1 <?php
3 class group extends plugin
4 {
5 /* CLI vars */
6 var $cli_summary= "Handling of GOsa's base group object";
7 var $cli_description= "Some longer text\nfor help";
8 var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
10 /* Group attributes */
11 var $cn= "";
12 var $description= "";
13 var $gidNumber= "";
14 var $memberUid= array();
16 /* Helpers */
17 var $base= "";
18 var $force_gid= FALSE;
19 var $fon_group= FALSE;
20 var $smbgroup= FALSE;
21 var $groupType= FALSE;
22 var $samba3= FALSE;
23 var $sambaSID= "";
24 var $sambaDomainName= "DEFAULT";
25 var $SID= "";
26 var $ridBase= 0;
27 var $members= array();
28 var $users= array();
29 var $member= array();
30 var $allusers= array();
31 var $saved_gidNumber= "";
32 var $oldgroupType= "";
33 var $orig_dn= "";
34 var $orig_cn= "";
35 var $has_mailAccount= FALSE;
36 var $group_dialog= FALSE;
37 var $nagios_group =FALSE;
38 var $sambaGroupType;
39 var $dialog;
40 var $rfc2307bis= FALSE;
41 var $OnlyShowFirstEntries =200;
42 var $dnMapping= array();
43 var $view_logged = FALSE;
44 var $allowGroupsWithSameNameInOtherSubtrees = true;
46 /* attribute list for save action */
47 var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
48 var $objectclasses= array("top", "posixGroup");
50 var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
52 var $multiple_support = TRUE;
54 function group (&$config, $dn= NULL)
55 {
56 /* Set rfc2307bis flag */
57 if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
58 $this->rfc2307bis= TRUE;
59 $this->attributes[]= "member";
60 $this->objectclasses[]= "groupOfNames";
61 }
63 plugin::plugin ($config, $dn);
65 /* Load attributes depending on the samba version */
66 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
67 $this->orig_dn= $dn;
68 $this->orig_cn= $this->cn;
70 /* Get member list */
71 if (isset($this->attrs['memberUid'][0])){
72 $tmp= array();
73 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
74 $tmp[]= $this->attrs['memberUid'][$i];
75 }
76 $this->memberUid= $tmp;
77 sort ($this->memberUid);
78 }
80 /* Save gidNumber for later use */
81 if (isset($this->attrs['gidNumber'])){
82 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
83 }
85 /* Is a samba group? */
86 if (isset($this->attrs['objectClass'])){
87 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == FALSE ){
88 $this->smbgroup= FALSE;
89 } else {
90 $this->smbgroup= TRUE;
91 if (isset($this->attrs['sambaSID'])){
92 $this->sambaSID= $this->attrs['sambaSID'][0];
93 }
94 }
95 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == FALSE ){
96 $this->fon_group= FALSE;
97 } else {
98 $this->fon_group= TRUE;
99 }
100 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == FALSE ){
101 $this->nagios_group= FALSE;
102 } else {
103 $this->nagios_group= TRUE;
104 }
105 }
107 /* Set mail flag */
108 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
109 $this->has_mailAccount= TRUE;
110 }
112 /* Get samba Domain in case of samba 3 */
113 if ($this->samba3 && $this->sambaSID != ""){
114 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
115 $ldap= $this->config->get_ldap_link();
116 $ldap->cd($this->config->current['BASE']);
117 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
118 if ($ldap->count() != 0){
119 $attrs= $ldap->fetch();
120 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
122 /* Get domain name for SID */
123 $this->sambaDomainName= "DEFAULT";
124 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
125 if ($val['SID'] == $this->SID){
126 $this->sambaDomainName= $key;
127 break;
128 }
129 }
130 } else {
131 if (isset($this->config->current['RIDBASE'])){
132 $this->sambaDomainName= "DEFAULT";
133 $this->ridBase= $this->config->current['RIDBASE'];
134 $this->SID= $this->config->current['SID'];
135 } else {
136 print_red(_("Can't find this groups SID in LDAP or in your configuration file!"));
137 }
138 }
140 /* Get group type */
141 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
142 if ($this->groupType < 500 || $this->groupType > 553){
143 $this->groupType= 0;
144 }
145 $this->oldgroupType= $this->groupType;
146 }
148 /* Get global filter config */
149 if (!session::is_set("gufilter")){
150 $ui= get_userinfo();
151 $base= get_base_from_people($ui->dn);
152 $gufilter= array( "dselect" => $base,
153 "regex" => "*");
154 session::set("gufilter", $gufilter);
155 }
156 $gufilter= session::get('gufilter');
157 $gufilter['SubSearchGroup'] = false;
158 session::set('gufilter',$gufilter);
160 if ($this->dn == "new"){
161 if(session::is_set('CurrentMainBase')){
162 $this->base = session::get('CurrentMainBase');
163 }else{
164 $ui= get_userinfo();
165 $this->base= dn2base($ui->dn);
166 }
167 } else {
169 /* Get object base */
170 $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
171 }
173 /* This is always an account */
174 $this->is_account= TRUE;
175 $this->reload();
176 }
178 function execute()
179 {
180 /* Call parent execute */
181 plugin::execute();
183 /* Log view */
184 if($this->is_account && !$this->view_logged){
185 $this->view_logged = TRUE;
186 new log("view","groups/".get_class($this),$this->dn);
187 }
189 /* Do we represent a valid group? */
190 if (!$this->is_account && $this->parent === NULL){
191 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
192 _("This 'dn' is no group.")."</b>";
193 return ($display);
194 }
196 /* Delete user from group */
197 if (isset($_POST['del_users']) && isset($_POST['members'])){
198 foreach ($_POST['members'] as $value){
199 unset ($this->members["$value"]);
200 $this->removeUser($value);
201 }
202 $this->reload();
203 }
205 /* Add objects? */
206 if (isset($_POST["edit_membership"])){
207 $this->group_dialog= TRUE;
208 $this->dialog= TRUE;
209 }
211 /* Add objects finished? */
212 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
213 $this->group_dialog= FALSE;
214 $this->dialog= FALSE;
215 }
217 /* Add user to group */
218 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
219 foreach ($_POST['users'] as $value){
220 $this->members["$value"]= $this->allusers[$value];
221 asort($this->members);
222 $this->addUser($value);
223 }
224 $this->reload();
225 }
227 /* Base select dialog */
228 $once = true;
229 foreach($_POST as $name => $value){
230 if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
232 $once = false;
233 $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
234 $this->dialog->setCurrentBase($this->base);
235 }
236 }
238 /* Dialog handling */
239 if(is_object($this->dialog)){
240 /* Must be called before save_object */
241 $this->dialog->save_object();
243 if($this->dialog->isClosed()){
244 $this->dialog = false;
245 }elseif($this->dialog->isSelected()){
247 /* Check if selected base is valid */
248 $tmp = $this->get_allowed_bases();
249 if(isset($tmp[$this->dialog->isSelected()])){
250 $this->base = $this->dialog->isSelected();
251 }
252 $this->dialog= false;
253 }else{
254 return($this->dialog->execute());
255 }
256 }
258 /* Assign templating stuff */
259 $smarty= get_smarty();
260 if ($this->samba3){
261 $smarty->assign("samba3", "true");
262 } else {
263 $smarty->assign("samba3", "");
264 }
266 if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
267 $smarty->assign("nagios",true);
268 }else{
269 $smarty->assign("nagios",false);
270 }
272 if($this->config->search("phoneAccount", "CLASS",array('menu'))){
273 $smarty->assign("pickupGroup",true);
274 }else{
275 $smarty->assign("pickupGroup",false);
276 }
278 /* Manage object add dialog */
279 if ($this->group_dialog){
281 /* Save data */
282 $gufilter= session::get("gufilter");
283 foreach( array("dselect", "regex") as $type){
284 if (isset($_POST[$type])){
285 $gufilter[$type]= $_POST[$type];
286 }
287 }
288 if(isset($_POST['regex'])){
289 if(isset($_POST['SubSearchGroup'])){
290 $gufilter['SubSearchGroup'] = true;
291 }else{
292 $gufilter['SubSearchGroup'] = false;
293 }
294 }
296 if (isset($_GET['search'])){
297 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
298 if ($s == "**"){
299 $s= "*";
300 }
301 $gufilter['regex']= $s;
302 }
303 session::set("gufilter", $gufilter);
304 $this->reload();
306 /* Show dialog */
307 $smarty->assign("search_image", get_template_path('images/search.png'));
308 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
309 $smarty->assign("tree_image", get_template_path('images/tree.png'));
311 $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
312 $smarty->assign("alphabet", generate_alphabet());
313 foreach( array("dselect", "regex","SubSearchGroup") as $type){
314 $smarty->assign("$type", $gufilter[$type]);
315 }
316 $smarty->assign("hint", print_sizelimit_warning());
317 $smarty->assign("users", $this->displayUsers);
318 $smarty->assign("apply", apply_filter());
319 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
320 return ($display);
321 }
323 $smarty->assign("bases", $this->get_allowed_bases());
324 $smarty->assign("base_select", $this->base);
326 if ($this->samba3){
327 $domains= array();
328 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
329 $domains[$name]= $name;
330 }
331 $smarty->assign("sambaDomains", $domains);
332 $smarty->assign("sambaDomainName", $this->sambaDomainName);
333 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
334 514 => _("Domain guests"));
336 /* Don't loose special groups! If not key'ed above, add it to
337 the combo box... */
338 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
339 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
340 }
342 $smarty->assign("groupTypes", $groupTypes);
343 $smarty->assign("groupType", $this->groupType);
344 }
346 /* Members and users */
347 $smarty->assign("members", $this->members);
349 /* Checkboxes */
350 foreach (array("force_gid", "smbgroup") as $val){
351 if ($this->$val == "1"){
352 $smarty->assign("$val", "checked");
353 } else {
354 $smarty->assign("$val", "");
355 }
356 }
357 if ($this->force_gid != "1"){
358 $smarty->assign("forceMode", "disabled");
359 }else{
360 $smarty->assign("forceMode", "");
361 }
362 if ($this->fon_group){
363 $smarty->assign("fon_group", "checked");
364 } else {
365 $smarty->assign("fon_group", "");
366 }
368 if ($this->nagios_group){
369 $smarty->assign("nagios_group", "checked");
370 } else {
371 $smarty->assign("nagios_group", "");
372 }
374 /* Fields */
375 foreach (array("cn", "description", "gidNumber") as $val){
376 $smarty->assign("$val", $this->$val);
377 }
379 $tmp = $this->plInfo();
380 foreach($tmp['plProvidedAcls'] as $name => $translation){
381 $smarty->assign($name."ACL",$this->getacl($name));
382 }
384 if($this->acl_is_writeable("base")){
385 $smarty->assign("baseSelect",true);
386 }else{
387 $smarty->assign("baseSelect",false);
388 }
390 /* Show main page */
391 $smarty->assign("alphabet", generate_alphabet(10));
392 $smarty->assign("search_image", get_template_path('images/search.png'));
393 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
394 $smarty->assign("tree_image", get_template_path('images/tree.png'));
395 $smarty->assign("deplist", $this->config->idepartments);
397 /* Multiple edit handling */
398 $smarty->assign("multiple_support",$this->multiple_support_active);
401 foreach($this->attributes as $val){
402 if(in_array($val,$this->multi_boxes)){
403 $smarty->assign("use_".$val,TRUE);
404 }else{
405 $smarty->assign("use_".$val,FALSE);
406 }
407 }
408 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $val){
409 if(in_array($val,$this->multi_boxes)){
410 $smarty->assign("use_".$val,TRUE);
411 }else{
412 $smarty->assign("use_".$val,FALSE);
413 }
414 }
416 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
417 }
419 function addUser($uid)
420 {
421 $this->memberUid[]= $uid;
422 $this->memberUid= array_unique($this->memberUid);
423 }
425 function removeUser($uid)
426 {
427 $temp= array();
428 foreach ($this->memberUid as $value){
429 if ($value != $uid){
430 $temp[]= $value;
431 }
432 }
433 $this->memberUid= $temp;
434 }
437 /* Reload data */
438 function reload()
439 {
440 /* Fix regex string */
441 $gufilter = session::get("gufilter");
442 $regex = normalizeLdap($gufilter['regex']);
443 $MaxUser = $this->OnlyShowFirstEntries;
445 /* Prepare ldap link */
446 $ldap= $this->config->get_ldap_link();
447 $ldap->cd($gufilter['dselect']);
450 /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
451 (Store gathered sn/givenName informations in $this->allusers too,
452 to be prepared when adding/deleting users)
453 */
454 $filter = "";
455 foreach ($this->memberUid as $value){
456 if(!isset($this->members[$value])){
457 $filter .= "(uid=".normalizeLdap($value).")";
458 }
459 }
460 if(!empty($filter)){
461 $ldap->cd($this->config->current['BASE']);
462 $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
463 while($attrs = $ldap->fetch()){
464 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
465 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
466 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
467 }
468 }
470 /* check if all uids are resolved */
471 foreach ($this->memberUid as $value){
472 if(!isset($this->members[$value])){
473 $this->members[$value] = _("! unknown id")." [".$value."]";
474 }
475 }
477 /* Create display list of users matching regex & filter
478 */
479 $this->displayUsers = array();
480 $filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
482 /* Search in current tree or within subtrees depending on the checkbox from filter section */
483 if($gufilter['SubSearchGroup']){
484 $flag = GL_SIZELIMIT | GL_SUBSEARCH;
485 $base = $gufilter['dselect'];
486 }else{
487 $flag = GL_SIZELIMIT ;
488 $base = get_people_ou().$gufilter['dselect'];
489 }
490 $i = 0;
493 $res = get_list($filter,"users",$base,array("dn", "uid", "sn", "givenName"),$flag);
495 /* Fetch all users and skip already used users */
496 foreach($res as $attrs){
497 if(in_array($attrs['uid'][0], $this->memberUid)) {
498 continue;
499 }
500 $i ++;
501 if($i > $MaxUser) {
502 break;
503 }
504 $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
505 $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
506 $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
507 }
509 /* If more than max users are found, display a message to warn the user */
510 if(($i == $MaxUser)){
511 print_red(sprintf(_("Your search method returned more than '%s' users, only '%s' users are shown.") , $MaxUser,$MaxUser));
512 }
514 /* Sort lists */
515 natcasesort($this->members);
516 reset($this->members);
517 natcasesort ($this->displayUsers);
518 reset ($this->displayUsers);
519 }
522 /* Create display name, this was used so often that it is excluded into a seperate function */
523 function createResultName($attrs)
524 {
525 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
526 $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
527 } else {
528 $ret= $attrs['uid'][0];
529 }
530 return($ret);
531 }
534 function remove_from_parent()
535 {
536 plugin::remove_from_parent();
538 $ldap= $this->config->get_ldap_link();
539 $ldap->rmdir($this->dn);
540 show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn));
542 new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
544 /* Delete references to object groups */
545 $ldap->cd ($this->config->current['BASE']);
546 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
547 while ($ldap->fetch()){
548 $og= new ogroup($this->config, $ldap->getDN());
549 unset($og->member[$this->dn]);
550 $og->save ();
551 }
553 /* Remove ACL dependencies too,
554 */
555 $ldap = $this->config->get_ldap_link();
556 $ldap->cd($this->config->current['BASE']);
557 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
558 while($attrs = $ldap->fetch()){
559 $acl = new acl($this->config,$this->parent,$attrs['dn']);
560 foreach($acl->gosaAclEntry as $id => $entry){
561 foreach($entry['members'] as $m_id => $member){
562 if($m_id == "G:".$this->dn || $m_id == "U:".$this->dn){
563 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
564 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn']));
565 }
566 }
567 }
568 $acl -> save();
569 }
571 /* Remove ACL dependencies too,
572 */
573 $tmp = new acl($this->config,$this->parent,$this->dn);
574 $tmp->remove_acl();
576 /* Send signal to the world that we've done */
577 $this->handle_post_events("remove");
578 }
581 /* Save data to object */
582 function save_object()
583 {
584 /* Save additional values for possible next step */
585 if (isset($_POST['groupedit'])){
587 /* Create a base backup and reset the
588 base directly after calling plugin::save_object();
589 Base will be set seperatly a few lines below */
590 $base_tmp = $this->base;
591 plugin::save_object();
592 $this->base = $base_tmp;
594 $this->force_gid= 0;
596 /* Only reset sambagroup flag if we are able to write this flag */
597 if($this->acl_is_writeable("sambaGroupType")){
598 $this->smbgroup = 0;
599 }
601 /* Get base selection */
602 if(isset($_POST['base'])){
603 $tmp = $this->get_allowed_bases();
604 if(isset($tmp[$_POST['base']])){
605 $this->base = $_POST['base'];
606 }
607 }
609 foreach (array(
610 "force_gid" => "gidNumber",
611 "smbgroup" => "sambaGroupType") as $val => $aclname) {
612 if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
613 $this->$val= $_POST["$val"];
614 }
615 }
617 /* Save sambaDomain attribute */
618 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
619 $this->sambaDomainName= $_POST['sambaDomainName'];
620 $this->groupType= $_POST['groupType'];
621 }
623 /* Save fon attribute */
624 if ($this->acl_is_writeable("fon_group")){
625 if (isset ($_POST['fon_group'])){
626 $this->fon_group= TRUE;
627 } else {
628 $this->fon_group= FALSE;
629 }
630 }
631 if ($this->acl_is_writeable("nagios_group")){
632 if (isset ($_POST['nagios_group'])){
633 $this->nagios_group= TRUE;
634 } else {
635 $this->nagios_group= FALSE;
636 }
637 }
638 }
639 }
642 /* Save to LDAP */
643 function save()
644 {
646 /* ID handling */
647 if ($this->force_gid == 0){
648 if ($this->saved_gidNumber != ""){
649 $this->gidNumber= $this->saved_gidNumber;
650 } else {
651 /* Calculate new, lock uids */
652 $wait= 10;
653 while (get_lock("uidnumber") != ""){
654 sleep (1);
656 /* timed out? */
657 if ($wait-- == 0){
658 break;
659 }
660 }
661 add_lock ("uidnumber", "gosa");
662 $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
663 }
664 }
666 plugin::save();
668 /* Remove objectClass for samba/phone support */
669 $tmp= array();
670 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
671 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
672 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
673 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
674 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
675 $tmp[]= $this->attrs['objectClass'][$i];
676 }
677 }
678 $this->attrs['objectClass']= $tmp;
679 $ldap= $this->config->get_ldap_link();
681 /* Add samba group functionality */
682 if ($this->samba3 && $this->smbgroup){
684 /* Fixed undefined index ...
685 */
686 $this->SID = $this->ridBase = "";
687 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
688 $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
689 }else{
690 print_red(sprintf(_("No configured SID found for '%s'."),$this->sambaDomainName));
691 }
692 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
693 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
694 }else{
695 print_red(sprintf(_("No configured RIDBASE found for '%s'."),$this->sambaDomainName));
696 }
698 $this->attrs['objectClass'][]= 'sambaGroupMapping';
699 $this->attrs['sambaGroupType']= "2";
701 /* Check if we need to create a special entry */
702 if ($this->groupType == 0){
704 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
705 $gidNumber= $this->gidNumber;
706 while(TRUE){
707 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
708 $ldap->cd($this->config->current['BASE']);
709 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
710 if ($ldap->count() == 0){
711 break;
712 }
713 $gidNumber++;
714 }
715 $this->attrs['sambaSID']= $sid;
716 $this->sambaSID= $sid;
717 }
719 } else {
720 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
721 }
723 /* User wants me to fake the idMappings? This is useful for
724 making winbind resolve the group names in a reasonable amount
725 of time in combination with larger databases. */
726 if (isset($this->config->current['SAMBAIDMAPPING']) &&
727 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
728 $this->attrs['objectClass'][]= "sambaIdmapEntry";
729 }
731 }
733 /* Add phone functionality */
734 if ($this->fon_group){
735 $this->attrs['objectClass'][]= "goFonPickupGroup";
736 }
738 /* Add nagios functionality */
739 if ($this->nagios_group){
740 $this->attrs['objectClass'][]= "nagiosContactGroup";
741 }
743 /* Take members array */
744 if (count ($this->memberUid)){
745 $this->attrs['memberUid']= array_unique($this->memberUid);
746 }
748 /* New accounts need proper 'dn', propagate it to remaining objects */
749 if ($this->dn == 'new'){
750 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
751 }
753 /* Add member dn's for RFC2307bis Support */
754 if ($this->rfc2307bis){
755 if (count($this->memberUid)){
756 $this->attrs['member'] = array();
757 foreach($this->attrs['memberUid'] as $uid) {
758 $this->attrs['member'][]= $this->dnMapping[$uid];
759 }
760 } else {
761 $this->attrs['member'][]= $this->dn;
762 }
763 }
765 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
766 new entries. So do a check first... */
767 $ldap->cat ($this->dn, array('dn'));
768 if ($ldap->fetch()){
769 /* Modify needs array() to remove values :-( */
770 if (!count ($this->memberUid)){
771 $this->attrs['memberUid']= array();
772 }
773 if ($this->samba3){
774 if (!$this->smbgroup){
775 $this->attrs['sambaGroupType']= array();
776 $this->attrs['sambaSID']= array();
777 }
778 }
779 $mode= "modify";
780 } else {
781 $mode= "add";
782 $ldap->cd($this->config->current['BASE']);
783 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
784 }
786 /* Write back to ldap */
787 $ldap->cd($this->dn);
788 $this->cleanup();
789 $ldap->$mode($this->attrs);
791 /* Remove ACL dependencies too,
792 */
793 if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
794 $tmp = new acl($this->config,$this->parent,$this->dn);
795 $tmp->update_acl_membership($this->orig_dn,$this->dn);
796 }
798 if($this->initially_was_account){
799 new log("modify","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
800 }else{
801 new log("create","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
802 }
804 $ret= 0;
805 if ( show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn))){
806 $ret= 1;
807 }
809 /* Remove uid lock */
810 del_lock ("uidnumber");
812 /* Post that we've done*/
813 $this->handle_post_events($mode);
815 return ($ret);
816 }
818 function check()
819 {
820 /* Call common method to give check the hook */
821 $message= plugin::check();
823 /* Permissions for that base? */
824 if ($this->base != ""){
825 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
826 } else {
827 $new_dn= $this->dn;
828 }
830 /* must: cn */
831 if ($this->cn == "" && $this->acl_is_writeable("cn")){
832 $message[]= "The required field 'Name' is not set.";
833 }
835 /* Check for valid input */
836 if (!is_uid($this->cn)){
837 $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
838 }
840 if($this->allowGroupsWithSameNameInOtherSubtrees == true){
842 /* Check for used 'cn' */
843 $ldap= $this->config->get_ldap_link();
844 if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
845 $ldap->cd(get_groups_ou().$this->base);
846 $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
847 if ($ldap->count() != 0){
848 $message[]= _("Value specified as 'Name' is already used.");
849 }
850 }
852 }else{
854 /* Check for used 'cn' */
855 $ldap= $this->config->get_ldap_link();
856 $ldap->cd($this->config->current['BASE']);
857 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
858 if ($ldap->count() != 0){
860 /* New entry? */
861 if ($this->dn == 'new'){
862 $message[]= _("Value specified as 'Name' is already used.");
863 }
865 /* Moved? */
866 elseif ($new_dn != $this->orig_dn){
867 $ldap->fetch();
868 if ($ldap->getDN() != $this->orig_dn){
869 $message[]= _("Value specified as 'Name' is already used.");
870 }
871 }
872 }
873 }
875 /* Check ID */
876 if ($this->force_gid == "1"){
877 if (!is_id($this->gidNumber)){
878 $message[]= _("Value specified as 'GID' is not valid.");
879 } else {
880 if ($this->gidNumber < $this->config->current['MINID']){
881 $message[]= _("Value specified as 'GID' is too small.");
882 }
884 }
885 }
887 return ($message);
888 }
890 function get_next_id($attrib, $dn)
891 {
892 $ids= array();
893 $ldap= $this->config->get_ldap_link();
895 $ldap->cd ($this->config->current['BASE']);
896 if (preg_match('/gidNumber/i', $attrib)){
897 $oc= "posixGroup";
898 } else {
899 $oc= "posixAccount";
900 }
901 $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
903 /* Get list of ids */
904 while ($attrs= $ldap->fetch()){
905 $ids[]= (int)$attrs["$attrib"][0];
906 }
908 /* Find out next free id near to UID_BASE */
909 if (!isset($this->config->current['BASE_HOOK'])){
910 $base= $this->config->current['UIDBASE'];
911 } else {
912 /* Call base hook */
913 $base= get_base_from_hook($dn, $attrib);
914 }
915 for ($id= $base; $id++; $id < pow(2,32)){
916 if (!in_array($id, $ids)){
917 return ($id);
918 }
919 }
921 /* Check if id reached maximum */
922 if ($id >= pow(2,32)){
923 print_red(_("Too many users, can't allocate a free ID!"));
924 exit;
925 }
926 }
928 function getCopyDialog()
929 {
930 $vars = array("cn");
932 if($this ->force_gid){
933 $used = " checked ";
934 $dis = "";
935 }else{
936 $used = "";
937 $dis = " disabled ";
938 }
940 $smarty = get_smarty();
941 $smarty->assign("used",$used);
942 $smarty->assign("dis" ,$dis);
943 $smarty->assign("cn" ,$this->cn);
944 $smarty->assign("gidNumber",$this->gidNumber);
945 $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
946 $ret = array();
947 $ret['string'] = $str;
948 $ret['status'] = "";
949 return($ret);
950 }
952 function saveCopyDialog()
953 {
954 if(isset($_POST['cn'])){
955 $this->cn = $_POST['cn'];
956 }
957 if(isset($_POST['force_gid'])){
958 $this->force_gid = 1;
959 $this->gidNumber= $_POST['gidNumber'];
960 }else{
961 $this->force_gid = 0;
962 $this->gidNumber = false;
963 }
964 }
967 /* Return plugin informations for acl handling */
968 static function plInfo()
969 {
970 return (array(
971 "plShortName" => _("Generic"),
972 "plDescription" => _("Generic group settings"),
973 "plSelfModify" => FALSE,
974 "plDepends" => array(),
975 "plPriority" => 0,
976 "plSection" => array("admin"),
977 "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
979 "plProvidedAcls" => array(
980 "cn" => _("Name"),
981 "base" => _("Base"),
982 "description" => _("Description"),
984 "fonGroup" => _("Phone pickup group"),
985 "nagiosGroup" => _("Nagios group"),
987 "gidNumber" => _("GID"),
988 "memberUid" => _("Group member"),
989 "sambaGroupType" => _("Samba group type"),
990 "sambaDomainName" => _("Samba domain name"),
991 "sambaSID" => _("Samba SID"))
992 ));
993 }
996 function multiple_save_object()
997 {
998 if(isset($_POST['group_mulitple_edit'])){
1000 /* Create a base backup and reset the
1001 base directly after calling plugin::save_object();
1002 Base will be set seperatly a few lines below */
1003 $base_tmp = $this->base;
1004 plugin::multiple_save_object();
1005 plugin::save_object();
1006 $this->base = $base_tmp;
1008 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1009 if(isset($_POST['use_'.$attr])){
1010 $this->multi_boxes[] = $attr;
1011 }
1012 }
1014 /* Get base selection */
1015 if(isset($_POST['base'])){
1016 $tmp = $this->get_allowed_bases();
1017 if(isset($tmp[$_POST['base']])){
1018 $this->base = $_POST['base'];
1019 }
1020 }
1022 foreach (array( "smbgroup" => "sambaGroupType") as $val => $aclname) {
1023 if ($this->acl_is_writeable($aclname)){
1024 if(isset($_POST["$val"])){
1025 $this->$val= TRUE;
1026 }else{
1027 $this->$val= FALSE;
1028 }
1029 }
1030 }
1032 /* Save sambaDomain attribute */
1033 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
1034 $this->sambaDomainName= $_POST['sambaDomainName'];
1035 $this->groupType= $_POST['groupType'];
1036 }
1038 /* Save fon attribute */
1039 if ($this->acl_is_writeable("fon_group")){
1040 if (isset ($_POST['fon_group'])){
1041 $this->fon_group= TRUE;
1042 } else {
1043 $this->fon_group= FALSE;
1044 }
1045 }
1046 }
1047 }
1050 function get_multi_edit_values()
1051 {
1052 $ret = plugin::get_multi_edit_values();
1054 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1055 if(in_array($attr,$this->multi_boxes)){
1056 $ret[$attr] = $this->$attr;
1057 }
1058 }
1059 return($ret);
1060 }
1062 function multiple_execute()
1063 {
1064 return($this->execute());
1065 }
1066 }
1068 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1069 ?>