3a3ead4586b35087725d8f28fa79d0aee630095b
1 <?php
2 class group extends plugin
3 {
4 /* CLI vars */
5 var $cli_summary= "Handling of GOsa's base group object";
6 var $cli_description= "Some longer text\nfor help";
7 var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
9 /* Group attributes */
10 var $cn= "";
11 var $description= "";
12 var $gidNumber= "";
13 var $memberUid= array();
15 /* Helpers */
16 var $base= "";
17 var $force_gid= FALSE;
18 var $fon_group= FALSE;
19 var $smbgroup= FALSE;
20 var $groupType= FALSE;
21 var $samba3= FALSE;
22 var $sambaSID= "";
23 var $sambaDomainName= "DEFAULT";
24 var $SID= "";
25 var $ridBase= 0;
26 var $members= array();
27 var $users= array();
28 var $allusers= array();
29 var $department= "";
30 var $saved_gidNumber= "";
31 var $oldgroupType= "";
32 var $orig_dn= "";
33 var $has_mailAccount= FALSE;
34 var $group_dialog= FALSE;
35 var $nagios_group =FALSE;
37 /* attribute list for save action */
38 var $attributes= array("cn", "description", "gidNumber");
39 var $objectclasses= array("top", "posixGroup");
41 function group ($config, $dn= NULL)
42 {
43 plugin::plugin ($config, $dn);
45 /* Load attributes depending on the samba version */
46 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
47 $this->orig_dn= $dn;
49 /* Get member list */
50 if (isset($this->attrs['memberUid'][0])){
51 $tmp= array();
52 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
53 $tmp[]= $this->attrs['memberUid'][$i];
54 }
55 $this->memberUid= $tmp;
56 sort ($this->memberUid);
57 }
59 /* Save gidNumber for later use */
60 if (isset($this->attrs['gidNumber'])){
61 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
62 }
64 /* Is a samba group? */
65 if (isset($this->attrs['objectClass'])){
66 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == NULL ){
67 $this->smbgroup= FALSE;
68 } else {
69 $this->smbgroup= TRUE;
70 if (isset($this->attrs['sambaSID'])){
71 $this->sambaSID= $this->attrs['sambaSID'][0];
72 }
73 }
74 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == NULL ){
75 $this->fon_group= FALSE;
76 } else {
77 $this->fon_group= TRUE;
78 }
79 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == NULL ){
80 $this->nagios_group= FALSE;
81 } else {
82 $this->nagios_group= TRUE;
83 }
84 }
86 /* Set mail flag */
87 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
88 $this->has_mailAccount= TRUE;
89 }
91 /* Get samba Domain in case of samba 3 */
92 if ($this->samba3 && $this->sambaSID != ""){
93 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
94 $ldap= $this->config->get_ldap_link();
95 $ldap->cd($this->config->current['BASE']);
96 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))");
97 if ($ldap->count() != 0){
98 $attrs= $ldap->fetch();
99 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
101 /* Get domain name for SID */
102 $this->sambaDomainName= "DEFAULT";
103 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
104 if ($val['SID'] == $this->SID){
105 $this->sambaDomainName= $key;
106 break;
107 }
108 }
109 } else {
110 if (isset($this->config->current['RIDBASE'])){
111 $this->sambaDomainName= "DEFAULT";
112 $this->ridBase= $this->config->current['RIDBASE'];
113 $this->SID= $this->config->current['SID'];
114 } else {
115 print_red(_("Can't find this groups SID in LDAP or in your configuration file!"));
116 }
117 }
119 /* Get group type */
120 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
121 if ($this->groupType < 500 || $this->groupType > 553){
122 $this->groupType= 0;
123 }
124 $this->oldgroupType= $this->groupType;
125 }
127 /* Get global filter config */
128 if (!is_global("gufilter")){
129 $ui= get_userinfo();
130 $base= get_base_from_people($ui->dn);
131 $gufilter= array( "dselect" => $base,
132 "regex" => "*");
133 register_global("gufilter", $gufilter);
134 }
135 $gufilter= get_global('gufilter');
137 /* Bases / Departments */
139 if(isset($_SESSION['groupfilter']['depselect'])){
140 $this->base = $_SESSION['groupfilter']['depselect'];
141 }else{
142 if ($this->dn == "new"){
143 $ui= get_userinfo();
144 $this->base= dn2base($ui->dn);
145 } else {
146 $this->base= preg_replace ("/^[^,]+,[^,]+,/", "", $this->dn);
147 }
148 }
151 /* This is always an account */
152 $this->is_account= TRUE;
153 $this->reload();
154 }
156 function execute()
157 {
158 /* Do we represent a valid group? */
159 if (!$this->is_account && $this->parent == NULL){
160 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
161 _("This 'dn' is no group.")."</b>";
162 return ($display);
163 }
165 /* Delete user from group */
166 if (isset($_POST['del_users']) && isset($_POST['members'])){
167 foreach ($_POST['members'] as $value){
168 unset ($this->members["$value"]);
169 $this->removeUser($value);
170 }
171 $this->reload();
172 }
174 /* Add objects? */
175 if (isset($_POST["edit_membership"])){
176 $this->group_dialog= TRUE;
177 $this->dialog= TRUE;
178 }
180 /* Add objects finished? */
181 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
182 $this->group_dialog= FALSE;
183 $this->dialog= FALSE;
184 }
186 /* Add user to group */
187 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
188 foreach ($_POST['users'] as $value){
189 $this->members["$value"]= $this->allusers[$value];
190 asort($this->members);
191 $this->addUser($value);
192 }
193 $this->reload();
194 }
196 /* Assign templating stuff */
197 $smarty= get_smarty();
198 if ($this->samba3){
199 $smarty->assign("samba3", "true");
200 } else {
201 $smarty->assign("samba3", "");
202 }
204 /* Manage object add dialog */
205 if ($this->group_dialog){
207 /* Save data */
208 $gufilter= get_global("gufilter");
209 foreach( array("dselect", "regex") as $type){
210 if (isset($_POST[$type])){
211 $gufilter[$type]= $_POST[$type];
212 }
213 }
214 if (isset($_GET['search'])){
215 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
216 if ($s == "**"){
217 $s= "*";
218 }
219 $gufilter['regex']= $s;
220 }
221 $regex= preg_replace('/[*]/', ".*", $gufilter['regex']);
222 register_global("gufilter", $gufilter);
223 $this->reload();
225 /* Show dialog */
226 $smarty->assign("search_image", get_template_path('images/search.png'));
227 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
228 $smarty->assign("tree_image", get_template_path('images/tree.png'));
229 $smarty->assign("deplist", $this->config->idepartments);
230 $smarty->assign("alphabet", generate_alphabet());
231 foreach( array("dselect", "regex") as $type){
232 $smarty->assign("$type", $gufilter[$type]);
233 }
234 $smarty->assign("hint", print_sizelimit_warning());
236 $users= array();
237 foreach ($this->allusers as $key => $value){
238 if (!array_key_exists($key, $this->members)){
239 if (preg_match("/^$regex/i", $key)){
240 $users[$key]= $value;
241 }
242 }
243 }
244 $smarty->assign("users", $users);
245 $smarty->assign("apply", apply_filter());
246 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
247 return ($display);
248 }
250 /* Bases / Departments */
251 if (isset($_POST['base'])){
252 $this->base= $_POST['base'];
253 }
255 $smarty->assign("bases", $this->config->idepartments);
256 $smarty->assign("base_select", $this->base);
257 $smarty->assign("department", $this->department);
259 if ($this->samba3){
260 $domains= array();
261 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
262 $domains[$name]= $name;
263 }
264 $smarty->assign("sambaDomains", $domains);
265 $smarty->assign("sambaDomainName", $this->sambaDomainName);
266 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
267 514 => _("Domain guests"));
269 /* Don't loose special groups! If not key'ed above, add it to
270 the combo box... */
271 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
272 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
273 }
275 $smarty->assign("groupTypes", $groupTypes);
276 $smarty->assign("groupType", $this->groupType);
277 }
279 /* Members and users */
280 $smarty->assign("members", $this->members);
282 /* Checkboxes */
283 foreach (array("force_gid", "smbgroup") as $val){
284 if ($this->$val == "1"){
285 $smarty->assign("$val", "checked");
286 } else {
287 $smarty->assign("$val", "");
288 }
289 }
290 if ($this->force_gid != "1"){
291 $smarty->assign("forceMode", "disabled");
292 }
293 $smarty->assign("force_gidACL", chkacl($this->acl, "gidNumber"));
294 $smarty->assign("sambaDomainNameACL", chkacl($this->acl, "sambaDomainName"));
295 if ($this->fon_group){
296 $smarty->assign("fon_group", "checked");
297 } else {
298 $smarty->assign("fon_group", "");
299 }
300 $smarty->assign("fon_groupACL", chkacl($this->acl, "fon_group"));
302 if ($this->nagios_group){
303 $smarty->assign("nagios_group", "checked");
304 } else {
305 $smarty->assign("nagios_group", "");
306 }
307 $smarty->assign("nagios_groupACL", chkacl($this->acl, "nagios_group"));
309 /* Fields */
310 foreach (array("cn", "description", "gidNumber") as $val){
311 $smarty->assign("$val", $this->$val);
312 $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
313 }
315 /* Missing ACL's */
316 foreach (array("base", "smbgroup", "members") as $val){
317 $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
318 }
320 /* Show main page */
321 $smarty->assign("alphabet", generate_alphabet(10));
322 $smarty->assign("search_image", get_template_path('images/search.png'));
323 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
324 $smarty->assign("tree_image", get_template_path('images/tree.png'));
325 $smarty->assign("deplist", $this->config->idepartments);
326 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
327 }
329 function addUser($uid)
330 {
331 $this->memberUid[]= $uid;
332 $this->memberUid= array_unique($this->memberUid);
333 }
335 function removeUser($uid)
336 {
337 $temp= array();
338 foreach ($this->memberUid as $value){
339 if ($value != $uid){
340 $temp[]= $value;
341 }
342 }
343 $this->memberUid= $temp;
344 }
347 /* Reload data */
348 function reload()
349 {
350 /* Generate userlists */
351 $this->last_sorting= "invalid";
352 $this->users= array();
353 $ldap= $this->config->get_ldap_link();
354 $gufilter= get_global("gufilter");
355 $ldap->cd ($gufilter['dselect']);
356 $ldap->search ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))");
357 natcasesort ($this->users);
358 reset ($this->users);
360 $ldap->cd ($gufilter['dselect']);
361 $ldap->search ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))");
362 $this->allusers= array();
363 while ($attrs= $ldap->fetch()){
364 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
365 $this->allusers[$attrs["uid"][0]]= $attrs["sn"][0].", ".
366 $attrs["givenName"][0].
367 " [".$attrs["uid"][0]."]";
368 } else {
369 $this->allusers[$attrs["uid"][0]]= $attrs['uid'][0];
370 }
371 }
372 natcasesort ($this->allusers);
373 reset ($this->allusers);
375 /* Fill memberlist */
376 $this->members= array();
377 foreach ($this->memberUid as $value){
378 if (isset($this->allusers[$value])){
379 $this->members[$value]= $this->allusers[$value];
380 } else {
381 $this->members[$value]= "[$value]";
382 }
383 }
384 asort($this->members);
385 reset($this->members);
386 }
390 function remove_from_parent()
391 {
392 plugin::remove_from_parent();
394 $ldap= $this->config->get_ldap_link();
395 $ldap->rmdir($this->dn);
396 show_ldap_error($ldap->get_error());
398 /* Delete references to object groups */
399 $ldap->cd ($this->config->current['BASE']);
400 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
401 while ($ldap->fetch()){
402 $og= new ogroup($this->config, $ldap->getDN());
403 unset($og->member[$this->dn]);
404 $og->save ();
405 }
407 /* Send signal to the world that we've done */
408 $this->handle_post_events("remove");
409 }
412 /* Save data to object */
413 function save_object()
414 {
415 /* Save additional values for possible next step */
416 if (isset($_POST['groupedit'])){
417 plugin::save_object();
419 $this->force_gid= 0;
420 $this->smbgroup= 0;
421 foreach (array("force_gid", "department", "base", "smbgroup") as $val) {
422 if (chkacl ($this->acl, "$val") == "" && isset($_POST["$val"])){
423 $this->$val= $_POST["$val"];
424 }
425 }
427 /* Save sambaDomain attribute */
428 if (chkacl ($this->acl, "sambaDomainName") == "" && $this->samba3 &&
429 isset ($_POST['sambaDomainName'])){
431 $this->sambaDomainName= $_POST['sambaDomainName'];
432 $this->groupType= $_POST['groupType'];
433 }
435 /* Save fon attribute */
436 if (chkacl ($this->acl, "fon_group") == ""){
437 if (isset ($_POST['fon_group'])){
438 $this->fon_group= TRUE;
439 } else {
440 $this->fon_group= FALSE;
441 }
442 }
443 if (chkacl ($this->acl, "nagios_group") == ""){
444 if (isset ($_POST['nagios_group'])){
445 $this->nagios_group= TRUE;
446 } else {
447 $this->nagios_group= FALSE;
448 }
449 }
450 }
451 }
454 /* Save to LDAP */
455 function save()
456 {
457 /* ID handling */
458 if ($this->force_gid == 0){
459 if ($this->saved_gidNumber != ""){
460 $this->gidNumber= $this->saved_gidNumber;
461 } else {
462 /* Calculate new, lock uids */
463 $wait= 10;
464 while (get_lock("uidnumber") != ""){
465 sleep (1);
467 /* timed out? */
468 if ($wait-- == 0){
469 break;
470 }
471 }
472 add_lock ("uidnumber", "gosa");
473 $this->gidNumber= $this->get_next_id("gidNumber");
474 }
475 }
477 plugin::save();
479 /* Remove objectClass for samba/phone support */
480 $tmp= array();
481 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
482 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
483 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
484 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
485 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
486 $tmp[]= $this->attrs['objectClass'][$i];
487 }
488 }
489 $this->attrs['objectClass']= $tmp;
490 $ldap= $this->config->get_ldap_link();
492 /* Add samba group functionality */
493 if ($this->samba3 && $this->smbgroup){
494 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
495 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
497 $this->attrs['objectClass'][]= 'sambaGroupMapping';
498 $this->attrs['sambaGroupType']= "2";
500 /* Check if we need to create a special entry */
501 if ($this->groupType == 0){
503 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
504 $gidNumber= $this->gidNumber;
505 while(TRUE){
506 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
507 $ldap->cd($this->config->current['BASE']);
508 $ldap->search("(sambaSID=$sid)");
509 if ($ldap->count() == 0){
510 break;
511 }
512 $gidNumber++;
513 }
514 $this->attrs['sambaSID']= $sid;
515 $this->sambaSID= $sid;
516 }
518 } else {
519 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
520 }
522 /* User wants me to fake the idMappings? This is useful for
523 making winbind resolve the group names in a reasonable amount
524 of time in combination with larger databases. */
525 if (isset($this->config->current['SAMBAIDMAPPING']) &&
526 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
527 $this->attrs['objectClass'][]= "sambaIdmapEntry";
528 }
530 }
532 /* Add phone functionality */
533 if ($this->fon_group){
534 $this->attrs['objectClass'][]= "goFonPickupGroup";
535 }
537 /* Add nagios functionality */
538 if ($this->nagios_group){
539 $this->attrs['objectClass'][]= "nagiosContactGroup";
540 }
542 /* Take members array */
543 if (count ($this->memberUid)){
544 $this->attrs['memberUid']= array_unique($this->memberUid);
545 }
547 /* New accounts need proper 'dn', propagate it to remaining objects */
548 if ($this->dn == 'new'){
549 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
550 }
552 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
553 new entries. So do a check first... */
554 $ldap->cat ($this->dn);
555 if ($ldap->fetch()){
556 /* Modify needs array() to remove values :-( */
557 if (!count ($this->memberUid)){
558 $this->attrs['memberUid']= array();
559 }
560 if ($this->samba3){
561 if (!$this->smbgroup){
562 $this->attrs['sambaGroupType']= array();
563 $this->attrs['sambaSID']= array();
564 }
565 }
566 $mode= "modify";
567 } else {
568 $mode= "add";
569 $ldap->cd($this->config->current['BASE']);
570 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
571 }
573 /* Write back to ldap */
574 $ldap->cd($this->dn);
575 $ldap->$mode($this->attrs);
577 $ret= 0;
578 if (show_ldap_error($ldap->get_error())){
579 $ret= 1;
580 }
582 /* Remove uid lock */
583 del_lock ("uidnumber");
585 /* Post that we've done*/
586 $this->handle_post_events($mode);
588 return ($ret);
589 }
591 function check()
592 {
593 $message= array();
595 /* Permissions for that base? */
596 if ($this->base != ""){
597 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
598 } else {
599 $new_dn= $this->dn;
600 }
602 $ui= get_userinfo();
603 $acl= get_permissions ($new_dn, $ui->subtreeACL);
604 $acl= get_module_permission($acl, "group", $new_dn);
605 if (chkacl($acl, "create") != ""){
606 $message[]= _("You have no permissions to create a group on this 'Base'.");
607 }
609 /* must: cn */
610 if ($this->cn == "" && chkacl ($this->acl, "cn") == ""){
611 $message[]= "The required field 'Name' is not set.";
612 }
614 /* Check for valid input */
615 if (!is_uid($this->cn)){
616 $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
617 }
619 /* Check for used 'cn' */
620 $ldap= $this->config->get_ldap_link();
621 $ldap->cd($this->config->current['BASE']);
622 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))");
623 if ($ldap->count() != 0){
625 /* New entry? */
626 if ($this->dn == 'new'){
627 $message[]= _("Value specified as 'Name' is already used.");
628 }
630 /* Moved? */
631 elseif ($new_dn != $this->orig_dn){
632 $ldap->fetch();
633 if ($ldap->getDN() != $this->orig_dn){
634 $message[]= _("Value specified as 'Name' is already used.");
635 }
636 }
637 }
639 /* Check ID */
640 if ($this->force_gid == "1"){
641 if (!is_id($this->gidNumber)){
642 $message[]= _("Value specified as 'GID' is not valid.");
643 } else {
644 if ($this->gidNumber < $this->config->current['MINID']){
645 $message[]= _("Value specified as 'GID' is too small.");
646 }
648 }
649 }
651 return ($message);
652 }
654 function get_next_id($attrib)
655 {
656 $ids= array();
657 $ldap= $this->config->get_ldap_link();
659 $ldap->cd ($this->config->current['BASE']);
660 $ldap->search ("($attrib=*)");
662 /* Get list of ids */
663 while ($attrs= $ldap->fetch()){
664 $ids[]= (int)$attrs["$attrib"][0];
665 }
667 /* Find out next free id near to UID_BASE */
668 for ($id= $this->config->current['UIDBASE']; $id++; $id<65000){
669 if (!in_array($id, $ids)){
670 return ($id);
671 }
672 }
674 /* Should not happen */
675 if ($id == 65000){
676 print_red(_("Too many users, can't allocate a free ID!"));
677 exit;
678 }
679 }
681 }
683 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
684 ?>