1 <?php
3 class group extends plugin
4 {
5 /* Group attributes */
6 var $cn= "";
7 var $description= "";
8 var $gidNumber= "";
9 var $memberUid= array();
10 var $memberUid_used_by_some= array();
12 /* Helpers */
13 var $base= "";
14 var $force_gid= FALSE;
15 var $fon_group= FALSE;
16 var $smbgroup= FALSE;
17 var $groupType= FALSE;
18 var $samba3= FALSE;
19 var $sambaSID= "";
20 var $sambaDomainName= "DEFAULT";
21 var $SID= "";
22 var $ridBase= 0;
23 var $members= array();
24 var $users= array();
25 var $member= array();
26 var $allusers= array();
27 var $saved_gidNumber= "";
28 var $oldgroupType= "";
29 var $orig_dn= "";
30 var $orig_cn= "";
31 var $has_mailAccount= FALSE;
32 var $group_dialog= FALSE;
33 var $nagios_group =FALSE;
34 var $sambaGroupType;
35 var $dialog;
36 var $rfc2307bis= FALSE;
37 var $OnlyShowFirstEntries =200;
38 var $dnMapping= array();
39 var $view_logged = FALSE;
40 var $allowGroupsWithSameNameInOtherSubtrees = true;
42 /* attribute list for save action */
43 var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
44 var $objectclasses= array("top", "posixGroup");
46 var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
48 var $multiple_support = TRUE;
50 function group (&$config, $dn= NULL)
51 {
52 /* Set rfc2307bis flag */
53 if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
54 $this->rfc2307bis= TRUE;
55 $this->attributes[]= "member";
56 $this->objectclasses[]= "groupOfNames";
57 }
59 plugin::plugin ($config, $dn);
61 /* Load attributes depending on the samba version */
62 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
63 $this->orig_dn= $dn;
64 $this->orig_cn= $this->cn;
66 /* Get member list */
67 if (isset($this->attrs['memberUid'][0])){
68 $tmp= array();
69 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
70 $tmp[$this->attrs['memberUid'][$i]]= $this->attrs['memberUid'][$i];
71 }
72 $this->memberUid= $tmp;
73 ksort ($this->memberUid);
74 }
76 /* Save gidNumber for later use */
77 if (isset($this->attrs['gidNumber'])){
78 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
79 }
81 /* Is a samba group? */
82 if (isset($this->attrs['objectClass'])){
83 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == FALSE ){
84 $this->smbgroup= FALSE;
85 } else {
86 $this->smbgroup= TRUE;
87 if (isset($this->attrs['sambaSID'])){
88 $this->sambaSID= $this->attrs['sambaSID'][0];
89 }
90 }
91 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == FALSE ){
92 $this->fon_group= FALSE;
93 } else {
94 $this->fon_group= TRUE;
95 }
96 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == FALSE ){
97 $this->nagios_group= FALSE;
98 } else {
99 $this->nagios_group= TRUE;
100 }
101 }
103 /* Set mail flag */
104 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
105 $this->has_mailAccount= TRUE;
106 }
108 /* Get samba Domain in case of samba 3 */
109 if ($this->samba3 && $this->sambaSID != ""){
110 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
111 $ldap= $this->config->get_ldap_link();
112 $ldap->cd($this->config->current['BASE']);
113 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
114 if ($ldap->count() != 0){
115 $attrs= $ldap->fetch();
116 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
118 /* Get domain name for SID */
119 $this->sambaDomainName= "DEFAULT";
120 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
121 if ($val['SID'] == $this->SID){
122 $this->sambaDomainName= $key;
123 break;
124 }
125 }
126 } else {
127 if (isset($this->config->current['RIDBASE'])){
128 $this->sambaDomainName= "DEFAULT";
129 $this->ridBase= $this->config->current['RIDBASE'];
130 $this->SID= $this->config->current['SID'];
131 } else {
132 msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG);
133 }
134 }
136 /* Get group type */
137 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
138 if ($this->groupType < 500 || $this->groupType > 553){
139 $this->groupType= 0;
140 }
141 $this->oldgroupType= $this->groupType;
142 }
144 /* Get global filter config */
145 if (!session::is_set("gufilter")){
146 $ui= get_userinfo();
147 $base= get_base_from_people($ui->dn);
148 $gufilter= array( "dselect" => $base,
149 "regex" => "*");
150 session::set("gufilter", $gufilter);
151 }
152 $gufilter= session::get('gufilter');
153 $gufilter['SubSearchGroup'] = false;
154 session::set('gufilter',$gufilter);
156 if ($this->dn == "new"){
157 if(session::is_set('CurrentMainBase')){
158 $this->base = session::get('CurrentMainBase');
159 }else{
160 $ui= get_userinfo();
161 $this->base= dn2base($ui->dn);
162 }
163 } else {
165 /* Get object base */
166 $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
167 }
169 /* This is always an account */
170 $this->is_account= TRUE;
171 $this->reload();
172 }
174 function execute()
175 {
176 /* Call parent execute */
177 plugin::execute();
179 /* Log view */
180 if($this->is_account && !$this->view_logged){
181 $this->view_logged = TRUE;
182 new log("view","groups/".get_class($this),$this->dn);
183 }
185 /* Do we represent a valid group? */
186 if (!$this->is_account && $this->parent === NULL){
187 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
188 _("This 'dn' is no group.")."</b>";
189 return ($display);
190 }
192 /* Delete user from group */
193 if (isset($_POST['del_users']) && isset($_POST['members'])){
194 foreach ($_POST['members'] as $value){
195 unset ($this->members["$value"]);
196 $this->removeUser($value);
197 }
198 $this->reload();
199 }
201 /* Add objects? */
202 if (isset($_POST["edit_membership"])){
203 $this->group_dialog= TRUE;
204 $this->dialog= TRUE;
205 }
207 /* Add objects finished? */
208 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
209 $this->group_dialog= FALSE;
210 $this->dialog= FALSE;
211 }
213 /* Add user to group */
214 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
215 foreach ($_POST['users'] as $value){
216 $this->members["$value"]= $this->allusers[$value];
217 asort($this->members);
218 $this->addUser($value);
219 }
220 $this->reload();
221 }
223 /* Base select dialog */
224 $once = true;
225 foreach($_POST as $name => $value){
226 if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
228 $once = false;
229 $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
230 $this->dialog->setCurrentBase($this->base);
231 }
232 }
234 /* Dialog handling */
235 if(is_object($this->dialog)){
236 /* Must be called before save_object */
237 $this->dialog->save_object();
239 if($this->dialog->isClosed()){
240 $this->dialog = false;
241 }elseif($this->dialog->isSelected()){
243 /* Check if selected base is valid */
244 $tmp = $this->get_allowed_bases();
245 if(isset($tmp[$this->dialog->isSelected()])){
246 $this->base = $this->dialog->isSelected();
247 }
248 $this->dialog= false;
249 }else{
250 return($this->dialog->execute());
251 }
252 }
254 /* Assign templating stuff */
255 $smarty= get_smarty();
256 if ($this->samba3){
257 $smarty->assign("samba3", "true");
258 } else {
259 $smarty->assign("samba3", "");
260 }
262 if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
263 $smarty->assign("nagios",true);
264 }else{
265 $smarty->assign("nagios",false);
266 }
268 if($this->config->search("phoneAccount", "CLASS",array('menu'))){
269 $smarty->assign("pickupGroup",true);
270 }else{
271 $smarty->assign("pickupGroup",false);
272 }
274 /* Manage object add dialog */
275 if ($this->group_dialog){
277 /* Save data */
278 $gufilter= session::get("gufilter");
279 foreach( array("dselect", "regex") as $type){
280 if (isset($_POST[$type])){
281 $gufilter[$type]= $_POST[$type];
282 }
283 }
284 if(isset($_POST['regex'])){
285 if(isset($_POST['SubSearchGroup'])){
286 $gufilter['SubSearchGroup'] = true;
287 }else{
288 $gufilter['SubSearchGroup'] = false;
289 }
290 }
292 if (isset($_GET['search'])){
293 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
294 if ($s == "**"){
295 $s= "*";
296 }
297 $gufilter['regex']= $s;
298 }
299 session::set("gufilter", $gufilter);
300 $this->reload();
302 /* Show dialog */
303 $smarty->assign("search_image", get_template_path('images/search.png'));
304 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
305 $smarty->assign("tree_image", get_template_path('images/tree.png'));
307 $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
308 $smarty->assign("alphabet", generate_alphabet());
309 foreach( array("dselect", "regex","SubSearchGroup") as $type){
310 $smarty->assign("$type", $gufilter[$type]);
311 }
312 $smarty->assign("hint", print_sizelimit_warning());
313 $smarty->assign("users", $this->displayUsers);
314 $smarty->assign("apply", apply_filter());
315 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
316 return ($display);
317 }
319 $smarty->assign("bases", $this->get_allowed_bases());
320 $smarty->assign("base_select", $this->base);
322 if ($this->samba3){
323 $domains= array();
324 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
325 $domains[$name]= $name;
326 }
327 $smarty->assign("sambaDomains", $domains);
328 $smarty->assign("sambaDomainName", $this->sambaDomainName);
329 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
330 514 => _("Domain guests"));
332 /* Don't loose special groups! If not key'ed above, add it to
333 the combo box... */
334 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
335 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
336 }
338 $smarty->assign("groupTypes", $groupTypes);
339 $smarty->assign("groupType", $this->groupType);
340 }
342 /* Members and users */
343 $smarty->assign("members", $this->members);
345 /* Checkboxes */
346 foreach (array("force_gid", "smbgroup") as $val){
347 if ($this->$val == "1"){
348 $smarty->assign("$val", "checked");
349 } else {
350 $smarty->assign("$val", "");
351 }
352 }
353 if ($this->force_gid != "1"){
354 $smarty->assign("forceMode", "disabled");
355 }else{
356 $smarty->assign("forceMode", "");
357 }
358 if ($this->fon_group){
359 $smarty->assign("fon_group", "checked");
360 } else {
361 $smarty->assign("fon_group", "");
362 }
364 if ($this->nagios_group){
365 $smarty->assign("nagios_group", "checked");
366 } else {
367 $smarty->assign("nagios_group", "");
368 }
370 /* Fields */
371 foreach (array("cn", "description", "gidNumber") as $val){
372 $smarty->assign("$val", $this->$val);
373 }
375 $tmp = $this->plInfo();
376 foreach($tmp['plProvidedAcls'] as $name => $translation){
377 $smarty->assign($name."ACL",$this->getacl($name));
378 }
380 if($this->acl_is_writeable("base")){
381 $smarty->assign("baseSelect",true);
382 }else{
383 $smarty->assign("baseSelect",false);
384 }
386 /* Show main page */
387 $smarty->assign("alphabet", generate_alphabet(10));
388 $smarty->assign("search_image", get_template_path('images/search.png'));
389 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
390 $smarty->assign("tree_image", get_template_path('images/tree.png'));
391 $smarty->assign("deplist", $this->config->idepartments);
393 /* Multiple edit handling */
394 $smarty->assign("multiple_support",$this->multiple_support_active);
396 $smarty->assign("memberUid_All",$this->memberUid);
397 $smarty->assign("memberUid_Some",$this->memberUid_used_by_some);
399 foreach($this->attributes as $val){
400 if(in_array($val,$this->multi_boxes)){
401 $smarty->assign("use_".$val,TRUE);
402 }else{
403 $smarty->assign("use_".$val,FALSE);
404 }
405 }
406 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $val){
407 if(in_array($val,$this->multi_boxes)){
408 $smarty->assign("use_".$val,TRUE);
409 }else{
410 $smarty->assign("use_".$val,FALSE);
411 }
412 }
414 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
415 }
417 function addUser($uid)
418 {
419 /* In mutliple edit we have to handle two arrays.
420 * memberUid : Containing users used in all groups
421 * memberUid_used_by_some : Those which are not used in all groups
422 * So we have to remove the given $uid from the ..used_by_some array first.
423 */
424 if($this->multiple_support_active){
425 if(isset($this->memberUid_used_by_some[$uid])){
426 unset($this->memberUid_used_by_some[$uid]);
427 }
428 }
430 $this->memberUid[$uid]= $uid;
431 }
434 function removeUser($uid)
435 {
436 $temp= array();
437 if(isset($this->memberUid[$uid])){
438 unset($this->memberUid[$uid]);
439 }
441 /* We have two array contianing group members in multiple edit.
442 * this->memberUid : Groups used by all currently edited groups
443 * this->memberUid_used_by_some: Used by some
444 * So we have to remove the specified uid from both arrays.
445 */
446 if($this->multiple_support_active){
447 if(isset($this->memberUid_used_by_some[$uid])){
448 unset($this->memberUid_used_by_some[$uid]);
449 }
450 }
451 }
453 /* Reload data */
454 function reload()
455 {
456 /* Fix regex string */
457 $gufilter = session::get("gufilter");
458 $regex = normalizeLdap($gufilter['regex']);
459 $MaxUser = $this->OnlyShowFirstEntries;
461 /* Prepare ldap link */
462 $ldap= $this->config->get_ldap_link();
463 $ldap->cd($gufilter['dselect']);
466 /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
467 (Store gathered sn/givenName informations in $this->allusers too,
468 to be prepared when adding/deleting users)
469 */
470 $filter = "";
471 foreach ($this->memberUid as $value){
472 if(!isset($this->members[$value])){
473 $filter .= "(uid=".normalizeLdap($value).")";
474 }
475 }
476 if(!empty($filter)){
477 $ldap->cd($this->config->current['BASE']);
478 $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
479 while($attrs = $ldap->fetch()){
480 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
481 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
482 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
483 }
484 }
486 /* check if all uids are resolved */
487 foreach ($this->memberUid as $value){
488 if(!isset($this->members[$value])){
489 $this->members[$value] = _("! unknown id")." [".$value."]";
490 }
491 }
493 /* Create display list of users matching regex & filter
494 */
495 $this->displayUsers = array();
496 $filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
498 /* Search in current tree or within subtrees depending on the checkbox from filter section */
499 if($gufilter['SubSearchGroup']){
500 $flag = GL_SIZELIMIT | GL_SUBSEARCH;
501 $base = $gufilter['dselect'];
502 }else{
503 $flag = GL_SIZELIMIT ;
504 $base = get_people_ou().$gufilter['dselect'];
505 }
506 $i = 0;
509 $res = get_list($filter,"users",$base,array("dn", "uid", "sn", "givenName"),$flag);
511 /* Fetch all users and skip already used users */
512 foreach($res as $attrs){
513 if(in_array($attrs['uid'][0], $this->memberUid)) {
514 continue;
515 }
516 $i ++;
517 if($i > $MaxUser) {
518 break;
519 }
520 $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
521 $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
522 $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
523 }
525 /* If more than max users are found, display a message to warn the user */
526 if($i == $MaxUser){
527 msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG);
528 }
530 /* Sort lists */
531 natcasesort($this->members);
532 reset($this->members);
533 natcasesort ($this->displayUsers);
534 reset ($this->displayUsers);
535 }
538 /* Create display name, this was used so often that it is excluded into a seperate function */
539 function createResultName($attrs)
540 {
541 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
542 $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
543 } else {
544 $ret= $attrs['uid'][0];
545 }
546 return($ret);
547 }
550 function remove_from_parent()
551 {
552 plugin::remove_from_parent();
554 $ldap= $this->config->get_ldap_link();
555 $ldap->rmdir($this->dn);
556 show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn));
558 new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
560 /* Delete references to object groups */
561 $ldap->cd ($this->config->current['BASE']);
562 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
563 while ($ldap->fetch()){
564 $og= new ogroup($this->config, $ldap->getDN());
565 unset($og->member[$this->dn]);
566 $og->save ();
567 }
569 /* Remove ACL dependencies too,
570 */
571 $ldap = $this->config->get_ldap_link();
572 $ldap->cd($this->config->current['BASE']);
573 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
574 while($attrs = $ldap->fetch()){
575 $acl = new acl($this->config,$this->parent,$attrs['dn']);
576 foreach($acl->gosaAclEntry as $id => $entry){
577 foreach($entry['members'] as $m_id => $member){
578 if($m_id == "G:".$this->dn || $m_id == "U:".$this->dn){
579 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
580 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn']));
581 }
582 }
583 }
584 $acl -> save();
585 }
587 /* Remove ACL dependencies too,
588 */
589 $tmp = new acl($this->config,$this->parent,$this->dn);
590 $tmp->remove_acl();
592 /* Send signal to the world that we've done */
593 $this->handle_post_events("remove");
594 }
597 /* Save data to object */
598 function save_object()
599 {
600 /* Save additional values for possible next step */
601 if (isset($_POST['groupedit'])){
603 /* Create a base backup and reset the
604 base directly after calling plugin::save_object();
605 Base will be set seperatly a few lines below */
606 $base_tmp = $this->base;
607 plugin::save_object();
608 $this->base = $base_tmp;
610 $this->force_gid= 0;
612 /* Only reset sambagroup flag if we are able to write this flag */
613 if($this->acl_is_writeable("sambaGroupType")){
614 $this->smbgroup = 0;
615 }
617 /* Get base selection */
618 if(isset($_POST['base'])){
619 $tmp = $this->get_allowed_bases();
620 if(isset($tmp[$_POST['base']])){
621 $this->base = $_POST['base'];
622 }
623 }
625 foreach (array(
626 "force_gid" => "gidNumber",
627 "smbgroup" => "sambaGroupType") as $val => $aclname) {
628 if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
629 $this->$val= $_POST["$val"];
630 }
631 }
633 /* Save sambaDomain attribute */
634 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
635 $this->sambaDomainName= $_POST['sambaDomainName'];
636 $this->groupType= $_POST['groupType'];
637 }
639 /* Save fon attribute */
640 if ($this->acl_is_writeable("fon_group")){
641 if (isset ($_POST['fon_group'])){
642 $this->fon_group= TRUE;
643 } else {
644 $this->fon_group= FALSE;
645 }
646 }
647 if ($this->acl_is_writeable("nagios_group")){
648 if (isset ($_POST['nagios_group'])){
649 $this->nagios_group= TRUE;
650 } else {
651 $this->nagios_group= FALSE;
652 }
653 }
654 }
655 }
658 /* Save to LDAP */
659 function save()
660 {
662 /* ID handling */
663 if ($this->force_gid == 0){
664 if ($this->saved_gidNumber != ""){
665 $this->gidNumber= $this->saved_gidNumber;
666 } else {
667 /* Calculate new, lock uids */
668 $wait= 10;
669 while (get_lock("uidnumber") != ""){
670 sleep (1);
672 /* timed out? */
673 if ($wait-- == 0){
674 break;
675 }
676 }
677 add_lock ("uidnumber", "gosa");
678 $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
679 }
680 }
682 plugin::save();
684 /* Remove objectClass for samba/phone support */
685 $tmp= array();
686 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
687 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
688 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
689 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
690 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
691 $tmp[]= $this->attrs['objectClass'][$i];
692 }
693 }
694 $this->attrs['objectClass']= $tmp;
695 $ldap= $this->config->get_ldap_link();
697 /* Add samba group functionality */
698 if ($this->samba3 && $this->smbgroup){
700 /* Fixed undefined index ...
701 */
702 $this->SID = $this->ridBase = "";
703 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
704 $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
705 }else{
706 msg_dialog::display(_("Error"), sprintf(_("Cannot find any SID for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
707 }
708 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
709 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
710 }else{
711 msg_dialog::display(_("Error"), sprintf(_("Cannot find any RIDBASE for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
712 }
714 $this->attrs['objectClass'][]= 'sambaGroupMapping';
715 $this->attrs['sambaGroupType']= "2";
717 /* Check if we need to create a special entry */
718 if ($this->groupType == 0){
720 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
721 $gidNumber= $this->gidNumber;
722 while(TRUE){
723 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
724 $ldap->cd($this->config->current['BASE']);
725 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
726 if ($ldap->count() == 0){
727 break;
728 }
729 $gidNumber++;
730 }
731 $this->attrs['sambaSID']= $sid;
732 $this->sambaSID= $sid;
733 }
735 } else {
736 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
737 }
739 /* User wants me to fake the idMappings? This is useful for
740 making winbind resolve the group names in a reasonable amount
741 of time in combination with larger databases. */
742 if (isset($this->config->current['SAMBAIDMAPPING']) &&
743 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
744 $this->attrs['objectClass'][]= "sambaIdmapEntry";
745 }
747 }
749 /* Add phone functionality */
750 if ($this->fon_group){
751 $this->attrs['objectClass'][]= "goFonPickupGroup";
752 }
754 /* Add nagios functionality */
755 if ($this->nagios_group){
756 $this->attrs['objectClass'][]= "nagiosContactGroup";
757 }
759 /* Take members array */
760 if (count ($this->memberUid)){
761 $this->attrs['memberUid']= array_values(array_unique($this->memberUid));
762 }
764 /* New accounts need proper 'dn', propagate it to remaining objects */
765 if ($this->dn == 'new'){
766 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
767 }
769 /* Add member dn's for RFC2307bis Support */
770 if ($this->rfc2307bis){
771 if (count($this->memberUid)){
772 $this->attrs['member'] = array();
773 foreach($this->attrs['memberUid'] as $uid) {
774 $this->attrs['member'][]= $this->dnMapping[$uid];
775 }
776 } else {
777 $this->attrs['member'][]= $this->dn;
778 }
779 }
781 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
782 new entries. So do a check first... */
783 $ldap->cat ($this->dn, array('dn'));
784 if ($ldap->fetch()){
785 /* Modify needs array() to remove values :-( */
786 if (!count ($this->memberUid)){
787 $this->attrs['memberUid']= array();
788 }
789 if ($this->samba3){
790 if (!$this->smbgroup){
791 $this->attrs['sambaGroupType']= array();
792 $this->attrs['sambaSID']= array();
793 }
794 }
795 $mode= "modify";
796 } else {
797 $mode= "add";
798 $ldap->cd($this->config->current['BASE']);
799 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
800 }
802 /* Write back to ldap */
803 $ldap->cd($this->dn);
804 $this->cleanup();
805 $ldap->$mode($this->attrs);
807 /* Remove ACL dependencies too,
808 */
809 if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
810 $tmp = new acl($this->config,$this->parent,$this->dn);
811 $tmp->update_acl_membership($this->orig_dn,$this->dn);
812 }
814 if($this->initially_was_account){
815 new log("modify","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
816 }else{
817 new log("create","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
818 }
820 $ret= 0;
821 if ( show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn))){
822 $ret= 1;
823 }
825 /* Remove uid lock */
826 del_lock ("uidnumber");
828 /* Post that we've done*/
829 $this->handle_post_events($mode);
831 return ($ret);
832 }
834 function check()
835 {
836 /* Call common method to give check the hook */
837 $message= plugin::check();
839 /* Permissions for that base? */
840 if ($this->base != ""){
841 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
842 } else {
843 $new_dn= $this->dn;
844 }
846 /* must: cn */
847 if ($this->cn == "" && $this->acl_is_writeable("cn")){
848 $message[]= msgPool::required(_("Name"));
849 }
851 /* Check for valid input */
852 if (!tests::is_uid($this->cn)){
853 if (strict_uid_mode()){
854 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/");
855 } else {
856 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/i");
857 }
858 }
860 if($this->allowGroupsWithSameNameInOtherSubtrees == true){
862 /* Check for used 'cn' */
863 $ldap= $this->config->get_ldap_link();
864 if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
865 $ldap->cd(get_groups_ou().$this->base);
866 $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
867 if ($ldap->count() != 0){
868 $message[]= msgPool::duplicated(_("Name"));
869 }
870 }
872 }else{
874 /* Check for used 'cn' */
875 $ldap= $this->config->get_ldap_link();
876 $ldap->cd($this->config->current['BASE']);
877 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
878 if ($ldap->count() != 0){
880 /* New entry? */
881 if ($this->dn == 'new'){
882 $message[]= msgPool::duplicated(_("Name"));
883 }
885 /* Moved? */
886 elseif ($new_dn != $this->orig_dn){
887 $ldap->fetch();
888 if ($ldap->getDN() != $this->orig_dn){
889 $message[]= msgPool::duplicated(_("Name"));
890 }
891 }
892 }
893 }
895 /* Check ID */
896 if ($this->force_gid == "1"){
897 if (!tests::is_id($this->gidNumber)){
898 $message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/");
899 } else {
900 if ($this->gidNumber < $this->config->current['MINID']){
901 $message[]= msgPool::toosmall(_("GID"), $this->config->current['MINID']);
902 }
904 }
905 }
907 return ($message);
908 }
910 function get_next_id($attrib, $dn)
911 {
912 $ids= array();
913 $ldap= $this->config->get_ldap_link();
915 $ldap->cd ($this->config->current['BASE']);
916 if (preg_match('/gidNumber/i', $attrib)){
917 $oc= "posixGroup";
918 } else {
919 $oc= "posixAccount";
920 }
921 $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
923 /* Get list of ids */
924 while ($attrs= $ldap->fetch()){
925 $ids[]= (int)$attrs["$attrib"][0];
926 }
928 /* Find out next free id near to UID_BASE */
929 if (!isset($this->config->current['BASE_HOOK'])){
930 $base= $this->config->current['UIDBASE'];
931 } else {
932 /* Call base hook */
933 $base= get_base_from_hook($dn, $attrib);
934 }
935 for ($id= $base; $id++; $id < pow(2,32)){
936 if (!in_array($id, $ids)){
937 return ($id);
938 }
939 }
941 /* Check if id reached maximum */
942 if ($id >= pow(2,32)){
943 msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
944 exit;
945 }
946 }
948 function getCopyDialog()
949 {
950 $vars = array("cn");
952 if($this ->force_gid){
953 $used = " checked ";
954 $dis = "";
955 }else{
956 $used = "";
957 $dis = " disabled ";
958 }
960 $smarty = get_smarty();
961 $smarty->assign("used",$used);
962 $smarty->assign("dis" ,$dis);
963 $smarty->assign("cn" ,$this->cn);
964 $smarty->assign("gidNumber",$this->gidNumber);
965 $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
966 $ret = array();
967 $ret['string'] = $str;
968 $ret['status'] = "";
969 return($ret);
970 }
972 function saveCopyDialog()
973 {
974 if(isset($_POST['cn'])){
975 $this->cn = $_POST['cn'];
976 }
977 if(isset($_POST['force_gid'])){
978 $this->force_gid = 1;
979 $this->gidNumber= $_POST['gidNumber'];
980 }else{
981 $this->force_gid = 0;
982 $this->gidNumber = false;
983 }
984 }
987 /* Return plugin informations for acl handling */
988 static function plInfo()
989 {
990 return (array(
991 "plShortName" => _("Generic"),
992 "plDescription" => _("Generic group settings"),
993 "plSelfModify" => FALSE,
994 "plDepends" => array(),
995 "plPriority" => 0,
996 "plSection" => array("admin"),
997 "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
999 "plProvidedAcls" => array(
1000 "cn" => _("Name"),
1001 "base" => _("Base"),
1002 "description" => _("Description"),
1004 "fonGroup" => _("Phone pickup group"),
1005 "nagiosGroup" => _("Nagios group"),
1007 "gidNumber" => _("GID"),
1008 "memberUid" => _("Group member"),
1009 "sambaGroupType" => _("Samba group type"),
1010 "sambaDomainName" => _("Samba domain name"),
1011 "sambaSID" => _("Samba SID"))
1012 ));
1013 }
1016 function multiple_save_object()
1017 {
1018 if(isset($_POST['group_mulitple_edit'])){
1020 /* Create a base backup and reset the
1021 base directly after calling plugin::save_object();
1022 Base will be set seperatly a few lines below */
1023 $base_tmp = $this->base;
1024 plugin::multiple_save_object();
1025 plugin::save_object();
1026 $this->base = $base_tmp;
1028 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1029 if(isset($_POST['use_'.$attr])){
1030 $this->multi_boxes[] = $attr;
1031 }
1032 }
1034 /* Get base selection */
1035 if(isset($_POST['base'])){
1036 $tmp = $this->get_allowed_bases();
1037 if(isset($tmp[$_POST['base']])){
1038 $this->base = $_POST['base'];
1039 }
1040 }
1042 foreach (array( "smbgroup" => "sambaGroupType") as $val => $aclname) {
1043 if ($this->acl_is_writeable($aclname)){
1044 if(isset($_POST["$val"])){
1045 $this->$val= TRUE;
1046 }else{
1047 $this->$val= FALSE;
1048 }
1049 }
1050 }
1052 /* Save sambaDomain attribute */
1053 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
1054 $this->sambaDomainName= $_POST['sambaDomainName'];
1055 $this->groupType= $_POST['groupType'];
1056 }
1058 /* Save fon attribute */
1059 if ($this->acl_is_writeable("fon_group")){
1060 if (isset ($_POST['fon_group'])){
1061 $this->fon_group= TRUE;
1062 } else {
1063 $this->fon_group= FALSE;
1064 }
1065 }
1066 }
1067 }
1070 function get_multi_edit_values()
1071 {
1072 $ret = plugin::get_multi_edit_values();
1074 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1075 if(in_array($attr,$this->multi_boxes)){
1076 $ret[$attr] = $this->$attr;
1077 }
1078 }
1079 $ret['memberUid'] = $this->memberUid;
1080 $ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
1081 return($ret);
1082 }
1084 function multiple_execute()
1085 {
1086 return($this->execute());
1087 }
1090 /* Initialize plugin with given atribute arrays
1091 */
1092 function init_multiple_support($attrs,$all)
1093 {
1094 plugin::init_multiple_support($attrs,$all);
1096 $this->memberUid = array();
1097 $this->memberUid_used_by_some = array();
1098 if (isset($attrs['memberUid'])){
1099 for ($i= 0; $i<$attrs['memberUid']['count']; $i++){
1100 $this->memberUid[$attrs['memberUid'][$i]]= $attrs['memberUid'][$i];
1101 }
1102 ksort($this->memberUid);
1103 }
1105 if (isset($all['memberUid'])){
1106 for ($i= 0; $i<$all['memberUid']['count']; $i++){
1107 if(!in_array($all['memberUid'][$i],$this->memberUid)){
1108 $this->memberUid_used_by_some[$all['memberUid'][$i]]= $all['memberUid'][$i];
1109 }
1110 }
1111 ksort($this->memberUid_used_by_some);
1112 }
1113 }
1115 function set_multi_edit_values($attrs)
1116 {
1117 $users = array();
1119 /* Update groupMembership, keep optinal group */
1120 foreach($attrs['memberUid_used_by_some'] as $uid){
1121 if(in_array($uid,$this->memberUid)){
1122 $users[$uid] = $uid;
1123 }
1124 }
1126 /* Update groupMembership, add forced groups */
1127 foreach($attrs['memberUid'] as $uid){
1128 $users[$uid] = $uid;
1129 }
1130 plugin::set_multi_edit_values($attrs);
1131 $this->memberUid = $users;
1132 }
1135 }
1137 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1138 ?>