1 <?php
2 class group extends plugin
3 {
4 /* CLI vars */
5 var $cli_summary= "Handling of GOsa's base group object";
6 var $cli_description= "Some longer text\nfor help";
7 var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
9 /* Group attributes */
10 var $cn= "";
11 var $description= "";
12 var $gidNumber= "";
13 var $memberUid= array();
15 /* Helpers */
16 var $base= "";
17 var $force_gid= FALSE;
18 var $fon_group= FALSE;
19 var $smbgroup= FALSE;
20 var $groupType= FALSE;
21 var $samba3= FALSE;
22 var $sambaSID= "";
23 var $sambaDomainName= "DEFAULT";
24 var $SID= "";
25 var $ridBase= 0;
26 var $members= array();
27 var $users= array();
28 var $allusers= array();
29 var $department= "";
30 var $saved_gidNumber= "";
31 var $oldgroupType= "";
32 var $orig_dn= "";
33 var $has_mailAccount= FALSE;
34 var $group_dialog= FALSE;
35 var $nagios_group =FALSE;
37 /* attribute list for save action */
38 var $attributes= array("cn", "description", "gidNumber");
39 var $objectclasses= array("top", "posixGroup");
41 function group ($config, $dn= NULL)
42 {
43 plugin::plugin ($config, $dn);
45 /* Load attributes depending on the samba version */
46 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
47 $this->orig_dn= $dn;
49 /* Get member list */
50 if (isset($this->attrs['memberUid'][0])){
51 $tmp= array();
52 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
53 $tmp[]= $this->attrs['memberUid'][$i];
54 }
55 $this->memberUid= $tmp;
56 sort ($this->memberUid);
57 }
59 /* Save gidNumber for later use */
60 if (isset($this->attrs['gidNumber'])){
61 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
62 }
64 /* Is a samba group? */
65 if (isset($this->attrs['objectClass'])){
66 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == NULL ){
67 $this->smbgroup= FALSE;
68 } else {
69 $this->smbgroup= TRUE;
70 if (isset($this->attrs['sambaSID'])){
71 $this->sambaSID= $this->attrs['sambaSID'][0];
72 }
73 }
74 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == NULL ){
75 $this->fon_group= FALSE;
76 } else {
77 $this->fon_group= TRUE;
78 }
79 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == NULL ){
80 $this->nagios_group= FALSE;
81 } else {
82 $this->nagios_group= TRUE;
83 }
84 }
86 /* Set mail flag */
87 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
88 $this->has_mailAccount= TRUE;
89 }
91 /* Get samba Domain in case of samba 3 */
92 if ($this->samba3 && $this->sambaSID != ""){
93 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
94 $ldap= $this->config->get_ldap_link();
95 $ldap->cd($this->config->current['BASE']);
96 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
97 if ($ldap->count() != 0){
98 $attrs= $ldap->fetch();
99 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
101 /* Get domain name for SID */
102 $this->sambaDomainName= "DEFAULT";
103 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
104 if ($val['SID'] == $this->SID){
105 $this->sambaDomainName= $key;
106 break;
107 }
108 }
109 } else {
110 if (isset($this->config->current['RIDBASE'])){
111 $this->sambaDomainName= "DEFAULT";
112 $this->ridBase= $this->config->current['RIDBASE'];
113 $this->SID= $this->config->current['SID'];
114 } else {
115 print_red(_("Can't find this groups SID in LDAP or in your configuration file!"));
116 }
117 }
119 /* Get group type */
120 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
121 if ($this->groupType < 500 || $this->groupType > 553){
122 $this->groupType= 0;
123 }
124 $this->oldgroupType= $this->groupType;
125 }
127 /* Get global filter config */
128 if (!is_global("gufilter")){
129 $ui= get_userinfo();
130 $base= get_base_from_people($ui->dn);
131 $gufilter= array( "dselect" => $base,
132 "regex" => "*");
133 register_global("gufilter", $gufilter);
134 }
135 $gufilter= get_global('gufilter');
137 /* Bases / Departments */
139 if(isset($_SESSION['groupfilter']['depselect'])){
140 $this->base = $_SESSION['groupfilter']['depselect'];
141 }else{
142 if ($this->dn == "new"){
143 $ui= get_userinfo();
144 $this->base= dn2base($ui->dn);
145 } else {
146 $this->base= preg_replace ("/^[^,]+,[^,]+,/", "", $this->dn);
147 }
148 }
151 /* This is always an account */
152 $this->is_account= TRUE;
153 $this->reload();
154 }
156 function execute()
157 {
158 /* Call parent execute */
159 plugin::execute();
161 $ui= get_userinfo();
162 $acla= get_permissions ($ui->dn, $ui->subtreeACL);
163 $this->acl= get_module_permission($acla, "group", $ui->dn);
164 /* Do we represent a valid group? */
165 if (!$this->is_account && $this->parent == NULL){
166 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
167 _("This 'dn' is no group.")."</b>";
168 return ($display);
169 }
171 /* Delete user from group */
172 if (isset($_POST['del_users']) && isset($_POST['members'])){
173 foreach ($_POST['members'] as $value){
174 unset ($this->members["$value"]);
175 $this->removeUser($value);
176 }
177 $this->reload();
178 }
180 /* Add objects? */
181 if (isset($_POST["edit_membership"])){
182 $this->group_dialog= TRUE;
183 $this->dialog= TRUE;
184 }
186 /* Add objects finished? */
187 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
188 $this->group_dialog= FALSE;
189 $this->dialog= FALSE;
190 }
192 /* Add user to group */
193 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
194 foreach ($_POST['users'] as $value){
195 $this->members["$value"]= $this->allusers[$value];
196 asort($this->members);
197 $this->addUser($value);
198 }
199 $this->reload();
200 }
202 /* Assign templating stuff */
203 $smarty= get_smarty();
204 if ($this->samba3){
205 $smarty->assign("samba3", "true");
206 } else {
207 $smarty->assign("samba3", "");
208 }
210 if(search_config($this->config->data['MENU'], "nagiosaccount", "CLASS")){
211 $smarty->assign("nagios",true);
212 }else{
213 $smarty->assign("nagios",false);
214 }
216 if(search_config($this->config->data['MENU'], "phoneAccount", "CLASS")){
217 $smarty->assign("pickupGroup",true);
218 }else{
219 $smarty->assign("pickupGroup",false);
220 }
222 /* Manage object add dialog */
223 if ($this->group_dialog){
225 /* Save data */
226 $gufilter= get_global("gufilter");
227 foreach( array("dselect", "regex") as $type){
228 if (isset($_POST[$type])){
229 $gufilter[$type]= $_POST[$type];
230 }
231 }
232 if (isset($_GET['search'])){
233 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
234 if ($s == "**"){
235 $s= "*";
236 }
237 $gufilter['regex']= $s;
238 }
239 $regex= preg_replace('/[*]/', ".*", $gufilter['regex']);
240 register_global("gufilter", $gufilter);
241 $this->reload();
243 /* Show dialog */
244 $smarty->assign("search_image", get_template_path('images/search.png'));
245 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
246 $smarty->assign("tree_image", get_template_path('images/tree.png'));
247 $smarty->assign("deplist", $this->config->idepartments);
248 $smarty->assign("alphabet", generate_alphabet());
249 foreach( array("dselect", "regex") as $type){
250 $smarty->assign("$type", $gufilter[$type]);
251 }
252 $smarty->assign("hint", print_sizelimit_warning());
254 $users= array();
255 foreach ($this->allusers as $key => $value){
256 if (!array_key_exists($key, $this->members)){
257 if (preg_match("/^$regex/i", $key)){
258 $users[$key]= $value;
259 }
260 }
261 }
262 $smarty->assign("users", $users);
263 $smarty->assign("apply", apply_filter());
264 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
265 return ($display);
266 }
268 /* Bases / Departments */
269 if (isset($_POST['base'])){
270 $this->base= $_POST['base'];
271 }
273 $smarty->assign("bases", $this->config->idepartments);
274 $smarty->assign("base_select", $this->base);
275 $smarty->assign("department", $this->department);
277 if ($this->samba3){
278 $domains= array();
279 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
280 $domains[$name]= $name;
281 }
282 $smarty->assign("sambaDomains", $domains);
283 $smarty->assign("sambaDomainName", $this->sambaDomainName);
284 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
285 514 => _("Domain guests"));
287 /* Don't loose special groups! If not key'ed above, add it to
288 the combo box... */
289 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
290 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
291 }
293 $smarty->assign("groupTypes", $groupTypes);
294 $smarty->assign("groupType", $this->groupType);
295 }
297 /* Members and users */
298 $smarty->assign("members", $this->members);
300 /* Checkboxes */
301 foreach (array("force_gid", "smbgroup") as $val){
302 if ($this->$val == "1"){
303 $smarty->assign("$val", "checked");
304 } else {
305 $smarty->assign("$val", "");
306 }
307 }
308 if ($this->force_gid != "1"){
309 $smarty->assign("forceMode", "disabled");
310 }else{
311 $smarty->assign("forceMode", "");
312 }
313 $smarty->assign("force_gidACL", chkacl($this->acl, "gidNumber"));
314 $smarty->assign("sambaDomainNameACL", chkacl($this->acl, "sambaDomainName"));
315 if ($this->fon_group){
316 $smarty->assign("fon_group", "checked");
317 } else {
318 $smarty->assign("fon_group", "");
319 }
320 $smarty->assign("fon_groupACL", chkacl($this->acl, "fon_group"));
322 if ($this->nagios_group){
323 $smarty->assign("nagios_group", "checked");
324 } else {
325 $smarty->assign("nagios_group", "");
326 }
327 $smarty->assign("nagios_groupACL", chkacl($this->acl, "nagios_group"));
329 /* Fields */
330 foreach (array("cn", "description", "gidNumber") as $val){
331 $smarty->assign("$val", $this->$val);
332 $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
333 }
335 /* Missing ACL's */
336 foreach (array("base", "smbgroup", "members") as $val){
337 $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
338 }
340 /* Show main page */
341 $smarty->assign("alphabet", generate_alphabet(10));
342 $smarty->assign("search_image", get_template_path('images/search.png'));
343 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
344 $smarty->assign("tree_image", get_template_path('images/tree.png'));
345 $smarty->assign("deplist", $this->config->idepartments);
346 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
347 }
349 function addUser($uid)
350 {
351 $this->memberUid[]= $uid;
352 $this->memberUid= array_unique($this->memberUid);
353 }
355 function removeUser($uid)
356 {
357 $temp= array();
358 foreach ($this->memberUid as $value){
359 if ($value != $uid){
360 $temp[]= $value;
361 }
362 }
363 $this->memberUid= $temp;
364 }
367 /* Reload data */
368 function reload()
369 {
370 /* Generate userlists */
371 $this->last_sorting= "invalid";
372 $this->users= array();
373 $ldap= $this->config->get_ldap_link();
374 $gufilter= get_global("gufilter");
376 $ldap->cd ($gufilter['dselect']);
377 $ldap->ls ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))",get_people_ou().$gufilter['dselect'],array("uid", "sn", "givenName"));
378 $this->allusers= array();
379 while ($attrs= $ldap->fetch()){
380 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
381 $this->allusers[$attrs["uid"][0]]= $attrs["sn"][0].", ".
382 $attrs["givenName"][0].
383 " [".$attrs["uid"][0]."]";
384 } else {
385 $this->allusers[$attrs["uid"][0]]= $attrs['uid'][0];
386 }
387 }
388 natcasesort ($this->allusers);
389 reset ($this->allusers);
391 /* Fill memberlist */
392 $this->members= array();
393 foreach ($this->memberUid as $value){
394 if (isset($this->allusers[$value])){
395 $this->members[$value]= $this->allusers[$value];
396 } else {
397 $this->members[$value]= "[$value]";
398 }
399 }
400 asort($this->members);
401 reset($this->members);
402 }
406 function remove_from_parent()
407 {
408 plugin::remove_from_parent();
410 $ldap= $this->config->get_ldap_link();
411 $ldap->rmdir($this->dn);
412 show_ldap_error($ldap->get_error());
414 /* Delete references to object groups */
415 $ldap->cd ($this->config->current['BASE']);
416 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
417 while ($ldap->fetch()){
418 $og= new ogroup($this->config, $ldap->getDN());
419 unset($og->member[$this->dn]);
420 $og->save ();
421 }
423 /* Send signal to the world that we've done */
424 $this->handle_post_events("remove");
425 }
428 /* Save data to object */
429 function save_object()
430 {
431 /* Save additional values for possible next step */
432 if (isset($_POST['groupedit'])){
433 plugin::save_object();
435 $this->force_gid= 0;
436 $this->smbgroup= 0;
437 foreach (array("force_gid", "department", "base", "smbgroup") as $val) {
438 if (chkacl ($this->acl, "$val") == "" && isset($_POST["$val"])){
439 $this->$val= $_POST["$val"];
440 }
441 }
443 /* Save sambaDomain attribute */
444 if (chkacl ($this->acl, "sambaDomainName") == "" && $this->samba3 &&
445 isset ($_POST['sambaDomainName'])){
447 $this->sambaDomainName= $_POST['sambaDomainName'];
448 $this->groupType= $_POST['groupType'];
449 }
451 /* Save fon attribute */
452 if (chkacl ($this->acl, "fon_group") == ""){
453 if (isset ($_POST['fon_group'])){
454 $this->fon_group= TRUE;
455 } else {
456 $this->fon_group= FALSE;
457 }
458 }
459 if (chkacl ($this->acl, "nagios_group") == ""){
460 if (isset ($_POST['nagios_group'])){
461 $this->nagios_group= TRUE;
462 } else {
463 $this->nagios_group= FALSE;
464 }
465 }
466 }
467 }
470 /* Save to LDAP */
471 function save()
472 {
473 /* ID handling */
474 if ($this->force_gid == 0){
475 if ($this->saved_gidNumber != ""){
476 $this->gidNumber= $this->saved_gidNumber;
477 } else {
478 /* Calculate new, lock uids */
479 $wait= 10;
480 while (get_lock("uidnumber") != ""){
481 sleep (1);
483 /* timed out? */
484 if ($wait-- == 0){
485 break;
486 }
487 }
488 add_lock ("uidnumber", "gosa");
489 $this->gidNumber= $this->get_next_id("gidNumber");
490 }
491 }
493 plugin::save();
495 /* Remove objectClass for samba/phone support */
496 $tmp= array();
497 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
498 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
499 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
500 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
501 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
502 $tmp[]= $this->attrs['objectClass'][$i];
503 }
504 }
505 $this->attrs['objectClass']= $tmp;
506 $ldap= $this->config->get_ldap_link();
508 /* Add samba group functionality */
509 if ($this->samba3 && $this->smbgroup){
510 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
511 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
513 $this->attrs['objectClass'][]= 'sambaGroupMapping';
514 $this->attrs['sambaGroupType']= "2";
516 /* Check if we need to create a special entry */
517 if ($this->groupType == 0){
519 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
520 $gidNumber= $this->gidNumber;
521 while(TRUE){
522 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
523 $ldap->cd($this->config->current['BASE']);
524 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
525 if ($ldap->count() == 0){
526 break;
527 }
528 $gidNumber++;
529 }
530 $this->attrs['sambaSID']= $sid;
531 $this->sambaSID= $sid;
532 }
534 } else {
535 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
536 }
538 /* User wants me to fake the idMappings? This is useful for
539 making winbind resolve the group names in a reasonable amount
540 of time in combination with larger databases. */
541 if (isset($this->config->current['SAMBAIDMAPPING']) &&
542 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
543 $this->attrs['objectClass'][]= "sambaIdmapEntry";
544 }
546 }
548 /* Add phone functionality */
549 if ($this->fon_group){
550 $this->attrs['objectClass'][]= "goFonPickupGroup";
551 }
553 /* Add nagios functionality */
554 if ($this->nagios_group){
555 $this->attrs['objectClass'][]= "nagiosContactGroup";
556 }
558 /* Take members array */
559 if (count ($this->memberUid)){
560 $this->attrs['memberUid']= array_unique($this->memberUid);
561 }
563 /* New accounts need proper 'dn', propagate it to remaining objects */
564 if ($this->dn == 'new'){
565 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
566 }
568 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
569 new entries. So do a check first... */
570 $ldap->cat ($this->dn);
571 if ($ldap->fetch()){
572 /* Modify needs array() to remove values :-( */
573 if (!count ($this->memberUid)){
574 $this->attrs['memberUid']= array();
575 }
576 if ($this->samba3){
577 if (!$this->smbgroup){
578 $this->attrs['sambaGroupType']= array();
579 $this->attrs['sambaSID']= array();
580 }
581 }
582 $mode= "modify";
583 } else {
584 $mode= "add";
585 $ldap->cd($this->config->current['BASE']);
586 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
587 }
589 /* Write back to ldap */
590 $ldap->cd($this->dn);
591 $ldap->$mode($this->attrs);
593 $ret= 0;
594 if (show_ldap_error($ldap->get_error())){
595 $ret= 1;
596 }
598 /* Remove uid lock */
599 del_lock ("uidnumber");
601 /* Post that we've done*/
602 $this->handle_post_events($mode);
604 return ($ret);
605 }
607 function check()
608 {
609 $message= array();
611 /* Permissions for that base? */
612 if ($this->base != ""){
613 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
614 } else {
615 $new_dn= $this->dn;
616 }
618 $ui= get_userinfo();
619 $acl= get_permissions ($ui->dn, $ui->subtreeACL);
620 $acl= get_module_permission($acl, "group", $ui->dn);
621 if (chkacl($this->acl, "create") != ""){
622 $message[]= _("You have no permissions to create a group on this 'Base'.");
623 }
625 /* must: cn */
626 if ($this->cn == "" && chkacl ($this->acl, "cn") == ""){
627 $message[]= "The required field 'Name' is not set.";
628 }
630 /* Check for valid input */
631 if (!is_uid($this->cn)){
632 $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
633 }
635 /* Check for used 'cn' */
636 $ldap= $this->config->get_ldap_link();
637 $ldap->cd($this->config->current['BASE']);
638 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
639 if ($ldap->count() != 0){
641 /* New entry? */
642 if ($this->dn == 'new'){
643 $message[]= _("Value specified as 'Name' is already used.");
644 }
646 /* Moved? */
647 elseif ($new_dn != $this->orig_dn){
648 $ldap->fetch();
649 if ($ldap->getDN() != $this->orig_dn){
650 $message[]= _("Value specified as 'Name' is already used.");
651 }
652 }
653 }
655 /* Check ID */
656 if ($this->force_gid == "1"){
657 if (!is_id($this->gidNumber)){
658 $message[]= _("Value specified as 'GID' is not valid.");
659 } else {
660 if ($this->gidNumber < $this->config->current['MINID']){
661 $message[]= _("Value specified as 'GID' is too small.");
662 }
664 }
665 }
667 return ($message);
668 }
670 function get_next_id($attrib)
671 {
672 $ids= array();
673 $ldap= $this->config->get_ldap_link();
675 $ldap->cd ($this->config->current['BASE']);
676 $ldap->search ("($attrib=*)",array($attrib));
678 /* Get list of ids */
679 while ($attrs= $ldap->fetch()){
680 $ids[]= (int)$attrs["$attrib"][0];
681 }
683 /* Find out next free id near to UID_BASE */
684 for ($id= $this->config->current['UIDBASE']; $id++; $id<65000){
685 if (!in_array($id, $ids)){
686 return ($id);
687 }
688 }
690 /* Should not happen */
691 if ($id == 65000){
692 print_red(_("Too many users, can't allocate a free ID!"));
693 exit;
694 }
695 }
697 }
699 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
700 ?>