } } return ($res); } /*! \brief Convert various data sizes to bytes * * Given a certain value in the format n(g|m|k), where n * is a value and (g|m|k) stands for Gigabyte, Megabyte and Kilobyte * this function returns the byte value. * * \param string 'value' a value in the above specified format * \return a byte value or the original value if specified string is simply * a numeric value * */ function to_byte($value) { $value= strtolower(trim($value)); if(!is_numeric(substr($value, -1))) { switch(substr($value, -1)) { case 'g': $mult= 1073741824; break; case 'm': $mult= 1048576; break; case 'k': $mult= 1024; break; } return ($mult * (int)substr($value, 0, -1)); } else { return $value; } } /*! \brief Check if a value exists in an array (case-insensitive) * * This is just as http://php.net/in_array except that the comparison * is case-insensitive. * * \param string 'value' needle * \param array 'items' haystack */ function in_array_ics($value, $items) { return preg_grep('/^'.preg_quote($value, '/').'$/i', $items); } /*! \brief Removes malicious characters from a (POST) string. */ function validate($string) { return (strip_tags(str_replace('\0', '', $string))); } /*! \brief Evaluate the current GOsa version from the build in revision string */ function get_gosa_version() { global $svn_revision, $svn_path; /* Extract informations */ $revision= preg_replace('/^[^0-9]*([0-9]+)[^0-9]*$/', '\1', $svn_revision); // Extract the relevant part out of the svn url $release= preg_replace('%^.*/gosa/(.*)/include/functions.inc.*$%', '\1', $svn_path); // Remove stuff which is not interesting if(preg_match("/gosa-core/i", $release)) $release = preg_replace("/[\/]gosa-core/i","",$release); // A Tagged Version if(preg_match("#/tags/#i", $svn_path)){ $release = preg_replace("/tags[\/]*/i","",$release); $release = preg_replace("/\//","",$release) ; return (sprintf(_("GOsa %s"),$release)); } // A Branched Version if(preg_match("#/branches/#i", $svn_path)){ $release = preg_replace("/branches[\/]*/i","",$release); $release = preg_replace("/\//","",$release) ; return (sprintf(_("GOsa %s snapshot (Rev %s)"),$release , bold($revision))); } // The trunk version if(preg_match("#/trunk/#i", $svn_path)){ return (sprintf(_("GOsa development snapshot (Rev %s)"), bold($revision))); } return (sprintf(_("GOsa $release"), $revision)); } /*! \brief Recursively delete a path in the file system * * Will delete the given path and all its files recursively. * Can also follow links if told so. * * \param string 'path' * \param boolean 'followLinks' TRUE to follow links, FALSE (default) * for not following links */ function rmdirRecursive($path, $followLinks=false) { $dir= opendir($path); while($entry= readdir($dir)) { if(is_file($path."/".$entry) || ((!$followLinks) && is_link($path."/".$entry))) { unlink($path."/".$entry); } elseif (is_dir($path."/".$entry) && $entry!='.' && $entry!='..') { rmdirRecursive($path."/".$entry); } } closedir($dir); return rmdir($path); } /*! \brief Get directory content information * * Returns the content of a directory as an array in an * ascended sorted manner. * * \param string 'path' * \param boolean weither to sort the content descending. */ function scan_directory($path,$sort_desc=false) { $ret = false; /* is this a dir ? */ if(is_dir($path)) { /* is this path a readable one */ if(is_readable($path)){ /* Get contents and write it into an array */ $ret = array(); $dir = opendir($path); /* Is this a correct result ?*/ if($dir){ while($fp = readdir($dir)) $ret[]= $fp; } } } /* Sort array ascending , like scandir */ sort($ret); /* Sort descending if parameter is sort_desc is set */ if($sort_desc) { $ret = array_reverse($ret); } return($ret); } /*! \brief Clean the smarty compile dir */ function clean_smarty_compile_dir($directory) { global $svn_revision; if(is_dir($directory) && is_readable($directory)) { // Set revision filename to REVISION $revision_file= $directory."/REVISION"; /* Is there a stamp containing the current revision? */ if(!file_exists($revision_file)) { // create revision file create_revision($revision_file, $svn_revision); } else { # check for "$config->...['CONFIG']/revision" and the # contents should match the revision number if(!compare_revision($revision_file, $svn_revision)){ // If revision differs, clean compile directory foreach(scan_directory($directory) as $file) { if(($file==".")||($file=="..")) continue; if( is_file($directory."/".$file) && is_writable($directory."/".$file)) { // delete file if(!unlink($directory."/".$file)) { msg_dialog::display(_("Internal error"), sprintf(_("File %s cannot be deleted!"), bold($directory."/".$file)), ERROR_DIALOG); // This should never be reached } } } // We should now create a fresh revision file clean_smarty_compile_dir($directory); } else { // Revision matches, nothing to do } } } else { // Smarty compile dir is not accessible // (Smarty will warn about this) } } function create_revision($revision_file, $revision) { $result= false; if(is_dir(dirname($revision_file)) && is_writable(dirname($revision_file))) { if($fh= fopen($revision_file, "w")) { if(fwrite($fh, $revision)) { $result= true; } } fclose($fh); } else { msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG); } return $result; } function compare_revision($revision_file, $revision) { // false means revision differs $result= false; if(file_exists($revision_file) && is_readable($revision_file)) { // Open file if($fh= fopen($revision_file, "r")) { // Compare File contents with current revision if($revision == fread($fh, filesize($revision_file))) { $result= true; } } else { msg_dialog::display(_("Internal error"), _("Cannot write revision file!"), ERROR_DIALOG); } // Close file fclose($fh); } return $result; } /*! \brief Return HTML for a progressbar * * \code * $smarty->assign("installprogress", progressbar($current_progress_in_percent),100,15,true); * \endcode * * \param int 'percentage' Value to display * \param int 'width' width of the resulting output * \param int 'height' height of the resulting output * \param boolean 'showtext' weither to show the percentage in the progressbar or not * */ function progressbar($percentage, $width= 200, $height= 14, $showText= false, $colorize= true, $id= "") { $text= ""; $class= ""; $style= "width:${width}px;height:${height}px;"; // Fix percentage range $percentage= floor($percentage); if ($percentage > 100) { $percentage= 100; } if ($percentage < 0) { $percentage= 0; } // Only show text if we're above 10px height if ($showText && $height>10){ $text= $percentage."%"; } // Set font size $style.= "font-size:".($height-3)."px;"; // Set color if ($colorize){ if ($percentage < 70) { $class= " progress-low"; } elseif ($percentage < 80) { $class= " progress-mid"; } elseif ($percentage < 90) { $class= " progress-high"; } else { $class= " progress-full"; } } // Apply gradients $hoffset= floor($height / 2) + 4; $woffset= floor(($width+5) * (100-$percentage) / 100); foreach (array("-moz-box-shadow", "-webkit-box-shadow", "box-shadow") as $type) { $style.="$type: 0 0 2px rgba(255, 255, 255, 0.4) inset, 0 4px 6px rgba(255, 255, 255, 0.4) inset, 0 ".$hoffset."px 0 -2px rgba(255, 255, 255, 0.2) inset, -".$woffset."px 0 0 -2px rgba(255, 255, 255, 0.2) inset, -".($woffset+1)."px 0 0 -2px rgba(0, 0, 0, 0.6) inset, 0pt ".($hoffset+1)."px 8px rgba(0, 0, 0, 0.3) inset, 0pt 1px 0px rgba(0, 0, 0, 0.2);"; } // Set ID if ($id != ""){ $id= "id='$id'"; } return "
$text
";
}
/*! \brief Lookup a key in an array case-insensitive
*
* Given an associative array this can lookup the value of
* a certain key, regardless of the case.
*
* \code
* $items = array ('FOO' => 'blub', 'bar' => 'blub');
* array_key_ics('foo', $items); # Returns 'blub'
* array_key_ics('BAR', $items); # Returns 'blub'
* \endcode
*
* \param string 'key' needle
* \param array 'items' haystack
*/
function array_key_ics($ikey, $items)
{
$tmp= array_change_key_case($items, CASE_LOWER);
$ikey= strtolower($ikey);
if (isset($tmp[$ikey])){
return($tmp[$ikey]);
}
return ('');
}
/*! \brief Determine if two arrays are different
*
* \param array 'src'
* \param array 'dst'
* \return boolean TRUE or FALSE
* */
function array_differs($src, $dst)
{
/* If the count is differing, the arrays differ */
if (count ($src) != count ($dst)){
return (TRUE);
}
return (count(array_diff($src, $dst)) != 0);
}
function saveFilter($a_filter, $values)
{
if (isset($_POST['regexit'])){
$a_filter["regex"]= $_POST['regexit'];
foreach($values as $type){
if (isset($_POST[$type])) {
$a_filter[$type]= "checked";
} else {
$a_filter[$type]= "";
}
}
}
/* React on alphabet links if needed */
if (isset($_GET['search'])){
$s= mb_substr(validate($_GET['search']), 0, 1, "UTF8")."*";
if ($s == "**"){
$s= "*";
}
$a_filter['regex']= $s;
}
return ($a_filter);
}
/*! \brief Escape all LDAP filter relevant characters */
function normalizeLdap($input)
{
return (addcslashes($input, '()|'));
}
/*! \brief Return the gosa base directory */
function get_base_dir()
{
global $BASE_DIR;
return $BASE_DIR;
}
/*! \brief Test weither we are allowed to read the object */
function obj_is_readable($dn, $object, $attribute)
{
global $ui;
return preg_match('/r/', $ui->get_permissions($dn, $object, $attribute));
}
/*! \brief Test weither we are allowed to change the object */
function obj_is_writable($dn, $object, $attribute)
{
global $ui;
return preg_match('/w/', $ui->get_permissions($dn, $object, $attribute));
}
/*! \brief Explode a DN into its parts
*
* Similar to explode (http://php.net/explode), but a bit more specific
* for the needs when splitting, exploding LDAP DNs.
*
* \param string 'dn' the DN to split
* \param config-object a config object. only neeeded if DN shall be verified in the LDAP
* \param boolean verify_in_ldap check weither DN is valid
*
*/
function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false)
{
/* Initialize variables */
$ret = array("count" => 0); // Set count to 0
$next = true; // if false, then skip next loops and return
$cnt = 0; // Current number of loops
$max = 100; // Just for security, prevent looops
$ldap = NULL; // To check if created result a valid
$keep = ""; // save last failed parse string
/* Check each parsed dn in ldap ? */
if($config!==NULL && $verify_in_ldap){
$ldap = $config->get_ldap_link();
}
/* Lets start */
$called = false;
while(preg_match("/,/",$dn) && $next && $cnt < $max){
$cnt ++;
if(!preg_match("/,/",$dn)){
$next = false;
}
$object = preg_replace("/[,].*$/","",$dn);
$dn = preg_replace("/^[^,]+,/","",$dn);
$called = true;
/* Check if current dn is valid */
if($ldap!==NULL){
$ldap->cd($dn);
$ldap->cat($dn,array("dn"));
if($ldap->count()){
$ret[] = $keep.$object;
$keep = "";
}else{
$keep .= $object.",";
}
}else{
$ret[] = $keep.$object;
$keep = "";
}
}
/* No dn was posted */
if($cnt == 0 && !empty($dn)){
$ret[] = $dn;
}
/* Append the rest */
$test = $keep.$dn;
if($called && !empty($test)){
$ret[] = $keep.$dn;
}
$ret['count'] = count($ret) - 1;
return($ret);
}
function get_base_from_hook($dn, $attrib)
{
global $config;
if ($config->get_cfg_value("core","baseIdHook") != ""){
/* Call hook script - if present */
$command= $config->get_cfg_value("core","baseIdHook");
if ($command != ""){
$command.= " '".LDAP::fix($dn)."' $attrib";
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
exec($command, $output);
if (preg_match("/^[0-9]+$/", $output[0])){
return ($output[0]);
} else {
msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG);
return ($config->get_cfg_value("core","uidNumberBase"));
}
} else {
msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG);
return ($config->get_cfg_value("core","uidNumberBase"));
}
} else {
msg_dialog::display(_("Warning"), _("'baseIdHook' is not available. Using default base!"), WARNING_DIALOG);
return ($config->get_cfg_value("core","uidNumberBase"));
}
}
}
/*! \brief Check if schema version matches the requirements */
function check_schema_version($class, $version)
{
return preg_match("/\(v$version\)/", $class['DESC']);
}
/*! \brief Check if LDAP schema matches the requirements */
function check_schema($cfg,$rfc2307bis = FALSE)
{
$messages= array();
/* Get objectclasses */
$ldap = new ldapMultiplexer(new LDAP($cfg['admin'],$cfg['password'],$cfg['connection'] ,FALSE, $cfg['tls']));
$objectclasses = $ldap->get_objectclasses();
if(count($objectclasses) == 0){
msg_dialog::display(_("Warning"), _("Cannot read schema information from LDAP. Schema validation is not possible!"), WARNING_DIALOG);
}
/* This is the default block used for each entry.
* to avoid unset indexes.
*/
$def_check = array("REQUIRED_VERSION" => "0",
"SCHEMA_FILES" => array(),
"CLASSES_REQUIRED" => array(),
"STATUS" => FALSE,
"IS_MUST_HAVE" => FALSE,
"MSG" => "",
"INFO" => "");
/* The gosa base schema */
$checks['gosaObject'] = $def_check;
$checks['gosaObject']['REQUIRED_VERSION'] = "2.6.1";
$checks['gosaObject']['SCHEMA_FILES'] = array("gosa-samba3.schema");
$checks['gosaObject']['CLASSES_REQUIRED'] = array("gosaObject");
$checks['gosaObject']['IS_MUST_HAVE'] = TRUE;
/* GOsa Account class */
$checks["gosaAccount"]["REQUIRED_VERSION"]= "2.6.6";
$checks["gosaAccount"]["SCHEMA_FILES"] = array("gosa-samba3.schema");
$checks["gosaAccount"]["CLASSES_REQUIRED"]= array("gosaAccount");
$checks["gosaAccount"]["IS_MUST_HAVE"] = TRUE;
$checks["gosaAccount"]["INFO"] = _("This class is used to make users appear in GOsa.");
/* GOsa lock entry, used to mark currently edited objects as 'in use' */
$checks["gosaLockEntry"]["REQUIRED_VERSION"] = "2.6.1";
$checks["gosaLockEntry"]["SCHEMA_FILES"] = array("gosa-samba3.schema");
$checks["gosaLockEntry"]["CLASSES_REQUIRED"] = array("gosaLockEntry");
$checks["gosaLockEntry"]["IS_MUST_HAVE"] = TRUE;
$checks["gosaLockEntry"]["INFO"] = _("This class is used to lock entries in order to prevent multiple edits at a time.");
/* Some other checks */
foreach(array(
"gosaCacheEntry" => array("version" => "2.6.1", "class" => "gosaAccount"),
"gosaDepartment" => array("version" => "2.6.1", "class" => "gosaAccount"),
"goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
"gosaUserTemplate" => array("version" => "2.6.1", "class" => "posixAccount","file" => "nis.schema"),
"gosaMailAccount" => array("version" => "2.6.1", "class" => "mailAccount","file" => "gosa-samba3.schema"),
"gosaProxyAccount" => array("version" => "2.6.1", "class" => "proxyAccount","file" => "gosa-samba3.schema"),
"gosaApplication" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"),
"gosaApplicationGroup" => array("version" => "2.6.1", "class" => "appgroup","file" => "gosa.schema"),
"GOhard" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"gotoTerminal" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"goServer" => array("version" => "2.6.1", "class" => "server","file" => "goserver.schema"),
"goTerminalServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"goShareServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"goNtpServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"goSyslogServer" => array("version" => "2.6.1", "class" => "terminals","file" => "goto.schema"),
"goLdapServer" => array("version" => "2.6.1", "class" => "goServer"),
"goCupsServer" => array("version" => "2.6.1", "class" => array("posixAccount", "terminals"),),
"goImapServer" => array("version" => "2.6.1", "class" => array("mailAccount", "mailgroup"),"file" => "gosa-samba3.schema"),
"goKrbServer" => array("version" => "2.6.1", "class" => "goServer"),
"goFaxServer" => array("version" => "2.6.1", "class" => "gofaxAccount","file" => "gofax.schema"),
) as $name => $values){
$checks[$name] = $def_check;
if(isset($values['version'])){
$checks[$name]["REQUIRED_VERSION"] = $values['version'];
}
if(isset($values['file'])){
$checks[$name]["SCHEMA_FILES"] = array($values['file']);
}
if (isset($values['class'])) {
$checks[$name]["CLASSES_REQUIRED"] = is_array($values['class'])?$values['class']:array($values['class']);
}
}
foreach($checks as $name => $value){
foreach($value['CLASSES_REQUIRED'] as $class){
if(!isset($objectclasses[$name])){
if($value['IS_MUST_HAVE']){
$checks[$name]['STATUS'] = FALSE;
$checks[$name]['MSG'] = sprintf(_("Required object class %s is missing!"), bold($class));
} else {
$checks[$name]['STATUS'] = TRUE;
$checks[$name]['MSG'] = sprintf(_("Optional object class %s is missing!"), bold($class));
}
}elseif(!check_schema_version($objectclasses[$name],$value['REQUIRED_VERSION'])){
$checks[$name]['STATUS'] = FALSE;
$checks[$name]['MSG'] = sprintf(_("Wrong version of required object class %s (!=%s) detected!"), bold($class), bold($value['REQUIRED_VERSION']));
}else{
$checks[$name]['STATUS'] = TRUE;
$checks[$name]['MSG'] = sprintf(_("Class available"));
}
}
}
$tmp = $objectclasses;
/* The gosa base schema */
$checks['posixGroup'] = $def_check;
$checks['posixGroup']['REQUIRED_VERSION'] = "2.6.1";
$checks['posixGroup']['SCHEMA_FILES'] = array("gosa-samba3.schema","gosa-samba2.schema");
$checks['posixGroup']['CLASSES_REQUIRED'] = array("posixGroup");
$checks['posixGroup']['STATUS'] = TRUE;
$checks['posixGroup']['IS_MUST_HAVE'] = TRUE;
$checks['posixGroup']['MSG'] = "";
$checks['posixGroup']['INFO'] = "";
/* Depending on selected rfc2307bis mode, we need different schema configurations */
if(isset($tmp['posixGroup'])){
if($rfc2307bis && isset($tmp['posixGroup']['STRUCTURAL'])){
$checks['posixGroup']['STATUS'] = FALSE;
$checks['posixGroup']['MSG'] = _("RFC2307bis schema is enabled, but the current LDAP configuration does not support it!");
$checks['posixGroup']['INFO'] = _("To use RFC2307bis groups, the objectClass 'posixGroup' must be AUXILIARY.");
}
if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){
$checks['posixGroup']['STATUS'] = FALSE;
$checks['posixGroup']['MSG'] = _("RFC2307bis schema is disabled, but the current LDAP configuration supports it!");
$checks['posixGroup']['INFO'] = _("To correct this, the objectClass 'posixGroup' must be STRUCTURAL.");
}
}
return($checks);
}
function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FALSE)
{
$tmp = array(
"de_DE" => "German",
"fr_FR" => "French",
"it_IT" => "Italian",
"es_ES" => "Spanish",
"en_US" => "English",
"nl_NL" => "Dutch",
"pl_PL" => "Polish",
"pt_BR" => "Brazilian Portuguese",
#"sv_SE" => "Swedish",
"zh_CN" => "Chinese",
"vi_VN" => "Vietnamese",
"ru_RU" => "Russian");
$tmp2= array(
"de_DE" => _("German"),
"fr_FR" => _("French"),
"it_IT" => _("Italian"),
"es_ES" => _("Spanish"),
"en_US" => _("English"),
"nl_NL" => _("Dutch"),
"pl_PL" => _("Polish"),
"pt_BR" => _("Brazilian Portuguese"),
#"sv_SE" => _("Swedish"),
"zh_CN" => _("Chinese"),
"vi_VN" => _("Vietnamese"),
"ru_RU" => _("Russian"));
$ret = array();
if($languages_in_own_language){
$old_lang = setlocale(LC_ALL, 0);
/* If the locale wasn't correclty set before, there may be an incorrect
locale returned. Something like this:
C_CTYPE=de_DE.UTF-8;LC_NUMERIC=C;LC_TIME=de_DE.UTF-8;LC ...
Extract the locale name from this string and use it to restore old locale.
*/
if(preg_match("/LC_CTYPE/",$old_lang)){
$old_lang = preg_replace("/^.*LC_CTYPE=([^;]*).*$/","\\1",$old_lang);
}
foreach($tmp as $key => $name){
$lang = $key.".UTF-8";
setlocale(LC_ALL, $lang);
if($strip_region_tag){
$ret[preg_replace("/^([^_]*).*$/","\\1",$key)] = _($name)." (".$tmp2[$key].")";
}else{
$ret[$key] = _($name)." (".$tmp2[$key].")";
}
}
setlocale(LC_ALL, $old_lang);
}else{
foreach($tmp as $key => $name){
if($strip_region_tag){
$ret[preg_replace("/^([^_]*).*/","\\1",$key)] = _($name);
}else{
$ret[$key] = _($name);
}
}
}
return($ret);
}
/*! \brief Returns contents of the given POST variable and check magic quotes settings
*
* Depending on the magic quotes settings this returns a stripclashed'ed version of
* a certain POST variable.
*
* \param string 'name' the POST var to return ($_POST[$name])
* \return string
* */
function get_post($name)
{
if(!isset($_POST[$name])){
trigger_error("Requested POST value (".$name.") does not exist, you should add a check to prevent this message.");
return(FALSE);
}
// Handle Posted Arrays
$tmp = array();
if(is_array($_POST[$name]) && !is_string($_POST[$name])){
if(version_compare(PHP_VERSION, '5.4.0', '<') && get_magic_quotes_gpc()){
$tmp = array_map("stripcslashes", $_POST);
} else {
$tmp = $_POST;
}
return($tmp);
}else{
if(version_compare(PHP_VERSION, '5.4.0', '<') && get_magic_quotes_gpc()){
$val = stripcslashes($_POST[$name]);
}else{
$val = $_POST[$name];
}
}
return($val);
}
/*! \brief Returns contents of the given POST variable and check magic quotes settings
*
* Depending on the magic quotes settings this returns a stripclashed'ed version of
* a certain POST variable.
*
* \param string 'name' the POST var to return ($_POST[$name])
* \return string
* */
function get_binary_post($name)
{
if(!isset($_POST[$name])){
trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
return(FALSE);
}
$p = str_replace('\0', '', $_POST[$name]);
if(get_magic_quotes_gpc()){
return(stripcslashes($p));
}else{
return($_POST[$p]);
}
}
function set_post($value)
{
// Take care of array, recursivly convert each array entry.
if(is_array($value)){
foreach($value as $key => $val){
$value[$key] = set_post($val);
}
return($value);
}
// Do not touch boolean values, we may break them.
if($value === TRUE || $value === FALSE ) return($value);
// Return a fixed string which can then be used in HTML fields without
// breaking the layout or the values. This allows to use '"<> in input fields.
return(htmlentities($value, ENT_QUOTES, 'utf-8'));
}
/*! \brief Return class name in correct case */
function get_correct_class_name($cls)
{
global $class_mapping;
if(isset($class_mapping) && is_array($class_mapping)){
foreach($class_mapping as $class => $file){
if(preg_match("/^".$cls."$/i",$class)){
return($class);
}
}
}
return(FALSE);
}
/*! \brief Change the password for a given object ($dn).
* This method uses the specified hashing method to generate a new password
* for the object and it also takes care of sambaHashes, if enabled.
* Finally the postmodify hook of the class 'user' will be called, if it is set.
*
* @param String The DN whose password shall be changed.
* @param String The new password.
* @param Boolean Skip adding samba hashes to the target (sambaNTPassword,sambaLMPassword)
* @param String The hashin method to use, default is the global configured default.
* @param String The users old password, this allows script based rollback mechanisms,
* the prehook will then be called witch switched newPassword/oldPassword.
* @return Boolean TRUE on success else FALSE.
*/
function change_password ($dn, $password, $mode=FALSE, $hash= "", $old_password = "", &$message = "")
{
global $config;
$newpass= "";
// Not sure, why this is here, but maybe some encryption methods require it.
mt_srand((double) microtime()*1000000);
// Get a list of all available password encryption methods.
$methods = new passwordMethod(session::get('config'),$dn);
$available = $methods->get_available_methods();
// Fetch the current object data, to be able to detect the current hashing method
// and to be able to rollback changes once has an error occured.
$ldap = $config->get_ldap_link();
$ldap->cat ($dn, array("shadowLastChange", "userPassword","sambaNTPassword","sambaLMPassword", "uid", "objectClass"));
$attrs = $ldap->fetch ();
$initialAttrs = $attrs;
// If no hashing method is enforced, then detect what method we've to use.
$hash = strtolower($hash);
if(empty($hash)){
// Do we need clear-text password for this object?
if(isset($attrs['userPassword'][0]) && !preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0])){
$hash = "clear";
$test = new $available[$hash]($config,$dn);
$test->set_hash($hash);
}
// If we've still no valid hashing method detected, then try to extract if from the userPassword attribute.
elseif(isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)){
$test = passwordMethod::get_method($attrs['userPassword'][0],$dn);
if($test){
$hash = $test->get_hash_name();
}
}
// No current password was found and no hash is enforced, so we've to use the config default here.
$hash = $config->get_cfg_value('core','passwordDefaultHash');
$test = new $available[$hash]($config,$dn);
$test->set_hash($hash);
}else{
$test = new $available[$hash]($config,$dn);
$test->set_hash($hash);
}
// We've now a valid password-method-handle and can create the new password hash or don't we?
if(!$test instanceOf passwordMethod){
$message = _("Cannot detect password hash!");
}else{
// Feed password backends with object information.
$test->dn = $dn;
$test->attrs = $attrs;
$newpass= $test->generate_hash($password);
// Do we have to append samba attributes too?
// - sambaNTPassword / sambaLMPassword
$tmp = $config->get_cfg_value('core','sambaHashHook');
$attrs= array();
if (!$mode && !empty($tmp)){
$attrs= generate_smb_nt_hash($password);
if(!count($attrs) || !is_array($attrs)){
msg_dialog::display(_("Error"),_("Cannot generate SAMBA hash!"),ERROR_DIALOG);
return(FALSE);
}
}
// Write back the new password hash
$ldap->cd($dn);
$attrs['userPassword']= $newpass;
// For posixUsers - Set the last changed value.
if(in_array_strict("shadowAccount", $initialAttrs['objectClass'])){
$attrs['shadowLastChange'] = (int)(date("U") / 86400);
}
// Prepare a special attribute list, which will be used for event hook calls
$attrsEvent = array();
foreach($initialAttrs as $name => $value){
if(!is_numeric($name))
$attrsEvent[$name] = escapeshellarg($value[0]);
}
$attrsEvent['dn'] = escapeshellarg($initialAttrs['dn']);
foreach($attrs as $name => $value){
$attrsEvent[$name] = escapeshellarg($value);
}
$attrsEvent['current_password'] = escapeshellarg($old_password);
$attrsEvent['new_password'] = escapeshellarg($password);
// Call the premodify hook now
$passwordPlugin = new password($config,$dn);
plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE);
if($retCode === 0 && count($output)){
$message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output));
return(FALSE);
}
// Perform ldap operations
$ldap->modify($attrs);
// Check if the object was locked before, if it was, lock it again!
$deactivated = $test->is_locked($config,$dn);
if($deactivated){
$test->lock_account($config,$dn);
}
// Check if everything went fine and then call the post event hooks.
// If an error occures, then try to rollback the complete actions done.
$preRollback = FALSE;
$ldapRollback = FALSE;
$success = TRUE;
if (!$ldap->success()) {
new log("modify","users/passwordMethod",$dn,array(),"Password change - ldap modifications! - FAILED");
$success =FALSE;
$message = msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD);
$preRollback =TRUE;
} else {
// Now call the passwordMethod change mechanism.
if(!$test->set_password($password)){
$ldapRollback = TRUE;
$preRollback =TRUE;
$success = FALSE;
new log("modify","users/passwordMethod",$dn,array(),"Password change - set_password! - FAILED");
$message = _("Password change failed!");
}else{
// Execute the password hook
plugin::callHook($passwordPlugin, 'POSTMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE);
if($retCode === 0){
if(count($output)){
new log("modify","users/passwordMethod",$dn,array(),"Password change - Post modify hook reported! - FAILED!");
$message = sprintf(_("Post-event hook reported a problem: %s. Password change canceled!"),implode($output));
$ldapRollback = TRUE;
$preRollback = TRUE;
$success = FALSE;
}else{
#new log("modify","users/passwordMethod",$dn,array(),"Password change - successfull!");
}
}else{
$ldapRollback = TRUE;
$preRollback = TRUE;
$success = FALSE;
new log("modify","users/passwordMethod",$dn,array(),"Password change - postmodify hook execution! - FAILED");
new log("modify","users/passwordMethod",$dn,array(),$error);
// Call password method again and send in old password to
// keep the database consistency
$test->set_password($old_password);
}
}
}
// Setting the password in the ldap database or further operation failed, we should now execute
// the plugins pre-event hook, using switched passwords, new/old password.
// This ensures that passwords which were set outside of GOsa, will be reset to its
// starting value.
if($preRollback){
new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook!");
$oldpass= $test->generate_hash($old_password);
$attrsEvent['current_password'] = escapeshellarg($password);
$attrsEvent['new_password'] = escapeshellarg($old_password);
foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){
if(isset($initialAttrs[$attr][0])) $attrsEvent[$attr] = $initialAttrs[$attr][0];
}
plugin::callHook($passwordPlugin, 'PREMODIFY', $attrsEvent, $output,$retCode,$error, $directlyPrintError = FALSE);
if($retCode === 0 && count($output)){
$message = sprintf(_("Pre-event hook reported a problem: %s. Password change canceled!"),implode($output));
new log("modify","users/passwordMethod",$dn,array(),"Rolling back premodify hook! - FAILED!");
}
}
// We've written the password to the ldap database, but executing the postmodify hook failed.
// Now, we've to rollback all password related ldap operations.
if($ldapRollback){
new log("modify","users/passwordMethod",$dn,array(),"Rolling back ldap modifications!");
$attrs = array();
foreach(array("userPassword","sambaNTPassword","sambaLMPassword") as $attr){
if(isset($initialAttrs[$attr][0])) $attrs[$attr] = $initialAttrs[$attr][0];
}
$ldap->cd($dn);
$ldap->modify($attrs);
if(!$ldap->success()){
$message = msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD);
new log("modify","users/passwordMethod",$dn,array(),"Rolling back ldap modifications! - FAILED");
}
}
// Log action.
if($success){
stats::log('global', 'global', array('users'), $action = 'change_password', $amount = 1, 0, $test->get_hash());
new log("modify","users/passwordMethod",$dn,array(),"Password change - successfull!");
}else{
new log("modify","users/passwordMethod",$dn,array(),"Password change - FAILED!");
}
return($success);
}
}
/*! \brief Generate samba hashes
*
* Given a certain password this constructs an array like
* array['sambaLMPassword'] etc.
*
* \param string 'password'
* \return array contains several keys for lmPassword, ntPassword, pwdLastSet, etc. depending
* on the samba version
*/
function generate_smb_nt_hash($password)
{
global $config;
// First try to retrieve values via RPC
if ($config->get_cfg_value("core","gosaRpcServer") != ""){
$rpc = $config->getRpcHandle();
$hash = $rpc->mksmbhash($password);
if(!$rpc->success()){
msg_dialog::display(_("Error"),msgPool::rpcError($rpc->get_error()),ERROR_DIALOG);
return(array());
}
}elseif ($config->get_cfg_value("core","gosaSupportURI") != ""){
// Try using gosa-si
$res= gosaSupportDaemon::send("gosa_gen_smb_hash", "GOSA", array("password" => $password), TRUE);
if (isset($res['XML']['HASH'])){
$hash= $res['XML']['HASH'];
} else {
$hash= "";
}
if ($hash == "") {
msg_dialog::display(_("Configuration error"), _("Cannot generate SAMBA hash!"), ERROR_DIALOG);
return ("");
}
} else {
$password = addcslashes($password, '$'); // <- Escape $ twice for transport from PHP to console-process.
$password = addcslashes($password, '$');
$password = addcslashes($password, '$'); // <- And again once, to be able to use it as parameter for the perl script.
$tmp = $config->get_cfg_value("core",'sambaHashHook');
$tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp);
$tmp = preg_replace("/%password/", escapeshellarg($password), $tmp);
@DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
exec($tmp, $ar);
flush();
reset($ar);
$hash= current($ar);
if ($hash == "") {
msg_dialog::display(_("Configuration error"), sprintf(_("Generating SAMBA hash by running %s failed: check %s!"), bold($config->get_cfg_value("core",'sambaHashHook'), bold("sambaHashHook"))), ERROR_DIALOG);
return(array());
}
}
list($lm,$nt)= explode(":", trim($hash));
$attrs['sambaLMPassword']= $lm;
$attrs['sambaNTPassword']= $nt;
$attrs['sambaPwdLastSet']= date('U');
$attrs['sambaBadPasswordCount']= "0";
$attrs['sambaBadPasswordTime']= "0";
return($attrs);
}
/*! \brief Get the Change Sequence Number of a certain DN
*
* To verify if a given object has been changed outside of Gosa
* in the meanwhile, this function can be used to get the entryCSN
* from the LDAP directory. It uses the attribute as configured
* in modificationDetectionAttribute
*
* \param string 'dn'
* \return either the result or "" in any other case
*/
function getEntryCSN($dn)
{
global $config;
if(empty($dn) || !is_object($config)){
return("");
}
/* Get attribute that we should use as serial number */
$attr= $config->get_cfg_value("core","modificationDetectionAttribute");
if($attr != ""){
$ldap = $config->get_ldap_link();
$ldap->cat($dn,array($attr));
$csn = $ldap->fetch();
if(isset($csn[$attr][0])){
return($csn[$attr][0]);
}
}
return("");
}
/*! \brief Add (a) given objectClass(es) to an attrs entry
*
* The function adds the specified objectClass(es) to the given
* attrs entry.
*
* \param mixed 'classes' Either a single objectClass or several objectClasses
* as an array
* \param array 'attrs' The attrs array to be modified.
*
* */
function add_objectClass($classes, &$attrs)
{
if (is_array($classes)){
$list= $classes;
} else {
$list= array($classes);
}
foreach ($list as $class){
$attrs['objectClass'][]= $class;
}
}
/*! \brief Removes a given objectClass from the attrs entry
*
* Similar to add_objectClass, except that it removes the given
* objectClasses. See it for the params.
* */
function remove_objectClass($classes, &$attrs)
{
if (isset($attrs['objectClass'])){
/* Array? */
if (is_array($classes)){
$list= $classes;
} else {
$list= array($classes);
}
$tmp= array();
foreach ($attrs['objectClass'] as $oc) {
foreach ($list as $class){
if (strtolower($oc) != strtolower($class)){
$tmp[]= $oc;
}
}
}
$attrs['objectClass']= $tmp;
}
}
/*! \brief Initialize a file download with given content, name and data type.
* \param string data The content to send.
* \param string name The name of the file.
* \param string type The content identifier, default value is "application/octet-stream";
*/
function send_binary_content($data,$name,$type = "application/octet-stream")
{
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
header("Cache-Control: post-check=0, pre-check=0");
header("Content-type: ".$type."");
$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
/* Strip name if it is a complete path */
if (preg_match ("/\//", $name)) {
$name= basename($name);
}
/* force download dialog */
if (preg_match('/MSIE 5.5/', $HTTP_USER_AGENT) || preg_match('/MSIE 6.0/', $HTTP_USER_AGENT)) {
header('Content-Disposition: filename="'.$name.'"');
} else {
header('Content-Disposition: attachment; filename="'.$name.'"');
}
echo $data;
exit();
}
function reverse_html_entities($str,$type = ENT_QUOTES , $charset = "UTF-8")
{
if(is_string($str)){
return(htmlentities($str,$type,$charset));
}elseif(is_array($str)){
foreach($str as $name => $value){
$str[$name] = reverse_html_entities($value,$type,$charset);
}
}
return($str);
}
/*! \brief Encode special string characters so we can use the string in \
HTML output, without breaking quotes.
\param string The String we want to encode.
\return string The encoded String
*/
function xmlentities($str)
{
if(is_string($str)){
static $asc2uni= array();
if (!count($asc2uni)){
for($i=128;$i<256;$i++){
# $asc2uni[chr($i)] = "&#x".dechex($i).";";
}
}
$str = str_replace("&", "&", $str);
$str = str_replace("<", "<", $str);
$str = str_replace(">", ">", $str);
$str = str_replace("'", "'", $str);
$str = str_replace("\"", """, $str);
$str = str_replace("\r", "", $str);
$str = strtr($str,$asc2uni);
return $str;
}elseif(is_array($str)){
foreach($str as $name => $value){
$str[$name] = xmlentities($value);
}
}
return($str);
}
/*! \brief Updates all accessTo attributes from a given value to a new one.
For example if a host is renamed.
\param String $from The source accessTo name.
\param String $to The destination accessTo name.
*/
function update_accessTo($from,$to)
{
global $config;
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
$ldap->search("(&(objectClass=trustAccount)(accessTo=".$from."))",array("objectClass","accessTo"));
while($attrs = $ldap->fetch()){
$new_attrs = array("accessTo" => array());
$dn = $attrs['dn'];
for($i = 0 ; $i < $attrs['accessTo']['count']; $i++){
if($attrs['accessTo'][$i] == $from){
if(!empty($to)){
$new_attrs['accessTo'][] = $to;
}
}else{
$new_attrs['accessTo'][] = $attrs['accessTo'][$i];
}
}
$ldap->cd($dn);
$ldap->modify($new_attrs);
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, "update_accessTo($from,$to)"));
}
new log("modify","update_accessTo($from,$to)",$dn,array_keys($new_attrs),$ldap->get_error());
}
}
/*! \brief Returns a random char */
function get_random_char () {
$randno = rand (0, 63);
if ($randno < 12) {
return (chr ($randno + 46)); // Digits, '/' and '.'
} else if ($randno < 38) {
return (chr ($randno + 53)); // Uppercase
} else {
return (chr ($randno + 59)); // Lowercase
}
}
function cred_encrypt($input, $password) {
$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
return bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $password, $input, MCRYPT_MODE_ECB, $iv));
}
function cred_decrypt($input,$password) {
$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, pack("H*", $input), MCRYPT_MODE_ECB, $iv);
}
function get_object_info()
{
return(session::get('objectinfo'));
}
function set_object_info($str = "")
{
session::set('objectinfo',$str);
}
function isIpInNet($ip, $net, $mask) {
// Move to long ints
$ip= ip2long($ip);
$net= ip2long($net);
$mask= ip2long($mask);
// Mask given IP with mask. If it returns "net", we're in...
$res= $ip & $mask;
return ($res == $net);
}
function get_next_id($attrib, $dn)
{
global $config;
switch ($config->get_cfg_value("core","idAllocationMethod")){
case "pool":
return get_next_id_pool($attrib);
case "traditional":
return get_next_id_traditional($attrib, $dn);
}
msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("unknown idAllocation method!"), ERROR_DIALOG);
return null;
}
function get_next_id_pool($attrib) {
global $config;
/* Fill informational values */
$min= $config->get_cfg_value("core","${attrib}PoolMin");
$max= $config->get_cfg_value("core","${attrib}PoolMax");
/* Sanity check */
if ($min >= $max) {
msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".sprintf(_("%sPoolMin >= %sPoolMax!"), bold($attrib), bold($attrib)), ERROR_DIALOG);
return null;
}
/* ID to skip */
$ldap= $config->get_ldap_link();
$id= null;
/* Try to allocate the ID several times before failing */
$tries= 3;
while ($tries--) {
/* Look for ID map entry */
$ldap->cd ($config->current['BASE']);
$ldap->search ("(&(objectClass=sambaUnixIdPool)($attrib=*))", array("$attrib"));
/* If it does not exist, create one with these defaults */
if ($ldap->count() == 0) {
/* Fill informational values */
$minUserId= $config->get_cfg_value("core","uidNumberPoolMin");
$minGroupId= $config->get_cfg_value("core","gidNumberPoolMin");
/* Add as default */
$attrs= array("objectClass" => array("organizationalUnit", "sambaUnixIdPool"));
$attrs["ou"]= "idmap";
$attrs["uidNumber"]= $minUserId;
$attrs["gidNumber"]= $minGroupId;
$ldap->cd("ou=idmap,".$config->current['BASE']);
$ldap->add($attrs);
if ($ldap->error != "Success") {
msg_dialog::display(_("Error"), _("Cannot create sambaUnixIdPool entry!"), ERROR_DIALOG);
return null;
}
$tries++;
continue;
}
/* Bail out if it's not unique */
if ($ldap->count() != 1) {
msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("sambaUnixIdPool is not unique!"), ERROR_DIALOG);
return null;
}
/* Store old attrib and generate new */
$attrs= $ldap->fetch();
$dn= $ldap->getDN();
$oldAttr= $attrs[$attrib][0];
$newAttr= $oldAttr + 1;
/* Sanity check */
if ($newAttr >= $max) {
msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG);
return null;
}
if ($newAttr < $min) {
msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("no ID available!"), ERROR_DIALOG);
return null;
}
#FIXME: PHP is not able to do a modification of "del: .../add: ...", so this
# is completely unsafe in the moment.
#/* Remove old attr, add new attr */
#$attrs= array($attrib => $oldAttr);
#$ldap->rm($attrs, $dn);
#if ($ldap->error != "Success") {
# continue;
#}
$ldap->cd($dn);
$ldap->modify(array($attrib => $newAttr));
if ($ldap->error != "Success") {
msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." ".$ldap->get_error(), ERROR_DIALOG);
return null;
} else {
return $oldAttr;
}
}
/* Bail out if we had problems getting the next id */
if (!$tries) {
msg_dialog::display(_("Error"), _("Cannot allocate free ID:")." "._("maximum number of tries exceeded!"), ERROR_DIALOG);
}
return $id;
}
function get_next_id_traditional($attrib, $dn)
{
global $config;
$ids= array();
$ldap= $config->get_ldap_link();
$ldap->cd ($config->current['BASE']);
if (preg_match('/gidNumber/i', $attrib)){
$oc= "posixGroup";
} else {
$oc= "posixAccount";
}
$ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
/* Get list of ids */
while ($attrs= $ldap->fetch()){
$ids[]= (int)$attrs["$attrib"][0];
}
/* Add the nobody id */
$ids[]= 65534;
/* get the ranges */
$tmp = array('0'=> 1000);
if (preg_match('/posixAccount/', $oc) && $config->get_cfg_value("core","uidNumberBase") != ""){
$tmp= explode('-',$config->get_cfg_value("core","uidNumberBase"));
} elseif($config->get_cfg_value("core","gidNumberBase") != ""){
$tmp= explode('-',$config->get_cfg_value("core","gidNumberBase"));
}
/* Set hwm to max if not set - for backward compatibility */
$lwm= $tmp[0];
if (isset($tmp[1])){
$hwm= $tmp[1];
} else {
$hwm= pow(2,32);
}
/* Find out next free id near to UID_BASE */
if ($config->get_cfg_value("core","baseIdHook") == ""){
$base= $lwm;
} else {
/* Call base hook */
$base= get_base_from_hook($dn, $attrib);
}
for ($id= $base; $id++; $id < pow(2,32)){
if (!in_array_strict($id, $ids)){
return ($id);
}
}
/* Should not happen */
if ($id == $hwm){
msg_dialog::display(_("Error"), _("Cannot allocate free ID!"), ERROR_DIALOG);
exit;
}
}
/* Mark the occurance of a string with a span */
function mark($needle, $haystack, $ignorecase= true)
{
$result= "";
while (preg_match('/^(.*)('.preg_quote($needle).')(.*)$/i', $haystack, $matches)) {
$result.= $matches[1]."".$matches[2]."";
$haystack= $matches[3];
}
return $result.$haystack;
}
/* Return an image description using the path */
function image($path, $action= "", $title= "", $align= "middle")
{
global $config;
global $BASE_DIR;
$label= null;
// Bail out, if there's no style file
if(!class_exists('session')){
return "";
}
if(!session::global_is_set("img-styles")){
// Get theme
if (isset ($config)){
$theme= $config->get_cfg_value("core","theme");
} else {
// Fall back to default theme
$theme= "default";
}
if (!file_exists("$BASE_DIR/ihtml/themes/$theme/img.styles")){
die ("No img.style for this theme found!");
}
session::global_set('img-styles', unserialize(file_get_contents("$BASE_DIR/ihtml/themes/$theme/img.styles")));
}
$styles= session::global_get('img-styles');
/* Extract labels from path */
if (preg_match("/\.png\[(.*)\]$/", $path, $matches)) {
$label= $matches[1];
}
$lbl= "";
if ($label) {
if (isset($styles["images/label-".$label.".png"])) {
$lbl= "";
} else {
die("Invalid label specified: $label\n");
}
$path= preg_replace("/\[.*\]$/", "", $path);
}
// Non middle layout?
if ($align == "middle") {
$align= "";
} else {
$align= ";vertical-align:$align";
}
// Clickable image or not?
if ($title != "") {
$title= "title='$title'";
}
if ($action == "") {
return "$lbl
";
} else {
return "";
}
}
/*! \brief Encodes a complex string to be useable in HTML posts.
*/
function postEncode($str)
{
return(preg_replace("/=/","_", base64_encode($str)));
}
/*! \brief Decodes a string encoded by postEncode
*/
function postDecode($str)
{
return(base64_decode(preg_replace("/_/","=", $str)));
}
/*! \brief Generate styled output
*/
function bold($str)
{
return "$str";
}
/*! \brief Detect the special character handling for the currently used ldap database.
* For example some convert , to \2C or " to \22.
*
* @param Config The GOsa configuration object.
* @return Array An array containing a character mapping the use.
*/
function detectLdapSpecialCharHandling()
{
// The list of chars to test for
global $config;
if(!$config) return(NULL);
// In the DN we've to use escaped characters, but the object name (o)
// has the be un-escaped.
$name = 'GOsaLdapEncoding_,_"_(_)_+_/';
$dnName = 'GOsaLdapEncoding_\,_\"_(_)_\+_/';
// Prapare name to be useable in filters
$fixed= normalizeLdap(str_replace('\\\\', '\\\\\\', $name));
$filterName = str_replace('\\,', '\\\\,', $fixed);
// Create the target dn
$oDN = "o={$dnName},".$config->current['BASE'];
// Get ldap connection and check if we've already created the character
// detection object.
$ldapCID = ldap_connect($config->current['SERVER']);
ldap_set_option($ldapCID, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($ldapCID, $config->current['ADMINDN'],$config->current['ADMINPASSWORD']);
$res = ldap_list($ldapCID, $config->current['BASE'],
"(&(o=".$filterName.")(objectClass=organization))",
array('dn'));
// If we haven't created the character-detection object, then create it now.
$cnt = ldap_count_entries($ldapCID, $res);
if(!$cnt){
$obj = array();
$obj['objectClass'] = array('top','organization');
$obj['o'] = $name;
$obj['description'] = 'GOsa character encoding test-object.';
if(!@ldap_add($ldapCID, $oDN, $obj)){
trigger_error("GOsa couldn't detect the special character handling used by your ldap!");
return(NULL);
}
}
// Read the character-handling detection entry from the ldap.
$res = ldap_list($ldapCID, $config->current['BASE'],
"(&(o=".$filterName.")(objectClass=organization))",
array('dn','o'));
$cnt = ldap_count_entries($ldapCID, $res);
if($cnt != 1 || !$res){
trigger_error("GOsa couldn't detect the special character handling used by your ldap!");
return(NULL);
}else{
// Get the character handling entry from the ldap and check how the
// values were written. Compare them with what
// we've initially intended to write and create a mapping out
// of the results.
$re = ldap_first_entry($ldapCID, $res);
$attrs = ldap_get_attributes($ldapCID, $re);
// Extract the interessting characters out of the dn and the
// initially used $name for the entry.
$mapDNstr = preg_replace("/^o=GOsaLdapEncoding_([^,]*),.*$/","\\1", trim(ldap_get_dn($ldapCID, $re)));
$mapDN = preg_split("/_/", $mapDNstr,0, PREG_SPLIT_NO_EMPTY);
$mapNameStr = preg_replace("/^GOsaLdapEncoding_/","",$dnName);
$mapName = preg_split("/_/", $mapNameStr,0, PREG_SPLIT_NO_EMPTY);
// Create a mapping out of the results.
$map = array();
foreach($mapName as $key => $entry){
$map[$entry] = $mapDN[$key];
}
return($map);
}
return(NULL);
}
/*! \brief Replaces placeholder in a given string.
* For example:
* '%uid@gonicus.de' Replaces '%uid' with 'uid'.
* '{%uid[0]@gonicus.de}' Replaces '%uid[0]' with the first char of 'uid'.
* '%uid[2-4]@gonicus.de' Replaces '%uid[2-4]' with three chars from 'uid' starting from the second.
*
* The surrounding {} in example 2 are optional.
*
* @param String The string to perform the action on.
* @param Array An array of replacements.
* @return The resulting string.
*/
function fillReplacements($str, $attrs, $shellArg = FALSE, $default = "")
{
// Search for '{%...[n-m]}
// Get all matching parts of the given string and sort them by
// length, to avoid replacing strings like '%uidNumber' with 'uid'
// instead of 'uidNumber'; The longest tring at first.
preg_match_all('/(\{?%([a-z0-9_]+)(\[(([0-9_]+)(\-([0-9_]+))?)\])?\}?)/i', $str ,$matches, PREG_SET_ORDER);
$hits = array();
foreach($matches as $match){
$hits[strlen($match[2]).$match[0]] = $match;
}
krsort($hits);
// Add lower case placeholders to avoid errors
foreach($attrs as $key => $attr) $attrs[strtolower($key)] = $attr;
// Replace the placeholder in the given string now.
foreach($hits as $match){
// Avoid errors about undefined index.
$name = strtolower($match[2]);
if(!isset($attrs[$name])) $attrs[$name] = $default;
// Calculate the replacement
$start = (isset($match[5])) ? $match[5] : 0;
$end = strlen($attrs[$name]);
if(isset($match[5]) && !isset($match[7])){
$end = 1;
}elseif(isset($match[5]) && isset($match[7])){
$end = ($match[7]-$start+1);
}
$value = substr($attrs[$name], $start, $end);
// Use values which are valid for shell execution?
if($shellArg) $value = escapeshellcmd($value);
// Replace the placeholder within the string.
$str = preg_replace("/".preg_quote($match[0],'/')."/", $value, $str);
}
return($str);
}
/*! \brief Generate a list of uid proposals based on a rule
*
* Unroll given rule string by filling in attributes and replacing
* all keywords.
*
* \param string 'rule' The rule string from gosa.conf.
* \param array 'attributes' A dictionary of attribute/value mappings
* \return array List of valid not used uids
*/
function gen_uids($rule, $attributes)
{
global $config;
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $rule, "Processing");
// Strip out non ascii chars
foreach($attributes as $name => $value){
if ( $config->get_cfg_value("core", "forceTranslit") == "true" ) {
$value = cyrillic2ascii($value);
} else {
$value = iconv('UTF-8', 'US-ASCII//TRANSLIT', $value);
}
$value = preg_replace('/[^(\x20-\x7F)]*/','',$value);
$attributes[$name] = strtolower($value);
}
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $attributes, "Prepare");
// Search for '{%...[n-m]}
// Get all matching parts of the given string and sort them by
// length, to avoid replacing strings like '%uidNumber' with 'uid'
// instead of 'uidNumber'; The longest tring at first.
preg_match_all('/(\{?%([a-z0-9]+)(\[(([0-9]+)(\-([0-9]+))?)\])?\}?)/i', $rule ,$matches, PREG_SET_ORDER);
$replacements = array();
foreach($matches as $match){
// No start position given, then add the complete value
if(!isset($match[5])){
$replacements[$match[0]][] = $attributes[$match[2]];
// Start given but no end, so just add a single character
}elseif(!isset($match[7])){
if(isset($attributes[$match[2]][$match[5]])){
$tmp = " ".$attributes[$match[2]];
$replacements[$match[0]][] = trim($tmp[$match[5]]);
}
// Add all values in range
}else{
$str = "";
for($i=$match[5]; $i<= $match[7]; $i++){
if(isset($attributes[$match[2]][$i])){
$tmp = " ".$attributes[$match[2]];
$str .= $tmp[$i];
$replacements[$match[0]][] = trim($str);
}
}
}
}
// Create proposal array
$rules = array($rule);
foreach($replacements as $tag => $values){
$rules = gen_uid_proposals($rules, $tag, $values);
}
// Search for id tags {id:3} / {id#3}
preg_match_all('/\{id(#|:)([0-9])+\}/i', $rule, $matches, PREG_SET_ORDER);
$idReplacements = array();
foreach($matches as $match){
if(count($match) != 3) continue;
// Generate random number
if($match[1] == '#'){
foreach($rules as $id => $ruleStr){
$genID = rand(pow(10,$match[2] -1),pow(10, ($match[2])) - 1);
$rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/", $genID,$ruleStr);
}
}
// Search for next free id
if($match[1] == ':'){
// Walk through rules and replace all occurences of {id:..}
foreach($rules as $id => $ruleStr){
$genID = 0;
$start = TRUE;
while($start || $ldap->count()){
$start = FALSE;
$number= sprintf("%0".$match[2]."d", $genID);
$testRule = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr);
$ldap->search('uid='.normalizeLdap($testRule));
$genID ++;
}
$rules[$id] = preg_replace("/".preg_quote($match[0],'/')."/",$number,$ruleStr);
}
}
}
// Create result set by checking which uid is already used and which is free.
$ret = array();
foreach($rules as $rule){
$ldap->search('uid='.normalizeLdap($rule));
if(!$ldap->count()){
$ret[] = $rule;
}
}
return($ret);
}
function gen_uid_proposals(&$rules, $tag, $values)
{
$newRules = array();
foreach($rules as $rule){
foreach($values as $value){
$newRules[] = preg_replace("/".preg_quote($tag,'/')."/", $value, $rule);
}
}
return($newRules);
}
function gen_uuid()
{
return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low"
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ),
// 16 bits for "time_mid"
mt_rand( 0, 0xffff ),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
mt_rand( 0, 0x0fff ) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
mt_rand( 0, 0x3fff ) | 0x8000,
// 48 bits for "node"
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff )
);
}
function gosa_file_name($filename)
{
$tempfile = tempnam(sys_get_temp_dir(), 'GOsa');
if(move_uploaded_file($filename, $tempfile)){
return( $tempfile);
}
}
function gosa_file($filename)
{
$tempfile = tempnam(sys_get_temp_dir(), 'GOsa');
if(move_uploaded_file($filename, $tempfile)){
return file( $tempfile );
}
}
function gosa_fopen($filename, $mode)
{
$tempfile = tempnam(sys_get_temp_dir(), 'GOsa');
if(move_uploaded_file($filename, $tempfile)){
return fopen( $tempfile, $mode );
}
}
/*\brief Our own in_array method which defaults to a strict mode.
*/
function in_array_strict($needle, $haystack, $strict = TRUE)
{
return(in_array($needle, $haystack, $strict));
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>
�����������������������������������������������������������������������������gosa-core-2.7.4/include/class_baseSelector.inc������������������������������������������������������0000644�0001750�0001750�00000022535�11461476537�020342� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������pid= preg_replace("/[^0-9]/", "", microtime(TRUE));
// Transfer data
$this->setBases($bases);
$this->setBase($base);
}
function setSubmitButton($flag)
{
$this->submitButton= $flag;
}
function setHeight($value)
{
$this->height= $value;
}
function setBase($base)
{
if (isset($this->pathMapping[$base])) {
$this->base= $base;
$this->update(true);
}
}
function checkBase($base)
{
return isset($this->pathMapping[$base]);
}
function checkLastBaseUpdate()
{
return $this->lastState;
}
function setBases($bases)
{
global $config;
$this->pathMapping= array();
$selected= $this->base == $config->current['BASE']?"Selected":"";
$first= true;
$last_indent= 2;
foreach ($bases as $base => $dummy) {
// Build path style display
$elements= explode(',', substr($base, 0, strlen($base) - strlen($config->current['BASE'])));
$elements= array_reverse($elements, true);
$this->pathMapping[$base]= $base == $config->current['BASE']? '/' : ldap::fix(preg_replace('/(^|,)[a-z0-9]+=/i', '/', implode(',', $elements)));
$this->pathMapping[$base]= LDAP::makeReadable( $this->pathMapping[$base]);
}
// Save bases to session for autocompletion
session::global_set("pathMapping_{$this->pid}", $this->pathMapping);
session::global_set("department_info_{$this->pid}", $config->department_info);
}
function update($force= false)
{
global $config;
// Analyze for base changes if needed
$this->action= null;
$last_base= $this->base;
if(isset($_REQUEST['BPID']) && $_REQUEST['BPID'] == $this->pid) {
if (isset($_POST['bs_rebase_'.$this->pid]) && !empty($_POST['bs_rebase_'.$this->pid])) {
$new_base= base64_decode(get_post('bs_rebase_'.$this->pid));
if (isset($this->pathMapping[$new_base])) {
$this->base= $new_base;
$this->action= 'rebase';
} else {
$this->lastState= false;
return false;
}
}else{
// Input field set?
if (isset($_POST['bs_input_'.$this->pid])) {
// Take over input field base
if ($this->submitButton && isset($_POST['submit_base_'.$this->pid]) || !$this->submitButton) {
// Check if base is available
$this->lastState= false;
foreach ($this->pathMapping as $key => $path) {
if (mb_strtolower($path) == mb_strtolower(get_post('bs_input_'.$this->pid))) {
$this->base= $key;
$this->lastState= true;
break;
}
}
}
}
}
}
/* Skip if there's no change */
if (($this->tree && $this->base == $last_base) && !$force) {
return true;
}
$link= "onclick=\"\$('bs_rebase_".$this->pid."').value='".base64_encode($config->current['BASE'])."'; $('submit_tree_base_".$this->pid."').click();\"";
$this->tree= "pid}').hide(); \"
onfocus=\" \$('bs_{$this->pid}').hide(); \"
onmouseover=\" mouseIsStillOver = true;
function showIt()
{
if(mouseIsStillOver){
\$('bs_".$this->pid."').show();
}
};
Element.clonePosition(\$('bs_".$this->pid."'),
'bs_input_".$this->pid."',
{setHeight: false, setWidth: false, offsetTop:(Element.getHeight('bs_input_".$this->pid."'))});
rtimer=showIt.delay(0.25); \"
onmouseout=\" mouseIsStillOver=false;
rtimer=Element.hide.delay(0.25,'bs_".$this->pid."')\"
value=\"".htmlentities(LDAP::makeReadable($this->pathMapping[$this->base]),ENT_COMPAT,'utf-8')."\">";
// Autocompleter
$this->tree.= "".
"";
$selected= $this->base == $config->current['BASE']?"Selected":"";
$this->tree.= "\n";
// Draw submitter if required
if ($this->submitButton) {
$this->tree.= image('images/lists/submit.png', "submit_base_".$this->pid, _("Submit"));
}
$this->tree.= "";
$this->tree.= "";
$this->tree.= "";
$this->lastState= true;
return true;
}
function gennonbreaks($string)
{
return str_replace('-', '‑', str_replace(' ', ' ', $string));
}
function render()
{
return $this->tree;
}
function getBase()
{
return $this->base;
}
function getAction()
{
// Do not do anything if this is not our BPID, or there's even no BPID available...
if(!isset($_REQUEST['BPID']) || $_REQUEST['BPID'] != $this->pid) {
return;
}
if ($this->action) {
return array("targets" => array($this->base), "action" => $this->action);
}
return null;
}
}
?>
�������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_stats.inc�������������������������������������������������������������0000644�0001750�0001750�00000037530�11465023737�017060� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������get_cfg_value('core', 'statsDatabaseDirectory');
if(empty($path)){
return(NULL);
}
// Check if path exists, if not try to create it
if(!is_dir($path) ){
$res = @mkdir($path);
if(!$res){
return(NULL);
}
}
// Append a date suffix to the database file, to prevent huge and unusable database files.
if($filename == ''){
$filename = date('Y-m-d');
}
$tableFile = $path.'/'.$filename;
// Try to return last valid handle.
if(file_exists($tableFile) &&
isset(stats::$lastHandle[$filename]) &&
stats::$lastHandle[$filename] != NULL &&
is_resource(stats::$lastHandle[$filename])){
return(stats::$lastHandle[$filename]);
}
// Get statsFile property
stats::$statsEnabled = $config->boolValueIsTrue('core', 'statsDatabaseEnabled');
if(!stats::$statsEnabled){
return(NULL);
}
// Check for SQLite extension
if(!stats::checkSQLiteExtension()){
return(NULL);
}
// Check if we are able to read/write the given database file.
if(!is_writeable($path) && !is_writeable(dirname($tableFile))){
return(NULL);
}
// Try to create database, if it exists just open it.
$handle = sqlite_open($tableFile, 0666, $error);
if($handle){
stats::createDatabaseOnDemand($handle);
}
stats::$lastHandle[$filename] = $handle;
return($handle);
}
/*! \brief Returns a list of all created stat files
* @return Array A list of all currently stored stat files.
*/
static function getLocalStatFiles()
{
$res = array();
// Check if we're creating logs right now.
if(stats::getDatabaseHandle()){
global $config;
// Walk through all files found in the storage path
$path = $config->get_cfg_value('core', 'statsDatabaseDirectory');
$dir = opendir($path);
while($file = readdir($dir)){
if(is_file($path.'/'.$file) && !preg_match('/.old$/', $file)) {
$res[] = $file;
}
}
}
return($res);
}
/*! \brief Check whether the qlite extension is available or not.
* @return boolean TRUE on success else FALSE
*/
static function checkSQLiteExtension()
{
return(function_exists('sqlite_popen'));
}
/*! \brief Drops the current stats table and thus enforces a recreation.
* @param handle The database handle to use.
*/
static function dropTable($handle)
{
$TABLE_NAME = stats::$tableName;
$query = "DROP TABLE '{$TABLE_NAME}'";
$ret = sqlite_query($query, $handle);
stats::$lastHandle = NULL;
stats::getDatabaseHandle();
}
/*! \brief Returns the currently used amount of memory form the PHP process.
* @return int The amount of bytes used for the PHP process.
*/
static function get_memory_usage()
{
return(memory_get_usage());
}
/*! \brief Returns the current CPU load.
* The result will be cached and one updated every 5 seconds.
* @return float The current 'cpu_load'.
*/
static function get_cpu_load()
{
$cur = time();
if(empty(stats::$lastCpuLoad) || (($cur - stats::$lastCpuLoadTimestamp) >= 5 )){
list($one, $five, $ten) =preg_split("/ /",shell_exec('cat /proc/loadavg'));
stats::$lastCpuLoad = $one;
stats::$lastCpuLoadTimestamp = $cur;
}
return(stats::$lastCpuLoad);
}
/*! \brief This method checks if the 'stats' table is already present,
* if it is not then it will be created.
* @param handle The sqlite database handle
*/
static function createDatabaseOnDemand($handle)
{
$TABLE_NAME = stats::$tableName;
// List Tables an check if there is already everything we need,
// if not create it.
$query = "SELECT name FROM sqlite_master WHERE type='table' and name='{$TABLE_NAME}'";
$ret = sqlite_query($query, $handle);
if(!count(sqlite_fetch_all($ret))){
$query = "
CREATE TABLE {$TABLE_NAME} (
ID INTEGER PRIMARY KEY,
ACTID INTEGER,
TYPE TEXT,
PLUGIN TEXT,
CATEGORY TEXT,
ACTION TEXT,
UUID TEXT,
TIMESTAMP INTEGER,
MTIMESTAMP REAL,
DURATION REAL,
RENDER_TIME REAL,
AMOUNT INTEGER,
MEMORY_USAGE INTEGER,
CPU_LOAD FLOAT,
INFO BLOB
)";
$ret = sqlite_query($query, $handle);
}
}
/*! \brief Creates a new 'stats' table entry.
* -> Logs a GOsa action/activity in the sqlite stats table.
* @param string type The action type, e.g. ldap/plugin/management
* @param string plugin The plugin name, e.g. userManagement/user/posixAccount
* @param string category The plugin category e.g. users/servers/groups
* @param string action The action done e.g. edit/view/open/move
* @param int amount The amount, e.g. for multiple edit
* @param float duration The elapsed time.
* @param string info Some infos form the action, e.g. the used hashing mehtod for pwd changes.
*/
static function log($type, $plugin, $category, $action, $amount = 1, $duration = 0, $info ='')
{
global $config;
global $clicks;
global $overallRenderTimer;
// Get database handle, if it is invalid (NULL) return without creating stats
$res = stats::getDatabaseHandle();
if(!$res) return;
// Ensure that 'clicks' and 'overallRenderTimer' are present and set correctly,
// if not simply create them with dummy values...
// -- 'clicks' is a counter wich is set in main.php -> Number of page reloads
// -- 'overallRenderTimer' is set in main.php -> timestamp of rendering start.
if(!isset($clicks) || empty($clicks)) $clicks = 0;
if(!isset($overallRenderTimer)){
$renderTime = 0;
}else{
$renderTime = microtime(TRUE) - $overallRenderTimer;
// Now set the overallRenderTimer to the current timestamp - else
// we will not be able to sum up the render time in a single SQL statement.
$overallRenderTimer = microtime(TRUE);
}
// Prepare values to be useable within a database
$uuid = $config->getInstanceUUID();
$type = sqlite_escape_string($type);
$plugin = sqlite_escape_string($plugin);
$action = sqlite_escape_string($action);
$timestamp = time();
$mtimestamp = number_format(microtime(TRUE), 4,'.','');
$amount = sqlite_escape_string($amount);
$duration = sqlite_escape_string(number_format($duration, 4,'.',''));
$renderTime = sqlite_escape_string(number_format($renderTime, 4,'.',''));
$info = sqlite_escape_string($info);
$clicks = sqlite_escape_string($clicks);
$memory_usage = sqlite_escape_string(stats::get_memory_usage());
$cpu_load = sqlite_escape_string(number_format(stats::get_cpu_load(),4,'.',''));
// Clean up category, which usally comes from acl_category and may still contain
// some special chars like /
$tmp = array();
foreach($category as $cat){
$tmp[] = trim($cat, '\/,; ');
}
$category = sqlite_escape_string(implode($tmp, ', '));
// Create insert statement.
$TABLE_NAME = stats::$tableName;
$query = "
INSERT INTO {$TABLE_NAME}
(ACTID, TYPE, PLUGIN, CATEGORY, ACTION, UUID, MTIMESTAMP, TIMESTAMP,
AMOUNT, DURATION, RENDER_TIME, MEMORY_USAGE, CPU_LOAD, INFO)
VALUES
('{$clicks}','{$type}','{$plugin}','{$category}','{$action}','{$uuid}',
'{$mtimestamp}','{$timestamp}','{$amount}','{$duration}','{$renderTime}',
'{$memory_usage}','{$cpu_load}','{$info}')";
sqlite_query($query, $res);
}
/*! \brief Closes all sqlite handles opened by this class
*/
static function closeHandles()
{
foreach(stats::lastHandle as $handle){
if($handle && is_resource($handle)){
sqlite_close($handle);
}
}
}
/*! \brief This method returns all entries of the GOsa-stats table.
* You can limit the result by setting the from/to parameter (timestamp).
* @param int from The timestamp to start the result from.
* @param int to The timestamp to end the request.
* @return array An array containing the requested entries.
*/
static function generateStatisticDump($filename)
{
// Get database connection
$TABLE_NAME = stats::$tableName;
$handle = stats::getDatabaseHandle($filename);
if(!$handle) return;
$query =
" SELECT ".
" TYPE, PLUGIN, CATEGORY, ACTION, ".
" UUID, DATE(TIMESTAMP, 'unixepoch') as date, ".
" AVG(DURATION), AVG(RENDER_TIME), SUM(AMOUNT), ".
" AVG(MEMORY_USAGE), AVG(CPU_LOAD), INFO ".
" FROM ".
" stats ".
" GROUP BY ".
" TYPE, PLUGIN, CATEGORY, ACTION, UUID, date, INFO ".
" ORDER BY ".
" ID ";
// Create Filter and start query
$ret = sqlite_array_query($query, $handle, SQLITE_ASSOC);
return($ret);
}
static function removeStatsFile($filename)
{
// Get statsFile property
global $config;
$path = $config->get_cfg_value('core', 'statsDatabaseDirectory');
stats::$statsEnabled = $config->boolValueIsTrue('core', 'statsDatabaseEnabled');
if(!stats::$statsEnabled){
return(NULL);
}
// We cannot log while the path to store logs in is empty.
if(empty($path)){
return(NULL);
}
// Check if file exists and then remove it
if(isset(stats::$lastHandle[$filename]) && is_resource(stats::$lastHandle[$filename])){
sqlite_close(stats::$lastHandle[$filename]);
}
if(file_exists($path.'/'.$filename)){
#unlink($path.'/'.$filename);
rename($path.'/'.$filename, $path.'/'.$filename.".old");
}
}
static function getLdapObjectCount($config, $statisticConformResult = FALSE, $date = "")
{
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
// A list of objectClasses to search for, indexed by their
// object-category
$ocsToSearchFor = array(
"department" => array("gosaDepartment"),
"devices" => array("gotoDevice"),
"fai" => array("FAIobject"),
"gofaxlist" => array("goFaxRBlock","goFaxSBlock"),
"gofonconference" => array("goFonConference"),
"phone" => array("goFonHardware"),
"gofonmacro" => array("goFonMacro"),
"users" => array("gosaAccount"),
"acls" => array("gosaAcl","gosaRole"),
"application" => array("gosaApplication"),
"ogroups" => array("gosaGroupOfNames"),
"roles" => array("organizationalRole"),
"server" => array("goServer"),
"printer" => array("gotoPrinter"),
"terminal" => array("gotoTerminal"),
"workstation" => array("gotoWorkstation"),
"winworkstation" => array("sambaSamAccount"),
"incoming" => array("goHard"),
"component" => array("ieee802Device"),
"mimetypes" => array("gotoMimeType"),
"groups" => array("posixGroup"),
"sudo" => array("sudoRole"));
// Build up a filter which contains all objectClass combined by OR.
// We will later sum up the results using PHP.
$filter = "";
$categoryCounter = array();
foreach($ocsToSearchFor as $category => $ocs){
foreach($ocs as $oc){
$filter.= "(objectClass={$oc})";
}
$categoryCounter[$category] = 0;
}
$filter = "(|{$filter})";
// Initiate the ldap query
$res = $ldap->search($filter, array('objectClass'));
if($ldap->success()) {
// Count number of results per category
while($entry = $ldap->fetch()){
foreach($ocsToSearchFor as $category => $ocs){
if(count(array_intersect($ocs, $entry['objectClass']))){
$categoryCounter[$category] ++;
break;
}
}
}
}
arsort($categoryCounter);
// Do we have to return the result as SQL INSERT statement?
if($statisticConformResult){
$uuid = $config->getInstanceUUID();
$type = 'objectCount';
$plugin = '';
$action = '';
$date = (empty($date))?date('Y-m-d'):$date;
$memory_usage = sqlite_escape_string(stats::get_memory_usage());
$cpu_load = sqlite_escape_string(number_format(stats::get_cpu_load(),4,'.',''));
$sql = array();
foreach($categoryCounter as $category => $amount){
$sql[] = array(
"type" => $type,
"plugin" => $plugin,
"category" => $category,
"action" => $action,
"uuid" => $uuid,
"date" => $date,
"duration" => 0,
"render_time" => 0,
"amount" => $amount,
"mem_usage" => $memory_usage,
"load" => $cpu_load,
"info" => '');
}
return($sql);
}else{
return($categoryCounter);
}
}
}
?>
������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_tabs.inc��������������������������������������������������������������0000644�0001750�0001750�00000033540�11613731145�016642� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������skip_save_object = ($bool == FALSE);
}
function tabs(&$config, $data, $dn, $acl_category= "", $hide_refs = FALSE, $hide_acls = FALSE)
{
/* Save dn */
$this->dn= $dn;
$this->config= &$config;
$this->hide_refs = $hide_refs;
$this->hide_acls = $hide_acls;
if(!count($data)) {
$data[] = array("CLASS" => 'plugin',"NAME" => 'Error');
msg_dialog::display(_("Error"),
sprintf(_("No plugin definition for %s found: please check the configuration file!"), bold(get_class($this))),
"ERROR_DIALOG");
}
$baseobject= NULL;
$this->acl_category = $acl_category;
foreach ($data as &$tab){
if (!plugin_available($tab['CLASS'])){
if($this->config->boolValueIsTrue("core","developmentMode")){
trigger_error(sprintf("Unknown class %s!", bold($tab['CLASS'])));
}
continue;
}
if ($this->current == "") $this->current= $tab['CLASS'];
$this->by_name[$tab['CLASS']]= $tab['NAME'];
if ($baseobject === NULL){
$baseobject= new $tab['CLASS']($this->config, $this->dn);
$baseobject->enable_CSN_check();
$this->by_object[$tab['CLASS']]= $baseobject;
} else {
$this->by_object[$tab['CLASS']]= new $tab['CLASS']($this->config, $this->dn, $baseobject);
}
$this->read_only |= $this->by_object[$tab['CLASS']]->read_only;
$this->by_object[$tab['CLASS']]->parent= &$this;
$this->by_object[$tab['CLASS']]->set_acl_category($this->acl_category);
}
// Try to set the current tab to the posted value
if(isset($_GET['pluginTab'])){
$tab = $_GET['pluginTab'];
if(isset($this->by_name[$tab])) $this->current = $tab;
}
}
/*! \brief Reinitializes the tab classes with fresh ldap values.
This maybe usefull if for example the apply button was pressed.
*/
function re_init()
{
$baseobject= NULL;
foreach($this->by_object as $name => $object){
$class = get_class($object);
if(in_array_strict($class,array("reference","acl"))) continue;
if ($baseobject === NULL){
$baseobject= new $class($this->config, $this->dn);
$baseobject->enable_CSN_check();
$this->by_object[$name]= $baseobject;
} else {
$this->by_object[$name]= new $class($this->config, $this->dn, $baseobject);
}
$this->by_object[$name]->parent= &$this;
$this->by_object[$name]->set_acl_category($this->acl_category);
}
}
function execute()
{
// Ensure that the currently selected tab is valid.
if(!isset($this->by_name[$this->current])) {
$this->current = key($this->by_name);
}
pathNavigator::registerPlugin($this);
// Rotate current to last
$this->last= $this->current;
// Look for pressed tab button
foreach ($this->by_object as $class => &$obj){
if (isset($_POST[$class]) || (isset($_POST['arg']) && $_POST['arg'] == "$class")){
$this->current= $class;
break;
}
}
// Save last tab object
if(!$this->skip_save_object){
if ($this->last == $this->current){
$this->save_object(TRUE);
} else {
$this->save_object(FALSE);
}
}
/* If multiple edit is enabled for this tab,
we have tho display different templates */
if(!$this->multiple_support_active){
$display= $this->by_object[$this->current]->execute();
}else{
$display= $this->by_object[$this->current]->multiple_execute();
}
$tabs= $this->gen_tabs();
if($this->is_modal_dialog()){
$display =
"\n ".
"\n {$display}".
"\n
";
}else{
$display =
"\n {$tabs}".
"\n ".
"\n ".
"\n {$display}".
"\n
";
}
// Detect if we've modifications right now.
// - A plugin state has to be changed, this is not a goo solution, but
// currently it does what we want.
// (It would be better to ask the plugins if something has changed)
$this->isPluginModified |= isset($_POST['modify_state']);
// - Capture the plugins modification status.
foreach ($this->by_name as $class => $name){
$this->isPluginModified |= (isset($this->by_object[$class]->is_modified)) && $this->by_object[$class]->is_modified;
}
$display="".$display;
return ($display);
}
function save_object($save_current= FALSE)
{
/* Save last tab */
if ($this->last != ""){
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
$this->last, "Saving");
if(!$this->multiple_support_active){
$this->by_object[$this->last]->save_object ();
}else{
$this->by_object[$this->last]->multiple_save_object();
}
}
/* Skip if curent and last are the same object */
if ($this->last == $this->current){
return;
}
$obj= @$this->by_object[$this->current];
$this->disabled= $obj->parent->disabled;
if ($save_current){
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
$this->current, "Saving (current)");
if(!$this->multiple_support_active){
$obj->save_object();
}else{
$obj->multiple_save_object();
}
}
}
function is_modal_dialog()
{
return($this->by_object[$this->current]->is_modal_dialog());
}
function gen_tabs()
{
if($this->is_modal_dialog()) return("");
$display = "\n ";
$display.= "\n
";
return($display);
}
function set_acl($acl)
{
/* Look for attribute in ACL */
trigger_error("Don't use tabs::set_acl() its obsolete.");
}
function delete()
{
/* Check if all plugins will ACK for deletion */
foreach (array_reverse($this->by_object) as $key => $obj){
$reason= $obj->allow_remove();
if ($reason != ""){
msg_dialog::display(_("Warning"), sprintf(_("Delete process has been canceled by plugin %s: %s"), bold($key), $reason), WARNING_DIALOG);
return;
}
}
/* Delete for all plugins */
foreach (array_reverse($this->by_object) as $obj){
$obj->remove_from_parent();
}
}
function password_change_needed()
{
/* Ask all plugins for needed password changes */
foreach ($this->by_object as &$obj){
if ($obj->password_change_needed()){
return TRUE;
}
}
return FALSE;
}
function check($ignore_account= FALSE)
{
$this->save_object(TRUE);
$messages= array();
$current_set = FALSE;
/* Check all plugins */
foreach ($this->by_object as $key => &$obj){
if ($obj->is_account || $ignore_account || $obj->ignore_account){
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$key, "Checking");
if(!$this->multiple_support_active){
$msg = $obj->check();
}else{
$msg = $obj->multiple_check();
}
if (count($msg)){
$obj->pl_notify= TRUE;
if(!$current_set){
$current_set = TRUE;
$this->current= $key;
$messages = $msg;
}
}else{
$obj->pl_notify= FALSE;
}
}else{
$obj->pl_notify= FALSE;
}
}
return ($messages);
}
function save($ignore_account= FALSE)
{
/* Save all plugins */
foreach ($this->by_object as $key => &$obj){
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
$key, "Saving");
$obj->dn= $this->dn;
if(!$obj instanceof plugin && !$obj instanceOf management){
trigger_error("Something went wrong while saving ".$obj->dn.". Object class '".get_class($obj)."'.");
}else{
if ($obj->is_account || $ignore_account || $obj->ignore_account){
if ($obj->save() == 1){
return (1);
}
} else {
$obj->remove_from_parent();
}
}
}
return (0);
}
function adapt_from_template($dn, $skip= array())
{
foreach ($this->by_object as $key => &$obj){
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
$key, "Adapting");
$obj->parent= &$this;
$obj->adapt_from_template($dn, $skip);
}
}
/* Save attributes posted by copy & paste dialog
*/
function saveCopyDialog()
{
foreach ($this->by_object as &$obj){
if($obj->is_account || $obj->ignore_account){
$obj->saveCopyDialog();
}
}
}
/* return copy & paste dialog
*/
function getCopyDialog()
{
$ret = "";
$this->SubDialog = false;
foreach ($this->by_object as &$obj){
if($obj->is_account || $obj->ignore_account){
$tmp = $obj->getCopyDialog();
if($tmp['status'] == "SubDialog"){
$this->SubDialog = true;
return($tmp['string']);
}else{
if(!empty($tmp['string'])){
$ret .= $tmp['string'];
$ret .= "- ";
foreach ($this->by_name as $class => $name){
// Shorten string if its too long for the tab headers
$title= _($name);
if (mb_strlen($title, 'UTF-8') > 28){
$title= mb_substr($title,0, 25, 'UTF-8')."...";
}
// nobr causes w3c warnings so we use to keep the tab name in one line
$title= str_replace(" "," ",$title);
// Take care about notifications
$obj = $this->by_object[$class];
$tabClass = ($this->current == $class) ? "current" :"";
if ( $this->by_object[$class]->pl_notify && ($obj->is_account || $obj->ignore_account)){
$tabClass .= " info";
}
if(!empty($tabClass)) $tabClass="class='{$tabClass}'";
$onClick = "document.mainform.arg.value='{$class}'; document.mainform.submit();";
$display.= "\n
- {$title} "; } $display.="\n
"; } } } } return($ret); } function addSpecialTabs() { if(!$this->hide_acls){ $this->by_name['acl']= _("ACL"); $this->by_object['acl']= new acl($this->config, $this, $this->dn); $this->by_object['acl']->parent= &$this; } if(!$this->hide_refs){ $this->by_name['reference']= _("References"); $this->by_object['reference']= new reference($this->config, $this->dn); $this->by_object['reference']->parent= &$this; $this->by_object['reference']->set_acl_category($this->acl_category); } } function set_acl_base($base= "") { /* Update reference, transfer variables */ $first= ($base == ""); foreach ($this->by_object as &$obj){ if ($first){ $first= FALSE; $base= $obj->acl_base; } else { $obj->set_acl_base($base); } } } /*! \brief Checks if one of the used tab plugins supports multiple edit. @param boolean Returns TRUE if at least one plugins supports multiple edit. */ function multiple_support_available() { foreach($this->by_object as $name => $obj){ if($obj->multiple_support){ return(TRUE); } } return(FALSE); } /*! \brief Enables multiple edit support for the given tab. All unsupported plugins will be disabled. @param boolean Returns TRUE if at least one plugin supports multiple edit */ function enable_multiple_support() { if(!$this->multiple_support_available()){ return(FALSE); }else{ $this->multiple_support_active = TRUE; foreach($this->by_object as $name => $obj){ if($obj->multiple_support){ $this->by_object[$name]->enable_multiple_support(); }else{ unset($this->by_object[$name]); unset($this->by_name[$name]); } } } return(TRUE); } function setReadOnly($s = TRUE) { foreach($this->by_object as $name => $obj){ $this->by_object[$name]->read_only = $s; } $this->read_only = $s; } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> ����������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_jsonRPC.inc�����������������������������������������������������������0000644�0001750�0001750�00000031173�11605073030�017220� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������configRegistry->getProperty('core','gosaRpcUser'); $username = $user->getValue($temporaryValue = TRUE); $passwd = $config->configRegistry->getProperty('core','gosaRpcPassword'); $passwdString = $passwd->getValue($temporaryValue = TRUE); $connection = new jsonRPC($config, $value, $username, $passwdString); if(!$connection->success() && $message){ msg_dialog::display(_("Warning"), sprintf(_("The RPC connection (%s) specified for %s:%s is invalid: %s"), bold($value),bold($class),bold($name), bold($connection->get_error())), WARNING_DIALOG); } return($connection->success()); } /*! \brief Constructs a new jsonRPC handle which is connected to a given URL. * It can either connect using a rpc method or via auth method digest. * @param object The gosa configuration object (class_config) * @param string The url to connect to. * @param string The username for authentication * @param string The password to use for authentication * @param boolean Whether to use DIGEST authentication or not. * @return */ public function __construct($config, $connectUrl, $username, $userPassword, $authModeDigest=FALSE) { $this->config = $config; $this->id = 0; // Get connection data $this->connectUrl = $connectUrl; $this->username = $username; $this->userPassword = $userPassword; $this->authModeDigest = $authModeDigest; // Put some usefull info in the logs DEBUG (DEBUG_RPC, __LINE__, __FUNCTION__, __FILE__,bold($this->connectUrl), "Initiated RPC "); DEBUG (DEBUG_RPC, __LINE__, __FUNCTION__, __FILE__,bold($this->username), "RPC user: "); DEBUG (DEBUG_RPC, __LINE__, __FUNCTION__, __FILE__,bold($this->userPassword),"RPC password: "); DEBUG (DEBUG_RPC, __LINE__, __FUNCTION__, __FILE__,bold($this->authModeDigest),"Digest Auth (0: No, 1: Yes): "); $this->__login(); } /*! \brief * @param * @return */ private function __login() { // Init Curl handler $this->curlHandler = curl_init($this->connectUrl); // Set curl options curl_setopt($this->curlHandler, CURLOPT_URL , $this->connectUrl); curl_setopt($this->curlHandler, CURLOPT_POST , TRUE); curl_setopt($this->curlHandler, CURLOPT_RETURNTRANSFER ,TRUE); curl_setopt($this->curlHandler, CURLOPT_HTTPHEADER , array('Content-Type: application/json')); curl_setopt($this->curlHandler, CURLOPT_SSL_VERIFYPEER, FALSE); // Try to login if($this->authModeDigest){ if(!empty($this->username)){ curl_setopt($this->curlHandler, CURLOPT_USERPWD , "{$this->username}:{$this->userPassword}"); } curl_setopt($this->curlHandler, CURLOPT_HTTPAUTH , CURLAUTH_ANYSAFE); }else{ curl_setopt($this->curlHandler, CURLOPT_COOKIESESSION , TRUE); curl_setopt($this->curlHandler, CURLOPT_COOKIEFILE, 'cookiefile.txt'); if(!empty($this->username)) $this->login($this->username, $this->userPassword); } } /*! \brief Returns the last HTTP status code. * @return int The last status code. */ public function getHTTPstatusCode() { return((isset($this->lastStats['http_code']))? $this->lastStats['http_code'] : -1 ); } /*! \brief Returns the last error string. * @return string The last error message. */ public function get_error() { $error = ""; if($this->lastStats['http_code'] != 200){ $error = $this->getHttpStatusCodeMessage($this->lastStats['http_code']); } if(isset($this->lastResult['error']['error']) && is_array($this->lastResult['error']['error'])){ $err = $this->lastResult['error']['error']; #$message = call_user_func_array(sprintf,$err); $message = $err; $error .= $message; }elseif(isset($this->lastResult['error']['message'])){ $error .= $this->lastResult['error']['message']; } if($error){ return(trim($error, ": ")); } return(curl_error($this->curlHandler)); } /*! \brief Returns TRUE if the last action was successfull else FALSE. * @return boolean TRUE on success else FALSE. */ public function success() { return(curl_errno($this->curlHandler) == 0 && !isset($this->lastResult['error']) && isset($this->lastStats['http_code']) && $this->lastStats['http_code'] == 200); } /*! \brief The class destructor, it destroys open rpc handles if needed. */ public function __destruct() { if($this->curlHandler){ curl_close($this->curlHandler); } } /*! \brief This is some kind of catch-all method, all unknown method names will * will be interpreted as rpc request. * If you call "$this->blafasel" this method will initiate an rpc request * for method 'blafasel'. * @param string method The rpc method to execute. * @param params array The parameter to use. * @return mixed The request result. */ public function __call($method,$params) { // Check if handle is still valid! if(!$this->curlHandler && $this->lastAction != 'login'){ $this->__login(); } // Start request DEBUG (DEBUG_RPC, __LINE__, __FUNCTION__, __FILE__,"{$method}", "Calling: "); $response = $this->request($method,$params); if($this->success()){ DEBUG (DEBUG_RPC, __LINE__, __FUNCTION__, __FILE__, (is_array($response['result']))?$response['result']:bold($response['result']), "Result: "); }else{ DEBUG (DEBUG_RPC, __LINE__, __FUNCTION__, __FILE__,bold($this->get_error())."
".$response, "Result (FAILED): "); } global $config; $debugLevel = $config->get_cfg_value('core', 'debugLevel'); if($debugLevel & DEBUG_RPC){ print_a(array('CALLED:' => array($method => $params))); print_a(array('RESPONSE' => $response)); } $return = $response['result']; // Inspect the result and replace predefined statements with their // coresponding classes. $return = $this->inspectJsonResult($return); return($return); } public function inspectJsonResult($result) { if(is_array($result) && isset($result['__jsonclass__']) && class_available('remoteObject')){ // Get all relevant class informations $classDef = $result['__jsonclass__'][1]; $type = $classDef[0]; $ref_id = $classDef[1]; $object_id = $classDef[2]; $methods = $classDef[3]; $properties = $classDef[4]; // Prepare values $values = array(); foreach($properties as $prop){ $values[$prop] = NULL; if(isset($res[$prop])) $values[$prop] = $res[$prop]; } // Build up remote object $object = new remoteObject($this, $type, $properties, $values, $methods, $object_id, $ref_id); return($object); } return($result); } /*! \brief This method finally initiates the real RPC requests and handles * the result from the server. * @param string method The method to call * @param array params The paramter to use. * @return mixed The server response. */ private function request($method, $params) { // Set last action $this->lastAction = $method; // Reset stats of last request. $this->lastStats = array(); // Validate input values if (!is_scalar($method)) trigger_error('jsonRPC::__call requires a scalar value as first parameter!'); if (is_array($params)) { $params = array_values($params); } else { trigger_error('jsonRPC::__call requires an array value as second parameter!'); } // prepares the request $this->id ++; $request = json_encode(array('method' => $method,'params' => $params,'id' => $this->id)); // Set curl options curl_setopt($this->curlHandler, CURLOPT_POSTFIELDS , $request); $response = curl_exec($this->curlHandler); $response = json_decode($response,true); // Set current result stats. $this->lastStats = curl_getinfo($this->curlHandler); $this->lastResult = $response; return($response); } /*! \brief Returns the HTTP status message for a given HTTP status code. * @param int code The status to code to return a message for. * @return string The corresponding status message. */ public static function getHttpStatusCodeMessage($code) { $codes = array( '100' => 'Continue', '101' => 'Switching Protocols', '102' => 'Processing', '200' => 'OK', '201' => 'Created', '202' => 'Accepted', '203' => 'Non-Authoritative Information', '204' => 'No Content', '205' => 'Reset Content', '206' => 'Partial Content', '207' => 'Multi-Status', '300' => 'Multiple Choice', '301' => 'Moved Permanently', '302' => 'Found', '303' => 'See Other', '304' => 'Not Modified', '305' => 'Use Proxy', '306' => 'reserved', '307' => 'Temporary Redirect', '400' => 'Bad Request', '401' => 'Unauthorized', '402' => 'Payment Required', '403' => 'Forbidden', '404' => 'Not Found', '405' => 'Method Not Allowed', '406' => 'Not Acceptable', '407' => 'Proxy Authentication Required', '408' => 'Request Time-out', '409' => 'Conflict', '410' => 'Gone', '411' => 'Length Required', '412' => 'Precondition Failed', '413' => 'Request Entity Too Large', '414' => 'Request-URI Too Long', '415' => 'Unsupported Media Type', '416' => 'Requested range not satisfiable', '417' => 'Expectation Failed', '421' => 'There are too many connections from your internet address', '422' => 'Unprocessable Entity', '423' => 'Locked', '424' => 'Failed Dependency', '425' => 'Unordered Collection', '426' => 'Upgrade Required', '500' => 'Internal Server Error', '501' => 'Not Implemented', '502' => 'Bad Gateway', '503' => 'Service Unavailable', '504' => 'Gateway Time-out', '505' => 'HTTP Version not supported', '506' => 'Variant Also Negotiates', '507' => 'Insufficient Storage', '509' => 'Bandwidth Limit Exceeded', '510' => 'Not Extended'); return((isset($codes[$code]))? $codes[$code] : sprintf(_("Unknown HTTP status code %s!"), bold($code))); } } ?> �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_configRegistry.inc����������������������������������������������������0000644�0001750�0001750�00000114375�11662424035�020716� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������config = &$config; // Detect classes that have a plInfo method global $class_mapping; foreach ($class_mapping as $cname => $path){ $cmethods = get_class_methods($cname); if (is_array($cmethods) && in_array_ics('plInfo',$cmethods)){ // Get plugin definitions $def = call_user_func(array($cname, 'plInfo'));; // Register Post Events (postmodfiy,postcreate,postremove,checkhook) if(count($def)){ $this->classesWithInfo[$cname] = $def; } } } // (Re)Load properties $this->reload(); } /*! \brief Returns a list of plugins used by GOsa. @return Array An array containing all plugins with theis plInfo data. */ function getListOfPlugins() { return($this->classesWithInfo); } /*! \brief Checks whether the schema check was called in the current session or not. * @return Boolean True if check was already called */ function schemaCheckFinished() { return($this->schemaCheckFinished); } /*! \brief Starts the schema validation * @param Boolean 'force' Force a re-check. * @param Boolean 'disableIncompatiblePlugins' Disables of incompatible GOsa-plugins. * @return Boolean True on success else FALSE */ function validateSchemata($force = FALSE, $disableIncompatiblePlugins = FALSE, $objectClassesToUse = array()) { // Read objectClasses from ldap if(count($objectClassesToUse)){ $this->setObjectClasses($objectClassesToUse); }elseif(!count($this->objectClasses)){ $ldap = $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); $this->setObjectClasses($ldap->get_objectclasses()); } return($this->_validateSchemata($force, $disableIncompatiblePlugins)); } /*! \brief Sets the list object classes to use while validation the schema. (See 'validateSchemata') * This is called from the GOsa-Setup * @param Array The list of object classes (usually LDAP::get_objectlclasses()). * @return void */ function setObjectClasses($ocs) { $this->objectClasses = $ocs; } /*! \brief Returns an array which contains all unresolved schemata requirements. * @return Array An array containing all errors/issues */ function getSchemaResults() { return($this->detectedSchemaIssues); } /*! \brief This method checks if the installed ldap-schemata matches the plugin requirements. * @param Boolean 'force' Force a re-check. * @param Boolean 'disableIncompatiblePlugins' Disables of incompatible GOsa-plugins. * @return String */ private function _validateSchemata($force = FALSE, $disableIncompatiblePlugins = FALSE) { // We cannot check without readable schema info if(!count($this->objectClasses)){ return(TRUE); } // Don't do things twice unless forced if($this->schemaCheckFinished && !$force) return($this->schemaCheckFailed); // Prepare result array $this->detectedSchemaIssues = array(); $this->detectedSchemaIssues['missing'] = array(); $this->detectedSchemaIssues['versionMismatch'] = array(); // Clear last results $this->pluginsDeactivated = array(); // Collect required schema infos $this->pluginRequirements = array('ldapSchema' => array()); $this->categoryToClass = array(); // Walk through plugins with requirements, but only check for active plugins. foreach($this->classesWithInfo as $cname => $defs){ if(isset($defs['plRequirements'])){ // Check only if required plugin is enabled in gosa.conf // Normally this is the class name itself, but may be overridden // in plInfo using the plRequirements::activePlugin statement. $requiresActivePlugin = $cname; if(isset($defs['plRequirements']['activePlugin'])){ $requiresActivePlugin = $defs['plRequirements']['activePlugin']; } // Only queue checks for active plugins. if(isset($this->activePlugins[strtolower($requiresActivePlugin)])){ $this->pluginRequirements[$cname] = $defs['plRequirements']; }else{ if($cname == $requiresActivePlugin){ @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "", "Skipped schema check for '{$cname}' plugin is inactive!"); }else{ @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "", "Skipped schema check for class '{$cname}' skipped,". " required plugin '{$requiresActivePlugin}' is inactive!"); } } } } // Check schema requirements now $missing = $invalid = array(); foreach($this->pluginRequirements as $cname => $requirements){ // Check LDAP schema requirements for this plugins $failure = FALSE; if(isset($requirements['ldapSchema'])){ foreach($requirements['ldapSchema'] as $oc => $version){ if(!$this->ocAvailable($oc)){ $this->detectedSchemaIssues['missing'][$oc] = $oc; $this->schemaCheckFailed = TRUE; $failure = TRUE; new log("debug","","LDAP objectClass missing '{$oc}'!", array(),''); }elseif(!empty($version)){ $currentVersion = $this->getObjectClassVersion($oc); if(!empty($currentVersion) && !$this->ocVersionMatch($version, $currentVersion)){ if($currentVersion == -1){ $currentVersion = _("unknown"); } $this->detectedSchemaIssues['versionMismatch'][$oc] = sprintf(_("%s has version %s but %s is required!"), bold($oc),bold($currentVersion),bold($version)); $this->schemaCheckFailed = TRUE; $failure = TRUE; new log("debug","","LDAP objectClass version mismatch '{$oc}' ". "has '{$currentVersion}' but {$version} required!", array(),''); } } } } // Display corresponding plugins now if($disableIncompatiblePlugins && $failure && isset($requirements['onFailureDisablePlugin'])){ foreach($requirements['onFailureDisablePlugin'] as $name){ $this->pluginsDeactivated[$name] = $name; } } } $this->schemaCheckFinished =TRUE; session::un_set('plist'); return(!$this->schemaCheckFailed); } /*! \brief The function 'validateSchemata' may has disabled some GOsa-Plugins, * the list of disabled plugins will be returned here. * @return Array The list of plugins disabled by 'validateSchemata' */ function getDisabledPlugins() { return($this->pluginsDeactivated); } /*! \brief Displays an error message with all issues detect during the schema validation. */ function displayRequirementErrors() { $message = ""; if(count($this->detectedSchemaIssues['missing'])){ $message.= "
". _("The following object classes are missing:"). "
".
msgPool::buildList(array_values($this->detectedSchemaIssues['missing'])).
"
";
}
if(count($this->detectedSchemaIssues['versionMismatch'])){
$message.= "". _("The following object classes are outdated:"). "
".
msgPool::buildList(array_values($this->detectedSchemaIssues['versionMismatch'])).
"
";
}
if($message != ""){
$message.= ""._("Plugins that require one or more of the object classes above will be disabled until the object classes get updated."); msg_dialog::display(_("Schema validation error"),$message, ERROR_DIALOG); } } /*! \brief Checks to version strings (e.g. '>=v2.8' and '2.9') * @param String The required version with operators (e.g. '>=2.8') * @param String The version to match for withOUT operators (e.g. '2.9') * @return Boolean True if version matches else false. */ private function ocVersionMatch($required, $installed) { $operator = preg_replace('/^([=<>]*).*$/',"\\1",$required); $required = preg_replace('/^[=<>]*(.*)$/',"\\1",$required); return(version_compare($installed,$required, $operator)); } /*! \brief Returns the currently installed version of a given object class. * @param String The name of the objectClass to check for. * @return String The version string of the objectClass (e.g. v2.7) */ function getObjectClassVersion($oc) { if(!isset($this->objectClasses[$oc])){ return(NULL); }else{ $version = -1; // unknown if(preg_match("/(v[^)]*)/", $this->objectClasses[$oc]['DESC'])){ $version = preg_replace('/^.*\(v([^)]*)\).*$/',"\\1", $this->objectClasses[$oc]['DESC']); } } return($version); } /*! \brief Check whether the given object class is available or not. * @param String The name of the objectClass to check for (e.g. 'mailAccount') * @return Boolean Returns TRUE if the class exists else FALSE. */ function ocAvailable($name) { return(isset($this->objectClasses[$name])); } /*! \brief Re-loads the list of installed GOsa-Properties. * @param Boolean $force If force is TRUE, the complete properties list is rebuild.. */ function reload($force = FALSE) { // Do not reload the properties everytime, once we have // everything loaded and registrered skip the reload. // Status is 'finished' once we had a ldap connection (logged in) if(!$force && $this->status == 'finished') return; // Reset everything $this->ldapStoredProperties = array(); $this->fileStoredProperties = array(); $this->properties = array(); $this->mapByName = array(); $this->activePlugins = array('core'=>'core'); if(!$this->config) return; // Search for config flags defined in the config file (TAB section) foreach($this->config->data['TABS'] as $tabname => $tabdefs){ foreach($tabdefs as $info){ // Put plugin in list of active plugins if(isset($info['CLASS'])){ $class = strtolower($info['CLASS']); $this->activePlugins[$class] = $class; } // Check if the info is valid if(isset($info['NAME']) && isset($info['CLASS'])){ // Check if there is nore than just the plugin definition if(count($info) > 2){ foreach($info as $name => $value){ if(!in_array_strict($name, array('CLASS','NAME'))){ $class= $info['CLASS']; $this->fileStoredProperties[strtolower($class)][strtolower($name)] = $value; } } } } } } foreach($this->config->data['MENU'] as $section => $entries){ foreach($entries as $entry){ if(isset($entry['CLASS'])){ // Put plugin to active plugins list. $class = strtolower($entry['CLASS']); $this->activePlugins[$class] = $class; if(count($entry) > 2 ){ foreach($entry as $name => $value){ if(!in_array_strict($name, array('CLASS','ACL'))){ $this->fileStoredProperties[strtolower($class)][strtolower($name)] = $value; } } } } } } // Search for config flags defined in the config file (PATHMENU) foreach($this->config->data['PATHMENU'] as $entry){ if(isset($entry['CLASS'])){ // Put plugin to active plugins list. $class = strtolower($entry['CLASS']); $this->activePlugins[$class] = $class; if(count($entry) > 2 ){ foreach($entry as $name => $value){ if(!in_array_strict($name, array('CLASS','ACL'))){ $this->fileStoredProperties[strtolower($class)][strtolower($name)] = $value; } } } } } // Search for config flags defined in the config file (MAIN section) foreach($this->config->data['MAIN'] as $name => $value){ $this->fileStoredProperties['core'][strtolower($name)] = $value; } // Search for config flags defined in the config file (Current LOCATION section) if(isset($this->config->current)){ foreach($this->config->current as $name => $value){ $this->fileStoredProperties['core'][strtolower($name)] = $value; } } // Skip searching for LDAP defined properties if 'ignoreLdapProperties' is set to 'true' // in the config. $this->ignoreLdapProperties = FALSE; if(isset($this->fileStoredProperties['core'][strtolower('ignoreLdapProperties')]) && preg_match("/(true|on)/i", $this->fileStoredProperties['core'][strtolower('ignoreLdapProperties')])){ $this->ignoreLdapProperties = TRUE; } // Search for all config flags defined in the LDAP - BUT only if we ARE logged in. if(!empty($this->config->current['CONFIG'])){ $ldap = $this->config->get_ldap_link(); $ldap->cd($this->config->current['CONFIG']); $ldap->search('(&(objectClass=gosaConfig)(gosaSetting=*))', array('cn','gosaSetting')); while($attrs = $ldap->fetch()){ $class = $attrs['cn'][0]; for($i=0; $i<$attrs['gosaSetting']['count']; $i++){ list($name,$value) = preg_split("/:/",$attrs['gosaSetting'][$i],2); $this->ldapStoredProperties[$class][$name] = $value; } } } // Register plugin properties. foreach ($this->classesWithInfo as $cname => $def){ // Detect class name $name = $cname; $name = (isset($def['plShortName'])) ? $def['plShortName'] : $cname; $name = (isset($def['plDescription'])) ? $def['plDescription'] : $cname; // Register post events $this->classToName[$cname] = $name; $data = array('name' => 'postcreate','type' => 'command'); $this->register($cname, $data); $data = array('name' => 'postremove','type' => 'command'); $this->register($cname, $data); $data = array('name' => 'postmodify','type' => 'command'); $this->register($cname, $data); $data = array('name' => 'precreate','type' => 'command'); $this->register($cname, $data); $data = array('name' => 'preremove','type' => 'command'); $this->register($cname, $data); $data = array('name' => 'premodify','type' => 'command'); $this->register($cname, $data); $data = array('name' => 'check', 'type' => 'command'); $this->register($cname, $data); // Register properties if(isset($def['plProperties'])){ foreach($def['plProperties'] as $property){ $this->register($cname, $property); } } } // We are only finsihed once we are logged in. if(!empty($this->config->current['CONFIG'])){ $this->status = 'finished'; } } /*! \brief Returns TRUE if the property registration has finished without any error. */ function propertyInitializationComplete() { return($this->status == 'finished'); } /*! \brief Registers a GOsa-Property and thus makes it useable by GOsa and its plugins. * @param String $class The name of the class/plugin that wants to register this property. * @return Array $data An array containing all data set in plInfo['plProperty] */ function register($class,$data) { $id = count($this->properties); $this->properties[$id] = new gosaProperty($this,$class,$data); $p = strtolower("{$class}::{$data['name']}"); $this->mapByName[$p] = $id; } /*! \brief Returns all registered properties. * @return Array A list of all properties. */ public function getAllProperties() { return($this->properties); } /*! \brief Checks whether a property exists or not. * @param String $class The class name (e.g. 'core' or 'mailAccount') * @param String $name The property name (e.g. 'sessionTimeout' or 'mailMethod') * @return Boolean TRUE if it exists else FALSE. */ function propertyExists($class,$name) { $p = strtolower("{$class}::{$name}"); return(isset($this->mapByName[$p])); } /*! \brief Returns the id of a registered property. * @param String $class The class name (e.g. 'core' or 'mailAccount') * @param String $name The property name (e.g. 'sessionTimeout' or 'mailMethod') * @return Integer The id for the given property. */ private function getId($class,$name) { $p = strtolower("{$class}::{$name}"); if(!isset($this->mapByName[$p])){ return(-1); } return($this->mapByName[$p]); } /*! \brief Returns a given property, if it exists. * @param String $class The class name (e.g. 'core' or 'mailAccount') * @param String $name The property name (e.g. 'sessionTimeout' or 'mailMethod') * @return GOsaPropery The property or 'NULL' if it doesn't exists. */ function getProperty($class,$name) { if($this->propertyExists($class,$name)){ return($this->properties[$this->getId($class,$name)]); } return(NULL); } /*! \brief Returns the value for a given property, if it exists. * @param String $class The class name (e.g. 'core' or 'mailAccount') * @param String $name The property name (e.g. 'sessionTimeout' or 'mailMethod') * @return GOsaPropery The property value or an empty string if it doesn't exists. */ function getPropertyValue($class,$name) { if($this->propertyExists($class,$name)){ $tmp = $this->getProperty($class,$name); return($tmp->getValue()); } return(""); } /*! \brief Set a new value for a given property, if it exists. * @param String $class The class name (e.g. 'core' or 'mailAccount') * @param String $name The property name (e.g. 'sessionTimeout' or 'mailMethod') * @return */ function setPropertyValue($class,$name, $value) { if($this->propertyExists($class,$name)){ $tmp = $this->getProperty($class,$name); return($tmp->setValue($value)); } return(""); } /*! \brief Save all temporary made property changes and thus make them useable/effective. * @return Array Returns a list of plugins that have to be migrated before they can be saved. */ function saveChanges() { $migrate = array(); foreach($this->properties as $prop){ // Is this property modified if(in_array_strict($prop->getStatus(),array('modified','removed'))){ // Check if we've to migrate something before we can make the changes effective. if($prop->migrationRequired()){ $migrate[] = $prop; }else{ $prop->save(); } } } return($migrate); } } class gosaProperty { protected $name = ""; protected $class = ""; protected $value = ""; protected $tmp_value = ""; // Used when modified but not saved protected $type = "string"; protected $default = ""; protected $defaults = ""; protected $description = ""; protected $check = ""; protected $migrate = ""; protected $mandatory = FALSE; protected $group = "default"; protected $parent = NULL; protected $data = array(); protected $migrationClass = NULL; /*! The current property status * 'ldap' Property is stored in ldap * 'file' Property is stored in the config file * 'undefined' Property is currently not stored anywhere * 'modified' Property has been modified (should be saved) */ protected $status = 'undefined'; protected $attributes = array('name','type','default','description','check', 'migrate','mandatory','group','defaults'); function __construct($parent,$classname,$data) { // Set some basic infos $this->parent = &$parent; $this->class = $classname; $this->data = $data; // Get all relevant information from the data array (comes from plInfo) foreach($this->attributes as $aName){ if(isset($data[$aName])){ $this->$aName = $data[$aName]; } } // Initialize with the current value $this->_restoreCurrentValue(); } function migrationRequired() { // Instantiate migration class if(!empty($this->migrate) && $this->migrationClass == NULL){ if(!class_available($this->migrate)){ trigger_error("Cannot start migration for gosaProperty::'{$this->getName()}' class not found ({$this->migrate})!"); }else{ $class = $this->migrate; $tmp = new $class($this->parent->config,$this); if(! $tmp instanceof propertyMigration){ trigger_error("Cannot start migration for gosaProperty::'{$this->getName()}' doesn't implement propertyMigration!"); }else{ $this->migrationClass = $tmp; } } } if(empty($this->migrate) || $this->migrationClass == NULL){ return(FALSE); } return($this->migrationClass->checkForIssues()); } function getMigrationClass() { return($this->migrationClass); } function check() { $val = $this->getValue(TRUE); $return = TRUE; if($this->mandatory && empty($val)){ $return = FALSE; } $check = $this->getCheck(); if(!empty($val) && !empty($check)){ $res = call_user_func(preg_split("/::/", $this->check),$messages=TRUE, $this->class,$this->name,$val, $this->type); if(!$res){ $return = FALSE; } } return($return); } static function isBool($message,$class,$name,$value, $type) { $match = in_array_strict($value,array('true','false','')); // Display the reason for failing this check. if($message && ! $match){ msg_dialog::display(_("Warning"), sprintf(_("The value %s specified for %s:%s needs to be a bool value!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } return($match); } static function isString($message,$class,$name,$value, $type) { $match = TRUE; // Display the reason for failing this check. if($message && ! $match){ msg_dialog::display(_("Warning"), sprintf(_("The value %s specified for %s:%s needs to be a string!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } return($match); } static function isInteger($message,$class,$name,$value, $type) { $match = is_numeric($value) && !preg_match("/[^0-9]/", $value); // Display the reason for failing this check. if($message && ! $match){ msg_dialog::display(_("Warning"), sprintf(_("The value %s specified for %s:%s needs to be numeric!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } return($match); } static function isPath($message,$class,$name,$value, $type) { $match = preg_match("#^(/[^/]*/){1}#", $value); // Display the reason for failing this check. if($message && ! $match){ msg_dialog::display(_("Warning"), sprintf(_("The path %s specified for %s:%s is invalid!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } return($match); } static function isReadablePath($message,$class,$name,$value, $type) { $match = !empty($value)&&is_dir($value)&&is_writeable($value); // Display the reason for failing this check. if($message && ! $match){ if(!is_dir($value)){ msg_dialog::display(_("Warning"), sprintf(_("The folder %s specified for %s:%s does not exists!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); }elseif(!is_readable($value)){ msg_dialog::display(_("Warning"), sprintf(_("The folder %s specified for %s:%s is not readable!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } } return($match); } static function isWriteableFile($message,$class,$name,$value, $type) { $match = (file_exists($value) && is_writeable($value)) || (!file_exists($value) && is_writeable(dirname($value))); // Display the reason for failing this check. if($message && ! $match){ if(!file_exists($value) && !is_writeable(dirname($value))){ msg_dialog::display(_("Warning"), sprintf(_("The file %s specified for %s:%s is not writeable!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); }elseif(file_exists($value) && !is_writeable($value)){ msg_dialog::display(_("Warning"), sprintf(_("The file %s specified for %s:%s is not writeable!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } } return($match); } static function isWriteablePath($message,$class,$name,$value, $type) { $match = !empty($value)&&is_dir($value)&&is_writeable($value); // Display the reason for failing this check. if($message && ! $match){ if(!is_dir($value)){ msg_dialog::display(_("Warning"), sprintf(_("The folder %s specified for %s:%s does not exists!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); }elseif(!is_writeable($value)){ msg_dialog::display(_("Warning"), sprintf(_("The folder %s specified for %s:%s is not writeable!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } } return($match); } static function isReadableFile($message,$class,$name,$value, $type) { $match = !empty($value) && is_readable($value) && is_file($value); // Display the reason for failing this check. if($message && ! $match){ if(!is_file($value)){ msg_dialog::display(_("Warning"), sprintf(_("The file %s specified for %s:%s does not exists!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); }elseif(!is_readable($value)){ msg_dialog::display(_("Warning"), sprintf(_("The file %s specified for %s:%s is not readable!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } } return($match); } static function isCommand($message,$class,$name,$value, $type) { $match = TRUE; // Display the reason for failing this check. if($message && ! $match){ msg_dialog::display(_("Warning"), sprintf(_("The command %s specified for %s:%s is invalid!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } return($match); } static function isDn($message,$class,$name,$value, $type) { $match = preg_match("/^([a-z]*=[^=,]*,)*[^=]*=[^=]*$/i", $value); // Display the reason for failing this check. if($message && ! $match){ msg_dialog::display(_("Warning"), sprintf(_("The DN %s specified for %s:%s is invalid!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } return($match); } static function isRdn($message,$class,$name,$value, $type) { $match = preg_match("/^([a-z]*=[^=,]*,)*[^=]*=[^=,]*,?$/i", $value); // Display the reason for failing this check. if($message && ! $match){ msg_dialog::display(_("Warning"), sprintf(_("The RDN %s specified for %s:%s is invalid!"), bold($value),bold($class),bold($name)), WARNING_DIALOG); } return($match); } private function _restoreCurrentValue() { // First check for values in the LDAP Database. if(isset($this->parent->ldapStoredProperties[$this->class][$this->name])){ $this->setStatus('ldap'); $this->value = $this->parent->ldapStoredProperties[$this->class][$this->name]; return; } // Second check for values in the config file. if(isset($this->parent->fileStoredProperties[strtolower($this->class)][strtolower($this->name)])){ $this->setStatus('file'); $this->value = $this->parent->fileStoredProperties[strtolower($this->class)][strtolower($this->name)]; return; } // If there still wasn't found anything then fallback to the default. if($this->getStatus() == 'undefined'){ $this->value = $this->getDefault(); } } function getMigrate() { return($this->migrate); } function getCheck() { return($this->check); } function getName() { return($this->name); } function getClass() { return($this->class); } function getGroup() { return($this->group); } function getType() { return($this->type); } function getDescription() { return($this->description); } function getDefault() { return($this->default); } function getDefaults() { return($this->defaults); } function getStatus() { return($this->status); } function isMandatory() { return($this->mandatory); } function setValue($str) { if(in_array_strict($this->getStatus(), array('modified'))){ $this->tmp_value = $str; }elseif($this->value != $str){ $this->setStatus('modified'); $this->tmp_value = $str; } } function getValue($temporary = FALSE) { if($temporary){ if(in_array_strict($this->getStatus(), array('modified','removed'))){ return($this->tmp_value); }else{ return($this->value); } }else{ // Do not return ldap values if we've to ignore them. if($this->parent->ignoreLdapProperties){ if(isset($this->parent->fileStoredProperties[strtolower($this->class)][strtolower($this->name)])){ return($this->parent->fileStoredProperties[strtolower($this->class)][strtolower($this->name)]); }else{ return($this->getDefault()); } }else{ return($this->value); } } } function restoreDefault() { if(in_array_strict($this->getStatus(),array('ldap'))){ $this->setStatus('removed'); // Second check for values in the config file. if(isset($this->parent->fileStoredProperties[strtolower($this->class)][strtolower($this->name)])){ $this->tmp_value = $this->parent->fileStoredProperties[strtolower($this->class)][strtolower($this->name)]; }else{ $this->tmp_value = $this->getDefault(); } } } function save() { if($this->getStatus() == 'modified'){ $ldap = $this->parent->config->get_ldap_link(); $ldap->cd($this->parent->config->current['BASE']); $dn = "cn={$this->class},".$this->parent->config->current['CONFIG']; $ldap->cat($dn); if(!$ldap->count()){ $ldap->cd($dn); $data = array( 'cn' => $this->class, 'objectClass' => array('top','gosaConfig'), 'gosaSetting' => $this->name.":".$this->tmp_value); $ldap->add($data); if(!$ldap->success()){ echo $ldap->get_error(); } }else{ $attrs = $ldap->fetch(); $data = array(); $found = false; if(isset($attrs['gosaSetting']['count'])){ for($i = 0;$i<$attrs['gosaSetting']['count']; $i ++){ $set = $attrs['gosaSetting'][$i]; if(preg_match("/^{$this->name}:/", $set)){ $set = "{$this->name}:{$this->tmp_value}"; $found = true; } $data['gosaSetting'][] = $set; } } if(!$found) $data['gosaSetting'][] = "{$this->name}:{$this->tmp_value}"; $ldap->cd($dn); $ldap->modify($data); if(!$ldap->success()){ echo $ldap->get_error(); } } $this->value = $this->tmp_value; $this->setStatus('ldap'); }elseif($this->getStatus() == 'removed'){ $ldap = $this->parent->config->get_ldap_link(); $ldap->cd($this->parent->config->current['BASE']); $dn = "cn={$this->class},".$this->parent->config->current['CONFIG']; $ldap->cat($dn); $attrs = $ldap->fetch(); $data = array('gosaSetting' => array()); for($i = 0;$i<$attrs['gosaSetting']['count']; $i ++){ $set = $attrs['gosaSetting'][$i]; if(preg_match("/^{$this->name}:/", $set)){ continue; } $data['gosaSetting'][] = $set; } $ldap->cd($dn); $ldap->modify($data); if(!$ldap->success()){ echo $ldap->get_error(); } $this->_restoreCurrentValue(); } } private function setStatus($state) { if(!in_array_strict($state, array('ldap','file','undefined','modified','removed'))) { trigger_error("Unknown property status given '{$state}' for {$this->class}:{$this->name}!"); }else{ $this->status = $state; } } function isValid() { return(TRUE); } } interface propertyMigration { function __construct($config,$property); } ?> �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_filterLDAP.inc��������������������������������������������������������0000644�0001750�0001750�00000007546�11472445244�017653� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������get_ldap_link(TRUE); $flag= ($scope == "sub")?GL_SUBSEARCH:0; $result= filterLDAP::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT); return $result; } static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH) { $ui= session::global_get('ui'); $config= session::global_get('config'); // Move to arrays for category and objectStorage if (!is_array($category)) { $category= array($category); } // Store in base - i.e. is a rdn value empty? $storeOnBase= count($objectStorage) == 1 && empty($objectStorage[0]); $method= ($storeOnBase && !($flags & GL_SUBSEARCH))?"ls":"search"; // Initialize search bases $bases= array(); // Get list of sub bases to search on if ($storeOnBase) { $bases[$base]= ""; } else { foreach ($objectStorage as $oc) { // Handle empty storage locatios here, maybe get_ou() as returned an empty string. if(empty($oc)){ $bases[$base] = ""; continue; } $oc= preg_replace('/,$/', '', $oc); $tmp= explode(',', $oc); if (count($tmp) == 1) { preg_match('/([^=]+)=(.*)$/', $oc, $m); if ($flags & GL_SUBSEARCH) { $bases[$base][]= $m[1].":dn:=".$m[2]; } else { $bases["$oc,$base"][]= $m[1].":dn:=".$m[2]; } } else { // No, there's no \, in pre defined RDN values preg_match('/^([^,]+),(.*)$/', $oc, $matches); preg_match('/([^=]+)=(.*)$/', $matches[1], $m); if ($flags & GL_SUBSEARCH) { $bases[$base][]= $m[1].":dn:=".$m[2]; } else { $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2]; } } } } // Get LDAP link $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT); // Do search for every base $result= array(); $limit_exceeded = FALSE; foreach($bases as $base => $dnFilters) { // Break if the size limit is exceeded if($limit_exceeded){ return($result); } // Switch to new base and search if (is_array($dnFilters)){ $dnFilter= "(|"; foreach ($dnFilters as $df) { $dnFilter.= "($df)"; } $dnFilter.= ")"; } else { $dnFilter= ""; } $ldap->cd($base); if ($method == "ls") { $ldap->ls("(&$filter$dnFilter)", $base, $attributes); } else { $ldap->search("(&$filter$dnFilter)", $attributes); } // Check for size limit exceeded messages for GUI feedback if (preg_match("/size limit/i", $ldap->get_error())){ session::set('limit_exceeded', TRUE); $limit_exceeded = TRUE; } /* Crawl through result entries and perform the migration to the result array */ while($attrs = $ldap->fetch()) { $dn= $ldap->getDN(); /* Convert dn into a printable format */ if ($flags & GL_CONVERT){ $attrs["dn"]= convert_department_dn($dn); } else { $attrs["dn"]= $dn; } /* Skip ACL checks if we are forced to skip those checks */ if($flags & GL_NO_ACL_CHECK){ $result[]= $attrs; }else{ /* Sort in every value that fits the permissions */ foreach ($category as $o){ if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) || (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){ $result[]= $attrs; break; } } } } } return $result; } } ?> ����������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_userFilterEditor.inc��������������������������������������������������0000644�0001750�0001750�00000030471�11613731145�021204� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������listing = &$listing; if($entry){ $this->entry = $entry; $this->parent = $entry['parent']; $this->name = $entry['tag']; $this->description = $entry['description']; foreach($entry['query'] as $query){ $query['filter'] = userFilterEditor::_autoIndentFilter($query['filter'], " "); $this->queries[] = $query; } $this->selectedCategories = $entry['categories']; $this->share = in_array_strict("share",$entry['flags']); $this->enable = in_array_strict("enable",$entry['flags']); } $this->orig_name = $this->name; // Create statistic table entry $this->initTime = microtime(TRUE); stats::log('plugin', $class = get_class($this), $category = array($this->acl_category), $action = 'open', $amount = 1, $duration = (microtime(TRUE) - $this->initTime)); } /*! \brief Automatic indent indentation for filters. */ static function _autoIndentFilter($str, $indent = " ") { // Remove line breaks and escaped brackets $str = preg_replace('/[\t ]*\n[\t ]*/', "", $str); $str = preg_replace('/\\\\\\(/', "::OPEN::", $str); $str = preg_replace('/\\\\\\)/', "::CLOSE::", $str); // Add a line break infront of every bracket $str = preg_replace('/\\(/', "\n(", $str); $str = preg_replace('/\\)/', ")\n", $str); // Split by linebreaks $lines = preg_split("/\n/", $str); $str = ""; $i = 0; // Walk trough search blocks foreach($lines as $line){ $line = trim($line); if(empty($line)) continue; // Go back one level in indentation if(!preg_match("/\\(.*\\)/", $line) && preg_match('/\\)$/', $line)){ $i --; } $str.= "\n"; $str = str_pad($str,strlen($str)+$i, $indent); $str.= $line; // Go one level deeper in indentation if(!preg_match("/\\(.*\\)/", $line) && preg_match('/^\\(/', $line)){ $i ++; } } $str = preg_replace('/::OPEN::/', '\(', $str); $str = preg_replace('/::CLOSE::/', '\)', $str); return($str); } /*! \brief Retunrs the filters original name * @param The original name of the filter (if none was given * an empty string is returned) */ function getOriginalName() { return($this->orig_name); } /*! \brief Retunrs the filters name. * @param The name of the filter */ function getCurrentName() { return($this->name); } /*! \brief Generates the content, to edit the filter settings. * @return String HTML form. */ function execute() { plugin::execute(); $smarty = get_smarty(); // Build up HTML compliant html output $queries = array(); foreach($this->queries as $key => $query){ $query['filter'] = htmlentities($query['filter'],ENT_COMPAT,'UTF-8'); $queries[$key] = $query; } // Build up list of hard coded filters $filter= $this->listing->getFilter(); $smarty->assign("fixedFilters", array_keys($filter->searches)); $smarty->assign('parent', $this->parent); $smarty->assign('backends', $this->backends); $smarty->assign('name', htmlentities($this->name,ENT_COMPAT,'UTF-8')); $smarty->assign('queries', $queries); $smarty->assign('share', $this->share); $smarty->assign('enable', $this->enabled); $smarty->assign('description', htmlentities($this->description,ENT_COMPAT,'UTF-8')); $smarty->assign('selectedCategories', $this->selectedCategories); $smarty->assign('availableCategories', array_unique($this->listing->categories)); return($smarty->fetch(get_template_path('userFilterEditor.tpl', FALSE))); } /*! \brief Keep values entered in the input form of the dialog. (POST/GET) */ function save_object() { if(isset($_POST['userFilterEditor'])){ // Get posted strings foreach(array('name','description', 'parent') as $attr){ if(isset($_POST[$attr])){ $this->$attr = get_post($attr); } } // Filter needs special handling, it may contain charactes like < and > // wich are stipped out by get_post() && validate() foreach($this->queries as $key => $query){ if(isset($_POST['filter_'.$key])){ $f = get_post('filter_'.$key); $this->queries[$key]['filter'] = $f; $this->queries[$key]['backend'] = get_post('backend_'.$key); } } foreach($this->queries as $key => $query){ if(isset($_POST['removeQuery_'.$key])){ unset($this->queries[$key]); $this->queries = array_values($this->queries); } } // Get posted flags $this->share = isset($_POST['shareFilter']); $this->enable = isset($_POST['enableFilter']); // Get additional category if(isset($_POST['addCategory'])){ if(isset($_POST['manualCategory']) && !empty($_POST['manualCategory'])){ $this->selectedCategories[] = get_post('manualCategory'); }elseif(isset($_POST['availableCategory']) && !empty($_POST['availableCategory'])){ $this->selectedCategories[] = get_post('availableCategory'); } $this->selectedCategories = array_unique($this->selectedCategories); } // Remove categories if(isset($_POST['delCategory']) && isset($_POST['usedCategory'])){ foreach($_POST['usedCategory'] as $cat){ if(isset($this->selectedCategories[$cat])) unset($this->selectedCategories[$cat]); } } // Add new query if(isset($_POST['addQuery'])){ $filter= $this->listing->getFilter(); $backend = 'LDAP'; $query = "(objectClass=*)"; if(isset($filter->searches[$this->parent])){ $tmp = $filter->searches[$this->parent]; if(isset($tmp['query'][count($this->queries)])){ $query = $tmp['query'][count($this->queries)]['filter']; $backend = $tmp['query'][count($this->queries)]['backend']; }elseif(isset($tmp['query']['filter'])){ $query = $tmp['query']['filter']; $backend = $tmp['query']['backend']; } } $this->queries[] = array('backend'=> $backend, 'filter' => userFilterEditor::_autoIndentFilter($query," ")); } } } /*! \brief Validate user input * @return Array An Array containing potential error messages */ function check() { $msgs = plugin::check(); // Check if the name is given if(empty($this->name)){ $msgs[] = msgPool::required(_("Name")); }elseif(preg_match("/[^a-z0-9]/i", $this->name)){ // Check for a valid name, no special chars here - in particular no ; $msgs[] = msgPool::invalid(_("Name"), $this->name,"/[a-z0-9]/i"); } // Description is a must value. if(empty($this->description)){ $msgs[] = msgPool::required(_("Description")); } // Count the number of opening and closing brackets - exclude escaped ones. foreach($this->queries as $key => $query){ $f = preg_replace('/\\\\[\(\)]/',"",$query['filter']); $o = substr_count($f, '('); $c = substr_count($f, ')'); if($o != $c){ $msgs[] = sprintf(_("Error in filter #%s: %s opening and %s closing brackets detected!"), bold($key+1), bold($o), bold($c)); } } return($msgs); } /*! \brief Transforms the entered values into a filter object (array) which is useable * for the userFilter overview dialog. * @return Returns transformed filter data. */ function save() { $ret= array(); $ret['parent'] = $this->parent; $ret['tag'] = $this->name; $ret['description'] = $this->description; $ret['categories'] = $this->selectedCategories; $ret['query'] = $this->queries; $ret['flags'] = array(); if($this->share){ $ret['flags'][] = "share"; } if($this->enable){ $ret['flags'][] = "enable"; } return($ret); } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_departmentSortIterator.inc��������������������������������������������0000644�0001750�0001750�00000004107�11242276372�022437� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������data= array_reverse($data, true); } else { $this->data= $data; } } function rewind() { return reset($this->data); } function current() { return current($this->data); } function key() { return key($this->data); } function next() { return next($this->data); } function valid() { return key($this->data) !== null; } } ?> ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_userFilter.inc��������������������������������������������������������0000644�0001750�0001750�00000022364�11613731145�020037� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������get_ldap_link(); $ocs = $ldap->get_objectclasses(); session::set('userFilter::userFilteringAvailable', isset($ocs['gosaProperties'])); } return(session::get('userFilter::userFilteringAvailable')); } /*! \brief Initiates the filter editing dialog. */ function __construct($config, $listing) { // Initialize this plugin with the users dn to gather user defined filters. $ui = get_userinfo(); plugin::plugin($config, $ui->dn); $this->listing = &$listing; $filter= $this->listing->getFilter(); // Load list of filters if(isset($this->attrs['gosaUserDefinedFilter'])){ for($i=0; $i< $this->attrs['gosaUserDefinedFilter']['count']; $i++){ $tmp = userFilter::explodeFilterString($this->attrs['gosaUserDefinedFilter'][$i]); if(isset($tmp['tag'])){ $this->filters[$tmp['tag']]= $tmp; } } } // Create the filter list $this->filterWidget= new sortableListing($this->filters, $this->convertFilterList()); $this->filterWidget->setDeleteable(true); $this->filterWidget->setEditable(true); $this->filterWidget->setWidth("100%"); $this->filterWidget->setHeight("270px"); $this->filterWidget->setHeader(array(_("Parent filter"),_("Name"),_("Description"),_("Category"),_("Options"),"")); $this->filterWidget->setColspecs(array('80px', '100px', '200px', '120px','150px')); $this->filterWidget->setAcl($ui->get_permissions($ui->dn,'users/user','gosaUserDefinedFilter')); } /*! \brief Parses a filter string into an array. */ static function explodeFilterString($filterStr) { list($parent,$categories, $name, $description, $filterList, $flags) = preg_split('/;/', $filterStr); // Ensure that we no empty category in our category list. if(empty($categories)){ $categories = array(); }else{ $categories = preg_split('/,/', $categories); } // Ensure that we no empty entry in out flags list. if(empty($flags)){ $flags = array(); }else{ $flags = preg_split('/,/', $flags); } // Get filters and their backends $queries = array(); foreach(preg_split('/,/', $filterList) as $data){ if(!empty($data)){ list($filter, $backend) = preg_split('/:/', $data); $queries[] = array('backend' => $backend, 'filter' => base64_decode($filter)); } } // build up filter entry. $tmp = array( 'parent' => $parent, 'tag' => $name, 'categories' => $categories, 'description' => base64_decode($description), 'query' => $queries, 'flags' => $flags); return($tmp); } /*! \brief Converts the list of filters ($this->filters) into data which is useable * for the sortableList object ($this->filterWidget). * @return Array An array containg data useable for sortableLists ($this->filterWidget) */ function convertFilterList() { $data = array(); foreach($this->filters as $name => $filter){ $data[$name] = array('data' => array( $filter['parent'], $filter['tag'], htmlentities($filter['description'], ENT_COMPAT, 'UTF-8'), implode(", ",$filter['categories']), implode(", ",$filter['flags']))); } return($data); } /*! \brief Display the user-filter overview as HTML content. * @return string HTML-content showing the user-filter editing dialog. */ function execute() { plugin::execute(); // Let the filter widget update itself $this->filterWidget->update(); // Cancel filter modifications (edit dialog) if(isset($_POST['cancelFilterSettings'])){ $this->dialog = NULL; } // Save modified filter entries (edit dialog) if(isset($_POST['saveFilterSettings']) && $this->dialog instanceOf userFilterEditor){ $this->dialog->save_object(); $msgs = $this->dialog->check(); if(count($msgs)){ msg_dialog::displayChecks($msgs); }else{ $orig_name = $this->dialog->getOriginalName(); $new_name = $this->dialog->getCurrentName(); // The object was renamed and if($orig_name != $new_name && isset($this->filters[$new_name])){ $msgs = array(msgPool::duplicated(_("Name"))); msg_dialog::displayChecks($msgs); }else{ // Remove old entry if filter was renamed if($orig_name != "" && isset($this->filters[$orig_name])){ unset($this->filters[$orig_name]); } // Now append the new filter object. $this->filters[$new_name] = $this->dialog->save(); $this->dialog = NULL; $this->filterWidget->setListData($this->filters, $this->convertFilterList()); $this->filterWidget->update(); } } } // Act on edit requests $this->filterWidget->save_object(); $action = $this->filterWidget->getAction(); if($action['action'] == 'edit' && count($action['targets']) == 1){ $key= $this->filterWidget->getKey($action['targets'][0]); if(isset($this->filters[$key])){ $this->dialog=new userFilterEditor($this->filters[$key], $this->listing); } } // Act on new requests if(isset($_POST['addFilter'])){ $this->dialog=new userFilterEditor(array(), $this->listing); } // Act on remove requests $action = $this->filterWidget->getAction(); if($action['action'] == 'delete' && count($action['targets']) == 1){ $key= $this->filterWidget->getKey($action['targets'][0]); if(isset($this->filters[$key])){ unset($this->filters[$key]); $this->filterWidget->update(); } } // Display edit dialog if($this->dialog instanceOf userFilterEditor){ $this->dialog->save_object(); return($this->dialog->execute()); } $smarty = get_smarty(); $smarty->assign("list", $this->filterWidget->render()); return($smarty->fetch(get_template_path('userFilter.tpl', FALSE))); } /*! \brief Returns user defined filter for a given list of categories, * if no categories were specified all enabled filters will be returned. */ static function getFilter($category=array()) { global $config; $ldap=$config->get_ldap_link(); $ui = get_userinfo(); $ldap->cd($config->current['BASE']); $ldap->search("(&(objectClass=gosaProperties)(gosaUserDefinedFilter=*))",array('gosaUserDefinedFilter')); $filter = array(); while($attrs = $ldap->fetch()){ for($i=0; $i < $attrs['gosaUserDefinedFilter']['count']; $i++){ $tmp = userFilter::explodeFilterString($attrs['gosaUserDefinedFilter'][$i]); if(!isset($tmp['tag'])) continue; // Remove line breaks from the filter, which may were added for better reading. foreach($tmp['query'] as $key => $query){ $c = preg_split('/\n/',$query['filter']); foreach($c as $cKey => $str) $c[$cKey] = trim($str); $tmp['query'][$key]['filter'] = mb_convert_encoding(implode($c),'UTF-8'); } // The filter is visible if it is shared or if is one of our own creations. // ... and enabled. $visible = in_array_strict('enable', $tmp['flags']) && ($attrs['dn'] == $ui->dn || in_array_strict('share', $tmp['flags'])); // Add filter if it matches the category list if($visible && (count($category) == 0 || array_intersect($category, $tmp['categories']))){ $filter[$tmp['tag']] = $tmp; } } } return($filter); } /*! \brief Write user-filter modifications back to the ldap. */ function save() { // Build up new list of filters $attrs = array(); foreach($this->filters as $filter){ $tmp = $filter['parent'].";"; $tmp.= implode(',', $filter['categories']).";"; $tmp.= $filter['tag'].";"; $tmp.= base64_encode($filter['description']).";"; // Add queries foreach($filter['query'] as $query){ $tmp.= base64_encode($query['filter']).":".$query['backend'].","; } $tmp = trim($tmp,",").";"; $tmp.= implode(',', $filter['flags']); $attrs[] = $tmp; } $this->gosaUserDefinedFilter = $attrs; plugin::save(); $ldap = $this->config->get_ldap_link(); $ldap->cd($this->dn); $ldap->modify($this->attrs); new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error()); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class())); } } /*! \brief Do not save any posted values here. */ function save_object(){} } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_userinfo.inc����������������������������������������������������������0000644�0001750�0001750�00000061144�11613731145�017544� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������config= &$config; $ldap= $this->config->get_ldap_link(); $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage', 'gosaUnitTag', 'gosaLoginRestriction')); $attrs= $ldap->fetch(); if (isset($attrs['givenName'][0]) && isset($attrs['sn'][0])){ $this->cn= $attrs['givenName'][0]." ".$attrs['sn'][0]; } else { $this->cn= $attrs['uid'][0]; } if (isset($attrs['gidNumber'][0])){ $this->gidNumber= $attrs['gidNumber'][0]; } /* Restrictions? */ if (isset($attrs['gosaLoginRestriction'])){ $this->restrictions= $attrs['gosaLoginRestriction']; unset($this->restrictions['count']); } /* Assign user language */ if (isset($attrs['preferredLanguage'][0])){ $this->language= $attrs['preferredLanguage'][0]; } if (isset($attrs['gosaUnitTag'][0])){ $this->gosaUnitTag= $attrs['gosaUnitTag'][0]; } $this->dn= $userdn; $this->uid= $attrs['uid'][0]; $this->ip= $_SERVER['REMOTE_ADDR']; /* Initialize ACL_CACHE */ $this->reset_acl_cache(); } public function reset_acl_cache() { /* Initialize ACL_CACHE */ session::global_set('ACL_CACHE',array()); } function loadACL() { $this->ACL= array(); $this->allACLs= array(); $this->groups= array(); $this->result_cache =array(); $this->reset_acl_cache(); $ldap= $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); /* Get member groups... */ $ldap->search("(&(objectClass=posixGroup)(memberUid=".$this->uid."))", array('dn')); while ($attrs= $ldap->fetch()){ $this->groups[$attrs['dn']]= $attrs['dn']; } /* Crawl through ACLs and move relevant to the tree */ $ldap->search("(objectClass=gosaACL)", array('dn', 'gosaAclEntry')); $aclp= array(); $aclc= array(); while ($attrs= $ldap->fetch()){ /* Insert links in ACL array */ $aclp[$attrs['dn']]= substr_count($attrs['dn'], ','); $aclc[$attrs['dn']]= array(); $ol= array(); for($i= 0; $i<$attrs['gosaAclEntry']['count']; $i++){ $ol= array_merge($ol, @acl::explodeAcl($attrs['gosaAclEntry'][$i])); } $aclc[$attrs['dn']]= $ol; } /* Resolve roles here. */ foreach($aclc as $dn => $data){ foreach($data as $prio => $aclc_value) { if($aclc_value['type'] == "role"){ unset($aclc[$dn][$prio]); $ldap->cat($aclc_value['acl'],array("gosaAclTemplate")); $attrs = $ldap->fetch(); if(isset($attrs['gosaAclTemplate'])){ for($i= 0; $i<$attrs['gosaAclTemplate']['count']; $i++){ $tmp = @acl::explodeAcl($attrs['gosaAclTemplate'][$i]); foreach($tmp as $new_acl){ /* Keep non role attributes here! */ $new_acl['filter'] = $aclc_value['filter']; $new_acl['members'] = $aclc_value['members']; $aclc[$dn][] =$new_acl; } } } } } } /* ACL's read, sort for tree depth */ asort($aclp); /* Sort in tree order */ foreach ($aclp as $dn => $acl){ /* Check if we need to keep this ACL */ foreach($aclc[$dn] as $idx => $type){ $interresting= FALSE; /* No members? This ACL rule is deactivated ... */ if (!count($type['members'])){ $interresting= FALSE; } else { /* Inspect members... */ foreach ($type['members'] as $grp => $grpdsc){ /* Some group inside the members that is relevant for us? */ if (in_array_ics(@LDAP::convert(preg_replace('/^G:/', '', $grp)), $this->groups)){ $interresting= TRUE; } /* User inside the members? */ if (mb_strtoupper(preg_replace('/^U:/', '', $grp)) == mb_strtoupper($this->dn)){ $interresting= TRUE; } /* Wildcard? */ if (preg_match('/^G:\*/', $grp)){ $interresting= TRUE; } $this->allACLs[$dn][$idx]= $type; } } if ($interresting){ if (!isset($this->ACL[$dn])){ $this->ACL[$dn]= array(); } $this->ACL[$dn][$idx]= $type; } } } /* Create an array which represenet all relevant permissions settings per dn. The array will look like this: . ['ou=base'] ['ou=base'] = array(ACLs); . . ['ou=dep1,ou=base']['ou=dep1,ou=base'] = array(ACLs); . ['ou=base'] = array(ACLs); For object located in 'ou=dep1,ou=base' we have to both ACLs, for objects in 'ou=base' we only have to apply on ACL. */ $without_self_acl = $all_acl = array(); foreach($this->ACL as $dn => $acl){ $sdn =$dn; $first= TRUE; // Run at least once while(strpos($dn,",") !== FALSE || $first){ $first = FALSE; if(isset($this->ACL[$dn])){ $all_acl[$sdn][$dn] = $this->ACL[$dn]; $without_self_acl[$sdn][$dn] = $this->ACL[$dn]; foreach($without_self_acl[$sdn][$dn] as $acl_id => $acl_set){ /* Remember which ACL set has speicial user filter */ if(isset($acl_set['filter']{1})){ $this->ACLperPath_usesFilter[$sdn] = TRUE; } /* Remove all acl entries which are especially for the current user (self acl) */ if(isset($acl_set['acl'])){ foreach($acl_set['acl'] as $object => $object_acls){ if(isset($object_acls[0]) && strpos($object_acls[0],"s") !== FALSE){ unset($without_self_acl[$sdn][$dn][$acl_id]['acl'][$object]); } } } } } $dn = preg_replace("/^[^,]*+,/","",$dn); } } $this->ACLperPath =$without_self_acl; /* Append Self entry */ $dn = $this->dn; while(strpos($dn,",") && !isset($all_acl[$dn])){ $dn = preg_replace("/^[^,]*+,/","",$dn); } if(isset($all_acl[$dn])){ $this->ACLperPath[$this->dn] = $all_acl[$dn]; } } /* Returns an array containing all target objects we've permssions on. */ function get_acl_target_objects() { return(array_keys($this->ACLperPath)); } function get_category_permissions($dn, $category, $any_acl = FALSE) { return($this->get_permissions($dn,$category.'/0',"")); } /*! \brief Check if the given object (dn) is copyable @param String The object dn @param String The acl category (e.g. users) @param String The acl class (e.g. user) @return Boolean TRUE if the given object is copyable else FALSE */ function is_copyable($dn, $object, $class) { return(preg_match("/r/",$this->has_complete_category_acls($dn, $object))); } /*! \brief Check if the given object (dn) is cutable @param String The object dn @param String The acl category (e.g. users) @param String The acl class (e.g. user) @return Boolean TRUE if the given object is cutable else FALSE */ function is_cutable($dn, $object, $class) { $remove = preg_match("/d/",$this->get_permissions($dn,$object."/".$class)); $read = preg_match("/r/",$this->has_complete_category_acls($dn, $object)); return($remove && $read); } /*! \brief Checks if we are allowed to paste an object to the given destination ($dn) @param String The destination dn @param String The acl category (e.g. users) @param String The acl class (e.g. user) @return Boolean TRUE if we are allowed to paste an object. */ function is_pasteable($dn, $object) { return(preg_match("/w/",$this->has_complete_category_acls($dn, $object))); } /*! \brief Checks if we are allowed to restore a snapshot for the given dn. @param String The destination dn @param String The acl category (e.g. users) @return Boolean TRUE if we are allowed to restore a snapshot. */ function allow_snapshot_restore($dn, $object) { if(!is_array($object)){ $object = array($object); } $r = $w = TRUE; foreach($object as $category){ $w &= preg_match("/w/",$this->has_complete_category_acls($dn, $category)); $r &= preg_match("/r/",$this->has_complete_category_acls($dn, $category)); } return($r && $w ); } /*! \brief Checks if we are allowed to create a snapshot of the given dn. @param String The source dn @param String The acl category (e.g. users) @return Boolean TRUE if we are allowed to restore a snapshot. */ function allow_snapshot_create($dn, $object) { if(!is_array($object)){ $object = array($object); } $r = TRUE; foreach($object as $category){ $r &= preg_match("/r/",$this->has_complete_category_acls($dn, $category)); } return($r) ; } function get_permissions($dn, $object, $attribute= "", $skip_write= FALSE) { /* If we are forced to skip ACLs checks for the current user then return all permissions. */ if($this->ignore_acl_for_current_user()){ if($skip_write){ return("rcdm"); } return("rwcdm"); } /* Push cache answer? */ $ACL_CACHE = &session::global_get('ACL_CACHE'); if (isset($ACL_CACHE["$dn+$object+$attribute"])){ $ret = $ACL_CACHE["$dn+$object+$attribute"]; if($skip_write){ $ret = str_replace(array('w','c','d','m'), '',$ret); } return($ret); } /* Check for correct category and class values... */ if(strpos($object,'/') !== FALSE){ list($aclCategory, $aclClass) = preg_split("!/!", $object); }else{ $aclCategory = $object; } if($this->config->boolValueIsTrue("core","developmentMode")){ if(!isset($this->ocMapping[$aclCategory])){ trigger_error("Invalid ACL category '".$aclCategory."'! ({$object})"); return(""); }elseif(isset($aclClass) && !in_array_strict($aclClass, $this->ocMapping[$aclCategory])){ trigger_error("Invalid ACL class '".$aclClass."'! ({$object})"); return(""); } if(isset($aclClass) && $aclClass != '0' && class_available($aclClass)){ $plInfo = call_user_func(array($aclClass, 'plInfo')); if(!empty($attribute) && !isset($plInfo['plProvidedAcls'][$attribute])){ trigger_error("Invalid ACL attribute '".$attribute."'! ({$object})"); return(""); } } } /* Detect the set of ACLs we have to check for this object */ $adn = $dn; while(!isset($this->ACLperPath[$adn]) && strpos($adn,",") !== FALSE){ $adn = preg_replace("/^[^,]*+,/","",$adn); } if(isset($this->ACLperPath[$adn])){ $ACL = $this->ACLperPath[$adn]; }else{ $ACL_CACHE["$dn+$object+$attribute"] = ""; return(""); } /* If we do not need to respect any user-filter settings we can skip the per object ACL checks. */ $orig_dn= $dn; if(!isset($this->ACLperPath_usesFilter[$adn])){ $dn = $adn; if (isset($ACL_CACHE["$dn+$object+$attribute"])){ $ret = $ACL_CACHE["$dn+$object+$attribute"]; if(!isset($ACL_CACHE["$orig_dn+$object+$attribute"])){ $ACL_CACHE["$orig_dn+$object+$attribute"] = $ACL_CACHE["$dn+$object+$attribute"]; } if($skip_write){ $ret = str_replace('w','',$ret); } return($ret); } } /* Get ldap object, for later filter checks */ $ldap = $this->config->get_ldap_link(); $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => ""); /* Build dn array */ $path= explode(',', $dn); $path= array_reverse($path); /* Walk along the path to evaluate the acl */ $cpath= ""; foreach ($path as $element){ /* Clean potential ACLs for each level */ if(isset($this->config->idepartments[$cpath])){ $acl= $this->cleanACL($acl); } if ($cpath == ""){ $cpath= $element; } else { $cpath= $element.','.$cpath; } if (isset($ACL[$cpath])){ /* Inspect this ACL, place the result into ACL */ foreach ($ACL[$cpath] as $subacl){ if($subacl['type'] == "role") { echo "role skipped"; continue; } /* With user filter */ if (isset($subacl['filter']) && !empty($subacl['filter'])){ $id = $dn."-".$subacl['filter']; if(!isset($ACL_CACHE['FILTER'][$id])){ $ACL_CACHE['FILTER'][$id] = $ldap->object_match_filter($dn,$subacl['filter']); } if(!$ACL_CACHE['FILTER'][$id]){ continue; } } /* Reset? Just clean the ACL and turn over to the next one... */ if ($subacl['type'] == 'reset'){ $acl= $this->cleanACL($acl, TRUE); continue; } /* Self ACLs? */ if($dn != $this->dn && isset($subacl['acl'][$object][0]) && (strpos($subacl['acl'][$object][0],"s") !== FALSE)){ continue; } /* If attribute is "", we want to know, if we've *any* permissions here... Merge global class ACLs [0] with attributes specific ACLs [attribute]. */ if ($attribute == "" && isset($subacl['acl'][$object])){ foreach($subacl['acl'][$object] as $attr => $dummy){ $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attr]); } continue; } /* Per attribute ACL? */ if (isset($subacl['acl'][$object][$attribute])){ $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attribute]); continue; } /* Per object ACL? */ if (isset($subacl['acl'][$object][0])){ $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][0]); continue; } /* Global ACL? */ if (isset($subacl['acl']['all/all'][0])){ $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']['all/all'][0]); continue; } /* Global ACL? - Old style global ACL - Was removed since class_core.inc was created */ if (isset($subacl['acl']['all'][0])){ $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']['all'][0]); continue; } /* Category ACLs (e.g. $object = "user/0") */ if(strstr($object,"/0")){ $ocs = preg_replace("/\/0$/","",$object); if(isset($this->ocMapping[$ocs])){ /* if $attribute is "", then check every single attribute for this object. if it is 0, then just check the object category ACL. */ if($attribute == ""){ foreach($this->ocMapping[$ocs] as $oc){ if (isset($subacl['acl'][$ocs.'/'.$oc])){ // Skip ACLs wich are defined for ourselfs only - if not checking against ($ui->dn) if(isset($subacl['acl'][$ocs.'/'.$oc][0]) && $dn != $this->dn && strpos($subacl['acl'][$ocs.'/'.$oc][0],"s") !== FALSE) continue; foreach($subacl['acl'][$ocs.'/'.$oc] as $attr => $dummy){ $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$ocs.'/'.$oc][$attr]); } continue; } } }else{ if(isset($subacl['acl'][$ocs.'/'.$oc][0])){ if($dn != $this->dn && strpos($subacl['acl'][$ocs.'/'.$oc][0],"s") !== FALSE) continue; $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$ocs.'/'.$oc][0]); } } } continue; } } } } /* If the requested ACL is for a container object, then alter ACLs by applying cleanACL a last time. */ if(isset($this->config->idepartments[$dn])){ $acl = $this->cleanACL($acl); } /* Assemble string */ $ret= ""; foreach ($acl as $key => $value){ if ($value !== ""){ $ret.= $key; } } $ACL_CACHE["$dn+$object+$attribute"]= $ret; $ACL_CACHE["$orig_dn+$object+$attribute"]= $ret; /* Remove write if needed */ if ($skip_write){ $ret = str_replace(array('w','c','d','m'), '',$ret); } return ($ret); } /* Extract all departments that are accessible (direct or 'on the way' to an accessible department) */ function get_module_departments($module, $skip_self_acls = FALSE ) { /* If we are forced to skip ACLs checks for the current user then return all departments as valid. */ if($this->ignore_acl_for_current_user()){ return(array_keys($this->config->idepartments)); } /* Use cached results if possilbe */ $ACL_CACHE = &session::global_get('ACL_CACHE'); if(!is_array($module)){ $module = array($module); } global $plist; $res = array(); foreach($module as $mod){ if(isset($ACL_CACHE['MODULE_DEPARTMENTS'][$mod])){ $res = array_merge($res,$ACL_CACHE['MODULE_DEPARTMENTS'][$mod]); continue; } $deps = array(); /* Search for per object ACLs */ foreach($this->ACL as $dn => $infos){ foreach($infos as $info){ $found = FALSE; if(isset($info['acl'])){ foreach($info['acl'] as $cat => $data){ /* Skip self acls? */ if($skip_self_acls && isset($data['0']) && (strpos($data['0'], "s") !== FALSE)) continue; if(preg_match("/^".preg_quote($mod, '/')."/",$cat)){ $found =TRUE; break; } } } if($found && !isset($this->config->idepartments[$dn])){ while(!isset($this->config->idepartments[$dn]) && strpos($dn, ",")){ $dn = preg_replace("/^[^,]+,/","",$dn); } if(isset($this->config->idepartments[$dn])){ $deps[$dn] = $dn; } } } } /* For all gosaDepartments */ foreach ($this->config->departments as $dn){ if(isset($deps[$dn])) continue; $acl = ""; if(strpos($mod, '/')){ $acl.= $this->get_permissions($dn,$mod); }else{ $acl.= $this->get_category_permissions($dn,$mod,TRUE); } if(!empty($acl)) { $deps[$dn] = $dn; } } $ACL_CACHE['MODULE_DEPARTMENTS'][$mod] = $deps; $res = array_merge($res,$deps); } return (array_values($res)); } function mergeACL($acl, $type, $newACL) { $at= array("psub" => "p", "sub" => "s", "one" => "1"); if (strpos($newACL, 'w') !== FALSE && strpos($newACL, 'r') === FALSE){ $newACL .= "r"; } /* Ignore invalid characters */ $newACL= preg_replace('/[^rwcdm]/', '', $newACL); foreach(str_split($newACL) as $char){ /* Skip "self" ACLs without combination of rwcdm, they have no effect. -self flag without read/write/create/... */ if(empty($char)) continue; /* Skip permanent and subtree entries */ if (preg_match('/[sp]/', $acl[$char])){ continue; } if ($type == "base" && $acl[$char] != 1) { $acl[$char]= 0; } else { $acl[$char]= $at[$type]; } } return ($acl); } function cleanACL($acl, $reset= FALSE) { foreach ($acl as $key => $value){ /* Continue, if value is empty or permanent */ if ($value == "" || $value == "p") { continue; } /* Reset removes everything but 'p' */ if ($reset && $value != 'p'){ $acl[$key]= ""; continue; } /* Decrease tree level */ if (is_int($value)){ if ($value){ $acl[$key]--; } else { $acl[$key]= ""; } } } return ($acl); } /* #FIXME This could be logical wrong or could be optimized in the future Return combined acls for a given category. All acls will be combined like boolean AND As example ('rwcdm' + 'rcd' + 'wrm'= 'r') Results will be cached in $this->result_cache. $this->result_cache will be resetted if load_acls is called. */ function has_complete_category_acls($dn,$category) { $acl = "rwcdm"; $types = "rwcdm"; if(!is_string($category)){ trigger_error("category must be string"); $acl = ""; }else{ if(!isset($this->result_cache['has_complete_category_acls'][$dn][$category])) { if (isset($this->ocMapping[$category])){ foreach($this->ocMapping[$category] as $oc){ /* Skip objectClass '0' (e.g. users/0) get_permissions will ever return '' ?? */ if($oc == "0") continue; $tmp = $this->get_permissions($dn, $category."/".$oc); for($i = 0, $l= strlen($types); $i < $l; $i++) { if(!preg_match("/".$types[$i]."/",$tmp)){ $acl = preg_replace("/".$types[$i]."/","",$acl); } } } }else{ if($this->config->boolValueIsTrue("core","developmentMode")){ trigger_error("Invalid type of category ".$category); } $acl = ""; } $this->result_cache['has_complete_category_acls'][$dn][$category] = $acl; }else{ $acl = $this->result_cache['has_complete_category_acls'][$dn][$category]; } } return($acl); } /*! \brief Returns TRUE if the current user is configured in IGNORE_ACL=".." in your gosa.conf @param Return Boolean TRUE if we have to skip ACL checks else FALSE. */ function ignore_acl_for_current_user() { if($this->ignoreACL === NULL){ $this->ignoreACL = ($this->config->get_cfg_value("core","ignoreAcl") == $this->dn); } return($this->ignoreACL); } function loginAllowed() { // Need to check restrictions? if (count($this->restrictions)){ // We have restrictions but cannot check them if (!isset($_SERVER['REMOTE_ADDR'])){ return false; } // Move to binary... $source= $_SERVER['REMOTE_ADDR']; foreach ($this->restrictions as $restriction) { // Single IP if (preg_match('/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/', $restriction)) { if ($source == $restriction){ return true; } } // Match with short netmask if (preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/([0-9]+)$/', $restriction, $matches)) { if (isIpInNet($source, $matches[1], long2ip(~(pow(2, (32-$matches[2]))-1)))) { return true; } } // Match with long netmask if (preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/', $restriction, $matches)) { if (isIpInNet($source, $matches[1], $matches[2])) { return true; } } } return false; } return true; } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_log.inc���������������������������������������������������������������0000644�0001750�0001750�00000010322�11613731145�016463� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ \version 2.6 \date 11.04.2007 This is the base class for the GOsa logging functionality. All logging should lead to this class. */ class log { var $config; /*! \brief logging constructor \param action One of these values (modify|create|remove|snapshot|copy) \param objecttype represents the current edited objecttype, like users/user \param object represents the current edited object dn \param changes_array An array containing names of all touched attributes \param result A status message, containing errors or success messages \sa log() */ function log($action,$objecttype,$object,$changes_array = array(),$result = "") { if(!is_array($changes_array)){ trigger_error("log(string,string,string,array(),bool). Forth parameter must be an array."); $changes_array = array(); } $entry = array(); if(!session::global_is_set('config')){ $entry['user']= "unkown"; }else{ $this->config = session::global_get('config'); $ui = get_userinfo(); $entry['user']= @$ui->dn; } /* Create string out of changes */ $changes =""; foreach($changes_array as $str ){ $changes .= $str.","; } $changes = preg_replace("/,$/","",$changes ); /* Create data object */ $entry['timestamp'] = time(); $entry['action'] = $action; $entry['objecttype']= $objecttype; $entry['object'] = $object; $entry['changes'] = $changes; $entry['result'] = $result; if(!isset($this->config) && empty($entry['user'])){ $entry['user'] = "unknown"; } /* Check if all given values are valid */ global $config; $msgs = @log::check($entry); if(count($msgs)){ foreach($msgs as $msg){ trigger_error("Logging failed, reason was: ".$msg); msg_dialog::display(_("Internal error"), sprintf(_("Logging failed: %s"), $msg), ERROR_DIALOG); } }else{ if(is_object($config) && $config->boolValueIsTrue("core","logging")){ $this->log_into_syslog($entry); } } } function check($entry = array()) { $msgs = array(); if(!isset($entry['action']) || !in_array_strict($entry['action'],array("modify","create","remove","copy","snapshot","view","security","debug"))){ $msgs[] = sprintf(_("Invalid option %s specified!"), bold($entry['action'])); } if(!isset($entry['objecttype'])){ $msgs[] = _("Specified 'objectType' is empty or invalid!"); } return($msgs); } /* This function is used to into the systems syslog */ function log_into_syslog($entry) { $str= ""; if(!empty($entry['action'])) $str .= "({$entry['action']}) "; // Add object and object type if set. if(!empty($entry['object']) && !empty($entry['objecttype'])){ $str .= "{$entry['object']} of type {$entry['objecttype']} "; }elseif(!empty($entry['object'])){ $str .= "{$entry['object']} "; }elseif(!empty($entry['objecttype'])){ $str .= "{$entry['objecttype']} "; } if(!empty($entry['changes'])) $str .= "{$entry['changes']} "; if(!empty($entry['result'])) $str .= ": {$entry['result']} "; gosa_log($str); } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/smartyAddons/���������������������������������������������������������������0000755�0001750�0001750�00000000000�11752422552�016477� 5����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/smartyAddons/block.tr.php���������������������������������������������������0000644�0001750�0001750�00000001255�11651531333�020725� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/smartyAddons/function.factory.php�������������������������������������������0000644�0001750�0001750�00000002177�11707215001�022477� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������"; } return($str); } ?> �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/smartyAddons/function.msgPool.php�������������������������������������������0000644�0001750�0001750�00000001012�11651531333�022442� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ $value){ if(!preg_match("/^type$/i",$para)){ $parameter[$para] = $value; } } if(is_callable("msgPool::".$params['type'])){ echo call_user_func_array(array("msgPool",$params['type']), $parameter); }else{ trigger_error("Unknown msgPool function ".$params['type']); } }else{ trigger_error("Unknown class msgPool."); } } ?> ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/smartyAddons/block.t.php����������������������������������������������������0000644�0001750�0001750�00000007533�11651531333�020550� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ * @copyright 2004-2005 Sagi Bashari */ /** * Replaces arguments in a string with their values. * Arguments are represented by % followed by their number. * * @param string Source string * @param mixed Arguments, can be passed in an array or through single variables. * @returns string Modified string */ function smarty_gettext_strarg($str) { $tr = array(); $p = 0; for ($i=1; $i < func_num_args(); $i++) { $arg = func_get_arg($i); if (is_array($arg)) { foreach ($arg as $aarg) { $tr['%'.++$p] = $aarg; } } else { $tr['%'.++$p] = $arg; } } return strtr($str, $tr); } /** * Smarty block function, provides gettext support for smarty. * * The block content is the text that should be translated. * * Any parameter that is sent to the function will be represented as %n in the translation text, * where n is 1 for the first parameter. The following parameters are reserved: * - escape - sets escape mode: * - 'html' for HTML escaping, this is the default. * - 'js' for javascript escaping. * - 'url' for url escaping. * - 'no'/'off'/0 - turns off escaping * - plural - The plural version of the text (2nd parameter of ngettext()) * - count - The item count for plural mode (3rd parameter of ngettext()) */ function smarty_block_t($params, $text, &$smarty) { $text = stripslashes($text); // set escape mode if (isset($params['escape'])) { $escape = $params['escape']; unset($params['escape']); } // set plural version if (isset($params['plural'])) { $plural = $params['plural']; unset($params['plural']); // set count if (isset($params['count'])) { $count = $params['count']; unset($params['count']); } } // use plural if required parameters are set if (isset($count) && isset($plural)) { $text = ngettext($text, $plural, $count); } else { // use normal $text = gettext($text); } // run strarg if there are parameters if (count($params)) { $text = smarty_gettext_strarg($text, $params); } if (!isset($escape) || $escape == 'html') { // html escape, default $text = nl2br(htmlspecialchars($text)); } elseif (isset($escape)) { switch ($escape) { case 'javascript': case 'js': // javascript escape $text = str_replace('\'', '\\\'', stripslashes($text)); break; case 'url': // url escape $text = urlencode($text); break; } } return $text; } ?> ���������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/smartyAddons/block.render.php�����������������������������������������������0000644�0001750�0001750�00000006554�11651531333�021566� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ */ if(empty($text)) { return(""); } /* Get acl parameter */ $acl = ""; if (isset($params['acl'])) { $acl = $params['acl']; } /* Debug output */ if (session::is_set('debugLevel') && session::get('debugLevel') & DEBUG_ACL ){ echo " ".$acl.""; } /* Parameter : checkbox, checked * If the parameter 'checkbox' is given, we create a html checkbox in front * of the current object. * The parameter 'checked' specifies whether the box is checked or not. * The checkbox disables or enables the current object. */ if(isset($params['checkbox']) && $params['checkbox']){ /* Detect name and id of the current object */ $use_text = preg_replace("/\n/"," ",$text); $name = preg_replace('/^.* name[ ]*=[ ]*("|\')([^\"\' ]*).*$/i',"\\2",$use_text); /* Detect id */ if(preg_match("/ id=(\"|')[^\"']*(\"|')/i",$text)){ $id = preg_replace('/^.* id[ ]*=[ ]*("|\')([^\"\' ]*).*$/i',"\\2",$use_text); }else{ $id = ""; } /* Is the box checked? */ isset($params['checked'])&&$params['checked'] ? $check = " checked " : $check = ""; /* If name isset, we have a html input field */ if(!empty($name)){ /* Print checkbox */ echo ""; /* Disable current object, if checkbox isn't checked */ if($check == ""){ $text = preg_replace("/name=/i"," disabled name=",$text); } /* Add id to current entry, if it is missing */ if($id == ""){ $text = preg_replace("/name=/i"," id=\"".$name."\" name=",$text); } } } /* Read / Write*/ if(preg_match("/w/i",$acl)){ return ($text); } $text = preg_replace ("/\n/","GOSA_LINE_BREAK",$text); /* Disable objects, but keep those active that have mode=read_active */ if(!(isset($params['mode']) && ($params['mode']=='read_active') && preg_match("/(r|w)/",$acl))){ /* Disable options && greyout lists */ $from = array("/class=['\"]list1nohighlight['\"]/i", "/class=['\"]list0['\"]/i", "/class=['\"]list1['\"]/i", "/class=['\"]sortableListItem[^'\"]*['\"]/i"); $to = array("class='list1nohighlightdisabled'", "class='list1nohighlightdisabled'", "class='list1nohighlightdisabled'", "class='sortableListItemDisabled'"); if(!preg_match("/ disabled /",$text)){ $from [] = "/name=/i" ; $to [] = "disabled name="; } $text = preg_replace($from,$to,$text); /* Replace picture if object is disabled */ if(isset($params['disable_picture'])){ $syn = "/src=['\"][^\"']*['\"]/i"; $new = "src=\"".$params['disable_picture']."\""; $text = preg_replace($syn,$new,$text); } } /* Read only */ if(preg_match("/r/i",$acl)){ return(preg_replace("/GOSA_LINE_BREAK/","\n",$text)); } /* No acls */ if(preg_match("/type['\"= ].*submit/",$text)){ $text = preg_replace("/submit/","button",$text); }else{ $text = preg_replace("/value=['\"][^\"']*['\"]/","",$text); } /* Remove select options */ $from = array("#
\n";
$display.= "
\n";
return($display);
}
/*! \brief Show header message for tab dialogs */
function show_disable_header($button_text, $text, $disabled= FALSE)
{
if (($disabled == TRUE) || !$this->acl_is_removeable()){
$state= "disabled";
} else {
$state= "";
}
$display = "$text
\n"; $display.= "\n"; $display.= "\n";
$display.= "
\n";
return($display);
}
/* Create unique DN */
function create_unique_dn2($data, $base)
{
$ldap= $this->config->get_ldap_link();
$base= preg_replace("/^,*/", "", $base);
/* Try to use plain entry first */
$dn= "$data,$base";
$attribute= preg_replace('/=.*$/', '', $data);
$ldap->cat ($dn, array('dn'));
if (!$ldap->fetch()){
return ($dn);
}
/* Look for additional attributes */
foreach ($this->attributes as $attr){
if ($attr == $attribute || $this->$attr == ""){
continue;
}
$dn= "$data+$attr=".$this->$attr.",$base";
$ldap->cat ($dn, array('dn'));
if (!$ldap->fetch()){
return ($dn);
}
}
/* None found */
return ("none");
}
/*! \brief Create unique DN */
function create_unique_dn($attribute, $base)
{
$ldap= $this->config->get_ldap_link();
$base= preg_replace("/^,*/", "", $base);
/* Try to use plain entry first */
$dn= "$attribute=".$this->$attribute.",$base";
$ldap->cat ($dn, array('dn'));
if (!$ldap->fetch()){
return ($dn);
}
/* Look for additional attributes */
foreach ($this->attributes as $attr){
if ($attr == $attribute || $this->$attr == ""){
continue;
}
$dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
$ldap->cat ($dn, array('dn'));
if (!$ldap->fetch()){
return ($dn);
}
}
/* None found */
return ("none");
}
function rebind($ldap, $referral)
{
$credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
if (ldap_bind($ldap, $credentials['ADMIN'], $this->config->get_credentials($credentials['PASSWORD']))) {
$this->error = "Success";
$this->hascon=true;
$this->reconnect= true;
return (0);
} else {
$this->error = "Could not bind to " . $credentials['ADMIN'];
return NULL;
}
}
/* Recursively copy ldap object */
function _copy($src_dn,$dst_dn)
{
$ldap=$this->config->get_ldap_link();
$ldap->cat($src_dn);
$attrs= $ldap->fetch();
/* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
$ds= ldap_connect($this->config->current['SERVER']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
ldap_set_rebind_proc($ds, array(&$this, "rebind"));
}
$pwd = $this->config->get_credentials($this->config->current['ADMINPASSWORD']);
$r=ldap_bind($ds,$this->config->current['ADMINDN'], $pwd);
$sr=ldap_read($ds, LDAP::fix($src_dn), "objectClass=*");
/* Fill data from LDAP */
$new= array();
if ($sr) {
$ei=ldap_first_entry($ds, $sr);
if ($ei) {
foreach($attrs as $attr => $val){
if ($info = @ldap_get_values_len($ds, $ei, $attr)){
for ($i= 0; $i<$info['count']; $i++){
if ($info['count'] == 1){
$new[$attr]= $info[$i];
} else {
$new[$attr][]= $info[$i];
}
}
}
}
}
}
/* close conncetion */
ldap_unbind($ds);
/* Adapt naming attribute */
$dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
$dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
$new[$dst_name]= LDAP::fix($dst_val);
/* Check if this is a department.
* If it is a dep. && there is a , override in his ou
* change \2C to , again, else this entry can't be saved ...
*/
if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
$new['ou'] = str_replace("\\\\,",",",$new['ou']);
}
/* Save copy */
$ldap->connect();
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
/* FAIvariable=.../..., cn=..
could not be saved, because the attribute FAIvariable was different to
the dn FAIvariable=..., cn=... */
if(!is_array($new['objectClass'])) $new['objectClass'] = array($new['objectClass']);
if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
$new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
}
$ldap->cd($dst_dn);
$ldap->add($new);
if (!$ldap->success()){
trigger_error("Trying to save $dst_dn failed.",
E_USER_WARNING);
return(FALSE);
}
return(TRUE);
}
/* This is a workaround function. */
function copy($src_dn, $dst_dn)
{
/* Rename dn in possible object groups */
$ldap= $this->config->get_ldap_link();
$ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::prepare4filter($src_dn).'))',
array('cn'));
while ($attrs= $ldap->fetch()){
$og= new ogroup($this->config, $ldap->getDN());
unset($og->member[$src_dn]);
$og->member[$dst_dn]= $dst_dn;
$og->save ();
}
$ldap->cat($dst_dn);
$attrs= $ldap->fetch();
if (count($attrs)){
trigger_error("Trying to overwrite ".LDAP::fix($dst_dn).", which already exists.",
E_USER_WARNING);
return (FALSE);
}
$ldap->cat($src_dn);
$attrs= $ldap->fetch();
if (!count($attrs)){
trigger_error("Trying to move ".LDAP::fix($src_dn).", which does not seem to exist.",
E_USER_WARNING);
return (FALSE);
}
$ldap->cd($src_dn);
$ldap->search("objectClass=*",array("dn"));
while($attrs = $ldap->fetch()){
$src = $attrs['dn'];
$dst = preg_replace("/".preg_quote($src_dn, '/')."$/",$dst_dn,$attrs['dn']);
$this->_copy($src,$dst);
}
return (TRUE);
}
/*! \brief Rename/Move a given src_dn to the given dest_dn
*
* Move a given ldap object indentified by $src_dn to the
* given destination $dst_dn
*
* - Ensure that all references are updated (ogroups)
* - Update ACLs
* - Update accessTo
*
* \param string 'src_dn' the source DN.
* \param string 'dst_dn' the destination DN.
* \return boolean TRUE on success else FALSE.
*/
function rename($src_dn, $dst_dn)
{
$start = microtime(1);
/* Try to move the source entry to the destination position */
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dst_dn));
if (!$ldap->rename_dn($src_dn,$dst_dn)){
new log("debug","LDAP protocol v3 implementation error, ldap_rename failed, falling back to manual copy.","FROM: $src_dn -- TO: $dst_dn",array(),$ldap->get_error());
@DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,"Rename failed FROM: $src_dn -- TO: $dst_dn",
"Ldap Protocol v3 implementation error, falling back to maunal method.");
return(FALSE);
}
/* Get list of users,groups and roles within this tree,
maybe we have to update ACL references.
*/
$leaf_objs = get_list("(|(objectClass=posixGroup)(objectClass=gosaAccount)(objectClass=gosaRole))",array("all"),$dst_dn,
array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
foreach($leaf_objs as $obj){
$new_dn = $obj['dn'];
$old_dn = preg_replace("/".preg_quote(LDAP::convert($dst_dn), '/')."$/i",$src_dn,LDAP::convert($new_dn));
$this->update_acls($old_dn,$new_dn);
}
// Migrate objectgroups if needed
$ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))",
"ogroups", array(get_ou("group", "ogroupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
// Walk through all objectGroups
foreach($ogroups as $ogroup){
// Migrate old to new dn
$o_ogroup= new ogroup($this->config,$ogroup['dn']);
if (isset($o_ogroup->member[$src_dn])) {
unset($o_ogroup->member[$src_dn]);
}
$o_ogroup->member[$dst_dn]= $dst_dn;
// Save object group
$o_ogroup->save();
}
// Migrate objectgroups if needed
$objects = get_sub_list("(&(objectClass=gotoEnvironment)(gotoHotplugDeviceDN=".LDAP::prepare4filter(LDAP::fix($src_dn))."))",
"users",array(get_ou("core","userRDN"), get_ou("core","groupRDN")),
$this->config->current['BASE'],array("dn", "gotoHotplugDeviceDN"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
$ldap = $this->config->get_ldap_link();
foreach($objects as $obj){
$deviceDNS = array();
for($i=0; $i < $obj["gotoHotplugDeviceDN"]['count']; $i++){
$odn = $obj["gotoHotplugDeviceDN"][$i];
if($odn == $src_dn){
$odn = $dst_dn;
}
$deviceDNS[] = $odn;
}
$ldap->cd($obj['dn']);
$ldap->modify(array('gotoHotplugDeviceDN'=>$deviceDNS));
if(!$ldap->success()){
trigger_error(sprintf("Failed to update gotoHotplugDeviceDN for %s: %s", bold($obj['dn']), $ldap->get_error()));
}
}
// Migrate rfc groups if needed
$groups = get_sub_list("(&(objectClass=posixGroup)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("core", "groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
// Walk through all POSIX groups
foreach($groups as $group){
// Migrate old to new dn
$o_group= new group($this->config,$group['dn']);
$o_group->save();
}
/* Update roles to use the new entry dn */
if(class_available('roleGeneric')){
$roles = get_sub_list("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","roles", array(get_ou("roleGeneric", "roleRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
// Walk through all roles
foreach($roles as $role){
$role = new roleGeneric($this->config,$role['dn']);
$key= array_search($src_dn, $role->roleOccupant);
if($key !== FALSE){
$role->roleOccupant[$key] = $dst_dn;
$role->save();
}
}
}
// Update 'manager' attributes from gosaDepartment and inetOrgPerson
$filter = "(&(objectClass=inetOrgPerson)(manager=".LDAP::prepare4filter(LDAP::fix($src_dn))."))";
$ocs = $ldap->get_objectclasses();
if(isset($ocs['gosaDepartment']['MAY']) && in_array_strict('manager', $ocs['gosaDepartment']['MAY'])){
$filter = "(|".$filter."(&(objectClass=gosaDepartment)(manager=".LDAP::prepare4filter(LDAP::fix($src_dn)).")))";
}
$leaf_deps= get_list($filter,array("all"),$this->config->current['BASE'],
array("manager","dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
foreach($leaf_deps as $entry){
$update = array('manager' => $dst_dn);
$ldap->cd($entry['dn']);
$ldap->modify($update);
if(!$ldap->success()){
trigger_error(sprintf("Failed to update manager for %s: %s", bold($entry['dn']), $ldap->get_error()));
}
}
// Migrate 'dyn-groups' here. labeledURIObject
if(class_available('DynamicLdapGroup')) {
DynamicLdapGroup::moveDynGroup($this->config,$src_dn,$dst_dn);
}
/* Check if there are gosa departments moved.
If there were deps moved, the force reload of config->deps.
*/
$leaf_deps= get_list("(objectClass=gosaDepartment)",array("all"),$dst_dn,
array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
if(count($leaf_deps)){
$this->config->get_departments();
$this->config->make_idepartments();
session::global_set("config",$this->config);
$ui =get_userinfo();
$ui->reset_acl_cache();
}
return(TRUE);
}
function move($src_dn, $dst_dn)
{
/* Do not copy if only upper- lowercase has changed */
if(strtolower($src_dn) == strtolower($dst_dn)){
return(TRUE);
}
// Create statistic table entry
stats::log('plugin', $class = get_class($this), $category = array($this->acl_category), $action = 'move',
$amount = 1, $duration = (microtime(TRUE) - $this->initTime));
/* Try to move the entry instead of copy & delete
*/
if(TRUE){
/* Try to move with ldap routines, if this was not successfull
fall back to the old style copy & remove method
*/
if($this->rename($src_dn, $dst_dn)){
return(TRUE);
}else{
// See code below.
}
}
/* Copy source to destination */
if (!$this->copy($src_dn, $dst_dn)){
return (FALSE);
}
/* Delete source */
$ldap= $this->config->get_ldap_link();
$ldap->rmdir_recursive($src_dn);
if (!$ldap->success()){
trigger_error("Trying to delete $src_dn failed.",
E_USER_WARNING);
return (FALSE);
}
return (TRUE);
}
/* \brief Move/Rename complete trees */
function recursive_move($src_dn, $dst_dn)
{
/* Check if the destination entry exists */
$ldap= $this->config->get_ldap_link();
/* Check if destination exists - abort */
$ldap->cat($dst_dn, array('dn'));
if ($ldap->fetch()){
trigger_error("recursive_move $dst_dn already exists.",
E_USER_WARNING);
return (FALSE);
}
$this->copy($src_dn, $dst_dn);
/* Remove src_dn */
$ldap->cd($src_dn);
$ldap->recursive_remove($src_dn);
return (TRUE);
}
function saveCopyDialog(){
}
function getCopyDialog(){
return(array("string"=>"","status"=>""));
}
/*! \brief Prepare for Copy & Paste */
function PrepareForCopyPaste($source)
{
$todo = $this->attributes;
if(isset($this->CopyPasteVars)){
$todo = array_merge($todo,$this->CopyPasteVars);
}
if(count($this->objectclasses)){
$this->is_account = TRUE;
foreach($this->objectclasses as $class){
if(!in_array_strict($class,$source['objectClass'])){
$this->is_account = FALSE;
}
}
}
foreach($todo as $var){
if (isset($source[$var])){
if(isset($source[$var]['count'])){
if($source[$var]['count'] > 1){
$tmp= $source[$var];
unset($tmp['count']);
$this->$var = $tmp;
}else{
$this->$var = $source[$var][0];
}
}else{
$this->$var= $source[$var];
}
}
}
}
/*! \brief Get gosaUnitTag for the given DN
If this is called from departmentGeneric, we have to skip this
tagging procedure.
*/
function tag_attrs(&$at, $dn= "", $tag= "", $show= false)
{
/* Skip tagging? */
if($this->skipTagging){
return;
}
/* No dn? Self-operation... */
if ($dn == ""){
$dn= $this->dn;
/* No tag? Find it yourself... */
if ($tag == ""){
$len= strlen($dn);
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
$relevant= array();
foreach ($this->config->adepartments as $key => $ntag){
/* This one is bigger than our dn, its not relevant... */
if ($len < strlen($key)){
continue;
}
/* This one matches with the latter part. Break and don't fix this entry */
if (preg_match('/(^|,)'.preg_quote($key, '/').'$/', $dn)){
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
$relevant[strlen($key)]= $ntag;
continue;
}
}
/* If we've some relevant tags to set, just get the longest one */
if (count($relevant)){
ksort($relevant);
$tmp= array_keys($relevant);
$idx= end($tmp);
$tag= $relevant[$idx];
$this->gosaUnitTag= $tag;
}
}
}
/*! \brief Add unit tag */
/* Remove tags that may already be here... */
remove_objectClass("gosaAdministrativeUnitTag", $at);
if (isset($at['gosaUnitTag'])){
unset($at['gosaUnitTag']);
}
/* Set tag? */
if ($tag != ""){
add_objectClass("gosaAdministrativeUnitTag", $at);
$at['gosaUnitTag']= $tag;
}
/* Initially this object was tagged.
- But now, it is no longer inside a tagged department.
So force the remove of the tag.
(objectClass was already removed obove)
*/
if($tag == "" && $this->gosaUnitTag){
$at['gosaUnitTag'] = array();
}
}
/*! \brief Test for removability of the object
*
* Allows testing of conditions for removal of object. If removal should be aborted
* the function needs to remove an error message.
* */
function allow_remove()
{
$reason= "";
return $reason;
}
/*! \brief Test if snapshotting is enabled
*
* Test weither snapshotting is enabled or not. There will also be some errors posted,
* if the configuration failed
* \return TRUE if snapshots are enabled, and FALSE if it is disabled
*/
function snapshotEnabled()
{
return $this->config->snapshotEnabled();
}
/*! \brief Return plugin informations for acl handling
* See class_core.inc for examples.
*/
static function plInfo()
{
return array();
}
function set_acl_base($base)
{
@DEBUG (DEBUG_ACL, __LINE__, __FUNCTION__, __FILE__,"".$base."","ACL-Base: ");
$this->acl_base= $base;
}
function set_acl_category($category)
{
@DEBUG (DEBUG_ACL, __LINE__, __FUNCTION__, __FILE__,"".$category."(/".get_class($this).")","ACL-Category: ");
$this->acl_category= "$category/";
}
function acl_is_writeable($attribute,$skip_write = FALSE)
{
if($this->read_only) return(FALSE);
$ui= get_userinfo();
return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
}
function acl_is_readable($attribute)
{
$ui= get_userinfo();
return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
}
function acl_is_createable($base ="")
{
if($this->read_only) return(FALSE);
$ui= get_userinfo();
if($base == "") $base = $this->acl_base;
return preg_match('/c/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0'));
}
function acl_is_removeable($base ="")
{
if($this->read_only) return(FALSE);
$ui= get_userinfo();
if($base == "") $base = $this->acl_base;
return preg_match('/d/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0'));
}
function acl_is_moveable($base = "")
{
if($this->read_only) return(FALSE);
$ui= get_userinfo();
if($base == "") $base = $this->acl_base;
return preg_match('/m/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0'));
}
function acl_have_any_permissions()
{
}
function getacl($attribute,$skip_write= FALSE)
{
$ui= get_userinfo();
$skip_write |= $this->read_only;
return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
}
/*! \brief Returns a list of all available departments for this object.
*
* If this object is new, all departments we are allowed to create a new user in
* are returned. If this is an existing object, return all deps.
* We are allowed to move tis object too.
* \return array [dn] => "..name" // All deps. we are allowed to act on.
*/
function get_allowed_bases()
{
$ui = get_userinfo();
$deps = array();
/* Is this a new object ? Or just an edited existing object */
if(!$this->initially_was_account && $this->is_account){
$new = true;
}else{
$new = false;
}
foreach($this->config->idepartments as $dn => $name){
if($new && $this->acl_is_createable($dn)){
$deps[$dn] = $name;
}elseif(!$new && $this->acl_is_moveable($dn)){
$deps[$dn] = $name;
}
}
/* Add current base */
if(isset($this->base) && isset($this->config->idepartments[$this->base])){
$deps[$this->base] = $this->config->idepartments[$this->base];
}elseif(strtolower($this->dn) == strtolower($this->config->current['BASE'])){
}else{
trigger_error("Cannot return list of departments, no default base found in class ".get_class($this).". ".$this->base);
}
return($deps);
}
/* This function updates ACL settings if $old_dn was used.
* \param string 'old_dn' specifies the actually used dn
* \param string 'new_dn' specifies the destiantion dn
*/
function update_acls($old_dn,$new_dn,$output_changes = FALSE)
{
/* Check if old_dn is empty. This should never happen */
if(empty($old_dn) || empty($new_dn)){
trigger_error("Failed to check acl dependencies, wrong dn given.");
return;
}
/* Update userinfo if necessary */
$ui = session::global_get('ui');
if($ui->dn == $old_dn){
$ui->dn = $new_dn;
$ui->loadACL();
session::global_set('ui',$ui);
new log("view","acl/".get_class($this),$this->dn,array(),"Updated current object dn from '".$old_dn."' to '".$new_dn."'");
}
/* Object was moved, ensure that all acls will be moved too */
if($new_dn != $old_dn && $old_dn != "new"){
/* get_ldap configuration */
$update = array();
$ldap = $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
$ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($old_dn)."*))",array("cn","gosaAclEntry"));
while($attrs = $ldap->fetch()){
$acls = array();
$found = false;
for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
$acl_parts = explode(":",$attrs['gosaAclEntry'][$i]);
/* Roles uses antoher data storage order, members are stored int the third part,
while the members in direct ACL assignments are stored in the second part.
*/
$id = ($acl_parts[1] == "role") ? 3 : 2;
/* Update member entries to use $new_dn instead of old_dn
*/
$members = explode(",",$acl_parts[$id]);
foreach($members as $key => $member){
$member = base64_decode($member);
if($member == $old_dn){
$members[$key] = base64_encode($new_dn);
$found = TRUE;
}
}
/* Check if the selected role has to updated
*/
if($acl_parts[1] == "role" && $acl_parts[2] == base64_encode($old_dn)){
$acl_parts[2] = base64_encode($new_dn);
$found = TRUE;
}
/* Build new acl string */
$acl_parts[$id] = implode($members,",");
$acls[] = implode($acl_parts,":");
}
/* Acls for this object must be adjusted */
if($found){
$debug_info= sprintf(_("Changing ACL DN from %s to %s"), bold($old_dn), bold($new_dn));
@DEBUG (DEBUG_ACL, __LINE__, __FUNCTION__, __FILE__,$debug_info,"ACL");
$update[$attrs['dn']] =array();
foreach($acls as $acl){
$update[$attrs['dn']]['gosaAclEntry'][] = $acl;
}
}
}
/* Write updated acls */
foreach($update as $dn => $attrs){
$ldap->cd($dn);
$ldap->modify($attrs);
}
}
}
/*! \brief Enable the Serial ID check
*
* This function enables the entry Serial ID check. If an entry was edited while
* we have edited the entry too, an error message will be shown.
* To configure this check correctly read the FAQ.
*/
function enable_CSN_check()
{
$this->CSN_check_active =TRUE;
$this->entryCSN = getEntryCSN($this->dn);
}
/*! \brief Prepares the plugin to be used for multiple edit
* Update plugin attributes with given array of attribtues.
* \param array Array with attributes that must be updated.
*/
function init_multiple_support($attrs,$all)
{
$ldap= $this->config->get_ldap_link();
$this->multi_attrs = $attrs;
$this->multi_attrs_all= $all;
/* Copy needed attributes */
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->multi_attrs);
if ($found != ""){
if(isset($this->multi_attrs["$val"][0])){
$this->$val= $this->multi_attrs["$val"][0];
}
}
}
}
/*! \brief Enables multiple support for this plugin
*/
function enable_multiple_support()
{
$this->ignore_account = TRUE;
$this->multiple_support_active = TRUE;
}
/*! \brief Returns all values that have been modfied in multiple edit mode.
\return array Cotaining all modified values.
*/
function get_multi_edit_values()
{
$ret = array();
foreach($this->attributes as $attr){
if(in_array_strict($attr,$this->multi_boxes)){
$ret[$attr] = $this->$attr;
}
}
return($ret);
}
/*! \brief Update class variables with values collected by multiple edit.
*/
function set_multi_edit_values($attrs)
{
foreach($attrs as $name => $value){
$this->$name = $value;
}
}
/*! \brief Generates the html output for this node for multi edit*/
function multiple_execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
session::global_set('current_class_for_help',get_class($this));
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
session::set('LOCK_VARS_TO_USE',array());
session::set('LOCK_VARS_USED_GET',array());
session::set('LOCK_VARS_USED_POST',array());
session::set('LOCK_VARS_USED_REQUEST',array());
return("Multiple edit is currently not implemented for this plugin.");
}
/*! \brief Save HTML posted data to object for multiple edit
*/
function multiple_save_object()
{
if(empty($this->entryCSN) && $this->CSN_check_active){
$this->entryCSN = getEntryCSN($this->dn);
}
/* Save values to object */
$this->multi_boxes = array();
foreach ($this->attributes as $val){
/* Get selected checkboxes from multiple edit */
if(isset($_POST["use_".$val])){
$this->multi_boxes[] = $val;
}
if (isset ($_POST["$val"]) && $this->acl_is_writeable($val)){
$data= $this->$val = get_post($val);
if ($this->$val != $data){
$this->is_modified= TRUE;
}
/* IE post fix */
if(isset($data[0]) && $data[0] == chr(194)) {
$data = "";
}
$this->$val= $data;
}
}
}
/*! \brief Returns all attributes of this plugin,
to be able to detect multiple used attributes
in multi_plugg::detect_multiple_used_attributes().
@return array Attributes required for intialization of multi_plug
*/
public function get_multi_init_values()
{
$attrs = $this->attrs;
return($attrs);
}
/*! \brief Check given values in multiple edit
\return array Error messages
*/
function multiple_check()
{
$message = plugin::check();
return($message);
}
function get_used_snapshot_bases()
{
return(array());
}
function is_modal_dialog()
{
return(isset($this->dialog) && $this->dialog);
}
/*! \brief Forward command execution requests
* to the hook execution method.
*/
function handle_post_events($mode, $addAttrs= array())
{
if(!in_array_strict($mode, array('add','remove','modify'))){
trigger_error(sprintf("Invalid post event type given %s! Valid types are [add,modify,remove].", bold($mode)));
return;
}
switch ($mode){
case "add":
plugin::callHook($this,"POSTCREATE", $addAttrs);
break;
case "modify":
plugin::callHook($this,"POSTMODIFY", $addAttrs);
break;
case "remove":
plugin::callHook($this,"POSTREMOVE", $addAttrs);
break;
}
}
/*! \brief Calls external hooks which are defined for this plugin (gosa.conf)
* Replaces placeholder by class values of this plugin instance.
* @param Allows to a add special replacements.
*/
static function callHook($plugin, $cmd, $addAttrs= array(), &$returnOutput = array(),
&$returnCode = NULL, &$errorOutput = array(), $displayErrors = TRUE)
{
global $config;
$command = $config->configRegistry->getPropertyValue(get_class($plugin),$cmd);
$returnCode = 0; // Simulate a return code to tell the caller that everythin is fine.
$returnOutput = array();
$arr = array();
if (!empty($command)){
// Walk trough attributes list and add the plugins attributes.
foreach ($plugin->attributes as $attr){
if (!is_array($plugin->$attr)){
$addAttrs[$attr] = $plugin->$attr;
}
}
$ui = get_userinfo();
$addAttrs['callerDN']=$ui->dn;
$addAttrs['dn']=$plugin->dn;
$addAttrs['location']=$config->current['NAME'];
// Sort attributes by length, ensures correct replacement
$tmp = array();
foreach($addAttrs as $name => $value){
$tmp[$name] = strlen($name);
}
arsort($tmp);
// Now replace the placeholder
$command = fillReplacements($command, $addAttrs, TRUE);
// If there are still some %.. in our command, try to fill these with some other class vars
if(preg_match("/%/",$command)){
$attrs = get_object_vars($plugin);
foreach($attrs as $name => $value){
if(is_array($value)){
$s = "";
foreach($value as $val){
if(is_string($val) || is_int($val) || is_float($val) || is_bool($val)){
$s .= '"'.$val.'",';
}
}
$value = '['.trim($s,',').']';
}
if(!is_string($value) && !is_int($value) && !is_float($value) && !is_bool($value)){
continue;
}
$command= preg_replace("/%$name/", escapeshellarg($value), $command);
}
}
if (check_command($command)){
// Create list of process pipes
$descriptorspec = array(
0 => array("pipe", "r"), // stdin
1 => array("pipe", "w"), // stdout
2 => array("pipe", "w")); // stderr
// Try to open the process
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,$command,"Execute");
$process = proc_open($command, $descriptorspec, $pipes);
if (is_resource($process)) {
// Write the password to stdin
// fwrite($pipes[0], $pwd);
fclose($pipes[0]);
// Get results from stdout and stderr
$arr = stream_get_contents($pipes[1]);
$err = stream_get_contents($pipes[2]);
fclose($pipes[1]);
// Close the process and check its return value
$returnCode = proc_close($process);
$returnOutput = preg_split("/\n/", $arr,0,PREG_SPLIT_NO_EMPTY);
$errorOutput = preg_split("/\n/",$err,0,PREG_SPLIT_NO_EMPTY);
}
if($returnCode != 0){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execution failed code: ".$returnCode);
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Result: ".$err);
if($displayErrors){
$message= msgPool::cmdexecfailed($cmd,$command, get_class($plugin));
msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
}
}elseif(is_array($arr)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Result: ".$arr);
}
} elseif($displayErrors) {
$message= msgPool::cmdinvalid($cmd,$command, get_class($plugin));
msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
}
}
}
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>
�������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_session.inc�����������������������������������������������������������0000644�0001750�0001750�00000014253�11424277773�017410� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_filterNOACL.inc�������������������������������������������������������0000644�0001750�0001750�00000001004�11600301426�017730� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������get_ldap_link(TRUE);
$flag= GL_NO_ACL_CHECK | GL_SIZELIMIT | (($scope == "sub")?GL_SUBSEARCH:0);
$result= filterLDAP::get_list($base, $filter, $attributes, $category, $objectStorage, $flag);
$result = (filterLDAPBlacklist::filterByBlacklist($result));
return $result;
}
}
?>
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_filter.inc������������������������������������������������������������0000644�0001750�0001750�00000034570�11424300127�017172� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������load($filename)) {
die("Cannot parse $filename!");
}
$this->pid= preg_replace("/[^0-9]/", "", microtime(TRUE));
}
function load($filename)
{
$contents = file_get_contents($filename);
$xmlData= xml::xml2array($contents, 1);
if (!isset($xmlData['filterdef'])) {
return false;
}
$xmlData= $xmlData["filterdef"];
// Load filter
if (isset($xmlData['search'])) {
// Array conversion
if (!isset($xmlData['search'][0])) {
$searches= array($xmlData['search']);
} else {
$searches= $xmlData['search'];
}
/* Store available searches */
foreach ($searches as $search) {
/* Do multi conversation */
if (!isset($search['query'][0])){
$search['query']= array($search['query']);
}
/* Store search */
$this->xmlSearches[$search['tag']]= $search;
}
} else {
return false;
}
// Transfer scope
$this->scopeMode= $xmlData['definition']['scope'];
if ($this->scopeMode == "auto") {
$this->scope= "one";
} else {
$this->scope= $this->scopeMode;
}
// Transfer attributes
$this->attributes= $xmlData['definition']['attribute'];
if (!is_array($this->attributes)) {
$this->attributes= array($this->attributes);
}
// Transfer initial value
if (isset($xmlData['definition']['initial']) && $xmlData['definition']['initial'] == "true"){
$this->initial= true;
}
// Transfer category
if (isset($xmlData['definition']['category'])){
$this->category= $xmlData['definition']['category'];
}
if (!is_array($this->category)) {
$this->category= array($this->category);
}
// Initialize searches and default search mode
$this->defaultSearch= $xmlData['definition']['default'];
$this->reloadFilters();
$this->setSearch($this->defaultSearch);
return true;
}
function reloadFilters()
{
$this->searches= array_merge($this->xmlSearches, userFilter::getFilter($this->category));
$this->setSearch($this->search);
}
function setSearch($method= null)
{
$patch= null;
// Maybe our search method has gone?
if (!isset($this->searches[$method])) {
$method= $this->defaultSearch;
}
// Try to use it, but bail out if there's no help...
if (isset($this->searches[$method])) {
$this->query= $this->searches[$method]['query'];
$this->search= $method;
} else {
die ("Invalid search module!");
}
}
function getTextfield($tag, $value= "", $element= null)
{
$size= 30;
$maxlength= 30;
$result= "";
if ($element && isset($element['autocomplete'])) {
$frequency= "0.5";
$characters= "1";
if (isset($element['autocomplete']['frequency'])) {
$frequency= $element['autocomplete']['frequency'];
}
if (isset($element['autocomplete']['characters'])) {
$characters= $element['autocomplete']['characters'];
}
$result.= "".
"";
$this->autocompleters[$tag]= $element;
}
return $result;
}
function getCurrentBase()
{
if (isset($this->search->base) && (string)$this->search->scope != "auto") {
return false;
}
return $this->base;
}
function getCurrentScope()
{
if (isset($this->search->scope) && (string)$this->search->scope != "auto") {
return (string)$this->search->scope;
}
return $this->scope;
}
function setConverter($hook)
{
$this->converter= $hook;
}
function setObjectStorage($storage)
{
$this->objectStorage= $storage;
}
function setBase($base)
{
$this->base= $base;
}
function setCurrentScope($scope)
{
$this->scope= $scope;
}
function render()
{
$content= "$text
\n"; $display.= "\n"; $display.= "| ".$this->renderFilterMenu()." | ";
$content.= " ".$this->getTextfield('search_filter', set_post($this->value), $this->searches[$this->search])." ".
" |
- ';
foreach ($result as $entry) {
echo '
- '.mark(get_post('search_filter'), $entry).' '; if ($max-- == 0) { break; } } echo '
- ".image("images/filter.png").image("images/lists/sort-down.png")."";
// Build ul/li list
$separator= " style='border-top:1px solid #AAA' ";
$result.= "
- ";
// Build in filters
foreach ($this->xmlSearches as $tag => $config) {
$label = htmlentities(_($config['label']),ENT_COMPAT,'UTF-8');
if ($tag == $this->search) {
$result.= "
- ".image("images/checked.png")." ".$label." "; } else { $result.= "
- ".image("images/empty.png")." ".$label." "; } } // User defined filters $first= true; foreach (userFilter::getFilter($this->category) as $tag => $config) { if ($tag == $this->search) { $result.= "
";
} else {
$result.= "
"; return($str); }else{ // Display ok, (apply) and cancel buttons $str.= "
\n"; $str.= "\n"; $str.= " \n"; if($this->displayApplyBtn){ $str.= "\n"; $str.= " \n"; } $str.= "\n"; $str.= "
"; } return($str); } /*! \brief Initiates the removal for the given entries * and displays a confirmation dialog. * * @param String 'action' The name of the action which was the used as trigger. * @param Array 'target' A list of object dns, which should be affected by this method. * @param Array 'all' A combination of both 'action' and 'target'. */ protected function removeEntryRequested($action="",$target=array(),$all=array()) { // Close dialogs and remove locks for currently handled dns $this->cancelEdit(); $disallowed = array(); $this->dns = array(); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$target,"Entry removel requested!"); // Check permissons for each target $h = $this->getHeadpage(); $oTypes = array_reverse($h->objectTypes); foreach($target as $dn){ $entry = $h->getEntry($dn); $obj = $h->getObjectType($oTypes, $entry['objectClass']); $acl = $this->ui->get_permissions($dn, $obj['category']."/".$obj['class']); if(preg_match("/d/",$acl)){ $this->dns[] = $dn; }else{ $disallowed[] = $dn; } } if(count($disallowed)){ msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG); } // We've at least one entry to delete. if(count($this->dns)){ // check locks if ($user= get_multiple_locks($this->dns)){ return(gen_locked_message($user,$this->dns)); } // Add locks $dns_names = array(); $types = array(); // Build list of object -labels foreach($h->objectTypes as $type){ $map[$type['objectClass']]= $type['label']; } foreach($this->dns as $dn){ $tmp = $h->getType($dn); if(isset($map[$tmp])){ $dns_names[LDAP::fix($dn)] = _($map[$tmp]); }else{ $dns_names[] =LDAP::fix($dn); } } add_lock ($this->dns, $this->ui->dn); // Display confirmation dialog. $smarty = get_smarty(); $smarty->assign("info", msgPool::deleteInfo($dns_names)); $smarty->assign("multiple", true); return($smarty->fetch(get_template_path('removeEntries.tpl'))); } } /*! \brief Object removal was confirmed, now remove the requested entries. * * @param String 'action' The name of the action which was the used as trigger. * @param Array 'target' A list of object dns, which should be affected by this method. * @param Array 'all' A combination of both 'action' and 'target'. */ function removeEntryConfirmed($action="",$target=array(),$all=array(), $altTabClass="",$altTabType="", $altAclCategory="",$altAclPlugin="") { $tabType = $this->tabType; $tabClass = $this->tabClass; $aclCategory = $this->aclCategory; $aclPlugin = $this->aclPlugin; if(!empty($altTabClass)) $tabClass = $altTabClass; if(!empty($altTabType)) $tabType = $altTabType; if(!empty($altAclCategory)) $aclCategory = $altAclCategory; if(!empty($altAclPlugin)) $aclPlugin = $altAclPlugin; @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$target,"Entry removel confirmed!"); // Check permissons for each target $h = $this->getHeadpage(); $oTypes = array_reverse($h->objectTypes); foreach($this->dns as $key => $dn){ $entry = $h->getEntry($dn); $obj = $h->getObjectType($oTypes, $entry['objectClass']); $acl = $this->ui->get_permissions($dn, $obj['category']."/".$obj['class']); // Check permissions, are we allowed to remove this object? if(preg_match("/d/",$acl)){ // Delete the object $this->dn = $dn; $this->tabObject= new $tabClass($this->config,$this->config->data['TABS'][$tabType], $this->dn, $aclCategory, true, true); $this->tabObject->set_acl_base($this->dn); $this->tabObject->parent = &$this; $this->tabObject->delete (); // Remove the lock for the current object. del_lock($this->dn); } else { msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG); new log("security","groups/".get_class($this),$dn,array(),"Tried to trick deletion."); } } // Cleanup $this->remove_lock(); $this->closeDialogs(); } /*! \brief Detects actions/events send by the ui * and the corresponding targets. */ function detectPostActions() { if(!is_object($this->headpage)){ trigger_error("No valid headpage given....!"); return(array()); } $action= $this->headpage->getAction(); if(isset($_POST['edit_apply'])) $action['action'] = "apply"; if(isset($_POST['edit_finish'])) $action['action'] = "save"; if(isset($_POST['edit_cancel'])) $action['action'] = "cancel"; if(isset($_POST['delete_confirmed'])) $action['action'] = "removeConfirmed"; if(isset($_POST['delete_snapshot_confirm'])) $action['action'] = "removeSnapshotConfirmed"; if(isset($_POST['delete_cancel'])) $action['action'] = "cancelDelete"; if(isset($_POST['saveFilter'])) $action['action'] = "saveFilter"; if(isset($_POST['cancelFilter'])) $action['action'] = "cancelFilter"; // Detect Snapshot actions if(isset($_POST['CreateSnapshot'])) $action['action'] = "saveSnapshot"; if(isset($_POST['CancelSnapshot'])) $action['action'] = "cancelSnapshot"; foreach($_POST as $name => $value){ $once =TRUE; if(preg_match("/^RestoreSnapShot_/",$name) && $once){ $once = FALSE; $entry = base64_decode(preg_replace("/^RestoreSnapShot_(.*)$/i","\\1",$name)); $action['action'] = "restoreSnapshot"; $action['targets'] = array($entry); } } return($action); } /*! \brief Calls the registered method for a given action/event. */ function handleActions($action) { // Start action if(isset($this->actions[$action['action']])){ $func = $this->actions[$action['action']]; if(!isset($action['targets']))$action['targets']= array(); // Create statistic table entry stats::log('management', $class = get_class($this), $this->getAclCategories(), $action['action'], $amount = count($action['targets']), $duration = (microtime(TRUE) - $this->initTime)); return($this->$func($action['action'],$action['targets'],$action)); } } /*! \brief Opens the snapshot creation dialog for the given target. * * @param String 'action' The name of the action which was the used as trigger. * @param Array 'target' A list of object dns, which should be affected by this method. * @param Array 'all' A combination of both 'action' and 'target'. */ function createSnapshotDialog($action="",$target=array(),$all=array()) { @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$target,"Snaptshot creation initiated!"); foreach($target as $entry){ if(!empty($entry) && $this->ui->allow_snapshot_create($entry,$this->aclCategory)){ $this->dialogObject = new SnapShotDialog($this->config,$entry,$this); $this->dialogObject->aclCategories = array($this->aclCategory); $this->dialogObject->parent = &$this; }else{ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to create a snapshot for %s!"), bold($entry)), ERROR_DIALOG); } } } /*! \brief Creates a snapshot new entry - This method is called when the somebody * clicks 'save' in the "Create snapshot dialog" (see ::createSnapshotDialog). * * @param String 'action' The name of the action which was the used as trigger. * @param Array 'target' A list of object dns, which should be affected by this method. * @param Array 'all' A combination of both 'action' and 'target'. */ function saveSnapshot($action="",$target=array(),$all=array()) { if(!is_object($this->dialogObject)) return; $this->dialogObject->save_object(); $msgs = $this->dialogObject->check(); if(count($msgs)){ foreach($msgs as $msg){ msg_dialog::display(_("Error"), $msg, ERROR_DIALOG); } }else{ $this->dn = $this->dialogObject->dn; $this->snapHandler->create_snapshot( $this->dn,$this->dialogObject->CurrentDescription); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$this->dn,"Snaptshot created!"); $this->closeDialogs(); } } /*! \brief Restores a snapshot object. * The dn of the snapshot entry has to be given as ['target'] parameter. * * @param String 'action' The name of the action which was the used as trigger. * @param Array 'target' A list of object dns, which should be affected by this method. * @param Array 'all' A combination of both 'action' and 'target'. */ function restoreSnapshot($action="",$target=array(),$all=array()) { $entry = array_pop($target); if(!empty($entry) && $this->ui->allow_snapshot_restore($entry,$this->aclCategory)){ $this->snapHandler->restore_snapshot($entry); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$this->dn,"Snaptshot restored!"); $this->closeDialogs(); }else{ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s!"), bold($entry)), ERROR_DIALOG); } } /*! \brief Removes a snapshot object. */ function removeSnapshotConfirmed($action="",$target=array(),$all=array()) { $entry = $this->dialogObject->del_dn; if(!empty($entry) && $this->ui->allow_snapshot_create($entry,$this->aclCategory)){ $this->snapHandler->remove_snapshot($entry); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$entry,"Snaptshot removed!"); }else{ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to remove a snapshot for %s!"), bold($entry)), ERROR_DIALOG); } } /*! \brief Displays the "Restore snapshot dialog" for a given target. * If no target is specified, open the restore removed object * dialog. * @param String 'action' The name of the action which was the used as trigger. * @param Array 'target' A list of object dns, which should be affected by this method. * @param Array 'all' A combination of both 'action' and 'target'. */ function restoreSnapshotDialog($action="",$target=array(),$all=array()) { // Set current restore base for snapshot handling. if(is_object($this->snapHandler)){ $bases = array(); foreach($this->storagePoints as $sp){ $bases[] = $sp.$this->headpage->getBase(); } } // No bases specified? Try base if(!count($bases)) $bases[] = $this->headpage->getBase(); // No target, open the restore removed object dialog. if(!count($target)){ $entry = $this->headpage->getBase(); if(!empty($entry) && $this->ui->allow_snapshot_restore($entry,$this->aclCategory)){ @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$entry,"Snaptshot restoring initiated!"); $this->dialogObject = new SnapShotDialog($this->config,$entry,$this); $this->dialogObject->set_snapshot_bases($bases); $this->dialogObject->display_all_removed_objects = true; $this->dialogObject->display_restore_dialog = true; $this->dialogObject->parent = &$this; }else{ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s!"), bold($entry)), ERROR_DIALOG); } }else{ // Display the restore points for a given object. $entry = array_pop($target); if(!empty($entry) && $this->ui->allow_snapshot_restore($entry,$this->aclCategory)){ @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$entry,"Snaptshot restoring initiated!"); $this->dialogObject = new SnapShotDialog($this->config,$entry,$this); $this->dialogObject->set_snapshot_bases($bases); $this->dialogObject->display_restore_dialog = true; $this->dialogObject->parent = &$this; }else{ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s!"), bold($entry)), ERROR_DIALOG); } } } /*! \brief This method intiates the object creation. * * @param String 'action' The name of the action which was the used as trigger. * @param Array 'target' A list of object dns, which should be affected by this method. * @param Array 'all' A combination of both 'action' and 'target'. */ function newEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="") { /* To handle mutliple object types overload this method. * ... * registerAction('newUser', 'newEntry'); * registerAction('newGroup','newEntry'); * ... * * function newEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory) * { * switch($action){ * case 'newUser' : { * mangement::newEntry($action,$target,$all,"usertabs","USERTABS","users"); * } * case 'newGroup' : { * mangement::newEntry($action,$target,$all,"grouptabs","GROUPTABS","groups"); * } * } * } **/ $tabType = $this->tabType; $tabClass = $this->tabClass; $aclCategory = $this->aclCategory; if(!empty($altTabClass)) $tabClass = $altTabClass; if(!empty($altTabType)) $tabType = $altTabType; if(!empty($altAclCategory)) $aclCategory = $altAclCategory; // Check locking & lock entry if required $this->displayApplyBtn = FALSE; $this->dn = "new"; $this->is_new = TRUE; $this->is_single_edit = FALSE; $this->is_multiple_edit = FALSE; set_object_info($this->dn); // Open object. if(empty($tabClass) || empty($tabType)){ // No tab type defined }else{ if (isset($this->config->data['TABS'][$tabType])) { // Check if the base plugin is available - it is mostly responsible for object creation and removal. $first = $this->config->data['TABS'][$tabType][0]; if(!class_available($first['CLASS'])){ msg_dialog::display(_("Internal error"), sprintf(_("Cannot instantiate tabbed-plug-in, the base plugin (%s) is not available!"), $first['CLASS']), ERROR_DIALOG); }else{ $this->tabObject= new $tabClass($this->config,$this->config->data['TABS'][$tabType], $this->dn, $aclCategory); $this->tabObject->set_acl_base($this->headpage->getBase()); $this->tabObject->parent = &$this; @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$this->dn,"Create new entry initiated!"); } } else { msg_dialog::display(_("Error"), sprintf(_("No tab definition for %s found in configuration file: cannot create plugin instance!"), bold($tabType)), ERROR_DIALOG); } } } /*! \brief This method opens an existing object or a list of existing objects to be edited. * * * @param String 'action' The name of the action which was the used as trigger. * @param Array 'target' A list of object dns, which should be affected by this method. * @param Array 'all' A combination of both 'action' and 'target'. */ function editEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="") { /* To handle mutliple object types overload this method. * ... * registerAction('editUser', 'editEntry'); * registerAction('editGroup','editEntry'); * ... * * function editEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory) * { * switch($action){ * case 'editUser' : { * mangement::editEntry($action,$target,$all,"usertabs","USERTABS","users"); * } * case 'editGroup' : { * mangement::editEntry($action,$target,$all,"grouptabs","GROUPTABS","groups"); * } * } * } **/ // Do not create a new tabObject while there is already one opened, // the user may have just pressed F5 to reload the page. if(is_object($this->tabObject)){ return; } $tabType = $this->tabType; $tabClass = $this->tabClass; $aclCategory = $this->aclCategory; if(!empty($altTabClass)) $tabClass = $altTabClass; if(!empty($altTabType)) $tabType = $altTabType; if(!empty($altAclCategory)) $aclCategory = $altAclCategory; $this->displayApplyBtn = count($target) == 1; // Single edit - we only got one object dn. if(count($target) == 1){ $this->is_new = FALSE; $this->is_single_edit = TRUE; $this->is_multiple_edit = FALSE; // Get the dn of the object and creates lock $this->dn = array_pop($target); set_object_info($this->dn); $user = get_lock($this->dn); if ($user != ""){ return(gen_locked_message ($user, array($this->dn),TRUE)); } add_lock ($this->dn, $this->ui->dn); // Open object. if(empty($tabClass) || empty($tabType)){ trigger_error("We can't edit any object(s). 'tabClass' or 'tabType' is empty!"); }else{ $tab = $tabClass; // Check if the base plugin is available - it is mostly responsible for object creation and removal. $first = $this->config->data['TABS'][$tabType][0]; if(!class_available($first['CLASS'])){ msg_dialog::display(_("Internal error"), sprintf(_("Cannot instantiate tabbed-plug-in, the base plugin (%s) is not available!"), $first['CLASS']), ERROR_DIALOG); }else{ $this->tabObject= new $tab($this->config,$this->config->data['TABS'][$tabType], $this->dn,$aclCategory); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$this->dn,"Edit entry initiated!"); $this->tabObject->set_acl_base($this->dn); $this->tabObject->parent = &$this; } } }else{ // We've multiple entries to edit. $this->is_new = FALSE; $this->is_singel_edit = FALSE; $this->is_multiple_edit = TRUE; // Open multiple edit handler. if(empty($tabClass) || empty($tabType)){ trigger_error("We can't edit any object(s). 'tabClass' or 'tabType' is empty!"); }else{ $this->dns = $target; $tmp = new multi_plug($this->config,$tabClass,$this->config->data['TABS'][$tabType], $this->dns,$this->headpage->getBase(),$aclCategory); // Check for locked entries if ($tmp->entries_locked()){ return($tmp->display_lock_message()); } @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$this->dns,"Edit entry initiated!"); // Now lock entries. if($tmp->multiple_available()){ $tmp->lock_entries($this->ui->dn); $this->tabObject = $tmp; set_object_info($this->tabObject->get_object_info()); } } } } /*! \brief Close filter dialog */ protected function cancelFilter() { if($this->dialogObject instanceOf userFilter){ $this->remove_lock(); $this->closeDialogs(); } } /*! \brief Save filter modifcations. */ protected function saveFilter() { if($this->dialogObject instanceOf userFilter){ $msgs = $this->dialogObject->check(); if(count($msgs)){ msg_dialog::displayChecks($msgs); return(""); }else{ $this->dialogObject->save(); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$this->dns,"Entry saved!"); $this->remove_lock(); $this->closeDialogs(); // Ask filter to reload information $this->filter->reloadFilters(); } } } /*! \brief Save object modifications and closes dialogs (returns to object listing). * - Calls '::check' to validate the given input. * - Calls '::save' to save back object modifications (e.g. to ldap). * - Calls '::remove_locks' to remove eventually created locks. * - Calls '::closeDialogs' to return to the object listing. */ protected function saveChanges() { if($this->tabObject instanceOf tabs || $this->tabObject instanceOf multi_plug){ $this->tabObject->save_object(); $msgs = $this->tabObject->check(); if(count($msgs)){ msg_dialog::displayChecks($msgs); return(""); }else{ $this->tabObject->save(); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$this->dns,"Entry saved!"); $this->remove_lock(); $this->closeDialogs(); } }elseif($this->dialogObject instanceOf plugin){ $this->dialogObject->save_object(); $msgs = $this->dialogObject->check(); if(count($msgs)){ msg_dialog::displayChecks($msgs); return(""); }else{ $this->dialogObject->save(); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$this->dns,"Entry saved!"); $this->remove_lock(); $this->closeDialogs(); } } } /*! \brief Save object modifications and keep dialogs opened. * - Calls '::check' to validate the given input. * - Calls '::save' to save back object modifications (e.g. to ldap). */ protected function applyChanges() { if($this->tabObject instanceOf tabs || $this->tabObject instanceOf multi_plug){ $this->tabObject->save_object(); $msgs = $this->tabObject->check(); if(count($msgs)){ msg_dialog::displayChecks($msgs); return(""); }else{ $this->tabObject->save(); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$this->dns,"Modifications applied!"); $this->tabObject->re_init(); } } } /*! \brief This method closes dialogs * and cleans up the cached object info and the ui. */ protected function closeDialogs() { $this->last_dn = $this->dn; $this->last_dns = $this->dns; $this->last_tabObject = $this->tabObject; $this->last_dialogObject = $this->dialogObject; $this->dn = ""; $this->dns = array(); $this->tabObject = null; $this->dialogObject = null; $this->skipFooter = FALSE; set_object_info(); } /*! \brief Editing an object was caneled. * Close dialogs/tabs and remove locks. */ protected function cancelEdit() { $this->remove_lock(); $this->closeDialogs(); } /*! \brief Every click in the list user interface sends an event * here can we connect those events to a method. * eg. ::registerEvent('new','createUser') * When the action/event new is send, the method 'createUser' * will be called. */ function registerAction($action,$target) { $this->actions[$action] = $target; } /*! \brief Removes ldap object locks created by this class. * Whenever an object is edited, we create locks to avoid * concurrent modifications. * This locks will automatically removed here. */ function remove_lock() { if(!empty($this->dn) && $this->dn != "new"){ del_lock($this->dn); } if(count($this->dns)){ del_lock($this->dns); } } /*! \brief This method is used to queue and process copy&paste actions. * Allows to copy, cut and paste mutliple entries at once. * @param String 'action' The name of the action which was the used as trigger. * @param Array 'target' A list of object dns, which should be affected by this method. * @param Array 'all' A combination of both 'action' and 'target'. */ function copyPasteHandler($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="",$altAclPlugin="") { // Return without any actions while copy&paste handler is disabled. if(!is_object($this->cpHandler)) return(""); $tabType = $this->tabType; $tabClass = $this->tabClass; $aclCategory = $this->aclCategory; $aclPlugin = $this->aclPlugin; if(!empty($altTabClass)) $tabClass = $altTabClass; if(!empty($altTabType)) $tabType = $altTabType; if(!empty($altAclCategory)) $aclCategory = $altAclCategory; if(!empty($altAclPlugin)) $aclPlugin = $altAclPlugin; // Save user input $this->cpHandler->save_object(); // Add entries to queue if($action == "copy" || $action == "cut"){ $this->cpHandler->cleanup_queue(); foreach($target as $dn){ if($action == "copy" && $this->ui->is_copyable($dn,$aclCategory,$aclPlugin)){ $this->cpHandler->add_to_queue($dn,"copy",$tabClass,$tabType,$aclCategory,$this); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$dn,"Entry copied!"); } if($action == "cut" && $this->ui->is_cutable($dn,$aclCategory,$aclPlugin)){ $this->cpHandler->add_to_queue($dn,"cut",$tabClass,$tabType,$aclCategory,$this); @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,$dn,"Entry cutted!"); } } } // Initiate pasting if($action == "paste"){ $this->cpPastingStarted = TRUE; } // Display any c&p dialogs, eg. object modifications required before pasting. if($this->cpPastingStarted && $this->cpHandler->entries_queued()){ $this->cpHandler->SetVar("base",$this->headpage->getBase()); $data = $this->cpHandler->execute(); if(!empty($data)){ return($data); } } // Automatically disable pasting process since there is no entry left to paste. if(!$this->cpHandler->entries_queued()){ $this->cpPastingStarted = FALSE; } return(""); } function setFilter($str) { $this->filter = $str; } function postcreate() { $this->handle_post_events('add'); } function postmodify(){ $this->handle_post_events('modify'); } function postremove(){ $this->handle_post_events('remove'); } function is_modal_dialog() { return(is_object($this->tabObject) || is_object($this->dialogObject)); } /*! \brief Forward command execution request * to the correct method. */ function handle_post_events($mode, $addAttrs= array()) { if(!in_array_strict($mode, array('add','remove','modify'))){ trigger_error(sprintf("Invalid post event type given %s! Valid types are [add,modify,remove].", bold($mode))); return; } switch ($mode){ case "add": plugin::callHook($this,"POSTCREATE", $addAttrs); break; case "modify": plugin::callHook($this,"POSTMODIFY", $addAttrs); break; case "remove": plugin::callHook($this,"POSTREMOVE", $addAttrs); break; } } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> ��������������gosa-core-2.7.4/include/class_SnapShotDialog.inc����������������������������������������������������0000644�0001750�0001750�00000015535�11424277775�020612� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������parent = &$parent; $this->ui = get_userinfo(); // Prepare lists $this->snapList = new sortableListing(); $this->snapList->setDeleteable(false); $this->snapList->setEditable(false); $this->snapList->setWidth("100%"); $this->snapList->setHeight("200px"); $this->snapList->setHeader(array(_("Date"), _("Name") )); $this->snapList->setColspecs(array('140px','*','60px')); $this->snapList->setDefaultSortColumn(0); } /* Show deleted snapshots from these bases */ function set_snapshot_bases($bases) { $this->snap_shot_bases = $bases; } /* Display snapshot dialog */ function execute() { plugin::execute(); $smarty = get_smarty(); $ui = get_userinfo(); $once = true; foreach($_POST as $name => $value){ $value = get_post($name); if((preg_match("/^RemoveSnapShot_/",$name)) && ($once)){ $once = false; $entry = preg_replace("/^RemoveSnapShot_/","",$name); $entry = base64_decode($entry); $found = false; foreach($this->last_list as $t_stamp => $obj){ if($obj['dn'] == $entry){ $found = true; break; } } if($found){ $this->del_dn = $entry; $smarty= get_smarty(); $smarty->assign("info", sprintf(_("You are about to delete the snapshot %s."), bold(LDAP::fix($this->del_dn)))); return($smarty->fetch (get_template_path('removeSnapshots.tpl'))); } } } /* We must restore a snapshot */ if($this->display_restore_dialog){ /* Should we only display all snapshots of already deleted objects or the snapshots for the given object dn */ $res = array(); $tmp = array(); $handler = new SnapshotHandler($this->config); if($this->display_all_removed_objects){ if(count($this->snap_shot_bases)){ foreach($this->snap_shot_bases as $dn){ $tmp = array_merge($tmp,$handler->getAllDeletedSnapshots($dn,true)); } }else{ $tmp = $handler->getAllDeletedSnapshots($this->snap_shot_bases,true); } }else{ $tmp = $handler->Available_SnapsShots($this->dn,true); } $this->snapList->setAcl('rwcdm'); $list_of_elements = array(); /* Walk through all entries and setup the display text */ foreach($tmp as $key => $entry){ /* Check permissions */ $TimeStamp = $entry['gosaSnapshotTimestamp'][0]; $list_of_elements[$TimeStamp] = $entry; } /* Sort generated list */ krsort($list_of_elements); /* Add Elements to list */ $this->last_list = $list_of_elements; $data = $lData = array(); foreach($list_of_elements as $entry){ $actions= image('images/lists/restore.png','RestoreSnapShot_%KEY',_("Restore snapshot")); $actions.= image('images/lists/trash.png','RemoveSnapShot_%KEY',_("Delete snapshot")); $time_stamp = date(_("Y-m-d, H:i:s"),preg_replace("/\-.*$/","",$entry['gosaSnapshotTimestamp'][0])); $display_data = $entry['description'][0]; $data[$entry['dn']] = $entry; $lData[$entry['dn']] = array('data'=> array( $time_stamp, htmlentities(utf8_decode(LDAP::fix($display_data))), str_replace("%KEY",base64_encode($entry['dn']), $actions))); } $this->snapList->setListData($data, $lData); $this->snapList->update(); $smarty->assign("SnapShotList",$this->snapList->render()); $smarty->assign("CountSnapShots",count($list_of_elements)); } $smarty->assign("restore_deleted",$this->display_all_removed_objects); $smarty->assign("RestoreMode",$this->display_restore_dialog); $smarty->assign("CurrentDate",date(_("Y-m-d, H:i:s"))); $smarty->assign("CurrentDN",LDAP::fix($this->dn)); $smarty->assign("CurrentDescription",set_post($this->CurrentDescription)); return($smarty->fetch(get_template_path("snapshotdialog.tpl"))); } function check() { $message = plugin::check(); if(!$this->display_restore_dialog){ if(empty($this->CurrentDescription)){ $message[]= msgPool::invalid(_("Description")); } } return($message); } function save_object() { // plugin::save_object(); foreach($this->attributes as $name){ if(isset($_POST[$name])){ $this->$name = get_post($name); } } } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> �������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/password-methods/�����������������������������������������������������������0000755�0001750�0001750�00000000000�11752422552�017332� 5����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/password-methods/class_password-methods-crypt.inc���������������������������0000644�0001750�0001750�00000005756�11330043647�025665� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������generate_hash('N0T$3T4N0W').'N0T$3T4N0W'); } function generate_hash($pwd) { if ($this->hash == "crypt/standard-des"){ $salt = ""; for ($i = 0; $i < 2; $i++) { $salt .= get_random_char(); } } if ($this->hash == "crypt/enhanced-des"){ $salt = "_"; for ($i = 0; $i < 8; $i++) { $salt .= get_random_char(); } } if ($this->hash == "crypt/md5"){ $salt = "\$1\$"; for ($i = 0; $i < 8; $i++) { $salt .= get_random_char(); } $salt .= "\$"; } if ($this->hash == "crypt/blowfish"){ $salt = "\$2a\$07\$"; for ($i = 0; $i < CRYPT_SALT_LENGTH; $i++) { $salt .= get_random_char(); } $salt .= "\$"; } return "{CRYPT}".crypt($pwd, $salt); } function get_hash_name() { $hashes= array(); if (CRYPT_STD_DES == 1) { $hashes[]= "crypt/standard-des"; } if (CRYPT_EXT_DES == 1) { $hashes[]= "crypt/enhanced-des"; } if (CRYPT_MD5 == 1) { $hashes[]= "crypt/md5"; } if (CRYPT_BLOWFISH == 1) { $hashes[]= "crypt/blowfish"; } return $hashes; } function _extract_method($password_hash) { if (!preg_match('/^{crypt}/i', $password_hash)){ return ""; } $password_hash= preg_replace('/^{[^}]+}!?/', '', $password_hash); if (preg_match("/^[a-zA-Z0-9.\/][a-zA-Z0-9.\/]/", $password_hash)){ return "crypt/standard-des"; } if (preg_match("/^_[a-zA-Z0-9.\/]/", $password_hash)){ return "crypt/enhanced-des"; } if (preg_match('/^\$1\$/', $password_hash)){ return "crypt/md5"; } if (preg_match('/^(\$2\$|\$2a\$)/', $password_hash)){ return "crypt/blowfish"; } return ""; } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> ������������������gosa-core-2.7.4/include/password-methods/class_password-methods-smd5.inc����������������������������0000644�0001750�0001750�00000003023�11330043647�025355� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/password-methods/class_password-methods-sha.inc�����������������������������0000644�0001750�0001750�00000003304�11330043647�025262� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/password-methods/class_password-methods-ssha.inc����������������������������0000644�0001750�0001750�00000003653�11330043647�025454� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ �������������������������������������������������������������������������������������gosa-core-2.7.4/include/password-methods/class_password-methods-clear.inc���������������������������0000644�0001750�0001750�00000002376�11330043647�025605� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/password-methods/class_password-methods.inc���������������������������������0000644�0001750�0001750�00000033331�11476176512�024525� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������get_hash_name() == ""){ return("{crypt}N0T$3T4N0W"); }else{ return('{'.$this->get_hash().'}').'N0T$3T4N0W'; } } function get_hash_name() { } function is_locked($config,$dn = "") { if(!$this->lockable) return FALSE; /* Get current password hash */ $pwd =""; if(!empty($dn)){ $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); $ldap->cat($dn); $attrs = $ldap->fetch(); if(isset($attrs['userPassword'][0])){ $pwd = $attrs['userPassword'][0]; } }elseif(isset($this->attrs['userPassword'][0])){ $pwd = $this->attrs['userPassword'][0]; } return(preg_match("/^[^\}]*+\}!/",$pwd)); } /*! \brief Locks an account (gosaAccount) by added a '!' as prefix to the password hashes. * This makes logins impossible, due to the fact that the hash becomes invalid. * userPassword: {SHA}!q02NKl9IChNwZEAJxzRdmB6E * sambaLMPassword: !EBD223B61F8C259AD3B435B51404EE * sambaNTPassword: !98BB35737013AAF181D0FE9FDA09E */ function lock_account($config,$dn = "") { if(!$this->lockable) return FALSE; /* Get current password hash */ $userPassword = $sambaLMPassword = $sambaNTPassword = ""; $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); if(!empty($dn)){ $ldap->cat($dn,array('sambaLMPassword','sambaNTPassword','userPassword')); $attrs = $ldap->fetch(); $userPassword = (isset($attrs['userPassword'][0])) ? $attrs['userPassword'][0]: ""; $sambaLMPassword = (isset($attrs['sambaLMPassword'][0])) ? $attrs['sambaLMPassword'][0]: ""; $sambaNTPassword = (isset($attrs['sambaNTPassword'][0])) ? $attrs['sambaNTPassword'][0]: ""; }elseif(isset($this->attrs['userPassword'][0])){ $dn = $this->attrs['dn']; $userPassword = (isset($this->attrs['userPassword'][0])) ? $this->attrs['userPassword'][0]: ""; $sambaLMPassword = (isset($this->attrs['sambaLMPassword'][0])) ? $this->attrs['sambaLMPassword'][0]: ""; $sambaNTPassword = (isset($this->attrs['sambaNTPassword'][0])) ? $this->attrs['sambaNTPassword'][0]: ""; } /* We can only lock/unlock non-empty passwords */ if(!empty($userPassword)){ /* Check if this entry is already locked. */ if(preg_match("/^[^\}]*+\}!/",$userPassword)){ return(TRUE); } /* Lock entry */ $userPassword = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$userPassword); // Only lock samba hashes if samba passwords are enabled $smbPasswdEnabled = trim($config->get_cfg_value('core','sambaHashHook')) != ""; if($smbPasswdEnabled){ $sambaLMPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaLMPassword); $sambaNTPassword = preg_replace("/^[!]*(.*$)/","!\\1",$sambaNTPassword); } // Call external lock hook $res = $ldap->cat($dn); $hookAttrs = array(); foreach($ldap->fetch() as $name => $value){ if(is_numeric($name)) continue; if(isset($value[0])) $hookAttrs[$name] = $value[0]; if(isset($value) && is_string($value)) $hookAttrs[$name] = $value; } $pwdClass = new password($config, $dn); $pwdClass->callHook($pwdClass, 'PRELOCK',$hookAttrs, $ret); // Update the ldap entry $ldap->cd($dn); $attrs = array(); $attrs['userPassword'] = $userPassword; // Updated samba hashes if samba hashing is enabled if($smbPasswdEnabled){ $attrs['sambaLMPassword'] = $sambaLMPassword; $attrs['sambaNTPassword'] = $sambaNTPassword; } $ldap->modify($attrs); if($ldap->success()){ // Call the password post-lock hook, if defined. $pwdClass->callHook($pwdClass, 'POSTLOCK',$hookAttrs, $ret); } return($ldap->success()); } return(FALSE); } /*! \brief Unlocks an account (gosaAccount) which was locked by 'lock_account()'. * For details about the locking mechanism see 'lock_account()'. */ function unlock_account($config,$dn = "") { if(!$this->lockable) return FALSE; /* Get current password hash */ $userPassword = $sambaLMPassword = $sambaNTPassword = ""; $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); if(!empty($dn)){ $ldap->cat($dn,array('sambaLMPassword','sambaNTPassword','userPassword')); $attrs = $ldap->fetch(); $userPassword = (isset($attrs['userPassword'][0])) ? $attrs['userPassword'][0]: ""; $sambaLMPassword = (isset($attrs['sambaLMPassword'][0])) ? $attrs['sambaLMPassword'][0]: ""; $sambaNTPassword = (isset($attrs['sambaNTPassword'][0])) ? $attrs['sambaNTPassword'][0]: ""; }elseif(isset($this->attrs['userPassword'][0])){ $dn = $this->attrs['dn']; $userPassword = (isset($this->attrs['userPassword'][0])) ? $this->attrs['userPassword'][0]: ""; $sambaLMPassword = (isset($this->attrs['sambaLMPassword'][0])) ? $this->attrs['sambaLMPassword'][0]: ""; $sambaNTPassword = (isset($this->attrs['sambaNTPassword'][0])) ? $this->attrs['sambaNTPassword'][0]: ""; } /* We can only lock/unlock non-empty passwords */ if(!empty($userPassword)){ /* Check if this entry is already locked. */ if(!preg_match("/^[^\}]*+\}!/",$userPassword)){ return (TRUE); } /* Lock entry */ $userPassword = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$userPassword); // Update samba hashes only if its enabled. $smbPasswdEnabled = trim($config->get_cfg_value('core','sambaHashHook')) != ""; if($smbPasswdEnabled){ $sambaLMPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaLMPassword); $sambaNTPassword = preg_replace("/^[!]*(.*$)/","\\1",$sambaNTPassword); } // Call external lock hook $res = $ldap->cat($dn); $hookAttrs = array(); foreach($ldap->fetch() as $name => $value){ if(is_numeric($name)) continue; if(isset($value[0])) $hookAttrs[$name] = $value[0]; if(isset($value) && is_string($value)) $hookAttrs[$name] = $value; } $pwdClass = new password($config, $dn); $pwdClass->callHook($pwdClass, 'PREUNLOCK',$hookAttrs, $ret); // Lock the account by modifying the password hash. $ldap->cd($dn); // Update the ldap entry $attrs = array(); $attrs['userPassword'] = $userPassword; // Updated samba hashes if samba hashing is enabled if($smbPasswdEnabled){ $attrs['sambaLMPassword'] = $sambaLMPassword; $attrs['sambaNTPassword'] = $sambaNTPassword; } $ldap->modify($attrs); if($ldap->success()){ // Call the password post-lock hook, if defined. $pwdClass = new password($config, $dn); $pwdClass->callHook($pwdClass, 'POSTUNLOCK',$hookAttrs, $ret); } return($ldap->success()); } return(FALSE); } // this function returns all loaded classes for password encryption static function get_available_methods() { global $class_mapping, $config; $ret =false; $i =0; /* Only */ if(!session::is_set("passwordMethod::get_available_methods")){ foreach($class_mapping as $class => $path) { if(preg_match('/passwordMethod/i', $class) && !preg_match("/^passwordMethod$/i", $class)){ $name = preg_replace ("/passwordMethod/i", "", $class); $test = new $class($config, ""); if($test->is_available()) { $plugs= $test->get_hash_name(); if (!is_array($plugs)){ $plugs= array($plugs); } foreach ($plugs as $plugname){ $cfg = $test->is_configurable(); $ret['name'][$i]= $plugname; $ret['class'][$i]=$class; $ret['is_configurable'][$i]= $cfg; $ret['object'][$i]= $test; $ret['desc'][$i] = $test->get_description(); $ret[$i]['name'] = $plugname; $ret[$i]['class'] = $class; $ret[$i]['object']= $test; $ret[$i]['is_configurable']= $cfg; $ret[$i]['desc'] = $test->get_description(); $ret[$plugname]=$class; $i++; } } } } session::set("passwordMethod::get_available_methods",$ret); } return(session::get("passwordMethod::get_available_methods")); } function get_description() { return(""); } // Method to let password backends remove additional information besides // the userPassword attribute function remove_from_parent() { } // Method to let passwords backends manage additional information // besides the userAttribute entry function set_password($password) { return(TRUE); } // Return true if this password method provides a configuration dialog function is_configurable() { return FALSE; } // Provide a subdialog to configure a password method function configure() { return ""; } // Save information to LDAP function save($dn) { } // Try to find out if it's our hash... static function get_method($password_hash,$dn = "") { global $config; $methods= passwordMethod::get_available_methods(); foreach ($methods['class'] as $class){ $test = new $class($config,$dn); # All listed methods are available. # if(!$test->is_available())continue; $method= $test->_extract_method($password_hash); if ($method != ""){ $test->set_hash($method); return $test; } } msg_dialog::display(_("Error"), _("Cannot find a suitable password method for the current hash!"), ERROR_DIALOG); return NULL; } function _extract_method($password_hash) { $hash= $this->get_hash_name(); if (preg_match("/^\{$hash\}/i", $password_hash)){ return $hash; } return ""; } static function make_hash($password, $hash) { global $config; $methods= passwordMethod::get_available_methods(); $tmp= new $methods[$hash]($config); $tmp->set_hash($hash); return $tmp->generate_hash($password); } function set_hash($hash) { $this->hash= $hash; } function get_hash() { return $this->hash; } function adapt_from_template($dn) { return($this); } static function is_harmless($password) { global $config; if ($config->boolValueIsTrue("core","strictPasswordRules")) { // Do we have UTF8 characters in the password? return ($password == utf8_decode($password)); } return(true); } static function getPasswordProposal($config) { if($config->configRegistry->propertyExists('core', 'passwordProposalHook')){ $value = $config->configRegistry->getPropertyValue('core', 'passwordProposalHook'); $core = new core($config); // No execute the hook and fetch the results. plugin::callHook($core, 'passwordProposalHook', $addAttrs= array(), $ret); if(count($ret) && !empty($ret[0])){ return($ret[0]); } } return(''); } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/password-methods/class_password-methods-md5.inc�����������������������������0000644�0001750�0001750�00000002475�11330043647�025204� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/password-methods/class_password-methods-sasl.inc����������������������������0000644�0001750�0001750�00000003505�11750201501�025443� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������realm = trim($config->get_cfg_value('core','SASLRealm')); if($this->realm == ""){ trigger_error(msgPool::cmdnotfound("SASLRealm", _("SASL"))); } $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); $ldap->cat($dn,array('uid')); if($ldap->count() == 1){ $attrs = $ldap->fetch(); $this->uid = $attrs['uid'][0]; }else{ trigger_error("Cannot change password, unknown users '".$dn."'"); } } function is_available() { return(true); } function generate_hash($pwd) { return("{SASL}".$this->uid."@".$this->realm); } function get_hash_name() { return "sasl"; } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_listing.inc�����������������������������������������������������������0000644�0001750�0001750�00000160642�11663662270�017375� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������pid= preg_replace("/[^0-9]/", "", microtime(TRUE)); if($isString){ if(!$this->loadString($source)){ die("Cannot parse $source!"); } }else{ if (!$this->loadFile($source)) { die("Cannot parse $source!"); } } // Set base for filter if ($this->baseMode) { $this->base= session::global_get("CurrentMainBase"); if ($this->base == null) { $this->base= $config->current['BASE']; } $this->refreshBasesList(); } else { $this->base= $config->current['BASE']; } // Move footer information $this->showFooter= ($config->get_cfg_value("core","listSummary") == "true"); // Register build in filters $this->registerElementFilter("objectType", "listing::filterObjectType"); $this->registerElementFilter("departmentLink", "listing::filterDepartmentLink"); $this->registerElementFilter("link", "listing::filterLink"); $this->registerElementFilter("actions", "listing::filterActions"); // Load exporters foreach($class_mapping as $class => $dummy) { if (preg_match('/Exporter$/', $class)) { $info= call_user_func(array($class, "getInfo")); if ($info != null) { $this->exporter= array_merge($this->exporter, $info); } } } // Instanciate base selector $this->baseSelector= new baseSelector($this->bases, $this->base); } function setCopyPasteHandler($handler) { $this->copyPasteHandler= &$handler; } function setHeight($height) { $this->height= $height; } function setSnapshotHandler($handler) { $this->snapshotHandler= &$handler; } function getFilter() { return($this->filter); } function setFilter($filter) { $this->filter= &$filter; if ($this->departmentBrowser){ $this->departments= $this->getDepartments(); } $this->filter->setBase($this->base); } function registerElementFilter($name, $call) { if (!isset($this->filters[$name])) { $this->filters[$name]= $call; return true; } return false; } function loadFile($filename) { return($this->loadString(file_get_contents($filename))); } function loadString($contents) { $this->xmlData= xml::xml2array($contents, 1); if (!isset($this->xmlData['list'])) { return false; } $this->xmlData= $this->xmlData["list"]; // Load some definition values foreach (array("departmentBrowser", "departmentRootVisible", "multiSelect","singleSelect", "baseMode", "noAclChecks") as $token) { if (isset($this->xmlData['definition'][$token]) && $this->xmlData['definition'][$token] == "true"){ $this->$token= true; } } // Fill objectTypes from departments and xml definition $types = departmentManagement::get_support_departments(); foreach ($types as $class => $data) { $this->objectTypes[$data['OC']]= array("label" => $data['TITLE'], "objectClass" => $data['OC'], "image" => $data['IMG']); } $this->categories= array(); if (isset($this->xmlData['definition']['objectType'])) { if(isset($this->xmlData['definition']['objectType']['label'])) { $this->xmlData['definition']['objectType']= array($this->xmlData['definition']['objectType']); } foreach ($this->xmlData['definition']['objectType'] as $index => $otype) { $tmp = $this->xmlData['definition']['objectType'][$index]; $this->objectTypes[$tmp['objectClass']]= $tmp; if (isset($this->xmlData['definition']['objectType'][$index]['category'])){ $this->categories[]= $otype['category']; if(isset($otype['category']) && isset($otype['class'])){ $this->aclToObjectClass[$otype['category']."/".$otype['class']][] = $otype['objectClass']; } } } } $this->objectTypes = array_values($this->objectTypes); // Parse layout per column $this->colprops= $this->parseLayout($this->xmlData['table']['layout']); // Prepare table headers $this->renderHeader(); // Assign headline/Categories $this->headline= _($this->xmlData['definition']['label']); if (!is_array($this->categories)){ $this->categories= array($this->categories); } // Evaluate columns to be exported if (isset($this->xmlData['table']['column'])){ foreach ($this->xmlData['table']['column'] as $index => $config) { if (isset($config['export']) && $config['export'] == "true"){ $this->exportColumns[]= $index; } } } return true; } function renderHeader() { $this->header= array(); $this->plainHeader= array(); // Initialize sort? $sortInit= false; if (!$this->sortDirection) { $this->sortColumn= 0; if (isset($this->xmlData['definition']['defaultSortColumn'])){ $this->sortColumn= $this->xmlData['definition']['defaultSortColumn']; } else { $this->sortAttribute= ""; } $this->sortDirection= array(); $sortInit= true; } if (isset($this->xmlData['table']['column'])){ foreach ($this->xmlData['table']['column'] as $index => $config) { // Initialize everything to one direction if ($sortInit) { $this->sortDirection[$index]= false; } $sorter= ""; if ($index == $this->sortColumn && isset($config['sortAttribute']) && isset($config['sortType'])) { $this->sortAttribute= $config['sortAttribute']; $this->sortType= $config['sortType']; $sorter= " ".image("images/lists/sort-".($this->sortDirection[$index]?"up":"down").".png", null, $this->sortDirection[$index]?_("Sort ascending"):_("Sort descending"), "text-top"); } $sortable= (isset($config['sortAttribute'])); $link= "href='?plug=".$_GET['plug']."&PID=".$this->pid."&act=SORT_$index'"; if (isset($config['label'])) { if ($sortable) { $this->header[$index]= "\n";
$result.= "\n";
$this->numColumns= count($this->colprops) + (($this->multiSelect|$this->singleSelect)?1:0);
// Build list header
$result.= "
";
// Add the footer if requested
if ($this->showFooter) {
$result.= "";
}
// Close list
$result.= $switch?"":"";
// Add scroll positioner
$result.= '';
$smarty= get_smarty();
$smarty->assign("FILTER", $this->filter->render());
$smarty->assign("SIZELIMIT", print_sizelimit_warning());
$smarty->assign("LIST", $result);
// Assign navigation elements
$nav= $this->renderNavigation();
foreach ($nav as $key => $html) {
$smarty->assign($key, $html);
}
// Assign action menu / base
$smarty->assign("HEADLINE", $this->headline);
$smarty->assign("ACTIONS", $this->renderActionMenu());
$smarty->assign("BASE", $this->renderBase());
// Assign separator
$smarty->assign("SEPARATOR", "| "; if($this->multiSelect){ $result.= ""; }else{ $result.= " "; } $result.=" | \n"; } foreach ($this->header as $header) { $result.= $header; } $result.= "||
| "; } // Render defined department columns, fill the rest with some stuff $rest= $this->numColumns - 1; foreach ($this->xmlData['table']['department'] as $index => $config) { $colspan= 1; if (isset($config['span'])){ $colspan= $config['span']; $this->useSpan= true; } $rowResult.=" | colprops[$index]." class='list1'>".$this->renderCell($config['value'], $entry, $row)." | "; $rest-= $colspan; } // Fill remaining cols with nothing $last= $this->numColumns - $rest; for ($i= 0; $i<$rest; $i++){ $rowResult.= "colprops[$last+$i-1]." class='list1'> | "; } $rowResult.="\n"; } if ($this->singleSelect) { $trow.=" | \n"; } foreach ($this->xmlData['table']['column'] as $index => $config) { $renderedCell= $this->renderCell($config['value'], $entry, $row); $trow.=" | colprops[$index]." class='list0'>".$renderedCell." | \n"; // Save rendered column $sort= preg_replace('/.*>([^<]+)<.*$/', '$1', $renderedCell); $sort= preg_replace('/ /', '', $sort); if (preg_match('/entries[$row]["_sort$index"]= $sort; } // Save rendered entry $this->entries[$row]['_rendered']= $trow; } // Complete list by sorting entries for _sort$index and appending them to the output $entryIterator= new listingSortIterator($this->entries, $this->sortDirection[$this->sortColumn], "_sort".$this->sortColumn, $this->sortType); foreach ($entryIterator as $row => $entry){ // Apply label to objecttype icon? if (preg_match("/
| "; continue; } if ($i != $this->numColumns-1) { $result.= " | "; } else { $result.= " | "; } } $result.= " |
");
// Assign summary
$smarty->assign("HEADLINE", $this->headline);
// Try to load template from plugin the folder first...
$file = get_template_path($this->xmlData['definition']['template'], true);
// ... if this fails, try to load the file from the theme folder.
if(!file_exists($file)){
$file = get_template_path($this->xmlData['definition']['template']);
}
return ($smarty->fetch($file));
}
function update()
{
global $config;
$ui= get_userinfo();
// Take care of base selector
if ($this->baseMode) {
$this->baseSelector->update();
// Check if a wrong base was supplied
if(!$this->baseSelector->checkLastBaseUpdate()){
msg_dialog::display(_("Error"), msgPool::check_base(), ERROR_DIALOG);
}
}
// Save base
$refresh= false;
if ($this->baseMode) {
$this->base= $this->baseSelector->getBase();
session::global_set("CurrentMainBase", $this->base);
$refresh= true;
}
// Reset object counter / DN mapping
$this->objectTypeCount= array();
$this->objectDnMapping= array();
// Do not do anything if this is not our PID
if($refresh || !(isset($_REQUEST['PID']) && $_REQUEST['PID'] != $this->pid)) {
// Save position if set
if (isset($_POST['position_'.$this->pid]) && is_numeric($_POST['position_'.$this->pid])) {
$this->scrollPosition= get_post('position_'.$this->pid);
}
// Override the base if we got a message from the browser navigation
if ($this->departmentBrowser && isset($_GET['act'])) {
if (preg_match('/^department_([0-9]+)$/', validate($_GET['act']), $match)){
if (isset($this->departments[$match[1]])){
$this->base= $this->departments[$match[1]]['dn'];
if ($this->baseMode) {
$this->baseSelector->setBase($this->base);
}
session::global_set("CurrentMainBase", $this->base);
}
}
}
// Filter POST with "act" attributes -> posted from action menu
if (isset($_POST['exec_act']) && $_POST['act'] != '') {
if (preg_match('/^export.*$/', $_POST['act']) && isset($this->exporter[$_POST['act']])) {
$exporter= $this->exporter[get_post('act')];
$userinfo= ", "._("created by")." ".$ui->cn." - ".strftime('%A, %d. %B %Y, %H:%M:%S');
$entryIterator= new listingSortIterator($this->entries, $this->sortDirection[$this->sortColumn], "_sort".$this->sortColumn, $this->sortType);
$sortedEntries= array();
foreach ($entryIterator as $entry){
$sortedEntries[]= $entry;
}
$instance= new $exporter['class']($this->headline.$userinfo, $this->plainHeader, $sortedEntries, $this->exportColumns);
$type= call_user_func(array($exporter['class'], "getInfo"));
$type= $type[get_post('act')];
send_binary_content($instance->query(), $type['filename'], $type= $type['mime']);
}
}
// Filter GET with "act" attributes
if (isset($_GET['act'])) {
$key= validate($_GET['act']);
if (preg_match('/^SORT_([0-9]+)$/', $key, $match)) {
// Switch to new column or invert search order?
$column= $match[1];
if ($this->sortColumn != $column) {
$this->sortColumn= $column;
} else {
$this->sortDirection[$column]= !$this->sortDirection[$column];
}
// Allow header to update itself according to the new sort settings
$this->renderHeader();
}
}
// Override base if we got signals from the navigation elements
$action= "";
foreach ($_POST as $key => $value) {
if (preg_match('/^(ROOT|BACK|HOME)(_x)?$/', $key, $match)) {
$action= $match[1];
break;
}
}
// Navigation handling
if ($action == 'ROOT') {
$deps= $ui->get_module_departments($this->categories);
$this->base= $deps[0];
$this->baseSelector->setBase($this->base);
session::global_set("CurrentMainBase", $this->base);
}
if ($action == 'BACK') {
$deps= $ui->get_module_departments($this->categories);
$base= preg_replace("/^[^,]+,/", "", $this->base);
if(in_array_ics($base, $deps)){
$this->base= $base;
$this->baseSelector->setBase($this->base);
session::global_set("CurrentMainBase", $this->base);
}
}
if ($action == 'HOME') {
$ui= get_userinfo();
$this->base= get_base_from_people($ui->dn);
$this->baseSelector->setBase($this->base);
session::global_set("CurrentMainBase", $this->base);
}
}
// Reload departments
if ($this->departmentBrowser){
$this->departments= $this->getDepartments();
}
// Update filter and refresh entries
$this->filter->setBase($this->base);
$this->entries= $this->filter->query();
// Check entry acls
if(!$this->noAclChecks){
foreach($this->entries as $row => $entry){
$acl = "";
$found = false;
foreach($this->aclToObjectClass as $category => $ocs){
if(count(array_intersect($ocs, $entry['objectClass']))){
$acl .= $ui->get_permissions($entry['dn'],$category, 0);
$found = true;
}
}
if(!preg_match("/r/", $acl) && $found){
unset($this->entries[$row]);
continue;
}
}
}
// Fix filter if querie returns NULL
if ($this->entries == null) {
$this->entries= array();
}
}
function setBase($base)
{
$this->base= $base;
if ($this->baseMode) {
$this->baseSelector->setBase($this->base);
}
}
function getBase()
{
return $this->base;
}
function parseLayout($layout)
{
$result= array();
$layout= preg_replace("/^\|/", "", $layout);
$layout= preg_replace("/\|$/", "", $layout);
$cols= explode("|", $layout);
foreach ($cols as $index => $config) {
if ($config != "") {
$res= "";
$components= explode(';', $config);
foreach ($components as $part) {
if (preg_match("/^r$/", $part)) {
$res.= "text-align:right;";
continue;
}
if (preg_match("/^l$/", $part)) {
$res.= "text-align:left;";
continue;
}
if (preg_match("/^c$/", $part)) {
$res.= "text-align:center;";
continue;
}
if (preg_match("/^[0-9]+(|px|%)$/", $part)) {
$res.= "width:$part;min-width:$part;";
continue;
}
}
// Add minimum width for scalable columns
if (!preg_match('/width:/', $res)){
$res.= "min-width:200px;";
}
$result[$index]= " style='$res'";
} else {
$result[$index]= " style='min-width:100px;'";
}
}
// Save number of columns for later use
$this->numColumns= count($cols);
// Add no border to the last column
$result[$this->numColumns-1]= preg_replace("/'$/", "border-right:0;'", $result[$this->numColumns-1]);
return $result;
}
function renderCell($data, $config, $row)
{
// Replace flat attributes in data string
for ($i= 0; $i<$config['count']; $i++) {
$attr= $config[$i];
$value= "";
if (is_array($config[$attr])) {
$value= $config[$attr][0];
} else {
$value= $config[$attr];
}
$data= preg_replace("/%\{$attr\}/", $value, $data);
}
// Watch out for filters and prepare to execute them
$data= $this->processElementFilter($data, $config, $row);
// Replace all non replaced %{...} instances because they
// are non resolved attributes or filters
$data= preg_replace('/%{[^}]+}/', ' ', $data);
return $data;
}
function renderBase()
{
if (!$this->baseMode) {
return;
}
return $this->baseSelector->render();
}
function processElementFilter($data, $config, $row)
{
preg_match_all("/%\{filter:([^(]+)\((.*)\)\}/", $data, $matches, PREG_SET_ORDER);
foreach ($matches as $match) {
$cl= "";
$method= "";
if (preg_match('/::/', $match[1])) {
$cl= preg_replace('/::.*$/', '', $match[1]);
$method= preg_replace('/^.*::/', '', $match[1]);
} else {
if (!isset($this->filters[$match[1]])) {
continue;
}
$cl= preg_replace('/::.*$/', '', $this->filters[$match[1]]);
$method= preg_replace('/^.*::/', '', $this->filters[$match[1]]);
}
// Prepare params for function call
$params= array();
preg_match_all('/"[^"]+"|[^,]+/', $match[2], $parts);
foreach ($parts[0] as $param) {
// Row is replaced by the row number
if ($param == "row") {
$params[]= $row;
continue;
}
// pid is replaced by the current PID
if ($param == "pid") {
$params[]= $this->pid;
continue;
}
// base is replaced by the current base
if ($param == "base") {
$params[]= $this->getBase();
continue;
}
// Fixie with "" is passed directly
if (preg_match('/^".*"$/', $param)){
$params[]= preg_replace('/"/', '', $param);
continue;
}
// Move dn if needed
if ($param == "dn") {
$params[]= LDAP::fix($config["dn"]);
continue;
}
// LDAP variables get replaced by their objects
for ($i= 0; $i<$config['count']; $i++) {
if ($param == $config[$i]) {
$values= $config[$config[$i]];
if (is_array($values)){
unset($values['count']);
}
$params[]= $values;
break;
}
}
}
// Replace information
if ($cl == "listing") {
// Non static call - seems to result in errors
$data= @preg_replace('/'.preg_quote($match[0]).'/', call_user_func_array(array($this, "$method"), $params), $data);
} else {
// Static call
$data= preg_replace('/'.preg_quote($match[0]).'/', call_user_func_array(array($cl, $method), $params), $data);
}
}
return $data;
}
function getObjectType($types, $classes)
{
// Walk thru types and see if there's something matching
foreach ($types as $objectType) {
$ocs= $objectType['objectClass'];
if (!is_array($ocs)){
$ocs= array($ocs);
}
$found= true;
foreach ($ocs as $oc){
if (preg_match('/^!(.*)$/', $oc, $match)) {
$oc= $match[1];
if (in_array_strict($oc, $classes)) {
$found= false;
}
} else {
if (!in_array_strict($oc, $classes)) {
$found= false;
}
}
}
if ($found) {
return $objectType;
}
}
return null;
}
function filterObjectType($dn, $classes)
{
// Walk thru classes and return on first match
$result= " ";
$objectType= $this->getObjectType($this->objectTypes, $classes);
if ($objectType) {
$this->objectDnMapping[$dn]= $objectType["objectClass"];
$result= "- "._("Actions")." ".image("images/lists/sort-down.png")."";
// Build ul/li list
$result.= $this->recurseActions($actions);
return "".$result.""; } function recurseActions($actions) { global $class_mapping; static $level= 2; $result= "
- ";
$separator= "";
foreach ($actions as $action) {
// Skip the entry completely if there's no permission to execute it
if (!$this->hasActionPermission($action, $this->filter->base)) {
continue;
}
// Skip entry if there're missing dependencies
if (isset($action['depends'])) {
$deps= is_array($action['depends'])?$action['depends']:array($action['depends']);
foreach($deps as $clazz) {
if (!isset($class_mapping[$clazz])){
continue 2;
}
}
}
// Fill image if set
$img= "";
if (isset($action['image'])){
$img= image($action['image'])." ";
}
if ($action['type'] == "separator"){
$separator= " style='border-top:1px solid #AAA' ";
continue;
}
// Dive into subs
if ($action['type'] == "sub" && isset($action['action'])) {
$level++;
if (isset($action['label'])){
$result.= "
";
$level--;
$separator= "";
continue;
}
// Render entry elseways
if (isset($action['label'])){
$result.= "
- ";
// Export CVS as build in exporter
foreach ($this->exporter as $action => $exporter) {
$result.= "
- ".image($exporter['image'])." ".$exporter['label']." "; } // Finalize list $result.= "
\n";
$result.= "cssclass)?" class='".$this->cssclass."'":"").">\n";
$action_width= 0;
if (strpos($this->acl, 'w') === false) {
$edit_image= $this->editable?image("images/lists/edit-grey.png"):"";
} else {
$edit_image= $this->editable?image('images/lists/edit.png', "%ID", _("Edit this entry")):"";
}
if (strpos($this->acl, 'w') === false) {
$delete_image= $this->deleteable?image('images/lists/trash-grey.png'):"";
} else {
$delete_image= $this->deleteable?image('images/lists/trash.png', "%ID", _("Delete this entry")):"";
}
// Do we need colspecs?
$action_width= ($this->editable?30:0) + ($this->deleteable?30:0);
if ($this->colspecs) {
$result.= "
\n
\n";
# $result.= " \n";
$result.= " \n";
$result.= " \n";
// Append script stuff if needed
$result.= '';
return $result;
}
public function update()
{
// Filter GET with "act" attributes
if (!$this->reorderable){
if(isset($_GET['act']) && isset($_GET['PID']) && $this->id == $_GET['PID']) {
$key= validate($_GET['act']);
if (preg_match('/^SORT_([0-9]+)$/', $key, $match)) {
// Switch to new column or invert search order?
$column= $match[1];
if ($this->sortColumn != $column) {
$this->sortColumn= $column;
} else {
$this->sortDirection[$column]= !$this->sortDirection[$column];
}
}
}
// Update mapping according to sort parameters
$this->sortData();
}
}
public function save_object()
{
// Do not do anything if this is not our PID, or there's even no PID available...
if(isset($_REQUEST['PID']) && $_REQUEST['PID'] != $this->id) {
return;
}
// Do not do anything if we're not posted - or have no permission
if (strpos($this->acl, 'w') !== false && isset($_POST['reorder_'.$this->id])){
if (isset($_POST['position_'.$this->id]) && is_numeric($_POST['position_'.$this->id])) {
$this->scrollPosition= get_post('position_'.$this->id);
}
// Move requested?
$move= get_post('reorder_'.$this->id);
if ($move != "") {
preg_match_all('/=([0-9]+)[&=]/', $move, $matches);
$this->action= "reorder";
$tmp= array();
foreach ($matches[1] as $id => $row) {
$tmp[$id]= $this->mapping[$row];
}
$this->mapping= $tmp;
$this->current_mapping= $matches[1];
$this->modified= true;
return;
}
}
// Delete requested?
$this->action = "";
if (strpos($this->acl, 'd') !== false){
foreach ($_POST as $key => $value) {
$value = get_post($key);
if (preg_match('/^del_'.$this->id.'_([0-9]+)$/', $key, $matches)) {
if(!isset($this->mapping[$matches[1]])) return;
$this->active_index= $this->mapping[$matches[1]];
// Ignore request if mode requests it
if (isset($this->modes[$this->active_index]) && $this->modes[$this->active_index] == LIST_DISABLED) {
$this->active_index= null;
continue;
}
// Set action
$this->action= "delete";
// Remove value if requested
if ($this->instantDelete) {
$this->deleteEntry($this->active_index);
}
}
}
}
// Edit requested?
if (strpos($this->acl, 'w') !== false){
foreach ($_POST as $key => $value) {
$value = get_post($key);
if (preg_match('/^edit_'.$this->id.'_([0-9]+)$/', $key, $matches)) {
if(!isset($this->mapping[$matches[1]])) return;
$this->active_index= $this->mapping[$matches[1]];
// Ignore request if mode requests it
if (isset($this->modes[$this->active_index]) && $this->modes[$this->active_index] == LIST_DISABLED) {
$this->active_index= null;
continue;
}
$this->action= "edit";
}
}
}
}
public function getAction()
{
// Do not do anything if we're not posted
if(!isset($_POST['reorder_'.$this->id])) {
return;
}
// For reordering, return current mapping
if ($this->action == 'reorder') {
return array("targets" => $this->current_mapping, "mapping" => $this->mapping, "action" => $this->action);
}
// Edit and delete
$result= array("targets" => array($this->active_index), "action" => $this->action);
return $result;
}
public function deleteEntry($id)
{
// Remove mapping
$index= array_search($id, $this->mapping);
if ($index !== false) {
$target = $this->mapping[$index];
$key = $this->keys[$target];
unset($this->mapping[$index]);
if(isset($this->displayData[$target])){
unset($this->displayData[$target]);
unset($this->data[$key]);
unset($this->keys[$target]);
}
$this->mapping= array_values($this->mapping);
$this->modified= true;
}
}
public function getMaintainedData()
{
$tmp= array();
foreach ($this->mapping as $src => $dst) {
$realKey = $this->keys[$dst];
$tmp[$realKey] = $this->data[$realKey];
}
return $tmp;
}
public function isModified()
{
return $this->modified;
}
public function setAcl($acl)
{
$this->acl= $acl;
}
public function sortingEnabled($bool = TRUE)
{
$this->sortingEnabled= $bool;
}
public function sortData()
{
if(!$this->sortingEnabled || !count($this->data)) return;
// Extract data
$tmp= array();
foreach($this->displayData as $key => $item) {
if (isset($item[$this->sortColumn])){
$tmp[$key]= $item[$this->sortColumn];
} else {
$tmp[$key]= "";
}
}
// Sort entries
if ($this->sortDirection[$this->sortColumn]) {
asort($tmp);
} else {
arsort($tmp);
}
// Adapt mapping accordingly
$this->mapping= array();
foreach ($tmp as $key => $value) {
$this->mapping[]= $key;
}
}
public function addEntry($entry, $displayEntry= null, $key= null)
{
// Only add if not already there
if (!$key) {
if (in_array_strict($entry, $this->data)) {
return;
}
} else {
if (isset($this->data[$key])) {
return;
}
}
// Prefill with default value if not specified
if (!$displayEntry) {
$displayEntry= array('data' => array($entry));
}
// Append to data and mapping
$this->displayData[]= $displayEntry['data'];
$this->mapping[]= max(array_keys($this->displayData));
$this->modified= true;
if ($key) {
$this->data[$key]= $entry;
$this->keys[]= $key;
} else {
$this->data[]= $entry;
$this->keys[]= max(array_keys($this->displayData));
}
// Find the number of coluns
reset($this->displayData);
$first= current($this->displayData);
if (is_array($first)) {
$this->columns= count($first);
} else {
$this->columns= 1;
}
// Preset sort orders to 'down'
for ($column= 0; $column<$this->columns; $column++) {
if(!isset($this->sortDirection[$column])){
$this->sortDirection[$column]= true;
}
}
// Sort data after we've added stuff
$this->sortData();
}
public function getKey($index) {
return isset($this->keys[$index])?$this->keys[$index]:null;
}
public function getData($index) {
$realkey = $this->keys[$index];
return($this->data[$realkey]);
}
}
��������������������������������������������������������������������������������gosa-core-2.7.4/include/class_releaseSelector.inc���������������������������������������������������0000644�0001750�0001750�00000024544�11613731145�021036� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������pid= preg_replace("/[^0-9]/", "", microtime(TRUE));
// Get list of used IDs
if(!session::is_set('releaseSelector_USED_IDS')){
session::set('releaseSelector_USED_IDS',array());
}
$usedIds = session::get('releaseSelector_USED_IDS');
// Generate instance wide unique ID
$pid = "";
while($pid == "" || in_array_strict($pid, $usedIds)){
// Wait 1 msec to ensure that we definately get a new id
if($pid != "") usleep(1);
$tmp= gettimeofday();
$pid = 'l'.md5(microtime().$tmp['sec']);
}
// Only keep the last 10 list IDsi
$usedIds = array_slice($usedIds, count($usedIds) -10, 10);
$usedIds[] = $pid;
session::set('releaseSelector_USED_IDS',$usedIds);
$this->pid = $pid;
// Transfer data
$this->releaseBase = $releaseBase;
$this->setBases($bases);
$this->setBase($base);
}
function setSubmitButton($flag)
{
$this->submitButton= $flag;
}
function setHeight($value)
{
$this->height= $value;
}
function setBase($base)
{
$this->base= $base;
if (isset($this->pathMapping[$base])) {
$this->update(true);
}
}
function setRootBase($base)
{
$this->releaseBase = $base;
}
function checkBase($base)
{
return isset($this->pathMapping[$base]);
}
function checkLastBaseUpdate()
{
return $this->lastState;
}
function setBases($bases)
{
global $config;
$this->releaseInfo = array();
$this->pathMapping= array();
$selected= $this->base == $this->releaseBase?"Selected":"";
$first= true;
$last_indent= 2;
foreach ($bases as $base => $dummy) {
// Build path style display
$elements= explode(',', substr($base, 0, strlen($base) - strlen($this->releaseBase)));
$elements= array_reverse($elements, true);
$this->pathMapping[$base]= $base == $this->releaseBase? '/' : ldap::fix(preg_replace('/(^|,)[a-z0-9]+=/i', '/', implode(',', $elements)));
$this->releaseInfo[$base]['name'] = ldap::fix(preg_replace('/(^|,)[a-z0-9]+=/i', '', $elements[0]));
$this->releaseInfo[$base]['description'] = $dummy;
}
// Save bases to session for autocompletion
session::global_set('pathMapping', $this->pathMapping);
session::global_set('department_info', $this->releaseInfo);
}
function update($force= false)
{
global $config;
// Analyze for base changes if needed
$this->action= null;
$last_base= $this->base;
if(isset($_REQUEST["BPID_{$this->pid}"]) && $_REQUEST["BPID_{$this->pid}"] == $this->pid) {
if (isset($_POST['bs_rebase_'.$this->pid]) && !empty($_POST['bs_rebase_'.$this->pid])) {
$new_base= base64_decode(get_post('bs_rebase_'.$this->pid));
if (isset($this->pathMapping[$new_base])) {
$this->base= $new_base;
$this->action= 'rebase';
} else {
$this->lastState= false;
return false;
}
}else{
// Input field set?
if (isset($_POST['bs_input_'.$this->pid])) {
// Take over input field base
if ($this->submitButton && isset($_POST['submit_base_'.$this->pid]) || !$this->submitButton) {
// Check if base is available
$this->lastState= false;
foreach ($this->pathMapping as $key => $path) {
if (mb_strtolower($path) == mb_strtolower(get_post('bs_input_'.$this->pid))) {
$this->base= $key;
$this->lastState= true;
break;
}
}
}
}
}
}
/* Skip if there's no change */
if (($this->tree && $this->base == $last_base) && !$force) {
return true;
}
$link= "onclick=\"\$('bs_rebase_".$this->pid."').value='".base64_encode($this->releaseBase)."';
$('submit_tree_base_".$this->pid."').click();\"";
$this->tree= "pid}').hide(); \"
onfocus=\" \$('bs_{$this->pid}').hide(); \"
onmouseover=\" mouseIsStillOver = true;
function showIt()
{
if(mouseIsStillOver){
\$('bs_".$this->pid."').show();
}
};
Element.clonePosition(\$('bs_".$this->pid."'),
'bs_input_".$this->pid."',
{setHeight: false, setWidth: false, offsetTop:(Element.getHeight('bs_input_".$this->pid."'))});
rtimer=showIt.delay(0.25); \"
onmouseout=\" mouseIsStillOver=false;
rtimer=Element.hide.delay(0.25,'bs_".$this->pid."')\"
value=\"".preg_replace('/"/','"',$this->pathMapping[$this->base])."\">";
// Autocompleter
$this->tree.= "".
"";
$selected= $this->base == $this->releaseBase?"Selected":"";
$this->tree.= "\n";
// Draw submitter if required
if ($this->submitButton) {
$this->tree.= image('images/lists/submit.png', "submit_base_".$this->pid, _("Submit"));
}
$this->tree.= "";
$this->tree.= "";
$this->tree.= "";
$this->lastState= true;
return true;
}
function gennonbreaks($string)
{
return str_replace('-', '‑', str_replace(' ', ' ', $string));
}
function render()
{
return $this->tree;
}
function getBase()
{
return $this->base;
}
function getAction()
{
// Do not do anything if this is not our BPID, or there's even no BPID available...
if(!isset($_REQUEST["BPID_{$this->pid}"]) || $_REQUEST["BPID_{$this->pid}"] != $this->pid) {
return;
}
if ($this->action) {
return array("targets" => array($this->base), "action" => $this->action);
}
return null;
}
}
?>
������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_GOsaRegistration.inc��������������������������������������������������0000644�0001750�0001750�00000011024�11470506143�021125� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������config = $config;
}
function getRegistrationServer()
{
return($this->server);
}
function getConnection($user = NULL, $password ="")
{
if($user === NULL){
return($this->config->getRpcHandle($this->server, $this->user,$this->password, TRUE, FALSE));
}else{
return($this->config->getRpcHandle($this->server, $user,$password, TRUE, FALSE));
}
}
function isServerAccessible($force = FALSE)
{
// Only request a new status every 2 seconds
if(isset($this->cache['isServerAccessible']['called']) && !$force){
if($this->cache['isServerAccessible']['called'] + 2 > time()){
return($this->cache['isServerAccessible']['result']);
}
}
// Check the connection status by calling a dummy function
$con = $this->getConnection();
$res = $con->isInstanceRegistered("dummy");
// Store the result
$this->cache['isServerAccessible']['called'] = time();
$this->cache['isServerAccessible']['result'] = $con->success();
return($con->success());
}
function registrationNotWanted()
{
// While we are registered this will always be FALSE.
if($this->isInstanceRegistered()) return(FALSE);
// Check if the registration process was postponed or completely(>=0) canceled (-1)
$date = $this->config->configRegistry->getPropertyValue('GOsaRegistration','askForRegistration');
return($date == -1);
}
function registrationRequired()
{
if($this->isInstanceRegistered()) return(FALSE);
// Seems that we haven't received an instancePassword yet, this can has two reasons:
// 1. Not registered yet or registration postponed 2. We do not want to registrate our instance.
$date = $this->config->configRegistry->getPropertyValue('GOsaRegistration','askForRegistration');
if($date == -1){
// We do not want to registrate
return(FALSE);
}else{
// Registration may be postponed.
return($date < time());
}
}
function isInstanceRegistered()
{
if($this->isServerAccessible()){
// First check if the server is accessible and if the instance is registered.
return($this->isInstanceRegisteredWithServer());
}else{
// Server is down, now check if we've an instancePassword set in our gosa.conf.
$instancePassword = $this->config->configRegistry->getPropertyValue('GOsaRegistration','instancePassword');
return(!empty($instancePassword));
}
}
function isInstanceRegisteredWithServer()
{
$con = $this->getConnection();
$res = $con->isInstanceRegistered($this->config->getInstanceUuid());
if($con->success()){
$this->isRegistered = $res;
}else{
return(FALSE);
}
return($this->isRegistered);
}
static function plInfo()
{
return (array(
"plProperties" => array(
array(
"name" => "instancePassword",
"type" => "string",
"default" => "",
"description" => "",
"check" => "gosaProperty::isString",
"migrate" => "",
"group" => "registration",
"mandatory" => FALSE),
array(
"name" => "askForRegistration",
"type" => "integer",
"default" => "0",
"description" => _("UNIX-timestamp pointing to the date GOsa will ask for a registration again (-1 to disable)"),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "registration",
"mandatory" => FALSE),
)
)
);
}
}
?>
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gosa-core-2.7.4/include/class_msg_dialog.inc��������������������������������������������������������0000644�0001750�0001750�00000016355�11613731145�020023� 0����������������������������������������������������������������������������������������������������ustar �cajus���������������������������cajus������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������i_ID = preg_replace("/[^0-9]*/","",microtime());
$this->s_Title = $s_title;
$this->s_Message = $s_message;
$this->i_Type = $i_type;
/* Append trace information, only if error messages are enabled */
if( isset($config) &&
is_object($config) &&
$config->get_cfg_value("core","displayErrors") == "true" ){
$this->a_Trace = debug_backtrace();
}
if(!session::is_set('msg_dialogs')){
session::set('msg_dialogs',array());
}
if($this->i_Type == FATAL_ERROR_DIALOG){
restore_error_handler();
error_reporting(E_ALL);
echo $this->execute();
}else{
$msg_dialogs = session::get('msg_dialogs');
$msg_dialogs[] = $this;
session::set('msg_dialogs',$msg_dialogs);
}
}
session::set('errorsAlreadyPosted',$errorsAlreadyPosted);
}
public static function display($s_title,$s_message,$i_type = INFO_DIALOG)
{
new msg_dialog($s_title,$s_message,$i_type);
}
public static function displayChecks($messages)
{
/* Assemble the message array to a plain string */
foreach ($messages as $error){
msg_dialog::display(_("Error"), $error, ERROR_DIALOG);
}
}
public function get_ID()
{
return($this->i_ID);
}
public function execute()
{
if($this->i_Type == FATAL_ERROR_DIALOG) {
$display =
"
| "; } $result.= "\n | |
|---|---|
| ".str_replace('%ID', "edit_".$this->id."_$nr", $edit_image). str_replace('%ID', "del_".$this->id."_$nr", $delete_image)." | "; } $result.= "|
| "; $num= $action_width?$this->columns:$this->columns-1; for ($i= 0; $i<$num; $i++) { $result.= " | "; } $result.= " |
|
".$this->s_Title." ".$this->s_Message." "._("Please fix the above error and reload the page.")." |
"; $style = "style='width:50px;'"; $display .= ""; $display .= ""; $display .= ""; $display .= ""; $display .= ""; $display .= " - "; $display .= ""; $display .= ""; $display .= ""; $display .= " - "; $display .= ""; $display .= ""; $display .= ""; $display .= ""; } /* Build general objects */ $list =$this->sort_by_priority($list); foreach ($list as $key => $name){ /* Create sub acl if it does not exist */ if (!isset($this->aclContents[$key])){ $this->aclContents[$key]= array(); } if(!isset($this->aclContents[$key][0])){ $this->aclContents[$key][0]= ''; } $currentAcl= $this->aclContents[$key]; /* Get the overall plugin acls */ $overall_acl =""; if(isset($currentAcl[0])){ $overall_acl = $currentAcl[0]; } // Detect configured plugins $expand = count($currentAcl) > 1 || $currentAcl[0] != ""; /* Object header */ $tname= preg_replace("/[^a-z0-9]/i","_",$name); if($expand){ $back_color = "#C8C8FF"; }else{ $back_color = "#C8C8C8"; } if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) { $display.= "\n
| "._("Object").": $name | ". "\n". "\n | ". "\n
| "._("Object").": $name | ". "\n". "\n | ". "\n
| "._("Object").": $name | ". "\n|
| $options | ". "\n"._("Complete object").": $more_options | ". "\n
| ". "\n |