![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
3 class group extends plugin
4 {
5 /* CLI vars */
6 var $cli_summary= "Handling of GOsa's base group object";
7 var $cli_description= "Some longer text\nfor help";
8 var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
10 /* Group attributes */
11 var $cn= "";
12 var $description= "";
13 var $gidNumber= "";
14 var $memberUid= array();
15 var $memberUid_used_by_some= array();
17 /* Helpers */
18 var $base= "";
19 var $force_gid= FALSE;
20 var $fon_group= FALSE;
21 var $smbgroup= FALSE;
22 var $groupType= FALSE;
23 var $samba3= FALSE;
24 var $sambaSID= "";
25 var $sambaDomainName= "DEFAULT";
26 var $SID= "";
27 var $ridBase= 0;
28 var $members= array();
29 var $users= array();
30 var $member= array();
31 var $allusers= array();
32 var $saved_gidNumber= "";
33 var $oldgroupType= "";
34 var $orig_dn= "";
35 var $orig_cn= "";
36 var $has_mailAccount= FALSE;
37 var $group_dialog= FALSE;
38 var $nagios_group =FALSE;
39 var $sambaGroupType;
40 var $dialog;
41 var $rfc2307bis= FALSE;
42 var $OnlyShowFirstEntries =200;
43 var $dnMapping= array();
44 var $view_logged = FALSE;
45 var $allowGroupsWithSameNameInOtherSubtrees = true;
47 /* attribute list for save action */
48 var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
49 var $objectclasses= array("top", "posixGroup");
51 var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
53 var $multiple_support = TRUE;
55 function group (&$config, $dn= NULL)
56 {
57 /* Set rfc2307bis flag */
58 if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
59 $this->rfc2307bis= TRUE;
60 $this->attributes[]= "member";
61 $this->objectclasses[]= "groupOfNames";
62 }
64 plugin::plugin ($config, $dn);
66 /* Load attributes depending on the samba version */
67 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
68 $this->orig_dn= $dn;
69 $this->orig_cn= $this->cn;
71 /* Get member list */
72 if (isset($this->attrs['memberUid'][0])){
73 $tmp= array();
74 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
75 $tmp[$this->attrs['memberUid'][$i]]= $this->attrs['memberUid'][$i];
76 }
77 $this->memberUid= $tmp;
78 ksort ($this->memberUid);
79 }
81 /* Save gidNumber for later use */
82 if (isset($this->attrs['gidNumber'])){
83 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
84 }
86 /* Is a samba group? */
87 if (isset($this->attrs['objectClass'])){
88 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == FALSE ){
89 $this->smbgroup= FALSE;
90 } else {
91 $this->smbgroup= TRUE;
92 if (isset($this->attrs['sambaSID'])){
93 $this->sambaSID= $this->attrs['sambaSID'][0];
94 }
95 }
96 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == FALSE ){
97 $this->fon_group= FALSE;
98 } else {
99 $this->fon_group= TRUE;
100 }
101 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == FALSE ){
102 $this->nagios_group= FALSE;
103 } else {
104 $this->nagios_group= TRUE;
105 }
106 }
108 /* Set mail flag */
109 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
110 $this->has_mailAccount= TRUE;
111 }
113 /* Get samba Domain in case of samba 3 */
114 if ($this->samba3 && $this->sambaSID != ""){
115 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
116 $ldap= $this->config->get_ldap_link();
117 $ldap->cd($this->config->current['BASE']);
118 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
119 if ($ldap->count() != 0){
120 $attrs= $ldap->fetch();
121 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
123 /* Get domain name for SID */
124 $this->sambaDomainName= "DEFAULT";
125 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
126 if ($val['SID'] == $this->SID){
127 $this->sambaDomainName= $key;
128 break;
129 }
130 }
131 } else {
132 if (isset($this->config->current['RIDBASE'])){
133 $this->sambaDomainName= "DEFAULT";
134 $this->ridBase= $this->config->current['RIDBASE'];
135 $this->SID= $this->config->current['SID'];
136 } else {
137 print_red(_("Can't find this groups SID in LDAP or in your configuration file!"));
138 }
139 }
141 /* Get group type */
142 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
143 if ($this->groupType < 500 || $this->groupType > 553){
144 $this->groupType= 0;
145 }
146 $this->oldgroupType= $this->groupType;
147 }
149 /* Get global filter config */
150 if (!session::is_set("gufilter")){
151 $ui= get_userinfo();
152 $base= get_base_from_people($ui->dn);
153 $gufilter= array( "dselect" => $base,
154 "regex" => "*");
155 session::set("gufilter", $gufilter);
156 }
157 $gufilter= session::get('gufilter');
158 $gufilter['SubSearchGroup'] = false;
159 session::set('gufilter',$gufilter);
161 if ($this->dn == "new"){
162 if(session::is_set('CurrentMainBase')){
163 $this->base = session::get('CurrentMainBase');
164 }else{
165 $ui= get_userinfo();
166 $this->base= dn2base($ui->dn);
167 }
168 } else {
170 /* Get object base */
171 $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
172 }
174 /* This is always an account */
175 $this->is_account= TRUE;
176 $this->reload();
177 }
179 function execute()
180 {
181 /* Call parent execute */
182 plugin::execute();
184 /* Log view */
185 if($this->is_account && !$this->view_logged){
186 $this->view_logged = TRUE;
187 new log("view","groups/".get_class($this),$this->dn);
188 }
190 /* Do we represent a valid group? */
191 if (!$this->is_account && $this->parent === NULL){
192 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
193 _("This 'dn' is no group.")."</b>";
194 return ($display);
195 }
197 /* Delete user from group */
198 if (isset($_POST['del_users']) && isset($_POST['members'])){
199 foreach ($_POST['members'] as $value){
200 unset ($this->members["$value"]);
201 $this->removeUser($value);
202 }
203 $this->reload();
204 }
206 /* Add objects? */
207 if (isset($_POST["edit_membership"])){
208 $this->group_dialog= TRUE;
209 $this->dialog= TRUE;
210 }
212 /* Add objects finished? */
213 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
214 $this->group_dialog= FALSE;
215 $this->dialog= FALSE;
216 }
218 /* Add user to group */
219 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
220 foreach ($_POST['users'] as $value){
221 $this->members["$value"]= $this->allusers[$value];
222 asort($this->members);
223 $this->addUser($value);
224 }
225 $this->reload();
226 }
228 /* Base select dialog */
229 $once = true;
230 foreach($_POST as $name => $value){
231 if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
233 $once = false;
234 $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
235 $this->dialog->setCurrentBase($this->base);
236 }
237 }
239 /* Dialog handling */
240 if(is_object($this->dialog)){
241 /* Must be called before save_object */
242 $this->dialog->save_object();
244 if($this->dialog->isClosed()){
245 $this->dialog = false;
246 }elseif($this->dialog->isSelected()){
248 /* Check if selected base is valid */
249 $tmp = $this->get_allowed_bases();
250 if(isset($tmp[$this->dialog->isSelected()])){
251 $this->base = $this->dialog->isSelected();
252 }
253 $this->dialog= false;
254 }else{
255 return($this->dialog->execute());
256 }
257 }
259 /* Assign templating stuff */
260 $smarty= get_smarty();
261 if ($this->samba3){
262 $smarty->assign("samba3", "true");
263 } else {
264 $smarty->assign("samba3", "");
265 }
267 if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
268 $smarty->assign("nagios",true);
269 }else{
270 $smarty->assign("nagios",false);
271 }
273 if($this->config->search("phoneAccount", "CLASS",array('menu'))){
274 $smarty->assign("pickupGroup",true);
275 }else{
276 $smarty->assign("pickupGroup",false);
277 }
279 /* Manage object add dialog */
280 if ($this->group_dialog){
282 /* Save data */
283 $gufilter= session::get("gufilter");
284 foreach( array("dselect", "regex") as $type){
285 if (isset($_POST[$type])){
286 $gufilter[$type]= $_POST[$type];
287 }
288 }
289 if(isset($_POST['regex'])){
290 if(isset($_POST['SubSearchGroup'])){
291 $gufilter['SubSearchGroup'] = true;
292 }else{
293 $gufilter['SubSearchGroup'] = false;
294 }
295 }
297 if (isset($_GET['search'])){
298 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
299 if ($s == "**"){
300 $s= "*";
301 }
302 $gufilter['regex']= $s;
303 }
304 session::set("gufilter", $gufilter);
305 $this->reload();
307 /* Show dialog */
308 $smarty->assign("search_image", get_template_path('images/search.png'));
309 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
310 $smarty->assign("tree_image", get_template_path('images/tree.png'));
312 $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
313 $smarty->assign("alphabet", generate_alphabet());
314 foreach( array("dselect", "regex","SubSearchGroup") as $type){
315 $smarty->assign("$type", $gufilter[$type]);
316 }
317 $smarty->assign("hint", print_sizelimit_warning());
318 $smarty->assign("users", $this->displayUsers);
319 $smarty->assign("apply", apply_filter());
320 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
321 return ($display);
322 }
324 $smarty->assign("bases", $this->get_allowed_bases());
325 $smarty->assign("base_select", $this->base);
327 if ($this->samba3){
328 $domains= array();
329 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
330 $domains[$name]= $name;
331 }
332 $smarty->assign("sambaDomains", $domains);
333 $smarty->assign("sambaDomainName", $this->sambaDomainName);
334 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
335 514 => _("Domain guests"));
337 /* Don't loose special groups! If not key'ed above, add it to
338 the combo box... */
339 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
340 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
341 }
343 $smarty->assign("groupTypes", $groupTypes);
344 $smarty->assign("groupType", $this->groupType);
345 }
347 /* Members and users */
348 $smarty->assign("members", $this->members);
350 /* Checkboxes */
351 foreach (array("force_gid", "smbgroup") as $val){
352 if ($this->$val == "1"){
353 $smarty->assign("$val", "checked");
354 } else {
355 $smarty->assign("$val", "");
356 }
357 }
358 if ($this->force_gid != "1"){
359 $smarty->assign("forceMode", "disabled");
360 }else{
361 $smarty->assign("forceMode", "");
362 }
363 if ($this->fon_group){
364 $smarty->assign("fon_group", "checked");
365 } else {
366 $smarty->assign("fon_group", "");
367 }
369 if ($this->nagios_group){
370 $smarty->assign("nagios_group", "checked");
371 } else {
372 $smarty->assign("nagios_group", "");
373 }
375 /* Fields */
376 foreach (array("cn", "description", "gidNumber") as $val){
377 $smarty->assign("$val", $this->$val);
378 }
380 $tmp = $this->plInfo();
381 foreach($tmp['plProvidedAcls'] as $name => $translation){
382 $smarty->assign($name."ACL",$this->getacl($name));
383 }
385 if($this->acl_is_writeable("base")){
386 $smarty->assign("baseSelect",true);
387 }else{
388 $smarty->assign("baseSelect",false);
389 }
391 /* Show main page */
392 $smarty->assign("alphabet", generate_alphabet(10));
393 $smarty->assign("search_image", get_template_path('images/search.png'));
394 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
395 $smarty->assign("tree_image", get_template_path('images/tree.png'));
396 $smarty->assign("deplist", $this->config->idepartments);
398 /* Multiple edit handling */
399 $smarty->assign("multiple_support",$this->multiple_support_active);
401 $smarty->assign("memberUid_All",$this->memberUid);
402 $smarty->assign("memberUid_Some",$this->memberUid_used_by_some);
404 foreach($this->attributes as $val){
405 if(in_array($val,$this->multi_boxes)){
406 $smarty->assign("use_".$val,TRUE);
407 }else{
408 $smarty->assign("use_".$val,FALSE);
409 }
410 }
411 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $val){
412 if(in_array($val,$this->multi_boxes)){
413 $smarty->assign("use_".$val,TRUE);
414 }else{
415 $smarty->assign("use_".$val,FALSE);
416 }
417 }
419 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
420 }
422 function addUser($uid)
423 {
424 /* In mutliple edit we have to handle two arrays.
425 * memberUid : Containing users used in all groups
426 * memberUid_used_by_some : Those which are not used in all groups
427 * So we have to remove the given $uid from the ..used_by_some array first.
428 */
429 if($this->multiple_support_active){
430 if(isset($this->memberUid_used_by_some[$uid])){
431 unset($this->memberUid_used_by_some[$uid]);
432 }
433 }
435 $this->memberUid[$uid]= $uid;
436 }
439 function removeUser($uid)
440 {
441 $temp= array();
442 if(isset($this->memberUid[$uid])){
443 unset($this->memberUid[$uid]);
444 }
446 /* We have two array contianing group members in multiple edit.
447 * this->memberUid : Groups used by all currently edited groups
448 * this->memberUid_used_by_some: Used by some
449 * So we have to remove the specified uid from both arrays.
450 */
451 if($this->multiple_support_active){
452 if(isset($this->memberUid_used_by_some[$uid])){
453 unset($this->memberUid_used_by_some[$uid]);
454 }
455 }
456 }
458 /* Reload data */
459 function reload()
460 {
461 /* Fix regex string */
462 $gufilter = session::get("gufilter");
463 $regex = normalizeLdap($gufilter['regex']);
464 $MaxUser = $this->OnlyShowFirstEntries;
466 /* Prepare ldap link */
467 $ldap= $this->config->get_ldap_link();
468 $ldap->cd($gufilter['dselect']);
471 /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
472 (Store gathered sn/givenName informations in $this->allusers too,
473 to be prepared when adding/deleting users)
474 */
475 $filter = "";
476 foreach ($this->memberUid as $value){
477 if(!isset($this->members[$value])){
478 $filter .= "(uid=".normalizeLdap($value).")";
479 }
480 }
481 if(!empty($filter)){
482 $ldap->cd($this->config->current['BASE']);
483 $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
484 while($attrs = $ldap->fetch()){
485 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
486 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
487 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
488 }
489 }
491 /* check if all uids are resolved */
492 foreach ($this->memberUid as $value){
493 if(!isset($this->members[$value])){
494 $this->members[$value] = _("! unknown id")." [".$value."]";
495 }
496 }
498 /* Create display list of users matching regex & filter
499 */
500 $this->displayUsers = array();
501 $filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
503 /* Search in current tree or within subtrees depending on the checkbox from filter section */
504 if($gufilter['SubSearchGroup']){
505 $flag = GL_SIZELIMIT | GL_SUBSEARCH;
506 $base = $gufilter['dselect'];
507 }else{
508 $flag = GL_SIZELIMIT ;
509 $base = get_people_ou().$gufilter['dselect'];
510 }
511 $i = 0;
514 $res = get_list($filter,"users",$base,array("dn", "uid", "sn", "givenName"),$flag);
516 /* Fetch all users and skip already used users */
517 foreach($res as $attrs){
518 if(in_array($attrs['uid'][0], $this->memberUid)) {
519 continue;
520 }
521 $i ++;
522 if($i > $MaxUser) {
523 break;
524 }
525 $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
526 $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
527 $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
528 }
530 /* If more than max users are found, display a message to warn the user */
531 if(($i == $MaxUser)){
532 print_red(sprintf(_("Your search method returned more than '%s' users, only '%s' users are shown.") , $MaxUser,$MaxUser));
533 }
535 /* Sort lists */
536 natcasesort($this->members);
537 reset($this->members);
538 natcasesort ($this->displayUsers);
539 reset ($this->displayUsers);
540 }
543 /* Create display name, this was used so often that it is excluded into a seperate function */
544 function createResultName($attrs)
545 {
546 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
547 $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
548 } else {
549 $ret= $attrs['uid'][0];
550 }
551 return($ret);
552 }
555 function remove_from_parent()
556 {
557 plugin::remove_from_parent();
559 $ldap= $this->config->get_ldap_link();
560 $ldap->rmdir($this->dn);
561 show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn));
563 new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
565 /* Delete references to object groups */
566 $ldap->cd ($this->config->current['BASE']);
567 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
568 while ($ldap->fetch()){
569 $og= new ogroup($this->config, $ldap->getDN());
570 unset($og->member[$this->dn]);
571 $og->save ();
572 }
574 /* Remove ACL dependencies too,
575 */
576 $ldap = $this->config->get_ldap_link();
577 $ldap->cd($this->config->current['BASE']);
578 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
579 while($attrs = $ldap->fetch()){
580 $acl = new acl($this->config,$this->parent,$attrs['dn']);
581 foreach($acl->gosaAclEntry as $id => $entry){
582 foreach($entry['members'] as $m_id => $member){
583 if($m_id == "G:".$this->dn || $m_id == "U:".$this->dn){
584 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
585 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn']));
586 }
587 }
588 }
589 $acl -> save();
590 }
592 /* Remove ACL dependencies too,
593 */
594 $tmp = new acl($this->config,$this->parent,$this->dn);
595 $tmp->remove_acl();
597 /* Send signal to the world that we've done */
598 $this->handle_post_events("remove");
599 }
602 /* Save data to object */
603 function save_object()
604 {
605 /* Save additional values for possible next step */
606 if (isset($_POST['groupedit'])){
608 /* Create a base backup and reset the
609 base directly after calling plugin::save_object();
610 Base will be set seperatly a few lines below */
611 $base_tmp = $this->base;
612 plugin::save_object();
613 $this->base = $base_tmp;
615 $this->force_gid= 0;
617 /* Only reset sambagroup flag if we are able to write this flag */
618 if($this->acl_is_writeable("sambaGroupType")){
619 $this->smbgroup = 0;
620 }
622 /* Get base selection */
623 if(isset($_POST['base'])){
624 $tmp = $this->get_allowed_bases();
625 if(isset($tmp[$_POST['base']])){
626 $this->base = $_POST['base'];
627 }
628 }
630 foreach (array(
631 "force_gid" => "gidNumber",
632 "smbgroup" => "sambaGroupType") as $val => $aclname) {
633 if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
634 $this->$val= $_POST["$val"];
635 }
636 }
638 /* Save sambaDomain attribute */
639 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
640 $this->sambaDomainName= $_POST['sambaDomainName'];
641 $this->groupType= $_POST['groupType'];
642 }
644 /* Save fon attribute */
645 if ($this->acl_is_writeable("fon_group")){
646 if (isset ($_POST['fon_group'])){
647 $this->fon_group= TRUE;
648 } else {
649 $this->fon_group= FALSE;
650 }
651 }
652 if ($this->acl_is_writeable("nagios_group")){
653 if (isset ($_POST['nagios_group'])){
654 $this->nagios_group= TRUE;
655 } else {
656 $this->nagios_group= FALSE;
657 }
658 }
659 }
660 }
663 /* Save to LDAP */
664 function save()
665 {
667 /* ID handling */
668 if ($this->force_gid == 0){
669 if ($this->saved_gidNumber != ""){
670 $this->gidNumber= $this->saved_gidNumber;
671 } else {
672 /* Calculate new, lock uids */
673 $wait= 10;
674 while (get_lock("uidnumber") != ""){
675 sleep (1);
677 /* timed out? */
678 if ($wait-- == 0){
679 break;
680 }
681 }
682 add_lock ("uidnumber", "gosa");
683 $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
684 }
685 }
687 plugin::save();
689 /* Remove objectClass for samba/phone support */
690 $tmp= array();
691 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
692 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
693 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
694 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
695 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
696 $tmp[]= $this->attrs['objectClass'][$i];
697 }
698 }
699 $this->attrs['objectClass']= $tmp;
700 $ldap= $this->config->get_ldap_link();
702 /* Add samba group functionality */
703 if ($this->samba3 && $this->smbgroup){
705 /* Fixed undefined index ...
706 */
707 $this->SID = $this->ridBase = "";
708 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
709 $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
710 }else{
711 print_red(sprintf(_("No configured SID found for '%s'."),$this->sambaDomainName));
712 }
713 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
714 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
715 }else{
716 print_red(sprintf(_("No configured RIDBASE found for '%s'."),$this->sambaDomainName));
717 }
719 $this->attrs['objectClass'][]= 'sambaGroupMapping';
720 $this->attrs['sambaGroupType']= "2";
722 /* Check if we need to create a special entry */
723 if ($this->groupType == 0){
725 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
726 $gidNumber= $this->gidNumber;
727 while(TRUE){
728 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
729 $ldap->cd($this->config->current['BASE']);
730 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
731 if ($ldap->count() == 0){
732 break;
733 }
734 $gidNumber++;
735 }
736 $this->attrs['sambaSID']= $sid;
737 $this->sambaSID= $sid;
738 }
740 } else {
741 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
742 }
744 /* User wants me to fake the idMappings? This is useful for
745 making winbind resolve the group names in a reasonable amount
746 of time in combination with larger databases. */
747 if (isset($this->config->current['SAMBAIDMAPPING']) &&
748 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
749 $this->attrs['objectClass'][]= "sambaIdmapEntry";
750 }
752 }
754 /* Add phone functionality */
755 if ($this->fon_group){
756 $this->attrs['objectClass'][]= "goFonPickupGroup";
757 }
759 /* Add nagios functionality */
760 if ($this->nagios_group){
761 $this->attrs['objectClass'][]= "nagiosContactGroup";
762 }
764 /* Take members array */
765 if (count ($this->memberUid)){
766 $this->attrs['memberUid']= array_values(array_unique($this->memberUid));
767 }
769 /* New accounts need proper 'dn', propagate it to remaining objects */
770 if ($this->dn == 'new'){
771 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
772 }
774 /* Add member dn's for RFC2307bis Support */
775 if ($this->rfc2307bis){
776 if (count($this->memberUid)){
777 $this->attrs['member'] = array();
778 foreach($this->attrs['memberUid'] as $uid) {
779 $this->attrs['member'][]= $this->dnMapping[$uid];
780 }
781 } else {
782 $this->attrs['member'][]= $this->dn;
783 }
784 }
786 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
787 new entries. So do a check first... */
788 $ldap->cat ($this->dn, array('dn'));
789 if ($ldap->fetch()){
790 /* Modify needs array() to remove values :-( */
791 if (!count ($this->memberUid)){
792 $this->attrs['memberUid']= array();
793 }
794 if ($this->samba3){
795 if (!$this->smbgroup){
796 $this->attrs['sambaGroupType']= array();
797 $this->attrs['sambaSID']= array();
798 }
799 }
800 $mode= "modify";
801 } else {
802 $mode= "add";
803 $ldap->cd($this->config->current['BASE']);
804 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
805 }
807 /* Write back to ldap */
808 $ldap->cd($this->dn);
809 $this->cleanup();
810 $ldap->$mode($this->attrs);
812 /* Remove ACL dependencies too,
813 */
814 if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
815 $tmp = new acl($this->config,$this->parent,$this->dn);
816 $tmp->update_acl_membership($this->orig_dn,$this->dn);
817 }
819 if($this->initially_was_account){
820 new log("modify","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
821 }else{
822 new log("create","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
823 }
825 $ret= 0;
826 if ( show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn))){
827 $ret= 1;
828 }
830 /* Remove uid lock */
831 del_lock ("uidnumber");
833 /* Post that we've done*/
834 $this->handle_post_events($mode);
836 return ($ret);
837 }
839 function check()
840 {
841 /* Call common method to give check the hook */
842 $message= plugin::check();
844 /* Permissions for that base? */
845 if ($this->base != ""){
846 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
847 } else {
848 $new_dn= $this->dn;
849 }
851 /* must: cn */
852 if ($this->cn == "" && $this->acl_is_writeable("cn")){
853 $message[]= "The required field 'Name' is not set.";
854 }
856 /* Check for valid input */
857 if (!is_uid($this->cn)){
858 $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
859 }
861 if($this->allowGroupsWithSameNameInOtherSubtrees == true){
863 /* Check for used 'cn' */
864 $ldap= $this->config->get_ldap_link();
865 if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
866 $ldap->cd(get_groups_ou().$this->base);
867 $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
868 if ($ldap->count() != 0){
869 $message[]= _("Value specified as 'Name' is already used.");
870 }
871 }
873 }else{
875 /* Check for used 'cn' */
876 $ldap= $this->config->get_ldap_link();
877 $ldap->cd($this->config->current['BASE']);
878 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
879 if ($ldap->count() != 0){
881 /* New entry? */
882 if ($this->dn == 'new'){
883 $message[]= _("Value specified as 'Name' is already used.");
884 }
886 /* Moved? */
887 elseif ($new_dn != $this->orig_dn){
888 $ldap->fetch();
889 if ($ldap->getDN() != $this->orig_dn){
890 $message[]= _("Value specified as 'Name' is already used.");
891 }
892 }
893 }
894 }
896 /* Check ID */
897 if ($this->force_gid == "1"){
898 if (!is_id($this->gidNumber)){
899 $message[]= _("Value specified as 'GID' is not valid.");
900 } else {
901 if ($this->gidNumber < $this->config->current['MINID']){
902 $message[]= _("Value specified as 'GID' is too small.");
903 }
905 }
906 }
908 return ($message);
909 }
911 function get_next_id($attrib, $dn)
912 {
913 $ids= array();
914 $ldap= $this->config->get_ldap_link();
916 $ldap->cd ($this->config->current['BASE']);
917 if (preg_match('/gidNumber/i', $attrib)){
918 $oc= "posixGroup";
919 } else {
920 $oc= "posixAccount";
921 }
922 $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
924 /* Get list of ids */
925 while ($attrs= $ldap->fetch()){
926 $ids[]= (int)$attrs["$attrib"][0];
927 }
929 /* Find out next free id near to UID_BASE */
930 if (!isset($this->config->current['BASE_HOOK'])){
931 $base= $this->config->current['UIDBASE'];
932 } else {
933 /* Call base hook */
934 $base= get_base_from_hook($dn, $attrib);
935 }
936 for ($id= $base; $id++; $id < pow(2,32)){
937 if (!in_array($id, $ids)){
938 return ($id);
939 }
940 }
942 /* Check if id reached maximum */
943 if ($id >= pow(2,32)){
944 print_red(_("Too many users, can't allocate a free ID!"));
945 exit;
946 }
947 }
949 function getCopyDialog()
950 {
951 $vars = array("cn");
953 if($this ->force_gid){
954 $used = " checked ";
955 $dis = "";
956 }else{
957 $used = "";
958 $dis = " disabled ";
959 }
961 $smarty = get_smarty();
962 $smarty->assign("used",$used);
963 $smarty->assign("dis" ,$dis);
964 $smarty->assign("cn" ,$this->cn);
965 $smarty->assign("gidNumber",$this->gidNumber);
966 $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
967 $ret = array();
968 $ret['string'] = $str;
969 $ret['status'] = "";
970 return($ret);
971 }
973 function saveCopyDialog()
974 {
975 if(isset($_POST['cn'])){
976 $this->cn = $_POST['cn'];
977 }
978 if(isset($_POST['force_gid'])){
979 $this->force_gid = 1;
980 $this->gidNumber= $_POST['gidNumber'];
981 }else{
982 $this->force_gid = 0;
983 $this->gidNumber = false;
984 }
985 }
988 /* Return plugin informations for acl handling */
989 static function plInfo()
990 {
991 return (array(
992 "plShortName" => _("Generic"),
993 "plDescription" => _("Generic group settings"),
994 "plSelfModify" => FALSE,
995 "plDepends" => array(),
996 "plPriority" => 0,
997 "plSection" => array("admin"),
998 "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
1000 "plProvidedAcls" => array(
1001 "cn" => _("Name"),
1002 "base" => _("Base"),
1003 "description" => _("Description"),
1005 "fonGroup" => _("Phone pickup group"),
1006 "nagiosGroup" => _("Nagios group"),
1008 "gidNumber" => _("GID"),
1009 "memberUid" => _("Group member"),
1010 "sambaGroupType" => _("Samba group type"),
1011 "sambaDomainName" => _("Samba domain name"),
1012 "sambaSID" => _("Samba SID"))
1013 ));
1014 }
1017 function multiple_save_object()
1018 {
1019 if(isset($_POST['group_mulitple_edit'])){
1021 /* Create a base backup and reset the
1022 base directly after calling plugin::save_object();
1023 Base will be set seperatly a few lines below */
1024 $base_tmp = $this->base;
1025 plugin::multiple_save_object();
1026 plugin::save_object();
1027 $this->base = $base_tmp;
1029 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1030 if(isset($_POST['use_'.$attr])){
1031 $this->multi_boxes[] = $attr;
1032 }
1033 }
1035 /* Get base selection */
1036 if(isset($_POST['base'])){
1037 $tmp = $this->get_allowed_bases();
1038 if(isset($tmp[$_POST['base']])){
1039 $this->base = $_POST['base'];
1040 }
1041 }
1043 foreach (array( "smbgroup" => "sambaGroupType") as $val => $aclname) {
1044 if ($this->acl_is_writeable($aclname)){
1045 if(isset($_POST["$val"])){
1046 $this->$val= TRUE;
1047 }else{
1048 $this->$val= FALSE;
1049 }
1050 }
1051 }
1053 /* Save sambaDomain attribute */
1054 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
1055 $this->sambaDomainName= $_POST['sambaDomainName'];
1056 $this->groupType= $_POST['groupType'];
1057 }
1059 /* Save fon attribute */
1060 if ($this->acl_is_writeable("fon_group")){
1061 if (isset ($_POST['fon_group'])){
1062 $this->fon_group= TRUE;
1063 } else {
1064 $this->fon_group= FALSE;
1065 }
1066 }
1067 }
1068 }
1071 function get_multi_edit_values()
1072 {
1073 $ret = plugin::get_multi_edit_values();
1075 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1076 if(in_array($attr,$this->multi_boxes)){
1077 $ret[$attr] = $this->$attr;
1078 }
1079 }
1080 $ret['memberUid'] = $this->memberUid;
1081 $ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
1082 return($ret);
1083 }
1085 function multiple_execute()
1086 {
1087 return($this->execute());
1088 }
1091 /* Initialize plugin with given atribute arrays
1092 */
1093 function init_multiple_support($attrs,$all)
1094 {
1095 plugin::init_multiple_support($attrs,$all);
1097 $this->memberUid = array();
1098 $this->memberUid_used_by_some = array();
1099 if (isset($attrs['memberUid'])){
1100 for ($i= 0; $i<$attrs['memberUid']['count']; $i++){
1101 $this->memberUid[$attrs['memberUid'][$i]]= $attrs['memberUid'][$i];
1102 }
1103 ksort($this->memberUid);
1104 }
1106 if (isset($all['memberUid'])){
1107 for ($i= 0; $i<$all['memberUid']['count']; $i++){
1108 if(!in_array($all['memberUid'][$i],$this->memberUid)){
1109 $this->memberUid_used_by_some[$all['memberUid'][$i]]= $all['memberUid'][$i];
1110 }
1111 }
1112 ksort($this->memberUid_used_by_some);
1113 }
1114 }
1116 function set_multi_edit_values($attrs)
1117 {
1118 $users = array();
1120 /* Update groupMembership, keep optinal group */
1121 foreach($attrs['memberUid_used_by_some'] as $uid){
1122 if(in_array($uid,$this->memberUid)){
1123 $users[$uid] = $uid;
1124 }
1125 }
1127 /* Update groupMembership, add forced groups */
1128 foreach($attrs['memberUid'] as $uid){
1129 $users[$uid] = $uid;
1130 }
1131 plugin::set_multi_edit_values($attrs);
1132 $this->memberUid = $users;
1133 }
1136 }
1138 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1139 ?>