Merge branch '1.0.10-fixes'

Changelog

 FusionDirectory changelog
 =========================
 
+* FusionDirectory 1.0.11
+
+|Fix] FusionDirectory plugins - Bugs #4391: Choices order seems random in shell
+|Fix] Bugs #4621: Use of mcrypt should be removed
+|Fix] FusionDirectory plugins - Bugs #4630: DNS adding reverse zone issue (tested on FD 1.0.10) in class B and class A
+|Fix] FusionDirectory plugins - Bugs #4631: DNS menu is not displayed without systems plugin
+|Fix] FusionDirectory plugins - Bugs #4632: Webservice needs a better method for modification
+|Fix] Bugs #4633: change requirement to php 5.4 for centos
+|Fix] Bugs #4634: DNS PTR migration does not work
+|Fix] FusionDirectory plugins - Bugs #4635: [DNS] Reverse zone association breaks when there are several A record for the same domain.
+|Fix] FusionDirectory plugins - Bugs #4636: [SYSTEMS] When add Windows Workstation (winStation) and enable DHCP it will not be enabled when edit again
+|Fix] FusionDirectory plugins - Bugs #4637: DNS tab won’t work on winstations
+|Fix] Bugs #4638: UI issue, entry disappear in 'Base' dropdown
+|Fix] Bugs #4639: depending on FD language setting, the calendar doesn't show up on icon click
+|Fix] Bugs #4640: strange error when following org's link from user "references" tab
+|Fix] Bugs #4652: The weird _copy fallback should be removed
+|Fix] Bugs #4653: Having a wrong default location should trigger a fatal error
+|Fix] FusionDirectory plugins - Bugs #4654: DHCP seems to use inexistant method getCn
+|Fix] Bugs #4655: The edit anyway button does not work in my account menu
+|Fix] FusionDirectory plugins - Bugs #4658: csv import with empty field
+|Fix] Bugs #4659: when creating a user via template or csv import, mandatory , alreay defined fields have to be re-inputed even if already defined
+|Fix] Bugs #4667: Samba munged dial fields are always asked when using a template
+|Fix] Bugs #4673: ImageAttribute are broken
+|Fix] FusionDirectory plugins - Bugs #4675: csv import, add an option for not importing anything in case of error
+|Fix] FusionDirectory plugins - Bugs #4676: Edit IDs problems related to our selenium test
+|Fix] FusionDirectory plugins - Wishlist #4657: community organization membership type
+|Fix] FusionDirectory plugins - Wishlist #4660: csv import lacks an option or help on what to do with the first line
+
 * FusionDirectory 1.0.10
 
 [Feature] Bugs #1217: DNS service must be redone

contrib/bin/fusiondirectory-setup

@@ -732,7 +732,7 @@ sub get_ldap_connexion {
   # read ldap's server's info from /etc/fusiondirectory/fusiondirectory.conf
   if (-e $fd_config) {
     my $twig = XML::Twig->new();    # create the twig
-    $twig->parsefile($fd_config); # build it
+    $twig->safe_parsefile($fd_config) or die("There is an error in $fd_config XML code: ".(split /\n/, $@)[1]."\n");
     my @locs = $twig->root->first_child('main')->children('location');
     my %locations = ();
     foreach my $loc (@locs) {
@@ -1363,7 +1363,27 @@ sub migrate_dns {
           $result->code && die "Migration of DNS zone subentry failed, LDAP error: ".$result->error."\n";
         }
 
+        # Fix reverse zone PTR records DNs
+        $mesg = $ldap->search(
+          base    => $zoneDn,
+          filter  => "(&(objectClass=dNSZone)(!(relativeDomainName=@))(|(zoneName=*.arpa)(zoneName=*.arpa.)))"
+        );
+        $mesg->code && die $mesg->error;
+
+        @entries = $mesg->entries;
+
+        foreach my $entry (@entries) {
+          $entry->dn() =~ m/^([^,]+),relativeDomainName=[^,]+,$zoneDn$/ or next;
+          $result = $ldap->moddn (
+            $entry->dn(),
+            newrdn        => $1,
+            deleteoldrdn  => '1',
+            newsuperior   => 'zoneName='.$entry->get_value('zoneName').','.$zoneDn
+          );
+          $result->code && die "Migration of DNS reverse zone subentry ".$entry->dn()." failed, LDAP error: ".$result->error."\n";
+        }
 
+        # Add DNS tab on server
         $mesg = $ldap->search(
           base    => $systemdn,
           scope   => 'base',

contrib/docs/UPGRADE

@@ -1265,6 +1265,32 @@ If they are old objectClasses it will warn you and you will have to remove it by
 
 !! Please read it carefully before applying !!
 
+Migrate FusionDirectory from 1.0.10 to 1.0.11
+=============================================
+
+Ubuntu 12.0.4 TLS users
+=======================
+
+Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories 
+
+In case you did not find it, grab the deb from here and install it
+
+http://packages.ubuntu.com/trusty/all/php-cas/download
+
+and select your preferred mirror
+
+Upgrade FusionDirectory first
+=============================
+
+Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
+
+apt-get install fusiondirectory
+
+Upgrade FusionDirectory schema package too.
+
+apt-get install fusiondirectory-schema
+
+
 ---
 * Further information
 

html/include/datepicker.js

@@ -256,8 +256,12 @@ DatePicker.prototype  = {
 
     /* arguments */
     this._relative= h_p["relative"];
-    if (h_p["language"])
+    if (h_p["language"]) {
       this._language = h_p["language"];
+      if (this._language_close.get(this._language) == undefined) {
+        this._language = 'en';
+      }
+    }
     this._zindex = ( h_p["zindex"] ) ? parseInt(Number(h_p["zindex"])) : 999;
     if (!Object.isUndefined(h_p["keepFieldEmpty"]))
       this._keepFieldEmpty  = h_p["keepFieldEmpty"];

include/class_config.inc

@@ -293,11 +293,12 @@ class config  {
           session::global_set('HTTP_FDKEY_CACHE', $cache);
         } catch (Exception $e) {
           $msg = sprintf(
-            _('It seems you are trying to decode something which is not encoded : %s<br/>\n'.
+            _('It seems you are trying to decode something which is not encoded : %s<br/>'."\n".
               'Please check you are not using a fusiondirectory.secrets file while your passwords are not encrypted.'),
             $e->getMessage()
           );
-          msg_dialog::display(_("Configuration error"), $msg, FATAL_ERROR_DIALOG);
+          msg_dialog::display(_('Configuration error'), $msg, FATAL_ERROR_DIALOG);
+          exit;
         }
       }
       return $cache[$creds];
@@ -368,6 +369,10 @@ class config  {
    */
   function set_current($name)
   {
+    if (!isset($this->data['LOCATIONS'][$name])) {
+      msg_dialog::display(_('Error'), sprintf(_('Location "%s" could not be found in the configuration file'), $name), FATAL_ERROR_DIALOG);
+      exit;
+    }
     $this->current = $this->data['LOCATIONS'][$name];
 
     if (isset($this->current['INITIAL_BASE'])) {
@@ -608,13 +613,10 @@ class config  {
     }
   }
 
-
   /*!
    * \brief Store the departments from ldap in $this->departments
-   *
-   * \param string $ignore_dn dn of the department
    */
-  function get_departments($ignore_dn = "")
+  function get_departments()
   {
     /* Initialize result hash */
     $result = array();
@@ -629,14 +631,14 @@ class config  {
     $types = departmentManagement::getDepartmentTypes();
 
     /* Create a list of attributes to fetch */
-    $filter       = "";
-    $ldap_values  = array("objectClass", "description");
+    $filter       = '';
+    $ldap_values  = array('objectClass', 'description');
     foreach ($types as $type) {
       $i = objects::infos($type);
       $filter         .= $i['filter'];
       $ldap_values[]  = $i['mainAttr']; // Specific key for departement objectTypes
     }
-    $filter = "(|".$filter.")";
+    $filter = '(|'.$filter.')';
 
     /* Get list of department objects */
     $ldap = $this->get_ldap_link();
@@ -660,17 +662,15 @@ class config  {
 
       $dn   = $ldap->getDN();
       $data = objects::infos($oc);
-      $this->department_info[$dn] = array("img"         => $data['icon'],
-                                         "description"  => isset($attrs['description'][0])?$attrs['description'][0]:"",
-                                         "name"         => $attrs[$data['mainAttr']][0]);
-
-      if ($dn == $ignore_dn) {
-        continue;
-      }
-      $c_dn = convert_department_dn($dn)." (".$data['mainAttr'].")";
+      $this->department_info[$dn] = array(
+        'img'         => $data['icon'],
+        'description' => (isset($attrs['description'][0]) ? $attrs['description'][0] : ''),
+        'name'        => $attrs[$data['mainAttr']][0]
+      );
 
       /* Only assign non-root departments */
       if ($dn != $result['/']) {
+        $c_dn = convert_department_dn($dn).' ('.$data['mainAttr'].')';
         $result[$c_dn] = $dn;
       }
     }

include/class_ldap.inc

@@ -594,29 +594,6 @@ class LDAP
     }
   }
 
-  /*!
-   * \brief Rename the dn
-   *
-   * \param string $attrs
-   *
-   * \param string $dn The DN
-   */
-  function rename($attrs, $dn = "")
-  {
-    if ($this->hascon) {
-      if ($this->reconnect) $this->connect();
-      if ($dn == "")
-        $dn = $this->basedn;
-
-      $r = @ldap_mod_replace($this->cid, LDAP::fix($dn), $attrs);
-      $this->error = @ldap_error($this->cid);
-      return $r;
-    } else {
-      $this->error = "Could not connect to LDAP server";
-      return "";
-    }
-  }
-
   /*!
    * \brief Remove directory
    *

include/class_management.inc

@@ -145,6 +145,7 @@ class management
    */
   function execute()
   {
+    global $config;
     // Ensure that html posts and gets are kept even if we see a 'Entry islocked' dialog.
     $vars = array('/^act$/','/^listing/','/^PID$/','/^FILTER_PID$/');
     session::set('LOCK_VARS_TO_USE', $vars);
@@ -167,6 +168,7 @@ class management
 
     // Pre-render list to init things if a dn is gonna be opened on first load
     if (isset($_REQUEST['dn'])) {
+      $this->headpage->setBase($config->current['BASE']);
       $this->headpage->filter->setCurrentScope('sub');
       $this->renderList();
     }

include/class_plugin.inc

@@ -797,7 +797,12 @@ class plugin
       array_map(
         function ($a) use (&$cache, $depends, $forbidden)
         {
-          return plugin::tpl_depends_of ($cache, $depends, $a, $forbidden);
+          $deps = plugin::tpl_depends_of ($cache, $depends, $a, $forbidden);
+          if (($askmeKey = array_search('askme', $deps)) !== FALSE) {
+            /* Do not flat special askme dependency */
+            unset($deps[$askmeKey]);
+          }
+          return $deps;
         },
         $depends[$key]
       );
@@ -1039,152 +1044,6 @@ class plugin
     return 'none';
   }
 
-  /*!
-   * \brief ldap rebind
-   *
-   * \param string $ldap
-   *
-   * \param string $referral
-   */
-  function rebind($ldap, $referral)
-  {
-    $credentials = LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
-    if (ldap_bind($ldap, $credentials['ADMIN'], $this->config->get_credentials($credentials['PASSWORD']))) {
-      $this->error      = "Success";
-      $this->hascon     = TRUE;
-      $this->reconnect  = TRUE;
-      return 0;
-    } else {
-      $this->error = "Could not bind to " . $credentials['ADMIN'];
-      return NULL;
-    }
-  }
-
-  /*
-   * \brief Recursively copy ldap object
-   *
-   * \param string $src_dn The DN source
-   *
-   * \param string $dst_dn The DN destination
-   */
-  function _copy($src_dn, $dst_dn)
-  {
-    $ldap = $this->config->get_ldap_link();
-    $ldap->cat($src_dn);
-    $attrs = $ldap->fetch();
-
-    /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
-    $ds = ldap_connect($this->config->current['SERVER']);
-    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
-    if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
-      ldap_set_rebind_proc($ds, array(&$this, "rebind"));
-    }
-
-    $pwd  = $this->config->get_credentials($this->config->current['ADMINPASSWORD']);
-    ldap_bind($ds, $this->config->current['ADMINDN'], $pwd);
-
-    /* Fill data from LDAP */
-    $new = array();
-    if ($sr = ldap_read($ds, LDAP::fix($src_dn), "objectClass=*")) {
-      if ($ei = ldap_first_entry($ds, $sr)) {
-        foreach (array_keys($attrs) as $attr) {
-          if ($info = @ldap_get_values_len($ds, $ei, $attr)) {
-            for ($i = 0; $i < $info['count']; $i++) {
-              if ($info['count'] == 1) {
-                $new[$attr] = $info[$i];
-              } else {
-                $new[$attr][] = $info[$i];
-              }
-            }
-          }
-        }
-      }
-    }
-
-    /* close connexion */
-    ldap_unbind($ds);
-
-    /* Adapt naming attribute */
-    $dst_name       = preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
-    $dst_val        = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
-    $new[$dst_name] = LDAP::fix($dst_val);
-
-    /* Check if this is a department.
-     * If it is a dep. && there is a , override in his ou
-     *  change \2C to , again, else this entry can't be saved ...
-     */
-    if (isset($new['ou']) && preg_match("/\\,/", $new['ou'])) {
-      $new['ou'] = str_replace("\\\\,", ",", $new['ou']);
-    }
-
-    /* Save copy */
-    $ldap->connect();
-    $ldap->cd($this->config->current['BASE']);
-
-    $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
-
-    /* FAIvariable=.../..., cn=..
-        could not be saved, because the attribute FAIvariable was different to
-        the dn FAIvariable=..., cn=... */
-
-    if (!is_array($new['objectClass'])) {
-      $new['objectClass'] = array($new['objectClass']);
-    }
-
-    if (in_array_ics("FAIdebconfInfo", $new['objectClass'])) {
-      $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
-    }
-    $ldap->cd($dst_dn);
-    $ldap->add($new);
-
-    if (!$ldap->success()) {
-      trigger_error('Trying to save '.$dst_dn.' failed: '.$ldap->get_error(), E_USER_WARNING);
-      return FALSE;
-    }
-    return TRUE;
-  }
-
-  /*
-   * \brief Copy ldap object.
-   * This is a workaround function
-   *
-   * \param string $src_dn The DN source
-   *
-   * \param string $dst_dn The DN destination
-   */
-  function copy($src_dn, $dst_dn)
-  {
-    /* Rename dn in possible object groups */
-    $ldap = $this->config->get_ldap_link();
-
-    $ldap->cat($dst_dn);
-    $attrs = $ldap->fetch();
-    if (count($attrs)) {
-      trigger_error("Trying to overwrite ".LDAP::fix($dst_dn).", which already exists.",
-          E_USER_WARNING);
-      return FALSE;
-    }
-
-    $ldap->cat($src_dn);
-    $attrs = $ldap->fetch();
-    if (!count($attrs)) {
-      trigger_error("Trying to move ".LDAP::fix($src_dn).", which does not seem to exist.",
-          E_USER_WARNING);
-      return FALSE;
-    }
-
-    $ldap->cd($src_dn);
-    $ldap->search("objectClass=*", array("dn"));
-    $res = TRUE;
-    while ($attrs = $ldap->fetch()) {
-      $src = $attrs['dn'];
-      $dst = preg_replace("/".preg_quote($src_dn, '/')."$/", $dst_dn, $attrs['dn']);
-      $res = $res && $this->_copy($src, $dst);
-    }
-    return $res;
-  }
-
-
   /*!
    * \brief  Rename/Move a given src_dn to the given dest_dn
    *
@@ -1202,12 +1061,12 @@ class plugin
     /* Try to move the source entry to the destination position */
     $ldap = $this->config->get_ldap_link();
     $ldap->cd($this->config->current['BASE']);
-    $ldap->create_missing_trees(preg_replace("/^[^,]+,/", "", $dst_dn));
+    $ldap->create_missing_trees(preg_replace("/^[^,]+,/", '', $dst_dn));
     if (!$ldap->rename_dn($src_dn, $dst_dn)) {
-      new log("debug", "Ldap Protocol v3 implementation error, ldap_rename failed, falling back to manual copy.",
+      new log('debug', 'Ldap Protocol v3 implementation error, ldap_rename failed.',
               "FROM: $src_dn  -- TO: $dst_dn", array(), $ldap->get_error());
       @DEBUG(DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, "Rename failed FROM: $src_dn  -- TO:  $dst_dn",
-          "Ldap Protocol v3 implementation error, falling back to manual method. Error:".$ldap->get_error());
+          'Ldap Protocol v3 implementation error. Error:'.$ldap->get_error());
       return FALSE;
     }
 
@@ -1229,22 +1088,9 @@ class plugin
       return TRUE;
     }
 
-    /* Try to move with ldap routines, if this was not successfull
-        fall back to the old style copy & remove method
-     */
+    /* Try to move with ldap routines */
     if (!$this->rename($src_dn, $dst_dn)) {
-      /* Copy source to destination */
-      if (!$this->copy($src_dn, $dst_dn)) {
-        return FALSE;
-      }
-
-      /* Delete source */
-      $ldap = $this->config->get_ldap_link();
-      $ldap->rmdir_recursive($src_dn);
-      if (!$ldap->success()) {
-        trigger_error('Trying to delete '.$src_dn.' failed: '.$ldap->get_error(), E_USER_WARNING);
-        return FALSE;
-      }
+      return FALSE;
     }
 
     /* Get list of users,groups and roles within this tree,

include/class_session.inc

@@ -48,6 +48,7 @@ class session {
     /* Sanity check */
     if (!session::channel_exists($channel)) {
       msg_dialog::display(_("Internal error"), _("Requested channel does not exist! Please contact your Administrator."), FATAL_ERROR_DIALOG);
+      exit;
     }
 
     $channel = "gch_".$channel;
@@ -85,6 +86,7 @@ class session {
       /* Sanity check */
       if (!session::channel_exists($channel)) {
         msg_dialog::display(_("Internal error"), _("Requested channel does not exist! Please contact your Administrator."), FATAL_ERROR_DIALOG);
+        exit;
       }
       $_SESSION[$channel][$name] = $value;
     }
@@ -123,6 +125,7 @@ class session {
     /* Sanity check */
     if (!session::channel_exists($channel)) {
       msg_dialog::display(_("Internal error"), _("Requested channel does not exist! Please contact your Administrator."), FATAL_ERROR_DIALOG);
+      exit;
     }
 
     $channel  = "gch_".$channel;

include/class_template.inc

@@ -50,7 +50,7 @@ class template
         $this->attributes[$class] = array();
         $attrs = array_unique(array_merge($this->tabObject->by_object[$class]->getRequiredAttributes(), $this->needed));
         foreach (array_keys($this->tabObject->by_object[$class]->attributesAccess) as $attr) {
-          if (isset($this->attrs[$attr])) {
+          if (!$plugin->showInTemplate($attr, $this->attrs)) {
             continue;
           }
           if (in_array($attr, $attrs)) {
@@ -64,7 +64,8 @@ class template
   /* Used when you need to re-apply the same template with different values */
   function reset()
   {
-    list($this->attrs, ) = plugin::tpl_fetch_template($this->dn);
+    list($this->attrs, $depends) = plugin::tpl_fetch_template($this->dn);
+    $this->needed     = plugin::tpl_needed_attrs($this->attrs, $depends); // This is needed because it removes %askme% values from attrs
     $this->tabObject  = objects::create($this->type);
     $tempTabObject    = objects::open($this->dn, $this->type); /* Used to know which tab is activated */
     foreach ($tempTabObject->by_object as $class => &$plugin) {

include/functions.inc

@@ -3023,7 +3023,7 @@ function cred_decrypt($input, $password)
   $input  = substr($input, 16);
 
   $key_len  = 32;
-  $iv_len   = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
+  $iv_len   = openssl_cipher_iv_length('aes-256-cbc');
 
   $data = '';
   $d    = '';
@@ -3034,7 +3034,7 @@ function cred_decrypt($input, $password)
   $key  = substr($data, 0, $key_len);
   $iv   = substr($data, $key_len, $iv_len);
 
-  return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $input, MCRYPT_MODE_CBC, $iv), "\x00..\x1F");
+  return openssl_decrypt($input, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
 }
 
 

include/simpleplugin/class_attribute.inc

@@ -1738,6 +1738,7 @@ class ImageAttribute extends FileAttribute
    */
   function loadPostValue ()
   {
+    $this->postValue = $this->value;
     if (isset($_POST['upload'.$this->getHtmlId()])) {
       parent::loadPostValue();
     }

include/simpleplugin/class_simplePlugin.inc

@@ -778,8 +778,8 @@ class simplePlugin extends plugin
     $lock_msg = "";
     if ($edit_mode) {
       /* Remove locks created by this plugin */
-      if ($remove_lock || isset($_POST['edit_cancel'])) {
-        if (session::is_set($classname) && session::is_set('edit')) {
+      if ($remove_lock || (isset($_POST['edit_cancel']) && session::is_set('edit'))) {
+        if (session::is_set($classname)) {
           del_lock($entry_dn);
         }
       }
@@ -792,8 +792,8 @@ class simplePlugin extends plugin
     } else {
       /* Reset requested? */
       if ($edit_mode && isset($_POST['edit_cancel'])) {
-        session::un_set('edit');
         session::un_set($classname);
+        session::un_set('edit');
       }
 
       /* Create account object on demand */
@@ -988,6 +988,15 @@ class simplePlugin extends plugin
     }
     unset($attr);
   }
+
+  /* Returns TRUE if this attribute should be asked in the creation by template dialog */
+  function showInTemplate($attr, $templateAttrs)
+  {
+    if (isset($templateAttrs[$attr])) {
+      return FALSE;
+    }
+    return TRUE;
+  }
 }
 
 ?>

include/variables_common.inc

@@ -63,7 +63,7 @@ define("FPDF_FONTPATH", "/usr/share/php/fpdf/font/"); /*! Define fpdf font path
 /*!
  * \brief FusionDirectory Version
  */
-define ("FD_VERSION", "1.0.10"); /*! Define FusionDirectory version */
+define ("FD_VERSION", "1.0.11"); /*! Define FusionDirectory version */
 
 /*!
  * \brief FusionDirectory config object RDN

plugins/admin/departments/class_department.inc

@@ -179,16 +179,6 @@ class department extends simplePlugin
     return $message;
   }
 
-  function execute()
-  {
-    /* Reload departments */
-    $this->config->get_departments($this->dn);
-    $this->config->make_idepartments();
-
-    /* Call parent execute */
-    return parent::execute();
-  }
-
   function get_allowed_bases()
   {
     /* Hide all departments, that are subtrees of this department */

plugins/admin/departments/tabs_department.inc

@@ -28,6 +28,7 @@ class deptabs extends simpleTabs
     /* Update department cache */
     global $config;
     $config->get_departments();
+    $config->make_idepartments();
   }
 }
 ?>

plugins/personal/generic/class_user.inc

@@ -416,7 +416,7 @@ class user extends simplePlugin
             'o', FALSE
           ),
           new StringAttribute (
-            _('Department'), _('Department'),
+            _('Department'), _('Department to which the user belongs'),
             'ou', FALSE
           ),
           new StringAttribute (