1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class group extends plugin
24 {
25 /* Group attributes */
26 var $cn= "";
27 var $description= "";
28 var $gidNumber= "";
29 var $memberUid= array();
30 var $memberUid_used_by_some= array();
32 /* Helpers */
33 var $base= "";
34 var $force_gid= FALSE;
35 var $fon_group= FALSE;
36 var $smbgroup= FALSE;
37 var $groupType= FALSE;
38 var $samba3= FALSE;
39 var $sambaSID= "";
40 var $sambaDomainName= "DEFAULT";
41 var $SID= "";
42 var $ridBase= 0;
43 var $members= array();
44 var $users= array();
45 var $member= array();
46 var $allusers= array();
47 var $saved_gidNumber= "";
48 var $oldgroupType= "";
49 var $orig_dn= "";
50 var $orig_cn= "";
51 var $has_mailAccount= FALSE;
52 var $group_dialog= FALSE;
53 var $nagios_group =FALSE;
54 var $sambaGroupType;
55 var $dialog;
56 var $rfc2307bis= FALSE;
57 var $OnlyShowFirstEntries =200;
58 var $dnMapping= array();
59 var $view_logged = FALSE;
60 var $allowGroupsWithSameNameInOtherSubtrees = true;
62 /* Trustmodel/AccessTo
63 */
64 var $accessTo= array();
65 var $trustModel= "";
66 var $show_ws_dialog = FALSE;
68 /* attribute list for save action */
69 var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID","accessTo","trustModel");
70 var $objectclasses= array("top", "posixGroup");
72 var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
74 var $multiple_support = TRUE;
76 function group (&$config, $dn= NULL)
77 {
78 /* Set rfc2307bis flag */
79 if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
80 $this->rfc2307bis= TRUE;
81 $this->attributes[]= "member";
82 $this->objectclasses[]= "groupOfNames";
83 }
85 plugin::plugin ($config, $dn);
87 /* Load attributes depending on the samba version */
88 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
89 $this->orig_dn= $dn;
90 $this->orig_cn= $this->cn;
92 /* Get member list */
93 if (isset($this->attrs['memberUid'][0])){
94 $tmp= array();
95 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
96 $tmp[$this->attrs['memberUid'][$i]]= $this->attrs['memberUid'][$i];
97 }
98 $this->memberUid= $tmp;
99 ksort ($this->memberUid);
100 }
102 /* Save gidNumber for later use */
103 if (isset($this->attrs['gidNumber'])){
104 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
105 }
107 /* Is a samba group? */
108 if (isset($this->attrs['objectClass'])){
109 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == FALSE ){
110 $this->smbgroup= FALSE;
111 } else {
112 $this->smbgroup= TRUE;
113 if (isset($this->attrs['sambaSID'])){
114 $this->sambaSID= $this->attrs['sambaSID'][0];
115 }
116 }
117 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == FALSE ){
118 $this->fon_group= FALSE;
119 } else {
120 $this->fon_group= TRUE;
121 }
122 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == FALSE ){
123 $this->nagios_group= FALSE;
124 } else {
125 $this->nagios_group= TRUE;
126 }
127 }
129 /* Set mail flag */
130 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
131 $this->has_mailAccount= TRUE;
132 }
134 /* Get samba Domain in case of samba 3 */
135 if ($this->samba3 && $this->sambaSID != ""){
136 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
137 $ldap= $this->config->get_ldap_link();
138 $ldap->cd($this->config->current['BASE']);
139 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
140 if ($ldap->count() != 0){
141 $attrs= $ldap->fetch();
142 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
144 /* Get domain name for SID */
145 $this->sambaDomainName= "DEFAULT";
146 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
147 if ($val['SID'] == $this->SID){
148 $this->sambaDomainName= $key;
149 break;
150 }
151 }
152 } else {
153 if (isset($this->config->current['RIDBASE'])){
154 $this->sambaDomainName= "DEFAULT";
155 $this->ridBase= $this->config->current['RIDBASE'];
156 $this->SID= $this->config->current['SID'];
157 } else {
158 msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG);
159 }
160 }
162 /* Get group type */
163 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
164 if ($this->groupType < 500 || $this->groupType > 553){
165 $this->groupType= 0;
166 }
167 $this->oldgroupType= $this->groupType;
168 }
170 /* Get global filter config */
171 if (!session::is_set("gufilter")){
172 $ui= get_userinfo();
173 $base= get_base_from_people($ui->dn);
174 $gufilter= array( "dselect" => $base,
175 "regex" => "*");
176 session::set("gufilter", $gufilter);
177 }
178 $gufilter= session::get('gufilter');
179 $gufilter['SubSearchGroup'] = false;
180 session::set('gufilter',$gufilter);
182 if ($this->dn == "new"){
183 if(session::is_set('CurrentMainBase')){
184 $this->base = session::get('CurrentMainBase');
185 }else{
186 $ui= get_userinfo();
187 $this->base= dn2base($ui->dn);
188 }
189 } else {
191 /* Get object base */
192 $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
193 }
195 /* Is this account a trustAccount? */
196 if (isset($this->attrs['trustModel'])){
197 $this->trustModel= $this->attrs['trustModel'][0];
198 $this->was_trust_account= TRUE;
199 } else {
200 $this->was_trust_account= FALSE;
201 $this->trustModel= "";
202 }
204 $this->accessTo = array();
205 if (isset($this->attrs['accessTo'])){
206 for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
207 $tmp= $this->attrs['accessTo'][$i];
208 $this->accessTo[$tmp]= $tmp;
209 }
210 }
212 /* This is always an account */
213 $this->is_account= TRUE;
214 $this->reload();
215 }
217 function execute()
218 {
219 /* Call parent execute */
220 plugin::execute();
222 /* Log view */
223 if($this->is_account && !$this->view_logged){
224 $this->view_logged = TRUE;
225 new log("view","groups/".get_class($this),$this->dn);
226 }
228 /* Do we represent a valid group? */
229 if (!$this->is_account && $this->parent === NULL){
230 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".msgPool::noValidExtension()."</b>";
231 return ($display);
232 }
234 /* Delete user from group */
235 if (isset($_POST['del_users']) && isset($_POST['members'])){
236 foreach ($_POST['members'] as $value){
237 unset ($this->members["$value"]);
238 $this->removeUser($value);
239 }
240 $this->reload();
241 }
243 /* Add objects? */
244 if (isset($_POST["edit_membership"])){
245 $this->group_dialog= TRUE;
246 $this->dialog= TRUE;
247 }
249 /* Add objects finished? */
250 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
251 $this->group_dialog= FALSE;
252 $this->dialog= FALSE;
253 }
255 /* Add user to group */
256 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
257 foreach ($_POST['users'] as $value){
258 $this->members["$value"]= $this->allusers[$value];
259 asort($this->members);
260 $this->addUser($value);
261 }
262 $this->reload();
263 }
265 /* Base select dialog */
266 $once = true;
267 foreach($_POST as $name => $value){
268 if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
270 $once = false;
271 $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
272 $this->dialog->setCurrentBase($this->base);
273 }
274 }
276 /* Dialog handling */
277 if(is_object($this->dialog)){
278 /* Must be called before save_object */
279 $this->dialog->save_object();
281 if($this->dialog->isClosed()){
282 $this->dialog = false;
283 }elseif($this->dialog->isSelected()){
285 /* Check if selected base is valid */
286 $tmp = $this->get_allowed_bases();
287 if(isset($tmp[$this->dialog->isSelected()])){
288 $this->base = $this->dialog->isSelected();
289 }
290 $this->dialog= false;
291 }else{
292 return($this->dialog->execute());
293 }
294 }
297 /* Add user workstation? */
298 if (isset($_POST["add_ws"])){
299 $this->show_ws_dialog= TRUE;
300 $this->dialog= TRUE;
301 }
303 /* Add user workstation? */
304 if (isset($_POST["add_ws_finish"]) && isset($_POST['wslist'])){
305 foreach($_POST['wslist'] as $ws){
306 $this->accessTo[$ws]= $ws;
307 }
308 ksort($this->accessTo);
309 $this->is_modified= TRUE;
310 }
312 /* Remove user workstations? */
313 if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
314 foreach($_POST['workstation_list'] as $name){
315 unset ($this->accessTo[$name]);
316 }
317 $this->is_modified= TRUE;
318 }
320 /* Add user workstation finished? */
321 if (isset($_POST["add_ws_finish"]) || isset($_POST["add_ws_cancel"])){
322 $this->show_ws_dialog= FALSE;
323 $this->dialog= FALSE;
324 }
326 $smarty= get_smarty();
328 /* Show ws dialog */
329 if ($this->show_ws_dialog){
331 /* Save data */
332 $sysfilter= session::get("sysfilter");
333 foreach( array("depselect", "regex") as $type){
334 if (isset($_POST[$type])){
335 $sysfilter[$type]= $_POST[$type];
336 }
337 }
338 if (isset($_GET['search'])){
339 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
340 if ($s == "**"){
341 $s= "*";
342 }
343 $sysfilter['regex']= $s;
344 }
345 session::set("sysfilter", $sysfilter);
347 /* Get workstation list */
348 $exclude= "";
349 foreach($this->accessTo as $ws){
350 $exclude.= "(cn=$ws)";
351 }
352 if ($exclude != ""){
353 $exclude= "(!(|$exclude))";
354 }
355 $regex= $sysfilter['regex'];
356 $filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))";
358 $deps_a = array(get_ou("serverou"),
359 get_ou("terminalou"),
360 get_ou("workstationou"));
362 $res= get_sub_list($filter, array("terminal","server","workstation"), $deps_a, get_ou("systemsou").$sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT);
363 $wslist= array();
364 foreach ($res as $attrs){
365 $wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
366 }
367 asort($wslist);
368 $smarty->assign("search_image", get_template_path('images/search.png'));
369 $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
370 $smarty->assign("tree_image", get_template_path('images/tree.png'));
371 $smarty->assign("deplist", $this->config->idepartments);
372 $smarty->assign("alphabet", generate_alphabet());
373 foreach( array("depselect", "regex") as $type){
374 $smarty->assign("$type", $sysfilter[$type]);
375 }
376 $smarty->assign("hint", print_sizelimit_warning());
377 $smarty->assign("wslist", $wslist);
378 $smarty->assign("apply", apply_filter());
379 $display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__)));
380 return ($display);
381 }
383 /* Assign templating stuff */
384 if ($this->samba3){
385 $smarty->assign("samba3", "true");
386 } else {
387 $smarty->assign("samba3", "");
388 }
390 if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
391 $smarty->assign("nagios",true);
392 }else{
393 $smarty->assign("nagios",false);
394 }
396 if($this->config->search("phoneAccount", "CLASS",array('menu'))){
397 $smarty->assign("pickupGroup",true);
398 }else{
399 $smarty->assign("pickupGroup",false);
400 }
402 /* Manage object add dialog */
403 if ($this->group_dialog){
405 /* Save data */
406 $gufilter= session::get("gufilter");
407 foreach( array("dselect", "regex") as $type){
408 if (isset($_POST[$type])){
409 $gufilter[$type]= $_POST[$type];
410 }
411 }
412 if(isset($_POST['regex'])){
413 if(isset($_POST['SubSearchGroup'])){
414 $gufilter['SubSearchGroup'] = true;
415 }else{
416 $gufilter['SubSearchGroup'] = false;
417 }
418 }
420 if (isset($_GET['search'])){
421 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
422 if ($s == "**"){
423 $s= "*";
424 }
425 $gufilter['regex']= $s;
426 }
427 session::set("gufilter", $gufilter);
428 $this->reload();
430 /* Show dialog */
431 $smarty->assign("search_image", get_template_path('images/search.png'));
432 $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
433 $smarty->assign("tree_image", get_template_path('images/tree.png'));
435 $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
436 $smarty->assign("alphabet", generate_alphabet());
437 foreach( array("dselect", "regex","SubSearchGroup") as $type){
438 $smarty->assign("$type", $gufilter[$type]);
439 }
440 $smarty->assign("hint", print_sizelimit_warning());
441 $smarty->assign("users", $this->displayUsers);
442 $smarty->assign("apply", apply_filter());
443 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
444 return ($display);
445 }
447 $smarty->assign("bases", $this->get_allowed_bases());
448 $smarty->assign("base_select", $this->base);
450 if ($this->samba3){
451 $domains= array();
452 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
453 $domains[$name]= $name;
454 }
455 $smarty->assign("sambaDomains", $domains);
456 $smarty->assign("sambaDomainName", $this->sambaDomainName);
457 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
458 514 => _("Domain guests"));
460 /* Don't loose special groups! If not key'ed above, add it to
461 the combo box... */
462 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
463 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
464 }
466 $smarty->assign("groupTypes", $groupTypes);
467 $smarty->assign("groupType", $this->groupType);
468 }
470 /* Members and users */
471 $smarty->assign("members", $this->members);
473 /* Work on trust modes */
474 $smarty->assign("trusthide", " disabled ");
475 $smarty->assign("trustmodeACL", $this->getacl("trustModel"));
476 if ($this->trustModel == "fullaccess"){
477 $trustmode= 1;
478 // pervent double disable tag in html code, this will disturb our clean w3c html
479 $smarty->assign("trustmode", $this->getacl("trustModel"));
481 } elseif ($this->trustModel == "byhost"){
482 $trustmode= 2;
483 $smarty->assign("trusthide", "");
484 } else {
485 // pervent double disable tag in html code, this will disturb our clean w3c html
486 $smarty->assign("trustmode", $this->getacl("trustModel"));
487 $trustmode= 0;
488 }
489 $smarty->assign("trustmode", $trustmode);
490 $smarty->assign("trustmodes", array( 0 => _("disabled"), 1 => _("full access"),
491 2 => _("allow access to these hosts")));
493 if((count($this->accessTo))==0){
494 $smarty->assign("emptyArrAccess",true);
495 } else{
496 $smarty->assign("emptyArrAccess",false);
498 }
500 $smarty->assign("workstations", $this->accessTo);
504 /* Checkboxes */
505 foreach (array("force_gid", "smbgroup") as $val){
506 if ($this->$val == "1"){
507 $smarty->assign("$val", "checked");
508 } else {
509 $smarty->assign("$val", "");
510 }
511 }
512 if ($this->force_gid != "1"){
513 $smarty->assign("forceMode", "disabled");
514 }else{
515 $smarty->assign("forceMode", "");
516 }
517 if ($this->fon_group){
518 $smarty->assign("fon_group", "checked");
519 } else {
520 $smarty->assign("fon_group", "");
521 }
523 if ($this->nagios_group){
524 $smarty->assign("nagios_group", "checked");
525 } else {
526 $smarty->assign("nagios_group", "");
527 }
529 /* Fields */
530 foreach (array("cn", "description", "gidNumber") as $val){
531 $smarty->assign("$val", $this->$val);
532 }
534 $tmp = $this->plInfo();
535 foreach($tmp['plProvidedAcls'] as $name => $translation){
536 $smarty->assign($name."ACL",$this->getacl($name));
537 }
539 if($this->acl_is_writeable("base")){
540 $smarty->assign("baseSelect",true);
541 }else{
542 $smarty->assign("baseSelect",false);
543 }
545 /* Show main page */
546 $smarty->assign("alphabet", generate_alphabet(10));
547 $smarty->assign("search_image", get_template_path('images/search.png'));
548 $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
549 $smarty->assign("tree_image", get_template_path('images/tree.png'));
550 $smarty->assign("deplist", $this->config->idepartments);
552 /* Multiple edit handling */
553 $smarty->assign("multiple_support",$this->multiple_support_active);
555 $smarty->assign("memberUid_All",$this->memberUid);
556 $smarty->assign("memberUid_Some",$this->memberUid_used_by_some);
558 foreach($this->attributes as $val){
559 if(in_array($val,$this->multi_boxes)){
560 $smarty->assign("use_".$val,TRUE);
561 }else{
562 $smarty->assign("use_".$val,FALSE);
563 }
564 }
565 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $val){
566 if(in_array($val,$this->multi_boxes)){
567 $smarty->assign("use_".$val,TRUE);
568 }else{
569 $smarty->assign("use_".$val,FALSE);
570 }
571 }
573 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
574 }
576 function addUser($uid)
577 {
578 /* In mutliple edit we have to handle two arrays.
579 * memberUid : Containing users used in all groups
580 * memberUid_used_by_some : Those which are not used in all groups
581 * So we have to remove the given $uid from the ..used_by_some array first.
582 */
583 if($this->multiple_support_active){
584 if(isset($this->memberUid_used_by_some[$uid])){
585 unset($this->memberUid_used_by_some[$uid]);
586 }
587 }
589 $this->memberUid[$uid]= $uid;
590 }
593 function removeUser($uid)
594 {
595 $temp= array();
596 if(isset($this->memberUid[$uid])){
597 unset($this->memberUid[$uid]);
598 }
600 /* We have two array contianing group members in multiple edit.
601 * this->memberUid : Groups used by all currently edited groups
602 * this->memberUid_used_by_some: Used by some
603 * So we have to remove the specified uid from both arrays.
604 */
605 if($this->multiple_support_active){
606 if(isset($this->memberUid_used_by_some[$uid])){
607 unset($this->memberUid_used_by_some[$uid]);
608 }
609 }
610 }
612 /* Reload data */
613 function reload()
614 {
615 /* Fix regex string */
616 $gufilter = session::get("gufilter");
617 $regex = normalizeLdap($gufilter['regex']);
618 $MaxUser = $this->OnlyShowFirstEntries;
620 /* Prepare ldap link */
621 $ldap= $this->config->get_ldap_link();
622 $ldap->cd($gufilter['dselect']);
625 /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
626 (Store gathered sn/givenName informations in $this->allusers too,
627 to be prepared when adding/deleting users)
628 */
629 $filter = "";
630 foreach ($this->memberUid as $value){
631 if(!isset($this->members[$value])){
632 $filter .= "(uid=".normalizeLdap($value).")";
633 }
634 }
635 if(!empty($filter)){
636 $ldap->cd($this->config->current['BASE']);
637 $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
638 while($attrs = $ldap->fetch()){
639 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
640 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
641 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
642 }
643 }
645 /* check if all uids are resolved */
646 foreach ($this->memberUid as $value){
647 if(!isset($this->members[$value])){
648 $this->members[$value] = _("! unknown id")." [".$value."]";
649 }
650 }
652 /* Create display list of users matching regex & filter
653 */
654 $this->displayUsers = array();
655 $filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
657 /* Search in current tree or within subtrees depending on the checkbox from filter section */
658 if($gufilter['SubSearchGroup']){
659 $flag = GL_SIZELIMIT | GL_SUBSEARCH;
660 $base = $gufilter['dselect'];
661 }else{
662 $flag = GL_SIZELIMIT ;
663 $base = get_people_ou().$gufilter['dselect'];
664 }
665 $i = 0;
668 $res = get_list($filter,"users",$base,array("dn", "uid", "sn", "givenName"),$flag);
670 /* Fetch all users and skip already used users */
671 foreach($res as $attrs){
672 if(in_array($attrs['uid'][0], $this->memberUid)) {
673 continue;
674 }
675 $i ++;
676 if($i > $MaxUser) {
677 break;
678 }
679 $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
680 $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
681 $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
682 }
684 /* If more than max users are found, display a message to warn the user */
685 if($i == $MaxUser){
686 msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG);
687 }
689 /* Sort lists */
690 natcasesort($this->members);
691 reset($this->members);
692 natcasesort ($this->displayUsers);
693 reset ($this->displayUsers);
694 }
697 /* Create display name, this was used so often that it is excluded into a seperate function */
698 function createResultName($attrs)
699 {
700 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
701 $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
702 } else {
703 $ret= $attrs['uid'][0];
704 }
705 return($ret);
706 }
709 function remove_from_parent()
710 {
711 plugin::remove_from_parent();
713 $ldap= $this->config->get_ldap_link();
714 $ldap->rmdir($this->dn);
715 if (!$ldap->success()){
716 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
717 }
719 new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
721 /* Delete references to object groups */
722 $ldap->cd ($this->config->current['BASE']);
723 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
724 while ($ldap->fetch()){
725 $og= new ogroup($this->config, $ldap->getDN());
726 unset($og->member[$this->dn]);
727 $og->save ();
728 }
730 /* Remove ACL dependencies too,
731 */
732 $ldap = $this->config->get_ldap_link();
733 $ldap->cd($this->config->current['BASE']);
734 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
735 while($attrs = $ldap->fetch()){
736 $acl = new acl($this->config,$this->parent,$attrs['dn']);
737 foreach($acl->gosaAclEntry as $id => $entry){
738 foreach($entry['members'] as $m_id => $member){
739 if($m_id == "G:".$this->dn || $m_id == "U:".$this->dn){
740 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
741 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn']));
742 }
743 }
744 }
745 $acl->save();
746 }
748 /* Remove ACL dependencies too,
749 */
750 $tmp = new acl($this->config,$this->parent,$this->dn);
751 $tmp->remove_acl();
753 /* Send signal to the world that we've done */
754 $this->handle_post_events("remove");
755 }
758 /* Save data to object */
759 function save_object()
760 {
761 /* Save additional values for possible next step */
762 if (isset($_POST['groupedit'])){
764 /* Create a base backup and reset the
765 base directly after calling plugin::save_object();
766 Base will be set seperatly a few lines below */
767 $base_tmp = $this->base;
768 plugin::save_object();
769 $this->base = $base_tmp;
771 $this->force_gid= 0;
773 /* Only reset sambagroup flag if we are able to write this flag */
774 if($this->acl_is_writeable("sambaGroupType")){
775 $this->smbgroup = 0;
776 }
778 /* Get base selection */
779 if(isset($_POST['base'])){
780 $tmp = $this->get_allowed_bases();
781 if(isset($tmp[$_POST['base']])){
782 $this->base = $_POST['base'];
783 }
784 }
786 foreach (array(
787 "force_gid" => "gidNumber",
788 "smbgroup" => "sambaGroupType") as $val => $aclname) {
789 if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
790 $this->$val= $_POST["$val"];
791 }
792 }
794 /* Save sambaDomain attribute */
795 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
796 $this->sambaDomainName= $_POST['sambaDomainName'];
797 $this->groupType= $_POST['groupType'];
798 }
800 /* Save fon attribute */
801 if ($this->acl_is_writeable("fon_group")){
802 if (isset ($_POST['fon_group'])){
803 $this->fon_group= TRUE;
804 } else {
805 $this->fon_group= FALSE;
806 }
807 }
808 if ($this->acl_is_writeable("nagios_group")){
809 if (isset ($_POST['nagios_group'])){
810 $this->nagios_group= TRUE;
811 } else {
812 $this->nagios_group= FALSE;
813 }
814 }
815 }
817 /* Trust mode - special handling */
818 if($this->acl_is_writeable("trustModel")){
819 if (isset($_POST['trustmode'])){
820 $saved= $this->trustModel;
821 if ($_POST['trustmode'] == "1"){
822 $this->trustModel= "fullaccess";
823 } elseif ($_POST['trustmode'] == "2"){
824 $this->trustModel= "byhost";
825 } else {
826 $this->trustModel= "";
827 }
828 if ($this->trustModel != $saved){
829 $this->is_modified= TRUE;
830 }
831 }
832 }
834 }
837 /* Save to LDAP */
838 function save()
839 {
841 /* ID handling */
842 if ($this->force_gid == 0){
843 if ($this->saved_gidNumber != ""){
844 $this->gidNumber= $this->saved_gidNumber;
845 } else {
846 /* Calculate new, lock uids */
847 $wait= 10;
848 while (get_lock("uidnumber") != ""){
849 sleep (1);
851 /* timed out? */
852 if ($wait-- == 0){
853 break;
854 }
855 }
856 add_lock ("uidnumber", "gosa");
857 $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
858 }
859 }
861 plugin::save();
863 /* Trust accounts */
864 $objectclasses= array();
865 foreach ($this->attrs['objectClass'] as $key => $class){
866 if (preg_match('/trustAccount/i', $class)){
867 continue;
868 }
869 $objectclasses[]= $this->attrs['objectClass'][$key];
870 }
871 $this->attrs['objectClass']= $objectclasses;
872 if ($this->trustModel != ""){
873 $this->attrs['objectClass'][]= "trustAccount";
874 $this->attrs['trustModel']= $this->trustModel;
875 $this->attrs['accessTo']= array();
876 if ($this->trustModel == "byhost"){
877 foreach ($this->accessTo as $host){
878 $this->attrs['accessTo'][]= $host;
879 }
880 }
881 } else {
882 if ($this->was_trust_account){
883 $this->attrs['accessTo']= array();
884 $this->attrs['trustModel']= array();
885 }
886 }
890 /* Remove objectClass for samba/phone support */
891 $tmp= array();
892 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
893 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
894 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
895 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
896 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
897 $tmp[]= $this->attrs['objectClass'][$i];
898 }
899 }
900 $this->attrs['objectClass']= $tmp;
901 $ldap= $this->config->get_ldap_link();
903 /* Add samba group functionality */
904 if ($this->samba3 && $this->smbgroup){
906 /* Fixed undefined index ...
907 */
908 $this->SID = $this->ridBase = "";
909 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
910 $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
911 }else{
912 msg_dialog::display(_("Error"), sprintf(_("Cannot find any SID for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
913 }
914 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
915 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
916 }else{
917 msg_dialog::display(_("Error"), sprintf(_("Cannot find any RIDBASE for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
918 }
920 $this->attrs['objectClass'][]= 'sambaGroupMapping';
921 $this->attrs['sambaGroupType']= "2";
923 /* Check if we need to create a special entry */
924 if ($this->groupType == 0){
926 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
927 $gidNumber= $this->gidNumber;
928 while(TRUE){
929 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
930 $ldap->cd($this->config->current['BASE']);
931 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
932 if ($ldap->count() == 0){
933 break;
934 }
935 $gidNumber++;
936 }
937 $this->attrs['sambaSID']= $sid;
938 $this->sambaSID= $sid;
939 }
941 } else {
942 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
943 }
945 /* User wants me to fake the idMappings? This is useful for
946 making winbind resolve the group names in a reasonable amount
947 of time in combination with larger databases. */
948 if (isset($this->config->current['SAMBAIDMAPPING']) &&
949 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
950 $this->attrs['objectClass'][]= "sambaIdmapEntry";
951 }
953 }
955 /* Add phone functionality */
956 if ($this->fon_group){
957 $this->attrs['objectClass'][]= "goFonPickupGroup";
958 }
960 /* Add nagios functionality */
961 if ($this->nagios_group){
962 $this->attrs['objectClass'][]= "nagiosContactGroup";
963 }
965 /* Take members array */
966 if (count ($this->memberUid)){
967 $this->attrs['memberUid']= array_values(array_unique($this->memberUid));
968 }
970 /* New accounts need proper 'dn', propagate it to remaining objects */
971 if ($this->dn == 'new'){
972 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
973 }
975 /* Add member dn's for RFC2307bis Support */
976 if ($this->rfc2307bis){
977 $this->attrs['member'] = array();
978 if (count($this->memberUid)){
979 foreach($this->attrs['memberUid'] as $uid) {
980 $this->attrs['member'][]= $this->dnMapping[$uid];
981 }
982 } else {
983 $this->attrs['member'][]= $this->dn;
984 }
985 }
987 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
988 new entries. So do a check first... */
989 $ldap->cat ($this->dn, array('dn'));
990 if ($ldap->fetch()){
991 /* Modify needs array() to remove values :-( */
992 if (!count ($this->memberUid)){
993 $this->attrs['memberUid']= array();
994 }
995 if ($this->samba3){
996 if (!$this->smbgroup){
997 $this->attrs['sambaGroupType']= array();
998 $this->attrs['sambaSID']= array();
999 }
1000 }
1001 $mode= "modify";
1002 } else {
1003 $mode= "add";
1004 $ldap->cd($this->config->current['BASE']);
1005 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
1006 }
1008 /* Write back to ldap */
1009 $ldap->cd($this->dn);
1010 $this->cleanup();
1011 $ldap->$mode($this->attrs);
1013 /* Remove ACL dependencies too,
1014 */
1015 if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
1016 $tmp = new acl($this->config,$this->parent,$this->dn);
1017 $tmp->update_acl_membership($this->orig_dn,$this->dn);
1018 }
1020 if($this->initially_was_account){
1021 new log("modify","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1022 }else{
1023 new log("create","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1024 }
1026 $ret= 0;
1027 if (!$ldap->success()){
1028 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
1029 $ret= 1;
1030 }
1032 /* Remove uid lock */
1033 del_lock ("uidnumber");
1035 /* Post that we've done*/
1036 $this->handle_post_events($mode);
1038 return ($ret);
1039 }
1041 function check()
1042 {
1043 /* Call common method to give check the hook */
1044 $message= plugin::check();
1046 /* Permissions for that base? */
1047 if ($this->base != ""){
1048 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
1049 } else {
1050 $new_dn= $this->dn;
1051 }
1053 /* must: cn */
1054 if ($this->cn == "" && $this->acl_is_writeable("cn")){
1055 $message[]= msgPool::required(_("Name"));
1056 }
1058 /* Check for valid input */
1059 if (!tests::is_uid($this->cn)){
1060 if (strict_uid_mode()){
1061 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/");
1062 } else {
1063 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/i");
1064 }
1065 }
1067 if($this->allowGroupsWithSameNameInOtherSubtrees == true){
1069 /* Check for used 'cn' */
1070 $ldap= $this->config->get_ldap_link();
1071 if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
1072 $ldap->cd(get_groups_ou().$this->base);
1073 $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
1074 if ($ldap->count() != 0){
1075 $message[]= msgPool::duplicated(_("Name"));
1076 }
1077 }
1079 }else{
1081 /* Check for used 'cn' */
1082 $ldap= $this->config->get_ldap_link();
1083 $ldap->cd($this->config->current['BASE']);
1084 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
1085 if ($ldap->count() != 0){
1087 /* New entry? */
1088 if ($this->dn == 'new'){
1089 $message[]= msgPool::duplicated(_("Name"));
1090 }
1092 /* Moved? */
1093 elseif ($new_dn != $this->orig_dn){
1094 $ldap->fetch();
1095 if ($ldap->getDN() != $this->orig_dn){
1096 $message[]= msgPool::duplicated(_("Name"));
1097 }
1098 }
1099 }
1100 }
1102 /* Check ID */
1103 if ($this->force_gid == "1"){
1104 if (!tests::is_id($this->gidNumber)){
1105 $message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/");
1106 } else {
1107 if ($this->gidNumber < $this->config->current['MINID']){
1108 $message[]= msgPool::toosmall(_("GID"), $this->config->current['MINID']);
1109 }
1111 }
1112 }
1114 return ($message);
1115 }
1117 function get_next_id($attrib, $dn)
1118 {
1119 $ids= array();
1120 $ldap= $this->config->get_ldap_link();
1122 $ldap->cd ($this->config->current['BASE']);
1123 if (preg_match('/gidNumber/i', $attrib)){
1124 $oc= "posixGroup";
1125 } else {
1126 $oc= "posixAccount";
1127 }
1128 $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
1130 /* Get list of ids */
1131 while ($attrs= $ldap->fetch()){
1132 $ids[]= (int)$attrs["$attrib"][0];
1133 }
1135 /* Find out next free id near to UID_BASE */
1136 if (!isset($this->config->current['BASE_HOOK'])){
1137 $base= $this->config->current['UIDBASE'];
1138 } else {
1139 /* Call base hook */
1140 $base= get_base_from_hook($dn, $attrib);
1141 }
1142 for ($id= $base; $id++; $id < pow(2,32)){
1143 if (!in_array($id, $ids)){
1144 return ($id);
1145 }
1146 }
1148 /* Check if id reached maximum */
1149 if ($id >= pow(2,32)){
1150 msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
1151 exit;
1152 }
1153 }
1155 function getCopyDialog()
1156 {
1157 $vars = array("cn");
1159 if($this ->force_gid){
1160 $used = " checked ";
1161 $dis = "";
1162 }else{
1163 $used = "";
1164 $dis = " disabled ";
1165 }
1167 $smarty = get_smarty();
1168 $smarty->assign("used",$used);
1169 $smarty->assign("dis" ,$dis);
1170 $smarty->assign("cn" ,$this->cn);
1171 $smarty->assign("gidNumber",$this->gidNumber);
1172 $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
1173 $ret = array();
1174 $ret['string'] = $str;
1175 $ret['status'] = "";
1176 return($ret);
1177 }
1179 function saveCopyDialog()
1180 {
1181 if(isset($_POST['cn'])){
1182 $this->cn = $_POST['cn'];
1183 }
1184 if(isset($_POST['force_gid'])){
1185 $this->force_gid = 1;
1186 $this->gidNumber= $_POST['gidNumber'];
1187 }else{
1188 $this->force_gid = 0;
1189 $this->gidNumber = false;
1190 }
1191 }
1194 /* Return plugin informations for acl handling */
1195 static function plInfo()
1196 {
1197 return (array(
1198 "plShortName" => _("Generic"),
1199 "plDescription" => _("Generic group settings"),
1200 "plSelfModify" => FALSE,
1201 "plDepends" => array(),
1202 "plPriority" => 0,
1203 "plSection" => array("admin"),
1204 "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
1206 "plProvidedAcls" => array(
1207 "cn" => _("Name"),
1208 "base" => _("Base"),
1209 "description" => _("Description"),
1211 "fonGroup" => _("Phone pickup group"),
1212 "nagiosGroup" => _("Nagios group"),
1214 "gidNumber" => _("GID"),
1215 "memberUid" => _("Group member"),
1216 "sambaGroupType" => _("Samba group type"),
1217 "sambaDomainName" => _("Samba domain name"),
1218 "sambaSID" => _("Samba SID"))
1219 ));
1220 }
1223 function multiple_save_object()
1224 {
1225 if(isset($_POST['group_mulitple_edit'])){
1227 /* Create a base backup and reset the
1228 base directly after calling plugin::save_object();
1229 Base will be set seperatly a few lines below */
1230 $base_tmp = $this->base;
1231 plugin::multiple_save_object();
1232 plugin::save_object();
1233 $this->base = $base_tmp;
1235 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1236 if(isset($_POST['use_'.$attr])){
1237 $this->multi_boxes[] = $attr;
1238 }
1239 }
1241 /* Get base selection */
1242 if(isset($_POST['base'])){
1243 $tmp = $this->get_allowed_bases();
1244 if(isset($tmp[$_POST['base']])){
1245 $this->base = $_POST['base'];
1246 }
1247 }
1249 foreach (array( "smbgroup" => "sambaGroupType") as $val => $aclname) {
1250 if ($this->acl_is_writeable($aclname)){
1251 if(isset($_POST["$val"])){
1252 $this->$val= TRUE;
1253 }else{
1254 $this->$val= FALSE;
1255 }
1256 }
1257 }
1259 /* Save sambaDomain attribute */
1260 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
1261 $this->sambaDomainName= $_POST['sambaDomainName'];
1262 $this->groupType= $_POST['groupType'];
1263 }
1265 /* Save fon attribute */
1266 if ($this->acl_is_writeable("fon_group")){
1267 if (isset ($_POST['fon_group'])){
1268 $this->fon_group= TRUE;
1269 } else {
1270 $this->fon_group= FALSE;
1271 }
1272 }
1273 }
1274 }
1277 function get_multi_edit_values()
1278 {
1279 $ret = plugin::get_multi_edit_values();
1281 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1282 if(in_array($attr,$this->multi_boxes)){
1283 $ret[$attr] = $this->$attr;
1284 }
1285 }
1286 $ret['memberUid'] = $this->memberUid;
1287 $ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
1288 return($ret);
1289 }
1291 function multiple_execute()
1292 {
1293 return($this->execute());
1294 }
1297 /* Initialize plugin with given atribute arrays
1298 */
1299 function init_multiple_support($attrs,$all)
1300 {
1301 plugin::init_multiple_support($attrs,$all);
1303 $this->memberUid = array();
1304 $this->memberUid_used_by_some = array();
1305 if (isset($attrs['memberUid'])){
1306 for ($i= 0; $i<$attrs['memberUid']['count']; $i++){
1307 $this->memberUid[$attrs['memberUid'][$i]]= $attrs['memberUid'][$i];
1308 }
1309 ksort($this->memberUid);
1310 }
1312 if (isset($all['memberUid'])){
1313 for ($i= 0; $i<$all['memberUid']['count']; $i++){
1314 if(!in_array($all['memberUid'][$i],$this->memberUid)){
1315 $this->memberUid_used_by_some[$all['memberUid'][$i]]= $all['memberUid'][$i];
1316 }
1317 }
1318 ksort($this->memberUid_used_by_some);
1319 }
1320 }
1322 function set_multi_edit_values($attrs)
1323 {
1324 $users = array();
1326 /* Update groupMembership, keep optinal group */
1327 foreach($attrs['memberUid_used_by_some'] as $uid){
1328 if(in_array($uid,$this->memberUid)){
1329 $users[$uid] = $uid;
1330 }
1331 }
1333 /* Update groupMembership, add forced groups */
1334 foreach($attrs['memberUid'] as $uid){
1335 $users[$uid] = $uid;
1336 }
1337 plugin::set_multi_edit_values($attrs);
1338 $this->memberUid = $users;
1339 }
1340 }
1341 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1342 ?>