" . $msg . "

\n"; } // teste si l'utilisateur est superadmin function superadmin($login) { global $conf; foreach ($conf['admin']['logins'] as $admin) { if ( Html::clean($login) == $admin ) { return TRUE; } } return FALSE; } // execution du script shell associe function evoexec($cmd) { //exec(SUBIN . " " . SUUSER . " -c " . SUDOBIN . " '$cmd'"); return exec(SUDOBIN . " " . SUDOSCRIPT . " -p " . SUDOPASS . " $cmd"); } // retourne le quota d'un utilisateur ou d'un groupe function getquota($who,$what) { global $conf; if ( $what == 'user') { $quota = evoexec("-qu $who"); } elseif ( $what == 'group') { if ( $conf['domaines']['driver'] == 'file' ) { $quota = evoexec("-s"); } elseif ( $conf['domaines']['driver'] == 'ldap' ) { $quota = evoexec("-qg $who"); } } list ($now,$limit) = explode("/",$quota); $now = $now / 1024; $limit = $limit / 1024; $quota = "" . Math::arrondi($now). "M/" .Math::arrondi($limit). "M"; return $quota; } // commande shell a lancer pour creer un utilisateur function unix_add($user,$group=NULL) { if ( $group == NULL) { $group = getgid(); } evoexec("-a -u $user -g $group"); } // commande shell a lancer pour creer un domaine function domain_add($group) { evoexec("-a -v -g $group"); } // commande shell a lancer pour supprimer un utilisateur function unix_del($user) { evoexec("-d -u $user"); } // renvoie le gidNumber associe a un domaine function getgid($domain=NULL) { global $conf; if ( $conf['domaines']['driver'] == 'file' ) { return $conf['domaines']['file']['gid']; } elseif ( $conf['domaines']['driver'] == 'ldap' ) { $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $filter="(&(cn=" .$domain. ")(gidnumber=*))"; $sr=ldap_search($ldapconn, LDAP_BASE, $filter); $info = ldap_get_entries($ldapconn, $sr); ldap_unbind($ldapconn); if ($info['count']) { return (int) $info[0]["gidnumber"][0]; } else { return -1; } } else { return -1; } } // renvoie le 1er uidNumber disponible function getfreeuid() { global $conf; $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $filter="(uidNumber=*)"; $sr=ldap_search($ldapconn, LDAP_BASE, $filter); $info = ldap_get_entries($ldapconn, $sr); ldap_unbind($ldapconn); $uids = array(); foreach ($info as $entry) { array_push($uids,$entry['uidnumber'][0]); } sort($uids); $uid = max(array_pop($uids)+1,$conf['unix']['minuid']); return (int) $uid; } // renvoie le 1er uidNumber disponible function getfreegid() { global $conf; $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $filter="(gidNumber=*)"; $sr=ldap_search($ldapconn, LDAP_BASE, $filter); $info = ldap_get_entries($ldapconn, $sr); ldap_unbind($ldapconn); $gids = array(); foreach ($info as $entry) { array_push($gids,$entry['gidnumber'][0]); } sort($gids); $gid = max(array_pop($gids)+1,$conf['unix']['mingid']); return (int) $gid; } // get number of account or aliases for a domain function getnumber($domain,$type) { global $conf; $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); if ( $type == 'compte' ) { $filter="(&(objectClass=posixAccount)(!(uid=*$)))"; } elseif ( $type == 'mail' ) { $filter="(objectClass=mailAccount)"; } elseif ( $type == 'alias' ) { $filter="(objectClass=mailAlias)"; // compatibilite anciens schemas if ($conf['evoadmin']['version'] == 1) { $filter="(&(objectClass=mailAlias)(onlyAlias=TRUE))"; } } elseif ( $type == 'smb' ) { $filter="(objectClass=sambaSamAccount)"; } if (! $conf['domaines']['onlyone']) { // compatibilite anciens schemas if ($conf['evoadmin']['version'] <= 2) { $rdn= "domain=" .$domain. "," .LDAP_BASE; } else { $rdn= "cn=" .$domain. "," .LDAP_BASE; } } else { //$rdn= "ou=people," .LDAP_BASE; $rdn= LDAP_BASE; } $sr=ldap_search($ldapconn, $rdn, $filter); $info = ldap_get_entries($ldapconn, $sr); ldap_unbind($ldapconn); return $info['count']; } function getsambagroups($type) { global $conf; // Si la liste des groupes est defini dans la config on l'utilise if($type == "unix" && isset($conf['samba']['unixgroups'])) { return $conf['samba']['unixgroups']; } if($type == "smb" && isset($conf['samba']['smbgroups'])) { return $conf['samba']['smbgroups']; } // sinon on interroge LDAP $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $filter = "(objectClass=sambaGroupMapping)"; $rdn = LDAP_BASE; $sr=ldap_search($ldapconn, $rdn, $filter); $info = ldap_get_entries($ldapconn, $sr); ldap_unbind($ldapconn); $ret = array(); for($i=0; $i<$info['count']; $i++) { $entry = $info[$i]; $cn = $entry['cn'][0]; if($type == "unix") { $ret[$cn] = $entry['gidnumber'][0]; } elseif($type == "smb") { $tmp = explode('-', $entry['sambasid'][0]); $ret[$cn] = "-".array_pop($tmp); } } return $ret; } /** * Verifie qu'un login est incorrect * entre 2 et 30 caracteres * en lettres minuscule, chiffres, '-', '.' ou '_' * pour le premier et dernier caracteres : seuls lettres et minuscules * et chiffres sont possibles */ function badname($login) { return (!preg_match('/^([a-z0-9][a-z0-9\-\.\_]{0,28}[a-z0-9])$/',$login)); } /** * Ajouter la composante @domaine */ function adddomain(&$item,$key) { if (preg_match('/@/',$item)) { print "

Ne pas inclure de @ dans les mails acceptes !

"; exit(1); } if (!empty($item)) { $item = "$item". "@".$_SESSION['domain']; } } // renvoie la date d'expiration d'un compte function get_expiration_date($name) { $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $filter="(&(uid=" .$name. "))"; $sr=ldap_search($ldapconn, LDAP_BASE, $filter); $info = ldap_get_entries($ldapconn, $sr); ldap_unbind($ldapconn); $val = $info[0]["sambakickofftime"][0]; if($val > 0) { return date('d/m/Y', $val); } else { return ''; } } // change la date d'expiration d'un compte function set_expiration_date($name, $date) { $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); list($day, $month, $year) = explode('/', $date); $timestamp = mktime(0, 0, 0, $month, $day, $year); $val = array('sambakickofftime' => $timestamp); if(!ldap_modify($ldapconn, "uid=$name,ou=people,".LDAP_BASE, $val)) { die('Echec de la modification de la date d\'expiration'); } ldap_unbind($ldapconn); } function account_is_locked($name) { $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $filter="(&(uid=" .$name. "))"; $sr=ldap_search($ldapconn, LDAP_BASE, $filter); $info = ldap_get_entries($ldapconn, $sr); ldap_unbind($ldapconn); $val = $info[0]["sambaacctflags"][0]; if(strpos($val, 'L')) { return true; } else { return false; } } function account_lock($name, $lock_state) { $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $filter="(&(uid=" .$name. "))"; $sr=ldap_search($ldapconn, LDAP_BASE, $filter); $info = ldap_get_entries($ldapconn, $sr); $val = $info[0]["sambaacctflags"][0]; if($lock_state == true) { if(!strpos($val, 'L')) { // ajouter le L $newval = substr_replace($val, 'L', 2, 0); } } else { if(strpos($val, 'L')) { // virer le L $newval = str_replace('L', '', $val); } } if($newval) { //print "$val -> $newval"; $info = array('sambaacctflags' => $newval); if(!ldap_modify($ldapconn, "uid=$name,ou=people,".LDAP_BASE, $info)) { die('Echec de la modification du verrouillage'); } } ldap_unbind($ldapconn); }