diff --git a/admin/inc/class.admin_cmd_edit_user.inc.php b/admin/inc/class.admin_cmd_edit_user.inc.php index c4c067eb26..db88d2d9e7 100644 --- a/admin/inc/class.admin_cmd_edit_user.inc.php +++ b/admin/inc/class.admin_cmd_edit_user.inc.php @@ -7,13 +7,13 @@ * @package admin * @copyright (c) 2007 by Ralf Becker * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License - * @version $Id$ + * @version $Id$ */ /** * admin command: edit/add a user */ -class admin_cmd_edit_user extends admin_cmd_change_pw +class admin_cmd_edit_user extends admin_cmd_change_pw { /** * Constructor @@ -37,7 +37,7 @@ class admin_cmd_edit_user extends admin_cmd_change_pw /** * change the password of a given user - * + * * @param boolean $check_only=false only run the checks (and throw the exceptions), but not the command itself * @return string success message * @throws egw_exception_no_admin @@ -62,11 +62,18 @@ class admin_cmd_edit_user extends admin_cmd_change_pw { throw new egw_exception_wrong_userinput(lang('You must enter a loginid'),9); } + // Check if an account already exists as system user, and if it does deny creation + if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap' && + !$GLOBALS['egw_info']['server']['ldap_allow_systemusernames'] && + function_exists('posix_getpwnam') && posix_getpwnam($data['account_lid'])) + { + throw new egw_exception_wrong_userinput(lang('There already is a system-user with this name. User\'s should not have the same name as a systemuser'),99); + } if (!$data['account_lastname'] && (!$this->account || !is_null($data['account_lastname']))) { throw new egw_exception_wrong_userinput(lang('You must enter a lastname'),9); } - if (!is_null($data['account_lid']) && ($id = admin_cmd::$accounts->name2id($data['account_lid'],'account_lid','u')) && + if (!is_null($data['account_lid']) && ($id = admin_cmd::$accounts->name2id($data['account_lid'],'account_lid','u')) && $id !== $data['account_id']) { throw new egw_exception_wrong_userinput(lang('That loginid has already been taken'),999); @@ -77,10 +84,10 @@ class admin_cmd_edit_user extends admin_cmd_change_pw } $data['account_expires'] = $expires = self::_parse_expired($data['account_expires'],(boolean)$this->account); $data['account_status'] = is_null($expires) ? null : ($expires == -1 || $expires > time() ? 'A' : ''); - + $data['changepassword'] = admin_cmd::parse_boolean($data['changepassword'],$this->account ? null : true); $data['anonymous'] = admin_cmd::parse_boolean($data['anonymous'],$this->account ? null : false); - + if (!$data['account_primary_group'] && $this->account) { $data['account_primary_group'] = null; // dont change @@ -106,7 +113,7 @@ class admin_cmd_edit_user extends admin_cmd_change_pw $data['account_groups'] = admin_cmd::parse_accounts($data['account_groups'],false); } if ($check_only) return true; - + if ($this->account) { if (!($old = admin_cmd::$accounts->read($data['account_id']))) @@ -161,7 +168,7 @@ class admin_cmd_edit_user extends admin_cmd_change_pw $GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array( 'location' => $this->account ? 'editaccount' : 'addaccount' ),False,True); // called for every app now, not only enabled ones) - + return lang("Account %1 %2",$this->account ? $this->account : $data['account_lid'], $this->account ? lang('updated') : lang("created with id #%1",$data['account_id'])); } @@ -176,7 +183,7 @@ class admin_cmd_edit_user extends admin_cmd_change_pw return lang('%1 user %2',$this->account ? lang('Edit') : lang('Add'), admin_cmd::display_account($this->account ? $this->account : $this->set['account_lid'])); } - + /** * parse the expired string and return the expired date as timestamp * @@ -190,7 +197,7 @@ class admin_cmd_edit_user extends admin_cmd_change_pw switch($str) { case '': - if ($existing) return null; + if ($existing) return null; // fall through --> default for new accounts is never case 'never': return -1; diff --git a/admin/inc/class.boaccounts.inc.php b/admin/inc/class.boaccounts.inc.php index b97e2758ed..dd88bdb4ad 100755 --- a/admin/inc/class.boaccounts.inc.php +++ b/admin/inc/class.boaccounts.inc.php @@ -352,16 +352,14 @@ $error[$totalerrors] = lang('The groups must include the primary group'); $totalerrors++; } - // if accounts stored in ldap, there is a chance that users are systemusers as well. - // check if an account already exists there, and if it does deny creation (increase the totalerrors counter - // and the message thereof - if($GLOBALS['egw_info']['server']['account_repository'] == 'ldap') + // Check if an account already exists as system user, and if it does deny creation + // (increase the totalerrors counter and the message thereof) + if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap' && + !$GLOBALS['egw_info']['server']['ldap_allow_systemusernames'] && + function_exists('posix_getpwnam') && posix_getpwnam($_userData['account_lid'])) { - if (function_exists('posix_getpwnam') && posix_getpwnam($_userData['account_lid'])) - { - $error[$totalerrors] = lang('There already is a system-user with this name. User\'s should not have the same name as a systemuser'); - $totalerrors++; - } + $error[$totalerrors] = lang('There already is a system-user with this name. User\'s should not have the same name as a systemuser'); + $totalerrors++; } if($_userData['old_loginid'] != $_userData['account_lid']) { diff --git a/phpgwapi/inc/class.accounts.inc.php b/phpgwapi/inc/class.accounts.inc.php index 9d744c7271..808cbfb124 100644 --- a/phpgwapi/inc/class.accounts.inc.php +++ b/phpgwapi/inc/class.accounts.inc.php @@ -1051,44 +1051,3 @@ class accounts return $data; } } - -/** - * Enable this only, if your system users are automatically eGroupWare users. - * This is NOT the case for most installations and silently rejecting all this names causes a lot of trouble. - -$GLOBALS['egw_info']['server']['global_denied_users'] = array( - 'root' => True, 'bin' => True, 'daemon' => True, - 'adm' => True, 'lp' => True, 'sync' => True, - 'shutdown' => True, 'halt' => True, 'ldap' => True, - 'mail' => True, 'news' => True, 'uucp' => True, - 'operator' => True, 'games' => True, 'gopher' => True, - 'nobody' => True, 'xfs' => True, 'pgsql' => True, - 'mysql' => True, 'postgres' => True, 'oracle' => True, - 'ftp' => True, 'gdm' => True, 'named' => True, - 'alias' => True, 'web' => True, 'sweep' => True, - 'cvs' => True, 'qmaild' => True, 'qmaill' => True, - 'qmaillog' => True, 'qmailp' => True, 'qmailq' => True, - 'qmailr' => True, 'qmails' => True, 'rpc' => True, - 'rpcuser' => True, 'amanda' => True, 'apache' => True, - 'pvm' => True, 'squid' => True, 'ident' => True, - 'nscd' => True, 'mailnull' => True, 'cyrus' => True, - 'backup' => True -); - -$GLOBALS['egw_info']['server']['global_denied_groups'] = array( - 'root' => True, 'bin' => True, 'daemon' => True, - 'sys' => True, 'adm' => True, 'tty' => True, - 'disk' => True, 'lp' => True, 'mem' => True, - 'kmem' => True, 'wheel' => True, 'mail' => True, - 'uucp' => True, 'man' => True, 'games' => True, - 'dip' => True, 'ftp' => True, 'nobody' => True, - 'floppy' => True, 'xfs' => True, 'console' => True, - 'utmp' => True, 'pppusers' => True, 'popusers' => True, - 'slipusers' => True, 'slocate' => True, 'mysql' => True, - 'dnstools' => True, 'web' => True, 'named' => True, - 'dba' => True, 'oinstall' => True, 'oracle' => True, - 'gdm' => True, 'sweep' => True, 'cvs' => True, - 'postgres' => True, 'qmail' => True, 'nofiles' => True, - 'ldap' => True, 'backup' => True -); -*/ \ No newline at end of file diff --git a/phpgwapi/inc/class.accounts_ldap.inc.php b/phpgwapi/inc/class.accounts_ldap.inc.php index 38d0ba05bc..8d482b5f0a 100644 --- a/phpgwapi/inc/class.accounts_ldap.inc.php +++ b/phpgwapi/inc/class.accounts_ldap.inc.php @@ -317,6 +317,13 @@ class accounts_ldap $to_write['mail'] = array_values(array_unique($mail)); } $data['account_type'] = 'u'; + + // Check if an account already exists as system user, and if it does deny creation + if (!$GLOBALS['egw_info']['server']['ldap_allow_systemusernames'] && + function_exists('posix_getpwnam') && posix_getpwnam($data['account_lid'])) + { + throw new egw_exception_wrong_userinput(lang('There already is a system-user with this name. User\'s should not have the same name as a systemuser')); + } } // remove memberuid when adding a group @@ -951,7 +958,7 @@ class accounts_ldap */ function members($gid) { - if (!is_numeric($gid)) + if (!is_numeric($gid)) { // try to recover $gid = $this->name2id($gid,'account_lid','g'); diff --git a/setup/templates/default/config.tpl b/setup/templates/default/config.tpl index ec67c46634..f5af32b85f 100644 --- a/setup/templates/default/config.tpl +++ b/setup/templates/default/config.tpl @@ -74,7 +74,7 @@ - + {lang_Complete_path_to_aspell_program}: @@ -467,7 +467,17 @@ - + + {lang_Allow_usernames_identical_to_system_users?}: + + + + + + {lang_Migration_between_eGroupWare_account_repositories}: