1 <?php
2 class group extends plugin
3 {
4 /* CLI vars */
5 var $cli_summary= "Handling of GOsa's base group object";
6 var $cli_description= "Some longer text\nfor help";
7 var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
9 /* Group attributes */
10 var $cn= "";
11 var $description= "";
12 var $gidNumber= "";
13 var $memberUid= array();
15 /* Helpers */
16 var $base= "";
17 var $force_gid= FALSE;
18 var $fon_group= FALSE;
19 var $smbgroup= FALSE;
20 var $groupType= FALSE;
21 var $samba3= FALSE;
22 var $sambaSID= "";
23 var $sambaDomainName= "DEFAULT";
24 var $SID= "";
25 var $ridBase= 0;
26 var $members= array();
27 var $users= array();
28 var $allusers= array();
29 var $department= "";
30 var $saved_gidNumber= "";
31 var $oldgroupType= "";
32 var $orig_dn= "";
33 var $has_mailAccount= FALSE;
34 var $group_dialog= FALSE;
36 /* attribute list for save action */
37 var $attributes= array("cn", "description", "gidNumber");
38 var $objectclasses= array("top", "posixGroup");
40 function group ($config, $dn= NULL)
41 {
42 plugin::plugin ($config, $dn);
44 /* Load attributes depending on the samba version */
45 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
46 $this->orig_dn= $dn;
48 /* Get member list */
49 if (isset($this->attrs['memberUid'][0])){
50 $tmp= array();
51 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
52 $tmp[]= $this->attrs['memberUid'][$i];
53 }
54 $this->memberUid= $tmp;
55 sort ($this->memberUid);
56 }
58 /* Save gidNumber for later use */
59 if (isset($this->attrs['gidNumber'])){
60 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
61 }
63 /* Is a samba group? */
64 if (isset($this->attrs['objectClass'])){
65 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == NULL ){
66 $this->smbgroup= FALSE;
67 } else {
68 $this->smbgroup= TRUE;
69 if (isset($this->attrs['sambaSID'])){
70 $this->sambaSID= $this->attrs['sambaSID'][0];
71 }
72 }
73 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == NULL ){
74 $this->fon_group= FALSE;
75 } else {
76 $this->fon_group= TRUE;
77 }
78 }
80 /* Set mail flag */
81 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
82 $this->has_mailAccount= TRUE;
83 }
85 /* Get samba Domain in case of samba 3 */
86 if ($this->samba3 && $this->sambaSID != ""){
87 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
88 $ldap= $this->config->get_ldap_link();
89 $ldap->cd($this->config->current['BASE']);
90 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))");
91 if ($ldap->count() != 0){
92 $attrs= $ldap->fetch();
93 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
95 /* Get domain name for SID */
96 $this->sambaDomainName= "DEFAULT";
97 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
98 if ($val['SID'] == $this->SID){
99 $this->sambaDomainName= $key;
100 break;
101 }
102 }
103 } else {
104 if (isset($this->config->current['RIDBASE'])){
105 $this->sambaDomainName= "DEFAULT";
106 $this->ridBase= $this->config->current['RIDBASE'];
107 $this->SID= $this->config->current['SID'];
108 } else {
109 print_red(_("Can't find this groups SID in LDAP or in your configuration file!"));
110 }
111 }
113 /* Get group type */
114 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
115 if ($this->groupType < 500 || $this->groupType > 553){
116 $this->groupType= 0;
117 }
118 $this->oldgroupType= $this->groupType;
119 }
121 /* Get global filter config */
122 if (!is_global("gufilter")){
123 $ui= get_userinfo();
124 $base= get_base_from_people($ui->dn);
125 $gufilter= array( "dselect" => $base,
126 "regex" => "*");
127 register_global("gufilter", $gufilter);
128 }
129 $gufilter= get_global('gufilter');
131 /* This is always an account */
132 $this->is_account= TRUE;
133 $this->reload();
134 }
136 function execute()
137 {
138 /* Do we represent a valid group? */
139 if (!$this->is_account && $this->parent == NULL){
140 $display= "<img src=\"images/stop.png\" align=center> <b>".
141 _("This 'dn' is no group.")."</b>";
142 return ($display);
143 }
145 /* Delete user from group */
146 if (isset($_POST['del_users']) && isset($_POST['members'])){
147 foreach ($_POST['members'] as $value){
148 unset ($this->members["$value"]);
149 $this->removeUser($value);
150 }
151 $this->reload();
152 }
154 /* Add objects? */
155 if (isset($_POST["edit_membership"])){
156 $this->group_dialog= TRUE;
157 $this->dialog= TRUE;
158 }
160 /* Add objects finished? */
161 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
162 $this->group_dialog= FALSE;
163 $this->dialog= FALSE;
164 }
166 /* Add user to group */
167 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
168 foreach ($_POST['users'] as $value){
169 $this->members["$value"]= $this->allusers[$value];
170 asort($this->members);
171 $this->addUser($value);
172 }
173 $this->reload();
174 }
176 /* Assign templating stuff */
177 $smarty= get_smarty();
178 if ($this->samba3){
179 $smarty->assign("samba3", "true");
180 } else {
181 $smarty->assign("samba3", "");
182 }
184 /* Manage object add dialog */
185 if ($this->group_dialog){
187 /* Save data */
188 $gufilter= get_global("gufilter");
189 foreach( array("dselect", "regex") as $type){
190 if (isset($_POST[$type])){
191 $gufilter[$type]= $_POST[$type];
192 }
193 }
194 if (isset($_GET['search'])){
195 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
196 if ($s == "**"){
197 $s= "*";
198 }
199 $gufilter['regex']= $s;
200 }
201 $regex= preg_replace('/[*]/', ".*", $gufilter['regex']);
202 register_global("gufilter", $gufilter);
203 $this->reload();
205 /* Show dialog */
206 $smarty->assign("search_image", get_template_path('images/search.png'));
207 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
208 $smarty->assign("tree_image", get_template_path('images/tree.png'));
209 $smarty->assign("deplist", $this->config->idepartments);
210 $smarty->assign("alphabet", generate_alphabet());
211 foreach( array("dselect", "regex") as $type){
212 $smarty->assign("$type", $gufilter[$type]);
213 }
214 $smarty->assign("hint", print_sizelimit_warning());
216 $users= array();
217 foreach ($this->allusers as $key => $value){
218 if (!array_key_exists($key, $this->members)){
219 if (preg_match("/^$regex/i", $key)){
220 $users[$key]= $value;
221 }
222 }
223 }
224 $smarty->assign("users", $users);
225 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
226 return ($display);
227 }
229 /* Bases / Departments */
230 if ($this->dn == "new"){
231 $ui= get_userinfo();
232 $this->base= dn2base($ui->dn);
233 } else {
234 if (isset($_POST['base'])){
235 $this->base= $_POST['base'];
236 } else {
237 $this->base= preg_replace ("/^[^,]+,[^,]+,/", "", $this->dn);
238 }
239 }
241 $smarty->assign("bases", $this->config->idepartments);
242 $smarty->assign("base_select", $this->base);
243 $smarty->assign("department", $this->department);
245 if ($this->samba3){
246 $domains= array();
247 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
248 $domains[$name]= $name;
249 }
250 $smarty->assign("sambaDomains", $domains);
251 $smarty->assign("sambaDomainName", $this->sambaDomainName);
252 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
253 514 => _("Domain guests"));
255 /* Don't loose special groups! If not key'ed above, add it to
256 the combo box... */
257 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
258 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
259 }
261 $smarty->assign("groupTypes", $groupTypes);
262 $smarty->assign("groupType", $this->groupType);
263 }
265 /* Members and users */
266 $smarty->assign("members", $this->members);
268 /* Checkboxes */
269 foreach (array("force_gid", "smbgroup") as $val){
270 if ($this->$val == "1"){
271 $smarty->assign("$val", "checked");
272 } else {
273 $smarty->assign("$val", "");
274 }
275 }
276 if ($this->force_gid != "1"){
277 $smarty->assign("forceMode", "disabled");
278 }
279 $smarty->assign("force_gidACL", chkacl($this->acl, "gidNumber"));
280 $smarty->assign("sambaDomainNameACL", chkacl($this->acl, "sambaDomainName"));
281 if ($this->fon_group){
282 $smarty->assign("fon_group", "checked");
283 }
284 $smarty->assign("fon_groupACL", chkacl($this->acl, "fon_group"));
286 /* Fields */
287 foreach (array("cn", "description", "gidNumber") as $val){
288 $smarty->assign("$val", $this->$val);
289 $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
290 }
292 /* Show main page */
293 $smarty->assign("alphabet", generate_alphabet(10));
294 $smarty->assign("search_image", get_template_path('images/search.png'));
295 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
296 $smarty->assign("tree_image", get_template_path('images/tree.png'));
297 $smarty->assign("deplist", $this->config->idepartments);
298 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
299 }
301 function addUser($uid)
302 {
303 $this->memberUid[]= $uid;
304 $this->memberUid= array_unique($this->memberUid);
305 }
307 function removeUser($uid)
308 {
309 $temp= array();
310 foreach ($this->memberUid as $value){
311 if ($value != $uid){
312 $temp[]= $value;
313 }
314 }
315 $this->memberUid= $temp;
316 }
319 /* Reload data */
320 function reload()
321 {
322 /* Generate userlists */
323 $this->last_sorting= "invalid";
324 $this->users= array();
325 $ldap= $this->config->get_ldap_link();
326 $gufilter= get_global("gufilter");
327 $ldap->cd ($gufilter['dselect']);
328 $ldap->search ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))");
329 natcasesort ($this->users);
330 reset ($this->users);
332 $ldap->cd ($this->config->current['BASE']);
333 $ldap->search ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))");
334 $this->allusers= array();
335 while ($attrs= $ldap->fetch()){
336 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
337 $this->allusers[$attrs["uid"][0]]= $attrs["sn"][0].", ".
338 $attrs["givenName"][0].
339 " [".$attrs["uid"][0]."]";
340 } else {
341 $this->allusers[$attrs["uid"][0]]= $attrs['uid'][0];
342 }
343 }
344 natcasesort ($this->allusers);
345 reset ($this->allusers);
347 /* Fill memberlist */
348 $this->members= array();
349 foreach ($this->memberUid as $value){
350 if (isset($this->allusers[$value])){
351 $this->members[$value]= $this->allusers[$value];
352 } else {
353 $this->members[$value]= "[$value]";
354 }
355 }
356 asort($this->members);
357 reset($this->members);
358 }
362 function remove_from_parent()
363 {
364 plugin::remove_from_parent();
366 $ldap= $this->config->get_ldap_link();
367 $ldap->rmdir($this->dn);
368 show_ldap_error($ldap->get_error());
370 /* Delete references to object groups */
371 $ldap->cd ($this->config->current['BASE']);
372 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
373 while ($ldap->fetch()){
374 $og= new ogroup($this->config, $ldap->getDN());
375 unset($og->member[$this->dn]);
376 $og->save ();
377 }
379 /* Send signal to the world that we've done */
380 $this->handle_post_events("remove");
381 }
384 /* Save data to object */
385 function save_object()
386 {
387 /* Save additional values for possible next step */
388 if (isset($_POST['groupedit'])){
389 plugin::save_object();
391 $this->force_gid= 0;
392 $this->smbgroup= 0;
393 foreach (array("force_gid", "department", "base", "smbgroup") as $val) {
394 if (chkacl ($this->acl, "$val") == "" && isset($_POST["$val"])){
395 $this->$val= $_POST["$val"];
396 }
397 }
399 /* Save sambaDomain attribute */
400 if (chkacl ($this->acl, "sambaDomainName") == "" && $this->samba3 &&
401 isset ($_POST['sambaDomainName'])){
403 $this->sambaDomainName= $_POST['sambaDomainName'];
404 $this->groupType= $_POST['groupType'];
405 }
407 /* Save fon attribute */
408 if (chkacl ($this->acl, "fon_group") == ""){
409 if (isset ($_POST['fon_group'])){
410 $this->fon_group= TRUE;
411 } else {
412 $this->fon_group= FALSE;
413 }
414 }
416 }
417 }
420 /* Save to LDAP */
421 function save()
422 {
423 /* ID handling */
424 if ($this->force_gid == 0){
425 if ($this->saved_gidNumber != ""){
426 $this->gidNumber= $this->saved_gidNumber;
427 } else {
428 /* Calculate new, lock uids */
429 $wait= 10;
430 while (get_lock("uidnumber") != ""){
431 sleep (1);
433 /* timed out? */
434 if ($wait-- == 0){
435 break;
436 }
437 }
438 add_lock ("uidnumber", "gosa");
439 $this->gidNumber= $this->get_next_id("gidNumber");
440 }
441 }
443 plugin::save();
445 /* Remove objectClass for samba/phone support */
446 $tmp= array();
447 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
448 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
449 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
450 $this->attrs['objectClass'][$i] != 'goFonPickupGroup'){
451 $tmp[]= $this->attrs['objectClass'][$i];
452 }
453 }
454 $this->attrs['objectClass']= $tmp;
455 $ldap= $this->config->get_ldap_link();
457 /* Add samba group functionality */
458 if ($this->samba3 && $this->smbgroup){
459 $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
460 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
462 $this->attrs['objectClass'][]= 'sambaGroupMapping';
463 $this->attrs['sambaGroupType']= "2";
465 /* Check if we need to create a special entry */
466 if ($this->groupType == 0){
468 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
469 $gidNumber= $this->gidNumber;
470 while(TRUE){
471 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
472 $ldap->cd($this->config->current['BASE']);
473 $ldap->search("(sambaSID=$sid)");
474 if ($ldap->count() == 0){
475 break;
476 }
477 $gidNumber++;
478 }
479 $this->attrs['sambaSID']= $sid;
480 $this->sambaSID= $sid;
481 }
483 } else {
484 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
485 }
487 /* User wants me to fake the idMappings? This is useful for
488 making winbind resolve the group names in a reasonable amount
489 of time in combination with larger databases. */
490 if (isset($this->config->current['SAMBAIDMAPPING']) &&
491 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
492 $this->attrs['objectClass'][]= "sambaIdmapEntry";
493 }
495 }
497 /* Add phone functionality */
498 if ($this->fon_group){
499 $this->attrs['objectClass'][]= "goFonPickupGroup";
500 }
502 /* Take members array */
503 if (count ($this->memberUid)){
504 $this->attrs['memberUid']= array_unique($this->memberUid);
505 }
507 /* New accounts need proper 'dn', propagate it to remaining objects */
508 if ($this->dn == 'new'){
509 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
510 }
512 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
513 new entries. So do a check first... */
514 $ldap->cat ($this->dn);
515 if ($ldap->fetch()){
516 /* Modify needs array() to remove values :-( */
517 if (!count ($this->memberUid)){
518 $this->attrs['memberUid']= array();
519 }
520 if ($this->samba3){
521 if (!$this->smbgroup){
522 $this->attrs['sambaGroupType']= array();
523 $this->attrs['sambaSID']= array();
524 }
525 }
526 $mode= "modify";
527 } else {
528 $mode= "add";
529 $ldap->cd($this->config->current['BASE']);
530 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
531 }
533 /* Write back to ldap */
534 $ldap->cd($this->dn);
535 $ldap->$mode($this->attrs);
537 $ret= 0;
538 if (show_ldap_error($ldap->get_error())){
539 $ret= 1;
540 }
542 /* Remove uid lock */
543 del_lock ("uidnumber");
545 /* Post that we've done*/
546 $this->handle_post_events($mode);
548 return ($ret);
549 }
551 function check()
552 {
553 $message= array();
555 /* Permissions for that base? */
556 if ($this->base != ""){
557 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
558 } else {
559 $new_dn= $this->dn;
560 }
562 $ui= get_userinfo();
563 $acl= get_permissions ($new_dn, $ui->subtreeACL);
564 $acl= get_module_permission($acl, "group", $new_dn);
565 if (chkacl($acl, "create") != ""){
566 $message[]= _("You have no permissions to create a group on this 'Base'.");
567 }
569 /* must: cn */
570 if ($this->cn == "" && chkacl ($this->acl, "cn") == ""){
571 $message[]= "The required field 'Name' is not set.";
572 }
574 /* Check for valid input */
575 if (!is_uid($this->cn)){
576 $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
577 }
579 /* Check for used 'cn' */
580 $ldap= $this->config->get_ldap_link();
581 $ldap->cd($this->config->current['BASE']);
582 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))");
583 if ($ldap->count() != 0){
585 /* New entry? */
586 if ($this->dn == 'new'){
587 $message[]= _("Value specified as 'Name' is already used.");
588 }
590 /* Moved? */
591 elseif ($new_dn != $this->orig_dn){
592 $ldap->fetch();
593 if ($ldap->getDN() != $this->orig_dn){
594 $message[]= _("Value specified as 'Name' is already used.");
595 }
596 }
597 }
599 /* Check ID */
600 if ($this->force_gid == "1"){
601 if (!is_id($this->gidNumber)){
602 $message[]= _("Value specified as 'GID' is not valid.");
603 } else {
604 if ($this->gidNumber < $this->config->current['MINID']){
605 $message[]= _("Value specified as 'GID' is too small.");
606 }
608 }
609 }
611 return ($message);
612 }
614 function get_next_id($attrib)
615 {
616 $ids= array();
617 $ldap= $this->config->get_ldap_link();
619 $ldap->cd ($this->config->current['BASE']);
620 $ldap->search ("($attrib=*)");
622 /* Get list of ids */
623 while ($attrs= $ldap->fetch()){
624 $ids[]= (int)$attrs["$attrib"][0];
625 }
627 /* Find out next free id near to UID_BASE */
628 for ($id= $this->config->current['UIDBASE']; $id++; $id<65000){
629 if (!in_array($id, $ids)){
630 return ($id);
631 }
632 }
634 /* Should not happen */
635 if ($id == 65000){
636 print_red(_("Too many users, can't allocate a free ID!"));
637 exit;
638 }
639 }
641 }
643 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
644 ?>