1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class group extends plugin
24 {
25 /* Group attributes */
26 var $cn= "";
27 var $description= "";
28 var $gidNumber= "";
29 var $memberUid= array();
30 var $memberUid_used_by_some= array();
32 /* Helpers */
33 var $base= "";
34 var $force_gid= FALSE;
35 var $fon_group= FALSE;
36 var $smbgroup= FALSE;
37 var $groupType= FALSE;
38 var $sambaSID= "";
39 var $sambaDomainName= "DEFAULT";
40 var $SID= "";
41 var $ridBase= 0;
42 var $members= array();
43 var $users= array();
44 var $member= array();
45 var $allusers= array();
46 var $saved_gidNumber= "";
47 var $oldgroupType= "";
48 var $orig_dn= "";
49 var $orig_cn= "";
50 var $orig_base= "";
51 var $has_mailAccount= FALSE;
52 var $userSelect= FALSE;
53 var $nagios_group =FALSE;
54 var $sambaGroupType;
55 var $dialog;
56 var $rfc2307bis= FALSE;
57 var $OnlyShowFirstEntries =200;
58 var $dnMapping= array();
59 var $view_logged = FALSE;
60 var $allowGroupsWithSameNameInOtherSubtrees = true;
61 var $baseSelector;
63 /* attribute list for save action */
64 var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
65 var $objectclasses= array("top", "posixGroup");
67 var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
69 var $multiple_support = TRUE;
71 function group (&$config, $dn= NULL)
72 {
73 /* Set rfc2307bis flag */
74 if ($config->get_cfg_value("rfc2307bis") == "true"){
75 $this->rfc2307bis= TRUE;
76 $this->attributes[]= "member";
77 $this->objectclasses[]= "groupOfNames";
78 }
80 plugin::plugin ($config, $dn);
82 $this->trustModeDialog = new trustModeDialog($this->config, $this->dn,NULL);
83 $this->trustModeDialog->setAcl('groups/group');
85 /* Load attributes depending on the samba version */
86 $this->orig_dn= $dn;
87 $this->orig_cn= $this->cn;
89 /* Get member list */
90 if (isset($this->attrs['memberUid'][0])){
91 $tmp= array();
92 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
93 $tmp[$this->attrs['memberUid'][$i]]= $this->attrs['memberUid'][$i];
94 }
95 $this->memberUid= $tmp;
96 ksort ($this->memberUid);
97 }
99 /* Save gidNumber for later use */
100 if (isset($this->attrs['gidNumber'])){
101 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
102 }
104 /* Is a samba group? */
105 if (isset($this->attrs['objectClass'])){
106 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == FALSE ){
107 $this->smbgroup= FALSE;
108 } else {
109 $this->smbgroup= TRUE;
110 if (isset($this->attrs['sambaSID'])){
111 $this->sambaSID= $this->attrs['sambaSID'][0];
112 }
113 }
114 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == FALSE ){
115 $this->fon_group= FALSE;
116 } else {
117 $this->fon_group= TRUE;
118 }
119 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == FALSE ){
120 $this->nagios_group= FALSE;
121 } else {
122 $this->nagios_group= TRUE;
123 }
124 }
126 /* Set mail flag */
127 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
128 $this->has_mailAccount= TRUE;
129 }
131 /* Get samba Domain in case of samba 3 */
132 if ($this->sambaSID != ""){
133 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
134 $ldap= $this->config->get_ldap_link();
135 $ldap->cd($this->config->current['BASE']);
136 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
137 if ($ldap->count() != 0){
138 $attrs= $ldap->fetch();
139 if(isset($attrs['sambaAlgorithmicRidBase'])){
140 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
141 } else {
142 $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
143 }
145 /* Get domain name for SID */
146 $this->sambaDomainName= "DEFAULT";
147 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
148 if ($val['SID'] == $this->SID){
149 $this->sambaDomainName= $key;
150 break;
151 }
152 }
153 } else {
154 if ($this->config->get_cfg_value("sambaRidBase") != ""){
155 $this->sambaDomainName= "DEFAULT";
156 $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
157 $this->SID= $this->config->get_cfg_value("sid");
158 } else {
159 msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG);
160 }
161 }
163 /* Get group type */
164 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
165 if ($this->groupType < 500 || $this->groupType > 553){
166 $this->groupType= 0;
167 }
168 $this->oldgroupType= $this->groupType;
169 }
171 /* Get global filter config */
172 if (!session::is_set("gufilter")){
173 $ui= get_userinfo();
174 $base= get_base_from_people($ui->dn);
175 $gufilter= array( "dselect" => $base,
176 "regex" => "*");
177 session::set("gufilter", $gufilter);
178 }
179 $gufilter= session::get('gufilter');
180 $gufilter['SubSearchGroup'] = false;
181 session::set('gufilter',$gufilter);
183 if ($this->dn == "new"){
184 if(session::is_set('CurrentMainBase')){
185 $this->base = session::get('CurrentMainBase');
186 }else{
187 $ui= get_userinfo();
188 $this->base= dn2base($ui->dn);
189 }
190 } else {
192 /* Get object base */
193 $this->base =preg_replace ("/^[^,]+,".preg_quote(get_groups_ou(), '/')."/i","",$this->dn);
194 }
195 $this->orig_base = $this->base;
197 /* Get global filter config */
198 if (!session::is_set("sysfilter")){
199 $ui= get_userinfo();
200 $base= get_base_from_people($ui->dn);
201 $sysfilter= array( "depselect" => $base,
202 "regex" => "*");
203 session::set("sysfilter", $sysfilter);
204 }
206 /* This is always an account */
207 $this->is_account= TRUE;
209 /* Instanciate base selector */
210 $this->baseSelector= new baseSelector($this->get_allowed_bases(), $this->base);
211 $this->baseSelector->setSubmitButton(false);
212 $this->baseSelector->setHeight(300);
213 $this->baseSelector->update(true);
215 $this->reload(TRUE);
216 }
218 function execute()
219 {
220 /* Call parent execute */
221 plugin::execute();
223 /* Log view */
224 if($this->is_account && !$this->view_logged){
225 $this->view_logged = TRUE;
226 new log("view","groups/".get_class($this),$this->dn);
227 }
229 /* Do we represent a valid group? */
230 if (!$this->is_account && $this->parent === NULL){
231 $display= "<img alt=\"\" src=\"images/small-error.png\" align=\"middle\"> <b>".msgPool::noValidExtension()."</b>";
232 return ($display);
233 }
235 /* Delete user from group */
236 if (isset($_POST['del_users']) && isset($_POST['members']) && preg_match("/w/",$this->getacl("memberUid"))){
237 foreach ($_POST['members'] as $value){
238 unset ($this->members["$value"]);
239 $this->removeUser($value);
240 }
241 $this->reload();
242 }
244 /* Add objects? */
245 if (isset($_POST["edit_membership"]) && preg_match("/w/",$this->getacl("memberUid"))){
246 $this->userSelect= new userSelect($this->config, get_userinfo());
247 }
249 /* Add objects finished? */
250 if (isset($_POST["add_users_cancel"])){
251 $this->userSelect= NULL;
252 }
254 /* Add user to group */
255 if (isset($_POST['add_users_finish']) && $this->userSelect){
257 $users = $this->userSelect->detectPostActions();
258 if(isset($users['targets'])){
259 $headpage = $this->userSelect->getHeadpage();
260 foreach($users['targets'] as $dn){
261 $attrs = $headpage->getEntry($dn);
262 $value = $attrs['uid'][0];
263 $this->addUser($value);
264 $this->members["$value"]= $this->allusers[$value];
265 $this->reload();
266 }
267 }
268 $this->userSelect= NULL;
269 }
271 $smarty= get_smarty();
273 // Handle trust mode dialog
274 $this->dialog = FALSE;
275 $trustModeDialog = $this->trustModeDialog->execute();
276 if($this->trustModeDialog->trustSelect){
277 $this->dialog = TRUE;
278 return($trustModeDialog);
279 }
280 $smarty->assign("trustModeDialog" , $trustModeDialog);
282 $smarty->assign("usePrototype", "true");
284 if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
285 $smarty->assign("nagios",true);
286 }else{
287 $smarty->assign("nagios",false);
288 }
290 if($this->config->search("phoneAccount", "CLASS",array('menu'))){
291 $smarty->assign("pickupGroup",true);
292 }else{
293 $smarty->assign("pickupGroup",false);
294 }
296 /* Manage object add dialog */
297 if ($this->userSelect){
298 $this->dialog = TRUE;
299 return($this->userSelect->execute());
300 }
302 /* Create base acls */
303 $smarty->assign("base", $this->baseSelector->render());
305 $domains= array();
306 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
307 $domains[$name]= $name;
308 }
309 $smarty->assign("sambaDomains", $domains);
310 $smarty->assign("sambaDomainName", $this->sambaDomainName);
311 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
312 514 => _("Domain guests"));
314 /* Don't loose special groups! If not key'ed above, add it to
315 the combo box... */
316 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
317 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
318 }
320 $smarty->assign("groupTypes", $groupTypes);
321 $smarty->assign("groupType", $this->groupType);
324 /* Members and users */
325 $smarty->assign("members", $this->members);
327 /* Checkboxes */
328 foreach (array("force_gid", "smbgroup") as $val){
329 if ($this->$val == "1"){
330 $smarty->assign("$val", "checked");
331 } else {
332 $smarty->assign("$val", "");
333 }
334 }
335 if ($this->force_gid != "1"){
336 $smarty->assign("forceMode", "disabled");
337 }else{
338 $smarty->assign("forceMode", "");
339 }
340 if ($this->fon_group){
341 $smarty->assign("fon_group", "checked");
342 } else {
343 $smarty->assign("fon_group", "");
344 }
346 if ($this->nagios_group){
347 $smarty->assign("nagios_group", "checked");
348 } else {
349 $smarty->assign("nagios_group", "");
350 }
352 /* Fields */
353 foreach (array("cn", "description", "gidNumber") as $val){
354 $smarty->assign("$val", $this->$val);
355 }
357 $tmp = $this->plInfo();
358 foreach($tmp['plProvidedAcls'] as $name => $translation){
359 $smarty->assign($name."ACL",$this->getacl($name));
360 }
362 if($this->acl_is_writeable("base")){
363 $smarty->assign("baseSelect",true);
364 }else{
365 $smarty->assign("baseSelect",false);
366 }
368 /* Show main page */
369 $smarty->assign("alphabet", generate_alphabet(10));
370 $smarty->assign("search_image", get_template_path('images/lists/search.png'));
371 $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
372 $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
373 $smarty->assign("deplist", $this->config->idepartments);
375 /* Multiple edit handling */
376 $smarty->assign("multiple_support",$this->multiple_support_active);
378 $smarty->assign("memberUid_All",$this->memberUid);
379 $smarty->assign("memberUid_Some",$this->memberUid_used_by_some);
381 foreach($this->attributes as $val){
382 if(in_array($val,$this->multi_boxes)){
383 $smarty->assign("use_".$val,TRUE);
384 }else{
385 $smarty->assign("use_".$val,FALSE);
386 }
387 }
388 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group") as $val){
389 if(in_array($val,$this->multi_boxes)){
390 $smarty->assign("use_".$val,TRUE);
391 }else{
392 $smarty->assign("use_".$val,FALSE);
393 }
394 }
396 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
397 }
399 function addUser($uid)
400 {
401 /* In mutliple edit we have to handle two arrays.
402 * memberUid : Containing users used in all groups
403 * memberUid_used_by_some : Those which are not used in all groups
404 * So we have to remove the given $uid from the ..used_by_some array first.
405 */
406 if($this->multiple_support_active){
407 if(isset($this->memberUid_used_by_some[$uid])){
408 unset($this->memberUid_used_by_some[$uid]);
409 }
410 }
412 /* Ensure that the requested object is known to the group class
413 */
414 if(!isset($this->dnMapping[$uid])){
415 $ldap = $this->config->get_ldap_link();
416 $ldap->cd($this->config->current['BASE']);
417 $ldap->search("(&(objectClass=gosaAccount)(uid=".$uid."))",array("dn", "uid","sn","givenName"));
418 if($ldap->count() == 0 ){
419 msg_dialog::display(_("Error"),
420 sprintf(_("Adding UID '%s' to group '%s' failed: cannot find user object!"),
421 $uid,$this->cn),
422 ERROR_DIALOG);
423 return;
424 }elseif($ldap->count() >= 2){
425 msg_dialog::display(_("Error"),
426 sprintf(_("Add UID '%s' to group '%s' failed: UID is used more than once!"),
427 $uid,$this->cn),
428 ERROR_DIALOG);
429 return;
430 }else{
431 while($attrs = $ldap->fetch()){
432 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
433 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
434 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
435 }
436 }
437 }
439 $this->memberUid[$uid]= $uid;
440 }
443 function removeUser($uid)
444 {
445 $temp= array();
446 if(isset($this->memberUid[$uid])){
447 unset($this->memberUid[$uid]);
448 }
450 /* We have two array contianing group members in multiple edit.
451 * this->memberUid : Groups used by all currently edited groups
452 * this->memberUid_used_by_some: Used by some
453 * So we have to remove the specified uid from both arrays.
454 */
455 if($this->multiple_support_active){
456 if(isset($this->memberUid_used_by_some[$uid])){
457 unset($this->memberUid_used_by_some[$uid]);
458 }
459 }
460 }
462 /* Reload data */
463 function reload($silent = FALSE)
464 {
465 /* Fix regex string */
466 $gufilter = session::get("gufilter");
467 $regex = normalizeLdap($gufilter['regex']);
468 $MaxUser = $this->OnlyShowFirstEntries;
470 /* Prepare ldap link */
471 $ldap= $this->config->get_ldap_link();
472 $ldap->cd($gufilter['dselect']);
475 /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
476 (Store gathered sn/givenName informations in $this->allusers too,
477 to be prepared when adding/deleting users)
478 */
479 $filter = "";
480 if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
481 count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
482 foreach ($this->memberUid as $value){
483 if(!isset($this->members[$value])){
484 $filter .= "(uid=".normalizeLdap($value).")";
485 }
486 }
487 }
489 if(!empty($filter)){
490 $ldap->cd($this->config->current['BASE']);
491 $ldap->search("(&(objectClass=gosaAccount)(|".$filter."))",array("dn", "uid","sn","givenName"));
492 while($attrs = $ldap->fetch()){
493 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
494 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
495 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
496 }
497 }
499 /* check if all uids are resolved */
500 if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
501 count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
502 foreach ($this->memberUid as $value){
503 if(!isset($this->members[$value])){
504 $this->members[$value] = _("! unknown UID")." [".$value."]";
505 }
506 }
507 }else{
508 foreach ($this->memberUid as $value){
509 $this->members[$value] = $value;
510 }
511 }
513 /* Create display list of users matching regex & filter
514 */
515 $this->displayUsers = array();
516 $filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
518 /* Search in current tree or within subtrees depending on the checkbox from filter section */
519 if($gufilter['SubSearchGroup']){
520 $flag = GL_SIZELIMIT | GL_SUBSEARCH;
521 $base = $gufilter['dselect'];
522 }else{
523 $flag = GL_SIZELIMIT ;
524 $base = get_people_ou().$gufilter['dselect'];
525 }
526 $i = 0;
529 $res = get_list($filter,"users",$base,array("dn", "uid", "sn", "givenName"),$flag);
531 /* Fetch all users and skip already used users */
532 foreach($res as $attrs){
533 if(in_array($attrs['uid'][0], $this->memberUid)) {
534 continue;
535 }
536 $i ++;
537 if($i > $MaxUser) {
538 break;
539 }
540 $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
541 $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
542 $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
543 }
545 /* If more than max users are found, display a message to warn the user */
546 if($i == $MaxUser && !$silent){
547 msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG);
548 }
550 /* Sort lists */
551 natcasesort($this->members);
552 reset($this->members);
553 natcasesort ($this->displayUsers);
554 reset ($this->displayUsers);
555 }
558 /* Create display name, this was used so often that it is excluded into a seperate function */
559 function createResultName($attrs)
560 {
561 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
562 $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
563 } else {
564 $ret= $attrs['uid'][0];
565 }
566 return($ret);
567 }
570 function remove_from_parent()
571 {
572 plugin::remove_from_parent();
574 $ldap= $this->config->get_ldap_link();
575 $ldap->rmdir($this->dn);
576 if (!$ldap->success()){
577 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
578 }
580 new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
582 /* Delete references to object groups */
583 $ldap->cd ($this->config->current['BASE']);
584 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
585 while ($ldap->fetch()){
586 $og= new ogroup($this->config, $ldap->getDN());
587 unset($og->member[$this->dn]);
588 $og->save ();
589 }
591 /* Remove ACL dependencies too,
592 */
593 $ldap = $this->config->get_ldap_link();
594 $ldap->cd($this->config->current['BASE']);
595 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
596 while($attrs = $ldap->fetch()){
597 $acl = new acl($this->config,$this->parent,$attrs['dn']);
598 foreach($acl->gosaAclEntry as $id => $entry){
599 foreach($entry['members'] as $m_id => $member){
600 if($m_id == "G:".$this->dn || $m_id == "U:".$this->dn){
601 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
602 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn']));
603 }
604 }
605 }
606 $acl->save();
607 }
609 /* Remove ACL dependencies, too */
610 acl::remove_acl_for($this->dn);
612 /* Send signal to the world that we've done */
613 $this->handle_post_events("remove");
614 }
617 /* Save data to object */
618 function save_object()
619 {
620 /* Save additional values for possible next step */
621 if (isset($_POST['groupedit'])){
623 /* Create a base backup and reset the
624 base directly after calling plugin::save_object();
625 Base will be set seperatly a few lines below */
626 $base_tmp = $this->base;
627 plugin::save_object();
628 $this->trustModeDialog->save_object();
629 $this->base = $base_tmp;
631 /* Refresh base */
632 if ($this->acl_is_moveable($this->base)){
633 if (!$this->baseSelector->update()) {
634 msg_dialog::display(_("Error"), msgPool::permMove(), ERROR_DIALOG);
635 }
636 if ($this->base != $this->baseSelector->getBase()) {
637 $this->base= $this->baseSelector->getBase();
638 $this->is_modified= TRUE;
639 }
640 }
642 $this->force_gid= 0;
644 /* Only reset sambagroup flag if we are able to write this flag */
645 if($this->acl_is_writeable("sambaGroupType")){
646 $this->smbgroup = 0;
647 }
649 foreach (array(
650 "force_gid" => "gidNumber",
651 "smbgroup" => "sambaGroupType") as $val => $aclname) {
652 if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
653 $this->$val= $_POST["$val"];
654 }
655 }
657 /* Save sambaDomain attribute */
658 if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
659 $this->sambaDomainName= $_POST['sambaDomainName'];
660 $this->groupType= $_POST['groupType'];
661 }
663 /* Save fon attribute */
664 if ($this->acl_is_writeable("fonGroup")){
665 if (isset ($_POST['fon_group'])){
666 $this->fon_group= TRUE;
667 } else {
668 $this->fon_group= FALSE;
669 }
670 }
671 if ($this->acl_is_writeable("nagiosGroup")){
672 if (isset ($_POST['nagios_group'])){
673 $this->nagios_group= TRUE;
674 } else {
675 $this->nagios_group= FALSE;
676 }
677 }
678 }
679 }
682 /* Save to LDAP */
683 function save()
684 {
686 /* ID handling */
687 if ($this->force_gid == 0){
688 if ($this->saved_gidNumber != ""){
689 $this->gidNumber= $this->saved_gidNumber;
690 } else {
691 /* Calculate new, lock uids */
692 $wait= 10;
693 while (get_lock("gidnumber") != ""){
694 sleep (1);
696 /* timed out? */
697 if ($wait-- == 0){
698 break;
699 }
700 }
701 add_lock ("gidnumber", "gosa");
702 $this->gidNumber= get_next_id("gidNumber", $this->dn);
703 }
704 }
706 plugin::save();
708 /* Remove objectClass for samba/phone support */
709 $tmp= array();
710 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
711 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
712 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
713 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
714 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
715 $tmp[]= $this->attrs['objectClass'][$i];
716 }
717 }
718 $this->attrs['objectClass']= $tmp;
719 $ldap= $this->config->get_ldap_link();
721 /* Add samba group functionality */
722 if ($this->smbgroup){
724 /* Fixed undefined index ...
725 */
726 $this->SID = $this->ridBase = "";
727 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
728 $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
729 }else{
730 msg_dialog::display(_("Error"), sprintf(_("Cannot find any SID for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
731 }
732 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
733 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
734 }else{
735 msg_dialog::display(_("Error"), sprintf(_("Cannot find any RIDBASE for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
736 }
738 $this->attrs['objectClass'][]= 'sambaGroupMapping';
739 $this->attrs['sambaGroupType']= "2";
741 /* Check if we need to create a special entry */
742 if ($this->groupType == 0){
744 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
745 $sid = $this->getSambaSID();
746 $this->attrs['sambaSID']= $sid;
747 $this->sambaSID= $sid;
748 }
750 } else {
751 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
752 }
754 /* User wants me to fake the idMappings? This is useful for
755 making winbind resolve the group names in a reasonable amount
756 of time in combination with larger databases. */
757 if ($this->config->get_cfg_value("sambaidmapping") == "true"){
758 $this->attrs['objectClass'][]= "sambaIdmapEntry";
759 }
761 }
763 /* Add phone functionality */
764 if ($this->fon_group){
765 $this->attrs['objectClass'][]= "goFonPickupGroup";
766 }
768 /* Add nagios functionality */
769 if ($this->nagios_group){
770 $this->attrs['objectClass'][]= "nagiosContactGroup";
771 }
773 /* Take members array */
774 if (count ($this->memberUid)){
775 $this->attrs['memberUid']= array_values(array_unique($this->memberUid));
776 }
778 /* New accounts need proper 'dn', propagate it to remaining objects */
779 if ($this->dn == 'new'){
780 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
781 }
783 /* Add member dn's for RFC2307bis Support */
784 if ($this->rfc2307bis){
785 $this->attrs['member'] = array();
786 if (count($this->memberUid)){
787 foreach($this->attrs['memberUid'] as $uid) {
789 if(isset($this->dnMapping[$uid])){
790 $this->attrs['member'][]= $this->dnMapping[$uid];
791 }
792 }
793 } else {
794 $this->attrs['member'][]= $this->dn;
795 }
796 }
798 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
799 new entries. So do a check first... */
800 $ldap->cat ($this->dn, array('dn'));
801 if ($ldap->fetch()){
802 /* Modify needs array() to remove values :-( */
803 if (!count ($this->memberUid)){
804 $this->attrs['memberUid']= array();
805 }
806 if (!$this->smbgroup){
807 $this->attrs['sambaGroupType']= array();
808 $this->attrs['sambaSID']= array();
809 }
811 $mode= "modify";
812 } else {
813 $mode= "add";
814 $ldap->cd($this->config->current['BASE']);
815 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
816 }
818 $this->trustModeDialog->dn = $this->dn;
819 $this->trustModeDialog->save();
821 /* Check generated gidNumber, it may be used by another group.
822 */
823 if($this->gidNumber != ""){
824 $ldap->cd($this->config->current['BASE']);
825 $ldap->search("(&(!(cn=".$this->orig_cn."))(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))",array("cn"));
826 if($ldap->count()){
827 $cns = "";
828 while($attrs = $ldap->fetch()){
829 $cns .= $attrs['cn'][0].", ";
830 }
831 $cns = rtrim($cns,", ");
832 msg_dialog::display(_("Warning"),sprintf(_("The gidNumber '%s' is already in use by %s!"),$this->gidNumber,$cns) , WARNING_DIALOG );
833 }
834 }
836 /* Write back to ldap */
837 $ldap->cd($this->dn);
838 $this->cleanup();
839 $ldap->$mode($this->attrs);
841 /* Remove ACL dependencies too,
842 */
843 if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
844 $tmp = new acl($this->config,$this->parent,$this->dn);
845 $tmp->update_acl_membership($this->orig_dn,$this->dn);
846 }
848 if($this->initially_was_account){
849 new log("modify","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
850 }else{
851 new log("create","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
852 }
854 $ret= 0;
855 if (!$ldap->success()){
856 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
857 $ret= 1;
858 }
860 /* Remove uid lock */
861 del_lock ("gidnumber");
863 /* Post that we've done*/
864 $this->handle_post_events($mode);
866 return ($ret);
867 }
869 function check()
870 {
871 /* Call common method to give check the hook */
872 $message= plugin::check();
874 /* Permissions for that base? */
875 if ($this->base != ""){
876 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
877 } else {
878 $new_dn= $this->dn;
879 }
881 /* must: cn */
882 if ($this->cn == "" && $this->acl_is_writeable("cn")){
883 $message[]= msgPool::required(_("Name"));
884 }
886 // Check if a wrong base was supplied
887 if(!$this->baseSelector->checkLastBaseUpdate()){
888 $message[]= msgPool::check_base();;
889 }
891 /* Check for valid input */
892 if (!tests::is_uid($this->cn)){
893 if (strict_uid_mode()){
894 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/");
895 } else {
896 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/i");
897 }
898 }
900 // Check if a wrong base was supplied
901 if(!$this->baseSelector->checkLastBaseUpdate()){
902 $message[]= msgPool::check_base();;
903 }
905 if($this->allowGroupsWithSameNameInOtherSubtrees == true){
907 /* Check for used 'cn' */
908 $ldap= $this->config->get_ldap_link();
909 if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
910 $ldap->cd(get_groups_ou().$this->base);
911 $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
912 if ($ldap->count() != 0){
913 $message[]= msgPool::duplicated(_("Name"));
914 }
915 }
917 }else{
919 /* Check for used 'cn' */
920 $ldap= $this->config->get_ldap_link();
921 $ldap->cd($this->config->current['BASE']);
922 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
923 if ($ldap->count() != 0){
925 /* New entry? */
926 if ($this->dn == 'new'){
927 $message[]= msgPool::duplicated(_("Name"));
928 }
930 /* Moved? */
931 elseif ($new_dn != $this->orig_dn){
932 $ldap->fetch();
933 if ($ldap->getDN() != $this->orig_dn){
934 $message[]= msgPool::duplicated(_("Name"));
935 }
936 }
937 }
938 }
940 /* Check ID */
941 if ($this->force_gid == "1"){
942 if (!tests::is_id($this->gidNumber)){
943 $message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/");
944 } else {
945 if ($this->gidNumber < $this->config->get_cfg_value("minId")){
946 $message[]= msgPool::toosmall(_("GID"), $this->config->get_cfg_value("minId"));
947 }
949 }
950 }
952 /* Check if we are allowed to create or move this object
953 */
954 if(!$this->orig_dn == "new" ||
955 $this->orig_base != $this->base ||
956 $this->cn != $this->orig_cn){
958 if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
959 $message[] = msgPool::permCreate();
960 }elseif($this->orig_dn != "new" && !$this->acl_is_moveable($this->base)){
961 $message[] = msgPool::permMove();
962 }
963 }
965 return ($message);
966 }
969 function getCopyDialog()
970 {
971 $vars = array("cn");
973 if($this ->force_gid){
974 $used = " checked ";
975 $dis = "";
976 }else{
977 $used = "";
978 $dis = " disabled ";
979 }
981 $smarty = get_smarty();
982 $smarty->assign("used",$used);
983 $smarty->assign("dis" ,$dis);
984 $smarty->assign("cn" ,$this->cn);
985 $smarty->assign("gidNumber",$this->gidNumber);
986 $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
987 $ret = array();
988 $ret['string'] = $str;
989 $ret['status'] = "";
990 return($ret);
991 }
993 function saveCopyDialog()
994 {
995 if(isset($_POST['cn'])){
996 $this->cn = $_POST['cn'];
997 }
998 if(isset($_POST['force_gid'])){
999 $this->force_gid = 1;
1000 $this->gidNumber= $_POST['gidNumber'];
1001 }else{
1002 $this->force_gid = 0;
1003 $this->gidNumber = false;
1004 }
1005 }
1008 /* Return plugin informations for acl handling */
1009 static function plInfo()
1010 {
1011 return (array(
1012 "plShortName" => _("Generic"),
1013 "plDescription" => _("Generic group settings"),
1014 "plSelfModify" => FALSE,
1015 "plDepends" => array(),
1016 "plPriority" => 0,
1017 "plSection" => array("administration"),
1018 "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
1020 "plProvidedAcls" => array(
1021 "cn" => _("Name"),
1022 "description" => _("Description"),
1023 "base" => _("Base"),
1025 "gidNumber" => _("GID"),
1027 "sambaGroupType" => _("Samba group type"),
1028 "sambaDomainName" => _("Samba domain name"),
1029 "accessTo" => _("System trust"),
1030 "fonGroup" => _("Phone pickup group"),
1031 "nagiosGroup" => _("Nagios group"),
1033 "memberUid" => _("Group member"))
1034 ));
1035 }
1038 function multiple_save_object()
1039 {
1040 if(isset($_POST['group_mulitple_edit'])){
1042 /* Create a base backup and reset the
1043 base directly after calling plugin::save_object();
1044 Base will be set seperatly a few lines below */
1045 $base_tmp = $this->base;
1046 plugin::multiple_save_object();
1047 plugin::save_object();
1048 $this->trustModeDialog->multiple_save_object();
1049 $this->base = $base_tmp;
1051 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group") as $attr){
1052 if(isset($_POST['use_'.$attr])){
1053 $this->multi_boxes[] = $attr;
1054 }
1055 }
1057 /* Refresh base */
1058 if ($this->acl_is_moveable($this->base)){
1059 if (!$this->baseSelector->update()) {
1060 msg_dialog::display(_("Error"), msgPool::permMove(), ERROR_DIALOG);
1061 }
1062 if ($this->base != $this->baseSelector->getBase()) {
1063 $this->base= $this->baseSelector->getBase();
1064 $this->is_modified= TRUE;
1065 }
1066 }
1068 foreach (array( "smbgroup" => "sambaGroupType" ,"nagios_group" => "nagios_group") as $val => $aclname) {
1069 if ($this->acl_is_writeable($aclname)){
1070 if(isset($_POST["$val"])){
1071 $this->$val= TRUE;
1072 }else{
1073 $this->$val= FALSE;
1074 }
1075 }
1076 }
1078 /* Save sambaDomain attribute */
1079 if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
1080 $this->sambaDomainName= $_POST['sambaDomainName'];
1081 $this->groupType= $_POST['groupType'];
1082 }
1084 /* Save fon attribute */
1085 if ($this->acl_is_writeable("fonGroup")){
1086 if (isset ($_POST['fon_group'])){
1087 $this->fon_group= TRUE;
1088 } else {
1089 $this->fon_group= FALSE;
1090 }
1091 }
1092 }
1093 }
1096 function get_multi_edit_values()
1097 {
1098 $ret = plugin::get_multi_edit_values();
1099 $ret = array_merge($ret,$this->trustModeDialog->get_multi_edit_values());
1101 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group") as $attr){
1102 if(in_array($attr,$this->multi_boxes)){
1103 $ret[$attr] = $this->$attr;
1104 }
1105 }
1107 $ret['memberUid'] = $this->memberUid;
1108 $ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
1109 return($ret);
1110 }
1112 function multiple_execute()
1113 {
1114 return($this->execute());
1115 }
1118 /* Initialize plugin with given atribute arrays
1119 */
1120 function init_multiple_support($attrs,$all)
1121 {
1122 plugin::init_multiple_support($attrs,$all);
1123 $this->trustModeDialog->init_multiple_support($attrs,$all);
1125 $this->memberUid = array();
1126 $this->memberUid_used_by_some = array();
1127 if (isset($attrs['memberUid'])){
1128 for ($i= 0; $i<$attrs['memberUid']['count']; $i++){
1129 $this->memberUid[$attrs['memberUid'][$i]]= $attrs['memberUid'][$i];
1130 }
1131 ksort($this->memberUid);
1132 }
1134 if (isset($all['memberUid'])){
1135 for ($i= 0; $i<$all['memberUid']['count']; $i++){
1136 if(!in_array($all['memberUid'][$i],$this->memberUid)){
1137 $this->memberUid_used_by_some[$all['memberUid'][$i]]= $all['memberUid'][$i];
1138 }
1139 }
1140 ksort($this->memberUid_used_by_some);
1141 }
1142 }
1145 function PrepareForCopyPaste($source)
1146 {
1147 plugin::PrepareForCopyPaste($source);
1149 $this->trustModeDialog->PrepareForCopyPaste($source);
1151 if ($this->smbgroup) {
1152 $this->sambaSID = $this->getSambaSID();
1153 }
1155 $this->memberUid = array();
1156 if(isset($source['memberUid'])){
1157 for($i = 0 ; $i < $source['memberUid']['count']; $i ++){
1158 $this->memberUid[] = $source['memberUid'][$i];
1159 }
1160 }
1161 }
1164 function set_acl_base($base)
1165 {
1166 plugin::set_acl_base($base);
1167 $this->trustModeDialog->set_acl_base($base);
1168 }
1171 /*! \brief Enables multiple support for this plugin
1172 */
1173 function enable_multiple_support()
1174 {
1175 plugin::enable_multiple_support();
1176 $this->trustModeDialog->enable_multiple_support();
1177 }
1180 function set_multi_edit_values($attrs)
1181 {
1182 $users = array();
1184 /* Update groupMembership, keep optinal group */
1185 foreach($attrs['memberUid_used_by_some'] as $uid){
1186 if(in_array($uid,$this->memberUid)){
1187 $users[$uid] = $uid;
1188 }
1189 }
1191 /* Update groupMembership, add forced groups */
1192 foreach($attrs['memberUid'] as $uid){
1193 $users[$uid] = $uid;
1194 }
1195 plugin::set_multi_edit_values($attrs);
1196 $this->trustModeDialog->set_multi_edit_values($attrs);
1197 $this->memberUid = $users;
1198 }
1201 /*! \brief Get a new SambaSID for a group */
1202 function getSambaSID()
1203 {
1204 $ldap = $this->config->get_ldap_link();
1205 $gidNumber= $this->gidNumber;
1206 while(TRUE){
1207 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
1208 $ldap->cd($this->config->current['BASE']);
1209 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
1210 if ($ldap->count() == 0){
1211 break;
1212 }
1213 $gidNumber++;
1214 }
1216 return $sid;
1217 }
1219 }
1220 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1221 ?>