get_cfg_value("rfc2307bis") == "true"){
$this->rfc2307bis= TRUE;
$this->attributes[]= "member";
$this->objectclasses[]= "groupOfNames";
}
plugin::plugin ($config, $dn);
/* Load attributes depending on the samba version */
$this->samba3= ($config->get_cfg_value("sambaversion") == 3);
$this->orig_dn= $dn;
$this->orig_cn= $this->cn;
/* Read configuration option for $this->allowGroupsWithSameNameInOtherSubtrees */
if ($config->get_cfg_value("allowGroupsWithSameNameInOtherSubtrees") == "false") {
$this->allowGroupsWithSameNameInOtherSubtrees = FALSE;
}
/* Get member list */
if (isset($this->attrs['memberUid'][0])){
$tmp= array();
for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
$tmp[$this->attrs['memberUid'][$i]]= $this->attrs['memberUid'][$i];
}
$this->memberUid= $tmp;
ksort ($this->memberUid);
}
/* Save gidNumber for later use */
if (isset($this->attrs['gidNumber'])){
$this->saved_gidNumber= $this->attrs['gidNumber'][0];
}
/* Is a samba group? */
if (isset($this->attrs['objectClass'])){
if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == FALSE ){
$this->smbgroup= FALSE;
} else {
$this->smbgroup= TRUE;
if (isset($this->attrs['sambaSID'])){
$this->sambaSID= $this->attrs['sambaSID'][0];
}
}
if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == FALSE ){
$this->fon_group= FALSE;
} else {
$this->fon_group= TRUE;
}
if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == FALSE ){
$this->nagios_group= FALSE;
} else {
$this->nagios_group= TRUE;
}
}
/* Set mail flag */
if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
$this->has_mailAccount= TRUE;
}
/* Get samba Domain in case of samba 3 */
if ($this->samba3 && $this->sambaSID != ""){
$this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
if ($ldap->count() != 0){
$attrs= $ldap->fetch();
if(isset($attrs['sambaAlgorithmicRidBase'])){
$this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
} else {
$this->ridBase= $this->config->get_cfg_value("sambaRidBase");
}
/* Get domain name for SID */
$this->sambaDomainName= "DEFAULT";
foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
if ($val['SID'] == $this->SID){
$this->sambaDomainName= $key;
break;
}
}
} else {
if ($this->config->get_cfg_value("sambaRidBase") != ""){
$this->sambaDomainName= "DEFAULT";
$this->ridBase= $this->config->get_cfg_value("sambaRidBase");
$this->SID= $this->config->get_cfg_value("sid");
} else {
msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG);
}
}
/* Get group type */
$this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
if ($this->groupType < 500 || $this->groupType > 553){
$this->groupType= 0;
}
$this->oldgroupType= $this->groupType;
}
/* Get global filter config */
if (!session::is_set("gufilter")){
$ui= get_userinfo();
$base= get_base_from_people($ui->dn);
$gufilter= array( "dselect" => $base,
"regex" => "*");
session::set("gufilter", $gufilter);
}
$gufilter= session::get('gufilter');
$gufilter['SubSearchGroup'] = false;
session::set('gufilter',$gufilter);
if ($this->dn == "new"){
if(session::is_set('CurrentMainBase')){
$this->base = session::get('CurrentMainBase');
}else{
$ui= get_userinfo();
$this->base= dn2base($ui->dn);
}
} else {
/* Get object base */
$this->base =preg_replace ("/^[^,]+,".preg_quote(get_groups_ou(), '/')."/","",$this->dn);
}
$this->orig_base = $this->base;
/* Is this account a trustAccount? */
if (isset($this->attrs['trustModel'])){
$this->trustModel= $this->attrs['trustModel'][0];
$this->was_trust_account= TRUE;
} else {
$this->was_trust_account= FALSE;
$this->trustModel= "";
}
$this->accessTo = array();
if (isset($this->attrs['accessTo'])){
for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
$tmp= $this->attrs['accessTo'][$i];
$this->accessTo[$tmp]= $tmp;
}
}
/* Get global filter config */
if (!session::is_set("sysfilter")){
$ui= get_userinfo();
$base= get_base_from_people($ui->dn);
$sysfilter= array( "depselect" => $base,
"regex" => "*");
session::set("sysfilter", $sysfilter);
}
/* This is always an account */
$this->is_account= TRUE;
$this->reload(TRUE);
}
function execute()
{
/* Call parent execute */
plugin::execute();
/* Log view */
if($this->is_account && !$this->view_logged){
$this->view_logged = TRUE;
new log("view","groups/".get_class($this),$this->dn);
}
/* Do we represent a valid group? */
if (!$this->is_account && $this->parent === NULL){
$display= " ".msgPool::noValidExtension()."";
return ($display);
}
/* Delete user from group */
if (isset($_POST['del_users']) && isset($_POST['members']) && preg_match("/w/",$this->getacl("memberUid"))){
foreach ($_POST['members'] as $value){
unset ($this->members["$value"]);
$this->removeUser($value);
}
$this->reload();
}
/* Add objects? */
if (isset($_POST["edit_membership"]) && preg_match("/w/",$this->getacl("memberUid"))){
$this->group_dialog= TRUE;
$this->dialog= TRUE;
}
/* Add objects finished? */
if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
$this->group_dialog= FALSE;
$this->dialog= FALSE;
}
/* Add user to group */
if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
foreach ($_POST['users'] as $value){
$this->members["$value"]= $this->allusers[$value];
asort($this->members);
$this->addUser($value);
}
$this->reload();
}
/* Base select dialog */
$once = true;
foreach($_POST as $name => $value){
if((preg_match("/^chooseBase/",$name) && $once) && $this->acl_is_writeable("base")){
$once = false;
$this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
$this->dialog->setCurrentBase($this->base);
}
}
/* Dialog handling */
if(is_object($this->dialog)){
/* Must be called before save_object */
$this->dialog->save_object();
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
/* Check if selected base is valid */
$tmp = $this->get_allowed_bases();
if(isset($tmp[$this->dialog->isSelected()])){
$this->base = $this->dialog->isSelected();
}
$this->dialog= false;
}else{
return($this->dialog->execute());
}
}
/* Add user workstation? */
if (isset($_POST["add_ws"])){
$this->show_ws_dialog= TRUE;
$this->dialog= TRUE;
}
/* Add user workstation? */
if (isset($_POST["add_ws_finish"]) && isset($_POST['wslist'])){
foreach($_POST['wslist'] as $ws){
$this->accessTo[$ws]= $ws;
}
ksort($this->accessTo);
$this->is_modified= TRUE;
}
/* Remove user workstations? */
if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
foreach($_POST['workstation_list'] as $name){
unset ($this->accessTo[$name]);
}
$this->is_modified= TRUE;
}
/* Add user workstation finished? */
if (isset($_POST["add_ws_finish"]) || isset($_POST["add_ws_cancel"])){
$this->show_ws_dialog= FALSE;
$this->dialog= FALSE;
}
$smarty= get_smarty();
/* Show ws dialog */
if ($this->show_ws_dialog){
/* Save data */
$sysfilter= session::get("sysfilter");
foreach( array("depselect", "regex") as $type){
if (isset($_POST[$type])){
$sysfilter[$type]= $_POST[$type];
}
}
if (isset($_GET['search'])){
$s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
if ($s == "**"){
$s= "*";
}
$sysfilter['regex']= $s;
}
session::set("sysfilter", $sysfilter);
/* Get workstation list */
$exclude= "";
foreach($this->accessTo as $ws){
$exclude.= "(cn=$ws)";
}
if ($exclude != ""){
$exclude= "(!(|$exclude))";
}
$regex= $sysfilter['regex'];
/* Search for systems
*/
$types = array();
$types['server'] = array("OU" => get_ou("serverRDN"), "OC" => "(objectClass=goServer)");
$types['workstation'] = array("OU" => get_ou("workstationRDN"),"OC" => "(objectClass=gotoWorkstation)");
$types['terminal'] = array("OU" => get_ou("terminalRDN"), "OC" => "(objectClass=gotoTerminal)");
$res = array();
foreach($types as $acl => $data){
$filter= "(&".$data['OC']."$exclude(cn=$regex))";
$res= array_merge($res,get_sub_list($filter,array($acl),$data['OU'],get_ou("systemRDN").$sysfilter['depselect'],
array("cn"), GL_SUBSEARCH | GL_SIZELIMIT));
}
$wslist = array();
foreach ($res as $attrs){
$wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
}
asort($wslist);
$smarty->assign("search_image", get_template_path('images/lists/search.png'));
$smarty->assign("launchimage", get_template_path('images/lists/action.png'));
$smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
$smarty->assign("deplist", $this->config->idepartments);
$smarty->assign("alphabet", generate_alphabet());
foreach( array("depselect", "regex") as $type){
$smarty->assign("$type", $sysfilter[$type]);
}
$smarty->assign("hint", print_sizelimit_warning());
$smarty->assign("wslist", $wslist);
$smarty->assign("apply", apply_filter());
$display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__)));
return ($display);
}
/* Assign templating stuff */
if ($this->samba3){
$smarty->assign("samba3", "true");
} else {
$smarty->assign("samba3", "");
}
if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
$smarty->assign("nagios",true);
}else{
$smarty->assign("nagios",false);
}
if($this->config->search("phoneAccount", "CLASS",array('menu'))){
$smarty->assign("pickupGroup",true);
}else{
$smarty->assign("pickupGroup",false);
}
/* Manage object add dialog */
if ($this->group_dialog){
/* Save data */
$gufilter= session::get("gufilter");
foreach( array("dselect", "regex") as $type){
if (isset($_POST[$type])){
$gufilter[$type]= $_POST[$type];
}
}
if(isset($_POST['regex'])){
if(isset($_POST['SubSearchGroup'])){
$gufilter['SubSearchGroup'] = true;
}else{
$gufilter['SubSearchGroup'] = false;
}
}
if (isset($_GET['search'])){
$s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
if ($s == "**"){
$s= "*";
}
$gufilter['regex']= $s;
}
session::set("gufilter", $gufilter);
$this->reload();
/* Show dialog */
$smarty->assign("search_image", get_template_path('images/lists/search.png'));
$smarty->assign("launchimage", get_template_path('images/lists/action.png'));
$smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
$ui = get_userinfo();
$tmp = $ui->get_module_departments("users");
$deps = array();
foreach($this->config->idepartments as $dn => $name){
if(in_array($dn,$tmp)){
$deps[$dn] = $name;
}
}
$smarty->assign("deplist", $deps);
$smarty->assign("alphabet", generate_alphabet());
foreach( array("dselect", "regex","SubSearchGroup") as $type){
$smarty->assign("$type", $gufilter[$type]);
}
$smarty->assign("hint", print_sizelimit_warning());
$smarty->assign("users", $this->displayUsers);
$smarty->assign("apply", apply_filter());
$display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
return ($display);
}
$smarty->assign("bases", $this->get_allowed_bases());
$smarty->assign("base_select", $this->base);
if ($this->samba3){
$domains= array();
foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
$domains[$name]= $name;
}
$smarty->assign("sambaDomains", $domains);
$smarty->assign("sambaDomainName", $this->sambaDomainName);
$groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
514 => _("Domain guests"));
/* Don't loose special groups! If not key'ed above, add it to
the combo box... */
if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
$groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
}
$smarty->assign("groupTypes", $groupTypes);
$smarty->assign("groupType", $this->groupType);
}
/* Members and users */
$smarty->assign("members", $this->members);
/* Work on trust modes */
$smarty->assign("trusthide", " disabled ");
$smarty->assign("trustmodeACL", $this->getacl("trustModel"));
if ($this->trustModel == "fullaccess"){
$trustmode= 1;
// pervent double disable tag in html code, this will disturb our clean w3c html
$smarty->assign("trustmode", $this->getacl("trustModel"));
} elseif ($this->trustModel == "byhost"){
$trustmode= 2;
$smarty->assign("trusthide", "");
} else {
// pervent double disable tag in html code, this will disturb our clean w3c html
$smarty->assign("trustmode", $this->getacl("trustModel"));
$trustmode= 0;
}
$smarty->assign("trustmode", $trustmode);
$smarty->assign("trustmodes", array( 0 => _("disabled"), 1 => _("full access"),
2 => _("allow access to these hosts")));
if((count($this->accessTo))==0){
$smarty->assign("emptyArrAccess",true);
} else{
$smarty->assign("emptyArrAccess",false);
}
$smarty->assign("workstations", $this->accessTo);
/* Checkboxes */
foreach (array("force_gid", "smbgroup") as $val){
if ($this->$val == "1"){
$smarty->assign("$val", "checked");
} else {
$smarty->assign("$val", "");
}
}
if ($this->force_gid != "1"){
$smarty->assign("forceMode", "disabled");
}else{
$smarty->assign("forceMode", "");
}
if ($this->fon_group){
$smarty->assign("fon_group", "checked");
} else {
$smarty->assign("fon_group", "");
}
if ($this->nagios_group){
$smarty->assign("nagios_group", "checked");
} else {
$smarty->assign("nagios_group", "");
}
/* Fields */
foreach (array("cn", "description", "gidNumber") as $val){
$smarty->assign("$val", $this->$val);
}
$tmp = $this->plInfo();
foreach($tmp['plProvidedAcls'] as $name => $translation){
$smarty->assign($name."ACL",$this->getacl($name));
}
if($this->acl_is_writeable("base")){
$smarty->assign("baseSelect",true);
}else{
$smarty->assign("baseSelect",false);
}
/* Show main page */
$smarty->assign("alphabet", generate_alphabet(10));
$smarty->assign("search_image", get_template_path('images/lists/search.png'));
$smarty->assign("launchimage", get_template_path('images/lists/action.png'));
$smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
$smarty->assign("deplist", $this->config->idepartments);
/* Multiple edit handling */
$smarty->assign("multiple_support",$this->multiple_support_active);
$smarty->assign("memberUid_All",$this->memberUid);
$smarty->assign("memberUid_Some",$this->memberUid_used_by_some);
foreach($this->attributes as $val){
if(in_array($val,$this->multi_boxes)){
$smarty->assign("use_".$val,TRUE);
}else{
$smarty->assign("use_".$val,FALSE);
}
}
foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $val){
if(in_array($val,$this->multi_boxes)){
$smarty->assign("use_".$val,TRUE);
}else{
$smarty->assign("use_".$val,FALSE);
}
}
return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
}
function addUser($uid)
{
/* In mutliple edit we have to handle two arrays.
* memberUid : Containing users used in all groups
* memberUid_used_by_some : Those which are not used in all groups
* So we have to remove the given $uid from the ..used_by_some array first.
*/
if($this->multiple_support_active){
if(isset($this->memberUid_used_by_some[$uid])){
unset($this->memberUid_used_by_some[$uid]);
}
}
$this->memberUid[$uid]= $uid;
}
function removeUser($uid)
{
$temp= array();
if(isset($this->memberUid[$uid])){
unset($this->memberUid[$uid]);
}
/* We have two array contianing group members in multiple edit.
* this->memberUid : Groups used by all currently edited groups
* this->memberUid_used_by_some: Used by some
* So we have to remove the specified uid from both arrays.
*/
if($this->multiple_support_active){
if(isset($this->memberUid_used_by_some[$uid])){
unset($this->memberUid_used_by_some[$uid]);
}
}
}
/* Reload data */
function reload($silent = FALSE)
{
/* Fix regex string */
$gufilter = session::get("gufilter");
$regex = normalizeLdap($gufilter['regex']);
$MaxUser = $this->OnlyShowFirstEntries;
/* Prepare ldap link */
$ldap= $this->config->get_ldap_link();
$ldap->cd($gufilter['dselect']);
/* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
(Store gathered sn/givenName informations in $this->allusers too,
to be prepared when adding/deleting users)
*/
$filter = "";
if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
foreach ($this->memberUid as $value){
if(!isset($this->members[$value])){
$filter .= "(uid=".normalizeLdap($value).")";
}
}
}
if(!empty($filter)){
$ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
while($attrs = $ldap->fetch()){
$this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
$this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
$this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
}
}
/* check if all uids are resolved */
if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
foreach ($this->memberUid as $value){
if(!isset($this->members[$value])){
$this->members[$value] = _("! unknown id")." [".$value."]";
}
}
}else{
foreach ($this->memberUid as $value){
$this->members[$value] = $value;
}
}
/* Create display list of users matching regex & filter
*/
$this->displayUsers = array();
$filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
/* Search in current tree or within subtrees depending on the checkbox from filter section */
if($gufilter['SubSearchGroup']){
$flag = GL_SIZELIMIT | GL_SUBSEARCH;
$base = $gufilter['dselect'];
}else{
$flag = GL_SIZELIMIT ;
$base = get_people_ou().$gufilter['dselect'];
}
$i = 0;
$res = get_list($filter,"users",$base,array("dn", "uid", "sn", "givenName"),$flag);
/* Fetch all users and skip already used users */
foreach($res as $attrs){
if(in_array($attrs['uid'][0], $this->memberUid)) {
continue;
}
$i ++;
if($i > $MaxUser) {
break;
}
$this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
$this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
$this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
}
/* If more than max users are found, display a message to warn the user */
if($i == $MaxUser && !$silent){
msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG);
}
/* Sort lists */
natcasesort($this->members);
reset($this->members);
natcasesort ($this->displayUsers);
reset ($this->displayUsers);
}
/* Create display name, this was used so often that it is excluded into a seperate function */
function createResultName($attrs)
{
if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
$ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
} else {
$ret= $attrs['uid'][0];
}
return($ret);
}
function remove_from_parent()
{
plugin::remove_from_parent();
$ldap= $this->config->get_ldap_link();
$ldap->rmdir($this->dn);
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
}
new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
/* Delete references to object groups */
$ldap->cd ($this->config->current['BASE']);
$ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
while ($ldap->fetch()){
$og= new ogroup($this->config, $ldap->getDN());
unset($og->member[$this->dn]);
$og->save ();
}
/* Remove ACL dependencies too,
*/
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
while($attrs = $ldap->fetch()){
$acl = new acl($this->config,$this->parent,$attrs['dn']);
foreach($acl->gosaAclEntry as $id => $entry){
foreach($entry['members'] as $m_id => $member){
if($m_id == "G:".$this->dn || $m_id == "U:".$this->dn){
unset($acl->gosaAclEntry[$id]['members'][$m_id]);
gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn']));
}
}
}
$acl->save();
}
/* Remove ACL dependencies too,
*/
$tmp = new acl($this->config,$this->parent,$this->dn);
$tmp->remove_acl();
/* Send signal to the world that we've done */
$this->handle_post_events("remove");
}
/* Save data to object */
function save_object()
{
/* Save additional values for possible next step */
if (isset($_POST['groupedit'])){
/* Create a base backup and reset the
base directly after calling plugin::save_object();
Base will be set seperatly a few lines below */
$base_tmp = $this->base;
plugin::save_object();
$this->base = $base_tmp;
$this->force_gid= 0;
/* Only reset sambagroup flag if we are able to write this flag */
if($this->acl_is_writeable("sambaGroupType")){
$this->smbgroup = 0;
}
/* Get base selection */
if(isset($_POST['base'])){
$tmp = $this->get_allowed_bases();
if(isset($tmp[$_POST['base']])){
$this->base = $_POST['base'];
}
}
foreach (array(
"force_gid" => "gidNumber",
"smbgroup" => "sambaGroupType") as $val => $aclname) {
if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
$this->$val= $_POST["$val"];
}
}
/* Save sambaDomain attribute */
if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
$this->sambaDomainName= $_POST['sambaDomainName'];
$this->groupType= $_POST['groupType'];
}
/* Save fon attribute */
if ($this->acl_is_writeable("fonGroup")){
if (isset ($_POST['fon_group'])){
$this->fon_group= TRUE;
} else {
$this->fon_group= FALSE;
}
}
if ($this->acl_is_writeable("nagiosGroup")){
if (isset ($_POST['nagios_group'])){
$this->nagios_group= TRUE;
} else {
$this->nagios_group= FALSE;
}
}
}
/* Trust mode - special handling */
if($this->acl_is_writeable("trustModel")){
if (isset($_POST['trustmode'])){
$saved= $this->trustModel;
if ($_POST['trustmode'] == "1"){
$this->trustModel= "fullaccess";
} elseif ($_POST['trustmode'] == "2"){
$this->trustModel= "byhost";
} else {
$this->trustModel= "";
}
if ($this->trustModel != $saved){
$this->is_modified= TRUE;
}
}
}
}
/* Save to LDAP */
function save()
{
/* ID handling */
if ($this->force_gid == 0){
if ($this->saved_gidNumber != ""){
$this->gidNumber= $this->saved_gidNumber;
} else {
/* Calculate new, lock uids */
$wait= 10;
while (get_lock("uidnumber") != ""){
sleep (1);
/* timed out? */
if ($wait-- == 0){
break;
}
}
add_lock ("uidnumber", "gosa");
$this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
}
}
plugin::save();
/* Trust accounts */
$objectclasses= array();
foreach ($this->attrs['objectClass'] as $key => $class){
if (preg_match('/trustAccount/i', $class)){
continue;
}
$objectclasses[]= $this->attrs['objectClass'][$key];
}
$this->attrs['objectClass']= $objectclasses;
if ($this->trustModel != ""){
$this->attrs['objectClass'][]= "trustAccount";
$this->attrs['trustModel']= $this->trustModel;
$this->attrs['accessTo']= array();
if ($this->trustModel == "byhost"){
foreach ($this->accessTo as $host){
$this->attrs['accessTo'][]= $host;
}
}
} else {
if ($this->was_trust_account){
$this->attrs['accessTo']= array();
$this->attrs['trustModel']= array();
}
}
/* Remove objectClass for samba/phone support */
$tmp= array();
for ($i= 0; $iattrs["objectClass"]); $i++){
if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
$this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
$this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
$this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
$tmp[]= $this->attrs['objectClass'][$i];
}
}
$this->attrs['objectClass']= $tmp;
$ldap= $this->config->get_ldap_link();
/* Add samba group functionality */
if ($this->samba3 && $this->smbgroup){
/* Fixed undefined index ...
*/
$this->SID = $this->ridBase = "";
if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
$this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
}else{
msg_dialog::display(_("Error"), sprintf(_("Cannot find any SID for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
}
if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
$this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
}else{
msg_dialog::display(_("Error"), sprintf(_("Cannot find any RIDBASE for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
}
$this->attrs['objectClass'][]= 'sambaGroupMapping';
$this->attrs['sambaGroupType']= "2";
/* Check if we need to create a special entry */
if ($this->groupType == 0){
if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
$gidNumber= $this->gidNumber;
while(TRUE){
$sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
$ldap->cd($this->config->current['BASE']);
$ldap->search("(sambaSID=$sid)",array("sambaSID"));
if ($ldap->count() == 0){
break;
}
$gidNumber++;
}
$this->attrs['sambaSID']= $sid;
$this->sambaSID= $sid;
}
} else {
$this->attrs['sambaSID']=$this->SID."-".$this->groupType;
}
/* User wants me to fake the idMappings? This is useful for
making winbind resolve the group names in a reasonable amount
of time in combination with larger databases. */
if ($this->config->get_cfg_value("sambaidmapping") == "true"){
$this->attrs['objectClass'][]= "sambaIdmapEntry";
}
}
/* Add phone functionality */
if ($this->fon_group){
$this->attrs['objectClass'][]= "goFonPickupGroup";
}
/* Add nagios functionality */
if ($this->nagios_group){
$this->attrs['objectClass'][]= "nagiosContactGroup";
}
/* Take members array */
if (count ($this->memberUid)){
$this->attrs['memberUid']= array_values(array_unique($this->memberUid));
}
/* New accounts need proper 'dn', propagate it to remaining objects */
if ($this->dn == 'new'){
$this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
}
/* Add member dn's for RFC2307bis Support */
if ($this->rfc2307bis){
$this->attrs['member'] = array();
if (count($this->memberUid)){
foreach($this->attrs['memberUid'] as $uid) {
$this->attrs['member'][]= $this->dnMapping[$uid];
}
} else {
$this->attrs['member'][]= $this->dn;
}
}
/* Save data. Using 'modify' implies that the entry is already present, use 'add' for
new entries. So do a check first... */
$ldap->cat ($this->dn, array('dn'));
if ($ldap->fetch()){
/* Modify needs array() to remove values :-( */
if (!count ($this->memberUid)){
$this->attrs['memberUid']= array();
}
if ($this->samba3){
if (!$this->smbgroup){
$this->attrs['sambaGroupType']= array();
$this->attrs['sambaSID']= array();
}
}
$mode= "modify";
} else {
$mode= "add";
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
}
/* Write back to ldap */
$ldap->cd($this->dn);
$this->cleanup();
$ldap->$mode($this->attrs);
/* Remove ACL dependencies too,
*/
if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
$tmp = new acl($this->config,$this->parent,$this->dn);
$tmp->update_acl_membership($this->orig_dn,$this->dn);
}
if($this->initially_was_account){
new log("modify","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}else{
new log("create","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}
$ret= 0;
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
$ret= 1;
}
/* Remove uid lock */
del_lock ("uidnumber");
/* Post that we've done*/
$this->handle_post_events($mode);
return ($ret);
}
function check()
{
/* Call common method to give check the hook */
$message= plugin::check();
/* Permissions for that base? */
if ($this->base != ""){
$new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
} else {
$new_dn= $this->dn;
}
/* must: cn */
if ($this->cn == "" && $this->acl_is_writeable("cn")){
$message[]= msgPool::required(_("Name"));
}
/* Check for valid input */
if (!tests::is_uid($this->cn)){
if (strict_uid_mode()){
$message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/");
} else {
$message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/i");
}
}
if($this->allowGroupsWithSameNameInOtherSubtrees == true){
/* Check for used 'cn' */
$ldap= $this->config->get_ldap_link();
if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new") || ($new_dn != $this->orig_dn)){
$ldap->cd(get_groups_ou().$this->base);
$ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
if ($ldap->count() != 0){
$message[]= msgPool::duplicated(_("Name"));
}
}
}else{
/* Check for used 'cn' */
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn", "gosaUnitTag"));
if ($ldap->count() != 0){
while ($entry = $ldap->fetch()) {
if ($this->gosaUnitTag == '' || ($this->orig_dn != $new_dn)) {
$tag = $this->get_gosaUnitTag($new_dn);
}
else {
$tag = $this->gosaUnitTag;
}
if ($entry['gosaUnitTag'][0] == $tag) {
if ($ldap->getDN() != $this->orig_dn){
$message[]= _("Another group of the same name already exists, saving or creating this group is not allowed. Please rename the group or remove the other group.");
break;
}
}
}
}
}
/* Check ID */
if ($this->force_gid == "1"){
if (!tests::is_id($this->gidNumber)){
$message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/");
} else {
if ($this->gidNumber < $this->config->get_cfg_value("minId")){
$message[]= msgPool::toosmall(_("GID"), $this->config->get_cfg_value("minId"));
}
}
}
/* Check if we are allowed to create or move this object
*/
if(!$this->orig_dn == "new" ||
$this->orig_base != $this->base ||
$this->cn != $this->orig_cn){
if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
$message[] = msgPool::permCreate();
}elseif($this->orig_dn != "new" && !$this->acl_is_moveable($this->base)){
$message[] = msgPool::permMove();
}
}
return ($message);
}
function get_next_id($attrib, $dn)
{
$ids= array();
$ldap= $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
if (preg_match('/gidNumber/i', $attrib)){
$oc= "posixGroup";
} else {
$oc= "posixAccount";
}
$ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
/* Get list of ids */
while ($attrs= $ldap->fetch()){
$ids[]= (int)$attrs["$attrib"][0];
}
/* Find out next free id near to UID_BASE */
if ($this->config->get_cfg_value("baseIdHook") == ""){
$base= $this->config->get_cfg_value("uidNumberBase");
} else {
/* Call base hook */
$base= get_base_from_hook($dn, $attrib);
}
for ($id= $base; $id++; $id < pow(2,32)){
if (!in_array($id, $ids)){
return ($id);
}
}
/* Check if id reached maximum */
if ($id >= pow(2,32)){
msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
exit;
}
}
function getCopyDialog()
{
$vars = array("cn");
if($this ->force_gid){
$used = " checked ";
$dis = "";
}else{
$used = "";
$dis = " disabled ";
}
$smarty = get_smarty();
$smarty->assign("used",$used);
$smarty->assign("dis" ,$dis);
$smarty->assign("cn" ,$this->cn);
$smarty->assign("gidNumber",$this->gidNumber);
$str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
$ret = array();
$ret['string'] = $str;
$ret['status'] = "";
return($ret);
}
function saveCopyDialog()
{
if(isset($_POST['cn'])){
$this->cn = $_POST['cn'];
}
if(isset($_POST['force_gid'])){
$this->force_gid = 1;
$this->gidNumber= $_POST['gidNumber'];
}else{
$this->force_gid = 0;
$this->gidNumber = false;
}
}
/* Return plugin informations for acl handling */
static function plInfo()
{
return (array(
"plShortName" => _("Generic"),
"plDescription" => _("Generic group settings"),
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
"plSection" => array("administration"),
"plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
"plProvidedAcls" => array(
"cn" => _("Name"),
"description" => _("Description"),
"base" => _("Base"),
"gidNumber" => _("GID"),
"sambaGroupType" => _("Samba group type"),
"sambaDomainName" => _("Samba domain name"),
"trustModel" => _("System trust"),
"fonGroup" => _("Phone pickup group"),
"nagiosGroup" => _("Nagios group"),
"memberUid" => _("Group member"))
));
}
function multiple_save_object()
{
if(isset($_POST['group_mulitple_edit'])){
/* Create a base backup and reset the
base directly after calling plugin::save_object();
Base will be set seperatly a few lines below */
$base_tmp = $this->base;
plugin::multiple_save_object();
plugin::save_object();
$this->base = $base_tmp;
foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $attr){
if(isset($_POST['use_'.$attr])){
$this->multi_boxes[] = $attr;
}
}
/* Get base selection */
if(isset($_POST['base'])){
$tmp = $this->get_allowed_bases();
if(isset($tmp[$_POST['base']])){
$this->base = $_POST['base'];
}
}
foreach (array( "smbgroup" => "sambaGroupType" ,"nagios_group" => "nagios_group") as $val => $aclname) {
if ($this->acl_is_writeable($aclname)){
if(isset($_POST["$val"])){
$this->$val= TRUE;
}else{
$this->$val= FALSE;
}
}
}
/* Save sambaDomain attribute */
if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
$this->sambaDomainName= $_POST['sambaDomainName'];
$this->groupType= $_POST['groupType'];
}
/* Trust mode - special handling */
if($this->acl_is_writeable("trustModel")){
if (isset($_POST['trustmode'])){
$saved= $this->trustModel;
if ($_POST['trustmode'] == "1"){
$this->trustModel= "fullaccess";
} elseif ($_POST['trustmode'] == "2"){
$this->trustModel= "byhost";
} else {
$this->trustModel= "";
}
if ($this->trustModel != $saved){
$this->is_modified= TRUE;
}
}
}
/* Save fon attribute */
if ($this->acl_is_writeable("fonGroup")){
if (isset ($_POST['fon_group'])){
$this->fon_group= TRUE;
} else {
$this->fon_group= FALSE;
}
}
}
}
function get_multi_edit_values()
{
$ret = plugin::get_multi_edit_values();
foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group") as $attr){
if(in_array($attr,$this->multi_boxes)){
$ret[$attr] = $this->$attr;
}
}
if(in_array("trustmode",$this->multi_boxes)){
$ret['trustModel'] = $this->trustModel;
$ret['accessTo'] = $this->accessTo;
}
$ret['memberUid'] = $this->memberUid;
$ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
return($ret);
}
function multiple_execute()
{
return($this->execute());
}
/* Initialize plugin with given atribute arrays
*/
function init_multiple_support($attrs,$all)
{
plugin::init_multiple_support($attrs,$all);
$this->memberUid = array();
$this->memberUid_used_by_some = array();
if (isset($attrs['memberUid'])){
for ($i= 0; $i<$attrs['memberUid']['count']; $i++){
$this->memberUid[$attrs['memberUid'][$i]]= $attrs['memberUid'][$i];
}
ksort($this->memberUid);
}
if (isset($all['memberUid'])){
for ($i= 0; $i<$all['memberUid']['count']; $i++){
if(!in_array($all['memberUid'][$i],$this->memberUid)){
$this->memberUid_used_by_some[$all['memberUid'][$i]]= $all['memberUid'][$i];
}
}
ksort($this->memberUid_used_by_some);
}
}
function PrepareForCopyPaste($source)
{
plugin::PrepareForCopyPaste($source);
$source_o = new group($this->config, $source['dn']);
foreach($this->CopyPasteVars as $var) {
$this->$var = $source_o->$var;
}
$this->memberUid = array();
if(isset($source['memberUid'])){
for($i = 0 ; $i < $source['memberUid']['count']; $i ++){
$this->memberUid[] = $source['memberUid'][$i];
}
}
}
function set_multi_edit_values($attrs)
{
$users = array();
/* Update groupMembership, keep optinal group */
foreach($attrs['memberUid_used_by_some'] as $uid){
if(in_array($uid,$this->memberUid)){
$users[$uid] = $uid;
}
}
/* Update groupMembership, add forced groups */
foreach($attrs['memberUid'] as $uid){
$users[$uid] = $uid;
}
plugin::set_multi_edit_values($attrs);
$this->memberUid = $users;
}
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>