cf8682f84733233f952937e82085a93b19927c3b
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $new= TRUE;
109 var $saved_attributes= array();
111 /* Plugin identifier */
112 var $plHeadline= "";
113 var $plDescription= "";
115 /*! \brief plugin constructor
117 If 'dn' is set, the node loads the given 'dn' from LDAP
119 \param dn Distinguished name to initialize plugin from
120 \sa plugin()
121 */
122 function plugin ($config, $dn= NULL)
123 {
124 /* Configuration is fine, allways */
125 $this->config= $config;
126 $this->dn= $dn;
128 /* Handle new accounts, don't read information from LDAP */
129 if ($dn == "new"){
130 return;
131 }
133 /* Get LDAP descriptor */
134 $ldap= $this->config->get_ldap_link();
135 if ($dn != NULL){
137 /* Load data to 'attrs' and save 'dn' */
138 $ldap->cat ($dn);
139 $this->attrs= $ldap->fetch();
141 /* Copy needed attributes */
142 foreach ($this->attributes as $val){
143 $found= array_key_ics($val, $this->attrs);
144 if ($found != ""){
145 $this->$val= $this->attrs["$found"][0];
146 }
147 }
149 /* gosaUnitTag loading... */
150 if (isset($this->attrs['gosaUnitTag'][0])){
151 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
152 }
154 /* Set the template flag according to the existence of objectClass
155 gosaUserTemplate */
156 if (isset($this->attrs['objectClass'])){
157 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
158 $this->is_template= TRUE;
159 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
160 "found", "Template check");
161 }
162 }
164 /* Is Account? */
165 error_reporting(0);
166 $found= TRUE;
167 foreach ($this->objectclasses as $obj){
168 if (preg_match('/top/i', $obj)){
169 continue;
170 }
171 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
172 $found= FALSE;
173 break;
174 }
175 }
176 error_reporting(E_ALL);
177 if ($found){
178 $this->is_account= TRUE;
179 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
180 "found", "Object check");
181 }
183 /* Prepare saved attributes */
184 $this->saved_attributes= $this->attrs;
185 foreach ($this->saved_attributes as $index => $value){
186 if (preg_match('/^[0-9]+$/', $index)){
187 unset($this->saved_attributes[$index]);
188 continue;
189 }
190 if (!in_array($index, $this->attributes) && $index != "objectClass"){
191 unset($this->saved_attributes[$index]);
192 continue;
193 }
194 if ($this->saved_attributes[$index]["count"] == 1){
195 $tmp= $this->saved_attributes[$index][0];
196 unset($this->saved_attributes[$index]);
197 $this->saved_attributes[$index]= $tmp;
198 continue;
199 }
201 unset($this->saved_attributes["$index"]["count"]);
202 }
203 }
205 /* Save initial account state */
206 $this->initially_was_account= $this->is_account;
207 }
209 /*! \brief execute plugin
211 Generates the html output for this node
212 */
213 function execute()
214 {
215 # This one is empty currently. Fabian - please fill in the docu code
216 $_SESSION['current_class_for_help'] = get_class($this);
217 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
218 $_SESSION['LOCK_VARS_TO_USE'] =array();
219 }
221 /*! \brief execute plugin
222 Removes object from parent
223 */
224 function remove_from_parent()
225 {
226 /* include global link_info */
227 $ldap= $this->config->get_ldap_link();
229 /* Get current objectClasses in order to add the required ones */
230 $ldap->cat($this->dn);
231 $tmp= $ldap->fetch ();
232 if (isset($tmp['objectClass'])){
233 $oc= $tmp['objectClass'];
234 } else {
235 $oc= array("count" => 0);
236 }
238 /* Remove objectClasses from entry */
239 $ldap->cd($this->dn);
240 $this->attrs= array();
241 $this->attrs['objectClass']= array();
242 for ($i= 0; $i<$oc["count"]; $i++){
243 if (!in_array_ics($oc[$i], $this->objectclasses)){
244 $this->attrs['objectClass'][]= $oc[$i];
245 }
246 }
248 /* Unset attributes from entry */
249 foreach ($this->attributes as $val){
250 $this->attrs["$val"]= array();
251 }
253 /* Unset account info */
254 $this->is_account= FALSE;
256 /* Do not write in plugin base class, this must be done by
257 children, since there are normally additional attribs,
258 lists, etc. */
259 /*
260 $ldap->modify($this->attrs);
261 */
262 }
265 /* Save data to object */
266 function save_object()
267 {
268 /* Save values to object */
269 foreach ($this->attributes as $val){
270 if ($this->acl_is_writable($val) && isset ($_POST["$val"])){
271 /* Check for modifications */
272 if (get_magic_quotes_gpc()) {
273 $data= stripcslashes($_POST["$val"]);
274 } else {
275 $data= $this->$val = $_POST["$val"];
276 }
277 if ($this->$val != $data){
278 $this->is_modified= TRUE;
279 }
281 /* Okay, how can I explain this fix ...
282 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
283 * So IE posts these 'unselectable' option, with value = chr(194)
284 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
285 * This was added for W3c compliance, but now causes these ... ldap errors ...
286 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
287 */
288 if(isset($data[0]) && $data[0] == chr(194)) {
289 $data = "";
290 }
291 $this->$val= $data;
292 }
293 }
294 }
297 /* Save data to LDAP, depending on is_account we save or delete */
298 function save()
299 {
300 /* include global link_info */
301 $ldap= $this->config->get_ldap_link();
303 /* Start with empty array */
304 $this->attrs= array();
306 /* Get current objectClasses in order to add the required ones */
307 $ldap->cat($this->dn);
309 $tmp= $ldap->fetch ();
311 if (isset($tmp['objectClass'])){
312 $oc= $tmp["objectClass"];
313 $this->new= FALSE;
314 } else {
315 $oc= array("count" => 0);
316 $this->new= TRUE;
317 }
319 /* Load (minimum) attributes, add missing ones */
320 $this->attrs['objectClass']= $this->objectclasses;
321 for ($i= 0; $i<$oc["count"]; $i++){
322 if (!in_array_ics($oc[$i], $this->objectclasses)){
323 $this->attrs['objectClass'][]= $oc[$i];
324 }
325 }
327 /* Copy standard attributes */
328 foreach ($this->attributes as $val){
329 if ($this->$val != ""){
330 $this->attrs["$val"]= $this->$val;
331 } elseif (!$this->new) {
332 $this->attrs["$val"]= array();
333 }
334 }
336 }
339 function cleanup()
340 {
341 foreach ($this->attrs as $index => $value){
343 /* Convert arrays with one element to non arrays, if the saved
344 attributes are no array, too */
345 if (is_array($this->attrs[$index]) &&
346 count ($this->attrs[$index]) == 1 &&
347 isset($this->saved_attributes[$index]) &&
348 !is_array($this->saved_attributes[$index])){
350 $tmp= $this->attrs[$index][0];
351 $this->attrs[$index]= $tmp;
352 }
354 /* Remove emtpy arrays if they do not differ */
355 if (is_array($this->attrs[$index]) &&
356 count($this->attrs[$index]) == 0 &&
357 !isset($this->saved_attributes[$index])){
359 unset ($this->attrs[$index]);
360 continue;
361 }
363 /* Remove single attributes that do not differ */
364 if (!is_array($this->attrs[$index]) &&
365 isset($this->saved_attributes[$index]) &&
366 !is_array($this->saved_attributes[$index]) &&
367 $this->attrs[$index] == $this->saved_attributes[$index]){
369 unset ($this->attrs[$index]);
370 continue;
371 }
373 /* Remove arrays that do not differ */
374 if (is_array($this->attrs[$index]) &&
375 isset($this->saved_attributes[$index]) &&
376 is_array($this->saved_attributes[$index])){
378 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
379 unset ($this->attrs[$index]);
380 continue;
381 }
382 }
383 }
384 }
386 /* Check formular input */
387 function check()
388 {
389 $message= array();
391 /* Skip if we've no config object */
392 if (!isset($this->config)){
393 return $message;
394 }
396 /* Find hooks entries for this class */
397 $command= search_config($this->config->data['MENU'], get_class($this), "CHECK");
398 if ($command == "" && isset($this->config->data['TABS'])){
399 $command= search_config($this->config->data['TABS'], get_class($this), "CHECK");
400 }
402 if ($command != ""){
404 if (!check_command($command)){
405 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
406 get_class($this));
407 } else {
409 /* Generate "ldif" for check hook */
410 $ldif= "dn: $this->dn\n";
412 /* ... objectClasses */
413 foreach ($this->objectclasses as $oc){
414 $ldif.= "objectClass: $oc\n";
415 }
417 /* ... attributes */
418 foreach ($this->attributes as $attr){
419 if ($this->$attr == ""){
420 continue;
421 }
422 if (is_array($this->$attr)){
423 foreach ($this->$attr as $val){
424 $ldif.= "$attr: $val\n";
425 }
426 } else {
427 $ldif.= "$attr: ".$this->$attr."\n";
428 }
429 }
431 /* Append empty line */
432 $ldif.= "\n";
434 /* Feed "ldif" into hook and retrieve result*/
435 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
436 $fh= proc_open($command, $descriptorspec, $pipes);
437 if (is_resource($fh)) {
438 fwrite ($pipes[0], $ldif);
439 fclose($pipes[0]);
441 $result= stream_get_contents($pipes[1]);
442 if ($result != ""){
443 $message[]= $result;
444 }
446 fclose($pipes[1]);
447 fclose($pipes[2]);
448 proc_close($fh);
449 }
450 }
452 }
454 return ($message);
455 }
457 /* Adapt from template, using 'dn' */
458 function adapt_from_template($dn)
459 {
460 /* Include global link_info */
461 $ldap= $this->config->get_ldap_link();
463 /* Load requested 'dn' to 'attrs' */
464 $ldap->cat ($dn);
465 $this->attrs= $ldap->fetch();
467 /* Walk through attributes */
468 foreach ($this->attributes as $val){
470 if (isset($this->attrs["$val"][0])){
472 /* If attribute is set, replace dynamic parts:
473 %sn, %givenName and %uid. Fill these in our local variables. */
474 $value= $this->attrs["$val"][0];
476 foreach (array("sn", "givenName", "uid") as $repl){
477 if (preg_match("/%$repl/i", $value)){
478 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
479 }
480 }
481 $this->$val= $value;
482 }
483 }
485 /* Is Account? */
486 $found= TRUE;
487 foreach ($this->objectclasses as $obj){
488 if (preg_match('/top/i', $obj)){
489 continue;
490 }
491 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
492 $found= FALSE;
493 break;
494 }
495 }
496 if ($found){
497 $this->is_account= TRUE;
498 }
499 }
501 /* Indicate whether a password change is needed or not */
502 function password_change_needed()
503 {
504 return FALSE;
505 }
508 /* Show header message for tab dialogs */
509 function show_enable_header($button_text, $text, $disabled= FALSE)
510 {
511 if ($disabled == TRUE){
512 $state= "disabled";
513 } else {
514 $state= "";
515 }
516 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
517 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
518 ($this->acl_is_createable()?'':'disabled')." ".$state.
519 "><p class=\"seperator\"> </p></td></tr></table>";
521 return($display);
522 }
525 /* Show header message for tab dialogs */
526 function show_disable_header($button_text, $text, $disabled= FALSE)
527 {
528 if ($disabled == TRUE){
529 $state= "disabled";
530 } else {
531 $state= "";
532 }
533 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
534 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
535 ($this->acl_is_removeable()?'':'disabled')." ".$state.
536 "><p class=\"seperator\"> </p></td></tr></table>";
538 return($display);
539 }
542 /* Show header message for tab dialogs */
543 function show_header($button_text, $text, $disabled= FALSE)
544 {
545 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
546 if ($disabled == TRUE){
547 $state= "disabled";
548 } else {
549 $state= "";
550 }
551 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
552 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
553 ($this->acl_is_createable()?'':'disabled')." ".$state.
554 "><p class=\"seperator\"> </p></td></tr></table>";
556 return($display);
557 }
560 function postcreate($add_attrs= array())
561 {
562 /* Find postcreate entries for this class */
563 $command= search_config($this->config->data['MENU'], get_class($this), "POSTCREATE");
564 if ($command == "" && isset($this->config->data['TABS'])){
565 $command= search_config($this->config->data['TABS'], get_class($this), "POSTCREATE");
566 }
568 if ($command != ""){
569 /* Walk through attribute list */
570 foreach ($this->attributes as $attr){
571 if (!is_array($this->$attr)){
572 $command= preg_replace("/%$attr/", $this->$attr, $command);
573 }
574 }
575 $command= preg_replace("/%dn/", $this->dn, $command);
577 /* Additional attributes */
578 foreach ($add_attrs as $name => $value){
579 $command= preg_replace("/%$name/", $value, $command);
580 }
582 if (check_command($command)){
583 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
584 $command, "Execute");
586 exec($command);
587 } else {
588 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
589 print_red ($message);
590 }
591 }
592 }
594 function postmodify($add_attrs= array())
595 {
596 /* Find postcreate entries for this class */
597 $command= search_config($this->config->data['MENU'], get_class($this), "POSTMODIFY");
598 if ($command == "" && isset($this->config->data['TABS'])){
599 $command= search_config($this->config->data['TABS'], get_class($this), "POSTMODIFY");
600 }
602 if ($command != ""){
603 /* Walk through attribute list */
604 foreach ($this->attributes as $attr){
605 if (!is_array($this->$attr)){
606 $command= preg_replace("/%$attr/", $this->$attr, $command);
607 }
608 }
609 $command= preg_replace("/%dn/", $this->dn, $command);
611 /* Additional attributes */
612 foreach ($add_attrs as $name => $value){
613 $command= preg_replace("/%$name/", $value, $command);
614 }
616 if (check_command($command)){
617 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
618 $command, "Execute");
620 exec($command);
621 } else {
622 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
623 print_red ($message);
624 }
625 }
626 }
628 function postremove($add_attrs= array())
629 {
630 /* Find postremove entries for this class */
631 $command= search_config($this->config->data['MENU'], get_class($this), "POSTREMOVE");
632 if ($command == "" && isset($this->config->data['TABS'])){
633 $command= search_config($this->config->data['TABS'], get_class($this), "POSTREMOVE");
634 }
636 if ($command != ""){
637 /* Walk through attribute list */
638 foreach ($this->attributes as $attr){
639 if (!is_array($this->$attr)){
640 $command= preg_replace("/%$attr/", $this->$attr, $command);
641 }
642 }
643 $command= preg_replace("/%dn/", $this->dn, $command);
645 /* Additional attributes */
646 foreach ($add_attrs as $name => $value){
647 $command= preg_replace("/%$name/", $value, $command);
648 }
650 if (check_command($command)){
651 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
652 $command, "Execute");
654 exec($command);
655 } else {
656 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
657 print_red ($message);
658 }
659 }
660 }
662 /* Create unique DN */
663 function create_unique_dn($attribute, $base)
664 {
665 $ldap= $this->config->get_ldap_link();
666 $base= preg_replace("/^,*/", "", $base);
668 /* Try to use plain entry first */
669 $dn= "$attribute=".$this->$attribute.",$base";
670 $ldap->cat ($dn, array('dn'));
671 if (!$ldap->fetch()){
672 return ($dn);
673 }
675 /* Look for additional attributes */
676 foreach ($this->attributes as $attr){
677 if ($attr == $attribute || $this->$attr == ""){
678 continue;
679 }
681 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
682 $ldap->cat ($dn, array('dn'));
683 if (!$ldap->fetch()){
684 return ($dn);
685 }
686 }
688 /* None found */
689 return ("none");
690 }
692 function rebind($ldap, $referral)
693 {
694 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
695 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
696 $this->error = "Success";
697 $this->hascon=true;
698 $this->reconnect= true;
699 return (0);
700 } else {
701 $this->error = "Could not bind to " . $credentials['ADMIN'];
702 return NULL;
703 }
704 }
706 /* This is a workaround function. */
707 function copy($src_dn, $dst_dn)
708 {
709 /* Rename dn in possible object groups */
710 $ldap= $this->config->get_ldap_link();
711 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
712 array('cn'));
713 while ($attrs= $ldap->fetch()){
714 $og= new ogroup($this->config, $ldap->getDN());
715 unset($og->member[$src_dn]);
716 $og->member[$dst_dn]= $dst_dn;
717 $og->save ();
718 }
720 $ldap->cat($dst_dn);
721 $attrs= $ldap->fetch();
722 if (count($attrs)){
723 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
724 E_USER_WARNING);
725 return (FALSE);
726 }
728 $ldap->cat($src_dn);
729 $attrs= $ldap->fetch();
730 if (!count($attrs)){
731 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
732 E_USER_WARNING);
733 return (FALSE);
734 }
736 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
737 $ds= ldap_connect($this->config->current['SERVER']);
738 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
739 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
740 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
741 }
743 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
744 error_reporting (0);
745 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
747 /* Fill data from LDAP */
748 $new= array();
749 if ($sr) {
750 $ei=ldap_first_entry($ds, $sr);
751 if ($ei) {
752 foreach($attrs as $attr => $val){
753 if ($info = ldap_get_values_len($ds, $ei, $attr)){
754 for ($i= 0; $i<$info['count']; $i++){
755 if ($info['count'] == 1){
756 $new[$attr]= $info[$i];
757 } else {
758 $new[$attr][]= $info[$i];
759 }
760 }
761 }
762 }
763 }
764 }
766 /* close conncetion */
767 error_reporting (E_ALL);
768 ldap_unbind($ds);
770 /* Adapt naming attribute */
771 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
772 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
773 $new[$dst_name]= @LDAP::fix($dst_val);
775 /* Check if this is a department.
776 * If it is a dep. && there is a , override in his ou
777 * change \2C to , again, else this entry can't be saved ...
778 */
779 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
780 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
781 }
783 /* Save copy */
784 $ldap->connect();
785 $ldap->cd($this->config->current['BASE']);
787 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
789 /* FAIvariable=.../..., cn=..
790 could not be saved, because the attribute FAIvariable was different to
791 the dn FAIvariable=..., cn=... */
792 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
793 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
794 }
795 $ldap->cd($dst_dn);
796 $ldap->add($new);
798 if ($ldap->error != "Success"){
799 trigger_error("Trying to save $dst_dn failed.",
800 E_USER_WARNING);
801 return(FALSE);
802 }
804 return (TRUE);
805 }
808 function move($src_dn, $dst_dn)
809 {
810 /* Copy source to destination */
811 if (!$this->copy($src_dn, $dst_dn)){
812 return (FALSE);
813 }
815 /* Delete source */
816 $ldap= $this->config->get_ldap_link();
817 $ldap->rmdir($src_dn);
818 if ($ldap->error != "Success"){
819 trigger_error("Trying to delete $src_dn failed.",
820 E_USER_WARNING);
821 return (FALSE);
822 }
824 return (TRUE);
825 }
828 /* Move/Rename complete trees */
829 function recursive_move($src_dn, $dst_dn)
830 {
831 /* Check if the destination entry exists */
832 $ldap= $this->config->get_ldap_link();
834 /* Check if destination exists - abort */
835 $ldap->cat($dst_dn, array('dn'));
836 if ($ldap->fetch()){
837 trigger_error("recursive_move $dst_dn already exists.",
838 E_USER_WARNING);
839 return (FALSE);
840 }
842 /* Perform a search for all objects to be moved */
843 $objects= array();
844 $ldap->cd($src_dn);
845 $ldap->search("(objectClass=*)", array("dn"));
846 while($attrs= $ldap->fetch()){
847 $dn= $attrs['dn'];
848 $objects[$dn]= strlen($dn);
849 }
851 /* Sort objects by indent level */
852 asort($objects);
853 reset($objects);
855 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
856 foreach ($objects as $object => $len){
857 $src= $object;
858 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
859 if (!$this->copy($src, $dst)){
860 return (FALSE);
861 }
862 }
864 /* Remove src_dn */
865 $ldap->cd($src_dn);
866 $ldap->recursive_remove();
867 return (TRUE);
868 }
871 function handle_post_events($mode, $add_attrs= array())
872 {
873 switch ($mode){
874 case "add":
875 $this->postcreate($add_attrs);
876 break;
878 case "modify":
879 $this->postmodify($add_attrs);
880 break;
882 case "remove":
883 $this->postremove($add_attrs);
884 break;
885 }
886 }
889 function saveCopyDialog(){
890 }
893 function getCopyDialog(){
894 return(array("string"=>"","status"=>""));
895 }
898 function PrepareForCopyPaste($source){
899 $todo = $this->attributes;
900 if(isset($this->CopyPasteVars)){
901 $todo = array_merge($todo,$this->CopyPasteVars);
902 }
903 $todo[] = "is_account";
904 foreach($todo as $var){
905 $this->$var = $source->$var;
906 }
907 }
910 function handle_object_tagging($dn= "", $tag= "", $show= false)
911 {
912 //FIXME: How to optimize this? We have at least two
913 // LDAP accesses per object. It would be a good
914 // idea to have it integrated.
916 /* No dn? Self-operation... */
917 if ($dn == ""){
918 $dn= $this->dn;
920 /* No tag? Find it yourself... */
921 if ($tag == ""){
922 $len= strlen($dn);
924 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
925 $relevant= array();
926 foreach ($this->config->adepartments as $key => $ntag){
928 /* This one is bigger than our dn, its not relevant... */
929 if ($len <= strlen($key)){
930 continue;
931 }
933 /* This one matches with the latter part. Break and don't fix this entry */
934 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
935 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
936 $relevant[strlen($key)]= $ntag;
937 continue;
938 }
940 }
942 /* If we've some relevant tags to set, just get the longest one */
943 if (count($relevant)){
944 ksort($relevant);
945 $tmp= array_keys($relevant);
946 $idx= end($tmp);
947 $tag= $relevant[$idx];
948 $this->gosaUnitTag= $tag;
949 }
950 }
951 }
954 /* Set tag? */
955 if ($tag != ""){
956 /* Set objectclass and attribute */
957 $ldap= $this->config->get_ldap_link();
958 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
959 $attrs= $ldap->fetch();
960 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
961 if ($show) {
962 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
963 flush();
964 }
965 return;
966 }
967 if (count($attrs)){
968 if ($show){
969 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
970 flush();
971 }
972 $nattrs= array("gosaUnitTag" => $tag);
973 $nattrs['objectClass']= array();
974 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
975 $oc= $attrs['objectClass'][$i];
976 if ($oc != "gosaAdministrativeUnitTag"){
977 $nattrs['objectClass'][]= $oc;
978 }
979 }
980 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
981 $ldap->cd($dn);
982 $ldap->modify($nattrs);
983 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
984 } else {
985 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
986 }
988 } else {
989 /* Remove objectclass and attribute */
990 $ldap= $this->config->get_ldap_link();
991 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
992 $attrs= $ldap->fetch();
993 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
994 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
995 return;
996 }
997 if (count($attrs)){
998 if ($show){
999 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1000 flush();
1001 }
1002 $nattrs= array("gosaUnitTag" => array());
1003 $nattrs['objectClass']= array();
1004 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1005 $oc= $attrs['objectClass'][$i];
1006 if ($oc != "gosaAdministrativeUnitTag"){
1007 $nattrs['objectClass'][]= $oc;
1008 }
1009 }
1010 $ldap->cd($dn);
1011 $ldap->modify($nattrs);
1012 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1013 } else {
1014 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1015 }
1016 }
1018 }
1021 /* Add possibility to stop remove process */
1022 function allow_remove()
1023 {
1024 $reason= "";
1025 return $reason;
1026 }
1029 /* Create a snapshot of the current object */
1030 function create_snapshot($type= "snapshot", $description= array())
1031 {
1033 /* Check if snapshot functionality is enabled */
1034 if(!$this->snapshotEnabled()){
1035 return;
1036 }
1038 /* Get configuration from gosa.conf */
1039 $tmp = $this->config->current;
1041 /* Create lokal ldap connection */
1042 $ldap= $this->config->get_ldap_link();
1043 $ldap->cd($this->config->current['BASE']);
1045 /* check if there are special server configurations for snapshots */
1046 if(!isset($tmp['SNAPSHOT_SERVER'])){
1048 /* Source and destination server are both the same, just copy source to dest obj */
1049 $ldap_to = $ldap;
1050 $snapldapbase = $this->config->current['BASE'];
1052 }else{
1053 $server = $tmp['SNAPSHOT_SERVER'];
1054 $user = $tmp['SNAPSHOT_USER'];
1055 $password = $tmp['SNAPSHOT_PASSWORD'];
1056 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1058 $ldap_to = new LDAP($user,$password, $server);
1059 $ldap_to -> cd($snapldapbase);
1060 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1061 }
1063 /* check if the dn exists */
1064 if ($ldap->dn_exists($this->dn)){
1066 /* Extract seconds & mysecs, they are used as entry index */
1067 list($usec, $sec)= explode(" ", microtime());
1069 /* Collect some infos */
1070 $base = $this->config->current['BASE'];
1071 $snap_base = $tmp['SNAPSHOT_BASE'];
1072 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1073 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1075 /* Create object */
1076 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1077 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1078 $newName = preg_replace("/\./", "", $sec."-".$usec);
1079 $target= array();
1080 $target['objectClass'] = array("top", "gosaSnapshotObject");
1081 $target['gosaSnapshotData'] = gzcompress($data, 6);
1082 $target['gosaSnapshotType'] = $type;
1083 $target['gosaSnapshotDN'] = $this->dn;
1084 $target['description'] = $description;
1085 $target['gosaSnapshotTimestamp'] = $newName;
1087 /* Insert the new snapshot
1088 But we have to check first, if the given gosaSnapshotTimestamp
1089 is already used, in this case we should increment this value till there is
1090 an unused value. */
1091 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1092 $ldap_to->cat($new_dn);
1093 while($ldap_to->count()){
1094 $ldap_to->cat($new_dn);
1095 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1096 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1097 $target['gosaSnapshotTimestamp'] = $newName;
1098 }
1100 /* Inset this new snapshot */
1101 $ldap_to->cd($snapldapbase);
1102 $ldap_to->create_missing_trees($new_base);
1103 $ldap_to->cd($new_dn);
1104 $ldap_to->add($target);
1106 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1107 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1108 }
1109 }
1111 function remove_snapshot($dn)
1112 {
1113 echo "FIXME: remove_snapshot uses old acl's<br>";
1114 $ui = get_userinfo();
1115 $acl = get_permissions ($dn, $ui->subtreeACL);
1116 $acl = get_module_permission($acl, "snapshot", $dn);
1118 if (chkacl($this->acl, "delete") == ""){
1119 $ldap = $this->config->get_ldap_link();
1120 $ldap->cd($this->config->current['BASE']);
1121 $ldap->rmdir_recursive($dn);
1122 }else{
1123 print_red (_("You are not allowed to delete this snap shot!"));
1124 }
1125 }
1128 /* returns true if snapshots are enabled, and false if it is disalbed
1129 There will also be some errors psoted, if the configuration failed */
1130 function snapshotEnabled()
1131 {
1132 $tmp = $this->config->current;
1133 if(isset($tmp['ENABLE_SNAPSHOT'])){
1134 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1136 /* Check if the snapshot_base is defined */
1137 if(!isset($tmp['SNAPSHOT_BASE'])){
1138 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),$missing));
1139 return(FALSE);
1140 }
1142 /* check if there are special server configurations for snapshots */
1143 if(isset($tmp['SNAPSHOT_SERVER'])){
1145 /* check if all required vars are available to create a new ldap connection */
1146 $missing = "";
1147 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_LDAP_BASE") as $var){
1148 if(!isset($tmp[$var])){
1149 $missing .= $var." ";
1150 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1151 return(FALSE);
1152 }
1153 }
1154 }
1155 return(TRUE);
1156 }
1157 }
1158 return(FALSE);
1159 }
1162 /* Return available snapshots for the given base
1163 */
1164 function Available_SnapsShots($dn,$raw = false)
1165 {
1166 if(!$this->snapshotEnabled()) return(array());
1168 /* Create an additional ldap object which
1169 points to our ldap snapshot server */
1170 $ldap= $this->config->get_ldap_link();
1171 $ldap->cd($this->config->current['BASE']);
1172 $tmp = $this->config->current;
1174 /* check if there are special server configurations for snapshots */
1175 if(isset($tmp['SNAPSHOT_SERVER'])){
1176 $server = $tmp['SNAPSHOT_SERVER'];
1177 $user = $tmp['SNAPSHOT_USER'];
1178 $password = $tmp['SNAPSHOT_PASSWORD'];
1179 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1180 $ldap_to = new LDAP($user,$password, $server);
1181 $ldap_to -> cd ($snapldapbase);
1182 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1183 }else{
1184 $ldap_to = $ldap;
1185 }
1187 /* Prepare bases and some other infos */
1188 $base = $this->config->current['BASE'];
1189 $snap_base = $tmp['SNAPSHOT_BASE'];
1190 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1191 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1192 $tmp = array();
1194 /* Fetch all objects with gosaSnapshotDN=$dn */
1195 $ldap_to->cd($new_base);
1196 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1197 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1199 /* Put results into a list and add description if missing */
1200 while($entry = $ldap_to->fetch()){
1201 if(!isset($entry['description'][0])){
1202 $entry['description'][0] = "";
1203 }
1204 $tmp[] = $entry;
1205 }
1207 /* Return the raw array, or format the result */
1208 if($raw){
1209 return($tmp);
1210 }else{
1211 $tmp2 = array();
1212 foreach($tmp as $entry){
1213 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1214 }
1215 }
1216 return($tmp2);
1217 }
1220 function getAllDeletedSnapshots($base_of_object,$raw = false)
1221 {
1222 if(!$this->snapshotEnabled()) return(array());
1224 /* Create an additional ldap object which
1225 points to our ldap snapshot server */
1226 $ldap= $this->config->get_ldap_link();
1227 $ldap->cd($this->config->current['BASE']);
1228 $tmp = $this->config->current;
1230 /* check if there are special server configurations for snapshots */
1231 if(isset($tmp['SNAPSHOT_SERVER'])){
1232 $server = $tmp['SNAPSHOT_SERVER'];
1233 $user = $tmp['SNAPSHOT_USER'];
1234 $password = $tmp['SNAPSHOT_PASSWORD'];
1235 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1236 $ldap_to = new LDAP($user,$password, $server);
1237 $ldap_to->cd ($snapldapbase);
1238 show_ldap_error($ldap->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1239 }else{
1240 $ldap_to = $ldap;
1241 }
1243 /* Prepare bases */
1244 $base = $this->config->current['BASE'];
1245 $snap_base = $tmp['SNAPSHOT_BASE'];
1246 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1248 /* Fetch all objects and check if they do not exist anymore */
1249 $ui = get_userinfo();
1250 $tmp = array();
1251 $ldap_to->cd($new_base);
1252 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1253 while($entry = $ldap_to->fetch()){
1255 $chk = str_replace($new_base,"",$entry['dn']);
1256 if(preg_match("/,ou=/",$chk)) continue;
1258 if(!isset($entry['description'][0])){
1259 $entry['description'][0] = "";
1260 }
1261 $tmp[] = $entry;
1262 }
1264 /* Check if entry still exists */
1265 foreach($tmp as $key => $entry){
1266 $ldap->cat($entry['gosaSnapshotDN'][0]);
1267 if($ldap->count()){
1268 unset($tmp[$key]);
1269 }
1270 }
1272 /* Format result as requested */
1273 if($raw) {
1274 return($tmp);
1275 }else{
1276 $tmp2 = array();
1277 foreach($tmp as $key => $entry){
1278 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1279 }
1280 }
1281 return($tmp2);
1282 }
1285 /* Restore selected snapshot */
1286 function restore_snapshot($dn)
1287 {
1288 if(!$this->snapshotEnabled()) return(array());
1290 $ldap= $this->config->get_ldap_link();
1291 $ldap->cd($this->config->current['BASE']);
1292 $tmp = $this->config->current;
1294 /* check if there are special server configurations for snapshots */
1295 if(isset($tmp['SNAPSHOT_SERVER'])){
1296 $server = $tmp['SNAPSHOT_SERVER'];
1297 $user = $tmp['SNAPSHOT_USER'];
1298 $password = $tmp['SNAPSHOT_PASSWORD'];
1299 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1300 $ldap_to = new LDAP($user,$password, $server);
1301 $ldap_to->cd ($snapldapbase);
1302 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1303 }else{
1304 $ldap_to = $ldap;
1305 }
1307 /* Get the snapshot */
1308 $ldap_to->cat($dn);
1309 $restoreObject = $ldap_to->fetch();
1311 /* Prepare import string */
1312 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1314 /* Import the given data */
1315 $ldap->import_complete_ldif($data,$err,false,false);
1316 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1317 }
1320 function showSnapshotDialog($base,$baseSuffixe)
1321 {
1322 $once = true;
1323 foreach($_POST as $name => $value){
1325 /* Create a new snapshot, display a dialog */
1326 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1327 $once = false;
1328 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1329 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1330 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1331 }
1333 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1334 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1335 $once = false;
1336 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1337 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1338 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1339 $this->snapDialog->display_restore_dialog = true;
1340 }
1342 /* Restore one of the already deleted objects */
1343 if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
1344 $once = false;
1345 $this->snapDialog = new SnapShotDialog($this->config,$baseSuffixe,$this);
1346 $this->snapDialog->display_restore_dialog = true;
1347 $this->snapDialog->display_all_removed_objects = true;
1348 }
1350 /* Restore selected snapshot */
1351 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1352 $once = false;
1353 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1354 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1355 if(!empty($entry)){
1356 $this->restore_snapshot($entry);
1357 $this->snapDialog = NULL;
1358 }
1359 }
1360 }
1362 /* Create a new snapshot requested, check
1363 the given attributes and create the snapshot*/
1364 if(isset($_POST['CreateSnapshot'])){
1365 $this->snapDialog->save_object();
1366 $msgs = $this->snapDialog->check();
1367 if(count($msgs)){
1368 foreach($msgs as $msg){
1369 print_red($msg);
1370 }
1371 }else{
1372 $this->dn = $this->snapDialog->dn;
1373 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1374 $this->snapDialog = NULL;
1375 }
1376 }
1378 /* Restore is requested, restore the object with the posted dn .*/
1379 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1380 }
1382 if(isset($_POST['CancelSnapshot'])){
1383 $this->snapDialog = NULL;
1384 }
1386 if($this->snapDialog){
1387 $this->snapDialog->save_object();
1388 return($this->snapDialog->execute());
1389 }
1390 }
1393 function plInfo()
1394 {
1395 return array();
1396 }
1399 function acl_is_writable($attribute)
1400 {
1401 $ui= get_userinfo();
1402 return preg_match('/w/', $ui->get_permissions($this->dn, get_class($this), $attribute));
1403 }
1406 function acl_is_readable($attribute)
1407 {
1408 $ui= get_userinfo();
1409 return preg_match('/r/', $ui->get_permissions($this->dn, get_class($this), $attribute));
1410 }
1413 function acl_is_createable()
1414 {
1415 $ui= get_userinfo();
1416 return preg_match('/c/', $ui->get_permissions($this->dn, get_class($this), 'dummy'));
1417 }
1420 function acl_is_removable()
1421 {
1422 $ui= get_userinfo();
1423 return preg_match('/d/', $ui->get_permissions($this->dn, get_class($this), 'dummy'));
1424 }
1426 }
1427 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1428 ?>