1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class group extends plugin
24 {
25 /* Group attributes */
26 var $cn= "";
27 var $description= "";
28 var $gidNumber= "";
29 var $memberUid= array();
30 var $memberUid_used_by_some= array();
32 /* Helpers */
33 var $base= "";
34 var $force_gid= FALSE;
35 var $fon_group= FALSE;
36 var $smbgroup= FALSE;
37 var $groupType= FALSE;
38 var $samba3= FALSE;
39 var $sambaSID= "";
40 var $sambaDomainName= "DEFAULT";
41 var $SID= "";
42 var $ridBase= 0;
43 var $members= array();
44 var $users= array();
45 var $member= array();
46 var $allusers= array();
47 var $saved_gidNumber= "";
48 var $oldgroupType= "";
49 var $orig_dn= "";
50 var $orig_cn= "";
51 var $has_mailAccount= FALSE;
52 var $group_dialog= FALSE;
53 var $nagios_group =FALSE;
54 var $sambaGroupType;
55 var $dialog;
56 var $rfc2307bis= FALSE;
57 var $OnlyShowFirstEntries =200;
58 var $dnMapping= array();
59 var $view_logged = FALSE;
60 var $allowGroupsWithSameNameInOtherSubtrees = true;
62 /* Trustmodel/AccessTo
63 */
64 var $accessTo= array();
65 var $trustModel= "";
66 var $show_ws_dialog = FALSE;
68 /* attribute list for save action */
69 var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID","accessTo","trustModel");
70 var $objectclasses= array("top", "posixGroup");
72 var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
74 var $multiple_support = TRUE;
76 function group (&$config, $dn= NULL)
77 {
78 /* Set rfc2307bis flag */
79 if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
80 $this->rfc2307bis= TRUE;
81 $this->attributes[]= "member";
82 $this->objectclasses[]= "groupOfNames";
83 }
85 plugin::plugin ($config, $dn);
87 /* Load attributes depending on the samba version */
88 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
89 $this->orig_dn= $dn;
90 $this->orig_cn= $this->cn;
92 /* Get member list */
93 if (isset($this->attrs['memberUid'][0])){
94 $tmp= array();
95 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
96 $tmp[$this->attrs['memberUid'][$i]]= $this->attrs['memberUid'][$i];
97 }
98 $this->memberUid= $tmp;
99 ksort ($this->memberUid);
100 }
102 /* Save gidNumber for later use */
103 if (isset($this->attrs['gidNumber'])){
104 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
105 }
107 /* Is a samba group? */
108 if (isset($this->attrs['objectClass'])){
109 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == FALSE ){
110 $this->smbgroup= FALSE;
111 } else {
112 $this->smbgroup= TRUE;
113 if (isset($this->attrs['sambaSID'])){
114 $this->sambaSID= $this->attrs['sambaSID'][0];
115 }
116 }
117 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == FALSE ){
118 $this->fon_group= FALSE;
119 } else {
120 $this->fon_group= TRUE;
121 }
122 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == FALSE ){
123 $this->nagios_group= FALSE;
124 } else {
125 $this->nagios_group= TRUE;
126 }
127 }
129 /* Set mail flag */
130 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
131 $this->has_mailAccount= TRUE;
132 }
134 /* Get samba Domain in case of samba 3 */
135 if ($this->samba3 && $this->sambaSID != ""){
136 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
137 $ldap= $this->config->get_ldap_link();
138 $ldap->cd($this->config->current['BASE']);
139 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
140 if ($ldap->count() != 0){
141 $attrs= $ldap->fetch();
142 if(isset($attrs['sambaAlgorithmicRidBase'])){
143 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
144 } else {
145 $this->ridBase= $this->config->current['RIDBASE'];
146 }
148 /* Get domain name for SID */
149 $this->sambaDomainName= "DEFAULT";
150 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
151 if ($val['SID'] == $this->SID){
152 $this->sambaDomainName= $key;
153 break;
154 }
155 }
156 } else {
157 if (isset($this->config->current['RIDBASE'])){
158 $this->sambaDomainName= "DEFAULT";
159 $this->ridBase= $this->config->current['RIDBASE'];
160 $this->SID= $this->config->current['SID'];
161 } else {
162 msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG);
163 }
164 }
166 /* Get group type */
167 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
168 if ($this->groupType < 500 || $this->groupType > 553){
169 $this->groupType= 0;
170 }
171 $this->oldgroupType= $this->groupType;
172 }
174 /* Get global filter config */
175 if (!session::is_set("gufilter")){
176 $ui= get_userinfo();
177 $base= get_base_from_people($ui->dn);
178 $gufilter= array( "dselect" => $base,
179 "regex" => "*");
180 session::set("gufilter", $gufilter);
181 }
182 $gufilter= session::get('gufilter');
183 $gufilter['SubSearchGroup'] = false;
184 session::set('gufilter',$gufilter);
186 if ($this->dn == "new"){
187 if(session::is_set('CurrentMainBase')){
188 $this->base = session::get('CurrentMainBase');
189 }else{
190 $ui= get_userinfo();
191 $this->base= dn2base($ui->dn);
192 }
193 } else {
195 /* Get object base */
196 $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
197 }
199 /* Is this account a trustAccount? */
200 if (isset($this->attrs['trustModel'])){
201 $this->trustModel= $this->attrs['trustModel'][0];
202 $this->was_trust_account= TRUE;
203 } else {
204 $this->was_trust_account= FALSE;
205 $this->trustModel= "";
206 }
208 $this->accessTo = array();
209 if (isset($this->attrs['accessTo'])){
210 for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
211 $tmp= $this->attrs['accessTo'][$i];
212 $this->accessTo[$tmp]= $tmp;
213 }
214 }
216 /* This is always an account */
217 $this->is_account= TRUE;
218 $this->reload();
219 }
221 function execute()
222 {
223 /* Call parent execute */
224 plugin::execute();
226 /* Log view */
227 if($this->is_account && !$this->view_logged){
228 $this->view_logged = TRUE;
229 new log("view","groups/".get_class($this),$this->dn);
230 }
232 /* Do we represent a valid group? */
233 if (!$this->is_account && $this->parent === NULL){
234 $display= "<img alt=\"\" src=\"images/small-error.png\" align=\"middle\"> <b>".msgPool::noValidExtension()."</b>";
235 return ($display);
236 }
238 /* Delete user from group */
239 if (isset($_POST['del_users']) && isset($_POST['members'])){
240 foreach ($_POST['members'] as $value){
241 unset ($this->members["$value"]);
242 $this->removeUser($value);
243 }
244 $this->reload();
245 }
247 /* Add objects? */
248 if (isset($_POST["edit_membership"])){
249 $this->group_dialog= TRUE;
250 $this->dialog= TRUE;
251 }
253 /* Add objects finished? */
254 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
255 $this->group_dialog= FALSE;
256 $this->dialog= FALSE;
257 }
259 /* Add user to group */
260 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
261 foreach ($_POST['users'] as $value){
262 $this->members["$value"]= $this->allusers[$value];
263 asort($this->members);
264 $this->addUser($value);
265 }
266 $this->reload();
267 }
269 /* Base select dialog */
270 $once = true;
271 foreach($_POST as $name => $value){
272 if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
274 $once = false;
275 $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
276 $this->dialog->setCurrentBase($this->base);
277 }
278 }
280 /* Dialog handling */
281 if(is_object($this->dialog)){
282 /* Must be called before save_object */
283 $this->dialog->save_object();
285 if($this->dialog->isClosed()){
286 $this->dialog = false;
287 }elseif($this->dialog->isSelected()){
289 /* Check if selected base is valid */
290 $tmp = $this->get_allowed_bases();
291 if(isset($tmp[$this->dialog->isSelected()])){
292 $this->base = $this->dialog->isSelected();
293 }
294 $this->dialog= false;
295 }else{
296 return($this->dialog->execute());
297 }
298 }
301 /* Add user workstation? */
302 if (isset($_POST["add_ws"])){
303 $this->show_ws_dialog= TRUE;
304 $this->dialog= TRUE;
305 }
307 /* Add user workstation? */
308 if (isset($_POST["add_ws_finish"]) && isset($_POST['wslist'])){
309 foreach($_POST['wslist'] as $ws){
310 $this->accessTo[$ws]= $ws;
311 }
312 ksort($this->accessTo);
313 $this->is_modified= TRUE;
314 }
316 /* Remove user workstations? */
317 if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
318 foreach($_POST['workstation_list'] as $name){
319 unset ($this->accessTo[$name]);
320 }
321 $this->is_modified= TRUE;
322 }
324 /* Add user workstation finished? */
325 if (isset($_POST["add_ws_finish"]) || isset($_POST["add_ws_cancel"])){
326 $this->show_ws_dialog= FALSE;
327 $this->dialog= FALSE;
328 }
330 $smarty= get_smarty();
332 /* Show ws dialog */
333 if ($this->show_ws_dialog){
335 /* Save data */
336 $sysfilter= session::get("sysfilter");
337 foreach( array("depselect", "regex") as $type){
338 if (isset($_POST[$type])){
339 $sysfilter[$type]= $_POST[$type];
340 }
341 }
342 if (isset($_GET['search'])){
343 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
344 if ($s == "**"){
345 $s= "*";
346 }
347 $sysfilter['regex']= $s;
348 }
349 session::set("sysfilter", $sysfilter);
351 /* Get workstation list */
352 $exclude= "";
353 foreach($this->accessTo as $ws){
354 $exclude.= "(cn=$ws)";
355 }
356 if ($exclude != ""){
357 $exclude= "(!(|$exclude))";
358 }
359 $regex= $sysfilter['regex'];
360 $filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))";
362 $deps_a = array(get_ou("serverou"),
363 get_ou("terminalou"),
364 get_ou("workstationou"));
366 $res= get_sub_list($filter, array("terminal","server","workstation"), $deps_a, get_ou("systemsou").$sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT);
367 $wslist= array();
368 foreach ($res as $attrs){
369 $wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
370 }
371 asort($wslist);
372 $smarty->assign("search_image", get_template_path('images/search.png'));
373 $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
374 $smarty->assign("tree_image", get_template_path('images/tree.png'));
375 $smarty->assign("deplist", $this->config->idepartments);
376 $smarty->assign("alphabet", generate_alphabet());
377 foreach( array("depselect", "regex") as $type){
378 $smarty->assign("$type", $sysfilter[$type]);
379 }
380 $smarty->assign("hint", print_sizelimit_warning());
381 $smarty->assign("wslist", $wslist);
382 $smarty->assign("apply", apply_filter());
383 $display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__)));
384 return ($display);
385 }
387 /* Assign templating stuff */
388 if ($this->samba3){
389 $smarty->assign("samba3", "true");
390 } else {
391 $smarty->assign("samba3", "");
392 }
394 if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
395 $smarty->assign("nagios",true);
396 }else{
397 $smarty->assign("nagios",false);
398 }
400 if($this->config->search("phoneAccount", "CLASS",array('menu'))){
401 $smarty->assign("pickupGroup",true);
402 }else{
403 $smarty->assign("pickupGroup",false);
404 }
406 /* Manage object add dialog */
407 if ($this->group_dialog){
409 /* Save data */
410 $gufilter= session::get("gufilter");
411 foreach( array("dselect", "regex") as $type){
412 if (isset($_POST[$type])){
413 $gufilter[$type]= $_POST[$type];
414 }
415 }
416 if(isset($_POST['regex'])){
417 if(isset($_POST['SubSearchGroup'])){
418 $gufilter['SubSearchGroup'] = true;
419 }else{
420 $gufilter['SubSearchGroup'] = false;
421 }
422 }
424 if (isset($_GET['search'])){
425 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
426 if ($s == "**"){
427 $s= "*";
428 }
429 $gufilter['regex']= $s;
430 }
431 session::set("gufilter", $gufilter);
432 $this->reload();
434 /* Show dialog */
435 $smarty->assign("search_image", get_template_path('images/search.png'));
436 $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
437 $smarty->assign("tree_image", get_template_path('images/tree.png'));
439 $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
440 $smarty->assign("alphabet", generate_alphabet());
441 foreach( array("dselect", "regex","SubSearchGroup") as $type){
442 $smarty->assign("$type", $gufilter[$type]);
443 }
444 $smarty->assign("hint", print_sizelimit_warning());
445 $smarty->assign("users", $this->displayUsers);
446 $smarty->assign("apply", apply_filter());
447 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
448 return ($display);
449 }
451 $smarty->assign("bases", $this->get_allowed_bases());
452 $smarty->assign("base_select", $this->base);
454 if ($this->samba3){
455 $domains= array();
456 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
457 $domains[$name]= $name;
458 }
459 $smarty->assign("sambaDomains", $domains);
460 $smarty->assign("sambaDomainName", $this->sambaDomainName);
461 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
462 514 => _("Domain guests"));
464 /* Don't loose special groups! If not key'ed above, add it to
465 the combo box... */
466 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
467 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
468 }
470 $smarty->assign("groupTypes", $groupTypes);
471 $smarty->assign("groupType", $this->groupType);
472 }
474 /* Members and users */
475 $smarty->assign("members", $this->members);
477 /* Work on trust modes */
478 $smarty->assign("trusthide", " disabled ");
479 $smarty->assign("trustmodeACL", $this->getacl("trustModel"));
480 if ($this->trustModel == "fullaccess"){
481 $trustmode= 1;
482 // pervent double disable tag in html code, this will disturb our clean w3c html
483 $smarty->assign("trustmode", $this->getacl("trustModel"));
485 } elseif ($this->trustModel == "byhost"){
486 $trustmode= 2;
487 $smarty->assign("trusthide", "");
488 } else {
489 // pervent double disable tag in html code, this will disturb our clean w3c html
490 $smarty->assign("trustmode", $this->getacl("trustModel"));
491 $trustmode= 0;
492 }
493 $smarty->assign("trustmode", $trustmode);
494 $smarty->assign("trustmodes", array( 0 => _("disabled"), 1 => _("full access"),
495 2 => _("allow access to these hosts")));
497 if((count($this->accessTo))==0){
498 $smarty->assign("emptyArrAccess",true);
499 } else{
500 $smarty->assign("emptyArrAccess",false);
502 }
504 $smarty->assign("workstations", $this->accessTo);
508 /* Checkboxes */
509 foreach (array("force_gid", "smbgroup") as $val){
510 if ($this->$val == "1"){
511 $smarty->assign("$val", "checked");
512 } else {
513 $smarty->assign("$val", "");
514 }
515 }
516 if ($this->force_gid != "1"){
517 $smarty->assign("forceMode", "disabled");
518 }else{
519 $smarty->assign("forceMode", "");
520 }
521 if ($this->fon_group){
522 $smarty->assign("fon_group", "checked");
523 } else {
524 $smarty->assign("fon_group", "");
525 }
527 if ($this->nagios_group){
528 $smarty->assign("nagios_group", "checked");
529 } else {
530 $smarty->assign("nagios_group", "");
531 }
533 /* Fields */
534 foreach (array("cn", "description", "gidNumber") as $val){
535 $smarty->assign("$val", $this->$val);
536 }
538 $tmp = $this->plInfo();
539 foreach($tmp['plProvidedAcls'] as $name => $translation){
540 $smarty->assign($name."ACL",$this->getacl($name));
541 }
543 if($this->acl_is_writeable("base")){
544 $smarty->assign("baseSelect",true);
545 }else{
546 $smarty->assign("baseSelect",false);
547 }
549 /* Show main page */
550 $smarty->assign("alphabet", generate_alphabet(10));
551 $smarty->assign("search_image", get_template_path('images/search.png'));
552 $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
553 $smarty->assign("tree_image", get_template_path('images/tree.png'));
554 $smarty->assign("deplist", $this->config->idepartments);
556 /* Multiple edit handling */
557 $smarty->assign("multiple_support",$this->multiple_support_active);
559 $smarty->assign("memberUid_All",$this->memberUid);
560 $smarty->assign("memberUid_Some",$this->memberUid_used_by_some);
562 foreach($this->attributes as $val){
563 if(in_array($val,$this->multi_boxes)){
564 $smarty->assign("use_".$val,TRUE);
565 }else{
566 $smarty->assign("use_".$val,FALSE);
567 }
568 }
569 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $val){
570 if(in_array($val,$this->multi_boxes)){
571 $smarty->assign("use_".$val,TRUE);
572 }else{
573 $smarty->assign("use_".$val,FALSE);
574 }
575 }
577 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
578 }
580 function addUser($uid)
581 {
582 /* In mutliple edit we have to handle two arrays.
583 * memberUid : Containing users used in all groups
584 * memberUid_used_by_some : Those which are not used in all groups
585 * So we have to remove the given $uid from the ..used_by_some array first.
586 */
587 if($this->multiple_support_active){
588 if(isset($this->memberUid_used_by_some[$uid])){
589 unset($this->memberUid_used_by_some[$uid]);
590 }
591 }
593 $this->memberUid[$uid]= $uid;
594 }
597 function removeUser($uid)
598 {
599 $temp= array();
600 if(isset($this->memberUid[$uid])){
601 unset($this->memberUid[$uid]);
602 }
604 /* We have two array contianing group members in multiple edit.
605 * this->memberUid : Groups used by all currently edited groups
606 * this->memberUid_used_by_some: Used by some
607 * So we have to remove the specified uid from both arrays.
608 */
609 if($this->multiple_support_active){
610 if(isset($this->memberUid_used_by_some[$uid])){
611 unset($this->memberUid_used_by_some[$uid]);
612 }
613 }
614 }
616 /* Reload data */
617 function reload()
618 {
619 /* Fix regex string */
620 $gufilter = session::get("gufilter");
621 $regex = normalizeLdap($gufilter['regex']);
622 $MaxUser = $this->OnlyShowFirstEntries;
624 /* Prepare ldap link */
625 $ldap= $this->config->get_ldap_link();
626 $ldap->cd($gufilter['dselect']);
629 /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
630 (Store gathered sn/givenName informations in $this->allusers too,
631 to be prepared when adding/deleting users)
632 */
633 $filter = "";
634 foreach ($this->memberUid as $value){
635 if(!isset($this->members[$value])){
636 $filter .= "(uid=".normalizeLdap($value).")";
637 }
638 }
639 if(!empty($filter)){
640 $ldap->cd($this->config->current['BASE']);
641 $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
642 while($attrs = $ldap->fetch()){
643 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
644 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
645 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
646 }
647 }
649 /* check if all uids are resolved */
650 foreach ($this->memberUid as $value){
651 if(!isset($this->members[$value])){
652 $this->members[$value] = _("! unknown id")." [".$value."]";
653 }
654 }
656 /* Create display list of users matching regex & filter
657 */
658 $this->displayUsers = array();
659 $filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
661 /* Search in current tree or within subtrees depending on the checkbox from filter section */
662 if($gufilter['SubSearchGroup']){
663 $flag = GL_SIZELIMIT | GL_SUBSEARCH;
664 $base = $gufilter['dselect'];
665 }else{
666 $flag = GL_SIZELIMIT ;
667 $base = get_people_ou().$gufilter['dselect'];
668 }
669 $i = 0;
672 $res = get_list($filter,"users",$base,array("dn", "uid", "sn", "givenName"),$flag);
674 /* Fetch all users and skip already used users */
675 foreach($res as $attrs){
676 if(in_array($attrs['uid'][0], $this->memberUid)) {
677 continue;
678 }
679 $i ++;
680 if($i > $MaxUser) {
681 break;
682 }
683 $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
684 $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
685 $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
686 }
688 /* If more than max users are found, display a message to warn the user */
689 if($i == $MaxUser){
690 msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG);
691 }
693 /* Sort lists */
694 natcasesort($this->members);
695 reset($this->members);
696 natcasesort ($this->displayUsers);
697 reset ($this->displayUsers);
698 }
701 /* Create display name, this was used so often that it is excluded into a seperate function */
702 function createResultName($attrs)
703 {
704 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
705 $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
706 } else {
707 $ret= $attrs['uid'][0];
708 }
709 return($ret);
710 }
713 function remove_from_parent()
714 {
715 plugin::remove_from_parent();
717 $ldap= $this->config->get_ldap_link();
718 $ldap->rmdir($this->dn);
719 if (!$ldap->success()){
720 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
721 }
723 new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
725 /* Delete references to object groups */
726 $ldap->cd ($this->config->current['BASE']);
727 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
728 while ($ldap->fetch()){
729 $og= new ogroup($this->config, $ldap->getDN());
730 unset($og->member[$this->dn]);
731 $og->save ();
732 }
734 /* Remove ACL dependencies too,
735 */
736 $ldap = $this->config->get_ldap_link();
737 $ldap->cd($this->config->current['BASE']);
738 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
739 while($attrs = $ldap->fetch()){
740 $acl = new acl($this->config,$this->parent,$attrs['dn']);
741 foreach($acl->gosaAclEntry as $id => $entry){
742 foreach($entry['members'] as $m_id => $member){
743 if($m_id == "G:".$this->dn || $m_id == "U:".$this->dn){
744 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
745 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn']));
746 }
747 }
748 }
749 $acl->save();
750 }
752 /* Remove ACL dependencies too,
753 */
754 $tmp = new acl($this->config,$this->parent,$this->dn);
755 $tmp->remove_acl();
757 /* Send signal to the world that we've done */
758 $this->handle_post_events("remove");
759 }
762 /* Save data to object */
763 function save_object()
764 {
765 /* Save additional values for possible next step */
766 if (isset($_POST['groupedit'])){
768 /* Create a base backup and reset the
769 base directly after calling plugin::save_object();
770 Base will be set seperatly a few lines below */
771 $base_tmp = $this->base;
772 plugin::save_object();
773 $this->base = $base_tmp;
775 $this->force_gid= 0;
777 /* Only reset sambagroup flag if we are able to write this flag */
778 if($this->acl_is_writeable("sambaGroupType")){
779 $this->smbgroup = 0;
780 }
782 /* Get base selection */
783 if(isset($_POST['base'])){
784 $tmp = $this->get_allowed_bases();
785 if(isset($tmp[$_POST['base']])){
786 $this->base = $_POST['base'];
787 }
788 }
790 foreach (array(
791 "force_gid" => "gidNumber",
792 "smbgroup" => "sambaGroupType") as $val => $aclname) {
793 if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
794 $this->$val= $_POST["$val"];
795 }
796 }
798 /* Save sambaDomain attribute */
799 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
800 $this->sambaDomainName= $_POST['sambaDomainName'];
801 $this->groupType= $_POST['groupType'];
802 }
804 /* Save fon attribute */
805 if ($this->acl_is_writeable("fon_group")){
806 if (isset ($_POST['fon_group'])){
807 $this->fon_group= TRUE;
808 } else {
809 $this->fon_group= FALSE;
810 }
811 }
812 if ($this->acl_is_writeable("nagios_group")){
813 if (isset ($_POST['nagios_group'])){
814 $this->nagios_group= TRUE;
815 } else {
816 $this->nagios_group= FALSE;
817 }
818 }
819 }
821 /* Trust mode - special handling */
822 if($this->acl_is_writeable("trustModel")){
823 if (isset($_POST['trustmode'])){
824 $saved= $this->trustModel;
825 if ($_POST['trustmode'] == "1"){
826 $this->trustModel= "fullaccess";
827 } elseif ($_POST['trustmode'] == "2"){
828 $this->trustModel= "byhost";
829 } else {
830 $this->trustModel= "";
831 }
832 if ($this->trustModel != $saved){
833 $this->is_modified= TRUE;
834 }
835 }
836 }
838 }
841 /* Save to LDAP */
842 function save()
843 {
845 /* ID handling */
846 if ($this->force_gid == 0){
847 if ($this->saved_gidNumber != ""){
848 $this->gidNumber= $this->saved_gidNumber;
849 } else {
850 /* Calculate new, lock uids */
851 $wait= 10;
852 while (get_lock("uidnumber") != ""){
853 sleep (1);
855 /* timed out? */
856 if ($wait-- == 0){
857 break;
858 }
859 }
860 add_lock ("uidnumber", "gosa");
861 $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
862 }
863 }
865 plugin::save();
867 /* Trust accounts */
868 $objectclasses= array();
869 foreach ($this->attrs['objectClass'] as $key => $class){
870 if (preg_match('/trustAccount/i', $class)){
871 continue;
872 }
873 $objectclasses[]= $this->attrs['objectClass'][$key];
874 }
875 $this->attrs['objectClass']= $objectclasses;
876 if ($this->trustModel != ""){
877 $this->attrs['objectClass'][]= "trustAccount";
878 $this->attrs['trustModel']= $this->trustModel;
879 $this->attrs['accessTo']= array();
880 if ($this->trustModel == "byhost"){
881 foreach ($this->accessTo as $host){
882 $this->attrs['accessTo'][]= $host;
883 }
884 }
885 } else {
886 if ($this->was_trust_account){
887 $this->attrs['accessTo']= array();
888 $this->attrs['trustModel']= array();
889 }
890 }
894 /* Remove objectClass for samba/phone support */
895 $tmp= array();
896 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
897 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
898 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
899 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
900 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
901 $tmp[]= $this->attrs['objectClass'][$i];
902 }
903 }
904 $this->attrs['objectClass']= $tmp;
905 $ldap= $this->config->get_ldap_link();
907 /* Add samba group functionality */
908 if ($this->samba3 && $this->smbgroup){
910 /* Fixed undefined index ...
911 */
912 $this->SID = $this->ridBase = "";
913 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
914 $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
915 }else{
916 msg_dialog::display(_("Error"), sprintf(_("Cannot find any SID for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
917 }
918 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
919 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
920 }else{
921 msg_dialog::display(_("Error"), sprintf(_("Cannot find any RIDBASE for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
922 }
924 $this->attrs['objectClass'][]= 'sambaGroupMapping';
925 $this->attrs['sambaGroupType']= "2";
927 /* Check if we need to create a special entry */
928 if ($this->groupType == 0){
930 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
931 $gidNumber= $this->gidNumber;
932 while(TRUE){
933 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
934 $ldap->cd($this->config->current['BASE']);
935 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
936 if ($ldap->count() == 0){
937 break;
938 }
939 $gidNumber++;
940 }
941 $this->attrs['sambaSID']= $sid;
942 $this->sambaSID= $sid;
943 }
945 } else {
946 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
947 }
949 /* User wants me to fake the idMappings? This is useful for
950 making winbind resolve the group names in a reasonable amount
951 of time in combination with larger databases. */
952 if (isset($this->config->current['SAMBAIDMAPPING']) &&
953 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
954 $this->attrs['objectClass'][]= "sambaIdmapEntry";
955 }
957 }
959 /* Add phone functionality */
960 if ($this->fon_group){
961 $this->attrs['objectClass'][]= "goFonPickupGroup";
962 }
964 /* Add nagios functionality */
965 if ($this->nagios_group){
966 $this->attrs['objectClass'][]= "nagiosContactGroup";
967 }
969 /* Take members array */
970 if (count ($this->memberUid)){
971 $this->attrs['memberUid']= array_values(array_unique($this->memberUid));
972 }
974 /* New accounts need proper 'dn', propagate it to remaining objects */
975 if ($this->dn == 'new'){
976 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
977 }
979 /* Add member dn's for RFC2307bis Support */
980 if ($this->rfc2307bis){
981 $this->attrs['member'] = array();
982 if (count($this->memberUid)){
983 foreach($this->attrs['memberUid'] as $uid) {
984 $this->attrs['member'][]= $this->dnMapping[$uid];
985 }
986 } else {
987 $this->attrs['member'][]= $this->dn;
988 }
989 }
991 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
992 new entries. So do a check first... */
993 $ldap->cat ($this->dn, array('dn'));
994 if ($ldap->fetch()){
995 /* Modify needs array() to remove values :-( */
996 if (!count ($this->memberUid)){
997 $this->attrs['memberUid']= array();
998 }
999 if ($this->samba3){
1000 if (!$this->smbgroup){
1001 $this->attrs['sambaGroupType']= array();
1002 $this->attrs['sambaSID']= array();
1003 }
1004 }
1005 $mode= "modify";
1006 } else {
1007 $mode= "add";
1008 $ldap->cd($this->config->current['BASE']);
1009 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
1010 }
1012 /* Write back to ldap */
1013 $ldap->cd($this->dn);
1014 $this->cleanup();
1015 $ldap->$mode($this->attrs);
1017 /* Remove ACL dependencies too,
1018 */
1019 if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
1020 $tmp = new acl($this->config,$this->parent,$this->dn);
1021 $tmp->update_acl_membership($this->orig_dn,$this->dn);
1022 }
1024 if($this->initially_was_account){
1025 new log("modify","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1026 }else{
1027 new log("create","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1028 }
1030 $ret= 0;
1031 if (!$ldap->success()){
1032 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
1033 $ret= 1;
1034 }
1036 /* Remove uid lock */
1037 del_lock ("uidnumber");
1039 /* Post that we've done*/
1040 $this->handle_post_events($mode);
1042 return ($ret);
1043 }
1045 function check()
1046 {
1047 /* Call common method to give check the hook */
1048 $message= plugin::check();
1050 /* Permissions for that base? */
1051 if ($this->base != ""){
1052 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
1053 } else {
1054 $new_dn= $this->dn;
1055 }
1057 /* must: cn */
1058 if ($this->cn == "" && $this->acl_is_writeable("cn")){
1059 $message[]= msgPool::required(_("Name"));
1060 }
1062 /* Check for valid input */
1063 if (!tests::is_uid($this->cn)){
1064 if (strict_uid_mode()){
1065 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/");
1066 } else {
1067 $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/i");
1068 }
1069 }
1071 if($this->allowGroupsWithSameNameInOtherSubtrees == true){
1073 /* Check for used 'cn' */
1074 $ldap= $this->config->get_ldap_link();
1075 if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
1076 $ldap->cd(get_groups_ou().$this->base);
1077 $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
1078 if ($ldap->count() != 0){
1079 $message[]= msgPool::duplicated(_("Name"));
1080 }
1081 }
1083 }else{
1085 /* Check for used 'cn' */
1086 $ldap= $this->config->get_ldap_link();
1087 $ldap->cd($this->config->current['BASE']);
1088 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
1089 if ($ldap->count() != 0){
1091 /* New entry? */
1092 if ($this->dn == 'new'){
1093 $message[]= msgPool::duplicated(_("Name"));
1094 }
1096 /* Moved? */
1097 elseif ($new_dn != $this->orig_dn){
1098 $ldap->fetch();
1099 if ($ldap->getDN() != $this->orig_dn){
1100 $message[]= msgPool::duplicated(_("Name"));
1101 }
1102 }
1103 }
1104 }
1106 /* Check ID */
1107 if ($this->force_gid == "1"){
1108 if (!tests::is_id($this->gidNumber)){
1109 $message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/");
1110 } else {
1111 if ($this->gidNumber < $this->config->current['MINID']){
1112 $message[]= msgPool::toosmall(_("GID"), $this->config->current['MINID']);
1113 }
1115 }
1116 }
1118 return ($message);
1119 }
1121 function get_next_id($attrib, $dn)
1122 {
1123 $ids= array();
1124 $ldap= $this->config->get_ldap_link();
1126 $ldap->cd ($this->config->current['BASE']);
1127 if (preg_match('/gidNumber/i', $attrib)){
1128 $oc= "posixGroup";
1129 } else {
1130 $oc= "posixAccount";
1131 }
1132 $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
1134 /* Get list of ids */
1135 while ($attrs= $ldap->fetch()){
1136 $ids[]= (int)$attrs["$attrib"][0];
1137 }
1139 /* Find out next free id near to UID_BASE */
1140 if (!isset($this->config->current['BASE_HOOK'])){
1141 $base= $this->config->current['UIDBASE'];
1142 } else {
1143 /* Call base hook */
1144 $base= get_base_from_hook($dn, $attrib);
1145 }
1146 for ($id= $base; $id++; $id < pow(2,32)){
1147 if (!in_array($id, $ids)){
1148 return ($id);
1149 }
1150 }
1152 /* Check if id reached maximum */
1153 if ($id >= pow(2,32)){
1154 msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
1155 exit;
1156 }
1157 }
1159 function getCopyDialog()
1160 {
1161 $vars = array("cn");
1163 if($this ->force_gid){
1164 $used = " checked ";
1165 $dis = "";
1166 }else{
1167 $used = "";
1168 $dis = " disabled ";
1169 }
1171 $smarty = get_smarty();
1172 $smarty->assign("used",$used);
1173 $smarty->assign("dis" ,$dis);
1174 $smarty->assign("cn" ,$this->cn);
1175 $smarty->assign("gidNumber",$this->gidNumber);
1176 $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
1177 $ret = array();
1178 $ret['string'] = $str;
1179 $ret['status'] = "";
1180 return($ret);
1181 }
1183 function saveCopyDialog()
1184 {
1185 if(isset($_POST['cn'])){
1186 $this->cn = $_POST['cn'];
1187 }
1188 if(isset($_POST['force_gid'])){
1189 $this->force_gid = 1;
1190 $this->gidNumber= $_POST['gidNumber'];
1191 }else{
1192 $this->force_gid = 0;
1193 $this->gidNumber = false;
1194 }
1195 }
1198 /* Return plugin informations for acl handling */
1199 static function plInfo()
1200 {
1201 return (array(
1202 "plShortName" => _("Generic"),
1203 "plDescription" => _("Generic group settings"),
1204 "plSelfModify" => FALSE,
1205 "plDepends" => array(),
1206 "plPriority" => 0,
1207 "plSection" => array("admin"),
1208 "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
1210 "plProvidedAcls" => array(
1211 "cn" => _("Name"),
1212 "base" => _("Base"),
1213 "description" => _("Description"),
1215 "fonGroup" => _("Phone pickup group"),
1216 "nagiosGroup" => _("Nagios group"),
1218 "gidNumber" => _("GID"),
1219 "memberUid" => _("Group member"),
1220 "sambaGroupType" => _("Samba group type"),
1221 "sambaDomainName" => _("Samba domain name"),
1222 "sambaSID" => _("Samba SID"))
1223 ));
1224 }
1227 function multiple_save_object()
1228 {
1229 if(isset($_POST['group_mulitple_edit'])){
1231 /* Create a base backup and reset the
1232 base directly after calling plugin::save_object();
1233 Base will be set seperatly a few lines below */
1234 $base_tmp = $this->base;
1235 plugin::multiple_save_object();
1236 plugin::save_object();
1237 $this->base = $base_tmp;
1239 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1240 if(isset($_POST['use_'.$attr])){
1241 $this->multi_boxes[] = $attr;
1242 }
1243 }
1245 /* Get base selection */
1246 if(isset($_POST['base'])){
1247 $tmp = $this->get_allowed_bases();
1248 if(isset($tmp[$_POST['base']])){
1249 $this->base = $_POST['base'];
1250 }
1251 }
1253 foreach (array( "smbgroup" => "sambaGroupType") as $val => $aclname) {
1254 if ($this->acl_is_writeable($aclname)){
1255 if(isset($_POST["$val"])){
1256 $this->$val= TRUE;
1257 }else{
1258 $this->$val= FALSE;
1259 }
1260 }
1261 }
1263 /* Save sambaDomain attribute */
1264 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
1265 $this->sambaDomainName= $_POST['sambaDomainName'];
1266 $this->groupType= $_POST['groupType'];
1267 }
1269 /* Save fon attribute */
1270 if ($this->acl_is_writeable("fon_group")){
1271 if (isset ($_POST['fon_group'])){
1272 $this->fon_group= TRUE;
1273 } else {
1274 $this->fon_group= FALSE;
1275 }
1276 }
1277 }
1278 }
1281 function get_multi_edit_values()
1282 {
1283 $ret = plugin::get_multi_edit_values();
1285 foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
1286 if(in_array($attr,$this->multi_boxes)){
1287 $ret[$attr] = $this->$attr;
1288 }
1289 }
1290 $ret['memberUid'] = $this->memberUid;
1291 $ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
1292 return($ret);
1293 }
1295 function multiple_execute()
1296 {
1297 return($this->execute());
1298 }
1301 /* Initialize plugin with given atribute arrays
1302 */
1303 function init_multiple_support($attrs,$all)
1304 {
1305 plugin::init_multiple_support($attrs,$all);
1307 $this->memberUid = array();
1308 $this->memberUid_used_by_some = array();
1309 if (isset($attrs['memberUid'])){
1310 for ($i= 0; $i<$attrs['memberUid']['count']; $i++){
1311 $this->memberUid[$attrs['memberUid'][$i]]= $attrs['memberUid'][$i];
1312 }
1313 ksort($this->memberUid);
1314 }
1316 if (isset($all['memberUid'])){
1317 for ($i= 0; $i<$all['memberUid']['count']; $i++){
1318 if(!in_array($all['memberUid'][$i],$this->memberUid)){
1319 $this->memberUid_used_by_some[$all['memberUid'][$i]]= $all['memberUid'][$i];
1320 }
1321 }
1322 ksort($this->memberUid_used_by_some);
1323 }
1324 }
1326 function set_multi_edit_values($attrs)
1327 {
1328 $users = array();
1330 /* Update groupMembership, keep optinal group */
1331 foreach($attrs['memberUid_used_by_some'] as $uid){
1332 if(in_array($uid,$this->memberUid)){
1333 $users[$uid] = $uid;
1334 }
1335 }
1337 /* Update groupMembership, add forced groups */
1338 foreach($attrs['memberUid'] as $uid){
1339 $users[$uid] = $uid;
1340 }
1341 plugin::set_multi_edit_values($attrs);
1342 $this->memberUid = $users;
1343 }
1344 }
1345 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1346 ?>