index 60f0878b0f9cf1b594f374099c2b60938e40402e..f03490a03b4f6423af8acf73ddf8e291e84e1b96 100644 (file)
return;
}
+ /* Check if this entry was opened in read only mode */
if(isset($_POST['open_readonly'])){
- $this->read_only = TRUE;
+ if(session::global_is_set("LOCK_CACHE")){
+ $cache = &session::get("LOCK_CACHE");
+ if(isset($cache['READ_ONLY'][$this->dn])){
+ $this->read_only = TRUE;
+ }
+ }
}
/* Save current dn as acl_base */
function execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
- session::set('current_class_for_help',get_class($this));
+ session::global_set('current_class_for_help',get_class($this));
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
session::set('LOCK_VARS_TO_USE',array());
- session::set('LOCK_VARS_USED',array());
+ session::set('LOCK_VARS_USED_GET',array());
+ session::set('LOCK_VARS_USED_POST',array());
+ session::set('LOCK_VARS_USED_REQUEST',array());
}
/*! \brief execute plugin
}
}
+
+ /* Create unique DN */
+ function create_unique_dn2($data, $base)
+ {
+ $ldap= $this->config->get_ldap_link();
+ $base= preg_replace("/^,*/", "", $base);
+
+ /* Try to use plain entry first */
+ $dn= "$data,$base";
+ $attribute= preg_replace('/=.*$/', '', $data);
+ $ldap->cat ($dn, array('dn'));
+ if (!$ldap->fetch()){
+ return ($dn);
+ }
+
+ /* Look for additional attributes */
+ foreach ($this->attributes as $attr){
+ if ($attr == $attribute || $this->$attr == ""){
+ continue;
+ }
+
+ $dn= "$data+$attr=".$this->$attr.",$base";
+ $ldap->cat ($dn, array('dn'));
+ if (!$ldap->fetch()){
+ return ($dn);
+ }
+ }
+
+ /* None found */
+ return ("none");
+ }
+
+
/* Create unique DN */
function create_unique_dn($attribute, $base)
{
return ("none");
}
+
function rebind($ldap, $referral)
{
$credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
ldap_set_rebind_proc($ds, array(&$this, "rebind"));
}
- $r=ldap_bind($ds,$this->config->current['ADMINDN'], $this->config->current['ADMINPASSWORD']);
+ $pwd = $this->config->get_credentials($this->config->current['ADMINPASSWORD']);
+ $r=ldap_bind($ds,$this->config->current['ADMINDN'], $pwd);
$sr=ldap_read($ds, LDAP::fix($src_dn), "objectClass=*");
/* Fill data from LDAP */
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dst_dn));
if (!$ldap->rename_dn($src_dn,$dst_dn)){
- msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class()));
+# msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class()));
+ new log("debug","Ldap Protocol v3 implementation error, ldap_rename failed, falling back to manual copy.","FROM: $src_dn -- TO: $dst_dn",array(),$ldap->get_error());
+ @DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,"Rename failed FROM: $src_dn -- TO: $dst_dn",
+ "Ldap Protocol v3 implementation error, falling back to maunal method.");
return(FALSE);
}
$this->update_acls($old_dn,$new_dn);
}
- /* Get all objectGroups defined in this database.
- and check if there is an entry matching the source dn,
- if this is the case, then update this objectgroup to use the new dn.
- */
- $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=*))","ogroups",
- array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("member"),
- GL_SUBSEARCH | GL_NO_ACL_CHECK) ;
+ // Migrate objectgroups if needed
+ $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","ogroups", array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
- /* Walk through all objectGroups and check if there are
- members matching the source dn
- */
+ // Walk through all objectGroups
foreach($ogroups as $ogroup){
- if(isset($ogroup['member'])){
+ // Migrate old to new dn
+ $o_ogroup= new ogroup($this->config,$ogroup['dn']);
+ unset($o_ogroup->member[$src_dn]);
+ $o_ogroup->member[$dst_dn]= $dst_dn;
+
+ // Save object group
+ $o_ogroup->save();
+ }
- /* Reset class object, this will be initialized with class_ogroup on demand
- */
- $o_ogroup = NULL;
- for($i = 0 ; $i < $ogroup['member']['count'] ; $i ++){
+ // Migrate rfc groups if needed
+ $groups = get_sub_list("(&(objectClass=posixGroups)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
- $c_mem = $ogroup['member'][$i];
-
- if(preg_match("/".preg_quote($src_dn, '/')."$/i",$c_mem)){
-
- $d_mem = preg_replace("/".preg_quote($src_dn, '/')."$/i",$dst_dn,$ogroup['member'][$i]);
+ // Walk through all POSIX groups
+ foreach($groups as $group){
+ // Migrate old to new dn
+ $o_group= new group($this->config,$group['dn']);
+ unset($o_group->member[$src_dn]);
+ $o_group->member[$dst_dn]= $dst_dn;
+
+ // Save object group
+ $o_group->save();
+ }
- if($o_ogroup == NULL){
- $o_ogroup = new ogroup($this->config,$ogroup['dn']);
- }
+ /* Update roles to use the new entry dn */
+ $roles = get_sub_list("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","roles", array(get_ou("roleRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
- unset($o_ogroup->member[$c_mem]);
- $o_ogroup->member[$d_mem]= $d_mem;
- }
- }
-
- /* Save object group if there were changes made on the membership */
- if($o_ogroup != NULL){
- $o_ogroup->save();
- }
+ // Walk through all roles
+ foreach($roles as $role){
+ $role = new roleGeneric($this->config,$role['dn']);
+ $key= array_search($src_dn, $role->roleOccupant);
+ if($key !== FALSE){
+ $role->roleOccupant[$key] = $dst_dn;
+ $role->save();
}
}
if(count($leaf_deps)){
$this->config->get_departments();
$this->config->make_idepartments();
- session::set("config",$this->config);
+ session::global_set("config",$this->config);
$ui =get_userinfo();
$ui->reset_acl_cache();
}
}else{
$server = $config->get_cfg_value("snapshotURI");
$user = $config->get_cfg_value("snapshotAdminDn");
- $password = $config->get_cfg_value("snapshotAdminPassword");
+ $password = $this->config->get_credentials($config->get_cfg_value("snapshotAdminPassword"));
$snapldapbase = $config->get_cfg_value("snapshotBase");
$ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$this->dn = $dn;
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
- $ldap->rmdir_recursive($dn);
+ $ldap->rmdir_recursive($this->dn);
+ if(!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn));
+ }
$this->dn = $old_dn;
}
There will also be some errors psoted, if the configuration failed */
function snapshotEnabled()
{
- $config = $this->config;
- if($config->get_cfg_value("enableSnapshots") == "true"){
- /* Check if the snapshot_base is defined */
- if ($config->get_cfg_value("snapshotBase") == ""){
- msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."),"snapshotBase"), ERROR_DIALOG);
- return(FALSE);
- }
-
- /* check if there are special server configurations for snapshots */
- if ($config->get_cfg_value("snapshotURI") != ""){
-
- /* check if all required vars are available to create a new ldap connection */
- $missing = "";
- foreach(array("snapshotURI","snapshotAdminDn","snapshotAdminPassword","snapshotBase") as $var){
- if($config->get_cfg_value($var) == ""){
- $missing .= $var." ";
- msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."), $missing), ERROR_DIALOG);
- return(FALSE);
- }
- }
- }
- return(TRUE);
- }
- return(FALSE);
+ return $this->config->snapshotEnabled();
}
}else{
$server = $this->config->get_cfg_value("snapshotURI");
$user = $this->config->get_cfg_value("snapshotAdminDn");
- $password = $this->config->get_cfg_value("snapshotAdminPassword");
+ $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
$snapldapbase = $this->config->get_cfg_value("snapshotBase");
$ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to -> cd($snapldapbase);
}else{
$server = $this->config->get_cfg_value("snapshotURI");
$user = $this->config->get_cfg_value("snapshotAdminDn");
- $password = $this->config->get_cfg_value("snapshotAdminPassword");
+ $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
$snapldapbase = $this->config->get_cfg_value("snapshotBase");
$ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to -> cd($snapldapbase);
}else{
$server = $this->config->get_cfg_value("snapshotURI");
$user = $this->config->get_cfg_value("snapshotAdminDn");
- $password = $this->config->get_cfg_value("snapshotAdminPassword");
+ $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
$snapldapbase = $this->config->get_cfg_value("snapshotBase");
$ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to -> cd($snapldapbase);
$this->parent = $parent;
foreach($_POST as $name => $value){
- $entry = base64_decode(preg_replace("/_[xy]$/","",$name));
/* Create a new snapshot, display a dialog */
- if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
+ if(preg_match("/^CreateSnapShotDialog_[^_]*_[xy]$/",$name) && $once){
+
+ $entry = base64_decode(preg_replace("/^CreateSnapShotDialog_([^_]*)_[xy]$/","\\1",$name));
$once = false;
$entry = preg_replace("/^CreateSnapShotDialog_/","",$entry);
/* Restore a snapshot, display a dialog with all snapshots of the current object */
if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
$once = false;
- $entry = preg_replace("/^RestoreSnapShotDialog_/","",$entry);
- if(!empty($entry) && $ui->allow_snapshot_restore($entry,$this->parent->acl_module)){
+ $entry = base64_decode(preg_replace("/^RestoreSnapShotDialog_([^_]*)_[xy]$/i","\\1",$name));
+ if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
$this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
$this->snapDialog->display_restore_dialog = true;
}else{
|| preg_match("/^RestoreDeletedSnapShot_/",$name)) && $once){
$once = false;
- if($ui->allow_snapshot_restore($base,$this->parent->acl_module)){
+ if($ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
$this->snapDialog = new SnapShotDialog($this->config,"",$this);
$this->snapDialog->set_snapshot_bases($baseSuffixe);
$this->snapDialog->display_restore_dialog = true;
/* Restore selected snapshot */
if(preg_match("/^RestoreSnapShot_/",$name) && $once){
$once = false;
- $entry = preg_replace("/^RestoreSnapShot_/","",$entry);
- if(!empty($entry) && $ui->allow_snapshot_restore($entry,$this->parent->acl_module)){
+ $entry = base64_decode(preg_replace("/^RestoreSnapShot_([^_]*)_[xy]$/i","\\1",$name));
+
+ if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
$this->restore_snapshot($entry);
$this->snapDialog = NULL;
}else{
}
/* Update userinfo if necessary */
- $ui = session::get('ui');
+ $ui = session::global_get('ui');
if($ui->dn == $old_dn){
$ui->dn = $new_dn;
- session::set('ui',$ui);
+ session::global_set('ui',$ui);
new log("view","acl/".get_class($this),$this->dn,array(),"Updated current object dn from '".$old_dn."' to '".$new_dn."'");
}
/* Copy needed attributes */
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->multi_attrs);
+
if ($found != ""){
- if(isset($this->multi_attrs["$found"][0])){
- $this->$val= $this->multi_attrs["$found"][0];
+ if(isset($this->multi_attrs["$val"][0])){
+ $this->$val= $this->multi_attrs["$val"][0];
}
}
}
function multiple_execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
- session::set('current_class_for_help',get_class($this));
+ session::global_set('current_class_for_help',get_class($this));
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
session::set('LOCK_VARS_TO_USE',array());
- session::set('LOCK_VARS_USED',array());
+ session::set('LOCK_VARS_USED_GET',array());
+ session::set('LOCK_VARS_USED_POST',array());
+ session::set('LOCK_VARS_USED_REQUEST',array());
return("Multiple edit is currently not implemented for this plugin.");
}
/* Check permissions for each category, if there is at least one category which
support read or paste permissions for the given base, then display the specific actions.
*/
- $readable = $pasteable = TRUE;
+ $readable = $pasteable = false;
foreach($category as $cat){
- $readable |= $ui->get_category_permissions($base,$cat);
- $pasteable|= $ui->is_pasteable($base,$cat);
+ $readable= $readable || preg_match('/r/', $ui->get_category_permissions($base, $cat));
+ $pasteable= $pasteable || $ui->is_pasteable($base, $cat) == 1;
}
if(($cut || $copy) && isset($this->CopyPasteHandler) && is_object($this->CopyPasteHandler)){
function is_modal_dialog()
{
- return(FALSE);
- // return(isset($this->dialog) && $this->dialog);
+ return(isset($this->dialog) && $this->dialog);
}
}