Commit b3a0de19 authored by bmortier's avatar bmortier

Merge branch '1.0.10-fixes'

parents 48333c0e 5cb73bc7
FusionDirectory changelog
=========================
* FusionDirectory 1.0.11
|Fix] FusionDirectory plugins - Bugs #4391: Choices order seems random in shell
|Fix] Bugs #4621: Use of mcrypt should be removed
|Fix] FusionDirectory plugins - Bugs #4630: DNS adding reverse zone issue (tested on FD 1.0.10) in class B and class A
|Fix] FusionDirectory plugins - Bugs #4631: DNS menu is not displayed without systems plugin
|Fix] FusionDirectory plugins - Bugs #4632: Webservice needs a better method for modification
|Fix] Bugs #4633: change requirement to php 5.4 for centos
|Fix] Bugs #4634: DNS PTR migration does not work
|Fix] FusionDirectory plugins - Bugs #4635: [DNS] Reverse zone association breaks when there are several A record for the same domain.
|Fix] FusionDirectory plugins - Bugs #4636: [SYSTEMS] When add Windows Workstation (winStation) and enable DHCP it will not be enabled when edit again
|Fix] FusionDirectory plugins - Bugs #4637: DNS tab won’t work on winstations
|Fix] Bugs #4638: UI issue, entry disappear in 'Base' dropdown
|Fix] Bugs #4639: depending on FD language setting, the calendar doesn't show up on icon click
|Fix] Bugs #4640: strange error when following org's link from user "references" tab
|Fix] Bugs #4652: The weird _copy fallback should be removed
|Fix] Bugs #4653: Having a wrong default location should trigger a fatal error
|Fix] FusionDirectory plugins - Bugs #4654: DHCP seems to use inexistant method getCn
|Fix] Bugs #4655: The edit anyway button does not work in my account menu
|Fix] FusionDirectory plugins - Bugs #4658: csv import with empty field
|Fix] Bugs #4659: when creating a user via template or csv import, mandatory , alreay defined fields have to be re-inputed even if already defined
|Fix] Bugs #4667: Samba munged dial fields are always asked when using a template
|Fix] Bugs #4673: ImageAttribute are broken
|Fix] FusionDirectory plugins - Bugs #4675: csv import, add an option for not importing anything in case of error
|Fix] FusionDirectory plugins - Bugs #4676: Edit IDs problems related to our selenium test
|Fix] FusionDirectory plugins - Wishlist #4657: community organization membership type
|Fix] FusionDirectory plugins - Wishlist #4660: csv import lacks an option or help on what to do with the first line
* FusionDirectory 1.0.10
[Feature] Bugs #1217: DNS service must be redone
......
......@@ -732,7 +732,7 @@ sub get_ldap_connexion {
# read ldap's server's info from /etc/fusiondirectory/fusiondirectory.conf
if (-e $fd_config) {
my $twig = XML::Twig->new(); # create the twig
$twig->parsefile($fd_config); # build it
$twig->safe_parsefile($fd_config) or die("There is an error in $fd_config XML code: ".(split /\n/, $@)[1]."\n");
my @locs = $twig->root->first_child('main')->children('location');
my %locations = ();
foreach my $loc (@locs) {
......@@ -1363,7 +1363,27 @@ sub migrate_dns {
$result->code && die "Migration of DNS zone subentry failed, LDAP error: ".$result->error."\n";
}
# Fix reverse zone PTR records DNs
$mesg = $ldap->search(
base => $zoneDn,
filter => "(&(objectClass=dNSZone)(!(relativeDomainName=@))(|(zoneName=*.arpa)(zoneName=*.arpa.)))"
);
$mesg->code && die $mesg->error;
@entries = $mesg->entries;
foreach my $entry (@entries) {
$entry->dn() =~ m/^([^,]+),relativeDomainName=[^,]+,$zoneDn$/ or next;
$result = $ldap->moddn (
$entry->dn(),
newrdn => $1,
deleteoldrdn => '1',
newsuperior => 'zoneName='.$entry->get_value('zoneName').','.$zoneDn
);
$result->code && die "Migration of DNS reverse zone subentry ".$entry->dn()." failed, LDAP error: ".$result->error."\n";
}
# Add DNS tab on server
$mesg = $ldap->search(
base => $systemdn,
scope => 'base',
......
......@@ -1265,6 +1265,32 @@ If they are old objectClasses it will warn you and you will have to remove it by
!! Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.10 to 1.0.11
=============================================
Ubuntu 12.0.4 TLS users
=======================
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first
=============================
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
---
* Further information
......
......@@ -256,8 +256,12 @@ DatePicker.prototype = {
/* arguments */
this._relative= h_p["relative"];
if (h_p["language"])
if (h_p["language"]) {
this._language = h_p["language"];
if (this._language_close.get(this._language) == undefined) {
this._language = 'en';
}
}
this._zindex = ( h_p["zindex"] ) ? parseInt(Number(h_p["zindex"])) : 999;
if (!Object.isUndefined(h_p["keepFieldEmpty"]))
this._keepFieldEmpty = h_p["keepFieldEmpty"];
......
......@@ -293,11 +293,12 @@ class config {
session::global_set('HTTP_FDKEY_CACHE', $cache);
} catch (Exception $e) {
$msg = sprintf(
_('It seems you are trying to decode something which is not encoded : %s<br/>\n'.
_('It seems you are trying to decode something which is not encoded : %s<br/>'."\n".
'Please check you are not using a fusiondirectory.secrets file while your passwords are not encrypted.'),
$e->getMessage()
);
msg_dialog::display(_("Configuration error"), $msg, FATAL_ERROR_DIALOG);
msg_dialog::display(_('Configuration error'), $msg, FATAL_ERROR_DIALOG);
exit;
}
}
return $cache[$creds];
......@@ -368,6 +369,10 @@ class config {
*/
function set_current($name)
{
if (!isset($this->data['LOCATIONS'][$name])) {
msg_dialog::display(_('Error'), sprintf(_('Location "%s" could not be found in the configuration file'), $name), FATAL_ERROR_DIALOG);
exit;
}
$this->current = $this->data['LOCATIONS'][$name];
if (isset($this->current['INITIAL_BASE'])) {
......@@ -608,13 +613,10 @@ class config {
}
}
/*!
* \brief Store the departments from ldap in $this->departments
*
* \param string $ignore_dn dn of the department
*/
function get_departments($ignore_dn = "")
function get_departments()
{
/* Initialize result hash */
$result = array();
......@@ -629,14 +631,14 @@ class config {
$types = departmentManagement::getDepartmentTypes();
/* Create a list of attributes to fetch */
$filter = "";
$ldap_values = array("objectClass", "description");
$filter = '';
$ldap_values = array('objectClass', 'description');
foreach ($types as $type) {
$i = objects::infos($type);
$filter .= $i['filter'];
$ldap_values[] = $i['mainAttr']; // Specific key for departement objectTypes
}
$filter = "(|".$filter.")";
$filter = '(|'.$filter.')';
/* Get list of department objects */
$ldap = $this->get_ldap_link();
......@@ -660,17 +662,15 @@ class config {
$dn = $ldap->getDN();
$data = objects::infos($oc);
$this->department_info[$dn] = array("img" => $data['icon'],
"description" => isset($attrs['description'][0])?$attrs['description'][0]:"",
"name" => $attrs[$data['mainAttr']][0]);
if ($dn == $ignore_dn) {
continue;
}
$c_dn = convert_department_dn($dn)." (".$data['mainAttr'].")";
$this->department_info[$dn] = array(
'img' => $data['icon'],
'description' => (isset($attrs['description'][0]) ? $attrs['description'][0] : ''),
'name' => $attrs[$data['mainAttr']][0]
);
/* Only assign non-root departments */
if ($dn != $result['/']) {
$c_dn = convert_department_dn($dn).' ('.$data['mainAttr'].')';
$result[$c_dn] = $dn;
}
}
......
......@@ -594,29 +594,6 @@ class LDAP
}
}
/*!
* \brief Rename the dn
*
* \param string $attrs
*
* \param string $dn The DN
*/
function rename($attrs, $dn = "")
{
if ($this->hascon) {
if ($this->reconnect) $this->connect();
if ($dn == "")
$dn = $this->basedn;
$r = @ldap_mod_replace($this->cid, LDAP::fix($dn), $attrs);
$this->error = @ldap_error($this->cid);
return $r;
} else {
$this->error = "Could not connect to LDAP server";
return "";
}
}
/*!
* \brief Remove directory
*
......
......@@ -145,6 +145,7 @@ class management
*/
function execute()
{
global $config;
// Ensure that html posts and gets are kept even if we see a 'Entry islocked' dialog.
$vars = array('/^act$/','/^listing/','/^PID$/','/^FILTER_PID$/');
session::set('LOCK_VARS_TO_USE', $vars);
......@@ -167,6 +168,7 @@ class management
// Pre-render list to init things if a dn is gonna be opened on first load
if (isset($_REQUEST['dn'])) {
$this->headpage->setBase($config->current['BASE']);
$this->headpage->filter->setCurrentScope('sub');
$this->renderList();
}
......
......@@ -797,7 +797,12 @@ class plugin
array_map(
function ($a) use (&$cache, $depends, $forbidden)
{
return plugin::tpl_depends_of ($cache, $depends, $a, $forbidden);
$deps = plugin::tpl_depends_of ($cache, $depends, $a, $forbidden);
if (($askmeKey = array_search('askme', $deps)) !== FALSE) {
/* Do not flat special askme dependency */
unset($deps[$askmeKey]);
}
return $deps;
},
$depends[$key]
);
......@@ -1039,152 +1044,6 @@ class plugin
return 'none';
}
/*!
* \brief ldap rebind
*
* \param string $ldap
*
* \param string $referral
*/
function rebind($ldap, $referral)
{
$credentials = LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
if (ldap_bind($ldap, $credentials['ADMIN'], $this->config->get_credentials($credentials['PASSWORD']))) {
$this->error = "Success";
$this->hascon = TRUE;
$this->reconnect = TRUE;
return 0;
} else {
$this->error = "Could not bind to " . $credentials['ADMIN'];
return NULL;
}
}
/*
* \brief Recursively copy ldap object
*
* \param string $src_dn The DN source
*
* \param string $dst_dn The DN destination
*/
function _copy($src_dn, $dst_dn)
{
$ldap = $this->config->get_ldap_link();
$ldap->cat($src_dn);
$attrs = $ldap->fetch();
/* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
$ds = ldap_connect($this->config->current['SERVER']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
ldap_set_rebind_proc($ds, array(&$this, "rebind"));
}
$pwd = $this->config->get_credentials($this->config->current['ADMINPASSWORD']);
ldap_bind($ds, $this->config->current['ADMINDN'], $pwd);
/* Fill data from LDAP */
$new = array();
if ($sr = ldap_read($ds, LDAP::fix($src_dn), "objectClass=*")) {
if ($ei = ldap_first_entry($ds, $sr)) {
foreach (array_keys($attrs) as $attr) {
if ($info = @ldap_get_values_len($ds, $ei, $attr)) {
for ($i = 0; $i < $info['count']; $i++) {
if ($info['count'] == 1) {
$new[$attr] = $info[$i];
} else {
$new[$attr][] = $info[$i];
}
}
}
}
}
}
/* close connexion */
ldap_unbind($ds);
/* Adapt naming attribute */
$dst_name = preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
$dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
$new[$dst_name] = LDAP::fix($dst_val);
/* Check if this is a department.
* If it is a dep. && there is a , override in his ou
* change \2C to , again, else this entry can't be saved ...
*/
if (isset($new['ou']) && preg_match("/\\,/", $new['ou'])) {
$new['ou'] = str_replace("\\\\,", ",", $new['ou']);
}
/* Save copy */
$ldap->connect();
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
/* FAIvariable=.../..., cn=..
could not be saved, because the attribute FAIvariable was different to
the dn FAIvariable=..., cn=... */
if (!is_array($new['objectClass'])) {
$new['objectClass'] = array($new['objectClass']);
}
if (in_array_ics("FAIdebconfInfo", $new['objectClass'])) {
$new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
}
$ldap->cd($dst_dn);
$ldap->add($new);
if (!$ldap->success()) {
trigger_error('Trying to save '.$dst_dn.' failed: '.$ldap->get_error(), E_USER_WARNING);
return FALSE;
}
return TRUE;
}
/*
* \brief Copy ldap object.
* This is a workaround function
*
* \param string $src_dn The DN source
*
* \param string $dst_dn The DN destination
*/
function copy($src_dn, $dst_dn)
{
/* Rename dn in possible object groups */
$ldap = $this->config->get_ldap_link();
$ldap->cat($dst_dn);
$attrs = $ldap->fetch();
if (count($attrs)) {
trigger_error("Trying to overwrite ".LDAP::fix($dst_dn).", which already exists.",
E_USER_WARNING);
return FALSE;
}
$ldap->cat($src_dn);
$attrs = $ldap->fetch();
if (!count($attrs)) {
trigger_error("Trying to move ".LDAP::fix($src_dn).", which does not seem to exist.",
E_USER_WARNING);
return FALSE;
}
$ldap->cd($src_dn);
$ldap->search("objectClass=*", array("dn"));
$res = TRUE;
while ($attrs = $ldap->fetch()) {
$src = $attrs['dn'];
$dst = preg_replace("/".preg_quote($src_dn, '/')."$/", $dst_dn, $attrs['dn']);
$res = $res && $this->_copy($src, $dst);
}
return $res;
}
/*!
* \brief Rename/Move a given src_dn to the given dest_dn
*
......@@ -1202,12 +1061,12 @@ class plugin
/* Try to move the source entry to the destination position */
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace("/^[^,]+,/", "", $dst_dn));
$ldap->create_missing_trees(preg_replace("/^[^,]+,/", '', $dst_dn));
if (!$ldap->rename_dn($src_dn, $dst_dn)) {
new log("debug", "Ldap Protocol v3 implementation error, ldap_rename failed, falling back to manual copy.",
new log('debug', 'Ldap Protocol v3 implementation error, ldap_rename failed.',
"FROM: $src_dn -- TO: $dst_dn", array(), $ldap->get_error());
@DEBUG(DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, "Rename failed FROM: $src_dn -- TO: $dst_dn",
"Ldap Protocol v3 implementation error, falling back to manual method. Error:".$ldap->get_error());
'Ldap Protocol v3 implementation error. Error:'.$ldap->get_error());
return FALSE;
}
......@@ -1229,22 +1088,9 @@ class plugin
return TRUE;
}
/* Try to move with ldap routines, if this was not successfull
fall back to the old style copy & remove method
*/
/* Try to move with ldap routines */
if (!$this->rename($src_dn, $dst_dn)) {
/* Copy source to destination */
if (!$this->copy($src_dn, $dst_dn)) {
return FALSE;
}
/* Delete source */
$ldap = $this->config->get_ldap_link();
$ldap->rmdir_recursive($src_dn);
if (!$ldap->success()) {
trigger_error('Trying to delete '.$src_dn.' failed: '.$ldap->get_error(), E_USER_WARNING);
return FALSE;
}
return FALSE;
}
/* Get list of users,groups and roles within this tree,
......
......@@ -48,6 +48,7 @@ class session {
/* Sanity check */
if (!session::channel_exists($channel)) {
msg_dialog::display(_("Internal error"), _("Requested channel does not exist! Please contact your Administrator."), FATAL_ERROR_DIALOG);
exit;
}
$channel = "gch_".$channel;
......@@ -85,6 +86,7 @@ class session {
/* Sanity check */
if (!session::channel_exists($channel)) {
msg_dialog::display(_("Internal error"), _("Requested channel does not exist! Please contact your Administrator."), FATAL_ERROR_DIALOG);
exit;
}
$_SESSION[$channel][$name] = $value;
}
......@@ -123,6 +125,7 @@ class session {
/* Sanity check */
if (!session::channel_exists($channel)) {
msg_dialog::display(_("Internal error"), _("Requested channel does not exist! Please contact your Administrator."), FATAL_ERROR_DIALOG);
exit;
}
$channel = "gch_".$channel;
......
......@@ -50,7 +50,7 @@ class template
$this->attributes[$class] = array();
$attrs = array_unique(array_merge($this->tabObject->by_object[$class]->getRequiredAttributes(), $this->needed));
foreach (array_keys($this->tabObject->by_object[$class]->attributesAccess) as $attr) {
if (isset($this->attrs[$attr])) {
if (!$plugin->showInTemplate($attr, $this->attrs)) {
continue;
}
if (in_array($attr, $attrs)) {
......@@ -64,7 +64,8 @@ class template
/* Used when you need to re-apply the same template with different values */
function reset()
{
list($this->attrs, ) = plugin::tpl_fetch_template($this->dn);
list($this->attrs, $depends) = plugin::tpl_fetch_template($this->dn);
$this->needed = plugin::tpl_needed_attrs($this->attrs, $depends); // This is needed because it removes %askme% values from attrs
$this->tabObject = objects::create($this->type);
$tempTabObject = objects::open($this->dn, $this->type); /* Used to know which tab is activated */
foreach ($tempTabObject->by_object as $class => &$plugin) {
......
......@@ -3023,7 +3023,7 @@ function cred_decrypt($input, $password)
$input = substr($input, 16);
$key_len = 32;
$iv_len = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv_len = openssl_cipher_iv_length('aes-256-cbc');
$data = '';
$d = '';
......@@ -3034,7 +3034,7 @@ function cred_decrypt($input, $password)
$key = substr($data, 0, $key_len);
$iv = substr($data, $key_len, $iv_len);
return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $input, MCRYPT_MODE_CBC, $iv), "\x00..\x1F");
return openssl_decrypt($input, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
}
......
......@@ -1738,6 +1738,7 @@ class ImageAttribute extends FileAttribute
*/
function loadPostValue ()
{
$this->postValue = $this->value;
if (isset($_POST['upload'.$this->getHtmlId()])) {
parent::loadPostValue();
}
......
......@@ -778,8 +778,8 @@ class simplePlugin extends plugin
$lock_msg = "";
if ($edit_mode) {
/* Remove locks created by this plugin */
if ($remove_lock || isset($_POST['edit_cancel'])) {
if (session::is_set($classname) && session::is_set('edit')) {
if ($remove_lock || (isset($_POST['edit_cancel']) && session::is_set('edit'))) {
if (session::is_set($classname)) {
del_lock($entry_dn);
}
}
......@@ -792,8 +792,8 @@ class simplePlugin extends plugin
} else {
/* Reset requested? */
if ($edit_mode && isset($_POST['edit_cancel'])) {
session::un_set('edit');
session::un_set($classname);
session::un_set('edit');
}
/* Create account object on demand */
......@@ -988,6 +988,15 @@ class simplePlugin extends plugin
}
unset($attr);
}
/* Returns TRUE if this attribute should be asked in the creation by template dialog */
function showInTemplate($attr, $templateAttrs)
{
if (isset($templateAttrs[$attr])) {
return FALSE;
}
return TRUE;
}
}
?>
......@@ -63,7 +63,7 @@ define("FPDF_FONTPATH", "/usr/share/php/fpdf/font/"); /*! Define fpdf font path
/*!
* \brief FusionDirectory Version
*/
define ("FD_VERSION", "1.0.10"); /*! Define FusionDirectory version */
define ("FD_VERSION", "1.0.11"); /*! Define FusionDirectory version */
/*!
* \brief FusionDirectory config object RDN
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -179,16 +179,6 @@ class department extends simplePlugin
return $message;
}
function execute()
{
/* Reload departments */
$this->config->get_departments($this->dn);
$this->config->make_idepartments();
/* Call parent execute */
return parent::execute();
}
function get_allowed_bases()
{
/* Hide all departments, that are subtrees of this department */
......
......@@ -28,6 +28,7 @@ class deptabs extends simpleTabs
/* Update department cache */
global $config;
$config->get_departments();
$config->make_idepartments();
}
}
?>
......@@ -416,7 +416,7 @@ class user extends simplePlugin
'o', FALSE
),
new StringAttribute (
_('Department'), _('Department'),
_('Department'), _('Department to which the user belongs'),
'ou', FALSE
),
new StringAttribute (
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment