![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-core/plugins/admin/groups/class_groupGeneric.inc b/gosa-core/plugins/admin/groups/class_groupGeneric.inc
index 1e78305bad9721d26a1c311b9bfc47a5a1f1a2a7..82fed9121cd643897cd8e792d3c03b617c865e1d 100644 (file)
var $fon_group= FALSE;
var $smbgroup= FALSE;
var $groupType= FALSE;
- var $samba3= FALSE;
var $sambaSID= "";
var $sambaDomainName= "DEFAULT";
var $SID= "";
var $oldgroupType= "";
var $orig_dn= "";
var $orig_cn= "";
+ var $orig_base= "";
var $has_mailAccount= FALSE;
var $group_dialog= FALSE;
var $nagios_group =FALSE;
function group (&$config, $dn= NULL)
{
/* Set rfc2307bis flag */
- if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
+ if ($config->get_cfg_value("rfc2307bis") == "true"){
$this->rfc2307bis= TRUE;
$this->attributes[]= "member";
$this->objectclasses[]= "groupOfNames";
plugin::plugin ($config, $dn);
/* Load attributes depending on the samba version */
- $this->samba3= ($config->current['SAMBAVERSION'] == 3);
$this->orig_dn= $dn;
$this->orig_cn= $this->cn;
}
/* Get samba Domain in case of samba 3 */
- if ($this->samba3 && $this->sambaSID != ""){
+ if ($this->sambaSID != ""){
$this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
if(isset($attrs['sambaAlgorithmicRidBase'])){
$this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
} else {
- $this->ridBase= $this->config->current['RIDBASE'];
+ $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
}
/* Get domain name for SID */
}
}
} else {
- if (isset($this->config->current['RIDBASE'])){
+ if ($this->config->get_cfg_value("sambaRidBase") != ""){
$this->sambaDomainName= "DEFAULT";
- $this->ridBase= $this->config->current['RIDBASE'];
- $this->SID= $this->config->current['SID'];
+ $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
+ $this->SID= $this->config->get_cfg_value("sid");
} else {
msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG);
}
} else {
/* Get object base */
- $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
+ $this->base =preg_replace ("/^[^,]+,".preg_quote(get_groups_ou(), '/')."/i","",$this->dn);
}
+ $this->orig_base = $this->base;
/* Is this account a trustAccount? */
if (isset($this->attrs['trustModel'])){
}
}
+ /* Get global filter config */
+ if (!session::is_set("sysfilter")){
+ $ui= get_userinfo();
+ $base= get_base_from_people($ui->dn);
+ $sysfilter= array( "depselect" => $base,
+ "regex" => "*");
+ session::set("sysfilter", $sysfilter);
+ }
+
/* This is always an account */
$this->is_account= TRUE;
- $this->reload();
+ $this->reload(TRUE);
}
function execute()
}
/* Delete user from group */
- if (isset($_POST['del_users']) && isset($_POST['members'])){
+ if (isset($_POST['del_users']) && isset($_POST['members']) && preg_match("/w/",$this->getacl("memberUid"))){
foreach ($_POST['members'] as $value){
unset ($this->members["$value"]);
$this->removeUser($value);
}
/* Add objects? */
- if (isset($_POST["edit_membership"])){
+ if (isset($_POST["edit_membership"]) && preg_match("/w/",$this->getacl("memberUid"))){
$this->group_dialog= TRUE;
$this->dialog= TRUE;
}
/* Base select dialog */
$once = true;
foreach($_POST as $name => $value){
- if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
+ if((preg_match("/^chooseBase/",$name) && $once) && $this->acl_is_writeable("base")){
$once = false;
$this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
$exclude= "(!(|$exclude))";
}
$regex= $sysfilter['regex'];
- $filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))";
-
- $deps_a = array(get_ou("serverou"),
- get_ou("terminalou"),
- get_ou("workstationou"));
- $res= get_sub_list($filter, array("terminal","server","workstation"), $deps_a, get_ou("systemsou").$sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT);
- $wslist= array();
+ /* Search for systems
+ */
+ $types = array();
+ $types['server'] = array("OU" => get_ou("serverRDN"), "OC" => "(objectClass=goServer)");
+ $types['workstation'] = array("OU" => get_ou("workstationRDN"),"OC" => "(objectClass=gotoWorkstation)");
+ $types['terminal'] = array("OU" => get_ou("terminalRDN"), "OC" => "(objectClass=gotoTerminal)");
+
+ $res = array();
+ foreach($types as $acl => $data){
+ $filter= "(&".$data['OC']."$exclude(cn=$regex))";
+ $res= array_merge($res,get_sub_list($filter,array($acl),$data['OU'],get_ou("systemRDN").$sysfilter['depselect'],
+ array("cn"), GL_SUBSEARCH | GL_SIZELIMIT));
+ }
+ $wslist = array();
foreach ($res as $attrs){
$wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
}
+
asort($wslist);
- $smarty->assign("search_image", get_template_path('images/search.png'));
+ $smarty->assign("search_image", get_template_path('images/lists/search.png'));
$smarty->assign("launchimage", get_template_path('images/lists/action.png'));
- $smarty->assign("tree_image", get_template_path('images/tree.png'));
+ $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
$smarty->assign("deplist", $this->config->idepartments);
$smarty->assign("alphabet", generate_alphabet());
foreach( array("depselect", "regex") as $type){
return ($display);
}
- /* Assign templating stuff */
- if ($this->samba3){
- $smarty->assign("samba3", "true");
- } else {
- $smarty->assign("samba3", "");
- }
-
if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
$smarty->assign("nagios",true);
}else{
$this->reload();
/* Show dialog */
- $smarty->assign("search_image", get_template_path('images/search.png'));
+ $smarty->assign("search_image", get_template_path('images/lists/search.png'));
$smarty->assign("launchimage", get_template_path('images/lists/action.png'));
- $smarty->assign("tree_image", get_template_path('images/tree.png'));
-
- $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
+ $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
+ $ui = get_userinfo();
+ $tmp = $ui->get_module_departments("users");
+ $deps = array();
+ foreach($this->config->idepartments as $dn => $name){
+ if(in_array($dn,$tmp)){
+ $deps[$dn] = $name;
+ }
+ }
+
+ $smarty->assign("deplist", $deps);
$smarty->assign("alphabet", generate_alphabet());
foreach( array("dselect", "regex","SubSearchGroup") as $type){
$smarty->assign("$type", $gufilter[$type]);
$smarty->assign("bases", $this->get_allowed_bases());
$smarty->assign("base_select", $this->base);
- if ($this->samba3){
- $domains= array();
- foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
- $domains[$name]= $name;
- }
- $smarty->assign("sambaDomains", $domains);
- $smarty->assign("sambaDomainName", $this->sambaDomainName);
- $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
- 514 => _("Domain guests"));
-
- /* Don't loose special groups! If not key'ed above, add it to
- the combo box... */
- if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
- $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
- }
+ $domains= array();
+ foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
+ $domains[$name]= $name;
+ }
+ $smarty->assign("sambaDomains", $domains);
+ $smarty->assign("sambaDomainName", $this->sambaDomainName);
+ $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
+ 514 => _("Domain guests"));
- $smarty->assign("groupTypes", $groupTypes);
- $smarty->assign("groupType", $this->groupType);
+ /* Don't loose special groups! If not key'ed above, add it to
+ the combo box... */
+ if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
+ $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
}
+ $smarty->assign("groupTypes", $groupTypes);
+ $smarty->assign("groupType", $this->groupType);
+
+
/* Members and users */
$smarty->assign("members", $this->members);
/* Show main page */
$smarty->assign("alphabet", generate_alphabet(10));
- $smarty->assign("search_image", get_template_path('images/search.png'));
+ $smarty->assign("search_image", get_template_path('images/lists/search.png'));
$smarty->assign("launchimage", get_template_path('images/lists/action.png'));
- $smarty->assign("tree_image", get_template_path('images/tree.png'));
+ $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
$smarty->assign("deplist", $this->config->idepartments);
/* Multiple edit handling */
$smarty->assign("use_".$val,FALSE);
}
}
- foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $val){
+ foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $val){
if(in_array($val,$this->multi_boxes)){
$smarty->assign("use_".$val,TRUE);
}else{
}
}
+ /* Ensure that the requested object is known to the group class
+ */
+ if(!isset($this->dnMapping[$uid])){
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAccount)(uid=".$uid."))",array("dn", "uid","sn","givenName"));
+ if($ldap->count() == 0 ){
+ msg_dialog::display(_("Error"),
+ sprintf(_("Adding UID '%s' to group '%s' failed: cannot find user object!"),
+ $uid,$this->cn),
+ ERROR_DIALOG);
+ return;
+ }elseif($ldap->count() >= 2){
+ msg_dialog::display(_("Error"),
+ sprintf(_("Add UID '%s' to group '%s' failed: UID is used more than once!"),
+ $uid,$this->cn),
+ ERROR_DIALOG);
+ return;
+ }else{
+ while($attrs = $ldap->fetch()){
+ $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
+ $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
+ $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
+ }
+ }
+ }
+
$this->memberUid[$uid]= $uid;
}
}
/* Reload data */
- function reload()
+ function reload($silent = FALSE)
{
/* Fix regex string */
$gufilter = session::get("gufilter");
to be prepared when adding/deleting users)
*/
$filter = "";
- foreach ($this->memberUid as $value){
- if(!isset($this->members[$value])){
- $filter .= "(uid=".normalizeLdap($value).")";
+ if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
+ count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
+ foreach ($this->memberUid as $value){
+ if(!isset($this->members[$value])){
+ $filter .= "(uid=".normalizeLdap($value).")";
+ }
}
}
+
if(!empty($filter)){
$ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
+ $ldap->search("(&(objectClass=gosaAccount)(|".$filter."))",array("dn", "uid","sn","givenName"));
while($attrs = $ldap->fetch()){
$this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
$this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
}
/* check if all uids are resolved */
- foreach ($this->memberUid as $value){
- if(!isset($this->members[$value])){
- $this->members[$value] = _("! unknown id")." [".$value."]";
- }
- }
+ if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
+ count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
+ foreach ($this->memberUid as $value){
+ if(!isset($this->members[$value])){
+ $this->members[$value] = _("! unknown UID")." [".$value."]";
+ }
+ }
+ }else{
+ foreach ($this->memberUid as $value){
+ $this->members[$value] = $value;
+ }
+ }
/* Create display list of users matching regex & filter
*/
}
/* If more than max users are found, display a message to warn the user */
- if($i == $MaxUser){
+ if($i == $MaxUser && !$silent){
msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG);
}
$acl->save();
}
- /* Remove ACL dependencies too,
- */
- $tmp = new acl($this->config,$this->parent,$this->dn);
- $tmp->remove_acl();
+ /* Remove ACL dependencies, too */
+ acl::remove_acl_for($this->dn);
/* Send signal to the world that we've done */
$this->handle_post_events("remove");
}
/* Save sambaDomain attribute */
- if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
+ if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
$this->sambaDomainName= $_POST['sambaDomainName'];
$this->groupType= $_POST['groupType'];
}
/* Save fon attribute */
- if ($this->acl_is_writeable("fon_group")){
+ if ($this->acl_is_writeable("fonGroup")){
if (isset ($_POST['fon_group'])){
$this->fon_group= TRUE;
} else {
$this->fon_group= FALSE;
}
}
- if ($this->acl_is_writeable("nagios_group")){
+ if ($this->acl_is_writeable("nagiosGroup")){
if (isset ($_POST['nagios_group'])){
$this->nagios_group= TRUE;
} else {
} else {
/* Calculate new, lock uids */
$wait= 10;
- while (get_lock("uidnumber") != ""){
+ while (get_lock("gidnumber") != ""){
sleep (1);
/* timed out? */
break;
}
}
- add_lock ("uidnumber", "gosa");
- $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
+ add_lock ("gidnumber", "gosa");
+ $this->gidNumber= get_next_id("gidNumber", $this->dn);
}
}
$ldap= $this->config->get_ldap_link();
/* Add samba group functionality */
- if ($this->samba3 && $this->smbgroup){
+ if ($this->smbgroup){
/* Fixed undefined index ...
*/
/* User wants me to fake the idMappings? This is useful for
making winbind resolve the group names in a reasonable amount
of time in combination with larger databases. */
- if (isset($this->config->current['SAMBAIDMAPPING']) &&
- preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
+ if ($this->config->get_cfg_value("sambaidmapping") == "true"){
$this->attrs['objectClass'][]= "sambaIdmapEntry";
}
$this->attrs['member'] = array();
if (count($this->memberUid)){
foreach($this->attrs['memberUid'] as $uid) {
- $this->attrs['member'][]= $this->dnMapping[$uid];
+
+ if(isset($this->dnMapping[$uid])){
+ $this->attrs['member'][]= $this->dnMapping[$uid];
+ }
}
} else {
$this->attrs['member'][]= $this->dn;
if (!count ($this->memberUid)){
$this->attrs['memberUid']= array();
}
- if ($this->samba3){
- if (!$this->smbgroup){
- $this->attrs['sambaGroupType']= array();
- $this->attrs['sambaSID']= array();
- }
+ if (!$this->smbgroup){
+ $this->attrs['sambaGroupType']= array();
+ $this->attrs['sambaSID']= array();
}
+
$mode= "modify";
} else {
$mode= "add";
$ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
}
+
+ /* Check generated gidNumber, it may be used by another group.
+ */
+ if($this->gidNumber != ""){
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(!(cn=".$this->orig_cn."))(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))",array("cn"));
+ if($ldap->count()){
+ $cns = "";
+ while($attrs = $ldap->fetch()){
+ $cns .= $attrs['cn'][0].", ";
+ }
+ $cns = rtrim($cns,", ");
+ msg_dialog::display(_("Warning"),sprintf(_("The gidNumber '%s' is already in use by %s!"),$this->gidNumber,$cns) , WARNING_DIALOG );
+ }
+ }
+
/* Write back to ldap */
$ldap->cd($this->dn);
$this->cleanup();
}
/* Remove uid lock */
- del_lock ("uidnumber");
+ del_lock ("gidnumber");
/* Post that we've done*/
$this->handle_post_events($mode);
if (!tests::is_id($this->gidNumber)){
$message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/");
} else {
- if ($this->gidNumber < $this->config->current['MINID']){
- $message[]= msgPool::toosmall(_("GID"), $this->config->current['MINID']);
+ if ($this->gidNumber < $this->config->get_cfg_value("minId")){
+ $message[]= msgPool::toosmall(_("GID"), $this->config->get_cfg_value("minId"));
}
}
}
+
+ /* Check if we are allowed to create or move this object
+ */
+ if(!$this->orig_dn == "new" ||
+ $this->orig_base != $this->base ||
+ $this->cn != $this->orig_cn){
- return ($message);
- }
-
- function get_next_id($attrib, $dn)
- {
- $ids= array();
- $ldap= $this->config->get_ldap_link();
-
- $ldap->cd ($this->config->current['BASE']);
- if (preg_match('/gidNumber/i', $attrib)){
- $oc= "posixGroup";
- } else {
- $oc= "posixAccount";
- }
- $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
-
- /* Get list of ids */
- while ($attrs= $ldap->fetch()){
- $ids[]= (int)$attrs["$attrib"][0];
- }
-
- /* Find out next free id near to UID_BASE */
- if (!isset($this->config->current['BASE_HOOK'])){
- $base= $this->config->current['UIDBASE'];
- } else {
- /* Call base hook */
- $base= get_base_from_hook($dn, $attrib);
- }
- for ($id= $base; $id++; $id < pow(2,32)){
- if (!in_array($id, $ids)){
- return ($id);
+ if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
+ $message[] = msgPool::permCreate();
+ }elseif($this->orig_dn != "new" && !$this->acl_is_moveable($this->base)){
+ $message[] = msgPool::permMove();
}
}
- /* Check if id reached maximum */
- if ($id >= pow(2,32)){
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
- exit;
- }
+ return ($message);
}
+
function getCopyDialog()
{
$vars = array("cn");
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
- "plSection" => array("admin"),
+ "plSection" => array("administration"),
"plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
"plProvidedAcls" => array(
"cn" => _("Name"),
- "base" => _("Base"),
"description" => _("Description"),
-
- "fonGroup" => _("Phone pickup group"),
- "nagiosGroup" => _("Nagios group"),
+ "base" => _("Base"),
"gidNumber" => _("GID"),
- "memberUid" => _("Group member"),
+
"sambaGroupType" => _("Samba group type"),
"sambaDomainName" => _("Samba domain name"),
- "sambaSID" => _("Samba SID"))
+ "trustModel" => _("System trust"),
+ "fonGroup" => _("Phone pickup group"),
+ "nagiosGroup" => _("Nagios group"),
+
+ "memberUid" => _("Group member"))
));
}
plugin::save_object();
$this->base = $base_tmp;
- foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
+ foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $attr){
if(isset($_POST['use_'.$attr])){
$this->multi_boxes[] = $attr;
}
}
}
- foreach (array( "smbgroup" => "sambaGroupType") as $val => $aclname) {
+ foreach (array( "smbgroup" => "sambaGroupType" ,"nagios_group" => "nagios_group") as $val => $aclname) {
if ($this->acl_is_writeable($aclname)){
if(isset($_POST["$val"])){
$this->$val= TRUE;
}
/* Save sambaDomain attribute */
- if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
+ if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
$this->sambaDomainName= $_POST['sambaDomainName'];
$this->groupType= $_POST['groupType'];
}
+ /* Trust mode - special handling */
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
+ }
+ }
+
/* Save fon attribute */
- if ($this->acl_is_writeable("fon_group")){
+ if ($this->acl_is_writeable("fonGroup")){
if (isset ($_POST['fon_group'])){
$this->fon_group= TRUE;
} else {
{
$ret = plugin::get_multi_edit_values();
- foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
+ foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group") as $attr){
if(in_array($attr,$this->multi_boxes)){
$ret[$attr] = $this->$attr;
}
}
+
+ if(in_array("trustmode",$this->multi_boxes)){
+ $ret['trustModel'] = $this->trustModel;
+ $ret['accessTo'] = $this->accessTo;
+ }
+
$ret['memberUid'] = $this->memberUid;
$ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
return($ret);
}
}
+
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+
+ $this->memberUid = array();
+ if(isset($source['memberUid'])){
+ for($i = 0 ; $i < $source['memberUid']['count']; $i ++){
+ $this->memberUid[] = $source['memberUid'][$i];
+ }
+ }
+ $this->accessTo = array();
+ if (isset($source['accessTo'])){
+ for ($i= 0; $i<$source['accessTo']['count']; $i++){
+ $tmp= $source['accessTo'][$i];
+ $this->accessTo[$tmp]= $tmp;
+ }
+ }
+ }
+
+
function set_multi_edit_values($attrs)
{
$users = array();