1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class group extends plugin
24 {
25 /* Group attributes */
26 var $cn= "";
27 var $description= "";
28 var $gidNumber= "";
29 var $memberUid= array();
30 var $memberUid_used_by_some= array();
32 /* Helpers */
33 var $base= "";
34 var $force_gid= FALSE;
35 var $fon_group= FALSE;
36 var $smbgroup= FALSE;
37 var $groupType= FALSE;
38 var $samba3= FALSE;
39 var $sambaSID= "";
40 var $sambaDomainName= "DEFAULT";
41 var $SID= "";
42 var $ridBase= 0;
43 var $members= array();
44 var $users= array();
45 var $member= array();
46 var $allusers= array();
47 var $saved_gidNumber= "";
48 var $oldgroupType= "";
49 var $orig_dn= "";
50 var $orig_cn= "";
51 var $has_mailAccount= FALSE;
52 var $group_dialog= FALSE;
53 var $nagios_group =FALSE;
54 var $sambaGroupType;
55 var $dialog;
56 var $rfc2307bis= FALSE;
57 var $OnlyShowFirstEntries =200;
58 var $dnMapping= array();
59 var $view_logged = FALSE;
60 var $allowGroupsWithSameNameInOtherSubtrees = true;
62 /* attribute list for save action */
63 var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
64 var $objectclasses= array("top", "posixGroup");
66 var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
68 var $multiple_support = TRUE;
70 function group (&$config, $dn= NULL)
71 {
72 /* Set rfc2307bis flag */
73 if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
74 $this->rfc2307bis= TRUE;
75 $this->attributes[]= "member";
76 $this->objectclasses[]= "groupOfNames";
77 }
79 plugin::plugin ($config, $dn);
81 /* Load attributes depending on the samba version */
82 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
83 $this->orig_dn= $dn;
84 $this->orig_cn= $this->cn;
86 /* Get member list */
87 if (isset($this->attrs['memberUid'][0])){
88 $tmp= array();
89 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
90 $tmp[$this->attrs['memberUid'][$i]]= $this->attrs['memberUid'][$i];
91 }
92 $this->memberUid= $tmp;
93 ksort ($this->memberUid);
94 }
96 /* Save gidNumber for later use */
97 if (isset($this->attrs['gidNumber'])){
98 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
99 }
101 /* Is a samba group? */
102 if (isset($this->attrs['objectClass'])){
103 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == FALSE ){
104 $this->smbgroup= FALSE;
105 } else {
106 $this->smbgroup= TRUE;
107 if (isset($this->attrs['sambaSID'])){
108 $this->sambaSID= $this->attrs['sambaSID'][0];
109 }
110 }
111 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == FALSE ){
112 $this->fon_group= FALSE;
113 } else {
114 $this->fon_group= TRUE;
115 }
116 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == FALSE ){
117 $this->nagios_group= FALSE;
118 } else {
119 $this->nagios_group= TRUE;
120 }
121 }
123 /* Set mail flag */
124 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
125 $this->has_mailAccount= TRUE;
126 }
128 /* Get samba Domain in case of samba 3 */
129 if ($this->samba3 && $this->sambaSID != ""){
130 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
131 $ldap= $this->config->get_ldap_link();
132 $ldap->cd($this->config->current['BASE']);
133 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
134 if ($ldap->count() != 0){
135 $attrs= $ldap->fetch();
136 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
138 /* Get domain name for SID */
139 $this->sambaDomainName= "DEFAULT";
140 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
141 if ($val['SID'] == $this->SID){
142 $this->sambaDomainName= $key;
143 break;
144 }
145 }
146 } else {
147 if (isset($this->config->current['RIDBASE'])){
148 $this->sambaDomainName= "DEFAULT";
149 $this->ridBase= $this->config->current['RIDBASE'];
150 $this->SID= $this->config->current['SID'];
151 } else {
152 msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG);
153 }
154 }
156 /* Get group type */
157 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
158 if ($this->groupType < 500 || $this->groupType > 553){
159 $this->groupType= 0;
160 }
161 $this->oldgroupType= $this->groupType;
162 }
164 /* Get global filter config */
165 if (!session::is_set("gufilter")){
166 $ui= get_userinfo();
167 $base= get_base_from_people($ui->dn);
168 $gufilter= array( "dselect" => $base,
169 "regex" => "*");
170 session::set("gufilter", $gufilter);
171 }
172 $gufilter= session::get('gufilter');
173 $gufilter['SubSearchGroup'] = false;
174 session::set('gufilter',$gufilter);
176 if ($this->dn == "new"){
177 if(session::is_set('CurrentMainBase')){
178 $this->base = session::get('CurrentMainBase');
179 }else{
180 $ui= get_userinfo();
181 $this->base= dn2base($ui->dn);
182 }
183 } else {
185 /* Get object base */
186 $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
187 }
189 /* This is always an account */
190 $this->is_account= TRUE;
191 $this->reload();
192 }
194 function execute()
195 {
196 /* Call parent execute */
197 plugin::execute();
199 /* Log view */
200 if($this->is_account && !$this->view_logged){
201 $this->view_logged = TRUE;
202 new log("view","groups/".get_class($this),$this->dn);
203 }
205 /* Do we represent a valid group? */
206 if (!$this->is_account && $this->parent === NULL){
207 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
208 _("This 'dn' is no group.")."</b>";
209 return ($display);
210 }
212 /* Delete user from group */
213 if (isset($_POST['del_users']) && isset($_POST['members'])){
214 foreach ($_POST['members'] as $value){
215 unset ($this->members["$value"]);
216 $this->removeUser($value);
217 }
218 $this->reload();
219 }
221 /* Add objects? */
222 if (isset($_POST["edit_membership"])){
223 $this->group_dialog= TRUE;
224 $this->dialog= TRUE;
225 }
227 /* Add objects finished? */
228 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
229 $this->group_dialog= FALSE;
230 $this->dialog= FALSE;
231 }
233 /* Add user to group */
234 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
235 foreach ($_POST['users'] as $value){
236 $this->members["$value"]= $this->allusers[$value];
237 asort($this->members);
238 $this->addUser($value);
239 }
240 $this->reload();
241 }
243 /* Base select dialog */
244 $once = true;
245 foreach($_POST as $name => $value){
246 if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
248 $once = false;
249 $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
250 $this->dialog->setCurrentBase($this->base);
251 }
252 }
254 /* Dialog handling */
255 if(is_object($this->dialog)){
256 /* Must be called before save_object */
257 $this->dialog->save_object();
259 if($this->dialog->isClosed()){
260 $this->dialog = false;
261 }elseif($this->dialog->isSelected()){
263 /* Check if selected base is valid */
264 $tmp = $this->get_allowed_bases();
265 if(isset($tmp[$this->dialog->isSelected()])){
266 $this->base = $this->dialog->isSelected();
267 }
268 $this->dialog= false;
269 }else{
270 return($this->dialog->execute());
271 }
272 }
274 /* Assign templating stuff */
275 $smarty= get_smarty();
276 if ($this->samba3){
277 $smarty->assign("samba3", "true");
278 } else {
279 $smarty->assign("samba3", "");
280 }
282 if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
283 $smarty->assign("nagios",true);
284 }else{
285 $smarty->assign("nagios",false);
286 }
288 if($this->config->search("phoneAccount", "CLASS",array('menu'))){
289 $smarty->assign("pickupGroup",true);
290 }else{
291 $smarty->assign("pickupGroup",false);
292 }
294 /* Manage object add dialog */
295 if ($this->group_dialog){
297 /* Save data */
298 $gufilter= session::get("gufilter");
299 foreach( array("dselect", "regex") as $type){
300 if (isset($_POST[$type])){
301 $gufilter[$type]= $_POST[$type];
302 }
303 }
304 if(isset($_POST['regex'])){
305 if(isset($_POST['SubSearchGroup'])){
306 $gufilter['SubSearchGroup'] = true;
307 }else{
308 $gufilter['SubSearchGroup'] = false;
309 }
310 }
312 if (isset($_GET['search'])){
313 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
314 if ($s == "**"){
315 $s= "*";
316 }
317 $gufilter['regex']= $s;
318 }
319 session::set("gufilter", $gufilter);
320 $this->reload();
322 /* Show dialog */
323 $smarty->assign("search_image", get_template_path('images/search.png'));
324 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
325 $smarty->assign("tree_image", get_template_path('images/tree.png'));
327 $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
328 $smarty->assign("alphabet", generate_alphabet());
329 foreach( array("dselect", "regex","SubSearchGroup") as $type){
330 $smarty->assign("$type", $gufilter[$type]);
331 }
332 $smarty->assign("hint", print_sizelimit_warning());
333 $smarty->assign("users", $this->displayUsers);
334 $smarty->assign("apply", apply_filter());
335 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
336 return ($display);
337 }
339 $smarty->assign("bases", $this->get_allowed_bases());
340 $smarty->assign("base_select", $this->base);
342 if ($this->samba3){
343 $domains= array();
344 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
345 $domains[$name]= $name;
346 }
347 $smarty->assign("sambaDomains", $domains);
348 $smarty->assign("sambaDomainName", $this->sambaDomainName);
349 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
350 514 => _("Domain guests"));
352 /* Don't loose special groups! If not key'ed above, add it to
353 the combo box... */
354 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
355 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
356 }
358 $smarty->assign("groupTypes", $groupTypes);
359 $smarty->assign("groupType", $this->groupType);
360 }
362 /* Members and users */
363 $smarty->assign("members", $this->members);
365 /* Checkboxes */
366 foreach (array("force_gid", "smbgroup") as $val){
367 if ($this->$val == "1"){
368 $smarty->assign("$val", "checked");
369 } else {
370 $smarty->assign("$val", "");
371 }
372 }
373 if ($this->force_gid != "1"){
374 $smarty->assign("forceMode", "disabled");
375 }else{
376 $smarty->assign("forceMode", "");
377 }
378 if ($this->fon_group){
379 $smarty->assign("fon_group", "checked");
380 } else {
381 $smarty->assign("fon_group", "");
382 }
384 if ($this->nagios_group){
385 $smarty->assign("nagios_group", "checked");
386 } else {
387 $smarty->assign("nagios_group", "");
388 }
390 /* Fields */
391 foreach (array("cn", "description", "gidNumber") as $val){
392 $smarty->assign("$val", $this->$val);
393 }
395 $tmp = $this->plInfo();
396 foreach($tmp['plProvidedAcls'] as $name => $translation){
397 $smarty->assign($name."ACL",$this->getacl($name));
398 }
400 if($this->acl_is_writeable("base")){
401 $smarty->assign("baseSelect",true);
402 }else{
403 $smarty->assign("baseSelect",false);
404 }
406 /* Show main page */
407 $smarty->assign("alphabet", generate_alphabet(10));
408 $smarty->assign("search_image", get_template_path('images/search.png'));
409 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
410 $smarty->assign("tree_image", get_template_path('images/tree.png'));
411 $smarty->assign("deplist", $this->config->idepartments);
413 /* Multiple edit handling */
414 $smarty->assign("multiple_support",$this->multiple_support_active);
416 $smarty->assign("memberUid_All",$this->memberUid);
417 $smarty->assign("memberUid_Some",$this->memberUid_used_by_some);
419 foreach($this->attributes as $val){
420 if(in_array($val,$this->multi_boxes)){
421 $smarty->assign("use_".$val,TRUE);
422 }else{
423 $smarty->assign("use_".$val,FALSE);
424 }
425 }
426 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $val){
427 if(in_array($val,$this->multi_boxes)){
428 $smarty->assign("use_".$val,TRUE);
429 }else{
430 $smarty->assign("use_".$val,FALSE);
431 }
432 }
434 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
435 }
437 function addUser($uid)
438 {
439 /* In mutliple edit we have to handle two arrays.
440 * memberUid : Containing users used in all groups
441 * memberUid_used_by_some : Those which are not used in all groups
442 * So we have to remove the given $uid from the ..used_by_some array first.
443 */
444 if($this->multiple_support_active){
445 if(isset($this->memberUid_used_by_some[$uid])){
446 unset($this->memberUid_used_by_some[$uid]);
447 }
448 }
450 $this->memberUid[$uid]= $uid;
451 }
454 function removeUser($uid)
455 {
456 $temp= array();
457 if(isset($this->memberUid[$uid])){
458 unset($this->memberUid[$uid]);
459 }
461 /* We have two array contianing group members in multiple edit.
462 * this->memberUid : Groups used by all currently edited groups
463 * this->memberUid_used_by_some: Used by some
464 * So we have to remove the specified uid from both arrays.
465 */
466 if($this->multiple_support_active){
467 if(isset($this->memberUid_used_by_some[$uid])){
468 unset($this->memberUid_used_by_some[$uid]);
469 }
470 }
471 }
473 /* Reload data */
474 function reload()
475 {
476 /* Fix regex string */
477 $gufilter = session::get("gufilter");
478 $regex = normalizeLdap($gufilter['regex']);
479 $MaxUser = $this->OnlyShowFirstEntries;
481 /* Prepare ldap link */
482 $ldap= $this->config->get_ldap_link();
483 $ldap->cd($gufilter['dselect']);
486 /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
487 (Store gathered sn/givenName informations in $this->allusers too,
488 to be prepared when adding/deleting users)
489 */
490 $filter = "";
491 foreach ($this->memberUid as $value){
492 if(!isset($this->members[$value])){
493 $filter .= "(uid=".normalizeLdap($value).")";
494 }
495 }
496 if(!empty($filter)){
497 $ldap->cd($this->config->current['BASE']);
498 $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
499 while($attrs = $ldap->fetch()){
500 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
501 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
502 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
503 }
504 }
506 /* check if all uids are resolved */
507 foreach ($this->memberUid as $value){
508 if(!isset($this->members[$value])){
509 $this->members[$value] = _("! unknown id")." [".$value."]";
510 }
511 }
513 /* Create display list of users matching regex & filter
514 */
515 $this->displayUsers = array();
516 $filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
518 /* Search in current tree or within subtrees depending on the checkbox from filter section */
519 if($gufilter['SubSearchGroup']){
520 $flag = GL_SIZELIMIT | GL_SUBSEARCH;
521 $base = $gufilter['dselect'];
522 }else{
523 $flag = GL_SIZELIMIT ;
524 $base = get_people_ou().$gufilter['dselect'];
525 }
526 $i = 0;
529 $res = get_list($filter,"users",$base,array("dn", "uid", "sn", "givenName"),$flag);
531 /* Fetch all users and skip already used users */
532 foreach($res as $attrs){
533 if(in_array($attrs['uid'][0], $this->memberUid)) {
534 continue;
535 }
536 $i ++;
537 if($i > $MaxUser) {
538 break;
539 }
540 $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
541 $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
542 $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
543 }
545 /* If more than max users are found, display a message to warn the user */
546 if($i == $MaxUser){
547 msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG);
548 }
550 /* Sort lists */
551 natcasesort($this->members);
552 reset($this->members);
553 natcasesort ($this->displayUsers);
554 reset ($this->displayUsers);
555 }
558 /* Create display name, this was used so often that it is excluded into a seperate function */
559 function createResultName($attrs)
560 {
561 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
562 $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
563 } else {
564 $ret= $attrs['uid'][0];
565 }
566 return($ret);
567 }
570 function remove_from_parent()
571 {
572 plugin::remove_from_parent();
574 $ldap= $this->config->get_ldap_link();
575 $ldap->rmdir($this->dn);
576 if (!$ldap->success()){
577 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
578 }
580 new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
582 /* Delete references to object groups */
583 $ldap->cd ($this->config->current['BASE']);
584 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
585 while ($ldap->fetch()){
586 $og= new ogroup($this->config, $ldap->getDN());
587 unset($og->member[$this->dn]);
588 $og->save ();
589 }
591 /* Remove ACL dependencies too,
592 */
593 $ldap = $this->config->get_ldap_link();
594 $ldap->cd($this->config->current['BASE']);
595 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
596 while($attrs = $ldap->fetch()){
597 $acl = new acl($this->config,$this->parent,$attrs['dn']);
598 foreach($acl->gosaAclEntry as $id => $entry){
599 foreach($entry['members'] as $m_id => $member){
600 if($m_id == "G:".$this->dn || $m_id == "U:".$this->dn){
601 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
602 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn']));
603 }
604 }
605 }
606 $acl -> save();
607 }
609 /* Remove ACL dependencies too,
610 */
611 $tmp = new acl($this->config,$this->parent,$this->dn);
612 $tmp->remove_acl();
614 /* Send signal to the world that we've done */
615 $this->handle_post_events("remove");
616 }
619 /* Save data to object */
620 function save_object()
621 {
622 /* Save additional values for possible next step */
623 if (isset($_POST['groupedit'])){
625 /* Create a base backup and reset the
626 base directly after calling plugin::save_object();
627 Base will be set seperatly a few lines below */
628 $base_tmp = $this->base;
629 plugin::save_object();
630 $this->base = $base_tmp;
632 $this->force_gid= 0;
634 /* Only reset sambagroup flag if we are able to write this flag */
635 if($this->acl_is_writeable("sambaGroupType")){
636 $this->smbgroup = 0;
637 }
639 /* Get base selection */
640 if(isset($_POST['base'])){
641 $tmp = $this->get_allowed_bases();
642 if(isset($tmp[$_POST['base']])){
643 $this->base = $_POST['base'];
644 }
645 }
647 foreach (array(
648 "force_gid" => "gidNumber",
649 "smbgroup" => "sambaGroupType") as $val => $aclname) {
650 if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
651 $this->$val= $_POST["$val"];
652 }
653 }
655 /* Save sambaDomain attribute */
656 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
657 $this->sambaDomainName= $_POST['sambaDomainName'];
658 $this->groupType= $_POST['groupType'];
659 }
661 /* Save fon attribute */
662 if ($this->acl_is_writeable("fon_group")){
663 if (isset ($_POST['fon_group'])){
664 $this->fon_group= TRUE;
665 } else {
666 $this->fon_group= FALSE;
667 }
668 }
669 if ($this->acl_is_writeable("nagios_group")){
670 if (isset ($_POST['nagios_group'])){
671 $this->nagios_group= TRUE;
672 } else {
673 $this->nagios_group= FALSE;
674 }
675 }
676 }
677 }
680 /* Save to LDAP */
681 function save()
682 {
684 /* ID handling */
685 if ($this->force_gid == 0){
686 if ($this->saved_gidNumber != ""){
687 $this->gidNumber= $this->saved_gidNumber;
688 } else {
689 /* Calculate new, lock uids */
690 $wait= 10;
691 while (get_lock("uidnumber") != ""){
692 sleep (1);
694 /* timed out? */
695 if ($wait-- == 0){
696 break;
697 }
698 }
699 add_lock ("uidnumber", "gosa");
700 $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
701 }
702 }
704 plugin::save();
706 /* Remove objectClass for samba/phone support */
707 $tmp= array();
708 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
709 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
710 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
711 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
712 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
713 $tmp[]= $this->attrs['objectClass'][$i];
714 }
715 }
716 $this->attrs['objectClass']= $tmp;
717 $ldap= $this->config->get_ldap_link();
719 /* Add samba group functionality */
720 if ($this->samba3 && $this->smbgroup){
722 /* Fixed undefined index ...
723 */
724 $this->SID = $this->ridBase = "";
725 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
726 $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
727 }else{
728 msg_dialog::display(_("Error"), sprintf(_("Cannot find any SID for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
729 }
730 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
731 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
732 }else{
733 msg_dialog::display(_("Error"), sprintf(_("Cannot find any RIDBASE for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
734 }
736 $this->attrs['objectClass'][]= 'sambaGroupMapping';
737 $this->attrs['sambaGroupType']= "2";
739 /* Check if we need to create a special entry */
740 if ($this->groupType == 0){
742 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
743 $gidNumber= $this->gidNumber;
744 while(TRUE){
745 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
746 $ldap->cd($this->config->current['BASE']);
747 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
748 if ($ldap->count() == 0){
749 break;
750 }
751 $gidNumber++;
752 }
753 $this->attrs['sambaSID']= $sid;
754 $this->sambaSID= $sid;
755 }
757 } else {
758 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
759 }
761 /* User wants me to fake the idMappings? This is useful for
762 making winbind resolve the group names in a reasonable amount
763 of time in combination with larger databases. */
764 if (isset($this->config->current['SAMBAIDMAPPING']) &&
765 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
766 $this->attrs['objectClass'][]= "sambaIdmapEntry";
767 }
769 }
771 /* Add phone functionality */
772 if ($this->fon_group){
773 $this->attrs['objectClass'][]= "goFonPickupGroup";
774 }
776 /* Add nagios functionality */
777 if ($this->nagios_group){
778 $this->attrs['objectClass'][]= "nagiosContactGroup";
779 }
781 /* Take members array */
782 if (count ($this->memberUid)){
783 $this->attrs['memberUid']= array_values(array_unique($this->memberUid));
784 }
786 /* New accounts need proper 'dn', propagate it to remaining objects */
787 if ($this->dn == 'new'){
788 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
789 }
791 /* Add member dn's for RFC2307bis Support */
792 if ($this->rfc2307bis){
793 $this->attrs['member'] = array();
794 if (count($this->memberUid)){
795 foreach($this->attrs['memberUid'] as $uid) {
796 $this->attrs['member'][]= $this->dnMapping[$uid];
797 }
798 } else {
799 $this->attrs['member'][]= $this->dn;
800 }
801 }
803 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
804 new entries. So do a check first... */
805 $ldap->cat ($this->dn, array('dn'));
806 if ($ldap->fetch()){
807 /* Modify needs array() to remove values :-( */
808 if (!count ($this->memberUid)){
809 $this->attrs['memberUid']= array();
810 }
811 if ($this->samba3){
812 if (!$this->smbgroup){
813 $this->attrs['sambaGroupType']= array();
814 $this->attrs['sambaSID']= array();
815 }
816 }
817 $mode= "modify";
818 } else {
819 $mode= "add";
820 $ldap->cd($this->config->current['BASE']);
821 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
822 }
824 /* Write back to ldap */
825 $ldap->cd($this->dn);
826 $this->cleanup();
827 $ldap->$mode($this->attrs);
829 /* Remove ACL dependencies too,
830 */
831 if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
832 $tmp = new acl($this->config,$this->parent,$this->dn);
833 $tmp->update_acl_membership($this->orig_dn,$this->dn);
834 }
836 if($this->initially_was_account){
837 new log("modify","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
838 }else{
839 new log("create","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
840 }
842 $ret= 0;
843 if (!$ldap->success()){
844 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
845 $ret= 1;
846 }
848 /* Remove uid lock */
849 del_lock ("uidnumber");
851 /* Post that we've done*/
852 $this->handle_post_events($mode);
854 return ($ret);
855 }
857 function check()
858 {
859 /* Call common method to give check the hook */
860 $message= plugin::check();
862 /* Permissions for that base? */
863 if ($this->base != ""){
864 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
865 } else {
866 $new_dn= $this->dn;
867 }
869 /* must: cn */
870 if ($this->cn == "" && $this->acl_is_writeable("cn")){
871 $message[]= msgPool::required(_("Name"));
872 }
874 /* Check for valid input */
875 if (!tests::is_uid($this->cn)){
876 if (strict_uid_mode()){
877 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/");
878 } else {
879 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/i");
880 }
881 }
883 if($this->allowGroupsWithSameNameInOtherSubtrees == true){
885 /* Check for used 'cn' */
886 $ldap= $this->config->get_ldap_link();
887 if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
888 $ldap->cd(get_groups_ou().$this->base);
889 $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
890 if ($ldap->count() != 0){
891 $message[]= msgPool::duplicated(_("Name"));
892 }
893 }
895 }else{
897 /* Check for used 'cn' */
898 $ldap= $this->config->get_ldap_link();
899 $ldap->cd($this->config->current['BASE']);
900 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
901 if ($ldap->count() != 0){
903 /* New entry? */
904 if ($this->dn == 'new'){
905 $message[]= msgPool::duplicated(_("Name"));
906 }
908 /* Moved? */
909 elseif ($new_dn != $this->orig_dn){
910 $ldap->fetch();
911 if ($ldap->getDN() != $this->orig_dn){
912 $message[]= msgPool::duplicated(_("Name"));
913 }
914 }
915 }
916 }
918 /* Check ID */
919 if ($this->force_gid == "1"){
920 if (!tests::is_id($this->gidNumber)){
921 $message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/");
922 } else {
923 if ($this->gidNumber < $this->config->current['MINID']){
924 $message[]= msgPool::toosmall(_("GID"), $this->config->current['MINID']);
925 }
927 }
928 }
930 return ($message);
931 }
933 function get_next_id($attrib, $dn)
934 {
935 $ids= array();
936 $ldap= $this->config->get_ldap_link();
938 $ldap->cd ($this->config->current['BASE']);
939 if (preg_match('/gidNumber/i', $attrib)){
940 $oc= "posixGroup";
941 } else {
942 $oc= "posixAccount";
943 }
944 $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
946 /* Get list of ids */
947 while ($attrs= $ldap->fetch()){
948 $ids[]= (int)$attrs["$attrib"][0];
949 }
951 /* Find out next free id near to UID_BASE */
952 if (!isset($this->config->current['BASE_HOOK'])){
953 $base= $this->config->current['UIDBASE'];
954 } else {
955 /* Call base hook */
956 $base= get_base_from_hook($dn, $attrib);
957 }
958 for ($id= $base; $id++; $id < pow(2,32)){
959 if (!in_array($id, $ids)){
960 return ($id);
961 }
962 }
964 /* Check if id reached maximum */
965 if ($id >= pow(2,32)){
966 msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
967 exit;
968 }
969 }
971 function getCopyDialog()
972 {
973 $vars = array("cn");
975 if($this ->force_gid){
976 $used = " checked ";
977 $dis = "";
978 }else{
979 $used = "";
980 $dis = " disabled ";
981 }
983 $smarty = get_smarty();
984 $smarty->assign("used",$used);
985 $smarty->assign("dis" ,$dis);
986 $smarty->assign("cn" ,$this->cn);
987 $smarty->assign("gidNumber",$this->gidNumber);
988 $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
989 $ret = array();
990 $ret['string'] = $str;
991 $ret['status'] = "";
992 return($ret);
993 }
995 function saveCopyDialog()
996 {
997 if(isset($_POST['cn'])){
998 $this->cn = $_POST['cn'];
999 }
1000 if(isset($_POST['force_gid'])){
1001 $this->force_gid = 1;
1002 $this->gidNumber= $_POST['gidNumber'];
1003 }else{
1004 $this->force_gid = 0;
1005 $this->gidNumber = false;
1006 }
1007 }
1010 /* Return plugin informations for acl handling */
1011 static function plInfo()
1012 {
1013 return (array(
1014 "plShortName" => _("Generic"),
1015 "plDescription" => _("Generic group settings"),
1016 "plSelfModify" => FALSE,
1017 "plDepends" => array(),
1018 "plPriority" => 0,
1019 "plSection" => array("admin"),
1020 "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
1022 "plProvidedAcls" => array(
1023 "cn" => _("Name"),
1024 "base" => _("Base"),
1025 "description" => _("Description"),
1027 "fonGroup" => _("Phone pickup group"),
1028 "nagiosGroup" => _("Nagios group"),
1030 "gidNumber" => _("GID"),
1031 "memberUid" => _("Group member"),
1032 "sambaGroupType" => _("Samba group type"),
1033 "sambaDomainName" => _("Samba domain name"),
1034 "sambaSID" => _("Samba SID"))
1035 ));
1036 }
1039 function multiple_save_object()
1040 {
1041 if(isset($_POST['group_mulitple_edit'])){
1043 /* Create a base backup and reset the
1044 base directly after calling plugin::save_object();
1045 Base will be set seperatly a few lines below */
1046 $base_tmp = $this->base;
1047 plugin::multiple_save_object();
1048 plugin::save_object();
1049 $this->base = $base_tmp;
1051 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1052 if(isset($_POST['use_'.$attr])){
1053 $this->multi_boxes[] = $attr;
1054 }
1055 }
1057 /* Get base selection */
1058 if(isset($_POST['base'])){
1059 $tmp = $this->get_allowed_bases();
1060 if(isset($tmp[$_POST['base']])){
1061 $this->base = $_POST['base'];
1062 }
1063 }
1065 foreach (array( "smbgroup" => "sambaGroupType") as $val => $aclname) {
1066 if ($this->acl_is_writeable($aclname)){
1067 if(isset($_POST["$val"])){
1068 $this->$val= TRUE;
1069 }else{
1070 $this->$val= FALSE;
1071 }
1072 }
1073 }
1075 /* Save sambaDomain attribute */
1076 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
1077 $this->sambaDomainName= $_POST['sambaDomainName'];
1078 $this->groupType= $_POST['groupType'];
1079 }
1081 /* Save fon attribute */
1082 if ($this->acl_is_writeable("fon_group")){
1083 if (isset ($_POST['fon_group'])){
1084 $this->fon_group= TRUE;
1085 } else {
1086 $this->fon_group= FALSE;
1087 }
1088 }
1089 }
1090 }
1093 function get_multi_edit_values()
1094 {
1095 $ret = plugin::get_multi_edit_values();
1097 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1098 if(in_array($attr,$this->multi_boxes)){
1099 $ret[$attr] = $this->$attr;
1100 }
1101 }
1102 $ret['memberUid'] = $this->memberUid;
1103 $ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
1104 return($ret);
1105 }
1107 function multiple_execute()
1108 {
1109 return($this->execute());
1110 }
1113 /* Initialize plugin with given atribute arrays
1114 */
1115 function init_multiple_support($attrs,$all)
1116 {
1117 plugin::init_multiple_support($attrs,$all);
1119 $this->memberUid = array();
1120 $this->memberUid_used_by_some = array();
1121 if (isset($attrs['memberUid'])){
1122 for ($i= 0; $i<$attrs['memberUid']['count']; $i++){
1123 $this->memberUid[$attrs['memberUid'][$i]]= $attrs['memberUid'][$i];
1124 }
1125 ksort($this->memberUid);
1126 }
1128 if (isset($all['memberUid'])){
1129 for ($i= 0; $i<$all['memberUid']['count']; $i++){
1130 if(!in_array($all['memberUid'][$i],$this->memberUid)){
1131 $this->memberUid_used_by_some[$all['memberUid'][$i]]= $all['memberUid'][$i];
1132 }
1133 }
1134 ksort($this->memberUid_used_by_some);
1135 }
1136 }
1138 function set_multi_edit_values($attrs)
1139 {
1140 $users = array();
1142 /* Update groupMembership, keep optinal group */
1143 foreach($attrs['memberUid_used_by_some'] as $uid){
1144 if(in_array($uid,$this->memberUid)){
1145 $users[$uid] = $uid;
1146 }
1147 }
1149 /* Update groupMembership, add forced groups */
1150 foreach($attrs['memberUid'] as $uid){
1151 $users[$uid] = $uid;
1152 }
1153 plugin::set_multi_edit_values($attrs);
1154 $this->memberUid = $users;
1155 }
1158 }
1160 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1161 ?>