1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $new= TRUE;
109 var $saved_attributes= array();
111 /* Plugin identifier */
112 var $plHeadline= "";
113 var $plDescription= "";
115 /*! \brief plugin constructor
117 If 'dn' is set, the node loads the given 'dn' from LDAP
119 \param dn Distinguished name to initialize plugin from
120 \sa plugin()
121 */
122 function plugin ($config, $dn= NULL)
123 {
124 /* Configuration is fine, allways */
125 $this->config= $config;
126 $this->dn= $dn;
128 /* Handle new accounts, don't read information from LDAP */
129 if ($dn == "new"){
130 return;
131 }
133 /* Get LDAP descriptor */
134 $ldap= $this->config->get_ldap_link();
135 if ($dn != NULL){
137 /* Load data to 'attrs' and save 'dn' */
138 $ldap->cat ($dn);
139 $this->attrs= $ldap->fetch();
141 /* Copy needed attributes */
142 foreach ($this->attributes as $val){
143 $found= array_key_ics($val, $this->attrs);
144 if ($found != ""){
145 $this->$val= $this->attrs["$found"][0];
146 }
147 }
149 /* gosaUnitTag loading... */
150 if (isset($this->attrs['gosaUnitTag'][0])){
151 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
152 }
154 /* Set the template flag according to the existence of objectClass
155 gosaUserTemplate */
156 if (isset($this->attrs['objectClass'])){
157 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
158 $this->is_template= TRUE;
159 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
160 "found", "Template check");
161 }
162 }
164 /* Is Account? */
165 error_reporting(0);
166 $found= TRUE;
167 foreach ($this->objectclasses as $obj){
168 if (preg_match('/top/i', $obj)){
169 continue;
170 }
171 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
172 $found= FALSE;
173 break;
174 }
175 }
176 error_reporting(E_ALL);
177 if ($found){
178 $this->is_account= TRUE;
179 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
180 "found", "Object check");
181 }
183 /* Prepare saved attributes */
184 $this->saved_attributes= $this->attrs;
185 foreach ($this->saved_attributes as $index => $value){
186 if (preg_match('/^[0-9]+$/', $index)){
187 unset($this->saved_attributes[$index]);
188 continue;
189 }
190 if (!in_array($index, $this->attributes) && $index != "objectClass"){
191 unset($this->saved_attributes[$index]);
192 continue;
193 }
194 if ($this->saved_attributes[$index]["count"] == 1){
195 $tmp= $this->saved_attributes[$index][0];
196 unset($this->saved_attributes[$index]);
197 $this->saved_attributes[$index]= $tmp;
198 continue;
199 }
201 unset($this->saved_attributes["$index"]["count"]);
202 }
203 }
205 /* Save initial account state */
206 $this->initially_was_account= $this->is_account;
207 }
209 /*! \brief execute plugin
211 Generates the html output for this node
212 */
213 function execute()
214 {
215 # This one is empty currently. Fabian - please fill in the docu code
216 $_SESSION['current_class_for_help'] = get_class($this);
217 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
218 $_SESSION['LOCK_VARS_TO_USE'] =array();
219 }
221 /*! \brief execute plugin
222 Removes object from parent
223 */
224 function remove_from_parent()
225 {
226 /* include global link_info */
227 $ldap= $this->config->get_ldap_link();
229 /* Get current objectClasses in order to add the required ones */
230 $ldap->cat($this->dn);
231 $tmp= $ldap->fetch ();
232 if (isset($tmp['objectClass'])){
233 $oc= $tmp['objectClass'];
234 } else {
235 $oc= array("count" => 0);
236 }
238 /* Remove objectClasses from entry */
239 $ldap->cd($this->dn);
240 $this->attrs= array();
241 $this->attrs['objectClass']= array();
242 for ($i= 0; $i<$oc["count"]; $i++){
243 if (!in_array_ics($oc[$i], $this->objectclasses)){
244 $this->attrs['objectClass'][]= $oc[$i];
245 }
246 }
248 /* Unset attributes from entry */
249 foreach ($this->attributes as $val){
250 $this->attrs["$val"]= array();
251 }
253 /* Unset account info */
254 $this->is_account= FALSE;
256 /* Do not write in plugin base class, this must be done by
257 children, since there are normally additional attribs,
258 lists, etc. */
259 /*
260 $ldap->modify($this->attrs);
261 */
262 }
265 /* Save data to object */
266 function save_object()
267 {
268 /* Save values to object */
269 foreach ($this->attributes as $val){
270 if ($this->acl_is_writable($val) && isset ($_POST["$val"])){
271 /* Check for modifications */
272 if (get_magic_quotes_gpc()) {
273 $data= stripcslashes($_POST["$val"]);
274 } else {
275 $data= $this->$val = $_POST["$val"];
276 }
277 if ($this->$val != $data){
278 $this->is_modified= TRUE;
279 }
281 /* Okay, how can I explain this fix ...
282 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
283 * So IE posts these 'unselectable' option, with value = chr(194)
284 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
285 * This was added for W3c compliance, but now causes these ... ldap errors ...
286 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
287 */
288 if(isset($data[0]) && $data[0] == chr(194)) {
289 $data = "";
290 }
291 $this->$val= $data;
292 echo "<font color='blue'>".$val."</font><br>";
293 }else{
294 echo "<font color='red'>".$val."</font><br>";
295 }
296 }
297 }
300 /* Save data to LDAP, depending on is_account we save or delete */
301 function save()
302 {
303 /* include global link_info */
304 $ldap= $this->config->get_ldap_link();
306 /* Start with empty array */
307 $this->attrs= array();
309 /* Get current objectClasses in order to add the required ones */
310 $ldap->cat($this->dn);
312 $tmp= $ldap->fetch ();
314 if (isset($tmp['objectClass'])){
315 $oc= $tmp["objectClass"];
316 $this->new= FALSE;
317 } else {
318 $oc= array("count" => 0);
319 $this->new= TRUE;
320 }
322 /* Load (minimum) attributes, add missing ones */
323 $this->attrs['objectClass']= $this->objectclasses;
324 for ($i= 0; $i<$oc["count"]; $i++){
325 if (!in_array_ics($oc[$i], $this->objectclasses)){
326 $this->attrs['objectClass'][]= $oc[$i];
327 }
328 }
330 /* Copy standard attributes */
331 foreach ($this->attributes as $val){
332 if ($this->$val != ""){
333 $this->attrs["$val"]= $this->$val;
334 } elseif (!$this->new) {
335 $this->attrs["$val"]= array();
336 }
337 }
339 }
342 function cleanup()
343 {
344 foreach ($this->attrs as $index => $value){
346 /* Convert arrays with one element to non arrays, if the saved
347 attributes are no array, too */
348 if (is_array($this->attrs[$index]) &&
349 count ($this->attrs[$index]) == 1 &&
350 isset($this->saved_attributes[$index]) &&
351 !is_array($this->saved_attributes[$index])){
353 $tmp= $this->attrs[$index][0];
354 $this->attrs[$index]= $tmp;
355 }
357 /* Remove emtpy arrays if they do not differ */
358 if (is_array($this->attrs[$index]) &&
359 count($this->attrs[$index]) == 0 &&
360 !isset($this->saved_attributes[$index])){
362 unset ($this->attrs[$index]);
363 continue;
364 }
366 /* Remove single attributes that do not differ */
367 if (!is_array($this->attrs[$index]) &&
368 isset($this->saved_attributes[$index]) &&
369 !is_array($this->saved_attributes[$index]) &&
370 $this->attrs[$index] == $this->saved_attributes[$index]){
372 unset ($this->attrs[$index]);
373 continue;
374 }
376 /* Remove arrays that do not differ */
377 if (is_array($this->attrs[$index]) &&
378 isset($this->saved_attributes[$index]) &&
379 is_array($this->saved_attributes[$index])){
381 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
382 unset ($this->attrs[$index]);
383 continue;
384 }
385 }
386 }
387 }
389 /* Check formular input */
390 function check()
391 {
392 $message= array();
394 /* Skip if we've no config object */
395 if (!isset($this->config)){
396 return $message;
397 }
399 /* Find hooks entries for this class */
400 $command= search_config($this->config->data['MENU'], get_class($this), "CHECK");
401 if ($command == "" && isset($this->config->data['TABS'])){
402 $command= search_config($this->config->data['TABS'], get_class($this), "CHECK");
403 }
405 if ($command != ""){
407 if (!check_command($command)){
408 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
409 get_class($this));
410 } else {
412 /* Generate "ldif" for check hook */
413 $ldif= "dn: $this->dn\n";
415 /* ... objectClasses */
416 foreach ($this->objectclasses as $oc){
417 $ldif.= "objectClass: $oc\n";
418 }
420 /* ... attributes */
421 foreach ($this->attributes as $attr){
422 if ($this->$attr == ""){
423 continue;
424 }
425 if (is_array($this->$attr)){
426 foreach ($this->$attr as $val){
427 $ldif.= "$attr: $val\n";
428 }
429 } else {
430 $ldif.= "$attr: ".$this->$attr."\n";
431 }
432 }
434 /* Append empty line */
435 $ldif.= "\n";
437 /* Feed "ldif" into hook and retrieve result*/
438 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
439 $fh= proc_open($command, $descriptorspec, $pipes);
440 if (is_resource($fh)) {
441 fwrite ($pipes[0], $ldif);
442 fclose($pipes[0]);
444 $result= stream_get_contents($pipes[1]);
445 if ($result != ""){
446 $message[]= $result;
447 }
449 fclose($pipes[1]);
450 fclose($pipes[2]);
451 proc_close($fh);
452 }
453 }
455 }
457 return ($message);
458 }
460 /* Adapt from template, using 'dn' */
461 function adapt_from_template($dn)
462 {
463 /* Include global link_info */
464 $ldap= $this->config->get_ldap_link();
466 /* Load requested 'dn' to 'attrs' */
467 $ldap->cat ($dn);
468 $this->attrs= $ldap->fetch();
470 /* Walk through attributes */
471 foreach ($this->attributes as $val){
473 if (isset($this->attrs["$val"][0])){
475 /* If attribute is set, replace dynamic parts:
476 %sn, %givenName and %uid. Fill these in our local variables. */
477 $value= $this->attrs["$val"][0];
479 foreach (array("sn", "givenName", "uid") as $repl){
480 if (preg_match("/%$repl/i", $value)){
481 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
482 }
483 }
484 $this->$val= $value;
485 }
486 }
488 /* Is Account? */
489 $found= TRUE;
490 foreach ($this->objectclasses as $obj){
491 if (preg_match('/top/i', $obj)){
492 continue;
493 }
494 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
495 $found= FALSE;
496 break;
497 }
498 }
499 if ($found){
500 $this->is_account= TRUE;
501 }
502 }
504 /* Indicate whether a password change is needed or not */
505 function password_change_needed()
506 {
507 return FALSE;
508 }
511 /* Show header message for tab dialogs */
512 function show_enable_header($button_text, $text, $disabled= FALSE)
513 {
514 if ($disabled == TRUE){
515 $state= "disabled";
516 } else {
517 $state= "";
518 }
519 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
520 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
521 ($this->acl_is_createable()?'':'disabled')." ".$state.
522 "><p class=\"seperator\"> </p></td></tr></table>";
524 return($display);
525 }
528 /* Show header message for tab dialogs */
529 function show_disable_header($button_text, $text, $disabled= FALSE)
530 {
531 if ($disabled == TRUE){
532 $state= "disabled";
533 } else {
534 $state= "";
535 }
536 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
537 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
538 ($this->acl_is_removeable()?'':'disabled')." ".$state.
539 "><p class=\"seperator\"> </p></td></tr></table>";
541 return($display);
542 }
545 /* Show header message for tab dialogs */
546 function show_header($button_text, $text, $disabled= FALSE)
547 {
548 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
549 if ($disabled == TRUE){
550 $state= "disabled";
551 } else {
552 $state= "";
553 }
554 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
555 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
556 ($this->acl_is_createable()?'':'disabled')." ".$state.
557 "><p class=\"seperator\"> </p></td></tr></table>";
559 return($display);
560 }
563 function postcreate($add_attrs= array())
564 {
565 /* Find postcreate entries for this class */
566 $command= search_config($this->config->data['MENU'], get_class($this), "POSTCREATE");
567 if ($command == "" && isset($this->config->data['TABS'])){
568 $command= search_config($this->config->data['TABS'], get_class($this), "POSTCREATE");
569 }
571 if ($command != ""){
572 /* Walk through attribute list */
573 foreach ($this->attributes as $attr){
574 if (!is_array($this->$attr)){
575 $command= preg_replace("/%$attr/", $this->$attr, $command);
576 }
577 }
578 $command= preg_replace("/%dn/", $this->dn, $command);
580 /* Additional attributes */
581 foreach ($add_attrs as $name => $value){
582 $command= preg_replace("/%$name/", $value, $command);
583 }
585 if (check_command($command)){
586 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
587 $command, "Execute");
589 exec($command);
590 } else {
591 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
592 print_red ($message);
593 }
594 }
595 }
597 function postmodify($add_attrs= array())
598 {
599 /* Find postcreate entries for this class */
600 $command= search_config($this->config->data['MENU'], get_class($this), "POSTMODIFY");
601 if ($command == "" && isset($this->config->data['TABS'])){
602 $command= search_config($this->config->data['TABS'], get_class($this), "POSTMODIFY");
603 }
605 if ($command != ""){
606 /* Walk through attribute list */
607 foreach ($this->attributes as $attr){
608 if (!is_array($this->$attr)){
609 $command= preg_replace("/%$attr/", $this->$attr, $command);
610 }
611 }
612 $command= preg_replace("/%dn/", $this->dn, $command);
614 /* Additional attributes */
615 foreach ($add_attrs as $name => $value){
616 $command= preg_replace("/%$name/", $value, $command);
617 }
619 if (check_command($command)){
620 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
621 $command, "Execute");
623 exec($command);
624 } else {
625 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
626 print_red ($message);
627 }
628 }
629 }
631 function postremove($add_attrs= array())
632 {
633 /* Find postremove entries for this class */
634 $command= search_config($this->config->data['MENU'], get_class($this), "POSTREMOVE");
635 if ($command == "" && isset($this->config->data['TABS'])){
636 $command= search_config($this->config->data['TABS'], get_class($this), "POSTREMOVE");
637 }
639 if ($command != ""){
640 /* Walk through attribute list */
641 foreach ($this->attributes as $attr){
642 if (!is_array($this->$attr)){
643 $command= preg_replace("/%$attr/", $this->$attr, $command);
644 }
645 }
646 $command= preg_replace("/%dn/", $this->dn, $command);
648 /* Additional attributes */
649 foreach ($add_attrs as $name => $value){
650 $command= preg_replace("/%$name/", $value, $command);
651 }
653 if (check_command($command)){
654 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
655 $command, "Execute");
657 exec($command);
658 } else {
659 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
660 print_red ($message);
661 }
662 }
663 }
665 /* Create unique DN */
666 function create_unique_dn($attribute, $base)
667 {
668 $ldap= $this->config->get_ldap_link();
669 $base= preg_replace("/^,*/", "", $base);
671 /* Try to use plain entry first */
672 $dn= "$attribute=".$this->$attribute.",$base";
673 $ldap->cat ($dn, array('dn'));
674 if (!$ldap->fetch()){
675 return ($dn);
676 }
678 /* Look for additional attributes */
679 foreach ($this->attributes as $attr){
680 if ($attr == $attribute || $this->$attr == ""){
681 continue;
682 }
684 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
685 $ldap->cat ($dn, array('dn'));
686 if (!$ldap->fetch()){
687 return ($dn);
688 }
689 }
691 /* None found */
692 return ("none");
693 }
695 function rebind($ldap, $referral)
696 {
697 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
698 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
699 $this->error = "Success";
700 $this->hascon=true;
701 $this->reconnect= true;
702 return (0);
703 } else {
704 $this->error = "Could not bind to " . $credentials['ADMIN'];
705 return NULL;
706 }
707 }
709 /* This is a workaround function. */
710 function copy($src_dn, $dst_dn)
711 {
712 /* Rename dn in possible object groups */
713 $ldap= $this->config->get_ldap_link();
714 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
715 array('cn'));
716 while ($attrs= $ldap->fetch()){
717 $og= new ogroup($this->config, $ldap->getDN());
718 unset($og->member[$src_dn]);
719 $og->member[$dst_dn]= $dst_dn;
720 $og->save ();
721 }
723 $ldap->cat($dst_dn);
724 $attrs= $ldap->fetch();
725 if (count($attrs)){
726 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
727 E_USER_WARNING);
728 return (FALSE);
729 }
731 $ldap->cat($src_dn);
732 $attrs= $ldap->fetch();
733 if (!count($attrs)){
734 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
735 E_USER_WARNING);
736 return (FALSE);
737 }
739 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
740 $ds= ldap_connect($this->config->current['SERVER']);
741 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
742 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
743 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
744 }
746 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
747 error_reporting (0);
748 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
750 /* Fill data from LDAP */
751 $new= array();
752 if ($sr) {
753 $ei=ldap_first_entry($ds, $sr);
754 if ($ei) {
755 foreach($attrs as $attr => $val){
756 if ($info = ldap_get_values_len($ds, $ei, $attr)){
757 for ($i= 0; $i<$info['count']; $i++){
758 if ($info['count'] == 1){
759 $new[$attr]= $info[$i];
760 } else {
761 $new[$attr][]= $info[$i];
762 }
763 }
764 }
765 }
766 }
767 }
769 /* close conncetion */
770 error_reporting (E_ALL);
771 ldap_unbind($ds);
773 /* Adapt naming attribute */
774 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
775 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
776 $new[$dst_name]= @LDAP::fix($dst_val);
778 /* Check if this is a department.
779 * If it is a dep. && there is a , override in his ou
780 * change \2C to , again, else this entry can't be saved ...
781 */
782 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
783 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
784 }
786 /* Save copy */
787 $ldap->connect();
788 $ldap->cd($this->config->current['BASE']);
790 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
792 /* FAIvariable=.../..., cn=..
793 could not be saved, because the attribute FAIvariable was different to
794 the dn FAIvariable=..., cn=... */
795 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
796 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
797 }
798 $ldap->cd($dst_dn);
799 $ldap->add($new);
801 if ($ldap->error != "Success"){
802 trigger_error("Trying to save $dst_dn failed.",
803 E_USER_WARNING);
804 return(FALSE);
805 }
807 return (TRUE);
808 }
811 function move($src_dn, $dst_dn)
812 {
813 /* Copy source to destination */
814 if (!$this->copy($src_dn, $dst_dn)){
815 return (FALSE);
816 }
818 /* Delete source */
819 $ldap= $this->config->get_ldap_link();
820 $ldap->rmdir($src_dn);
821 if ($ldap->error != "Success"){
822 trigger_error("Trying to delete $src_dn failed.",
823 E_USER_WARNING);
824 return (FALSE);
825 }
827 return (TRUE);
828 }
831 /* Move/Rename complete trees */
832 function recursive_move($src_dn, $dst_dn)
833 {
834 /* Check if the destination entry exists */
835 $ldap= $this->config->get_ldap_link();
837 /* Check if destination exists - abort */
838 $ldap->cat($dst_dn, array('dn'));
839 if ($ldap->fetch()){
840 trigger_error("recursive_move $dst_dn already exists.",
841 E_USER_WARNING);
842 return (FALSE);
843 }
845 /* Perform a search for all objects to be moved */
846 $objects= array();
847 $ldap->cd($src_dn);
848 $ldap->search("(objectClass=*)", array("dn"));
849 while($attrs= $ldap->fetch()){
850 $dn= $attrs['dn'];
851 $objects[$dn]= strlen($dn);
852 }
854 /* Sort objects by indent level */
855 asort($objects);
856 reset($objects);
858 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
859 foreach ($objects as $object => $len){
860 $src= $object;
861 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
862 if (!$this->copy($src, $dst)){
863 return (FALSE);
864 }
865 }
867 /* Remove src_dn */
868 $ldap->cd($src_dn);
869 $ldap->recursive_remove();
870 return (TRUE);
871 }
874 function handle_post_events($mode, $add_attrs= array())
875 {
876 switch ($mode){
877 case "add":
878 $this->postcreate($add_attrs);
879 break;
881 case "modify":
882 $this->postmodify($add_attrs);
883 break;
885 case "remove":
886 $this->postremove($add_attrs);
887 break;
888 }
889 }
892 function saveCopyDialog(){
893 }
896 function getCopyDialog(){
897 return(array("string"=>"","status"=>""));
898 }
901 function PrepareForCopyPaste($source){
902 $todo = $this->attributes;
903 if(isset($this->CopyPasteVars)){
904 $todo = array_merge($todo,$this->CopyPasteVars);
905 }
906 $todo[] = "is_account";
907 foreach($todo as $var){
908 $this->$var = $source->$var;
909 }
910 }
913 function handle_object_tagging($dn= "", $tag= "", $show= false)
914 {
915 //FIXME: How to optimize this? We have at least two
916 // LDAP accesses per object. It would be a good
917 // idea to have it integrated.
919 /* No dn? Self-operation... */
920 if ($dn == ""){
921 $dn= $this->dn;
923 /* No tag? Find it yourself... */
924 if ($tag == ""){
925 $len= strlen($dn);
927 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
928 $relevant= array();
929 foreach ($this->config->adepartments as $key => $ntag){
931 /* This one is bigger than our dn, its not relevant... */
932 if ($len <= strlen($key)){
933 continue;
934 }
936 /* This one matches with the latter part. Break and don't fix this entry */
937 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
938 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
939 $relevant[strlen($key)]= $ntag;
940 continue;
941 }
943 }
945 /* If we've some relevant tags to set, just get the longest one */
946 if (count($relevant)){
947 ksort($relevant);
948 $tmp= array_keys($relevant);
949 $idx= end($tmp);
950 $tag= $relevant[$idx];
951 $this->gosaUnitTag= $tag;
952 }
953 }
954 }
957 /* Set tag? */
958 if ($tag != ""){
959 /* Set objectclass and attribute */
960 $ldap= $this->config->get_ldap_link();
961 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
962 $attrs= $ldap->fetch();
963 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
964 if ($show) {
965 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
966 flush();
967 }
968 return;
969 }
970 if (count($attrs)){
971 if ($show){
972 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
973 flush();
974 }
975 $nattrs= array("gosaUnitTag" => $tag);
976 $nattrs['objectClass']= array();
977 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
978 $oc= $attrs['objectClass'][$i];
979 if ($oc != "gosaAdministrativeUnitTag"){
980 $nattrs['objectClass'][]= $oc;
981 }
982 }
983 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
984 $ldap->cd($dn);
985 $ldap->modify($nattrs);
986 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
987 } else {
988 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
989 }
991 } else {
992 /* Remove objectclass and attribute */
993 $ldap= $this->config->get_ldap_link();
994 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
995 $attrs= $ldap->fetch();
996 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
997 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
998 return;
999 }
1000 if (count($attrs)){
1001 if ($show){
1002 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1003 flush();
1004 }
1005 $nattrs= array("gosaUnitTag" => array());
1006 $nattrs['objectClass']= array();
1007 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1008 $oc= $attrs['objectClass'][$i];
1009 if ($oc != "gosaAdministrativeUnitTag"){
1010 $nattrs['objectClass'][]= $oc;
1011 }
1012 }
1013 $ldap->cd($dn);
1014 $ldap->modify($nattrs);
1015 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1016 } else {
1017 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1018 }
1019 }
1021 }
1024 /* Add possibility to stop remove process */
1025 function allow_remove()
1026 {
1027 $reason= "";
1028 return $reason;
1029 }
1032 /* Create a snapshot of the current object */
1033 function create_snapshot($type= "snapshot", $description= array())
1034 {
1036 /* Check if snapshot functionality is enabled */
1037 if(!$this->snapshotEnabled()){
1038 return;
1039 }
1041 /* Get configuration from gosa.conf */
1042 $tmp = $this->config->current;
1044 /* Create lokal ldap connection */
1045 $ldap= $this->config->get_ldap_link();
1046 $ldap->cd($this->config->current['BASE']);
1048 /* check if there are special server configurations for snapshots */
1049 if(!isset($tmp['SNAPSHOT_SERVER'])){
1051 /* Source and destination server are both the same, just copy source to dest obj */
1052 $ldap_to = $ldap;
1053 $snapldapbase = $this->config->current['BASE'];
1055 }else{
1056 $server = $tmp['SNAPSHOT_SERVER'];
1057 $user = $tmp['SNAPSHOT_USER'];
1058 $password = $tmp['SNAPSHOT_PASSWORD'];
1059 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1061 $ldap_to = new LDAP($user,$password, $server);
1062 $ldap_to -> cd($snapldapbase);
1063 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1064 }
1066 /* check if the dn exists */
1067 if ($ldap->dn_exists($this->dn)){
1069 /* Extract seconds & mysecs, they are used as entry index */
1070 list($usec, $sec)= explode(" ", microtime());
1072 /* Collect some infos */
1073 $base = $this->config->current['BASE'];
1074 $snap_base = $tmp['SNAPSHOT_BASE'];
1075 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1076 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1078 /* Create object */
1079 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1080 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1081 $newName = preg_replace("/\./", "", $sec."-".$usec);
1082 $target= array();
1083 $target['objectClass'] = array("top", "gosaSnapshotObject");
1084 $target['gosaSnapshotData'] = gzcompress($data, 6);
1085 $target['gosaSnapshotType'] = $type;
1086 $target['gosaSnapshotDN'] = $this->dn;
1087 $target['description'] = $description;
1088 $target['gosaSnapshotTimestamp'] = $newName;
1090 /* Insert the new snapshot
1091 But we have to check first, if the given gosaSnapshotTimestamp
1092 is already used, in this case we should increment this value till there is
1093 an unused value. */
1094 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1095 $ldap_to->cat($new_dn);
1096 while($ldap_to->count()){
1097 $ldap_to->cat($new_dn);
1098 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1099 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1100 $target['gosaSnapshotTimestamp'] = $newName;
1101 }
1103 /* Inset this new snapshot */
1104 $ldap_to->cd($snapldapbase);
1105 $ldap_to->create_missing_trees($new_base);
1106 $ldap_to->cd($new_dn);
1107 $ldap_to->add($target);
1109 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1110 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1111 }
1112 }
1114 function remove_snapshot($dn)
1115 {
1116 echo "FIXME: remove_snapshot uses old acl's<br>";
1117 $ui = get_userinfo();
1118 $acl = get_permissions ($dn, $ui->subtreeACL);
1119 $acl = get_module_permission($acl, "snapshot", $dn);
1121 if (chkacl($this->acl, "delete") == ""){
1122 $ldap = $this->config->get_ldap_link();
1123 $ldap->cd($this->config->current['BASE']);
1124 $ldap->rmdir_recursive($dn);
1125 }else{
1126 print_red (_("You are not allowed to delete this snap shot!"));
1127 }
1128 }
1131 /* returns true if snapshots are enabled, and false if it is disalbed
1132 There will also be some errors psoted, if the configuration failed */
1133 function snapshotEnabled()
1134 {
1135 $tmp = $this->config->current;
1136 if(isset($tmp['ENABLE_SNAPSHOT'])){
1137 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1139 /* Check if the snapshot_base is defined */
1140 if(!isset($tmp['SNAPSHOT_BASE'])){
1141 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),$missing));
1142 return(FALSE);
1143 }
1145 /* check if there are special server configurations for snapshots */
1146 if(isset($tmp['SNAPSHOT_SERVER'])){
1148 /* check if all required vars are available to create a new ldap connection */
1149 $missing = "";
1150 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_LDAP_BASE") as $var){
1151 if(!isset($tmp[$var])){
1152 $missing .= $var." ";
1153 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1154 return(FALSE);
1155 }
1156 }
1157 }
1158 return(TRUE);
1159 }
1160 }
1161 return(FALSE);
1162 }
1165 /* Return available snapshots for the given base
1166 */
1167 function Available_SnapsShots($dn,$raw = false)
1168 {
1169 if(!$this->snapshotEnabled()) return(array());
1171 /* Create an additional ldap object which
1172 points to our ldap snapshot server */
1173 $ldap= $this->config->get_ldap_link();
1174 $ldap->cd($this->config->current['BASE']);
1175 $tmp = $this->config->current;
1177 /* check if there are special server configurations for snapshots */
1178 if(isset($tmp['SNAPSHOT_SERVER'])){
1179 $server = $tmp['SNAPSHOT_SERVER'];
1180 $user = $tmp['SNAPSHOT_USER'];
1181 $password = $tmp['SNAPSHOT_PASSWORD'];
1182 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1183 $ldap_to = new LDAP($user,$password, $server);
1184 $ldap_to -> cd ($snapldapbase);
1185 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1186 }else{
1187 $ldap_to = $ldap;
1188 }
1190 /* Prepare bases and some other infos */
1191 $base = $this->config->current['BASE'];
1192 $snap_base = $tmp['SNAPSHOT_BASE'];
1193 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1194 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1195 $tmp = array();
1197 /* Fetch all objects with gosaSnapshotDN=$dn */
1198 $ldap_to->cd($new_base);
1199 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1200 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1202 /* Put results into a list and add description if missing */
1203 while($entry = $ldap_to->fetch()){
1204 if(!isset($entry['description'][0])){
1205 $entry['description'][0] = "";
1206 }
1207 $tmp[] = $entry;
1208 }
1210 /* Return the raw array, or format the result */
1211 if($raw){
1212 return($tmp);
1213 }else{
1214 $tmp2 = array();
1215 foreach($tmp as $entry){
1216 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1217 }
1218 }
1219 return($tmp2);
1220 }
1223 function getAllDeletedSnapshots($base_of_object,$raw = false)
1224 {
1225 if(!$this->snapshotEnabled()) return(array());
1227 /* Create an additional ldap object which
1228 points to our ldap snapshot server */
1229 $ldap= $this->config->get_ldap_link();
1230 $ldap->cd($this->config->current['BASE']);
1231 $tmp = $this->config->current;
1233 /* check if there are special server configurations for snapshots */
1234 if(isset($tmp['SNAPSHOT_SERVER'])){
1235 $server = $tmp['SNAPSHOT_SERVER'];
1236 $user = $tmp['SNAPSHOT_USER'];
1237 $password = $tmp['SNAPSHOT_PASSWORD'];
1238 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1239 $ldap_to = new LDAP($user,$password, $server);
1240 $ldap_to->cd ($snapldapbase);
1241 show_ldap_error($ldap->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1242 }else{
1243 $ldap_to = $ldap;
1244 }
1246 /* Prepare bases */
1247 $base = $this->config->current['BASE'];
1248 $snap_base = $tmp['SNAPSHOT_BASE'];
1249 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1251 /* Fetch all objects and check if they do not exist anymore */
1252 $ui = get_userinfo();
1253 $tmp = array();
1254 $ldap_to->cd($new_base);
1255 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1256 while($entry = $ldap_to->fetch()){
1258 $chk = str_replace($new_base,"",$entry['dn']);
1259 if(preg_match("/,ou=/",$chk)) continue;
1261 if(!isset($entry['description'][0])){
1262 $entry['description'][0] = "";
1263 }
1264 $tmp[] = $entry;
1265 }
1267 /* Check if entry still exists */
1268 foreach($tmp as $key => $entry){
1269 $ldap->cat($entry['gosaSnapshotDN'][0]);
1270 if($ldap->count()){
1271 unset($tmp[$key]);
1272 }
1273 }
1275 /* Format result as requested */
1276 if($raw) {
1277 return($tmp);
1278 }else{
1279 $tmp2 = array();
1280 foreach($tmp as $key => $entry){
1281 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1282 }
1283 }
1284 return($tmp2);
1285 }
1288 /* Restore selected snapshot */
1289 function restore_snapshot($dn)
1290 {
1291 if(!$this->snapshotEnabled()) return(array());
1293 $ldap= $this->config->get_ldap_link();
1294 $ldap->cd($this->config->current['BASE']);
1295 $tmp = $this->config->current;
1297 /* check if there are special server configurations for snapshots */
1298 if(isset($tmp['SNAPSHOT_SERVER'])){
1299 $server = $tmp['SNAPSHOT_SERVER'];
1300 $user = $tmp['SNAPSHOT_USER'];
1301 $password = $tmp['SNAPSHOT_PASSWORD'];
1302 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1303 $ldap_to = new LDAP($user,$password, $server);
1304 $ldap_to->cd ($snapldapbase);
1305 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1306 }else{
1307 $ldap_to = $ldap;
1308 }
1310 /* Get the snapshot */
1311 $ldap_to->cat($dn);
1312 $restoreObject = $ldap_to->fetch();
1314 /* Prepare import string */
1315 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1317 /* Import the given data */
1318 $ldap->import_complete_ldif($data,$err,false,false);
1319 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1320 }
1323 function showSnapshotDialog($base,$baseSuffixe)
1324 {
1325 $once = true;
1326 foreach($_POST as $name => $value){
1328 /* Create a new snapshot, display a dialog */
1329 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1330 $once = false;
1331 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1332 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1333 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1334 }
1336 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1337 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1338 $once = false;
1339 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1340 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1341 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1342 $this->snapDialog->display_restore_dialog = true;
1343 }
1345 /* Restore one of the already deleted objects */
1346 if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
1347 $once = false;
1348 $this->snapDialog = new SnapShotDialog($this->config,$baseSuffixe,$this);
1349 $this->snapDialog->display_restore_dialog = true;
1350 $this->snapDialog->display_all_removed_objects = true;
1351 }
1353 /* Restore selected snapshot */
1354 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1355 $once = false;
1356 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1357 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1358 if(!empty($entry)){
1359 $this->restore_snapshot($entry);
1360 $this->snapDialog = NULL;
1361 }
1362 }
1363 }
1365 /* Create a new snapshot requested, check
1366 the given attributes and create the snapshot*/
1367 if(isset($_POST['CreateSnapshot'])){
1368 $this->snapDialog->save_object();
1369 $msgs = $this->snapDialog->check();
1370 if(count($msgs)){
1371 foreach($msgs as $msg){
1372 print_red($msg);
1373 }
1374 }else{
1375 $this->dn = $this->snapDialog->dn;
1376 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1377 $this->snapDialog = NULL;
1378 }
1379 }
1381 /* Restore is requested, restore the object with the posted dn .*/
1382 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1383 }
1385 if(isset($_POST['CancelSnapshot'])){
1386 $this->snapDialog = NULL;
1387 }
1389 if($this->snapDialog){
1390 $this->snapDialog->save_object();
1391 return($this->snapDialog->execute());
1392 }
1393 }
1396 function plInfo()
1397 {
1398 return array();
1399 }
1402 function acl_is_writable($attribute)
1403 {
1404 $ui= get_userinfo();
1405 return preg_match('/w/', $ui->get_permissions($this->dn, get_class($this), $attribute));
1406 }
1409 function acl_is_readable($attribute)
1410 {
1411 $ui= get_userinfo();
1412 return preg_match('/r/', $ui->get_permissions($this->dn, get_class($this), $attribute));
1413 }
1416 function acl_is_createable()
1417 {
1418 $ui= get_userinfo();
1419 return preg_match('/c/', $ui->get_permissions($this->dn, get_class($this), '0'));
1420 }
1423 function acl_is_removeable()
1424 {
1425 $ui= get_userinfo();
1426 return preg_match('/d/', $ui->get_permissions($this->dn, get_class($this), '0'));
1427 }
1429 }
1430 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1431 ?>