phpldapadmin/htdocs/add_attr.php

164 lines
5.9 KiB
PHP
Raw Normal View History

2009-06-30 19:22:30 +10:00
<?php
2009-06-30 20:46:00 +10:00
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/add_attr.php,v 1.20 2007/12/15 07:50:30 wurley Exp $
2009-06-30 19:22:30 +10:00
2009-06-30 19:29:51 +10:00
/**
2009-06-30 19:22:30 +10:00
* Adds an attribute/value pair to an object
*
* Variables that come in as POST vars:
* - dn
* - attr
* - val
* - binary
2009-06-30 19:29:51 +10:00
*
* @package phpLDAPadmin
2009-06-30 19:40:37 +10:00
* @todo: For boolean attributes, convert the response to TRUE/FALSE.
2009-06-30 19:29:51 +10:00
*/
/**
2009-06-30 19:22:30 +10:00
*/
require './common.php';
2009-06-30 19:29:51 +10:00
2009-06-30 20:46:00 +10:00
if ($ldapserver->isReadOnly())
pla_error(_('You cannot perform updates while server is in read-only mode'));
2009-06-30 19:22:30 +10:00
2009-06-30 20:46:00 +10:00
if (! $_SESSION['plaConfig']->isCommandAvailable('attribute_add'))
pla_error(sprintf('%s%s %s',_('This operation is not permitted by the configuration'),_(':'),_('add attribute')));
2009-06-30 19:29:51 +10:00
2009-06-30 20:46:00 +10:00
$entry['val'] = get_request('val','POST');
$entry['binary'] = get_request('binary','POST');
2009-06-30 19:22:30 +10:00
2009-06-30 20:46:00 +10:00
$entry['dn']['string'] = get_request('dn','POST');
$entry['dn']['encode'] = rawurlencode($entry['dn']['string']);
2009-06-30 19:22:30 +10:00
2009-06-30 20:46:00 +10:00
$entry['attr']['string'] = get_request('attr','POST');
$entry['attr']['encode'] = rawurlencode($entry['attr']['string']);
2009-06-30 19:22:30 +10:00
2009-06-30 20:46:00 +10:00
if ((strlen($entry['binary']) <= 0) && (strlen($entry['val']) <= 0))
pla_error(_('You left the attribute value blank. Please go back and try again.'));
/*
* Special case for binary attributes (like jpegPhoto and userCertificate):
* we must go read the data from the file and override $val with the binary data
* Secondly, we must check if the ";binary" option has to be appended to the name
* of the attribute.
*/
# Check to see if this is a unique Attribute
if ($badattr = $ldapserver->checkUniqueAttr($entry['dn']['string'],$entry['attr']['string'],array($entry['val']))) {
$href = htmlspecialchars(sprintf('cmd.php?cmd=search&search=true&form=advanced&server_id=%s&filter=%s=%s',
$ldapserver->server_id,$entry['attr']['string'],$badattr));
2009-06-30 19:22:30 +10:00
2009-06-30 20:46:00 +10:00
pla_error(sprintf(_('Your attempt to add <b>%s</b> (<i>%s</i>) to <br><b>%s</b><br> is NOT allowed. That attribute/value belongs to another entry.<p>You might like to <a href=\'%s\'>search</a> for that entry.'),$entry['attr']['string'],$badattr,$entry['dn']['string'],$href));
}
2009-06-30 19:29:51 +10:00
2009-06-30 20:46:00 +10:00
if (strlen($entry['binary']) > 0) {
if ($_FILES['val']['size'] == 0)
pla_error(_('The file you chose is either empty or does not exist. Please go back and try again.'));
2009-06-30 19:29:51 +10:00
2009-06-30 20:46:00 +10:00
if (! is_uploaded_file($_FILES['val']['tmp_name'])) {
if (isset($_FILES['val']['error']))
2009-06-30 19:29:51 +10:00
switch($_FILES['val']['error']) {
2009-06-30 20:46:00 +10:00
case 0: # No error; possible file attack!
pla_error(_('Security error: The file being uploaded may be malicious.'));
2009-06-30 19:29:51 +10:00
break;
2009-06-30 20:46:00 +10:00
case 1: # Uploaded file exceeds the upload_max_filesize directive in php.ini
pla_error(_('The file you uploaded is too large. Please check php.ini, upload_max_size setting'));
2009-06-30 19:29:51 +10:00
break;
2009-06-30 20:46:00 +10:00
case 2: # Uploaded file exceeds the MAX_FILE_SIZE directive specified in the html form
pla_error(_('The file you uploaded is too large. Please check php.ini, upload_max_size setting'));
2009-06-30 19:29:51 +10:00
break;
2009-06-30 20:46:00 +10:00
case 3: # Uploaded file was only partially uploaded
pla_error(_('The file you selected was only partially uploaded, likley due to a network error.'));
2009-06-30 19:29:51 +10:00
break;
2009-06-30 20:46:00 +10:00
case 4: # No file was uploaded
pla_error(_('You left the attribute value blank. Please go back and try again.'));
2009-06-30 19:29:51 +10:00
break;
2009-06-30 20:46:00 +10:00
default: # A default error, just in case! :)
pla_error(_('Security error: The file being uploaded may be malicious.'));
2009-06-30 19:29:51 +10:00
break;
}
else
2009-06-30 20:46:00 +10:00
pla_error(_('Security error: The file being uploaded may be malicious.'));
2009-06-30 19:29:51 +10:00
}
2009-06-30 20:46:00 +10:00
$binaryfile['name'] = $_FILES['val']['tmp_name'];
$binaryfile['handle'] = fopen($binaryfile['name'],'r');
$binaryfile['data'] = fread($binaryfile['handle'],filesize($binaryfile['name']));
fclose($binaryfile['handle']);
2009-06-30 19:29:51 +10:00
2009-06-30 20:46:00 +10:00
$entry['val'] = $binaryfile['data'];
2009-06-30 19:22:30 +10:00
2009-06-30 20:46:00 +10:00
if (is_binary_option_required($ldapserver,$entry['attr']['string']))
$entry['attr']['string'] .= ';binary';
2009-06-30 19:22:30 +10:00
}
2009-06-30 19:29:51 +10:00
/* Automagically hash new userPassword attributes according to the
chosen in config.php. */
2009-06-30 20:46:00 +10:00
if (strcasecmp($entry['attr']['string'],'userpassword') == 0) {
2009-06-30 19:29:51 +10:00
if (trim($ldapserver->default_hash) != '' ) {
$enc_type = $ldapserver->default_hash;
2009-06-30 20:46:00 +10:00
$entry['val'] = password_hash($entry['val'],$enc_type);
2009-06-30 19:22:30 +10:00
}
2009-06-30 19:29:51 +10:00
2009-06-30 20:46:00 +10:00
} elseif (strcasecmp($entry['attr']['string'],'sambaNTPassword') == 0) {
2009-06-30 19:40:37 +10:00
$sambapassword = new smbHash;
2009-06-30 20:46:00 +10:00
$entry['val'] = $sambapassword->nthash($entry['val']);
2009-06-30 19:40:37 +10:00
2009-06-30 20:46:00 +10:00
} elseif (strcasecmp($entry['attr']['string'],'sambaLMPassword') == 0) {
2009-06-30 19:40:37 +10:00
$sambapassword = new smbHash;
2009-06-30 20:46:00 +10:00
$entry['val'] = $sambapassword->lmhash($entry['val']);
2009-06-30 19:22:30 +10:00
}
2009-06-30 20:46:00 +10:00
$new_entry = array($entry['attr']['string'] => $entry['val']);
$result = $ldapserver->attrModify($entry['dn']['string'],$new_entry);
2009-06-30 19:29:51 +10:00
2009-06-30 20:46:00 +10:00
if ($result) {
header(sprintf('Location: cmd.php?cmd=template_engine&server_id=%s&dn=%s&modified_attrs[]=%s',
$ldapserver->server_id,$entry['dn']['encode'],$entry['attr']['encode']));
die();
2009-06-30 19:22:30 +10:00
2009-06-30 20:46:00 +10:00
} else {
pla_error(_('Failed to add the attribute.'),$ldapserver->error(),$ldapserver->errno());
}
2009-06-30 19:29:51 +10:00
/**
* Check if we need to append the ;binary option to the name
* of some binary attribute
*
* @param object $ldapserver Server Object that the attribute is in.
* @param attr $attr Attribute to test to see if it requires ;binary added to it.
* @return bool
*/
2009-06-30 20:46:00 +10:00
function is_binary_option_required($ldapserver,$attr) {
# List of the binary attributes which need the ";binary" option
2009-06-30 19:29:51 +10:00
$binary_attributes_with_options = array(
2009-06-30 20:46:00 +10:00
# Superior: Ldapv3 Syntaxes (1.3.6.1.4.1.1466.115.121.1)
'1.3.6.1.4.1.1466.115.121.1.8' => 'userCertificate',
'1.3.6.1.4.1.1466.115.121.1.8' => 'caCertificate',
'1.3.6.1.4.1.1466.115.121.1.10' => 'crossCertificatePair',
'1.3.6.1.4.1.1466.115.121.1.9' => 'certificateRevocationList',
'1.3.6.1.4.1.1466.115.121.1.9' => 'authorityRevocationList',
# Superior: Netscape Ldap attributes types (2.16.840.1.113730.3.1)
'2.16.840.1.113730.3.1.40' => 'userSMIMECertificate'
2009-06-30 19:29:51 +10:00
);
2009-06-30 19:40:37 +10:00
$schema_attr = $ldapserver->getSchemaAttribute($attr);
2009-06-30 20:46:00 +10:00
if (! $schema_attr)
2009-06-30 19:29:51 +10:00
return false;
2009-06-30 19:22:30 +10:00
2009-06-30 19:29:51 +10:00
$syntax = $schema_attr->getSyntaxOID();
2009-06-30 20:46:00 +10:00
if (isset($binary_attributes_with_options[$syntax]))
2009-06-30 19:29:51 +10:00
return true;
2009-06-30 19:22:30 +10:00
2009-06-30 19:29:51 +10:00
return false;
2009-06-30 19:22:30 +10:00
}
?>