From b9e1fd076348f903b84405a04d38d30bf03cbeb6 Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Sun, 2 Sep 2001 12:27:29 +0000 Subject: [PATCH] Making this more current with sql class --- phpgwapi/inc/class.accounts_ldap_wip.inc.php | 267 ++++++++++--------- 1 file changed, 136 insertions(+), 131 deletions(-) diff --git a/phpgwapi/inc/class.accounts_ldap_wip.inc.php b/phpgwapi/inc/class.accounts_ldap_wip.inc.php index 6c8607d7a0..3a330c131d 100644 --- a/phpgwapi/inc/class.accounts_ldap_wip.inc.php +++ b/phpgwapi/inc/class.accounts_ldap_wip.inc.php @@ -28,7 +28,7 @@ // This is where it belongs (jengo) // This is where it ended up (milosch) /* Since LDAP will return system accounts, there are a few we don't want to login. */ - $phpgw_info['server']['global_denied_users'] = array( + $GLOBALS['phpgw_info']['server']['global_denied_users'] = array( 'root' => True, 'bin' => True, 'daemon' => True, 'adm' => True, 'lp' => True, 'sync' => True, 'shutdown' => True, 'halt' => True, 'ldap' => True, @@ -47,7 +47,7 @@ 'backup' => True ); - $phpgw_info['server']['global_denied_groups'] = array( + $GLOBALS['phpgw_info']['server']['global_denied_groups'] = array( 'root' => True, 'bin' => True, 'daemon' => True, 'sys' => True, 'adm' => True, 'tty' => True, 'disk' => True, 'lp' => True, 'mem' => True, @@ -69,29 +69,30 @@ var $db; var $account_id; var $data; + var $user_context = ''; + var $group_context = ''; function accounts_() { - global $phpgw; - $this->db = $phpgw->db; + $this->db = $GLOBALS['phpgw']->db; + $this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context']; + $this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context']; } function read_repository() { - global $phpgw, $phpgw_info; - /* get an ldap connection handle */ - $ds = $phpgw->common->ldapConnect(); + $ds = $GLOBALS['phpgw']->common->ldapConnect(); $acct_type = $this->get_type($this->account_id); /* search the dn for the given uid */ - if ( ($acct_type == 'g') && $phpgw_info['server']['ldap_group_context'] ) + if ( ($acct_type == 'g') && $this->group_context ) { - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], 'gidnumber='.$this->account_id); + $sri = ldap_search($ds, $this->group_context, 'gidnumber='.$this->account_id); } else { - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uidnumber='.$this->account_id); + $sri = ldap_search($ds, $this->user_context, 'uidnumber='.$this->account_id); } $allValues = ldap_get_entries($ds, $sri); @@ -113,7 +114,7 @@ $this->data['account_dn'] = $allValues[0]['dn']; $this->data['fullname'] = $allValues[0]['cn'][0]; - if ($phpgw_info['server']['ldap_extra_attributes']) + if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes']) { $this->data['homedirectory'] = $allValues[0]['homedirectory'][0]; $this->data['loginshell'] = $allValues[0]['loginshell'][0]; @@ -131,19 +132,17 @@ function save_repository() { - global $phpgw_info, $phpgw; - - $ds = $phpgw->common->ldapConnect(); + $ds = $GLOBALS['phpgw']->common->ldapConnect(); $acct_type = $this->get_type($this->account_id); /* search the dn for the given u/gidnumber */ - if ( ($acct_type == 'g') && $phpgw_info['server']['ldap_group_context'] ) + if ( ($acct_type == 'g') && $this->group_context ) { - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], 'gidnumber='.$this->account_id); + $sri = ldap_search($ds, $this->group_context, 'gidnumber='.$this->account_id); } else { - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uidnumber='.$this->account_id); + $sri = ldap_search($ds, $this->user_context, 'uidnumber='.$this->account_id); } $allValues = ldap_get_entries($ds, $sri); @@ -157,7 +156,7 @@ $entry['phpgwaccounttype'] = $this->data['type']; $entry['phpgwaccountexpires'] = $this->data['expires']; - if ($phpgw_info['server']['ldap_extra_attributes']) + if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes']) { $entry['homedirectory'] = $this->data['homedirectory']; $entry['loginshell'] = $this->data['loginshell']; @@ -212,9 +211,9 @@ } /* Groups */ - if ($this->data['account_type'] == 'g' && $phpgw_info['server']['ldap_group_context'] ) + if ($this->data['account_type'] == 'g' && $this->group_context ) { - $dn = 'cn='.$this->data['account_lid'].','.$phpgw_info['server']['ldap_group_context']; + $dn = 'cn='.$this->data['account_lid'].','.$this->group_context; $entry['cn'] = $this->data['account_lid']; $entry['gidnumber'] = $this->data['account_id']; /* $entry["objectclass"] = ''; */ @@ -234,7 +233,7 @@ /* Accounts */ else { - $dn = 'uid='.$this->data['account_lid'].','.$phpgw_info['server']['ldap_context']; + $dn = 'uid='.$this->data['account_lid'].','.$this->user_context; $entry['uidnumber'] = $this->data['account_id']; $entry['cn'] = sprintf("%s %s", $this->data['firstname'], $this->data['lastname']); $entry['uid'] = $this->data['account_lid']; @@ -250,7 +249,7 @@ $entry['objectclass'][5] = 'shadowAccount'; $entry['objectclass'][6] = 'phpgwAccount'; - if ($phpgw_info['server']['ldap_extra_attributes']) + if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes']) { $entry['homedirectory'] = $this->data['homedirectory']; $entry['loginshell'] = $this->data['loginshell']; @@ -262,7 +261,7 @@ /* Normal behavior for save_repository */ else { - if ($this->data['account_type'] == 'g' && $phpgw_info['server']['ldap_group_context'] ) + if ($this->data['account_type'] == 'g' && $this->group_context ) { $members = $this->members($this->data['account_id']); $entry['memberuid'] = array(); @@ -318,12 +317,10 @@ function delete($accountid = '') { - global $phpgw, $phpgw_info; - $account_id = get_account_id($accountid); $account_lid = $this->id2name($account_id); - $ds = $phpgw->common->ldapConnect(); - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uid='.$account_lid); + $ds = $GLOBALS['phpgw']->common->ldapConnect(); + $sri = ldap_search($ds, $this->user_context, 'uid='.$account_lid); $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]['dn']) @@ -340,8 +337,6 @@ function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '') { - global $phpgw,$phpgw_info; - if ($offset) { $limitclause = '';//$phpgw->db->limit($start,$offset); @@ -365,16 +360,16 @@ $orderclause = '';//"order by account_lid,account_lastname,account_firstname asc"; } - $ds = $phpgw->common->ldapConnect(); + $ds = $GLOBALS['phpgw']->common->ldapConnect(); if ($_type == 'both' || $_type == 'accounts') { - $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], '(&(uidnumber=*)(phpgwaccounttype=u))'); + $sri = ldap_search($ds, $this->user_context, '(&(uidnumber=*)(phpgwaccounttype=u))'); $allValues = ldap_get_entries($ds, $sri); while (list($null,$allVals) = @each($allValues)) { $test = $allVals['uid'][0]; - if (!$phpgw_info['server']['global_denied_users'][$test] && $allVals['uid'][0]) + if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0]) { $accounts[] = Array( 'account_id' => $allVals['uidnumber'][0], @@ -389,12 +384,12 @@ } elseif ($_type == 'both' || $_type == 'groups') { - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], '(|(gidnumber=*)(phpgwaccounttype=g))'); + $sri = ldap_search($ds, $this->group_context, '(|(gidnumber=*)(phpgwaccounttype=g))'); $allValues = ldap_get_entries($ds, $sri); while (list($null,$allVals) = @each($allValues)) { $test = $allVals['cn'][0]; - if (!$phpgw_info['server']['global_denied_groups'][$test] && $allVals['cn'][0]) + if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0]) { $accounts[] = Array( 'account_id' => $allVals['gidnumber'][0], @@ -413,143 +408,165 @@ function name2id($account_lid) { - global $phpgw, $phpgw_info; + static $name_list; - $ds = $phpgw->common->ldapConnect(); - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uid=$account_lid"); + if(@isset($name_list[$account_lid])) + { + return $name_list[$account_lid]; + } + + $ds = $GLOBALS['phpgw']->common->ldapConnect(); + $sri = ldap_search($ds, $this->user_context, "uid=$account_lid"); $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]['uidnumber'][0]) { - return $allValues[0]['uidnumber'][0]; + $name_list[$account_lid] = intval($allValues[0]['uidnumber'][0]); } - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], "cn=$account_id"); + $sri = ldap_search($ds, $this->group_context, "cn=$account_id"); $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]['gidnumber'][0]) { - return $allValues[0]['gidnumber'][0]; + $name_list[$account_lid] = False } - return False; + return $name_list[$account_lid]; } function id2name($account_id) { - global $phpgw, $phpgw_info; + static $id_list; - $ds = $phpgw->common->ldapConnect(); - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uidnumber=$account_id"); + if(isset($id_list[$account_id])) + { + return $id_list[$account_id]; + } + + $ds = $GLOBALS['phpgw']->common->ldapConnect(); + $sri = ldap_search($ds, $this->user_context, "uidnumber=$account_id"); $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]['uid'][0]) { - return $allValues[0]['uid'][0]; + $id_list[$account_id] = $allValues[0]['uid'][0]; + return $id_list[$account_id]; } - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], "gidnumber=$account_id"); + $sri = ldap_search($ds, $this->group_context, "gidnumber=$account_id"); $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]['uid'][0]) { - return $allValues[0]['uid'][0]; + $id_list[$account_id] = $allValues[0]['uid'][0]; + return $id_list[$account_id]; } - return False; + return $id_list[$account_id]; } function get_type($accountid = '') { - global $phpgw, $phpgw_info; + static $account_type; $account_id = get_account_id($accountid); - $ds = $phpgw->common->ldapConnect(); + if(@isset($account_type[$account_id])) + { + return $account_type[$account_id]; + } - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uid=$account_id"); + $ds = $GLOBALS['phpgw']->common->ldapConnect(); + $sri = ldap_search($ds, $this->user_context, "uid=$account_id"); $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]['phpgwaccounttype'][0]) { - return $allValues[0]['phpgwaccounttype'][0]; + $account_type[$account_id] = $allValues[0]['phpgwaccounttype'][0]; + return $account_type[$account_id]; } $allValues = array(); - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], "cn=$account_id"); + $sri = ldap_search($ds, $this->group_context, "cn=$account_id"); $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]['phpgwaccounttype'][0]) { - return $allValues[0]['phpgwaccounttype'][0]; + $account_type[$account_id] = $allValues[0]['phpgwaccounttype'][0]; + return $account_type[$account_id]; } - return False; + return $account_type[$account_id]; } - function exists($account_lid) + /* + * returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both + * $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by gettype($account) == 'integer') + */ + function exists($account) { - global $phpgw, $phpgw_info; + /* This sets up internal caching variables for this functon */ + static $by_id, $by_lid; + $users = array(); + $groups = array(); - if(gettype($account_lid) == 'integer') + if(gettype($account) == 'integer') { - $account_id = $account_lid; - settype($account_lid,'string'); - $account_lid = $this->id2name($account_id); - $searchlid = 0; + $ldapname = 'cn'; + /* If data is cached, use it. */ + if(@isset($by_id[$account])) + { + return $by_id[$account]; + } } else { - $searchlid = 1; - $account_id = $this->name2id($account_lid); + $ldapname = 'gidnumber'; + /* If data is cached, use it. */ + if(@isset($by_lid[$account])) + { + return $by_lid[$account]; + } } - $ds = $phpgw->common->ldapConnect(); + $ds = $GLOBALS['phpgw']->common->ldapConnect(); $acct_type = $this->get_type($account_id); - if ($acct_type == 'g' && $phpgw_info['server']['ldap_group_context']) + if ($acct_type == 'g' && $this->group_context) { - if($searchlid) - { - /* echo '
searching LDAP groups for lid: '.$account_lid; */ - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], 'cn='.$account_lid); - } - else - { - /* echo '
searching LDAP groups for id: '.$account_id; */ - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], 'gidnumber='.$account_id); - } + $sri = ldap_search($ds, $this->group_context, $ldapname . '=' . $account); + $groups = ldap_get_entries($ds, $sri); } - else - { - if($searchlid) - { - /* echo '
searching LDAP accounts for lid: '.$account_lid; */ - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uid='.$account_lid); - } - else - { - /* echo '
searching LDAP accounts for id: '.$account_id; */ - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uidnumber='.$account_id); - } - } - $allValues = ldap_get_entries($ds, $sri); + $sri = ldap_search($ds, $this->user_context, 'uid=' . $account); + $users = ldap_get_entries($ds, $sri); - if ($allValues[0]['dn']) + if ($users[0]['dn']) { - return True; + $in += 1; + } + if ($groups[0]['dn']) + { + $in += 2; + } + /* This sets up internal caching for this function */ + if($ldapname == 'gidnumber') + { + $by_id[$account] = $in; + $by_lid[$this->id2name($account)] = $in; } else { - return False; + $by_lid[$account] = $in; + $by_id[$this->name2id($account)] = $in; } + + return $in; } function create($account_info) { - global $phpgw_info, $phpgw; - - $ds = $phpgw->common->ldapConnect(); + $ds = $GLOBALS['phpgw']->common->ldapConnect(); $this->acct_type = $account_type; /* echo '
in create for account_lid: "'.$account_lid.'"'; */ @@ -568,33 +585,18 @@ if ($account_type == 'g') { - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], 'cn=' . $account_info['account_lid']); + $sri = ldap_search($ds, $this->group_context, 'cn=' . $account_info['account_lid']); } else { - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uid=' . $account_info['account_lid']); + $sri = ldap_search($ds, $this->user_context, 'uid=' . $account_info['account_lid']); } $allValues = ldap_get_entries($ds, $sri); - if ($phpgw_info['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g') + if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g') { - if ($account_info['homedirectory']) - { - $entry['homedirectory'] = $account_info['homedirectory']; - } - else - { - $entry['homedirectory'] = $phpgw_info['server']['ldap_account_home'].SEP.$account_info['account_lid']; - } - - if ($account_info['loginshell']) - { - $entry['loginshell'] = $account_info['loginshell']; - } - else - { - $entry['loginshell'] = $phpgw_info['server']['ldap_account_shell']; - } + $entry['homedirectory'] = $account_info['homedirectory'] ? $account_info['homedirectory'] :$GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid']; + $entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell']; } if ($allValues[0]['dn']) @@ -636,14 +638,14 @@ $tmpentry['objectclass'][1] = 'person'; $tmpentry['objectclass'][2] = 'organizationalPerson'; $tmpentry['objectclass'][3] = 'inetOrgPerson'; - $tmpentry['userpassword'] = $phpgw->common->encrypt_password($account_info['account_passwd']); + $tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']); /* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */ $tmpentry['objectclass'][4] = 'posixAccount'; $tmpentry['objectclass'][5] = 'shadowAccount'; $tmpentry['objectclass'][6] = 'phpgwAccount'; $tmpentry['phpgwaccountstatus'] = $account_info['account_status']; $tmpentry['phpgwaccounttype'] = $account_info['account_type']; - $tmpentry['phpgwaccountexpires'] = $account_info['account_expires']; + $tmpentry['phpgwaccountexpires'] = $account_info['account_expires']; } ldap_modify($ds, $allValues[0]["dn"], $tmpentry); } @@ -652,7 +654,7 @@ /* Not already there, we will add it */ if ($account_info['account_type'] == 'g') { - $dn = 'cn='.$account_info['account_lid'] . ',' . $phpgw_info['server']['ldap_group_context']; + $dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context; unset($entry['homedirectory']); unset($entry['loginshell']); $entry['objectclass'][0] = 'top'; @@ -660,26 +662,26 @@ $entry['objectclass'][2] = 'phpgwAccount'; $entry['cn'] = $account_info['account_lid']; $entry['gidnumber'] = $account_id; - $entry['userpassword'] = $phpgw->common->encrypt_password($account_info['account_passwd']); + $entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']); $entry['description'] = 'phpgw-created group'; } else { - $dn = 'uid=' . $account_info['account_lid'] . ',' . $phpgw_info['server']['ldap_context']; + $dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context; $entry['cn'] = sprintf("%s %s", $account_info['account_firstname'], $account_info['account_lastname']); $entry['sn'] = $account_info['account_lastname']; $entry['givenname'] = $account_info['account_firstname']; $entry['uid'] = $account_info['account_lid']; $entry['uidnumber'] = $account_id; - if ($phpgw_info['server']['ldap_group_id']) + if ($GLOBALS['phpgw_info']['server']['ldap_group_id']) { - $entry['gidnumber'] = $phpgw_info['server']['ldap_group_id']; + $entry['gidnumber'] = $GLOBALS['phpgw_info']['server']['ldap_group_id']; } else { $entry['gidnumber'] = $account_id; } - $entry['userpassword'] = $phpgw->common->encrypt_password($account_info['account_passwd']); + $entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']); $entry['objectclass'][0] = 'top'; $entry['objectclass'][1] = 'person'; $entry['objectclass'][2] = 'organizationalPerson'; @@ -704,8 +706,6 @@ { return False; - global $phpgw; - if (! $expiredate) { /* expire in 30 days by default */ @@ -733,8 +733,15 @@ if ($default_acls == False) { + $default_group_lid = $GLOBALS['phpgw_info']['server']['default_group_lid']; + $default_group_id = $this->name2id($default_group_lid); + $defaultgroupid = $default_group_id ? $default_group_id : $this->name2id('Default'); + if($defaultgroupid) + { + $this->db->query("insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) values('phpgw_group', " + . $defaultgroupid . ", " . $accountid . ", 1)",__LINE__,__FILE__); + } $this->db->query("insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)values('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__); - $this->db->query("insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) values('phpgw_group', '1', ".$accountid.", 1)",__LINE__,__FILE__); $this->db->query("insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) values('addressbook', 'run', ".$accountid.", 1)",__LINE__,__FILE__); $this->db->query("insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) values('filemanager', 'run', ".$accountid.", 1)",__LINE__,__FILE__); $this->db->query("insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) values('calendar', 'run', ".$accountid.", 1)",__LINE__,__FILE__); @@ -748,13 +755,11 @@ function getDNforID($_accountid = '') { - global $phpgw, $phpgw_info; - $_account_id = get_account_id($_accountid); - $ds = $phpgw->common->ldapConnect(); + $ds = $GLOBALS['phpgw']->common->ldapConnect(); - $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uidnumber=$_account_id"); + $sri = ldap_search($ds, $this->user_context, "uidnumber=$_account_id"); $allValues = ldap_get_entries($ds, $sri); return $allValues[0]['dn'];