![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 class group extends plugin
3 {
4 /* CLI vars */
5 var $cli_summary= "Handling of GOsa's base group object";
6 var $cli_description= "Some longer text\nfor help";
7 var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
9 /* Group attributes */
10 var $cn= "";
11 var $description= "";
12 var $gidNumber= "";
13 var $memberUid= array();
15 /* Helpers */
16 var $base= "";
17 var $force_gid= FALSE;
18 var $fon_group= FALSE;
19 var $smbgroup= FALSE;
20 var $groupType= FALSE;
21 var $samba3= FALSE;
22 var $sambaSID= "";
23 var $sambaDomainName= "DEFAULT";
24 var $SID= "";
25 var $ridBase= 0;
26 var $members= array();
27 var $users= array();
28 var $allusers= array();
29 var $department= "";
30 var $saved_gidNumber= "";
31 var $oldgroupType= "";
32 var $orig_dn= "";
33 var $has_mailAccount= FALSE;
34 var $group_dialog= FALSE;
36 /* attribute list for save action */
37 var $attributes= array("cn", "description", "gidNumber");
38 var $objectclasses= array("top", "posixGroup");
40 function group ($config, $dn= NULL)
41 {
42 plugin::plugin ($config, $dn);
44 /* Load attributes depending on the samba version */
45 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
46 $this->orig_dn= $dn;
48 /* Get member list */
49 if (isset($this->attrs['memberUid'][0])){
50 $tmp= array();
51 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
52 $tmp[]= $this->attrs['memberUid'][$i];
53 }
54 $this->memberUid= $tmp;
55 sort ($this->memberUid);
56 }
58 /* Save gidNumber for later use */
59 if (isset($this->attrs['gidNumber'])){
60 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
61 }
63 /* Is a samba group? */
64 if (isset($this->attrs['objectClass'])){
65 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == NULL ){
66 $this->smbgroup= FALSE;
67 } else {
68 $this->smbgroup= TRUE;
69 if (isset($this->attrs['sambaSID'])){
70 $this->sambaSID= $this->attrs['sambaSID'][0];
71 }
72 }
73 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == NULL ){
74 $this->fon_group= FALSE;
75 } else {
76 $this->fon_group= TRUE;
77 }
78 }
80 /* Set mail flag */
81 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
82 $this->has_mailAccount= TRUE;
83 }
85 /* Get samba Domain in case of samba 3 */
86 if ($this->samba3 && $this->sambaSID != ""){
87 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
88 $ldap= $this->config->get_ldap_link();
89 $ldap->cd($this->config->current['BASE']);
90 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))");
91 if ($ldap->count() != 0){
92 $attrs= $ldap->fetch();
93 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
95 /* Get domain name for SID */
96 $this->sambaDomainName= "DEFAULT";
97 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
98 if ($val['SID'] == $this->SID){
99 $this->sambaDomainName= $key;
100 break;
101 }
102 }
103 } else {
104 if (isset($this->config->current['RIDBASE'])){
105 $this->sambaDomainName= "DEFAULT";
106 $this->ridBase= $this->config->current['RIDBASE'];
107 $this->SID= $this->config->current['SID'];
108 } else {
109 print_red(_("Can't find this groups SID in LDAP or in your configuration file!"));
110 }
111 }
113 /* Get group type */
114 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
115 if ($this->groupType < 500 || $this->groupType > 553){
116 $this->groupType= 0;
117 }
118 $this->oldgroupType= $this->groupType;
119 }
121 /* Get global filter config */
122 if (!is_global("gufilter")){
123 $ui= get_userinfo();
124 $base= get_base_from_people($ui->dn);
125 $gufilter= array( "dselect" => $base,
126 "regex" => "*");
127 register_global("gufilter", $gufilter);
128 }
129 $gufilter= get_global('gufilter');
131 /* Bases / Departments */
133 if(isset($_SESSION['groupfilter']['depselect'])){
134 $this->base = $_SESSION['groupfilter']['depselect'];
135 }else{
136 if ($this->dn == "new"){
137 $ui= get_userinfo();
138 $this->base= dn2base($ui->dn);
139 } else {
140 $this->base= preg_replace ("/^[^,]+,[^,]+,/", "", $this->dn);
141 }
142 }
145 /* This is always an account */
146 $this->is_account= TRUE;
147 $this->reload();
148 }
150 function execute()
151 {
152 /* Do we represent a valid group? */
153 if (!$this->is_account && $this->parent == NULL){
154 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
155 _("This 'dn' is no group.")."</b>";
156 return ($display);
157 }
159 /* Delete user from group */
160 if (isset($_POST['del_users']) && isset($_POST['members'])){
161 foreach ($_POST['members'] as $value){
162 unset ($this->members["$value"]);
163 $this->removeUser($value);
164 }
165 $this->reload();
166 }
168 /* Add objects? */
169 if (isset($_POST["edit_membership"])){
170 $this->group_dialog= TRUE;
171 $this->dialog= TRUE;
172 }
174 /* Add objects finished? */
175 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
176 $this->group_dialog= FALSE;
177 $this->dialog= FALSE;
178 }
180 /* Add user to group */
181 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
182 foreach ($_POST['users'] as $value){
183 $this->members["$value"]= $this->allusers[$value];
184 asort($this->members);
185 $this->addUser($value);
186 }
187 $this->reload();
188 }
190 /* Assign templating stuff */
191 $smarty= get_smarty();
192 if ($this->samba3){
193 $smarty->assign("samba3", "true");
194 } else {
195 $smarty->assign("samba3", "");
196 }
198 /* Manage object add dialog */
199 if ($this->group_dialog){
201 /* Save data */
202 $gufilter= get_global("gufilter");
203 foreach( array("dselect", "regex") as $type){
204 if (isset($_POST[$type])){
205 $gufilter[$type]= $_POST[$type];
206 }
207 }
208 if (isset($_GET['search'])){
209 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
210 if ($s == "**"){
211 $s= "*";
212 }
213 $gufilter['regex']= $s;
214 }
215 $regex= preg_replace('/[*]/', ".*", $gufilter['regex']);
216 register_global("gufilter", $gufilter);
217 $this->reload();
219 /* Show dialog */
220 $smarty->assign("search_image", get_template_path('images/search.png'));
221 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
222 $smarty->assign("tree_image", get_template_path('images/tree.png'));
223 $smarty->assign("deplist", $this->config->idepartments);
224 $smarty->assign("alphabet", generate_alphabet());
225 foreach( array("dselect", "regex") as $type){
226 $smarty->assign("$type", $gufilter[$type]);
227 }
228 $smarty->assign("hint", print_sizelimit_warning());
230 $users= array();
231 foreach ($this->allusers as $key => $value){
232 if (!array_key_exists($key, $this->members)){
233 if (preg_match("/^$regex/i", $key)){
234 $users[$key]= $value;
235 }
236 }
237 }
238 $smarty->assign("users", $users);
239 $smarty->assign("apply", apply_filter());
240 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
241 return ($display);
242 }
244 /* Bases / Departments */
245 if (isset($_POST['base'])){
246 $this->base= $_POST['base'];
247 }
249 $smarty->assign("bases", $this->config->idepartments);
250 $smarty->assign("base_select", $this->base);
251 $smarty->assign("department", $this->department);
253 if ($this->samba3){
254 $domains= array();
255 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
256 $domains[$name]= $name;
257 }
258 $smarty->assign("sambaDomains", $domains);
259 $smarty->assign("sambaDomainName", $this->sambaDomainName);
260 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
261 514 => _("Domain guests"));
263 /* Don't loose special groups! If not key'ed above, add it to
264 the combo box... */
265 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
266 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
267 }
269 $smarty->assign("groupTypes", $groupTypes);
270 $smarty->assign("groupType", $this->groupType);
271 }
273 /* Members and users */
274 $smarty->assign("members", $this->members);
276 /* Checkboxes */
277 foreach (array("force_gid", "smbgroup") as $val){
278 if ($this->$val == "1"){
279 $smarty->assign("$val", "checked");
280 } else {
281 $smarty->assign("$val", "");
282 }
283 }
284 if ($this->force_gid != "1"){
285 $smarty->assign("forceMode", "disabled");
286 }
287 $smarty->assign("force_gidACL", chkacl($this->acl, "gidNumber"));
288 $smarty->assign("sambaDomainNameACL", chkacl($this->acl, "sambaDomainName"));
289 if ($this->fon_group){
290 $smarty->assign("fon_group", "checked");
291 } else {
292 $smarty->assign("fon_group", "");
293 }
294 $smarty->assign("fon_groupACL", chkacl($this->acl, "fon_group"));
296 /* Fields */
297 foreach (array("cn", "description", "gidNumber") as $val){
298 $smarty->assign("$val", $this->$val);
299 $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
300 }
302 /* Missing ACL's */
303 foreach (array("base", "smbgroup", "members") as $val){
304 $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
305 }
307 /* Show main page */
308 $smarty->assign("alphabet", generate_alphabet(10));
309 $smarty->assign("search_image", get_template_path('images/search.png'));
310 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
311 $smarty->assign("tree_image", get_template_path('images/tree.png'));
312 $smarty->assign("deplist", $this->config->idepartments);
313 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
314 }
316 function addUser($uid)
317 {
318 $this->memberUid[]= $uid;
319 $this->memberUid= array_unique($this->memberUid);
320 }
322 function removeUser($uid)
323 {
324 $temp= array();
325 foreach ($this->memberUid as $value){
326 if ($value != $uid){
327 $temp[]= $value;
328 }
329 }
330 $this->memberUid= $temp;
331 }
334 /* Reload data */
335 function reload()
336 {
337 /* Generate userlists */
338 $this->last_sorting= "invalid";
339 $this->users= array();
340 $ldap= $this->config->get_ldap_link();
341 $gufilter= get_global("gufilter");
342 $ldap->cd ($gufilter['dselect']);
343 $ldap->search ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))");
344 natcasesort ($this->users);
345 reset ($this->users);
347 $ldap->cd ($gufilter['dselect']);
348 $ldap->search ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))");
349 $this->allusers= array();
350 while ($attrs= $ldap->fetch()){
351 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
352 $this->allusers[$attrs["uid"][0]]= $attrs["sn"][0].", ".
353 $attrs["givenName"][0].
354 " [".$attrs["uid"][0]."]";
355 } else {
356 $this->allusers[$attrs["uid"][0]]= $attrs['uid'][0];
357 }
358 }
359 natcasesort ($this->allusers);
360 reset ($this->allusers);
362 /* Fill memberlist */
363 $this->members= array();
364 foreach ($this->memberUid as $value){
365 if (isset($this->allusers[$value])){
366 $this->members[$value]= $this->allusers[$value];
367 } else {
368 $this->members[$value]= "[$value]";
369 }
370 }
371 asort($this->members);
372 reset($this->members);
373 }
377 function remove_from_parent()
378 {
379 plugin::remove_from_parent();
381 $ldap= $this->config->get_ldap_link();
382 $ldap->rmdir($this->dn);
383 show_ldap_error($ldap->get_error());
385 /* Delete references to object groups */
386 $ldap->cd ($this->config->current['BASE']);
387 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
388 while ($ldap->fetch()){
389 $og= new ogroup($this->config, $ldap->getDN());
390 unset($og->member[$this->dn]);
391 $og->save ();
392 }
394 /* Send signal to the world that we've done */
395 $this->handle_post_events("remove");
396 }
399 /* Save data to object */
400 function save_object()
401 {
402 /* Save additional values for possible next step */
403 if (isset($_POST['groupedit'])){
404 plugin::save_object();
406 $this->force_gid= 0;
407 $this->smbgroup= 0;
408 foreach (array("force_gid", "department", "base", "smbgroup") as $val) {
409 if (chkacl ($this->acl, "$val") == "" && isset($_POST["$val"])){
410 $this->$val= $_POST["$val"];
411 }
412 }
414 /* Save sambaDomain attribute */
415 if (chkacl ($this->acl, "sambaDomainName") == "" && $this->samba3 &&
416 isset ($_POST['sambaDomainName'])){
418 $this->sambaDomainName= $_POST['sambaDomainName'];
419 $this->groupType= $_POST['groupType'];
420 }
422 /* Save fon attribute */
423 if (chkacl ($this->acl, "fon_group") == ""){
424 if (isset ($_POST['fon_group'])){
425 $this->fon_group= TRUE;
426 } else {
427 $this->fon_group= FALSE;
428 }
429 }
431 }
432 }
435 /* Save to LDAP */
436 function save()
437 {
438 /* ID handling */
439 if ($this->force_gid == 0){
440 if ($this->saved_gidNumber != ""){
441 $this->gidNumber= $this->saved_gidNumber;
442 } else {
443 /* Calculate new, lock uids */
444 $wait= 10;
445 while (get_lock("uidnumber") != ""){
446 sleep (1);
448 /* timed out? */
449 if ($wait-- == 0){
450 break;
451 }
452 }
453 add_lock ("uidnumber", "gosa");
454 $this->gidNumber= $this->get_next_id("gidNumber");
455 }
456 }
458 plugin::save();
460 /* Remove objectClass for samba/phone support */
461 $tmp= array();
462 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
463 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
464 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
465 $this->attrs['objectClass'][$i] != 'goFonPickupGroup'){
466 $tmp[]= $this->attrs['objectClass'][$i];
467 }
468 }
469 $this->attrs['objectClass']= $tmp;
470 $ldap= $this->config->get_ldap_link();
472 /* Add samba group functionality */
473 if ($this->samba3 && $this->smbgroup){
474 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
475 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
477 $this->attrs['objectClass'][]= 'sambaGroupMapping';
478 $this->attrs['sambaGroupType']= "2";
480 /* Check if we need to create a special entry */
481 if ($this->groupType == 0){
483 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
484 $gidNumber= $this->gidNumber;
485 while(TRUE){
486 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
487 $ldap->cd($this->config->current['BASE']);
488 $ldap->search("(sambaSID=$sid)");
489 if ($ldap->count() == 0){
490 break;
491 }
492 $gidNumber++;
493 }
494 $this->attrs['sambaSID']= $sid;
495 $this->sambaSID= $sid;
496 }
498 } else {
499 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
500 }
502 /* User wants me to fake the idMappings? This is useful for
503 making winbind resolve the group names in a reasonable amount
504 of time in combination with larger databases. */
505 if (isset($this->config->current['SAMBAIDMAPPING']) &&
506 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
507 $this->attrs['objectClass'][]= "sambaIdmapEntry";
508 }
510 }
512 /* Add phone functionality */
513 if ($this->fon_group){
514 $this->attrs['objectClass'][]= "goFonPickupGroup";
515 }
517 /* Take members array */
518 if (count ($this->memberUid)){
519 $this->attrs['memberUid']= array_unique($this->memberUid);
520 }
522 /* New accounts need proper 'dn', propagate it to remaining objects */
523 if ($this->dn == 'new'){
524 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
525 }
527 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
528 new entries. So do a check first... */
529 $ldap->cat ($this->dn);
530 if ($ldap->fetch()){
531 /* Modify needs array() to remove values :-( */
532 if (!count ($this->memberUid)){
533 $this->attrs['memberUid']= array();
534 }
535 if ($this->samba3){
536 if (!$this->smbgroup){
537 $this->attrs['sambaGroupType']= array();
538 $this->attrs['sambaSID']= array();
539 }
540 }
541 $mode= "modify";
542 } else {
543 $mode= "add";
544 $ldap->cd($this->config->current['BASE']);
545 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
546 }
548 /* Write back to ldap */
549 $ldap->cd($this->dn);
550 $ldap->$mode($this->attrs);
552 $ret= 0;
553 if (show_ldap_error($ldap->get_error())){
554 $ret= 1;
555 }
557 /* Remove uid lock */
558 del_lock ("uidnumber");
560 /* Post that we've done*/
561 $this->handle_post_events($mode);
563 return ($ret);
564 }
566 function check()
567 {
568 $message= array();
570 /* Permissions for that base? */
571 if ($this->base != ""){
572 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
573 } else {
574 $new_dn= $this->dn;
575 }
577 $ui= get_userinfo();
578 $acl= get_permissions ($new_dn, $ui->subtreeACL);
579 $acl= get_module_permission($acl, "group", $new_dn);
580 if (chkacl($acl, "create") != ""){
581 $message[]= _("You have no permissions to create a group on this 'Base'.");
582 }
584 /* must: cn */
585 if ($this->cn == "" && chkacl ($this->acl, "cn") == ""){
586 $message[]= "The required field 'Name' is not set.";
587 }
589 /* Check for valid input */
590 if (!is_uid($this->cn)){
591 $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
592 }
594 /* Check for used 'cn' */
595 $ldap= $this->config->get_ldap_link();
596 $ldap->cd($this->config->current['BASE']);
597 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))");
598 if ($ldap->count() != 0){
600 /* New entry? */
601 if ($this->dn == 'new'){
602 $message[]= _("Value specified as 'Name' is already used.");
603 }
605 /* Moved? */
606 elseif ($new_dn != $this->orig_dn){
607 $ldap->fetch();
608 if ($ldap->getDN() != $this->orig_dn){
609 $message[]= _("Value specified as 'Name' is already used.");
610 }
611 }
612 }
614 /* Check ID */
615 if ($this->force_gid == "1"){
616 if (!is_id($this->gidNumber)){
617 $message[]= _("Value specified as 'GID' is not valid.");
618 } else {
619 if ($this->gidNumber < $this->config->current['MINID']){
620 $message[]= _("Value specified as 'GID' is too small.");
621 }
623 }
624 }
626 return ($message);
627 }
629 function get_next_id($attrib)
630 {
631 $ids= array();
632 $ldap= $this->config->get_ldap_link();
634 $ldap->cd ($this->config->current['BASE']);
635 $ldap->search ("($attrib=*)");
637 /* Get list of ids */
638 while ($attrs= $ldap->fetch()){
639 $ids[]= (int)$attrs["$attrib"][0];
640 }
642 /* Find out next free id near to UID_BASE */
643 for ($id= $this->config->current['UIDBASE']; $id++; $id<65000){
644 if (!in_array($id, $ids)){
645 return ($id);
646 }
647 }
649 /* Should not happen */
650 if ($id == 65000){
651 print_red(_("Too many users, can't allocate a free ID!"));
652 exit;
653 }
654 }
656 }
658 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
659 ?>