Skip to content
GitLab
Select Git revision
  • dev default
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
functions.inc 52.49 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4 
  Copyright (C) 2003-2010  Cajus Pollmeier
5 
  Copyright (C) 2011-2016  FusionDirectory
6
7 
  This program is free software; you can redistribute it and/or modify
8 
  it under the terms of the GNU General Public License as published by
9 
  the Free Software Foundation; either version 2 of the License, or
10 
  (at your option) any later version.
11
12 
  This program is distributed in the hope that it will be useful,
13 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 
  GNU General Public License for more details.
16
17 
  You should have received a copy of the GNU General Public License
18 
  along with this program; if not, write to the Free Software
19 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
20 
*/
21
22 
/*!
23 
 * \file functions.inc
24 
 *  Common functions and named definitions.
25 
 */
26
27 
/* Define common locations and variables */
28 
require_once('variables.inc');
29
30 
/* Include required files */
31 
require_once(CACHE_DIR.'/'.CLASS_CACHE);
32 
require_once('functions_debug.inc');
33 
require_once('accept-to-gettext.inc');
34
35 
/* Define constants for debugging */
36 
define('DEBUG_TRACE',    1); /*! Debug level for tracing of common actions (save, check, etc.) */
37 
define('DEBUG_LDAP',     2); /*! Debug level for LDAP queries */
38 
define('DEBUG_DB',       4); /*! Debug level for database operations */
39 
define('DEBUG_SHELL',    8); /*! Debug level for shell commands */
40 
define('DEBUG_POST',     16); /*! Debug level for POST content */
41 
define('DEBUG_SESSION',  32); /*! Debug level for SESSION content */
42 
define('DEBUG_CONFIG',   64); /*! Debug level for CONFIG information */
43 
define('DEBUG_ACL',      128); /*! Debug level for ACL infos */
44 
define('DEBUG_SI',       256); /*! Debug level for communication with Argonaut */
45 
define('DEBUG_MAIL',     512); /*! Debug level for all about mail (mailAccounts, imap, sieve etc.) */
46 
define('DEBUG_FAI',      1024); /* FAI (incomplete) */
47
48 
/* Rewrite german 'umlauts' and spanish 'accents'
49 
   to get better results */
50 
$REWRITE = [ "ä" => "ae",
51 
    "ö" => "oe",
52 
    "ü" => "ue",
53 
    "Ä" => "Ae",
54 
    "Ö" => "Oe",
55 
    "Ü" => "Ue",
56 
    "ß" => "ss",
57 
    "á" => "a",
58 
    "é" => "e",
59 
    "í" => "i",
60 
    "ó" => "o",
61 
    "ú" => "u",
62 
    "Á" => "A",
63 
    "É" => "E",
64 
    "Í" => "I",
65 
    "Ó" => "O",
66 
    "Ú" => "U",
67 
    "ñ" => "ny",
68 
    "Ñ" => "Ny" ];
69
70
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
/*! * \brief Does autoloading for classes used in FusionDirectory. * * Takes the list generated by 'fusiondirectory-setup' and loads the * file containing the requested class. * * \param array $class_name list of class name */ function __fusiondirectory_autoload ($class_name) { global $class_mapping, $BASE_DIR, $config; if ($class_mapping === NULL) { if (isset($config) && is_object($config) && $config->get_cfg_value('displayerrors') == 'TRUE') { list($trace, ) = html_trace(); echo $trace; echo "<br/>\n"; } echo sprintf(_("Fatal error: no class locations defined - please run '%s' to fix this"), "<b>fusiondirectory-setup --update-cache</b>"); exit; } /* Do not try to autoload smarty classes */ if (strpos($class_name, 'Smarty_') === 0) { return; } if (isset($class_mapping["$class_name"])) { require_once($BASE_DIR.'/'.$class_mapping["$class_name"]); } else { logging::debug(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $class_name, 'Could not load'); if (isset($config) && is_object($config) && $config->get_cfg_value('displayerrors') == 'TRUE') { list($trace, ) = html_trace(); echo $trace; echo "<br/>\n"; } echo sprintf(_("Fatal error: cannot instantiate class '%s' - try running '%s' to fix this"), $class_name, "<b>fusiondirectory-setup --update-cache</b>"); exit; } } spl_autoload_register('__fusiondirectory_autoload'); /*! * \brief Checks if a class is available. * * \param string $name The subject of the test * * \return boolean Return TRUE if successfull FALSE otherwise */ function class_available ($name) { global $class_mapping; return isset($class_mapping[$name]); } /*! * \brief Check if plugin is available * * Checks if a given plugin is available and readable. * * \param string $plugin the subject of the check * * \return boolean Return TRUE if successfull FALSE otherwise */ function plugin_available ($plugin)
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
{ global $class_mapping, $BASE_DIR; if (!isset($class_mapping[$plugin])) { return FALSE; } else { return is_readable($BASE_DIR.'/'.$class_mapping[$plugin]); } } /*! * \brief Debug level action * * Print a DEBUG level if specified debug level of the level matches the * the configured debug level. * * \param int $level The log level of the message (should use the constants, * defined in functions.in (DEBUG_TRACE, DEBUG_LDAP, etc.) * * \param int $line Define the line of the logged action (using __LINE__ is common) * * \param string $function Define the function where the logged action happened in * (using __FUNCTION__ is common) * * \param string $file Define the file where the logged action happend in * (using __FILE__ is common) * * \param mixed $data The data to log. Can be a message or an array, which is printed * with print_a * * \param string $info Optional: Additional information */ function DEBUG ($level, $line, $function, $file, $data, $info = '') { logging::debug($level, $line, $function, $file, $data, $info); } /*! * \brief Return HTML safe copyright notice */ function copynotice () { return sprintf(htmlescape(_('%s 2002-%d %sThe FusionDirectory team, %s%s')), '&copy;', date('Y'), '<a href="http://www.fusiondirectory.org">', FD_VERSION, '</a>'); } /*! * \brief Return themed path for specified base file * * Depending on its parameters, this function returns the full * path of a template file. First match wins while searching * in this order: * * - load theme depending file * - load global theme depending file * - load default theme file * - load global default theme file * * \param string $filename The base file name * * \param boolean $plugin Flag to take the plugin directory as search base * * \param string $path User specified path to take as search base * * \return string Full path to the template file */ function get_template_path ($filename = '', $plugin = FALSE, $path = '') { global $config, $BASE_DIR; $default_theme = 'breezy';
211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
/* Set theme */ if (isset($config)) { $theme = $config->get_cfg_value('theme', $default_theme); } else { $theme = $default_theme; } /* Return path for empty filename */ if ($filename == '') { return "themes/$theme/"; } /* Return plugin dir or root directory? */ if ($plugin) { if ($path == '') { $path = session::get('plugin_dir'); $nf = preg_replace('!^'.$BASE_DIR.'/!', '', preg_replace('/^\.\.\//', '', $path)); } else { $nf = preg_replace('!^'.$BASE_DIR.'/!', '', $path); } $paths = [ "$BASE_DIR/ihtml/themes/$theme/$nf/$filename", "$BASE_DIR/ihtml/themes/$default_theme/$nf/$filename", "$BASE_DIR/ihtml/themes/default/$nf/$filename", $path."/$filename" ]; } else { $paths = [ "themes/$theme/$filename", "$BASE_DIR/ihtml/themes/$theme/$filename", "themes/$default_theme/$filename", "$BASE_DIR/ihtml/themes/$default_theme/$filename", "themes/default/$filename", "$BASE_DIR/ihtml/themes/default/$filename", $filename ]; } foreach ($paths as $path) { if (file_exists($path)) { return $path; } } return end($paths); } /*! * \brief Remove multiple entries from an array * * Removes every element that is in $needles from the * array given as $haystack * * \param array $needles array of the entries to remove * * \param array $haystack original array to remove the entries from */ function array_remove_entries (array $needles, array $haystack) { return array_values(array_diff($haystack, $needles)); } /*! * \brief Remove multiple entries from an array (case-insensitive) * * Removes every element that is in $needles from the * array given as $haystack but case insensitive *
281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350
* \param array $needles array of the entries to remove * * \param array $haystack original array to remove the entries from */ function array_remove_entries_ics (array $needles, array $haystack) { // strcasecmp will work, because we only compare ASCII values here return array_values(array_udiff($haystack, $needles, 'strcasecmp')); } /*! * \brief Merge to array but remove duplicate entries (case-insensitive) * * Merges two arrays and removes duplicate entries. Triggers * an error if first or second parametre is not an array. * * \param array $ar1 first array * * \param array $ar2 second array * * \return array */ function array_merge_unique (array $ar1, array $ar2) { return array_values(array_unique(array_merge($ar1, $ar2))); } /*! * \brief Generate a system log info * * Creates a syslog message, containing user information. * * \param string $message the message to log */ function fusiondirectory_log ($message) { global $ui; /* Preset to something reasonable */ $username = '[unauthenticated]'; /* Replace username if object is present */ if (isset($ui)) { if ($ui->uid != '') { $username = '['.$ui->uid.']'; } else { $username = '[unknown]'; } } syslog(LOG_INFO, "FusionDirectory $username: $message"); } /*! * \brief Initialize a LDAP connection * * Initializes a LDAP connection. * * \param string $server The server we are connecting to * * \param string $base The base of our ldap tree * * \param string $binddn Default: empty * * \param string $pass Default: empty * * \return LDAP object */
351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420
function ldap_init ($server, $base, $binddn = '', $pass = '') { global $config; $ldap = new LDAP($binddn, $pass, $server, isset($config->current['LDAPFOLLOWREFERRALS']) && $config->current['LDAPFOLLOWREFERRALS'] == 'TRUE', isset($config->current['LDAPTLS']) && $config->current['LDAPTLS'] == 'TRUE'); /* Sadly we've no proper return values here. Use the error message instead. */ if (!$ldap->success()) { throw new FatalError(htmlescape(sprintf(_('FATAL: Error when connecting the LDAP. Server said "%s".'), $ldap->get_error()))); } /* Preset connection base to $base and return to caller */ $ldap->cd($base); return $ldap; } /*! * \brief Add a lock for object(s) * * Adds a lock by the specified user for one ore multiple objects. * If the lock for that object already exists, an error is triggered. * * \param array $object The object or array of objects to lock * * \param string $user The user who shall own the lock */ function add_lock ($object, $user) { global $config; /* Remember which entries were opened as read only, because we don't need to remove any locks for them later. */ if (!session::is_set('LOCK_CACHE')) { session::set('LOCK_CACHE', ['']); } if (is_array($object)) { foreach ($object as $obj) { add_lock($obj, $user); } return; } $cache = &session::get_ref('LOCK_CACHE'); if (isset($_POST['open_readonly'])) { $cache['READ_ONLY'][$object] = TRUE; return; } if (isset($cache['READ_ONLY'][$object])) { unset($cache['READ_ONLY'][$object]); } /* Just a sanity check... */ if (empty($object) || empty($user)) { $error = new FusionDirectoryError(htmlescape(_('Error while adding a lock. Contact the developers!'))); $error->display(); return; } /* Check for existing entries in lock area */ $ldap = $config->get_ldap_link(); $ldap->cd(get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']); $ldap->search('(&(objectClass=fdLockEntry)(fdUserDn='.ldap_escape_f($user).')(fdObjectDn='.base64_encode($object).'))', ['fdUserDn']); if ($ldap->get_errno() == 32) { /* No such object, means the locking branch is missing, create it */ $ldap->cd($config->current['BASE']); try {
421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490
$ldap->create_missing_trees(get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']); } catch (FusionDirectoryError $error) { $error->display(); } $ldap->cd(get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']); $ldap->search('(&(objectClass=fdLockEntry)(fdUserDn='.ldap_escape_f($user).')(fdObjectDn='.base64_encode($object).'))', ['fdUserDn']); } if (!$ldap->success()) { $error = new FusionDirectoryError( sprintf( htmlescape(_('Cannot create locking information in LDAP tree. Please contact your administrator!')). '<br><br>'.htmlescape(_('LDAP server returned: %s')), '<br><br><i>'.htmlescape($ldap->get_error()).'</i>' ) ); $error->display(); return; } /* Add lock if none present */ if ($ldap->count() == 0) { $attrs = []; $name = md5($object); $dn = 'cn='.$name.','.get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']; $ldap->cd($dn); $attrs = [ 'objectClass' => 'fdLockEntry', 'fdUserDn' => $user, 'fdObjectDn' => base64_encode($object), 'cn' => $name, 'fdLockTimestamp' => LdapGeneralizedTime::toString(new DateTime('now')), ]; $ldap->add($attrs); if (!$ldap->success()) { $error = new FusionDirectoryLdapError($dn, LDAP_ADD, $ldap->get_error(), $ldap->get_errno()); $error->display(); return; } } } /*! * \brief Remove a lock for object(s) * * Remove a lock for object(s) * * \param mixed $object object or array of objects for which a lock shall be removed */ function del_lock ($object) { global $config; if (is_array($object)) { foreach ($object as $obj) { del_lock($obj); } return; } /* Sanity check */ if ($object == '') { return; } /* If this object was opened in read only mode then skip removing the lock entry, there wasn't any lock created. */ if (session::is_set('LOCK_CACHE')) {
491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560
$cache = &session::get_ref('LOCK_CACHE'); if (isset($cache['READ_ONLY'][$object])) { unset($cache['READ_ONLY'][$object]); return; } } /* Check for existance and remove the entry */ $ldap = $config->get_ldap_link(); $dn = get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']; $ldap->cd($dn); $ldap->search('(&(objectClass=fdLockEntry)(fdObjectDn='.base64_encode($object).'))', ['fdObjectDn']); $attrs = $ldap->fetch(); if (!$ldap->success()) { $error = new FusionDirectoryLdapError($dn, LDAP_SEARCH, $ldap->get_error(), $ldap->get_errno()); $error->display(); return; } elseif (!empty($attrs['dn'])) { $ldap->rmdir($attrs['dn']); } } /*! * \brief Remove all locks owned by a specific userdn * * For a given userdn remove all existing locks. This is usually * called on logout. * * \param string $userdn the subject whose locks shall be deleted */ function del_user_locks ($userdn) { global $config; /* Get LDAP ressources */ $ldap = $config->get_ldap_link(); $ldap->cd(get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']); /* Remove all objects of this user, drop errors silently in this case. */ $ldap->search('(&(objectClass=fdLockEntry)(fdUserDn='.ldap_escape_f($userdn).'))', ['fdUserDn']); while ($attrs = $ldap->fetch()) { $ldap->rmdir($attrs['dn']); } } /*! * \brief Get a lock for a specific object * * Searches for a lock on a given object. * * \param string $object subject whose locks are to be searched * * \return string Returns the dn of the user who owns the lock or '' if no lock is found * or FALSE if an error occured. */ function get_lock ($object) { /* Sanity check */ if ($object == '') { $error = new FusionDirectoryError(htmlescape(_('Error while adding a lock. Contact the developers!'))); $error->display(); return FALSE; } /* Allow readonly access, the plugin constructor will restrict the acls */ if (isset($_POST['open_readonly'])) { return ''; }
561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630
$locks = get_locks($object); if ($locks === FALSE) { return FALSE; } elseif (empty($locks)) { return ''; } else { return $locks[0]['user']; } } /*! * \brief Get locks for objects * * Similar as get_lock(), but for multiple objects. * * \param mixed $objects Array of dns for which a lock will be searched or dn of a single object * * \param boolean $allow_readonly TRUE if readonly access should be permitted, * FALSE if not (default). * * \return A numbered array containing all found locks as an array with key 'object' * and key 'user', or FALSE if an error occured. */ function get_locks ($objects, $allow_readonly = FALSE) { global $config; if (is_array($objects) && (count($objects) == 1)) { $objects = reset($objects); } if (is_array($objects)) { if ($allow_readonly) { trigger_error('Read only is not possible for several objects'); } $filter = '(&(objectClass=fdLockEntry)(|'; foreach ($objects as $obj) { $filter .= '(fdObjectDn='.base64_encode($obj).')'; } $filter .= '))'; } else { if ($allow_readonly && isset($_POST['open_readonly'])) { /* If readonly is allowed and asked and there is only one object, bypass lock detection */ return []; } $filter = '(&(objectClass=fdLockEntry)(fdObjectDn='.base64_encode($objects).'))'; } /* Get LDAP link, check for presence of the lock entry */ $ldap = $config->get_ldap_link(); $dn = get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']; $ldap->cd($dn); $ldap->search($filter, ['fdUserDn','fdObjectDn', 'fdLockTimestamp']); if (!$ldap->success()) { $error = new FusionDirectoryLdapError($dn, LDAP_SEARCH, $ldap->get_error(), $ldap->get_errno()); $error->display(); return FALSE; } $locks = []; while ($attrs = $ldap->fetch()) { $locks[] = [ 'dn' => $attrs['dn'], 'object' => base64_decode($attrs['fdObjectDn'][0]), 'user' => $attrs['fdUserDn'][0], 'timestamp' => LdapGeneralizedTime::fromString($attrs['fdLockTimestamp'][0]), ]; }
631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700
if (!is_array($objects) && (count($locks) > 1)) { /* Hmm. We're removing broken LDAP information here and issue a warning. */ $warning = new FusionDirectoryWarning(htmlescape(_('Found multiple locks for object to be locked. This should not happen - cleaning up multiple references.'))); $warning->display(); /* Clean up these references now... */ foreach ($locks as $lock) { $ldap->rmdir($lock['dn']); } return FALSE; } return $locks; } /*! * \brief Return the current userinfo object * * \return return the current userinfo object */ function &get_userinfo () { global $ui; return $ui; } /*! * \brief Get global smarty object * * \return return the global smarty object */ function &get_smarty () { global $smarty; return $smarty; } /*! * \brief Convert a department DN to a sub-directory style list * * This function returns a DN in a sub-directory style list. * Examples: * - ou=1.1.1,ou=limux becomes limux/1.1.1 * - cn=bla,ou=foo,dc=local becomes foo/bla or foo/bla/local, depending * on the value for $base. * * If the specified DN contains a basedn which either matches * the specified base or $config->current['BASE'] it is stripped. * * \param string $dn the subject for the conversion * * \param string $base the base dn, default: $config->current['BASE'] * * \return a string in the form as described above */ function convert_department_dn ($dn, $base = NULL) { global $config; if ($base == NULL) { $base = $config->current['BASE']; } /* Build a sub-directory style list of the tree level specified in $dn */ $dn = preg_replace('/'.preg_quote($base, '/')."$/i", '', $dn); if (empty($dn)) {
701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770
return '/'; } $dep = ''; foreach (explode(',', $dn) as $rdn) { $dep = preg_replace("/^[^=]+=/", '', $rdn).'/'.$dep; } /* Return and remove accidently trailing slashes */ return trim($dep, '/'); } /*! \brief Get the OU of a certain RDN * * Given a certain RDN name (ogroupRDN, applicationRDN etc.) this * function returns either a configured OU or the default * for the given RDN. * * Example: * \code * # Determine LDAP base where systems are stored * $base = get_ou('systemRDN') . $config->current['BASE']; * $ldap->cd($base); * \endcode * * \param $name the rdn of the ou you are trying to find * * \return the ou associated the the RDN or nothing * */ function get_ou ($name) { global $config; $map = [ 'fusiondirectoryRDN' => 'ou=fusiondirectory,', 'lockRDN' => 'ou=locks,', 'recoveryTokenRDN' => 'ou=recovery,', 'reminderTokenRDN' => 'ou=reminder,', 'roleRDN' => 'ou=roles,', 'ogroupRDN' => 'ou=groups,', 'applicationRDN' => 'ou=apps,', 'systemRDN' => 'ou=systems,', 'serverRDN' => 'ou=servers,ou=systems,', 'terminalRDN' => 'ou=terminals,ou=systems,', 'workstationRDN' => 'ou=workstations,ou=systems,', 'printerRDN' => 'ou=printers,ou=systems,', 'phoneRDN' => 'ou=phones,ou=systems,', 'componentRDN' => 'ou=netdevices,ou=systems,', 'mobilePhoneRDN' => 'ou=mobile,ou=systems,', 'inventoryRDN' => 'ou=inventory,', 'ipmiRDN' => 'ou=ipmi,', 'faxBlocklistRDN' => 'ou=gofax,ou=systems,', 'aclRoleRDN' => 'ou=aclroles,', 'phoneMacroRDN' => 'ou=macros,ou=asterisk,ou=configs,ou=systems,', 'phoneConferenceRDN' => 'ou=conferences,ou=asterisk,ou=configs,ou=systems,', 'faiBaseRDN' => 'ou=fai,ou=configs,ou=systems,', 'faiScriptRDN' => 'ou=scripts,', 'faiHookRDN' => 'ou=hooks,', 'faiTemplateRDN' => 'ou=templates,', 'faiVariableRDN' => 'ou=variables,', 'faiProfileRDN' => 'ou=profiles,', 'faiPackageRDN' => 'ou=packages,', 'faiPartitionRDN' => 'ou=disk,', 'debconfRDN' => 'ou=debconf,',
771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840
'supannStructuresRDN' => 'ou=structures,', 'sudoRDN' => 'ou=sudoers,', 'netgroupRDN' => 'ou=netgroup,', 'deviceRDN' => 'ou=devices,', 'aliasRDN' => 'ou=alias,', 'dsaRDN' => 'ou=dsa,', 'mimetypeRDN' => 'ou=mime,' ]; /* Preset ou... */ if ($config->get_cfg_value($name, '_not_set_') != '_not_set_') { $ou = $config->get_cfg_value($name); } elseif (isset($map[$name])) { return $map[$name]; } else { return NULL; } if ($ou != '') { if (!preg_match('/^[^=]+=[^=]+/', $ou)) { $ou = "ou=$ou"; } else { $ou = "$ou"; } if (preg_match('/'.preg_quote($config->current['BASE'], '/').'$/', $ou)) { return $ou; } else { if (preg_match('/,$/', $ou)) { return $ou; } else { return "$ou,"; } } } else { return ''; } } /*! * \brief Get the OU for users * * Function for getting the userRDN * * \return the ou of the userRDN */ function get_people_ou () { return get_ou('userRDN'); } /*! \brief Return a base from a given user DN * * \code * get_base_from_people('cn=Max Muster,dc=local') * # Result is 'dc=local' * \endcode * * \param string $dn * * \return the base from the dn */ function get_base_from_people ($dn)
841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910
{ global $config; $pattern = "/^[^,]+,".preg_quote(get_people_ou(), '/')."/i"; $base = preg_replace($pattern, '', $dn); /* Set to base, if we're not on a correct subtree */ $departmentInfo = $config->getDepartmentInfo(); if (!isset($departmentInfo[$base])) { $base = $config->current['BASE']; } return $base; } /*! * \brief Check if strict naming rules are configured * * Return TRUE or FALSE depending on weither strictNamingRules * are configured or not. * * \return Returns TRUE if strictNamingRules is set to TRUE or if the * config object is not available, otherwise FALSE. */ function strict_uid_mode () { global $config; if (isset($config)) { return ($config->get_cfg_value('strictNamingRules') == 'TRUE'); } return TRUE; } /*! * \brief Generate a lock message * * This message shows a warning to the user, that a certain object is locked * and presents some choices how the user can proceed. By default this * is 'Cancel' or 'Edit anyway', but depending on the function call * its possible to allow readonly access, too. * * Example usage: * \code * if ($locks = get_locks($this->dn)) { * return gen_locked_message($locks, $this->dn, TRUE); * } * \endcode * * \param string $locks the locks as returned by get_locks * * \param string $dn the locked DN * * \param boolean $allow_readonly TRUE if readonly access should be permitted, * FALSE if not (default). * * */ function gen_locked_message (array $locks, $dn, $allow_readonly = FALSE) { session::set('dn', $dn); $remove = FALSE; /* Save variables from LOCK_VARS_TO_USE in session - for further editing */ if (session::is_set('LOCK_VARS_TO_USE') && count(session::get('LOCK_VARS_TO_USE'))) { $LOCK_VARS_USED_GET = []; $LOCK_VARS_USED_POST = []; $LOCK_VARS_USED_REQUEST = []; $LOCK_VARS_TO_USE = session::get('LOCK_VARS_TO_USE');
911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980
foreach ($LOCK_VARS_TO_USE as $name) { if (empty($name)) { continue; } foreach ($_POST as $Pname => $Pvalue) { if (preg_match($name, $Pname)) { $LOCK_VARS_USED_POST[$Pname] = $_POST[$Pname]; } } foreach ($_GET as $Pname => $Pvalue) { if (preg_match($name, $Pname)) { $LOCK_VARS_USED_GET[$Pname] = $_GET[$Pname]; } } foreach ($_REQUEST as $Pname => $Pvalue) { if (preg_match($name, $Pname)) { $LOCK_VARS_USED_REQUEST[$Pname] = $_REQUEST[$Pname]; } } } session::set('LOCK_VARS_TO_USE', []); session::set('LOCK_VARS_USED_GET', $LOCK_VARS_USED_GET); session::set('LOCK_VARS_USED_POST', $LOCK_VARS_USED_POST); session::set('LOCK_VARS_USED_REQUEST', $LOCK_VARS_USED_REQUEST); } /* Prepare and show template */ $smarty = get_smarty(); $smarty->assign('allow_readonly', $allow_readonly); if (is_array($dn)) { $msg = '<pre>'; foreach ($dn as $sub_dn) { $msg .= "\n".$sub_dn.', '; } $msg = preg_replace("/, $/", "</pre>", $msg); } else { $msg = $dn; } $smarty->assign('dn', $msg); if ($remove) { $smarty->assign('action', _('Continue anyway')); } else { $smarty->assign('action', _('Edit anyway')); } $smarty->assign('message', sprintf(_("You're going to edit the LDAP entry/entries %s"), "<b>".$msg."</b>", "")); $smarty->assign('locks', $locks); return $smarty->fetch(get_template_path('islocked.tpl')); } /*! * \brief Return a string/HTML representation of an array * * This returns a string representation of a given value. * It can be used to dump arrays, where every value is printed * on its own line. The output is targetted at HTML output, it uses * '<br>' for line breaks. If the value is already a string its * returned unchanged. * * \param mixed $value Whatever needs to be printed. * * \return string $value in html form. */ function to_string ($value)
981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050
{ /* If this is an array, generate a text blob */ if (is_array($value)) { $ret = ''; foreach ($value as $line) { $ret .= $line."<br>\n"; } return $ret; } else { return $value; } } /*! \brief Function to rewrite some problematic characters * * This function takes a string and replaces all possibly characters in it * with less problematic characters, as defined in $REWRITE. * * \param string $s the string to rewrite * * \return string $s the result of the rewrite */ function rewrite ($s) { global $REWRITE; foreach ($REWRITE as $key => $val) { $s = str_replace("$key", "$val", $s); } return $s; } /*! * \brief Return the base of a given DN * * \param string $dn a DN * \param string $ou an ou to remove from the base * * \return base of the given DN */ function dn2base ($dn, $ou = NULL) { if ($ou === NULL) { if (get_people_ou() != '') { $dn = preg_replace('/,'.get_people_ou().'/i', ',', $dn); } if (get_ou('groupRDN') != '') { $dn = preg_replace('/,'.get_ou('groupRDN').'/i', ',', $dn); } } else { $dn = preg_replace("/,$ou/i", ',', $dn); } return preg_replace('/^[^,]+,/i', '', $dn); } /*! * \brief Check if a given command exists and is executable * * Test if a given cmdline contains an executable command. Strips * arguments from the given cmdline. * * \param string $cmdline the cmdline to check * * \return TRUE if command exists and is executable, otherwise FALSE. */ function check_command ($cmdline) {
1051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120
$cmd = preg_replace("/ .*$/", '', $cmdline); /* Check if command exists in filesystem */ if (!file_exists($cmd)) { return FALSE; } /* Check if command is executable */ if (!is_executable($cmd)) { return FALSE; } return TRUE; } /*! * \brief Put netmask in n.n.n.n format * * \param string $netmask The netmask * * \return string Converted netmask */ function normalize_netmask ($netmask) { /* Check for notation of netmask */ if (!preg_match('/^([0-9]+\.){3}[0-9]+$/', $netmask)) { $num = (int)($netmask); $netmask = ""; for ($byte = 0; $byte < 4; $byte++) { $result = 0; for ($i = 7; $i >= 0; $i--) { if ($num-- > 0) { $result += 2 ** $i; } } $netmask .= $result."."; } return preg_replace('/\.$/', '', $netmask); } return $netmask; } /*! * \brief Return the number of set bits in the netmask * * For a given subnetmask (for example 255.255.255.0) this returns * the number of set bits. * * Example: * \code * $bits = netmask_to_bits('255.255.255.0') # Returns 24 * $bits = netmask_to_bits('255.255.254.0') # Returns 23 * \endcode * * Be aware of the fact that the function does not check * if the given subnet mask is actually valid. For example: * Bad examples: * \code * $bits = netmask_to_bits('255.0.0.255') # Returns 16 * $bits = netmask_to_bits('255.255.0.255') # Returns 24 * \endcode * * \param $netmask given netmask *
1121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190
* \return the number of bits in the netmask */ function netmask_to_bits ($netmask) { $nm = explode('.', $netmask, 4); $res = 0; for ($n = 0; $n < 4; $n++) { $start = 255; for ($i = 0; $i < 8; $i++) { if ($start == (int)($nm[$n])) { $res += 8 - $i; break; } $start -= 2 ** $i; } } return $res; } /*! * \brief Convert various data sizes to bytes * * Given a certain value in the format n(g|m|k), where n * is a value and (g|m|k) stands for Gigabyte, Megabyte and Kilobyte * this function returns the byte value. * * \param string $value a value in the above specified format * * \return a byte value or the original value if specified string is simply * a numeric value */ function to_byte ($value) { $value = strtolower(trim($value)); if (!is_numeric(substr($value, -1))) { switch (substr($value, -1)) { case 'g': $mult = 1073741824; break; case 'm': $mult = 1048576; break; case 'k': $mult = 1024; break; default: return $value; } return $mult * (int)substr($value, 0, -1); } else { return $value; } } /*! * \brief Convert a size in bytes to a human readable version * * \param float $bytes size in bytes * * \param int $precision number of digits after comma, default is 2 * * \return Returns something like '9.77KiB' for arguments (10000, 2) */ function humanReadableSize ($bytes, $precision = 2) {
1191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260
$format = [ _('%sB'), _('%sKiB'), _('%sMiB'), _('%sGiB'), _('%sTiB'), _('%sPiB'), _('%sEiB'), _('%sZiB'), _('%sYiB') ]; if ($bytes == 0) { return sprintf($format[0], '0'); } $base = log($bytes) / log(1024); return sprintf($format[floor($base)], round(1024 ** ($base - floor($base)), $precision)); } /*! * \brief Check if a value exists in an array (case-insensitive) * * This is just as http://php.net/in_array except that the comparison * is case-insensitive. * * \param string $value needle * * \param array $items haystack * * \return Return TRUE is value is found, FALSE if not. */ function in_array_ics ($value, array $items) { return preg_grep('/^'.preg_quote($value, '/').'$/i', $items); } /*! * \brief Removes malicious characters from a (POST) string. * * \param string $string the string to check for malicious caracters * * \return string with caracters removed */ function validate ($string) { return strip_tags(str_replace('\0', '', $string)); } /*! \brief Recursively delete a path in the file system * * Will delete the given path and all its files recursively. * Can also follow links if told so. * * \param string $path * * \param boolean $followLinks TRUE to follow links, FALSE (default) * for not following links */ function rmdirRecursive ($path, $followLinks = FALSE) { $dir = opendir($path); while ($entry = readdir($dir)) { if (is_file($path."/".$entry) || ((!$followLinks) && is_link($path."/".$entry))) { unlink($path."/".$entry); } elseif (is_dir($path."/".$entry) && ($entry != '.') && ($entry != '..')) { rmdirRecursive($path."/".$entry); } }
1261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330
closedir($dir); return rmdir($path); } /*! * \brief Get directory content information * * Returns the content of a directory as an array in an * ascending sorted manner. * * \param string $path * * \param boolean $sort_desc weither to sort the content descending. * * \return array content of directory in ascending sorted manner. */ function scan_directory ($path, $sort_desc = FALSE) { $ret = FALSE; /* is this a dir ? */ /* is this path a readable one */ if (is_dir($path) && is_readable($path)) { /* Get contents and write it into an array */ $ret = []; $dir = opendir($path); /* Is this a correct result ?*/ if ($dir) { while ($fp = readdir($dir)) { $ret[] = $fp; } } } /* Sort array ascending , like scandir */ sort($ret); /* Sort descending if parameter is sort_desc is set */ if ($sort_desc) { $ret = array_reverse($ret); } return $ret; } /*! * \brief Clean the smarty compile dir * * \param string $directory smarty compile dir */ function clean_smarty_compile_dir ($directory) { if (is_dir($directory) && is_readable($directory)) { // Set revision filename to REVISION $revision_file = $directory."/REVISION"; /* Is there a stamp containing the current revision? */ if (file_exists($revision_file)) { // check for "$config->...['CONFIG']/revision" and the // contents should match the revision number if (!compare_revision($revision_file, FD_VERSION)) { // If revision differs, clean compile directory foreach (scan_directory($directory) as $file) { if (($file == '.') || ($file == '..')) { continue; } if (is_file($directory.'/'.$file) && !unlink($directory.'/'.$file)) {
1331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400
$error = new FusionDirectoryError( htmlescape(sprintf( _('File "%s" could not be deleted. Try "fusiondirectory-setup --check-directories" to fix permissions.'), $directory."/".$file )) ); $error->display(); } } } else { // Revision matches, nothing to do } } /* If the file does not exists or has just been deleted */ if (!file_exists($revision_file)) { // create revision file create_revision($revision_file, FD_VERSION); } } } /*! * \brief Create the revision file * * Create the revision file in FusionDirectory spool dir * * \param string $revision_file the name of the revision file * * \param string $revision the version of FusionDirectory * * \return TRUE if successfully created FALSE otherwise */ function create_revision ($revision_file, $revision) { $result = FALSE; if (is_dir(dirname($revision_file)) && is_writable(dirname($revision_file))) { $fh = fopenWithErrorHandling($revision_file, 'w'); if (is_array($fh)) { $error = new FusionDirectoryError( htmlescape(_('Cannot write to revision file:')).'<br/>'. implode( '<br/>', array_map('htmlescape', $fh) ) ); $error->display(); return $result; } else { if (fwrite($fh, $revision)) { $result = TRUE; } fclose($fh); } } if (!$result) { $error = new FusionDirectoryError(htmlescape(_('Cannot write to revision file!'))); $error->display(); } return $result; } /*! * \brief Compare the revision file * * Create the revision file in FusionDirectory spool dir * * \param string $revision_file the name of the revision file
1401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470
* \param string $revision the version of FusionDirectory * * \return TRUE if revision match FALSE otherwise */ function compare_revision ($revision_file, $revision) { // FALSE means revision differs $result = FALSE; if (file_exists($revision_file) && is_readable($revision_file)) { // Open file $fh = fopenWithErrorHandling($revision_file, 'r'); if (is_array($fh)) { $error = new FusionDirectoryError( htmlescape(_('Cannot read revision file:')).'<br/>'. implode( '<br/>', array_map('htmlescape', $fh) ) ); $error->display(); } else { // Compare File contents with current revision if ($revision == fread($fh, filesize($revision_file))) { $result = TRUE; } // Close file fclose($fh); } } return $result; } /*! * \brief Lookup a key in an array case-insensitive * * Given an associative array this can lookup the value of * a certain key, regardless of the case. * * \code * $items = array ('FOO' => 'blub', 'bar' => 'blub'); * array_key_ics('foo', $items); # Returns 'blub' * array_key_ics('BAR', $items); # Returns 'blub' * \endcode * * \param string $ikey needle * * \param array $items haystack * * \return return key or empty result */ function array_key_ics ($ikey, array $items) { $tmp = array_change_key_case($items, CASE_LOWER); $ikey = strtolower($ikey); if (isset($tmp[$ikey])) { return $tmp[$ikey]; } return ''; } /*! * \brief Determine if two arrays are different * * \param array $src The source *
1471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540
* \param array $dst The destination * * \return boolean TRUE or FALSE */ function array_differs (array $src, array $dst) { /* If the count is differing, the arrays differ */ if (count($src) != count($dst)) { return TRUE; } return (count(array_diff($src, $dst)) != 0); } /*! * \brief Determine if two arrays are different using recursion for sublevels * * \param array $src The source * * \param array $dst The destination * * \return boolean TRUE or FALSE */ function array_differs_recursive ($src, $dst) { if (is_array($src)) { if (!is_array($dst)) { return TRUE; } if (count($src) != count($dst)) { return TRUE; } foreach ($src as $key => $value) { if (!isset($dst[$key])) { return TRUE; } if (array_differs_recursive($dst[$key], $value)) { return TRUE; } } return FALSE; } return ((string)$src != (string)$dst); } /*! * \brief Escape all LDAP filter relevant characters * * \param string $input string where we should add \ before special caracters * */ function normalizeLdap ($input) { trigger_error('deprecated, use ldap_escape_f'); return addcslashes($input, '*()\\/'); } /*! * \brief Check if LDAP schema matches the requirements * * \param string $cfg A config object */ function check_schema (array $cfg) { $checks = []; /* Get objectclasses */ $ldapObj = new LDAP($cfg['admin'], $cfg['password'], $cfg['connection'], FALSE, $cfg['tls']); $ldap = new ldapMultiplexer($ldapObj); $objectclasses = $ldap->get_objectclasses(TRUE);